The use ansible playbook, judgment, and roles cycle

Title III of ansible playbook condition determination cycle and hierarchical management roles

Analyzing 1. ansible playbook, the loop syntax:

Ansible playbook which may be used when determining syntax to achieve, for recycling with_items, the following specific examples:

---
vim httpd_v4.yaml
- hosts: websrvs
  remote_user: '{{uservar}}'
  vars:                  #定义变量，变量的值为列表
    software:
      - python-setuptools
      - httpd
      - mariadb
  tasks:
    - name: run this command ans ignore the result
      shell: hostname
      ignore_errors: True  #忽略错误，可以继续执行
      register: result     #将上面shell的结果赋值给result变量
    - debug: msg='{{result.stdout}}'

    - name: install mysql and httpd
      yum: name={{ software }} state=installed #通过调用循环的变量内容来实现批量安装软件
      become: yes
      with_items:   #循环调用software里面的变量
       - '{{software}}'
      tags: init

    - name: guarantee httpd2 is running
      service: name=httpd state=started
      become: yes

    - name: transfer httpd configfile to remote
      template: src=./httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf  #使用模板，传送jinja2文件，也可以用copy模块传送普通文件
      notify:
        - restart httpd
      when: result.stdout == 'rainbondnode01'  #通过判断主机名是'rainbondnode01才执行拷贝模板文件

  handlers:  #触发器
  - name: restart httpd
    service: name=httpd state=restarted
    become: yes

In this example we use several technical points:

1. when is conditional syntax;
2. with_items is a circular list;
3. It said it will register the results of the implementation of the tasks assigned to the variable;
4. become sudo is meant;
5. May be used to perform this playbook ansible-playbook -e uservar = gytest --check httpd_v4.yaml, -e indicates when executing the command variable transmission;

2. ansible playbook of the role hierarchy management:

1. What roles will be used at the scene?

  If we now have three managed host, the first to be configured as httpd, the second to be configured php server, and the third to be configured MySQL server. How do we define the playbook?
  The first uses a play on the first host computer for building the httpd, the second play uses the second host, used to construct php, the third play on the third host used for building MySQL . The definition of a play in the playbook is too much trouble, the future is not conducive to blocking call, is not conducive to repeatedly transfer. For example, later add to the mix a host, the host both the fourth httpd server, but also a php server, we can write the fourth play, written above the installation httpd and php. Such playbook the repeated code.
  To avoid code duplication, roles can achieve code duplication is called. Define a role called websrvs, the second role called phpappsrvs, third role called dbsrvs. So when you call to call as follows:

hosts: host1
role:
- websrvs

hosts: host2
role:
- phpappsrvs

hosts: host3
role:
- dbsrvs

hosts: host4
role:
- websrvs
- phpappsrvs

Such code can be reused, and each role can be independently repeated calls. The following example illustrates use.

2. Use roles to install the lamp + wordpress forum:

  roles requires a certain directory structure, directory structure my experiment lamp is as follows:

[root@rainbondmanager gytest]# tree
.
├── group_vars
│   └── websrvs
├── hosts
├── roles
│   ├── mysql
│   │   ├── files
│   │   │   └── mysql_init.sh
│   │   ├── handlers
│   │   │   └── main.yaml
│   │   ├── tasks
│   │   │   ├── configure.yml
│   │   │   └── main.yaml
│   │   ├── templates
│   │   │   └── my.cnf
│   │   └── vars
│   │       └── main.yaml
│   ├── php
│   │   ├── files
│   │   ├── handlers
│   │   ├── meta
│   │   ├── tasks
│   │   │   └── main.yaml
│   │   ├── templates
│   │   └── vars
│   │       └── main.yaml
│   └── webserver
│       ├── files
│       │   └── wordpress.tar.gz
│       ├── handlers
│       │   └── main.yaml
│       ├── meta
│       │   └── main.yaml
│       ├── tasks
│       │   └── main.yaml
│       └── templates
│           └── httpd.conf.j2
└── site.yaml

