Ansible角色

1665 字
8 分钟
Ansible角色

Ansible角色#

[TOC]


彩蛋#

Ansible 有一个非常有趣的小彩蛋:当它检测到你的系统中安装了 cowsay 时,就会自动调用它,把原本枯燥的任务名称(比如 PLAY RECAPTASK [...])放进小牛的对话气泡里,让输出界面变得生动有趣

Terminal window
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
Client: ok=5 changed=3 failed=0 skipped=0 ignored=0
Server: ok=8 changed=6 failed=0 skipped=0 ignored=0

除了默认的小牛,cowsay 还有很多其他 ASCII 艺术图案

  • 查看可用图案:你可以运行 cowsay -l 来查看所有可用的图案
Terminal window
[root@Zabbix ~]# cowsay -l
Cow files in /usr/share/cowsay:
cheese cower default dragon dragon-and-cow elephant elephant-in-snake eyes milk.....

指定图案:你可以通过修改 Ansible 的配置文件 /etc/ansible/ansible.cfg 来指定默认使用的图案

Terminal window
# 在 [defaults] 部分添加或修改
[defaults]
# 设置为 'dragon',下次运行就会看到一条龙在说话
cow_selection = dragon

🚫 觉得太花哨?关掉它!

  • 个人觉得比默认的 * 好玩多了

编辑 Ansible 的主配置文件 /etc/ansible/ansible.cfg

Terminal window
# 在 [defaults] 部分
[defaults]
nocows = 1

概述#

  • ==roles== 是对playbook的一种重新编排
Terminal window
🛠️ 如何创建角色?
'ansible-galaxy init 角色名'
# 它能一键生成标准的目录结构
[root@m01 ansible]# mkdir roles
[root@m01 ansible]# cd roles/
[root@m01 roles]# ansible-galaxy init backup
- Role backup was created successfully
# roles/backup--->专门用来备份
'当然我们还可以在roles目录下创建别的'
[root@m01 roles]# tree ./backup/
./backup/
├── defaults ❌️
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta ❌️
│   └── main.yml
├── README.md ❌️
├── tasks
│   └── main.yml
├── templates
├── tests ❌️
│   ├── inventory
│   └── test.yml
└── vars
└── main.yml
# 我们先把没有用的删除掉!
[root@m01 roles]# cd backup/
[root@m01 backup]# rm -rf defaults/ meta/ tests/ README.md
[root@m01 backup]# tree
.
├── files # 静态文件
├── handlers # 触发器
│   └── main.yml✅️自动创建
├── tasks # 核心任务
│   └── main.yml✅️自动创建
├── templates # 模版文件(.j2)
└── vars # 固定变量
└── main.yml✅️自动创建
# 我们经常用的就这几个!
✅️我们直接在main.yml里面编写即可!

