Python自动化运维之playbook角色实战

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/chengqiuming/article/details/88089423

一 点睛

本实战有两个角色，一个是web角色，一个是公共类角色common。

common角色是从角色全局作用域中抽取出公共的部分，一般为系统的基础服务，比如ntp、iptables、selinux、sysctl等。本实战是针对ntp服务的管理。

二 playbook目录结构

playbook目录包括变量定义目录group_vars、主机组定义文件 hosts、全局配置文件site.yml、角色功能目录。

[root@localhost nginx]# tree
.
├── group_vars
│   ├── all
│   └── webservers
├── hosts
├── roles
│   ├── common
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   └── main.yml
│   │   ├── templates
│   │   │   └── ntp.conf.j2
│   │   └── vars
│   │       └── main.yml
│   └── web
│       ├── handlers
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           └── nginx2.conf
└── site.yml

11 directories, 11 files

三 定义主机组

以下定义了一个业务组webservers，成员为两台主机。

[webservers]
192.168.0.101
192.168.0.102

非必选配置，默认将引用/etc/ansible/hosts的参数，角色中自定义组与主机文件将通过“-i file”命令行参数调用，如ansible-playbook -i hosts 来调用。

四 定义主机或组变量

1 点睛

group_vars为定义组变量目录，目录当中的文件名要与组名保持一致，组变量文件定义的变量作为域只受限于该组，all代表所有主机。

2 示例

nginx/group_vars/all

[root@localhost group_vars]# cat all
---
# Variables listed here are applicable to all host groups

ntpserver: ntp.sjtu.edu.cn

nginx/group_vars/webservers

[root@localhost group_vars]# cat webservers
---
worker_processes: 4
num_cpus: 4
max_open_file: 65536
root: /data

五 全局配置文件site.yml

1 点睛

下面的全局配置文件引用了两个角色块，角色的应用范围及实现功能都不一样：

nginx/site.yml

[root@localhost nginx]# cat site.yml
---
- name: apply common configuration to all nodes
  hosts: all
  roles:
    - common

- name: configure and deploy the webservers and application code
  hosts: webservers
  roles:
    - web

全局配置文件site.yml引用了两个角色，一个为公共类的common， 另一个为web类，分别对应nginx/common、nginx/web目录。以此类推， 可以引用更多的角色，如db、nosql、hadoop等，前提是我们先要进行定义，通常情况下一个角色对应着一个特定功能服务。通过hosts参数来绑定角色对应的主机或组。

六 角色common的定义

角色common定义了handlers、tasks、templates、vars 4个功能类， 分别存放处理程序、任务列表、模板、变量的配置文件main.yml，需要注意的是，vars/main.yml中定义的变量优先级高于/nginx/group_vars/all。

handlers/main.yml

[root@localhost handlers]# cat main.yml
- name: restart ntp
  service: name=ntpd state=restarted

tasks/main.yml

[root@localhost tasks]# cat main.yml
- name: Install ntp
  yum: name=ntp state=present
#  tags: ntp

- name: Configure ntp file
  template: src=ntp.conf.j2 dest=/etc/ntp.conf
#  tags: ntp
  notify: restart ntp

- name: Start the ntp service
  service: name=ntpd state=started enabled=true
#  tags: ntp

- name: test to see if selinux is running
  command: getenforce
  register: sestatus
  changed_when: false

其中template：src=ntp.conf.j2引用模板时无需写路径，默认在上级 的templates目录中查找。

templates/ntp.conf.j2

driftfile /var/lib/ntp/drift
restrict 127.0.0.1
restrict -6 ::1

server {{ ntpserver }}

includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys

此处{{ntpserver}}将引用vars/main.yml定义的ntpserver变量。

vars/main.yml

[root@localhost vars]# cat main.yml
---
# Variables listed here are applicable to all host groups

ntpserver: 210.72.145.44

七 角色web的定义

角色web定义了handlers、tasks、templates三个功能类。

handlers/main.yml

[root@localhost handlers]# cat main.yml
- name: restart nginx
  service: name=nginx state=restarted

tasks/main.yml

[root@localhost web]# cat tasks/main.yml
- name: ensure nginx is at the latest version
  yum: pkg=nginx state=latest
- name: write the nginx config file
  template: src=nginx2.conf dest=/etc/nginx/nginx.conf
  notify:
  - restart nginx
- name: ensure nginx is running
  service: name=nginx state=started

templates/nginx2.conf

[root@localhost templates]# cat nginx2.conf
#version 1.1.4
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user              nginx;
worker_processes  {{ worker_processes }};
{% if num_cpus == 2 %}
worker_cpu_affinity 01 10;
{% elif num_cpus == 4 %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif num_cpus >= 8 %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}
worker_rlimit_nofile {{ max_open_file }};

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  {{ max_open_file }};
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  75;

    #gzip  on;
    
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    #include /etc/nginx/conf.d/*.conf;
    server {
        listen       80 default_server;
        server_name  _;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   {{ root }};
            index  index.html index.htm;
        }

        error_page  404              /404.html;
        location = /404.html {
            root   /usr/share/nginx/html;
        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

    }

}

八 运行角色

[root@localhost nginx]# pwd
/home/pyauto-master/9/ansible/playbooks/nginx
[root@localhost nginx]# ansible-playbook -i hosts site.yml -f 2

PLAY [apply common configuration to all nodes] *******************************************************

TASK [Gathering Facts] *******************************************************************************
ok: [192.168.0.102]
ok: [192.168.0.101]

TASK [common : Install ntp] **************************************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

TASK [common : Configure ntp file] *******************************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

TASK [common : Start the ntp service] ****************************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

TASK [common : test to see if selinux is running] ****************************************************
ok: [192.168.0.101]
ok: [192.168.0.102]

RUNNING HANDLER [common : restart ntp] ***************************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

PLAY [configure and deploy the webservers and application code] **************************************

TASK [Gathering Facts] *******************************************************************************
ok: [192.168.0.102]
ok: [192.168.0.101]

TASK [web : ensure nginx is at the latest version] ***************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

TASK [web : write the nginx config file] *************************************************************
changed: [192.168.0.102]
changed: [192.168.0.101]

TASK [web : ensure nginx is running] *****************************************************************
changed: [192.168.0.101]
changed: [192.168.0.102]

RUNNING HANDLER [web : restart nginx] ****************************************************************
changed: [192.168.0.101]
changed: [192.168.0.102]

PLAY RECAP *******************************************************************************************
192.168.0.101              : ok=11   changed=8    unreachable=0    failed=0   
192.168.0.102              : ok=11   changed=8    unreachable=0    failed=0