Ansible模板实验案例分析之lamp_simple

本节通过对官方提供的Lamp_simle模板项目的分析简要分析一个项目的构架以及如何构建属于自己的playbook

运行：ansible-playbook -i hosts site.yml

项目结构：

├── group_vars
│   ├── all
│   └── dbservers
├── hosts
├── LICENSE.md
├── README.md
├── roles
│   ├── common
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   └── templates
│   │       └── ntp.conf.j2
│   ├── db
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   └── templates
│   │       └── my.cnf.j2
│   └── web
│       ├── handlers
│       │   └── main.yml
│       ├── tasks
│       │   ├── copy_code.yml
│       │   ├── install_httpd.yml
│       │   └── main.yml
│       └── templates
│           └── index.php.j2
└── site.yml

site.yml

---
# This playbook deploys the whole application stack in this site.

- name: apply common configuration to all nodes
  hosts: all
  remote_user: root

  roles:
    - common

- name: configure and deploy the webservers and application code
  hosts: webservers
  remote_user: root

  roles:
    - web

- name: deploy MySQL and configure the databases
  hosts: dbservers
  remote_user: root

  roles:
    - db

分析：包含三个角色 common web db

common

.
├── handlers
│   └── main.yml
├── tasks
│   └── main.yml
└── templates
    └── ntp.conf.j2

tasks/main.yml

---
# This playbook contains common plays that will be run on all nodes.

- name: Install ntp
  yum: name=ntp state=present
  tags: ntp

- name: Configure ntp file
  template: src=ntp.conf.j2 dest=/etc/ntp.conf
  tags: ntp
  notify: restart ntp

- name: Start the ntp service
  service: name=ntpd state=started enabled=yes
  tags: ntp

- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false

分析：安装ntp 配置ntp服务 启动ntp服务 启动防火墙

handler.yml #重启ntp服务

---
# Handler to handle common notifications. Handlers are called by other plays.
# See http://docs.ansible.com/playbooks_intro.html for more information about handlers.

- name: restart ntp
  service: name=ntpd state=restarted

处理web：

copy_code.yml :
install_httpd.yml
main.yml #用来引入copy_code.yml和install_httpd.yml 

main.yml

---
- include: install_httpd.yml
- include: copy_code.yml

install_httpd.yml

---
# These tasks install http and the php modules.

- name: Install http and php etc
  yum: name={{ item }} state=present
  with_items:
   - httpd
   - php
   - php-mysql
   - git
   - libsemanage-python
   - libselinux-python

- name: insert iptables rule for httpd
  lineinfile: dest=/etc/sysconfig/iptables create=yes state=present regexp="{{ httpd_port }}" insertafter="^:OUTPUT "
              line="-A INPUT -p tcp  --dport {{ httpd_port }} -j  ACCEPT"
  notify: restart iptables

- name: http service state
  service: name=httpd state=started enabled=yes

- name: Configure SELinux to allow httpd to connect to remote database
  seboolean: name=httpd_can_network_connect_db state=true persistent=yes
  when: sestatus.rc != 0

分析：安装 httpd php php-mysql git libsemanage-python libselinux-python

设置iptables 启动httpd 设置selinux

copy_code.yml

---
# These tasks are responsible for copying the latest dev/production code from
# the version control system.

- name: Copy the code from repository
  git: repo={{ repository }} dest=/var/www/html/

- name: Creates the index.php file
  template: src=index.php.j2 dest=/var/www/html/index.php

分析：
git: repo={{ repository }} dest=/var/www/html/
等价于：\
ansible localhost -m git -a "repo=https://github.com/bennojoy/mywebapp.git dest=/var/www/html/"

web变量：

httpd_port: 80
ntpserver: 192.168.1.2
repository: https://github.com/bennojoy/mywebapp.git

处理dbserver：

- name: Install Mysql package
  yum: name={{ item }} state=installed
  with_items:
   - mysql-server
   - MySQL-python
   - libselinux-python
   - libsemanage-python

- name: Configure SELinux to start mysql on any port
  seboolean: name=mysql_connect_any state=true persistent=yes
  when: sestatus.rc != 0

- name: Create Mysql configuration file
  template: src=my.cnf.j2 dest=/etc/my.cnf
  notify:
  - restart mysql

- name: Start Mysql Service
  service: name=mysqld state=started enabled=yes

- name: insert iptables rule
  lineinfile: dest=/etc/sysconfig/iptables state=present regexp="{{ mysql_port }}"
              insertafter="^:OUTPUT " line="-A INPUT -p tcp  --dport {{ mysql_port }} -j  ACCEPT"
  notify: restart iptables

- name: Create Application Database
  mysql_db: name={{ dbname }} state=present

- name: Create Application DB User
  mysql_user: name={{ dbuser }} password={{ upassword }} priv=*.*:ALL host='%' state=present

分析：

---
- name: restart mysql
  service: name=mysqld state=restarted

- name: restart iptables
  service: name=iptables state=restarted

Ansible快速学习法：

一：命令行操作
二：ansible 命令
三：构建playbook
四：利用角色重构

基本熟悉后利用项目进行反推 查缺补漏

项目下载：[email protected]:ansible/ansible-examples.git