预计阅读本页时间:-
4.6 角色
Ansible的角色(roles)是1.2版本引入的新特性,用于层次性结构地组织playbook。角色能够根据层次性结构自动装载vars变量文件、tasks及handlers等。下面将采用角色来差异性地配置webserver组的Nginx服务,被控端机器具体配置信息如表4-1所示。
表4-1 被控端机器详细配置表
广告:个人专属 VPN,独立 IP,无限流量,多机房切换,还可以屏蔽广告和恶意软件,每月最低仅 5 美元
这里要注意区别一下,被控端主机205的CPU核数为4,被控端主机206的CPU核数为2。下面将利用Ansible的角色功能差异化地配置被控端的Nginx配置文件。这里是将配置文件放置在/home/yhc/ansible/nginx目录下,其目录结构如下:
nginx├──
hosts├──
roles│
├──
common│
│
├──
files│
│
│
├──
epel-release-6-8.noarch.rpm│
│
│
└──
epel.repo│
│
├──
handlers│
│
└──
tasks│
│
└──
main.yml│
└──
nginx│
├──
handlers│
│
└──
main.yml│
├──
tasks│
│
└──
main.yml│
└──
templates│
└──
nginx.conf.j2└──
site.yml
其中,
·site.yml文件:为全局配置文件,一般来说,由此文件来引用角色,通过hosts参数来绑定角色对应的主机或组。
·hosts文件:非必选配置,用来指定主机或组,默认将引用/etc/ansible/hosts文件,通过-i参数来调用,例如:ansible-playbook-i hosts。
·common角色目录:此外添加了一个公共类角色common,一般作用于被控端机器,主要用于系统的基础服务,例如添加epel源、ntpdate自动对时、sysctl内核优化等。
·nginx目录:用于Nginx角色目录。
·files目录:存放有copy或script等模块调用的文件。
·vars目录:定义playbook运行时需要使用的变量。
·templates目录:template模块会自动在此目录中寻找jinja2模板文件并渲染。
·handlers目录:此目录中应当包含一个main.yml文件,用于定义各角色用到的各个handlers动作。
·tasks目录:此目录中至少要包含一个名为main.yml的文件,用于定义此角色的任务列表,可使用include指令。
1.site.yml文件
site.yml文件内容如下:
---
- name:configure and deploy the webserver
hosts:webserver
roles:
- common
- nginx
2.hosts文件
hosts文件内容如下所示:
[webserver]
192.168.1.205
192.168.1.206
语法和内容基本跟/etc/ansible/hosts一样,这里就不再详细描述了。
3.common角色目录
common角色目录对应了3个子目录:files、tasks和handles目录。
files目录下有epel.repo文件,方便利用copy模块推送至各控制端机器,因为CentOS官方源并没有提供Nginx的安装,所以这里采用epel进行安装,epel.repo文件内容如下所示:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
tasks目录下有main.yml文件,内容如下:
---
- name: Copy the EPEL repository definition
copy: src=epel.repo dest=/etc/yum.repos.d/epel.repo
- name: Create the GPG key for EPEL
command: rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
handlers目录目前无文件,是空目录,因为执行的copy和command命令无须handlers启动服务或重启机器,所以此目录暂时为空。虽然是空目录,但建议保留。
4.Nginx角色目录
Nginx角色目录对应3个子目录:tasks、templates和handlers目录。templates目录中nginx.conf.j2文件内容如下:
user nginx;
worker_processes {{ ansible_processor_cores }};
{% if ansible_processor_cores == 2 %}
worker_cpu_affinity 01 10;
{% elif ansible_processor_cores == 4 %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif ansible_processor_cores >= 8 %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 51200;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
在这个文件中,ansible_processor_cores变量是通过Facts组件获取到的,它在Ansible中是非常有用的组件,用于获取被控端主机的系统信息,包括主机名、操作系统、分区信息、硬件信息等,所以能够轻易地获取CPU核数,也可以通过运行ansible 192.168.1.206-m setup命令来获取206被控端机器的完整Facts信息,命令显示的部分结果如下(因内容过多,这里只截取部分内容):
192.168.1.206 | success >> {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"192.168.1.206"
],
"ansible_all_ipv6_addresses": [
"fe80::216:3eff:fe08:ea2b"
],
"ansible_architecture": "x86_64",
"ansible_bios_date": "",
"ansible_bios_version": "",
"ansible_cmdline": {
"KEYTABLE": "us",
"LANG": "en_US.UTF-8",
"SYSFONT": "latarcyrheb-sun16",
