一、環境:
Ansible控制機:172.16.0.6 Ansible nginx:172.16.0.{2|4} Ansible Keepalived: 172.16.0.{2|4} Ansible httpd: 172.16.0.{128|129} Keepalived IP:192.168.220.5/32
除控制機全部採用Linux Cento7,外網統一192.168.220.0/27
一般生產機我們會把Yum倉庫指向自己搭建的,這裏我們使用ail以及163的Yum倉庫
{2|4}使用ail倉庫源
root@centos7 nginx]# cat /etc/yum.repos.d/ail.repo [centos7] name=centeros7 base baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/ gpgcheck=0 [epel] name=epel base baseurl=http://mirrors.aliyun.com/epel/7/x86_64 gpgcheck=0
{128|129}使用163倉庫源,地址:http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@Centos7 yum.repos.d]# cat /etc/yum.repos.d/CentOS7-Base-163.repo # CentOS-Base.repo ... [base] name=CentOS-$releasever - Base - 163.com #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 ...
二、Ansible控制機目錄結構:
[root@HA2 ansible]# tree . . ├── ansible.cfg #Ansible配置文件 ├── hosts #Ansible主機清單 ├── roles #Ansible 角色目錄 │ ├── httpd #httpd角色 │ │ ├── default #定義默認配置yml │ │ ├── files #copy模塊用到的目錄 │ │ │ ├── index.html │ │ │ └── index.php │ │ ├── handlers #nodify觸發用到的目錄 │ │ │ └── main.yml │ │ ├── meta │ │ ├── tasks #任務用到的目錄 │ │ │ ├── install_httpd.yml │ │ │ ├── main.yml │ │ │ └── remove_httpd.yml │ │ ├── templates #模塊用到的目錄 │ │ │ └── httpd.conf.j2 │ │ └── vars #表裏用到的目錄 │ │ └── main.yml │ ├── keepalived │ │ ├── default │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ ├── tasks │ │ │ ├── install_keepalived.yml │ │ │ ├── main.yml │ │ │ └── remove_keepalived.yml │ │ ├── templates │ │ │ ├── keepalived.conf.j2 │ │ │ └── keepalived.conf.j2.bak │ │ └── vars │ ├── memcached │ │ ├── default │ │ ├── files │ │ │ └── memcached.j2 │ │ ├── handlers │ │ ├── meta │ │ ├── tasks │ │ │ ├── install_memcached.yml │ │ │ ├── main.yml │ │ │ └── remove_memcached.yml │ │ ├── templates │ │ │ ├── main.yml │ │ │ └── memcached.j2 │ │ └── vars │ │ └── main.yml │ └── nginx │ ├── default │ ├── files │ │ └── index.html │ ├── handlers │ │ └── main.yml │ ├── meta │ ├── tasks │ │ ├── install_nginx.yml │ │ ├── main.yml │ │ └── remove_nginx.yml │ ├── templates │ │ └── nginx.conf.j2 │ └── vars │ └── main.yml ├── service.retry └── service.yml #定義主機以及遠程用戶
三、問件分析:
ansible.cfg:這裏使用的是默認
hosts:
[root@HA2 ansible]# cat hosts[nginx] #定義nginx主機清單列表,下面mb,prioroty爲變量 172.16.0.2 mb=MASTER prioroty=100 172.16.0.4 mb=BACKUP prioroty=98 [httpd] #定義httpd主機清單,hname爲變量 172.16.0.128 hname=httpd128 172.16.0.129 hname=httpd129 [dbserver] #定義dbserver主機清單,這裏我沒有去安裝 172.16.0.5 hname=dbserver
server.yml:
[root@HA2 ansible]# cat service.yml - hosts: all #定義hosts範圍 remote_user: root #定義遠程用戶 roles: #使用roles - nginx #nginx列表,就是roles目錄下的nginx目錄 - httpd #httpd列表,就是roles目錄下的httpd目錄 - keepalived #keepalived列表,就是roles目錄下的keepalived目錄
[root@HA2 ansible]# cat service.retry #執行後自動生成,無需理會 172.16.0.2 172.16.0.4
roles:
[root@HA2 ansible]# ls roles/ #每一個文件目錄名稱爲一個角色 httpd keepalived memcached nginx
nginx
每個角色結構如下,上面解釋過就不介紹,下面介紹配置文件
[root@HA2 ansible]# tree roles/nginx/ roles/nginx/ ├── default ├── files │ └── index.html ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_nginx.yml │ ├── main.yml │ └── remove_nginx.yml ├── templates │ └── nginx.conf.j2 └── vars └── main.yml7 directories, 7 files
files/index.html:存放copy所用到的文件
handlers/main.yml:
[root@HA2 ansible]# cat roles/nginx/handlers/main.yml - name: restart nginx #與nodify:定義的名字保持一致 service: name=nginx state=restarted #定義使用service Module採取的動作爲重啓,對應的程序爲nginx
tasks/install_nginx.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/install_nginx.yml - name: install nginx #定義一個輸出名稱爲install nginx yum: name=nginx state=present #使用yum Module 安裝nginx - name: install nginx index.html copy: src=index.html dest=/usr/share/nginx/html/index.html #使用copy Module 複製files/index.html文件到遠程服務器 notify: restart nginx #使用notify Module 定義一個引用 tags: modify nginx config copy #定義一個tags,使用ansible-playbook可以使用-t "XXXX"指定執行的區域命令 - name: install config template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf #使用template Module 引用template/nginx.conf.j2模塊 notify: restart nginx #定義notify tags: modify nginx config #定義tags - name: start nginx service: name=nginx state=started enabled=true #定義使用service Module採取的動作爲重啓,對應的程序爲nginx 並開機自動啓動
