第三章:Ansible角色(roles)
2019-10-17 本文已影响0人
chenkang
第一节:需求:使用ansible搭建Apache+Nfs+Lsyncd+Rsync服务(部署上传作业系统)
1.环境准备
| 角色 | 外网IP(NAT) | 内网IP(LAN) | 部署软件 |
|---|---|---|---|
| m01 | eth0:10.0.0.61 | eth1:172.16.1.61 | ansible |
| backup | eth0:10.0.0.41 | eth1:172.16.1.41 | rsync |
| nfs | eth0:10.0.0.31 | eth1:172.16.1.31 | nfs、lsyncd |
| web01 | eth0:10.0.0.7 | eth1:172.16.1.7 | httpd |
2.配置ansible主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web]
172.16.1.7
[nfs]
172.16.1.31
[backup]
172.16.1.41
3.检查对应的主机组和规划的IP是否一致
[root@m01 ~]# ansible web --list-host
hosts (1):
172.16.1.7
[root@m01 ~]# ansible backup --list-host
hosts (1):
172.16.1.41
[root@m01 ~]# ansible nfs --list-host
hosts (1):
172.16.1.31
[root@m01 ~]# ansible all --list-host
hosts (3):
172.16.1.31
172.16.1.41
172.16.1.7
4.变量的文件和内容
[root@m01 /roles]# cat group_vars/all
all_group: www
all_user: www
all_gid: 666
all_uid: 666
ssh_conf_path: /etc/ssh/sshd_config
rsyncd_conf_path: /etc/rsyncd.conf
rsync_passwd_path: /etc/rsync.passwd
module1_path: /backup
nfs_conf_path: /etc/exports
lsyncd_conf_path: /etc/lsyncd.conf
password_file: /etc/rsync.passwd
httpd_conf_path: /etc/httpd/conf/httpd.conf
kaoshi_path: /var/www/html
mounted_dir: 172.16.1.31:/data
第二节:roles的编写
1.准备role角色需要的目录
[root@m01 ~]#mkdir /roles/{base,nfs,rsync,lsyncd,http}/{tasks,handlers,templates,files} -p
第三节:编写base角色
- 关闭selinux
- 关闭firewalld
- 配置yum仓库
- 配置ssh服务,允许172网段可以连接
- 创建www用户和组指定uid、gid
- 安装常用的软件包
1.base的tasks信息
[root@m01 /roles]# cat base/tasks/main.yml
- name: Close Firewalld
service:
name: firewalld
state: stopped
enabled: no
- name: Close Selinux
selinux:
state: disabled
- name: Add {{ all_group }} Group
group:
name: "{{ all_group }}"
gid: "{{ all_gid }}"
- name: Add {{ all_user }} user
user:
name: "{{ all_user }}"
uid: "{{ all_uid }}"
group: "{{ all_group }}"
- name: SSH Config
template:
src: sshd_config.j2
dest: "{{ ssh_conf_path }}"
notify: Restarted sshd
- name: Add Base Yum Repo
yum_repository:
name: base
description: CentOS-Base.repo
baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
- name: Add Epel Yum Repo
yum_repository:
name: epel
description: epel_repo
baseurl: http://mirrors.aliyun.com/epel/7/$basearch
- name: Installed base packages
yum:
name: "{{ item }}"
state: present
loop:
- rsync
- nfs-utils
- net-tools
- lrzsz
- wget
- unzip
- vim
- tree
2.base的handlers信息
[root@m01 /roles]# cat base/handlers/main.yml
- name: Restarted sshd
service:
name: sshd
state: restarted
3.base的template文件渲染不同地址
[root@m01 /roles]# cat base/handlers/main.yml
#Port 22
#AddressFamily any
ListenAddress {{ ansible_all_ipv4_addresses[0] }}
#ListenAddress ::
第四节:编写rsync角色
- 下载rsync
- 配置 /etc/rsyncd.conf文件,设置监听重启
- 创建备份目录,并授权
- 创建密码文件并授权
- 启动rsyncd
1.rsync的tasks信息
[root@m01 /roles]# cat rsync/tasks/main.yml
- name: Yum Rsync Server
yum:
name: rsync
state: present
when: (ansible_hostname is match "backup")
- name: Groupadd {{ all_group }}
group:
name: "{{ all_group }}"
gid: "{{ all_gid }}"
- name: Useradd {{ user }}
user:
name: "{{ all_user }}"
uid: "{{ all_uid }}"
group: "{{ all_group }}"
- name: Configure Rsyncd.conf
template:
src: rsyncd.conf.j2
dest: "{{ rsyncd_conf_path }}"
notify: Restared Rsyncd Server
- name: Buckup Directory
file:
path: "{{ item }}"
owner: "{{ all_user }}"
group: "{{ all_group }}"
state: directory
loop:
- /backup
- name: Configure Rsync.passwd
template:
src: rsync.passwd.j2
dest: "{{ rsync_passwd_path }}"
mode: 0600
notify: Restared Rsyncd Server
- name: Started rsyncd Server
service:
name: rsyncd
state: started
enabled: yes
2.rsync的handlers信息
[root@m01 /roles]# cat rsync/handlers/main.yml
- name: Restared Rsyncd Server
service:
name: rsyncd
state: restarted
3.rysnc的template信息
[root@m01 /roles]# cat rsync/templates/rsyncd.conf.j2
uid = {{ all_uid }}
gid = {{ all_gid }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
comment = welcome to oldboyedu backup!
