Title III of ansible playbook condition determination cycle and hierarchical management roles
Analyzing 1. ansible playbook, the loop syntax:
Ansible playbook which may be used when determining syntax to achieve, for recycling with_items, the following specific examples:
---
vim httpd_v4.yaml
- hosts: websrvs
remote_user: '{{uservar}}'
vars: #定义变量,变量的值为列表
software:
- python-setuptools
- httpd
- mariadb
tasks:
- name: run this command ans ignore the result
shell: hostname
ignore_errors: True #忽略错误,可以继续执行
register: result #将上面shell的结果赋值给result变量
- debug: msg='{{result.stdout}}'
- name: install mysql and httpd
yum: name={{ software }} state=installed #通过调用循环的变量内容来实现批量安装软件
become: yes
with_items: #循环调用software里面的变量
- '{{software}}'
tags: init
- name: guarantee httpd2 is running
service: name=httpd state=started
become: yes
- name: transfer httpd configfile to remote
template: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf #使用模板,传送jinja2文件,也可以用copy模块传送普通文件
notify:
- restart httpd
when: result.stdout == 'rainbondnode01' #通过判断主机名是'rainbondnode01才执行拷贝模板文件
handlers: #触发器
- name: restart httpd
service: name=httpd state=restarted
become: yes
In this example we use several technical points:
- when is conditional syntax;
- with_items is a circular list;
- It said it will register the results of the implementation of the tasks assigned to the variable;
- become sudo is meant;
- May be used to perform this playbook ansible-playbook -e uservar = gytest --check httpd_v4.yaml, -e indicates when executing the command variable transmission;
2. ansible playbook of the role hierarchy management:
1. What roles will be used at the scene?
If we now have three managed host, the first to be configured as httpd, the second to be configured php server, and the third to be configured MySQL server. How do we define the playbook?
The first uses a play on the first host computer for building the httpd, the second play uses the second host, used to construct php, the third play on the third host used for building MySQL . The definition of a play in the playbook is too much trouble, the future is not conducive to blocking call, is not conducive to repeatedly transfer. For example, later add to the mix a host, the host both the fourth httpd server, but also a php server, we can write the fourth play, written above the installation httpd and php. Such playbook the repeated code.
To avoid code duplication, roles can achieve code duplication is called. Define a role called websrvs, the second role called phpappsrvs, third role called dbsrvs. So when you call to call as follows:
hosts: host1
role:
- websrvs
hosts: host2
role:
- phpappsrvs
hosts: host3
role:
- dbsrvs
hosts: host4
role:
- websrvs
- phpappsrvs
Such code can be reused, and each role can be independently repeated calls. The following example illustrates use.
2. Use roles to install the lamp + wordpress forum:
roles requires a certain directory structure, directory structure my experiment lamp is as follows:
[root@rainbondmanager gytest]# tree
.
├── group_vars
│ └── websrvs
├── hosts
├── roles
│ ├── mysql
│ │ ├── files
│ │ │ └── mysql_init.sh
│ │ ├── handlers
│ │ │ └── main.yaml
│ │ ├── tasks
│ │ │ ├── configure.yml
│ │ │ └── main.yaml
│ │ ├── templates
│ │ │ └── my.cnf
│ │ └── vars
│ │ └── main.yaml
│ ├── php
│ │ ├── files
│ │ ├── handlers
│ │ ├── meta
│ │ ├── tasks
│ │ │ └── main.yaml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yaml
│ └── webserver
│ ├── files
│ │ └── wordpress.tar.gz
│ ├── handlers
│ │ └── main.yaml
│ ├── meta
│ │ └── main.yaml
│ ├── tasks
│ │ └── main.yaml
│ └── templates
│ └── httpd.conf.j2
└── site.yaml
Site.yml first stage have at least one file, a file entry is performed the playbook; roles have at least one directory. roles directory is a directory created classification, for example, I need to install httpd php mysql three software, then divided the three directories; subdirectory for each directory is fixed, generally can be divided into files, handlers, tasks, templates, vars, meta. files directory put the files are generally called by the local path of the file copy module, handlers are configured trigger yaml documents, tasks is the task files, templates are the template file, the file .j2 general store format, vars is variable definition files, meta-dependent definition file;
Next, I will list the contents of all configuration files to, and do a simple explanation:
[root@rainbondmanager gytest]# cat site.yaml
---
- hosts: websrvs
remote_user: root
roles:
- webserver
- hosts: 10.83.32.130
remote_user: root
roles:
- php
site is the entry documents, said the host, remote execution performed by the user, roles calling object. This configuration represents a host group websrvs application installed httpd above; 10.83.32.130 this host application installed php;
[root@rainbondmanager gytest]# cat hosts
[websrvs]
10.83.32.130
10.83.32.131
In my home directory also defines a hosts file, use the ansible-playbook -i hosts a way to specify the use of this separate list of hosts configured in the hosts file which can also define variables, such as
[websrvs]
10.83.32.130 http_port=80
10.83.32.131 http_port=8080
If there is no way with the private key, the user can specify ssh in the hosts file inside, port ssh, ssh password, etc.
