假设我们要写一个playbook来安装管理lamp环境,那么这个playbook就会写很长。所以我们希望把这个很大的文件分成多个功能拆分, 分成apache管理,php管理,mysql管理,然后在需要使用的时候直接调用就可以了,以免重复写。就类似编程里的模块化的概念,以达到代码复用的效果。
一、roles介绍
roles: ansible模块,类似于函数,完成一个任务的指令。每一个roles都有自己特定的目录结构,就是通过分别将variables, tasks及handlers等放置于单独的目录中,并可以便捷地调用它们的一种机制。
roles优点:
1)模块中指令较少,方便编写
2)重复调用方便
3)排错方便
二、创建roles的目录结构
files:用来存放由copy模块或script模块调用的文件。
tasks:至少有一个main.yml文件,定义各tasks。
handlers:有一个main.yml文件,定义各handlers。
templates:用来存放jinjia2模板。
vars:有一个main.yml文件,定义变量。
meta:有一个main.yml文件,定义此角色的特殊设定及其依赖关系。
注意: 在每个角色的目录中分别创建files, tasks,handlers,templates,vars和meta目录,用不到的目录可以创建为空目录.
三、案例1:CentOS7通过roles实现lamp
分析:需定制三个角色: httpd,mysql,php
3.1) 创建roles目录及文件,并确认目录结构
[root@manage01 ansible]# mkdir -p roles/{httpd,mysql,php}/{files,tasks,handlers,templates,vars,meta}
[root@manage01 ansible]# touch roles/{httpd,mysql,php}/{tasks,handlers,vars,meta}/main.yml
[root@manage01 ansible]# tree roles/
roles/
├── httpd
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
├── mysql
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
└── php
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
└── main.yml
21 directories, 12 files
3.2)准备httpd服务器的主页文件,php测试页和配置文件等
[root@manage01 ~]# cd /etc/ansible/roles
[root@manage01 roles]# vim httpd/files/phpinfo.php
<?php
phpinfo();
?>
[root@manage01 roles]# vim httpd/files/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
<VirtualHost *:80>
DocumentRoot "/var/www/html"
</VirtualHost>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
[root@manage01 roles]# vim php/files/www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.owner = www
listen.group = www
listen.mode = 0660
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
3.3)编写httpd角色的main.yml文件
[root@manage01 roles]# vim httpd/tasks/main.yml
- name: httpd httpd-devel httpd-manual软件包安装
yum: name={{item}} state=latest
with_items:
- httpd
- httpd-devel
- httpd-manual
- name: 创建apache管理用户 www
user: name={{user}} state=present
- name: 设置apache开机启动,并启动服务
service: name=httpd enabled=yes state=started
- name: 拷贝配置文件,初始化业务
copy: src=/etc/ansible/roles/httpd/files/httpd.conf dest=/etc/httpd/conf/httpd.conf
notify:
- restart apache
- name: 拷贝php测试页面
copy: src=/etc/ansible/roles/httpd/files/phpinfo.php dest=/var/www/html/
[root@manage01 roles]# vim httpd/vars/main.yml
user: www
[root@manage01 roles]# vim httpd/handlers/main.yml
- name: restart apache
service: name=httpd state=restarted
3.4)编写mysql角色的main.yml文件
[root@manage01 ansible]# ls roles/php/files/
www.conf
[root@manage01 roles]# vim mysql/tasks/main.yml
- name: mysql 用户创建
user: name={{user}} state=present
- name: mysql 软件安装
yum: name={{item}} state=latest
with_items:
- mariadb
- mariadb-server
- name: 启动服务,并设置开机启动
service: name=mariadb enabled=yes state=started
- name: 改变mysql文件的所有者为mysql
file: path='/usr/lib/mysql' owner={{user}} group={{user}} recurse=yes
[root@manage01 roles]# vim mysql/vars/main.yml
user: mysql
3.5):编写php角色的main.yml文件
[root@manage01 roles]# vim php/tasks/main.yml
- name: 安装php
yum: name={{item}} state=latest
with_items:
- php
- php-mysqlnd
- php-gd
- php-ldap
- php-odbc
- php-pear
- php-xml
- php-xmlrpc
- php-mbstring
- php-snmp
- php-soap
- curl
- curl-devel
- php-bcmath
- php-fpm
- name: copy www.conf to /etc/php-fpm.d
copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d force=yes