Site.yml first stage have at least one file, a file entry is performed the playbook; roles have at least one directory. roles directory is a directory created classification, for example, I need to install httpd php mysql three software, then divided the three directories; subdirectory for each directory is fixed, generally can be divided into files, handlers, tasks, templates, vars, meta. files directory put the files are generally called by the local path of the file copy module, handlers are configured trigger yaml documents, tasks is the task files, templates are the template file, the file .j2 general store format, vars is variable definition files, meta-dependent definition file;

Next, I will list the contents of all configuration files to, and do a simple explanation:

[root@rainbondmanager gytest]# cat site.yaml
---
- hosts: websrvs
  remote_user: root

  roles:
    - webserver
- hosts: 10.83.32.130
  remote_user: root

  roles:
    - php

site is the entry documents, said the host, remote execution performed by the user, roles calling object. This configuration represents a host group websrvs application installed httpd above; 10.83.32.130 this host application installed php;

[root@rainbondmanager gytest]# cat hosts
[websrvs]
10.83.32.130
10.83.32.131

In my home directory also defines a hosts file, use the ansible-playbook -i hosts a way to specify the use of this separate list of hosts configured in the hosts file which can also define variables, such as

[websrvs]
10.83.32.130 http_port=80
10.83.32.131 http_port=8080

If there is no way with the private key, the user can specify ssh in the hosts file inside, port ssh, ssh password, etc.

[websrvs]
10.83.32.130 ansible_ssh_user=gytest ansible_ssh_pass=123456
10.83.32.131 ansible_ssh_user=gytest ansible_ssh_pass=123456

Home directory there is a directory set of variables, which has a group name to a file named, variable values ​​which take effect for the entire group, to be applied to the host group, which is the file name you need to host group

[root@rainbondmanager gytest]# cat group_vars/websrvs
http_port: 8080
[root@rainbondmanager gytest]#

Let's analyze the content httpd server roles installed

# 第一个是tasks文件内容，里面的copy文件路径直接写相对路径，就是表明file下面的内容，template模板文件也是同理，使用相对路径
[root@rainbondmanager gytest]# cat roles/webserver/tasks/main.yaml
---
- name: installed httpd
  yum:  name=httpd state=present
  tags: install
- name: keep httpd is running
  service: name=httpd state=started enabled=true
  tags: install
- name: insert iptables rules
  shell: iptables -I INPUT -p tcp --dport {{http_port}} -j ACCEPT
- name: transfer index html
  copy: src=wordpress.tar.gz dest=/var/www/html/wordpress.tar.gz
  tags: install
- name: unzip wordpress
  unarchive: src=/var/www/html/wordpress.tar.gz dest=/var/www/html/ copy=no
  ignore_errors: True
  tags: install
- name: mv wordpress
  shell: mv /var/www/html/wordpress/* /var/www/html/
- name: wait for httpd to start
  wait_for: port=8080
  tags: install
- name: transfer httpd configure file
  template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
  tags: conf
  notify:
    - restart httpd

cat roles/webserver/handlers/main.yaml
- name: restart httpd
  service: name=httpd state=restarted
# tasks任务里面调用的notify通知，默认就是handlers目录下面的文件内容；

cat roles/webserver/templates/httpd.conf.j2 |grep "{{"
Listen {{http_port}}
ServerAdmin {{ansible_fqdn}}

# 模板文件里面调用了facts变量和自定义变量

cat roles/webserver/meta/main.yaml
dependencies:
  - {role: mysql, echo_wars: hello_mysql}
# meta目录下面定义了依赖关系，也就是安装httpd的时候，先要确定mysql运行

ls roles/webserver/files/wordpress.tar.gz
roles/webserver/files/wordpress.tar.gz
# file目录是wordpress的源码包，通过copy模块拷贝到远程主机，并通过解压模块解压

