簡介
ansible是新出現的自動化運維工具,基於Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。ansible是基於模塊工作的,本身沒有批量部署的能力。真正具有批量部署的是ansible所運行的模塊,ansible只是提供一種框架。
ansible特點:
模塊化,調用特定的模塊,完成特定的任務;
基於Python語言實現,由Paramiko、PyYAML和Jinja2三個關鍵模塊;
部署簡單,agentless;
主從模式
支持自定義模塊
支持Playbook: 使用yaml語言定製劇本playbook
冪等性: 就是多次相同的操作,結果都不變
實戰
目標:ansible實現lnamp自動化安裝,自動化部署wordpress
邏輯機構圖:
物理結構圖:
一.ansible環境的配置
ansible的安裝與ssh信任配置
#yum install ansible ##ssh-keygen -t rsa -P '' #ssh-copy-id -i .ssh/id_rsa.pub [email protected] #ssh-copy-id -i .ssh/id_rsa.pub [email protected]
2.定義ansible主機
[root@localhost ~]# vim /etc/ansible/hosts [web] 192.168.180.140 192.168.180.141 [nginx] 192.168.180.140 state=MASTER priority=100 192.168.180.141 state=BACKUP priority=90 [mysql] 192.168.180.140
二.配置ansible roles及playbook
1.創建各個角色的目錄
#cd /etc/ansible/roles
#mkdir -pv{mysql,apache,nginx,keepalived}/{files,tasks,templates,var,handlers,meta,defult}2.mysql角色的配置
(1)#vim mysql/tasks/main.yml
- name: install mysql yum: name=mysql-server state=present - name: copy config file copy: src=my.cnf dest=/etc/my.cnf - name: copy sql file copy: src=mysql.sql dest=/tmp/mysql.sql - name: start service service: name=mysqld state=started - name: set password shell: "mysqladmin -u root password 123456" - name: config mysql shell: "mysql -uroot -hlocalhost -p123456 </tmp/mysql.sql"
(2)創建sql腳本
#vim mysql/files/mysql.sql
create database wpdb; grant all on wpdb.* TO wpuser@'%.%.%.%' IDENTIFIED BY '123456'; grant all on wpdb.* TO wpuser@'localhost' IDENTIFIED BY '123456'; FLUSH PRIVILEGES;
(3)拷貝mysql的配置文件到mysql角色的files目錄
#vim mysql/files/my.cnf
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid skip_name_resolve = ON //關閉域名解析 innodb_file_per_table = ON // 開啓每表空間一個文件
(4)編寫安裝mysql的playbook
[root@localhost /]# cat mysql.yml - hosts: mysql remote_user: root roles: - mysql
3.apache角色的配置
(1)編寫tasks任務
[root@localhost roles]# vim apache/tasks/main.yml
- name: install apache packages
yum: name={{ item }}
with_items:
- httpd
- php
- php-mysql
- name: config the httpd
copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
notify: reload the service
- name: install wordpress
unarchive: src=/etc/ansible/roles/apache/files/wordpress.tar.gz dest=/var/www/html/
tags: uzip
- name: restart the httpd
service: name=httpd state=started(2)編寫apache重啓服務的觸發器
[root@localhost handlers]# vim main.yml - name: reload the service service: name=httpd state=restarted
(3)拷貝httpd.conf配置文件到apache角色底下的files目錄
注意:這裏httpd.conf修改了監聽端口爲8080,其他配置默認
#cp /etc/httpd/conf/httpd.conf /ect/ansible/role/apache/files/httpd.conf
(4) 修改wordpress配置後進行打包,將打包後的wordpress文件到apache角色底下的files目錄
[root@localhost wordpress]# vim wp-config.php
define('DB_NAME', 'wp');
/** MySQL數據庫用戶名 */
define('DB_USER', 'wpuser');
/** MySQL數據庫密碼 */
define('DB_PASSWORD', '123456');
/** MySQL主機 */
define('DB_HOST', '192.168.180.140');
/** 創建數據表時默認的文字編碼 */
define('DB_CHARSET', 'utf8');
/** 數據庫整理類型。如不確定請勿更改 */
define('DB_COLLATE', '');[root@localhost files]# tar -zcf wordpress.tar.gz2 wordpress [root@localhost files]# ls httpd.conf wordpress wordpress.tar.gz
(5)編寫安裝apache的playbook
[root@localhost /]# cat apache.yml - hosts: web remote_user: root roles: - apache
