roles目录结构
production #生产环境
staging #预上线环境
group_vars/ #主机组变量
group1.yml
group2.yml
host_vars/ # 主机的变量
hostname1.yml
hostname2.yml
library/ #第三方的库,不用装的话不用,开发用
module_utils/ # 开发用的
filter_plugins/ # 开发用的
site.yml #入口文件
webservers.yml #入口文件
dbservers.yml #入口文件
#可以有多个入口文件
roles/ # 总目录
common/ # 等同于理解为nginx
tasks/ # 固定的,等于说要把nginx的安装,启动,配置写里面
main.yml #本来是三个tasks,对应安装,配置,启动,最后拿main.yml去include,包含进来
handlers/ # 所有的触发器写这里
main.yml
templates/ # 放带变量的配置文件(jinja模板)
ntp.conf.j2
files/ # 放没有变量的配置文件,或者安装包
bar.txt
foo.sh
vars/ # 变量,如果变量不定义在group_vars或者host_vars上,就可以定义在这
main.yml
defaults/ # 存放变量,优先级比较低的变量(其实也无所谓)
main.yml
meta/ # 依赖,如果安装wdps,需要安装nginx,php,mysql,只要写包含之前写好nginx,mysql之类的安装,不需要再次重写
main.yml
library/ # 自己创建出来的没有这个库,一般来说没什么用,这三个,一个是库,一个是模块,一个是放插件的,开发用
module_utils/
lookup_plugins/
## 这几个是其他项目
webtier/
monitoring/
fooapp/
Ansible Galaxy创建目录
[root@m01 ~]# mkdir roles
[root@m01 ~]# cd roles/
[root@m01 roles]# ansible-galaxy init nginx
- Role nginx was created successfully
[root@m01 roles]# ll
total 0
drwxr-xr-x 10 root root 154 Jul 4 10:29 nginx
[root@m01 roles]# tree nginx/
nginx/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
使用roles重构rsync
创建项目
[root@m01 roles]# ansible-galaxy init rsync-client
- Role rsync-client was created successfully
[root@m01 roles]# ansible-galaxy init rsync-server
- Role rsync-server was created successfully
rsync-server
[root@m01 rsync-server]# tree
.
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
## 配置文件
[root@m01 ansible]# cat /root/roles/rsync-server/templates/rsyncd.j2
uid = {{ u_group }}
gid = {{ u_group }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ Rsync_user }}
secrets file = {{ Rsync_pass_file }}
log file = /var/log/rsyncd.log
#####################################
[{{ Rsync_dir }}]
comment = welcome to oldboyedu backup!
path = /{{ Rsync_dir }}
[{{ data_dir }}]
comment = welcome to oldboyedu backup!
path = /{{ data_dir }}
## tasks
[root@m01 ansible]# cat /root/roles/rsync-server/tasks/config_rsync.yml
- name: 推送rsync配置文件
template:
src: rsyncd.j2
dest: /etc/rsyncd.conf
notify: Restart Rsync
[root@m01 ansible]# cat /root/roles/rsync-server/tasks/server_rsync.yml
- name: 创建密码文件
copy:
content: "{{ rsync_user }}:{{ rsync_pass }}"
dest: /{{ rsync_pass_file }}
mode: 0600
- name: 创建rsync目录
file:
path: "{{ item }}"
owner: "{{ user_group }}"
group: "{{ user_group }}"
state: directory
with_items:
- /{{ rsync_dir }}
- /{{ nfs_dir }}
[root@m01 ansible]# cat /root/roles/rsync-server/tasks/start_rsync.yml
- name: 启动rsync
service:
name: rsyncd
state: started
enabled: True
[root@m01 ansible]# cat /root/roles/rsync-server/tasks/main.yml
---
# tasks file for rsync-server
- include: config_rsync.yml
- include: server_rsync.yml
- include: start_rsync.yml
## meta
[root@m01 ansible]# cat /root/roles/rsync-server/meta/main.yml
dependencies:
- {role: create-user}
- {role: rsync-client}
## handlers
[root@m01 ansible]# cat /root/roles/rsync-server/handlers/main.yml
---
# handlers file for rsync-server
- name: Restart Rsync
service:
name: rsyncd
state: restarted
wordpress目录规划
manager #
base #
create-user #
group_vars #
host_vars #
nginx
tasks:
install
config 只推主配置文件
start
meta:
create-user
php
rsync-server
tasks:
config
start
创建密码文件和目录
meta:
rsync-client
rsync-client
tasks:
install
nfs-server
tasks:
config
start
创建目录
meta:
nfs-client
nfs-client
tasks:
install
sersync
meta
nfs-client
rsync-client
tasks:
install
config
start
推送rsync密码文件
mysql
tasks
install
maraidb-server
MySQL-python
config
start
keepalived
loadbalance
meta
nginx
tasks
所有优化参数proxy_params
wordpress_db
tasks:
创建wp数据库
导入sql文件
创建wp用户
meta:
mysql
wordpress_lb
meta:
loadbalance
tasks:
推送负载均衡nginx配置文件
wordpress_web
meta:
create-user
nginx
php
nfs-client
tasks:
nginx配置文件
创建站点目录
部署wordpress代码
挂载nfs
ansible galaxy
ansible查找roles
[root@m01 ~]# ansible-galaxy search openvpn
[root@m01 ~]# ansible-galaxy search nginx
查看详细信息
[root@m01 ~]# ansible-galaxy info kostyrevaa.openvpn
[root@m01 ~]# ansible-galaxy info acandid.nginx
安装项目
[root@m01 ~]# ansible-galaxy install acandid.nginxansible vault
给playbook加密
## 加密
[root@m01 ~]# ansible-vault encrypt test.yml
New Vault password:
Confirm New Vault password:
Encryption successful
## 查看加密后的playbook
[root@m01 ~]# ansible-vault view test.yml
## 编辑加密后的playbook
[root@m01 ~]# ansible-vault edit test.yml
## 重置密码
[root@m01 ~]# ansible-vault rekey test.yml
Vault password:
New Vault password:
Confirm New Vault password:
Rekey successful
## 取消密码
[root@m01 ~]# ansible-vault decrypt test.yml
## 执行带密码的ansible playbook
[root@m01 ~]# echo 111 > /tmp/ansible.pass
[root@m01 ~]# ansible-playbook -i /root/ansible/manager/hosts test.yml --vault-password-file=/tmp/ansible.pass