tasks/remove_nginx.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/remove_nginx.yml - name: remove nginx yum: name=nginx state=absent #使用yum Module採取的動作爲刪除,對應程序爲nginx
tasks/main.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/main.yml - include: tasks/install_nginx.yml #使用include包含我們之前定義的.yml文件 tags: install #定義tags when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' #定義只有等於{2|4}才執行 - include: tasks/remove_nginx.yml #使用include包含我們之前定義的.yml文件 tags: remove #定義tags when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' #定義只有等於{2|4}才執行
template/nginx.conf.j2:
[root@HA2 ansible]# cat roles/nginx/templates/nginx.conf.j2 ... user {{ runuser }}; #我們在vars/main.yml定義的變量 worker_processes {{ ansible_processor_vcpus-1 }}; #setup獲取的fastc變量 ... server { listen {{ nginx_prot }} default_server; #我們在vars/main.yml定義的變量 ...
7.vars/main.yml:
[root@HA2 ansible]# cat roles/nginx/vars/main.yml runuser: daemon #定義變量 nginx_prot: 80 #定義變量
httpd
每個角色結構如下,上面解釋過就不介紹,下面介紹配置文件
[root@HA2 ansible]# tree roles/httpd/ #httpd角色目錄結構 roles/httpd/ ├── default ├── files │ ├── index.html │ └── index.php ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_httpd.yml │ ├── main.yml │ └── remove_httpd.yml ├── templates │ └── httpd.conf.j2 └── vars └── main.yml7 directories, 8 files
[root@HA2 ansible]# cat roles/httpd/files/index.html <h1>Test file.</h1> [root@HA2 ansible]# cat roles/httpd/files/index.php <?php phpinfo(); ?>
[root@HA2 ansible]# cat roles/httpd/handlers/main.yml - name: restart httpd service: name=httpd state=restarted
[root@HA2 ansible]# cat roles/httpd/tasks/install_httpd.yml - name: install httpd yum: name=httpd state=present - name: install php yum: name=php state=present - name: install httpd index.html copy: src=index.html dest=/var/www/html/index.html notify: restart httpd tags: modify httpd config copy - name: install httpd index.php copy: src=index.php dest=/var/www/html/index.php notify: restart httpd tags: modify httpd config copy - name: install config template: src=httpd.conf.j2 dest=/etc/nginx/httpd.conf notify: restart httpd tags: modify httpd config - name: start httpd service: name=httpd state=started enabled=true
[root@HA2 ansible]# cat roles/httpd/tasks/remove_httpd.yml - name: remove httpd yum: name=httpd state=absent - name: remove php yum: name=php state=absent
[root@HA2 ansible]# cat roles/httpd/tasks/main.yml - include: tasks/install_httpd.yml when: ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129' tags: install - include: tasks/remove_httpd.yml tags: remove when: ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129'
[root@HA2 ansible]# cat roles/httpd/templates/httpd.conf.j2 #默認配置,裏面可以定義變量就懶得貼了
[root@HA2 ansible]# cat roles/httpd/vars/main.yml index: - index.php - index.html
[root@HA2 ansible]# tree roles/keepalived/ #keepalived角色目錄結構 roles/keepalived/ ├── default ├── files ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_keepalived.yml │ ├── main.yml │ └── remove_keepalived.yml ├── templates │ ├── keepalived.conf.j2 │ └── keepalived.conf.j2.bak └── vars7 directories, 6 files
[root@HA2 ansible]# cat roles/keepalived/handlers/main.yml - name: restart keepalived service: name=keepalived state=restarted
[root@HA2 ansible]# cat roles/keepalived/tasks/install_keepalived.yml - name: install keepalived yum: name=keepalived state=present - name: install keepalived config template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf notify: restart keepalived tags: modify keepalived config - name: start keepalived service: name=keepalived state=started enabled=true