[websrvs]
10.83.32.130 ansible_ssh_user=gytest ansible_ssh_pass=123456
10.83.32.131 ansible_ssh_user=gytest ansible_ssh_pass=123456
Home directory there is a directory set of variables, which has a group name to a file named, variable values which take effect for the entire group, to be applied to the host group, which is the file name you need to host group
[root@rainbondmanager gytest]# cat group_vars/websrvs
http_port: 8080
[root@rainbondmanager gytest]#
Let's analyze the content httpd server roles installed
# 第一个是tasks文件内容,里面的copy文件路径直接写相对路径,就是表明file下面的内容,template模板文件也是同理,使用相对路径
[root@rainbondmanager gytest]# cat roles/webserver/tasks/main.yaml
---
- name: installed httpd
yum: name=httpd state=present
tags: install
- name: keep httpd is running
service: name=httpd state=started enabled=true
tags: install
- name: insert iptables rules
shell: iptables -I INPUT -p tcp --dport {{http_port}} -j ACCEPT
- name: transfer index html
copy: src=wordpress.tar.gz dest=/var/www/html/wordpress.tar.gz
tags: install
- name: unzip wordpress
unarchive: src=/var/www/html/wordpress.tar.gz dest=/var/www/html/ copy=no
ignore_errors: True
tags: install
- name: mv wordpress
shell: mv /var/www/html/wordpress/* /var/www/html/
- name: wait for httpd to start
wait_for: port=8080
tags: install
- name: transfer httpd configure file
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
tags: conf
notify:
- restart httpd
cat roles/webserver/handlers/main.yaml
- name: restart httpd
service: name=httpd state=restarted
# tasks任务里面调用的notify通知,默认就是handlers目录下面的文件内容;
cat roles/webserver/templates/httpd.conf.j2 |grep "{{"
Listen {{http_port}}
ServerAdmin {{ansible_fqdn}}
# 模板文件里面调用了facts变量和自定义变量
cat roles/webserver/meta/main.yaml
dependencies:
- {role: mysql, echo_wars: hello_mysql}
# meta目录下面定义了依赖关系,也就是安装httpd的时候,先要确定mysql运行
ls roles/webserver/files/wordpress.tar.gz
roles/webserver/files/wordpress.tar.gz
# file目录是wordpress的源码包,通过copy模块拷贝到远程主机,并通过解压模块解压
Then we look at the contents of the file mysql database server roles installed:
[root@rainbondmanager gytest]# cat roles/mysql/tasks/main.yaml
---
- name: install mariadb databases
yum: name={{software}} state=present
with_items:
- '{{software}}'
tags: install
- name: keep mariadb is running
service: name=mariadb state=started enabled=true
tags: install
- name: insert iptables rules
shell: iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
- name: echo_vars
shell: echo '{{echo_vars}}'
register: result
tags: install
- name: excute mysql init scrpts
script: /data/playbooks/gytest/roles/mysql/files/mysql_init.sh
- include: configure.yml
# tasks定义了安装mariadb服务器,启动服务,设置防火墙,执行数据库初始脚本等;
[root@rainbondmanager gytest]# cat roles/mysql/tasks/configure.yml
---
- name: transfer mysql configure file
template: src=my.cnf dest=/etc/my.cnf
notify:
- restart mysql
tags: configure
[root@rainbondmanager gytest]#
# main.yml包含了这个configure.yml,拷贝mysql配置文件到目标机器
[root@rainbondmanager gytest]# cat roles/mysql/handlers/main.yaml
---
- name: restart mysql
service: name=mysql state=restarted
[root@rainbondmanager gytest]#
# 触发器的配置,配置文件更改之后重启mysql
[root@rainbondmanager gytest]# cat roles/mysql/vars/main.yaml
---
software:
- mariadb
- mariadb-server
echo_vars:
- hello_mysql
mysql_port:
- '3306'
[root@rainbondmanager gytest]#
# 变量文件定义,定义了安装mysql的软件包和其他变量
[root@rainbondmanager gytest]# cat roles/mysql/files/mysql_init.sh
#!/bin/bash
#
mysql -uroot -pwordpress2018 -e "update mysql.user set password=password('wordpress2019') where user='root' and host='localhost';"
mysql -uroot -pwordpress2018 -e "grant all privileges ON *.* TO root@'%';"
mysql -uroot -pwordpress2019 -e "flush privileges;"
mysql -uroot -pwordpress2019-e "create database wordpress"
[root@rainbondmanager gytest]#
# mysql初始化脚本,更改root密码,创建wordpress数据库,并给root账户赋权;
[root@rainbondmanager gytest]# cat roles/mysql/templates/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
# mysql的配置文件内容
Finally, we together look at the php installation
cat roles/php/tasks/main.yaml
---
- name: installed php-fpm
yum: name={{ software }} state=present
tags: install
# 定义安装php的任务
[root@rainbondmanager gytest]# cat roles/php/vars/main.yaml
---
software:
- php
- php-mysql
- php-gd
- php-imap
- php-ldap
- php-odbc
- php-pear
- php-xml
- php-xmlrpc
# 定义安装php的软件包
Today's blog post to write here, the topic of ansible series to write here, more examples of ansible playbook can refer to github address https://github.com/ansible/ansible-examples