backup重构#

Terminal window
1)拷贝配置文件
# 到template目录下
[root@m01 backup]# cp ~/rsyncd.conf ./templates/rsyncd.conf.j2
# rsync的配置文件
[root@m01 backup]# cd templates/
[root@m01 templates]# echo rsync_backup:123 > rsync.passwd.j2
[root@m01 templates]# ls
rsyncd.conf.j2 rsync.passwd.j2
# 配置文件和密码文件
[root@m01 templates]# tree ../templates/
../templates/
├── rsyncd.conf.j2
└── rsync.passwd.j2
2)编辑核心剧本
[root@m01 templates]# cd ..
[root@m01 backup]# cd ..
# 要在roles目录下创建playbook
[root@m01 roles]# vim site.yml
# 从hosts开始写
- hosts: backup
# 后面要改为all,会有不同的角色!
roles:
- role: backup
when: ansible_hostname is match "backup"
# when判断和role对齐
# 只有主机为backup才执行
3)恢复快照&&免密登录
[root@m01 roles]# ssh-copy-id -i ~/.ssh/my_key.pub 172.16.1.41
[root@m01 roles]# ssh backup "hostname -I"
10.0.0.41 172.16.1.41
'密码成功'
4)检测与测试
[root@m01 roles]# ansible-playbook --syntax-check site.yml
playbook: site.yml
[root@m01 roles]# ansible-playbook site.yml
PLAY [backup]
**********************
TASK [Gathering Facts]
ok: [backup]
'收集信息'
**********************
TASK [backup : Install rsync server]
ok: [backup]
'安装rsync'
**********************
TASK [backup : Configure rsync file]
changed: [backup] => (item={'src': 'rsyncd.conf.j2', 'dest': '/etc/rsyncd.conf', 'mode': '0644'})
changed: [backup] => (item={'src': 'rsync.passwd.j2', 'dest': '/etc/rsync.passwd', 'mode': '0600'})
# 拷贝文件--->配置文&&密码文件
**********************
TASK [backup : Create group "www"]
changed: [backup]
"创建组"
**********************
TASK [backup : Create user "www"]
changed: [backup]
'创建用户'
**********************
TASK [backup : Create dir]
changed: [backup] => (item=/backup)
changed: [backup] => (item=/data)
'创建目录'
**********************
TASK [backup : Start rsync server]
changed: [backup]
'启动&&开机自启'
'测试验证'
[root@m01 roles]# rsync -avz /etc/passwd rsync_backup@172.16.1.41::backup
Password: ---'密码123'
sent 841 bytes received 43 bytes 353.60 bytes/sec
[root@backup ~]#ls /backup/passwd
/backup/passwd
  • roles/backup/vars/main.yml
    • 存放着固定变量
user: www
uid: 888
rc_port: 873
dir_1: /backup
dir_2: /data
  • roles/backup/template/rsyncd.conf.j2
    • 模版配置文件
uid = {{user}}
gid = {{user}}
port = {{rc_port}}
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file =/var/log/rsyncd.log
############################
[backup]
path = {{dir_1}}
[data]
path = {{dir_2}}

  • roles/backup/tasks/main.yml
    • 任务核心
- name: Install rsync server
yum:
name: rsync
state: present
- name: Configure rsync file
template:
src: "{{item.src}}"
dest: "{{item.dest}}"
mode: "{{item.mode}}"
notify: Restart rsync
# 只要修改了,就触发handler重启
loop:
# src能够自动识别template里面的模版文件
- src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
mode: "0644"
- src: rsync.passwd.j2
dest: /etc/rsync.passwd
mode: "0600"
- name: Create group "{{user}}"
group:
name: "{{user}}"
gid: "{{uid}}"
- name: Create user "{{user}}"
user:
name: "{{user}}"
uid: "{{uid}}"
group: "{{user}}"
shell: /sbin/nologin
create_home: false
- name: Create dir
file:
path: "{{item}}"
state: directory
owner: "{{user}}"
group: "{{user}}"
loop:
# 因为变量没有在路径中所以要加引号
# /tmp/{{dir}}-->这种不需要加引号
- "{{dir_1}}"
- "{{dir_2}}"
- name: Start rsync server
systemd:
name: rsyncd
state: started
enabled: yes
  • roles/backup/handlers/main.yml
    • 触发器,修改配置文件--->给handler发信号
- name: Restart rsync
# 和notify的名字相同
systemd:
name: rsyncd
state: restarted