4.nginx角色的配置
(1)編寫tasks任務
[root@localhost nginx]# vim tasks/main.yml - name: install nginx package yum: name=nginx state=present - name: install conf file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf notify: restart nginx tags: instconf - name: mv default shell: "mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak" tags: mv - name: start service service: name=nginx state=started enabled=true
(2)編寫觸發器
[root@localhost nginx]# vim handlers/main.yml - name: restart nginx service: name=nginx state=restarted
(3)修改nginx配置文件,並存放到nginx角色底下的templates目錄下
[root@localhost templates]# cat nginx.conf.j2
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user {{ username }}; //配置變量
worker_processes `ansible_processor_vcpus`; //配置變量
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
gzip on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream web {
least_conn;
server 192.168.180.140:8080 weight=2 max_fails=2 fail_timeout=6s;
server 192.168.180.141:8080 weight=4 max_fails=2 fail_timeout=6s;
}
server {
listen 80;
root html;
index index.html index.htm index.php;
location / {
proxy_pass http://web;
}
}
}(4)編寫安裝nginx的playbook
[root@localhost /]# cat nginx.yml
- hosts: all
remote_user: root
roles:
- { role: nginx,username: adm }5.keepalvied角色的配置
(1)編寫task任務
[root@localhost keepalived]# vim tasks/main.yml - name: install keepalived yum: name=keepalived state=present - name: config file template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf notify: reload keepalived - name: start service service: name=keepalived state=started ~
(2)編寫觸發器
[root@localhost keepalived]# vim handlers/main.yml - name: reload keepalived service: name=keepalived state=restarted ~
(3)修改keepalived配置文件並放到keepalived角色底下的templates目錄下
[root@localhost templates]# cat keepalived.conf.j2
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {{ state }} #使用變量
interface eth0
virtual_router_id 51
priority {{ priority }} #使用變量
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.180.150
}
}
[root@localhost templates]# ls
keepalived.conf.j2(4)編寫安裝keepalived的playbook
[root@localhost /]# cat keepalived.yml - hosts: nginx remote_user: root roles: - keepalived
6.運行各個playbook
[root@localhost /]# ansible-playbook mysql.yml [root@localhost /]# ansible-playbook apache.yml [root@localhost /]# ansible-playbook nginx.yml [root@localhost /]# ansible-playbook keepalived.yml
三.驗證與測試:
1.在其中一臺集羣主機上查看各個端口,如圖所示,我們安裝的各個服務端口已經開啓
[root@www1 conf]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 :::11211 :::* LISTEN 0 128 *:11211 *:* LISTEN 0 128 *:80 *:* LISTEN 0 128 :::8080 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 *:22 *:* LISTEN 0 100 ::1:25 :::* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 :::10050 :::* LISTEN 0 128 *:10050 *:* LISTEN 0 50 *:3306 *:* [root@www1 conf]#
2.查看keepalived的maste角色是否生產vip地址
[root@www1 conf]# ip address list 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:d0:2e:20 brd ff:ff:ff:ff:ff:ff inet 192.168.180.140/24 brd 192.168.180.255 scope global eth0 inet 192.168.180.150/32 scope global eth0 //我們配置的地址 inet6 fe80::20c:29ff:fed0:2e20/64 scope link valid_lft forever preferred_lft forever
3.通過瀏覽器訪問vip地址訪問wordpress,如圖所示,訪問成功