notify:
- restart php-fpm
[root@manage01 roles]# vim php/handlers/main.yml
- name: restart php-fpm
service: name=php-fpm state=restarted
3.6)编写lamp的playbook文件调用前面定义好的三个角色
[root@manage01 yaml]# vim lamp.yml
---
- hosts: group1
remote_user: root
roles:
- httpd
- mysql
- php
3.7) 执行lamp的playbook文件
# 配置局域网yum源
[root@manage01 yaml]# ansible group1 -m get_url -a "url=http://192.168.123.200/mirrors/local.repo dest=/etc/yum.repos.d/"
[root@manage01 yaml]# ansible-playbook -C lamp.yml
[root@manage01 yaml]# ansible-playbook lamp.yml
3.8) 测试业务机器
四、案例2:Ubuntu 22.04 环境下 LNMP(Linux + Nginx + MySQL + PHP)架构,并且实现 WordPress 的动静分离。
项目结构
lnmp-wordpress-deployment/
├── ansible.cfg
├── hosts
├── roles
│ ├── nfs_server
│ │ ├── tasks
│ │ │ └── main.yml
│ ├── nginx_frontend
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── nginx.conf.j2
│ │ ├── handlers
│ │ │ └── main.yml
│ ├── php_fpm
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── www.conf.j2
│ │ ├── handlers
│ │ │ └── main.yml
│ ├── nginx_image
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── image_server.conf.j2
│ │ ├── handlers
│ │ │ └── main.yml
│ ├── mysql_server
│ │ ├── tasks
│ │ │ └── main.yml
│ ├── wordpress_config
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── wp-config.php.j2
└── site.yml
结构目录创建脚本
#!/bin/bash
# 创建主目录
mkdir -p lnmp-wordpress-deployment/roles
cd lnmp-wordpress-deployment
# 创建顶层文件
touch ansible.cfg hosts site.yml
# 定义角色列表
roles=("nfs_server" "nginx_frontend" "php_fpm" "nginx_image" "mysql_server" "wordpress_config")
# 为每个角色创建目录结构
for role in "${roles[@]}"; do
mkdir -p roles/$role/{tasks,templates,handlers}
touch roles/$role/tasks/main.yml
if [ "$role" == "nginx_frontend" ] || [ "$role" == "php_fpm" ] || [ "$role" == "nginx_image" ] || [ "$role" == "wordpress_config" ]; then
touch roles/$role/templates/$(echo $role | tr '_' '-').conf.j2
fi
if [ "$role" == "nginx_frontend" ] || [ "$role" == "php_fpm" ] || [ "$role" == "nginx_image" ]; then
touch roles/$role/handlers/main.yml
fi
done
echo "目录结构创建完成!"
使用说明
- 将上述脚本保存为
create_dir_structure.sh。 - 赋予脚本执行权限:
chmod +x create_dir_structure.sh。 - 运行脚本:
./create_dir_structure.sh。
详细文件内容及注释
ansible.cfg
[defaults]
# 指定主机清单文件
inventory = hosts
# 指定远程连接的用户,需根据实际情况修改
remote_user = your_user
# 询问 sudo 密码
ask_sudo_pass = yes
hosts
[nfs_servers]
# NFS 服务器 IP 地址
192.168.8.20
[nginx_frontend_servers]
# 前端 Nginx 服务器 IP 地址
192.168.8.21
[php_fpm_servers]
# PHP-FPM 服务器 IP 地址
192.168.8.22
[nginx_image_servers]
# 图片服务器(Nginx)IP 地址
192.168.8.23
[mysql_servers]
# MySQL 服务器 IP 地址
192.168.8.24
[all:vars]
# 指定 Python 解释器路径
ansible_python_interpreter=/usr/bin/python3
# NFS 服务器 IP 地址
nfs_server_ip = 192.168.8.20
# NFS 共享目录
nfs_share_dir = /app/blog
# WordPress 数据库名称
wordpress_db_name = wordpress
# WordPress 数据库用户名
wordpress_db_user = wordpress
# WordPress 数据库用户密码
wordpress_db_password = admin1234
# WordPress 数据库主机地址
wordpress_db_host = 192.168.8.24
# PHP-FPM 服务器 IP 地址
php_fpm_server_ip = 192.168.8.22
# 图片服务器 IP 地址
image_server_ip = 192.168.8.23
roles/nfs_server/tasks/main.yml
---
- name: Install NFS kernel server
# 安装 NFS 内核服务器软件包
apt:
name: nfs-kernel-server
state: present
update_cache: yes
- name: Create NFS shared directory
# 创建 NFS 共享目录
file:
path: "{{ nfs_share_dir }}"
state: directory
mode: '0755'
