Introduction in one sentence: Roles are the best way to organize Ansible projects, making your Playbooks modular, reusable, and maintainable.
1. Why Do We Need Roles?
In previous articles, our Playbook tasks were all concentrated in one file. As the project grows, several issues arise:
·Too long files: Hundreds of lines of Playbook are hard to read
·Duplicate code: There are many identical tasks across different projects
·Collaboration difficulties: Merging changes easily leads to conflicts
Roles provide a structured directory layout, categorizing variables, tasks, templates, files, etc., making the project clearer and more reusable.
2. Role Directory Structure
A standard Role directory:
roles/ └── webserver/ ├── tasks/ # Core tasks (main.yml must exist) ├── handlers/ # Trigger actions (e.g., restart services) ├── templates/ # Template files (.j2) ├── files/ # Static files ├── vars/ # Variable files (lower priority) ├── defaults/ # Default variables (even lower priority) ├── meta/ # Metadata (dependencies)
Among them, tasks/main.yml is required, while other directories are used as needed.
3. Creating a Role
Ansible provides the ansible-galaxy command to quickly create a Role:
ansible-galaxy init roles/webserver
After execution, a complete directory structure will be generated.
4. Role Writing Example
Assuming we want to deploy an Nginx Web server.
1. tasks/main.yml
—–name: Install Nginxapt: name: nginx state: presentwhen: ansible_os_family == “Debian”–name: Distribute Nginx configurationtemplate: src: nginx.conf.j2 dest: /etc/nginx/nginx.confnotify: – restart nginx–name: Start Nginxservice: name: nginx state: started enabled:yes
2. handlers/main.yml
—–name: restart nginx service: name: nginx state: restarted
3. templates/nginx.conf.j2
server { listen {{ http_port }}; server_name {{ server_name }}; location / { root /var/www/html; index index.html; }}
4. defaults/main.yml
http_port:80server_name: localhost
5. Calling Roles in Playbook
site.yml
—–hosts: webservers become:yes roles: –role: webserver
Execution:
ansible-playbook site.yml
6. Dependencies Between Roles
If one Role depends on another Role, it can be defined in meta/main.yml:
—dependencies: –role: common –role: firewall
When executing webserver, it will automatically execute common and firewall.
7. Using ansible-galaxy to Download Community Roles
Ansible has a large number of community-contributed Roles, stored on the Ansible Galaxy platform.
1. Search for Roles
ansible-galaxy search nginx
2. Install Roles
ansible-galaxy install geerlingguy.nginx
After installation, it is placed by default in ~/.ansible/roles/ directory.
8. Best Practices for Roles
1.A Role focuses on one function (Single Responsibility)
2.Variables are placed in defaults, making it easy to override
3.Manage templates and static files separately
4.Reuse common Roles as much as possible (reduce duplicate work)
5.Use Git to manage Roles, facilitating version rollback
9. Comprehensive Case: Multi-Role Collaborative Deployment of LNMP
Directory structure:
roles/ ├── nginx/ ├── mysql/ └── php/site.yml
site.yml
—–hosts: webserversbecome:yesroles: – nginx – php–hosts: dbserversbecome:yesroles: – mysql
This allows for the simultaneous deployment of web services and databases, with different Roles being independently maintained.
10. Summary and Next Article Preview
In this article, we learned about:
·The structure and function of Roles
·How to write and call Roles
·Role dependencies and how to use community Roles
·Best practices for Role projects
The next article “Ansible Practical Cases and Best Practices” will demonstrate a complete multi-environment deployment project based on the knowledge from previous articles, sharing some performance optimization and security hardening experiences.
💡 Suggestion: Don’t be afraid to write a few small Roles at the beginning; as the project develops, you will find that these modular blocks can save you a lot of repetitive work.