path = {{ module1_path }}
[root@m01 /roles]# cat rsync/templates/rsync.passwd.j2
rsync_backup:1
第五节:编写nfs角色
- 下载nfs-utils
- 配置 /etc/exports文件,设置监听
- 创建共享目录并授权
- 放置考试文件代码,解压并授权
- 启动nfs
1.nfs的tasks信息
- name: Yum NFS Server
yum:
name: nfs-utils
state: present
when: (ansible_hostname is match "nfs")
- name: Configure Nfs
template:
src: exports.j2
dest: "{{ nfs_conf_path }}"
backup: yes
notify: Restarted Nfs Server
- name: Nfs Directory
file:
path: "{{ item }}"
state: directory
owner: "{{ all_user }}"
group: "{{ all_group }}"
loop:
- /data
- name: Configure Html
unarchive:
src: kaoshi.zip
dest: /data
owner: "{{ all_user }}"
group: "{{ all_group }}"
- name: Started Nfs Server
service:
name: nfs
state: started
enabled: yes
2.nfs的handlers信息
[root@m01 /roles]# cat nfs/handlers/main.yml
- name: Restarted Nfs Server
service:
name: nfs
state: restarted
3.nfs的template信息
[root@m01 /roles]# cat nfs/templates/exports.j2
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
4.nfs的file信息
[root@m01 /roles]# ls nfs/files/
kaoshi.zip
第五节:编写lsyncd角色
- 下载lsyncd
- 配置 /etc/lsyncd.conf文件,设置监听
- 配置rsync.passwd密码文件并授权
- 启动lsyncd
1.lsyncd的tasks信息
[root@m01 /roles]# cat lsyncd/tasks/main.yml
- name: Yum Lsyncd Serrver
yum:
name: lsyncd
state: latest
- name: Configure Lsyncd Server
template:
src: lsyncd.conf.j2
dest: "{{ lsyncd_conf_path }}"
backup: yes
notify: Restarted Lsyncd Server
- name: Password File
template:
src: rsync.passwd.j2
dest: "{{ password_file }}"
mode: 0600
- name: Started Lsyncd Server
service:
name: lsyncd
state: started
2.lsyncd的handlers信息
[root@m01 /roles]# cat lsyncd/handlers/main.yml
- name: Restarted Lsyncd Server
service:
name: lsyncd
state: restarted
3.lsyncd的template信息
[root@m01 /roles]# cat lsyncd/templates/lsyncd.conf.j2
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data",
target = "rsync_backup@172.16.1.41::backup",
delete = true,
exclude = { "touch.sh" },
delay = 1,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "{{ password_file }}",
_extra = {"--bwlimit=200"}
}
}
第六节:编写http角色
- 安装httpd
- 配置httpd.conf 文件,并设置监听重启
- 挂载目录到nfs
- 设置防火墙规则,放行httpd的80端口(注释了)
1.httpd的tasks信息
[root@m01 /roles]# cat httpd/tasks/main.yml
- name: Yum Httpd Server
yum:
name: httpd
state: present
- name: Configure Httpd Server
template:
src: httpd.conf.j2
dest: "{{ httpd_conf_path }}"
backup: yes
notify: Restarted Httpd Server
- name: Mounted Directroy
mount:
path: "{{ kaoshi_path }}"
src: "{{ mounted_dir }}"
fstype: nfs
state: mounted
#- name: Firewalld
# firewalld:
# service: http
# permanent: yes
# immediate: yes
# state: enabled
- name: Started Httpd Server
service:
name: httpd
state: started
2.httpd的handlers信息
[root@m01 /roles]# cat httpd/handlers/main.yml
- name: Restarted Httpd Server
service:
name: httpd
state: restarted
3.lsyncd的template信息(只更改了httpd的启动用户)
[root@m01 /roles]# cat httpd/templates/httpd.conf.j2
User {{ all_user }}
Group {{ all_group }}
第七节:编写一个站点的palybook,来运行角色
[root@m01 /roles]# cat site.yml
- hosts: all
roles:
- role: base
- hosts: backup
roles:
- role: rsync
- hosts: nfs
roles:
- role: nfs
- role: lsyncd
- hosts: web
roles:
- role: httpd