- name: Configure NFS exports
# 配置 NFS 共享目录的导出规则,只允许内网网段挂载
lineinfile:
path: /etc/exports
line: "{{ nfs_share_dir }} 192.168.8.0/24(rw,sync,root_squash,no_all_squash,no_subtree_check)"
create: yes
- name: Restart NFS service
# 重启 NFS 服务并设置为开机自启
service:
name: nfs-kernel-server
state: restarted
enabled: yes
- name: Download and extract WordPress
# 下载并解压 WordPress 到 NFS 共享目录
block:
- name: Download WordPress
get_url:
url: http://192.168.123.200/Software/wordpress-6.6.1-zh_CN.zip
dest: "{{ nfs_share_dir }}/wordpress-6.6.1-zh_CN.zip"
- name: Extract WordPress
unarchive:
src: "{{ nfs_share_dir }}/wordpress-6.6.1-zh_CN.zip"
dest: "{{ nfs_share_dir }}"
remote_src: yes
args:
chdir: "{{ nfs_share_dir }}"
roles/nginx_frontend/tasks/main.yml
---
- name: Install NFS common
# 安装 NFS 客户端依赖软件包
apt:
name: nfs-common
state: present
update_cache: yes
- name: Create NFS mount directory
# 创建用于挂载 NFS 共享目录的本地目录
file:
path: "{{ nfs_share_dir }}"
state: directory
mode: '0755'
- name: Mount NFS share
# 挂载 NFS 共享目录到本地
mount:
path: "{{ nfs_share_dir }}"
src: "{{ nfs_server_ip }}:{{ nfs_share_dir }}"
fstype: nfs
state: mounted
- name: Install Nginx
# 安装 Nginx 服务器软件包
apt:
name: nginx
state: present
update_cache: yes
- name: Configure Nginx
# 使用模板文件配置 Nginx 服务器
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify:
- Restart Nginx
roles/nginx_frontend/templates/nginx.conf.j2
http {
# 定义日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 指定访问日志文件路径和使用的日志格式
access_log /var/log/nginx/access.log main;
# 开启文件高效传输模式
sendfile on;
# 开启 TCP 无推送模式
tcp_nopush on;
# 开启 TCP 无延迟模式
tcp_nodelay on;
# 设置保持连接的超时时间
keepalive_timeout 65;
# 设置类型哈希表的最大大小
types_hash_max_size 2048;
# 包含 MIME 类型配置文件
include /etc/nginx/mime.types;
# 设置默认的文件类型
default_type application/octet-stream;
# 包含其他自定义配置文件
include /etc/nginx/conf.d/*.conf;
server {
# 监听 80 端口并作为默认服务器
listen 80 default_server;
# 服务器名称,可根据实际情况修改
server_name www.test.com;
# 设置默认的索引文件
index index.php index.html;
# 设置网站根目录为 NFS 挂载点
root {{ nfs_share_dir }};
# 包含默认配置文件
include /etc/nginx/default.d/*.conf;
# 匹配以 .php 结尾的请求,转发到 PHP-FPM 服务器处理
location ~* \.php$ {
fastcgi_pass {{ php_fpm_server_ip }}:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME {{ nfs_share_dir }}$fastcgi_script_name;
include fastcgi_params;
}
# 匹配以 .jpg 或 .gif 结尾的请求,转发到图片服务器处理
location ~* \.(jpg|gif)$ {
proxy_pass http://{{ image_server_ip }}:80;
}
# 配置 404 错误页面
error_page 404 /404.html;
location = /40x.html {
}
# 配置 500、502、503、504 错误页面
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
roles/nginx_frontend/handlers/main.yml
---
- name: Restart Nginx
# 重启 Nginx 服务,使配置更改生效
service:
name: nginx
state: restarted
roles/php_fpm/tasks/main.yml
---
- name: Install NFS common
# 安装 NFS 客户端依赖软件包
apt:
name: nfs-common
state: present
update_cache: yes
- name: Create NFS mount directory
# 创建用于挂载 NFS 共享目录的本地目录
file:
path: "{{ nfs_share_dir }}"
state: directory
mode: '0755'
- name: Mount NFS share
# 挂载 NFS 共享目录到本地
mount:
path: "{{ nfs_share_dir }}"
src: "{{ nfs_server_ip }}:{{ nfs_share_dir }}"
fstype: nfs
state: mounted
- name: Install PHP-FPM and MySQL extension
# 安装 PHP-FPM 和 MySQL 扩展软件包
apt:
name:
- php-fpm
- php-mysql
state: present
update_cache: yes
- name: Configure PHP-FPM
# 使用模板文件配置 PHP-FPM 服务
template:
src: www.conf.j2
dest: /etc/php/8.1/fpm/pool.d/www.conf
notify:
