自动化运维之Ansible（十二）

roles中template、handler、when及tags的应用

在ansible的playbook中有template、notify-handler、when、及tags，来控制和管理ansible在部署服务时根据主机的不同，部署上不通的配置文件或者执行不同的操作。同样在roles中也能实现这样的功能，以下将演示这些功能在roles中的使用方法。

roles中template使用

roles中可以使用template让部署应用的配置文件进行模板化，可以实现根据需求的不通对各个主机上的配置文件做不同的改变，此处以创建nginx的角色为例来演示如何在roles中使用template

创建Nginx角色

1.创建相应的角色目录

#创建出nginx的角色目录结构
[root@ansible data]# mkdir -pv roles/nginx/{tasks,templates,files,vars,handlers}
mkdir: created directory ‘roles/nginx’
mkdir: created directory ‘roles/nginx/tasks’
mkdir: created directory ‘roles/nginx/templates’
mkdir: created directory ‘roles/nginx/files’
mkdir: created directory ‘roles/nginx/vars’
mkdir: created directory ‘roles/nginx/handlers’

2.将模板文件放入templates目录中，并对模板进行修改

#将nginx的配置文件复制到templates目录下添加j2后缀，并对其内部的参数进行修改
[root@ansible data]# cp /etc/nginx/nginx.conf /data/roles/nginx/templates/nginx.conf.j2
[root@ansible data]# vim /data/roles/nginx/templates/nginx.conf.j2
    server {
        listen       {{port}} default_server;             #此处使用变量代替端口号
        listen       [::]:{{port}} default_server;        #此处使用变量代替端口号

3.在vars目录中创建变量的定义文件

1
2
3

#在vars目录下创建一个main.yaml文件，在内部定义变量和值
[root@ansible data]# vim /data/roles/nginx/vars/main.yaml
port: 9527

4.在tasks目录下创建各task

#在tasks目录下创建每一步所需的task
[root@ansible data]# vim roles/nginx/tasks/install.yaml
- name: install
  yum: name=nginx

[root@ansible data]# vim roles/nginx/tasks/config.yaml
- name: config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf

[root@ansible data]# vim roles/nginx/tasks/html.yaml
- name: html
  copy: src=roles/httpd/files/index.html dest=/usr/share/nginx/html/index.html
  
[root@ansible data]# vim roles/nginx/tasks/service.yaml
- name: service
  service: name=nginx state=started

5.在tasks目录下创建执行顺序文件main.yaml

#在tasks目录下创建一个main.yaml文件在内部定义各task的执行次序
[root@ansible data]# vim roles/nginx/tasks/main.yaml
- include: install.yaml
- include: config.yaml
- include: html.yaml
- include: service.yaml

6.创建roles调用目录

#创建nginx的roles调用文件，在内部定义调用了那个roles。
[root@ansible data]# vim nginx.yaml
---
#install nginx
  - hosts: webserver

    roles:
      - role: nginx

7.测试检查

[root@ansible data]# ansible-playbook -C  nginx.yaml
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [nginx : install] *****************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : html] ********************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0

8.执行playbook

[root@ansible data]# ansible-playbook   nginx.yaml
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=5    changed=4    unreachable=0    failed=0
192.168.73.135             : ok=5    changed=4    unreachable=0    failed=0

9.验证nginx是否被部署

#使用curl命令测试网站是否被部署
[root@ansible data]# curl 192.168.73.134:9527
<h1>welcome to mylinuxops.com</h1>
[root@ansible data]# curl 192.168.73.135:9527
<h1>welcome to mylinuxops.com</h1>

roles中handler的使用

在roles中可以使用notify+handler，来触发某一特定的任务，其使用方法类似于playbook中的使用。此处以上一步中创建出的roles为例对其进行修改，让其实现当部署的nginx配置文件发生改变时触发服务重启的操作。

在roles中添加触发器

1.创建在handlers目录下创建handler

#在handlers目录下创建main.yaml文件，内部定义handler所要执行的动作
[root@ansible data]# vim roles/nginx/handlers/main.yaml
- name: restart service
  service: name=nginx state=restarted

2.在tasks中添加触发条件

#在tasks目录下定义config
[root@ansible data]# vim roles/nginx/tasks/config.yaml
- name: config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: restart service

3.对变量稍作修改

1 2	[root@ansible data]# vim roles/nginx/vars/main.yaml port: 1234

4.检查测试

[root@ansible data]# ansible-playbook -C  nginx.yaml
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : service] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=6    changed=2    unreachable=0    failed=0
192.168.73.135             : ok=6    changed=2    unreachable=0    failed=0

5.执行playbook

[root@ansible data]# ansible-playbook  nginx.yaml
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [nginx : service] *****************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.134             : ok=6    changed=2    unreachable=0    failed=0
192.168.73.135             : ok=6    changed=2    unreachable=0    failed=0

6.验证

[root@ansible data]# curl 192.168.73.134:1234
<h1>welcome to mylinuxops.com</h1>
[root@ansible data]# curl 192.168.73.135:1234
<h1>welcome to mylinuxops.com</h1>

role中when的使用

when在roles中的使用方法同playbook相同，使用when来做条件判断，来实现当系统版本不同时，应用不同的配置文件。

when在roles中的应用（一）

此处以上一节中httpd的角色为例加以修改，将其实现在centos6和centos7上使用不同的配置文件。192.168.73.132为1台centos6主机。

1.将httpd2.2的配置文件存放至file目录下

1	[root@ansible data]# cp ~/httpd6.conf roles/httpd/files/httpd6.conf #复制httpd2.2的配置文件到files目录下，此为centos6所使用的配置文件。