Then we look at the contents of the file mysql database server roles installed:

[root@rainbondmanager gytest]# cat roles/mysql/tasks/main.yaml
---
- name: install mariadb databases
  yum:  name={{software}} state=present
  with_items:
    - '{{software}}'
  tags: install
- name: keep mariadb is running
  service: name=mariadb state=started enabled=true
  tags: install
- name: insert iptables rules
  shell: iptables -I INPUT -p tcp --dport 3306 -j ACCEPT
- name: echo_vars
  shell: echo '{{echo_vars}}'
  register: result
  tags: install
- name: excute mysql init scrpts
  script: /data/playbooks/gytest/roles/mysql/files/mysql_init.sh
- include: configure.yml
# tasks定义了安装mariadb服务器，启动服务，设置防火墙，执行数据库初始脚本等；
[root@rainbondmanager gytest]# cat roles/mysql/tasks/configure.yml
---
- name: transfer mysql configure file
  template: src=my.cnf dest=/etc/my.cnf
  notify:
    - restart mysql
  tags: configure
[root@rainbondmanager gytest]#
# main.yml包含了这个configure.yml，拷贝mysql配置文件到目标机器
[root@rainbondmanager gytest]# cat roles/mysql/handlers/main.yaml
---
- name: restart mysql
  service: name=mysql state=restarted
[root@rainbondmanager gytest]#
# 触发器的配置，配置文件更改之后重启mysql
[root@rainbondmanager gytest]# cat roles/mysql/vars/main.yaml
---
software:
  - mariadb
  - mariadb-server
echo_vars:
  - hello_mysql
mysql_port:
  - '3306'
[root@rainbondmanager gytest]#
# 变量文件定义，定义了安装mysql的软件包和其他变量

[root@rainbondmanager gytest]# cat roles/mysql/files/mysql_init.sh
#!/bin/bash
#

mysql -uroot -pwordpress2018 -e "update mysql.user set password=password('wordpress2019') where user='root' and host='localhost';"
mysql -uroot -pwordpress2018 -e "grant all privileges ON *.* TO root@'%';"
mysql -uroot -pwordpress2019 -e "flush privileges;"
mysql -uroot -pwordpress2019-e "create database wordpress"
[root@rainbondmanager gytest]#
# mysql初始化脚本，更改root密码，创建wordpress数据库,并给root账户赋权；
[root@rainbondmanager gytest]# cat roles/mysql/templates/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

# mysql的配置文件内容

Finally, we together look at the php installation

cat roles/php/tasks/main.yaml
---
- name: installed php-fpm
  yum:  name={{ software }} state=present
  tags: install

# 定义安装php的任务
  [root@rainbondmanager gytest]# cat roles/php/vars/main.yaml
  ---
  software:
    - php
    - php-mysql
    - php-gd
    - php-imap
    - php-ldap
    - php-odbc
    - php-pear
    - php-xml
    - php-xmlrpc
# 定义安装php的软件包

Today's blog post to write here, the topic of ansible series to write here, more examples of ansible playbook can refer to github address https://github.com/ansible/ansible-examples

Further details Bowen please pay attention to my personal micro-channel public number "cloud era IT operations", the public number in order to share Restoration technology, new trends in Internet transport; including IT operation and maintenance industry, consulting, operation and maintenance of technical documentation to share. Focus devops, jenkins, zabbix monitoring, kubernetes, ELK, using a variety of middleware, such as redis, MQ, etc.; shell and python programming languages ​​such as operation and maintenance; I have engaged in work related to the IT operation and maintenance over a decade. Since 2008 full-time in Linux / Unix systems operation and maintenance work; there is a certain degree of understanding of the operation and maintenance related technologies. This number all public posts are my actual work experience summary, basically the original blog post. I am very happy to experience I accumulated experience, technology sharing to share with you! And we hope to grow and progress together in the operation and maintenance of IT career paths;