[root@HA2 ansible]# cat roles/keepalived/tasks/remove_keepalived.yml - name: remove keepalived yum: name=keepalived state=absent
[root@HA2 ansible]# cat roles/keepalived/tasks/main.yml - include: tasks/install_keepalived.yml tags: install when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' - include: tasks/remove_keepalived.yml tags: remove when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
[root@HA2 ansible]# cat roles/keepalived/templates/keepalived.conf.j2 ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_mcast_group4 224.0.100.18 } vrrp_instance VI_1 { state {{ mb }} interface eth0 virtual_router_id 51 priority {{ prioroty }} advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.220.5/24 } }
四、執行ansible-playbook
[root@HA2 ansible]# pwd #查看所在目錄 /etc/ansible [root@HA2 ansible]# ls #查看有沒有service.tml文件 ansible.cfg hosts roles service.retry service.yml
[root@HA2 ansible]# ansible-playbook -t "install" --check service.yml #執行前測試使用--check ,-t指定我要所需要的tags這裏選擇"install"在每個tasks/main.yml都有定義另外一個是"remove" statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [172.16.0.2] ok: [172.16.0.128] ok: [172.16.0.4] ok: [172.16.0.129] ok: [172.16.0.5] TASK [nginx : install nginx] *************************************************** #定義的- name: install nginx的名稱就是這裏用的 skipping: [172.16.0.128] #skipping,因爲我們使用了when判斷 skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] #符合我們的判斷才執行 changed: [172.16.0.2] TASK [nginx : install nginx index.html] **************************************** skipping: [172.16.0.5] skipping: [172.16.0.128] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : install config] ************************************************** skipping: [172.16.0.129] skipping: [172.16.0.5] skipping: [172.16.0.128] changed: [172.16.0.2] changed: [172.16.0.4] TASK [nginx : start nginx] ***************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [httpd : install httpd] *************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.128] changed: [172.16.0.129] TASK [httpd : install php] ***************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install httpd index.html] *************************************** skipping: [172.16.0.2] skipping: [172.16.0.5] skipping: [172.16.0.4] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : install httpd index.php] **************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : install config] ************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : start httpd] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [keepalived : install keepalived] ***************************************** skipping: [172.16.0.129] skipping: [172.16.0.5] skipping: [172.16.0.128] changed: [172.16.0.2] changed: [172.16.0.4] TASK [keepalived : install keepalived config] ********************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [keepalived : start keepalived] ******************************************* skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] RUNNING HANDLER [nginx : restart nginx] **************************************** fatal: [172.16.0.2]: FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "} #請注意查看提示報錯,systemd could not find the requested service \"'nginx'\,因爲我們這裏是測試而且是由定義配置觸發的handlers fatal: [172.16.0.4]: FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "} #請注意查看提示報錯,systemd could not find the requested service \"'nginx'\,因爲我們這裏是測試而且是由定義配置觸發的handlers RUNNING HANDLER [keepalived : restart keepalived] ****************************** NO MORE HOSTS LEFT ************************************************************* to retry, use: --limit @/etc/ansible/service.retry PLAY RECAP ********************************************************************* #顯示測試的返回統計,沒什麼問題 172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.2 : ok=8 changed=7 unreachable=0 failed=1 172.16.0.4 : ok=8 changed=7 unreachable=0 failed=1 172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0