2.在tasks目录下添加centos6的task

[root@ansible data]# vim roles/httpd/tasks/config6.yaml         #添加任务复制配置文件到httpd配置文件目录

- name: config6
  copy: src=httpd6.conf dest=/etc/httpd/conf/httpd.conf

3.修改tasks目录下main.yaml的执行次序，加入条件判断

#修改tasks目录中的main.yaml文件，对系统做判断当系统为6时执行config6.yaml任务，当系统为7时执行config7.yaml任务，并通知restart service
[root@ansible data]# vim roles/httpd/tasks/main.yaml
- include: install.yaml
- include: config.yaml
  when: ansible_distribution_major_version == "7"
  notify: restart service
- include: config6.yaml
  when: ansible_distribution_major_version == "6"
  notfiy: restart service
- include: html.yaml
- include: service.yaml

4.在handlers目录下加入handler

#在上一步中定义了notify所以此处需要定义，触发所执行的动作是什么，在handler目录下创建main.yaml文件，编写restart service所要执行的任务。
[root@ansible data]# vim roles/httpd/handlers/main.yaml
- name: restart service
  service: name=httpd state=restarted

5.检查测试

[root@ansible data]# ansible-playbook -C httpd.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see:
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently
supported syntax regarding included files and variables. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
changed: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : service start] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=1    unreachable=0    failed=0
192.168.73.134             : ok=5    changed=0    unreachable=0    failed=0
192.168.73.135             : ok=5    changed=0    unreachable=0    failed=0

6.执行playbook

[root@ansible data]# ansible-playbook  httpd.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see:
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently
supported syntax regarding included files and variables. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.

PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.135]
ok: [192.168.73.134]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
ok: [192.168.73.134]
ok: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
ok: [192.168.73.132]
ok: [192.168.73.134]
ok: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=1    unreachable=0    failed=0
192.168.73.134             : ok=5    changed=0    unreachable=0    failed=0
192.168.73.135             : ok=5    changed=0    unreachable=0    failed=0

7.校验centos6主机上的httpd服务是否启动

1 2	[root@ansible data]# curl 192.168.73.132:9527 <h1>welcome to mylinuxops.com</h1>

when在roles中的应用（二）

在上一步骤中将wehn放在了task中实现了不通的系统版本使用不同的配置文件。我们也可以将条件判断放在role调用中，实现根据条件的不同来执行不同的roles。

当系统为centos7时安装nginx，系统为centos6时安装httpd

1.创建roles调用文件

#在roles调用文件中进行判断，当远程主机的系统版本号为centos6时部署httpd，远程主机的系统版本号为centos7时部署nginx服务。
[root@ansible data]# vim web.yaml
---
#intsall web
- hosts: webserver

  roles:
    - role: nginx
      when: ansible_distribution_major_version == "7"
    - role: httpd
      when: ansible_distribution_major_version == "6"

2.检查语法错误

[root@ansible data]# ansible-playbook -C  web.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see:
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently
supported syntax regarding included files and variables. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : config] ******************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : html] ********************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [httpd : install httpd] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
skipping: [192.168.73.132]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.134]
changed: [192.168.73.135]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=3    unreachable=0    failed=0
192.168.73.134             : ok=6    changed=5    unreachable=0    failed=0
192.168.73.135             : ok=6    changed=5    unreachable=0    failed=0

3.执行playbook

[root@ansible data]# ansible-playbook  web.yaml
[DEPRECATION WARNING]: Specifying include variables at the top-level of the task is deprecated. Please see:
https://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse   for currently
supported syntax regarding included files and variables. This feature will be removed in version 2.12.
Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
 [WARNING]: Found variable using reserved name: port


PLAY [webserver] ***********************************************************************************************

TASK [Gathering Facts] *****************************************************************************************
ok: [192.168.73.135]
ok: [192.168.73.132]
ok: [192.168.73.134]

TASK [nginx : install] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : config] ******************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.135]
changed: [192.168.73.134]

TASK [nginx : html] ********************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [nginx : service] *****************************************************************************************
skipping: [192.168.73.132]
changed: [192.168.73.134]
changed: [192.168.73.135]

TASK [httpd : install httpd] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : config] ******************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
skipping: [192.168.73.132]

TASK [httpd : config6] *****************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

TASK [httpd : index.html] **************************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
ok: [192.168.73.132]

TASK [httpd : service start] ***********************************************************************************
skipping: [192.168.73.134]
skipping: [192.168.73.135]
changed: [192.168.73.132]

RUNNING HANDLER [nginx : restart service] **********************************************************************
changed: [192.168.73.135]
changed: [192.168.73.134]

PLAY RECAP *****************************************************************************************************
192.168.73.132             : ok=5    changed=3    unreachable=0    failed=0
192.168.73.134             : ok=6    changed=5    unreachable=0    failed=0
192.168.73.135             : ok=6    changed=5    unreachable=0    failed=0

roles中tags的使用

在roles的调用中也可以使用tags标签来实现按需调用

tags在roles中的使用

延用上一步骤中的roles调用文件，对每一个roles打上标签，到需要部署nginx时，只需要运行标签为web1的roles，部署httpd时只需要运行tags为web2的roles就可以了。

[root@ansible data]# vim web.yaml
---
#intsall web
- hosts: webserver

  roles:
    - role: nginx
      when: ansible_distribution_major_version == "7"
      tags: web1
    - role: httpd
      when: ansible_distribution_major_version == "6"
      tags: web2