Предыдущий урок: Ansible практика – урок №5: Роли создание и применение.
В прошлый раз мы оптимизировали наш плейбук с помощью ролей. Сегодня мы продолжим работу по его улучшению. В этом уроке мы рассмотрим использование block.
Зачем нужен block?
Блоки позволяют объединять несколько задач под общими условиями, тегами и прочими параметрами. Это уменьшает общий объем кода плейбука и улучшает его читаемость.
Оптимизация плейбука с помощью block
Пока наш плейбук довольно маленький, большой разницы от использования block мы не заметим. Но это не повод не внедрять блоки сейчас, когда это можно сделать без долгого редактирования.
Шаг 1: Объединяем таски в блоки
Пройдем по ролям, выделим общий признак среди задач и объединим такие задачи в блоки. В нашем случае таким признаком могут служить теги.
Перепишем следующим образом файл roles/php/tasks/main.yml:
---
- name: "Role: PHP | Block: Installation"
tags:
- installation
- php
block:
- name: "Install PHP on CentOS"
ansible.builtin.dnf:
name:
- php
- php-cli
- php-fpm
- php-common
- php-mbstring
- php-curl
- php-mysqlnd
- php-json
- php-xml
- php-phar
- php-pdo
- php-gd
state: latest
when: ansible_distribution == "CentOS"
- name: "Install PHP on Ubuntu"
ansible.builtin.apt:
name:
- php
- php-cli
- php-fpm
- php-common
- php-mbstring
- php-curl
- php-mysqlnd
- php-json
- php-xml
- php-phar
- php-pdo
- php-gd
state: latest
when: ansible_distribution == "Ubuntu"
Отредактируем roles/nginx/tasks/main.yml:
---
- name: "Role: NGINX | Block: Installation"
tags:
- installation
- nginx
block:
- name: "Install NGINX on CentOS"
ansible.builtin.dnf:
name: nginx
state: latest
when: ansible_distribution == "CentOS"
- name: "Install NGINX on Ubuntu"
ansible.builtin.apt:
name: nginx
state: latest
when: ansible_distribution == "Ubuntu"
- name: "Ensure NGINX is started and enabled"
ansible.builtin.service:
name: nginx
state: started
enabled: true
tags:
- start
- nginx
Поменяем содержимое файла roles/mariadb/tasks/main.yml:
---
- name: "Role: MariaDB | Block: Installation"
tags:
- installation
- mariadb
block:
- name: "Install MariaDB on CentOS"
ansible.builtin.dnf:
name: mariadb-server
state: latest
when: ansible_distribution == "CentOS"
- name: "Install MariaDB on Ubuntu"
ansible.builtin.apt:
name: mariadb-server
state: latest
when: ansible_distribution == "Ubuntu"
- name: "Ensure MariaDB is started and enabled"
ansible.builtin.service:
name: mariadb
state: started
enabled: true
tags:
- start
- mariadb
Ну и наконец, перепишем роль roles/firewalld/tasks/main.yml:
---
- name: "Role: Firewalld | Block: Installation"
tags:
- installation
- firewalld
block:
- name: "Install firewalld on CentOS"
ansible.builtin.dnf:
name: firewalld
state: latest
when: ansible_distribution == "CentOS"
- name: "Install firewalld on Ubuntu"
ansible.builtin.apt:
name: firewalld
state: latest
when: ansible_distribution == "Ubuntu"
- name: "Ensure Firewalld is started and enabled"
ansible.builtin.service:
name: firewalld
state: started
enabled: yes
tags:
- start
- firewalld
- name: "Role: Firewalld | Block: allow services"
tags:
- firewalld
block:
- name: "Open SSH service permanently in public zone"
ansible.posix.firewalld:
zone: public
service: ssh
permanent: true
state: enabled
- name: "Open HTTP service permanently in public zone"
ansible.posix.firewalld:
zone: public
service: http
permanent: true
state: enabled
- name: "Open HTTPS service permanently in public zone"
ansible.posix.firewalld:
zone: public
service: https
permanent: true
state: enabled
- name: "Reload Firewalld to apply changes"
ansible.builtin.service:
name: firewalld
state: restarted
Все роли отредактированы, таски объединены в блоки.
