[开发工具]6.Ansible 角色管理

#### ansible roles ####
#ansible 角色简介#
* Ansible roles 是为了层次化，结构化的组织Playbook
* roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中，并可以便捷地include它们
* roles一般用于基于主机构建服务的场景中，在企业复杂业务场景中应用的频率很高
* 以特定的层级目录结构进行组织的tasks、variables、handlers、templates、files等；相当于函数的调用把各个功能切割成片段来执行。

#roles目录结构#

files?? ??? ?##存放copy或script等模块调用的函数
tasks?? ??? ?##定义各种task，要有main.yml，其他文件include包含调用
handlers?? ?##定义各种handlers，要有main.yml，其他文件include包含调用
vars?? ??? ?##定义variables，要有main.yml，其他文件include包含调用
templates?? ?##存储由template模块调用的模板文本
meta?? ??? ?##定义当前角色的特殊设定及其依赖关系，要有main.yml的文件??????? defaults?? ?##要有main.yml的文件，用于设定默认变量
tests?? ??? ?##用于测试角色

#role存放的路径在配置文件ansible.cfg中定义#
roles_path = path/roles? （默认目录：/etc/ansible/roles）

roles_path = ~/ansible/roles?? ?##写入当前用户家目录

#创建目录结构#
ansible-galaxy init apache?? ?##init 初始化
ansible-galaxy list ?? ??? ?##列出角色

#playbook中使用roles#
playbook中使用roles：
---
- hosts: server2
? roles:
??? - role: role1
??? - role: role2
????? var1: value1?? ??? ?##此处变量会覆盖roles中的定义变量

实验： 安装vsftpd
vim ansible.cfg
///roles_path = ~/ansible/roles
mkdir roles
cd roles
ansible-galaxy init vsftpd
cd -
ansible-galaxy list

cd vsftpd
ls
cd tasks?? ?##任务
vim main.yml
///
- name: install vsftpd
? dnf:
??? name: vsftpd
??? state: latest
? notify:
??? - restart vsftpd
??? - firewalld set

- name: set vsftpd
? lineinfile:
??? path: /etc/vsftpd/vsftpd.conf
??? regexp: "anonymous_enabled"
??? line: "anonymous_enabled={{ STATE }}"
? notify:
??? - restart vdftpd
///
cd -
cd handlers?? ?##触发器
vim main.yml
///
- name: restart vsftpd
? service:
??? name: vsftpd
??? state: restarted
??? enabled: yes

- name: firewalld set
? firewalld:
??? service: ftp
??? state: enabled
??? permanent: yes
??? immediate: yes
///
cd -
cd vars?? ??? ?##变量
vim main.yml
///
STATE: YES
///
cd -(ansible)
vim vsftpd.yml
///
---
- name: install vsftpd server
? hosts: all
? roles:
??? - role: vsdtpd?? ?##此处需要和ansible-galaxy init vsftpd相同
///
ansible-playbook vsftpd.yml

tips：
ctrl_v
I
插入内容
esc
enter

安装apache，访问主机为westos.westos.org(westos.westos.org)，linux.westos.org(linux.westos.org)，www.westos.org(www.westos.org)

cd roles
ansible-galaxy init vsftpd
cd -
ansible-galaxy list
cd roles/apache/vars
vim main.yml
///
WEBS:
? - docroot: /var/www/html
??? index: www.westos.org
? - docroot: /var/www/vhosts/westos.org/westos
??? name: westos.westos.org
??? index: westos.westos.org
? - docroot: /var/www/vhosts/westos.org/linux
??? name: linux.wesots.org
??? index: linux.westos.org
///

cd roles/apache/templates
vim vhosts.conf.j2
///
{%for vhost in WEBS%}
{%if vhost['name'] is not defined %}
<VirtualHost _default_:80>
{%endif%}

{%if vhost['name'] is defined %}
<VirtualHost *:80>
? ServerName {{vhost['name']}}
{%endif%}

DocumentRoot {{vhost['docroot']}}
</VirtualHost>
{%endfor%}
///

cd roles/apache/tasks
vim main.yml
///
- name: install httpd
? dnf:
??? name: httpd
??? state: latest
? notify:
??? - restart apache
??? - firewalld

- name: create documentroot
? file:
??? path: "{{ item.docroot}}"
??? state: directory
? loop:
??? "{{WEBS}}"

- name: create index.html
? copy:
??? dest: "{{ item.docroot }}/index.html"
??? content: "{{ item.index }}"
? loop:
??? "{{WEBS}}"

- name: set vhosts
? template:
??? src: vhosts.conf.j2
??? dest: /mnt/vhosts.conf
? notify: restart apache
///

cd roles/apache/handlers
vim main.yml
///
- name: restart apache
? service:
??? name: httpd
??? state: restarted
??? enabled: yes

- name: firewalld
? firewalld:
??? service: http
??? state: enabled
??? permanent: yes
??? immediate: yes
///

vim apache.yml(ansible目录下)
///
---
- name: install apache
? hosts: all
? roles:
??? - role: apache
///
ansible-playbook apache.yml

