一:rolers的格式说明
官方的目录结构,按照官方的定义来执行
[root@m01-61 nfs]# cd /etc/ansible/roles/
[root@m01-61 roles]# tree nfs
nfs #角色名称
├── files #存放需要copy的文件
├── handlers #触发任务剧本
├── tasks #具体任务剧本
├── templates #模板文件,和files的文件一样的用法,只是templates里的文件能识别变量
└── vars #存放变量文件
二:创建初始化角色
当安装完服务器之后,需要更新yum源,安装一些常用的服务,所以我们可以将这些相同的任务创建一个init初始化角色
2.1 创建rolers/init目录结构
[root@m01-61 roles]# tree init
init
├── files
├── handlers
├── tasks
├── templates
└── vars
2.2 创建tasks目录下的任务剧本
[root@m01-61 roles]# cd init/tasks/
[root@m01-61 tasks]# cat main.yaml
- name: 01-config-yum-base
yum_repository:
name: base
description: base yum repo
baseurl:
- https://mirrors.aliyun.com/repo/Centos-7.repo
gpgcheck: no
- name: 02-config_yum_epel
yum_repository:
name: epel
description: epel yum repo
baseurl:
- http://mirrors.aliyun.com/repo/epel-7.repo
gpgcheck: no
- name: 03_install_server
yum:
name: "{{ packages }}"
vars:
packages:
- ntpdate
- lsof
- tree
- iftop
- iotop
- name: 04_create_group
group:
name: www
gid: 666
- name: 05_create_user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
- name: 06_create_dir
file:
path: "{{ item }}"
state: directory
mode: 755
loop:
- /data
- /server/scripts
- name: 07_cron_ntpdate
cron:
name: Time_Update
minute: "*/5"
job: '/sbin/ntpdate time1.aliyun.com'
- name: 08_copy_ssh
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
mode: 600
backup: yes
notify: restart sshd
关于更新base和epel,还可以这样写
root@m01-61 init]# cat tasks/main.yaml
- name: 01-config-yum-base
get_url:
url: https://mirrors.aliyun.com/repo/Centos-7.repo
dest: /etc/yum.repos.d/CentOS-Base.repo
- name: 02-config_yum_epel
get_url:
url: http://mirrors.aliyun.com/repo/epel-7.repo
dest: /etc/yum.repos.d/epel.repo
- name: 03-yum-makecache
shell: yum makecache
- name: 04_install_server
yum:
name: "{{ packages }}"
vars:
packages:
- ntpdate
- lsof
- tree
- iftop
- iotop
- name: 05_create_group
group:
name: www
gid: 666
- name: 06_create_user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
- name: 07_create_dir
file:
path: "{{ item }}"
state: directory
mode: 755
loop:
- /data
- /server/scripts
- name: 08_cron_ntpdate
cron:
name: Time_Update
minute: "*/5"
job: '/sbin/ntpdate time1.aliyun.com'
- name: 09_copy_ssh
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
mode: 600
backup: yes
notify: restart sshd
2.2 编写jinja模板
[root@m01-61 templates]# cat sshd_config.j2
ListenAddress {{ ansible_facts.eth0.ipv4.address }} ##修改sshd运行的ip地址,只是测试而已,实际配置中视情况而定
2.3 编写handlers文件
[root@m01 ~]# cat /etc/ansible/roles/init/handlers/main.yml
- name: restart sshd
service:
name: sshd
state: restarted
2.4 创建roles任务
进入roles目录下
[root@m01-61 templates]# cd /etc/ansible/roles/
[root@m01-61 roles]# vim init.yaml
- hosts: web
roles:
- init
三:nfs角色剧本
3.1 创建task任务
[root@m01-61 nfs]# cd tasks/
[root@m01-61 tasks]# cat main.yaml
- name: 01-install nfs-server
yum:
name: nfs-utils
state: installed
- name: 02-copy-config-file
template:
src: exports.j2
dest: /etc/exports
backup: yes
notify:
- restart nfs
- name: 06-service-start
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- rpcbind
- nfs-server
- name: 08-show status
shell: showmount -e
3.2 创建jinja模板
[root@m01-61 tasks]# cat ../templates/exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
3.3 创建handlers模板
[root@m01-61 tasks]# cat ../handlers/main.yaml
- name: restart nfs
service:
name: nfs
state: restarted
3.4 创建roles任务
[root@m01-61 roles]# vim nfs.yaml
- hosts: nfs
roles:
- init ##可以同时应用2个roles,这里把init的roles在nfs之前执行
- nfs
四:rsync角色剧本
4.1 创建task任务
[root@m01-61 rsync]# cat tasks/main.yaml
- name: 01-installed-rsyncd
yum:
name: rsync
state: installed
- name: 02-config-file
template:
src: "{{ item.src }}"
dest: "/etc/{{ item.dest }}"
mode: "{{ item.mode }}"
backup: yes
loop:
- { src: 'rsyncd.conf.j2', dest: 'rsyncd.conf', mode: '0644' }
- { src: 'rsync.passwd.j2', dest: 'rsync.passwd', mode: '0600' }
notify:
- restart rsyncd
- name: 03-create-backup-dir
file:
dest: "{{ item }}"
state: directory
owner: www
group: www
loop:
- /backup
- /data
- name: 04-start-rsynd
service:
name: rsyncd
state: started
enabled: yes
4.2 创建jinja模板
[root@m01-61 rsync]# cat templates/rsyncd.conf.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ user_rsyncd }}
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
path = /backup
[data]
path = /data
4.3 创建var模板
[root@m01-61 rsync]# cat vars/main.yaml
user_rsyncd: rsync_backup
passwd_rsyncd: cxy123456
4.4 创建handlers模块
[root@m01-61 rsync]# cat handlers/main.yaml
- name: restart rsyncd
service:
name: rsyncd
state: restarted
4.5 创建roles角色任务
[root@m01-61 roles]# cat backup.yaml
- hosts: backup
roles:
- init
- rsync
网友评论