"console": "hvc0",
"quiet": true,
"rd_LVM_LV": "VolGroup/lv_root",
"rd_NO_DM": true,
"rd_NO_LUKS": true,
"rd_NO_MD": true,
"rhgb": true,
"ro": true,
"root": "/dev/mapper/VolGroup-lv_root"
},
"ansible_date_time": {
"date": "2015-11-29",
"day": "29",
"epoch": "1448799399",
"hour": "12",
"iso8601": "2015-11-29T12:16:39Z",
"iso8601_micro": "2015-11-29T12:16:39.648209Z",
"minute": "16",
"month": "11",
"second": "39",
"time": "12:16:39",
"tz": "UTC",
"tz_offset": "+0000",
"weekday": "Sunday",
"year": "2015"
},
我们可以通过管道符命令来获取所需要的Facts信息,例如CPU核数,命令如下所示:
ansible 192.168.1.206 –
m setup | grep ansible_processor_cores
命令显示结果如下所示:
ansible_processor_cores": 2,
还可以通过此命令来获取被控端FQDN完整名,并将其作为Apache配置文件中的ServerName参数值,命令如下所示:
"ansible_fqdn": "client2.example.com",
tasks目录中的main.yml文件内容如下所示:
---
- name: ensure nginx is thd lastest version
yum: name=nginx state=lastest
- name: Copy nginx configuration
template: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: restart nginx
- name: ensure nginx is running
service: name=nginx state=started
handlers目录中的main.yml文件内容如下:
- name: restart nginx
service: name=nginx state=restarted
运行角色,命令如下:
cd /home/yhc/ansible/nginx
ansible-playbook –
I hosts site.yml
命令显示结果如下所示:
PLAY [webserver] **************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.1.205]
ok: [192.168.1.206]
TASK: [common | Copy the EPEL repository definition] **************************
ok: [192.168.1.205]
ok: [192.168.1.206]
TASK: [common | Create the GPG key for EPEL] **********************************
changed: [192.168.1.205]
changed: [192.168.1.206]
TASK: [nginx | ensure nginx is thd latest version] ****************************
changed: [192.168.1.206]
changed: [192.168.1.205]
TASK: [nginx | Copy nginx configuration] **************************************
changed: [192.168.1.206]
changed: [192.168.1.205]
TASK: [nginx | ensure nginx is running] ***************************************
changed: [192.168.1.206]
changed: [192.168.1.205]
NOTIFIED: [nginx | restart nginx] *********************************************
changed: [192.168.1.206]
changed: [192.168.1.205]
PLAY RECAP ********************************************************************
192.168.1.205 : ok=7 changed=5 unreachable=0 failed=0
192.168.1.206 : ok=7 changed=5 unreachable=0 failed=0
现在来检查下webserver组两台机器的Nginx配置文件,命令如下:
ansible webserver -m command -a 'cat /etc/nginx/nginx.conf'
如果命令结果如下,则表示配置是成功的:
192.168.1.206 | success | rc=0 >>
user nginx;
worker_processes 2;
worker_cpu_affinity 01 10;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 51200;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
192.168.1.205 | success | rc=0 >>
user nginx;
worker_processes 4;
worker_cpu_affinity 1000 0100 0010 0001;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 51200;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}'