#控制任务执行顺序#

---
- hosts: server2
? roles:
??? - role: role1?? ?##角色任务
? pre_tasks:?? ??? ?##角色执行前执行的play
??? - tasks1
? tasks:?? ??? ?##普通任务
??? - tasks2
? post_tasks:?? ??? ?##在角色和普通任务执行完毕后执行的play
??? - tasks3
? handlers:

vim apache.yml
///
- name: install apache
? hosts: all
? roles:
??? - role: apache

? pre_tasks:
??? - name: show pre
????? debug:
?? ?msg: start
? post_tasks:
??? - name: show post
????? debug:
?? ?msg: end
///

#ansible—galaxy命令工具#
* Ansible Galaxy 是一个免费共享和下载 Ansible 角色的网站，可以帮助我们更好的定义和学习roles。
* ansible-galaxy命令默认与https://galaxy.ansible.com网站API通信，可以查找、下载各种社区开发的 Ansible 角色
* ansible-galaxy在 Ansible 1.4.2 就已经被包含了
* 在galaxy.ansible.com网站查询roles

#安装选择的角色#
网络共享的资源
https://galaxy.ansible.com
搜索nginx
ansible-galaxy install geerlingguy.nginx

本地协议#install local roles
先将本地的角色打包至指定目录，删除原有角色文件
cd roles
tar zcf /tmp/apache.tar.gz apache/
rm -rf apache/
将打包至指定目录的角色文件安装回来
在ansible目录下
vim install_apache_roles.yml
///
---
- src: file:///tmp/apache.tar.gz
? name: apache
///

ansible-galaxy? install -r install_apache_roles.yml

ansible-galaxy list
///apache

####系统角色
/usr/share/ansible/roles/?? ?##此目录下都为系统角色

安装包：
root用户下
dnf search role
dnf install rhel-system-roles.noarch -y
cd /usr/share/ansible/roles/
ls?? ??? ?##系统角色
cd rhel-system-roles.timesyn?? ?##时间同步
ls
cd ..
cp -r rhel-system-roles.timesync /home/devops/ansible/roles
su - devops
cd ansible
ansible-galaxy list
vim timesync.yml
///
---
- name: timesync server
? vars:
??? timesync_ntp_servers:
????? - hostname: 172.25.14.14
??????? iburst: yes
? hosts: all
? roles:
??? - rhel-system-roles.timesync
///
ansible 172.25.14.10 -m shell -a 'chronyc sources -v'

建一个名为/home/devops/ansible/hwreport.yml
此脚本将在受控主机生成/mnt/hwreport.txt
包含主机名称；以MB表示内容大小；BOIS版本；磁盘vda大小；磁盘vdb大小；输出文件的所有行都是用key=value的方式
从http://172.25.x.250/RHCE_EXAM/files/hwreport.empty文件并保存为/mnt/hwreport.txt
更改此文件
如果硬件信息不存在则其相关值为none

# Hardware report
HOST=inventoryhostname
MEMERY=memroy_in_MB
BIOS=BIOS_version
DISK_SIZE_VDA=disk_vda_size
DISK_SIZE_VDB=disk_vdb_size

ansible-doc -l | grep url
ansible 172.25.14.10 -m setup | less

vim hwreport.yml
///
---
- name: create hardware
? hosts: all
? tasks:
??? - name: download file
????? get_url:
??????? url: http://172.25.14.250/RHCE_EXAM/files/hwreport.empty
??????? dest: /mnt/hwreport.txt

??? - name: hostname
????? lineinfile:
??????? path: /mnt/hwreport.txt
??????? regexp: "{{item.name}}"
??????? line: "{{item.name}}={{item.value}}"
????? loop:
??????? - name: HOST
????????? value: "{{ansible_facts['fqdn']}}"
??????? - name: MEMERY
????????? value: "{{ansible_facts['memtotal_mb']}}MB"
??????? - name: BIOS
????????? value: "{{ansible_facts['bios_version']}}"
??????? - name: DISK_SIZE_VDA
????????? value: "{{ansible_facts['devices']['vda']['size']|default('NONE')}}"
??????? - name: DISK_SIZE_VDB
????????? value: "{{ansible_facts['devices']['vdb']['size']|default('NONE')}}"
///

创建一个名为/home/devops/ansible/issue.yml的playbook：
此playbook在所有清单主机中运行
该playbook会将/etc/issue的内容替换为下面所要求的一行文本
在dev主机组中的主机上，显示为：Development
在test主机组中的主机上，显示为：Test
在prod主机组中的主机上，显示为：Production

创建名为/home/devops/ansible/inventory的静态清单文件，满足以下要求：
172.25.14.10是dev主机组的成员
172.25.14.20是test主机组的成员
172.25.14.30是prod主机组的成员

vim inventory
///
[dev]
172.25.14.10
[test]
172.25.14.20
[prod]
172.25.14.30
///

vim issue.yml
///
---
- name: create issue
? hosts: all
? tasks:
??? - name: set issue
????? copy:
??????? tdest: /etc/issue
??????? content: "{{item.text}}"
????? loop:
??????? - name: dev
????????? text: Development
??????? - name: test
????????? text: Test
??????? - name: prod
????????? text: Production
????? when: inventory_hostname in groups['{{item.name}}']
///
ansible all -m shell -a 'cat /etc/issue'