- Restart PHP-FPM
roles/php_fpm/templates/www.conf.j2
[www]
# 监听 9000 端口
listen = 9000
# 注释掉该行,允许所有 IP 访问
; listen.allowed_clients = 127.0.0.1
roles/php_fpm/handlers/main.yml
---
- name: Restart PHP-FPM
# 重启 PHP-FPM 服务,使配置更改生效
service:
name: php8.1-fpm
state: restarted
roles/nginx_image/tasks/main.yml
---
- name: Install Nginx and NFS common
# 安装 Nginx 服务器和 NFS 客户端依赖软件包
apt:
name:
- nginx
- nfs-common
state: present
update_cache: yes
- name: Create NFS mount directory
# 创建用于挂载 NFS 共享目录的本地目录
file:
path: "{{ nfs_share_dir }}"
state: directory
mode: '0755'
- name: Mount NFS share
# 挂载 NFS 共享目录到本地
mount:
path: "{{ nfs_share_dir }}"
src: "{{ nfs_server_ip }}:{{ nfs_share_dir }}"
fstype: nfs
state: mounted
- name: Configure Image server Nginx
# 使用模板文件配置图片服务器的 Nginx
template:
src: image_server.conf.j2
dest: /etc/nginx/sites-available/default
notify:
- Restart Nginx
roles/nginx_image/templates/image_server.conf.j2
server {
# 设置网站根目录为 NFS 挂载点
root {{ nfs_share_dir }};
}
roles/nginx_image/handlers/main.yml
---
- name: Restart Nginx
# 重启图片服务器的 Nginx 服务,使配置更改生效
service:
name: nginx
state: restarted
roles/mysql_server/tasks/main.yml
---
- name: Install MySQL server
# 安装 MySQL 服务器软件包
apt:
name: mysql-server
state: present
update_cache: yes
- name: Create WordPress database
# 创建 WordPress 数据库
mysql_db:
name: "{{ wordpress_db_name }}"
state: present
encoding: utf8mb4
- name: Create WordPress database user
# 创建 WordPress 数据库用户并授予权限
mysql_user:
name: "{{ wordpress_db_user }}"
password: "{{ wordpress_db_password }}"
priv: "{{ wordpress_db_name }}.*:ALL"
host: "192.168.8.%"
state: present
roles/wordpress_config/tasks/main.yml
---
- name: Copy WordPress config sample
# 复制 WordPress 配置示例文件为正式配置文件
copy:
src: "{{ nfs_share_dir }}/wordpress/wp-config-sample.php"
dest: "{{ nfs_share_dir }}/wordpress/wp-config.php"
remote_src: yes
- name: Configure WordPress
# 使用模板文件配置 WordPress 数据库连接信息
template:
src: wp-config.php.j2
dest: "{{ nfs_share_dir }}/wordpress/wp-config.php"
roles/wordpress_config/templates/wp-config.php.j2
<?php
// 定义 WordPress 数据库名称
define('DB_NAME', '{{ wordpress_db_name }}');
// 定义 WordPress 数据库用户名
define('DB_USER', '{{ wordpress_db_user }}');
// 定义 WordPress 数据库用户密码
define('DB_PASSWORD', '{{ wordpress_db_password }}');
// 定义 WordPress 数据库主机地址
define('DB_HOST', '{{ wordpress_db_host }}');
// 定义数据库字符集
define('DB_CHARSET', 'utf8mb4');
// 定义数据库排序规则
define('DB_COLLATE', '');
// 定义 WordPress 数据库表前缀
$table_prefix = 'wp_';
// 关闭 WordPress 调试模式
define('WP_DEBUG', false);
// 定义 WordPress 安装目录的绝对路径
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
// 引入 WordPress 核心设置文件
require_once(ABSPATH . 'wp-settings.php');
site.yml
---
- name: Configure NFS server
# 配置 NFS 服务器
hosts: nfs_servers
roles:
- nfs_server
- name: Configure Frontend Nginx server
# 配置前端 Nginx 服务器
hosts: nginx_frontend_servers
roles:
- nginx_frontend
- name: Configure PHP-FPM server
# 配置 PHP-FPM 服务器
hosts: php_fpm_servers
roles:
- php_fpm
- name: Configure Image server
# 配置图片服务器
hosts: nginx_image_servers
roles:
- nginx_image
- name: Configure MySQL server
# 配置 MySQL 服务器
hosts: mysql_servers
roles:
- mysql_server
- name: Configure WordPress
# 配置 WordPress 网站
hosts: nginx_frontend_servers
roles:
- wordpress_config
运行playbook
- 按照注释修改各个文件中的相关配置信息。
- 运行
ansible-playbook site.yml执行部署。