本节通过对官方提供的Lamp_simle模板项目的分析简要分析一个项目的构架以及如何构建属于自己的playbook
运行:ansible-playbook -i hosts site.yml
项目结构:
├── group_vars
│ ├── all
│ └── dbservers
├── hosts
├── LICENSE.md
├── README.md
├── roles
│ ├── common
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── ntp.conf.j2
│ ├── db
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── my.cnf.j2
│ └── web
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── copy_code.yml
│ │ ├── install_httpd.yml
│ │ └── main.yml
│ └── templates
│ └── index.php.j2
└── site.yml
site.yml
---
# This playbook deploys the whole application stack in this site.
- name: apply common configuration to all nodes
hosts: all
remote_user: root
roles:
- common
- name: configure and deploy the webservers and application code
hosts: webservers
remote_user: root
roles:
- web
- name: deploy MySQL and configure the databases
hosts: dbservers
remote_user: root
roles:
- db
分析:包含三个角色 common web db
common
.
├── handlers
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── ntp.conf.j2
tasks/main.yml
---
# This playbook contains common plays that will be run on all nodes.
- name: Install ntp
yum: name=ntp state=present
tags: ntp
- name: Configure ntp file
template: src=ntp.conf.j2 dest=/etc/ntp.conf
tags: ntp
notify: restart ntp
- name: Start the ntp service
service: name=ntpd state=started enabled=yes
tags: ntp
- name: test to see if selinux is running
command: getenforce
register: sestatus
changed_when: false
分析:安装ntp 配置ntp服务 启动ntp服务 启动防火墙
handler.yml #重启ntp服务
---
# Handler to handle common notifications. Handlers are called by other plays.
# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.
- name: restart ntp
service: name=ntpd state=restarted
处理web:
copy_code.yml :
install_httpd.yml
main.yml #用来引入copy_code.yml和install_httpd.yml
main.yml
---
- include: install_httpd.yml
- include: copy_code.yml
install_httpd.yml
---
# These tasks install http and the php modules.
- name: Install http and php etc
yum: name={{ item }} state=present
with_items:
- httpd
- php
- php-mysql
- git
- libsemanage-python
- libselinux-python
- name: insert iptables rule for httpd
lineinfile: dest=/etc/sysconfig/iptables create=yes state=present regexp="{{ httpd_port }}" insertafter="^:OUTPUT "
line="-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT"
notify: restart iptables
- name: http service state
service: name=httpd state=started enabled=yes
- name: Configure SELinux to allow httpd to connect to remote database
seboolean: name=httpd_can_network_connect_db state=true persistent=yes
when: sestatus.rc != 0
分析:安装 httpd php php-mysql git libsemanage-python libselinux-python
设置iptables 启动httpd 设置selinux
copy_code.yml
---
# These tasks are responsible for copying the latest dev/production code from
# the version control system.
- name: Copy the code from repository
git: repo={{ repository }} dest=/var/www/html/
- name: Creates the index.php file
template: src=index.php.j2 dest=/var/www/html/index.php
分析:
git: repo={{ repository }} dest=/var/www/html/
等价于:\
ansible localhost -m git -a "repo=https://github.com/bennojoy/mywebapp.git dest=/var/www/html/"
web变量:
httpd_port: 80
ntpserver: 192.168.1.2
repository: https://github.com/bennojoy/mywebapp.git
处理dbserver:
- name: Install Mysql package
yum: name={{ item }} state=installed
with_items:
- mysql-server
- MySQL-python
- libselinux-python
- libsemanage-python
- name: Configure SELinux to start mysql on any port
seboolean: name=mysql_connect_any state=true persistent=yes
when: sestatus.rc != 0
- name: Create Mysql configuration file
template: src=my.cnf.j2 dest=/etc/my.cnf
notify:
- restart mysql
- name: Start Mysql Service
service: name=mysqld state=started enabled=yes
- name: insert iptables rule
lineinfile: dest=/etc/sysconfig/iptables state=present regexp="{{ mysql_port }}"
insertafter="^:OUTPUT " line="-A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT"
notify: restart iptables
- name: Create Application Database
mysql_db: name={{ dbname }} state=present
- name: Create Application DB User
mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present
分析:
---
- name: restart mysql
service: name=mysqld state=restarted
- name: restart iptables
service: name=iptables state=restarted
Ansible快速学习法:
一:命令行操作
二:ansible 命令
三:构建playbook
四:利用角色重构
基本熟悉后利用项目进行反推 查缺补漏
项目下载:[email protected]:ansible/ansible-examples.git