簡介
ansible是新出現的自動化運維工具,基於Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。ansible是基於模塊工作的,本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。
ansible特點:
模塊化,調用特定的模塊,完成特定的任務;
基於Python語言實現,由Paramiko、PyYAML和Jinja2三個關鍵模塊;
部署簡單,agentless;
主從模式
支持自定義模塊
支持Playbook: 使用yaml語言定製劇本playbook
冪等性: 就是多次相同的操作,結果都不變
實戰
目標:ansible實現lnamp自動化安裝,自動化部署wordpress
邏輯機構圖:
物理結構圖:
一.ansible環境的配置
ansible的安裝與ssh信任配置
#yum install ansible ##ssh-keygen -t rsa -P '' #ssh-copy-id -i .ssh/id_rsa.pub [email protected] #ssh-copy-id -i .ssh/id_rsa.pub [email protected]
2.定義ansible主機
[root@localhost ~]# vim /etc/ansible/hosts [web] 192.168.180.140 192.168.180.141 [nginx] 192.168.180.140 state=MASTER priority=100 192.168.180.141 state=BACKUP priority=90 [mysql] 192.168.180.140
二.配置ansible roles及playbook
1.創建各個角色的目錄
#cd /etc/ansible/roles #mkdir -pv{mysql,apache,nginx,keepalived}/{files,tasks,templates,var,handlers,meta,defult}
2.mysql角色的配置
(1)#vim mysql/tasks/main.yml
- name: install mysql yum: name=mysql-server state=present - name: copy config file copy: src=my.cnf dest=/etc/my.cnf - name: copy sql file copy: src=mysql.sql dest=/tmp/mysql.sql - name: start service service: name=mysqld state=started - name: set password shell: "mysqladmin -u root password 123456" - name: config mysql shell: "mysql -uroot -hlocalhost -p123456 </tmp/mysql.sql"
(2)創建sql腳本
#vim mysql/files/mysql.sql
create database wpdb; grant all on wpdb.* TO wpuser@'%.%.%.%' IDENTIFIED BY '123456'; grant all on wpdb.* TO wpuser@'localhost' IDENTIFIED BY '123456'; FLUSH PRIVILEGES;
(3)拷貝mysql的配置文件到mysql角色的files目錄
#vim mysql/files/my.cnf
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid skip_name_resolve = ON //關閉域名解析 innodb_file_per_table = ON // 開啓每表空間一個文件
(4)編寫安裝mysql的playbook
[root@localhost /]# cat mysql.yml - hosts: mysql remote_user: root roles: - mysql
3.apache角色的配置
(1)編寫tasks任務
[root@localhost roles]# vim apache/tasks/main.yml
- name: install apache packages yum: name={{ item }} with_items: - httpd - php - php-mysql - name: config the httpd copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf notify: reload the service - name: install wordpress unarchive: src=/etc/ansible/roles/apache/files/wordpress.tar.gz dest=/var/www/html/ tags: uzip - name: restart the httpd service: name=httpd state=started
(2)編寫apache重啓服務的觸發器
[root@localhost handlers]# vim main.yml - name: reload the service service: name=httpd state=restarted
(3)拷貝httpd.conf配置文件到apache角色底下的files目錄
注意:這裏httpd.conf修改了監聽端口爲8080,其他配置默認
#cp /etc/httpd/conf/httpd.conf /ect/ansible/role/apache/files/httpd.conf
(4) 修改wordpress配置後進行打包,將打包後的wordpress文件到apache角色底下的files目錄
[root@localhost wordpress]# vim wp-config.php
define('DB_NAME', 'wp'); /** MySQL數據庫用戶名 */ define('DB_USER', 'wpuser'); /** MySQL數據庫密碼 */ define('DB_PASSWORD', '123456'); /** MySQL主機 */ define('DB_HOST', '192.168.180.140'); /** 創建數據表時默認的文字編碼 */ define('DB_CHARSET', 'utf8'); /** 數據庫整理類型。如不確定請勿更改 */ define('DB_COLLATE', '');
[root@localhost files]# tar -zcf wordpress.tar.gz2 wordpress [root@localhost files]# ls httpd.conf wordpress wordpress.tar.gz
(5)編寫安裝apache的playbook
[root@localhost /]# cat apache.yml - hosts: web remote_user: root roles: - apache
4.nginx角色的配置
(1)編寫tasks任務
[root@localhost nginx]# vim tasks/main.yml - name: install nginx package yum: name=nginx state=present - name: install conf file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx tags: instconf - name: mv default shell: "mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak" tags: mv - name: start service service: name=nginx state=started enabled=true
(2)編寫觸發器
[root@localhost nginx]# vim handlers/main.yml - name: restart nginx service: name=nginx state=restarted
(3)修改nginx配置文件,並存放到nginx角色底下的templates目錄下
[root@localhost templates]# cat nginx.conf.j2 # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user {{ username }}; //配置變量 worker_processes `ansible_processor_vcpus`; //配置變量 error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; gzip on; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; upstream web { least_conn; server 192.168.180.140:8080 weight=2 max_fails=2 fail_timeout=6s; server 192.168.180.141:8080 weight=4 max_fails=2 fail_timeout=6s; } server { listen 80; root html; index index.html index.htm index.php; location / { proxy_pass http://web; } } }
(4)編寫安裝nginx的playbook
[root@localhost /]# cat nginx.yml - hosts: all remote_user: root roles: - { role: nginx,username: adm }
5.keepalvied角色的配置
(1)編寫task任務
[root@localhost keepalived]# vim tasks/main.yml - name: install keepalived yum: name=keepalived state=present - name: config file template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf notify: reload keepalived - name: start service service: name=keepalived state=started ~
(2)編寫觸發器
[root@localhost keepalived]# vim handlers/main.yml - name: reload keepalived service: name=keepalived state=restarted ~
(3)修改keepalived配置文件並放到keepalived角色底下的templates目錄下
[root@localhost templates]# cat keepalived.conf.j2 ! Configuration File for keepalived global_defs { notification_email { [email protected] [email protected] [email protected] } notification_email_from [email protected] smtp_server 192.168.200.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { state {{ state }} #使用變量 interface eth0 virtual_router_id 51 priority {{ priority }} #使用變量 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.180.150 } } [root@localhost templates]# ls keepalived.conf.j2
(4)編寫安裝keepalived的playbook
[root@localhost /]# cat keepalived.yml - hosts: nginx remote_user: root roles: - keepalived
6.運行各個playbook
[root@localhost /]# ansible-playbook mysql.yml [root@localhost /]# ansible-playbook apache.yml [root@localhost /]# ansible-playbook nginx.yml [root@localhost /]# ansible-playbook keepalived.yml
三.驗證與測試:
1.在其中一臺集羣主機上查看各個端口,如圖所示,我們安裝的各個服務端口已經開啓
[root@www1 conf]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::11211 :::* LISTEN 0 128 *:11211 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 :::8080 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::10050 :::* LISTEN 0 128 *:10050 *:* LISTEN 0 50 *:3306 *:* [root@www1 conf]#
2.查看keepalived的maste角色是否生產vip地址
[root@www1 conf]# ip address list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d0:2e:20 brd ff:ff:ff:ff:ff:ff inet 192.168.180.140/24 brd 192.168.180.255 scope global eth0 inet 192.168.180.150/32 scope global eth0 //我們配置的地址 inet6 fe80::20c:29ff:fed0:2e20/64 scope link valid_lft forever preferred_lft forever
3.通過瀏覽器訪問vip地址訪問wordpress,如圖所示,訪問成功