roles用于层次性、结构化地组织playbook。roles能够根据层次型结构自动装载变量文件、tasks以及handlers等。要使用roles只需要在playbook中使用include指令引入即可。
简单来讲,roles就是通过分别将变量、文件、任务、模板及处理器放置于单独的目录中,并可以便捷的include它们的一种机制。roles一般用于基于主机构建服务的场景中,但也可以是用于构建守护进程等场景中。主要使用场景代码复用度较高的情况下。
把playbook剧本里的各个play看作为角色,将各个角色的tasks任务、vars变量、templates模板、files
mkdir /etc/ansible/roles/ -p #yum装完默认就有
mkdir /etc/ansible/roles/nginx
mkdir /etc/ansible/roles/mysql
mkdir /etc/ansible/roles/php
mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
cd /etc/ansible/roles/nginx/tasks
vim main.yml
#引用该目录下的init.yml
- include: init.yml
- name: nginx.repo
copy: src=nginx.repo dest=/etc/yum.repos.d/
- name: install nginx
yum: name={{pkg}} state=latest
- name: nginx congrustion file
template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf
notify: "reload nginx" #以上操作后为changed的状态时,会通过notify指定的名称触发对应名称的handlers操作
- name: index.php
copy: src=index.php dest={{root_dir}}
- name: start nginx
service: name={{svc}} state=started enabled=yes
#编写关闭防火墙任务
vim init.yml
- name: disable firewalld
service: name=firewalld state=started enabled=no
- name: stop selinux
shell: "/usr/sbin/setenforce 0"
ignore_errors: true
#handlers目录用于定义此角色中触发条件时执行的动作。
cd /etc/ansible/roles/nginx/handlers
vim main.yml
- name: reload nginx
service: name={{svc}} state=reloaded
准备default.conf文件
cp default.conf /etc/ansible/roles/nginx/templates/default.conf.j2
cd /etc/ansible/roles/nginx/templates
vim default.conf.j2
--2行--
listen {{nginxip_port}};
--8行--
root {{root_dir}};
--29行--
location ~ \.php$ {
root {{root_dir}};
fastcgi_pass {{passip_port}};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME {{root_dir}}$fastcgi_script_name;
include fastcgi_params;
}
#变量放在vars目录下
cd /etc/ansible/roles/nginx/vars
vim main.yml
pkg: nginx
svc: nginx
nginxip_port: 192.168.88.20:80
nginx_servername: www.web.com
root_dir: /usr/share/nginx/html
passip_port: 192.168.88.30:9000
#files目录存放由 copy 模块或 script 模块调用的文件
cd /etc/ansible/roles/nginx/files
vim index.php
vim nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
cd /etc/ansible/roles/php/tasks
vim main.yml
- name: rpm -Uvh php
shell: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: install php
yum: name={{pkg}} state=latest
- name: create user
user: name=php shell=/sbin/nologin create_home=no
- name: create directory
file: name=/usr/share/nginx/html state=directory
- name: copy index.php
copy: src=index.php dest=/usr/share/nginx/html
- name: php.ini
replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
notify: "reload php"
- name: user group
replace: path=/etc/php-fpm.d/www.conf regexp="apache" replace="php"
notify: "reload php"
- name: listen
replace: path=/etc/php-fpm.d/www.conf regexp="listen = 127.0.0.1:9000" replace="listen = 192.168.88.30:9000"
notify: "reload php"
- name: allow_clients
replace: path=/etc/php-fpm.d/www.conf regexp="listen.allowed_clients = 127.0.0.1" replace="listen.allowed_clients = 192.168.88.20"
notify: "reload php"
- name: start php-fpm
service: name=php-fpm state=started enabled=yes
vim /etc/ansible/roles/php/handlers/main.yml
- name: reload php
service: name=php-fpm state=reloaded
vim /etc/ansible/roles/mysql/tasks/main.yml
- name: remove mariadb*
yum: name=mariadb* state=absent
- name: rpm -ivh mysql
shell: rpm -ivh https://repo.mysql.com/mysql57-community-release-el7-11.noarch.rpm
ignore_errors: true
- name: mysql.repo
shell: sed -i 's/gpgcheck=1/gpgcheck=0/' /etc/yum.repos.d/mysql-community.repo
- name: install mysql
yum: name=mysql-server
- name: start mysql
service: name=mysqld.service state=started enabled=yes
- name: password.sh
script: password.sh
- name: remove mysql57
yum: name=mysql57-community-release-el7-10.noarch state=absent
vim /etc/ansible/roles/mysql/files/password.sh
passd=$(grep "password" /var/log/mysqld.log | awk '{print $NF}')
mysql -uroot -p"$passd" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';"
mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"
chmod +x roles/mysql/files/password.sh
vim /etc/ansible/hosts
[webservers]
192.168.88.20
[dbservers]
192.168.88.30
[mysql]
192.168.88.40
cd /etc/ansible
vim lnmp2.yml
- name: nginx
hosts: webservers
roles:
- nginx
- name: php
hosts: dbservers
roles:
- php
- name: mysql
hosts: mysql
roles:
- mysql
ansible-playbook lnmp2.yml