nfs重构#

Terminal window
1)恢复快照&&免密
[root@m01 roles]# ssh-copy-id -i ~/.ssh/my_key.pub 172.16.1.31
[root@m01 roles]# ssh nfs01 "hostname -I"
10.0.0.31 172.16.1.31
2)创建角色
[root@m01 roles]# ansible-galaxy init nfs
- Role nfs was created successfully
[root@m01 roles]# cd nfs/
[root@m01 nfs]# ls
defaults files handlers meta README.md tasks templates tests vars
[root@m01 nfs]# rm -rf defaults/ meta/ README.md tests/
[root@m01 nfs]# ls
files handlers tasks templates vars
3)拷贝配置文件
[root@m01 nfs]# cp /home/ansible/exports ./templates/exports.j2
[root@m01 nfs]# cat ./templates/exports.j2
{{dir}} 172.16.1.0/24(rw,sync,all_squash,anonuid={{ id }},anongid={{ id }})
4)编辑核心剧本
[root@m01 nfs]# cd ..
# 继续上一个的写!
[root@m01 roles]# vim site.yml
- hosts: all
# 注意看自己的主机清单!
roles:
- role: backup
when: ansible_hostname is match "backup"
# when判断和role对齐
# 只有主机为backup才执行
- role: nfs
when: ansible_hostname is match "nfs"
[root@m01 roles]# tree nfs/
nfs/
├── files
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   └── exports.j2
└── vars
└── main.yml
5)测试&验证
[root@m01 roles]# ansible-playbook --syntax-check site.yml
playbook: site.yml
[root@m01 roles]# showmount -e 172.16.1.31
clnt_create: RPC: ❌️Unable to receive
[root@m01 roles]# ansible-playbook site.yml
TASK [backup : Install rsync server]
skipping: [db02]
skipping: [nfs01]
skipping: [web01]
skipping: [web02]
ok: [backup]
'只有backup执行,其他都跳过'
**********************
.................
'先跑第一个角色backup,再跑nfs'
**********************
TASK [nfs : Install nfs server]
skipping: [db02]
skipping: [backup]
skipping: [web02]
skipping: [web01]
ok: [nfs01]
'只有nfs执行!!'
**********************
nfs01 : ok=7 changed=6
[root@m01 roles]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/data/wp 172.16.1.0/24✅️
'没问题👌'
user: www
dir: /data/wp
id : 888
- name: Install nfs server
yum:
name: nfs-utils
state: present
- name: Configure nfs file
template:
src: exports.j2
dest: /etc/exports
notify: Restart nfs
- name: Create group "{{user}}"
group:
name: "{{user}}"
gid: "{{id}}"
- name: Create user "{{user}}"
user:
name: "{{user}}"
uid: "{{id}}"
group: "{{user}}"
shell: /sbin/nologin
create_home: false
- name: Create dir "{{dir}}"
# 递归创建了目录/data/wp
# 这两个目录的属主都是www
file:
path: "{{dir}}"
state: directory
owner: "{{user}}"
group: "{{user}}"
- name: Start NFS Server
systemd:
name: nfs
state: started
enabled: yes
- name: Restart nfs
systemd:
name: nfs
state: restarted

主配置文件#

Terminal window
[root@Zabbix ~]# tree /ansible/
/ansible/
└── roles
├── Client
│ ......
├── Server
......
└── site.yml
'hosts可以写在 - name '
- name: 配置 Server 主机
hosts: Server
roles:
- Server
- name: 配置 Client 主机
hosts: Client
roles:
- Client
- name: Server 测试验证
hosts: Server
tasks:
- name: Result test
shell: 'unbound-control dump_cache | grep jd.com'
register: result_end
- name: Print result_end
debug:
msg: "{{result_end.stdout_lines}}"

nginx重构#

mysql重构#

wordpress重构#

面试题#

Terminal window
请问用过ansible吗?
你都用来干啥?
用过、--->配置变更、数据收集facts模块(资产管理)、批量安装部署服务
那你用过哪些模块?
file copy template yum systemd cron handles vars when loop
我执行一条命令、但是看不到结果怎么办?
使用变量注册 register

文章分享

如果这篇文章对你有帮助,欢迎分享给更多人!

Ansible角色
https://www.kpyun.fun/posts/automation/ansible/ansible05/
作者
久棹
发布于
2026-06-10
许可协议
CC BY-NC-SA 4.0
Profile Image of the Author
久棹
只要胆子大,天天寒暑假!
公告
欢迎来到久棹的技术小站!本站专注 Linux 运维学习笔记分享,如有问题欢迎交流探讨 🎉
分类
标签
站点统计
文章
98
分类
11
标签
203
总字数
244,453
运行时长
0
最后活动
0 天前
站点信息
构建平台
Local
博客版本
Firefly v6.13.5
文章许可
CC BY-NC-SA 4.0

文章目录