[root@HA2 ansible]# ansible-playbook -t "install" service.yml #執行去掉--check ,-t指定我要所需要的tags這裏選擇"install"在每個tasks/main.yml都有定義另外一個是"remove" statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [172.16.0.2] ok: [172.16.0.129] ok: [172.16.0.4] ok: [172.16.0.128] ok: [172.16.0.5] TASK [nginx : install nginx] *************************************************** skipping: [172.16.0.5] skipping: [172.16.0.129] skipping: [172.16.0.128] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : install nginx index.html] **************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [nginx : install config] ************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : start nginx] ***************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [httpd : install httpd] *************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install php] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install httpd index.html] *************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] ok: [172.16.0.129] ok: [172.16.0.128] TASK [httpd : install httpd index.php] **************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.129] ok: [172.16.0.128] TASK [httpd : install config] ************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : start httpd] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.128] changed: [172.16.0.129] TASK [keepalived : install keepalived] ***************************************** skipping: [172.16.0.5] skipping: [172.16.0.128] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [keepalived : install keepalived config] ********************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [keepalived : start keepalived] ******************************************* skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] RUNNING HANDLER [nginx : restart nginx] **************************************** changed: [172.16.0.2] changed: [172.16.0.4] RUNNING HANDLER [keepalived : restart keepalived] ****************************** changed: [172.16.0.4] changed: [172.16.0.2] PLAY RECAP ********************************************************************* 172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.2 : ok=10 changed=9 unreachable=0 failed=0 172.16.0.4 : ok=10 changed=9 unreachable=0 failed=0 172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0
五、驗證服務
[root@HA2 ansible]# ansible all -m shell -a "ss -tnlp| grep 'nginx\|httpd\|keepalived'" 172.16.0.129 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=15560,fd=4),("httpd",pid=15559,fd=4),("httpd",pid=15558,fd=4),("httpd",pid=15557,fd=4),("httpd",pid=15556,fd=4),("httpd",pid=15554,fd=4)) 172.16.0.5 | FAILED | rc=1 >> 172.16.0.2 | SUCCESS | rc=0 >> LISTEN 0 128 *:80 *:* users:(("nginx",pid=44210,fd=6),("nginx",pid=44209,fd=6)) 172.16.0.4 | SUCCESS | rc=0 >> LISTEN 0 128 *:80 *:* users:(("nginx",pid=44424,fd=6),("nginx",pid=44423,fd=6)) 172.16.0.128 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=16300,fd=4),("httpd",pid=16299,fd=4),("httpd",pid=16298,fd=4),("httpd",pid=16297,fd=4),("httpd",pid=16296,fd=4),("httpd",pid=16294,fd=4)) [root@HA2 ansible]# curl 192.168.220.5 <h1>Test file.</h1> [root@HA2 ansible]# curl 192.168.220.5/index.php | grep Centos7 % Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Centos7 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td> </tr> 100 53535 0 53535 0 0 1376k 0 --:--:-- --:--:-- --:--:-- 1493k
ps:其它的可以自行研究~