Шаг 2: Проверяем плейбук
Мы закончили с модификацией плейбука, давайте запустим Ansible:
[root@Control-Node ansible]# ansible-playbook install_lemp.yml
PLAY [all] ******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ******************************************************************************************************************************************************************************
ok: [Managed-Node-2]
ok: [Managed-Node-1]
ok: [Managed-Node-3]
TASK [php : Install PHP on CentOS] ******************************************************************************************************************************************************************
skipping: [Managed-Node-3]
ok: [Managed-Node-1]
ok: [Managed-Node-2]
TASK [php : Install PHP on Ubuntu] ******************************************************************************************************************************************************************
skipping: [Managed-Node-1]
skipping: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [nginx : Install NGINX on CentOS] **************************************************************************************************************************************************************
skipping: [Managed-Node-3]
ok: [Managed-Node-1]
ok: [Managed-Node-2]
TASK [nginx : Install NGINX on Ubuntu] **************************************************************************************************************************************************************
skipping: [Managed-Node-1]
skipping: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [nginx : Ensure NGINX is started and enabled] **************************************************************************************************************************************************
ok: [Managed-Node-1]
ok: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [mariadb : Install MariaDB on CentOS] **********************************************************************************************************************************************************
skipping: [Managed-Node-3]
ok: [Managed-Node-1]
ok: [Managed-Node-2]
TASK [mariadb : Install MariaDB on Ubuntu] **********************************************************************************************************************************************************
skipping: [Managed-Node-1]
skipping: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [mariadb : Ensure MariaDB is started and enabled] **********************************************************************************************************************************************
ok: [Managed-Node-1]
ok: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [firewalld : Install firewalld on CentOS] ******************************************************************************************************************************************************
skipping: [Managed-Node-3]
ok: [Managed-Node-1]
ok: [Managed-Node-2]
TASK [firewalld : Install firewalld on Ubuntu] ******************************************************************************************************************************************************
skipping: [Managed-Node-1]
skipping: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [firewalld : Ensure Firewalld is started and enabled] ******************************************************************************************************************************************
ok: [Managed-Node-1]
ok: [Managed-Node-2]
ok: [Managed-Node-3]
TASK [firewalld : Open SSH service permanently in public zone] **************************************************************************************************************************************
ok: [Managed-Node-3]
ok: [Managed-Node-2]
ok: [Managed-Node-1]
TASK [firewalld : Open HTTP service permanently in public zone] *************************************************************************************************************************************
ok: [Managed-Node-1]
ok: [Managed-Node-3]
ok: [Managed-Node-2]
TASK [firewalld : Open HTTPS service permanently in public zone] ************************************************************************************************************************************
ok: [Managed-Node-1]
ok: [Managed-Node-3]
ok: [Managed-Node-2]
TASK [firewalld : Reload Firewalld to apply changes] ************************************************************************************************************************************************
changed: [Managed-Node-3]
changed: [Managed-Node-1]
changed: [Managed-Node-2]
PLAY RECAP ******************************************************************************************************************************************************************************************
Managed-Node-1 : ok=12 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
Managed-Node-2 : ok=12 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
Managed-Node-3 : ok=12 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
[root@Control-Node ansible]#
Раскатка плейбука прошла успешно. Наличие block никак не изменило ход работы Ansible, но помогло лучше структурировать плейбук.
Итоги:
Мы продолжаем улучшать читаемость нашего плейбука. Чем он больше, тем актуальнее этот вопрос. Мы используем Ansible для автоматизации процессов и экономию времени, но это не значит, что сэкономленное время мы хотим тратить на работу с запутанными плейбуками. Оптимизируйте их, если видите для этого возможности.
Следующий урок: Ansible практика – урок №7: Копирование файлов на удаленный сервер.