我们先前用playbook构造过lnmp架构,实现了一键部署四个项目的效果,但是我们是将所有的命令都写入了一个playbook中,我们所需的文件也只是简单的放入了playbook的同级目录,这样很混乱,而roles可以很好解决这一点,使用roles,我们可以很轻松的整理我们的配置文件,更有利于我们写好后排错,或者更改配置,我们再将变量,判断语句,循环语句加上,打造我们用Ansible部署lnmp架构的最终版本!
准备工作
| 主机名称 | 主机IP(外网、内网) | 作用 |
| LB01 | 10.0.0.5、172.16.1.5 | 七层负载均衡、keepalived高可用,https证书 |
| LB02 | 10.0.0.6、172.16.1.6 | 七层负载均衡、keepalived高可用,https证书 |
| Web01 | 10.0.0.7、172.16.1.7 | Nginx、php服务、存放代码文件 |
| Web02 | 10.0.0.8、172.16.1.8 | Nginx、php服务、存放代码文件 |
| NFS | 10.0.0.31、172.16.1.31 | 存放静态资源 |
| Backup | 10.0.0.41、172.16.1.41 | 存放静态数据的备份、实时同步NFS的代码内容 |
| MySQL | 10.0.0.51、172.16.1.51 | 存放动态数据 |
| Ansible | 10.0.0.61、172.16.1.61 | 使用Ansible作为控制机 |
重构思路
用roles和不用roles的逻辑其实是一样的,要根据服务器的功能,先收集服务器所需要的文件,再进行安装,传输文件,启动服务或重启服务等操作。只是我们这次不必担心命名问题,因为不同的服务或不同功能的服务器所需要的配置文件会被放到不同的目录,不会冲突。
roles这个角色,可以根据同类服务器的功能定义,也可以通过服务去定义,因为我们是一键部署所有服务和项目,也不存在指定部署服务的需求,如果通过服务来定义,也容易出现需要很多when判断的情况,如果用同类功能的服务器定义角色,可能会出现同一条命令需要反复编写的情况,自行选择,我采取根据同类功能服务器去定义我们的roles角色。
管理机操作
1、添加目标客户机至主机列表
1. [root@Ansible roles]# cat hosts 2. [lb_group] 3. lb01 ansible_ssh_host=172.16.1.5 4. lb02 ansible_ssh_host=172.16.1.6 5. 6. [web_group] 7. web01 ansible_ssh_host=172.16.1.7 8. web02 ansible_ssh_host=172.16.1.8 9. 10. [nfs] 11. 172.16.1.31 12. 13. [backup] 14. 172.16.1.41 15. 16. [mysql] 17. 172.16.1.51
2、将角色与主机对应
1. [root@Ansible roles]# cat site.yml 2. - hosts: all 3. roles: 4. - role: basic 5. - role: lb_group 6. when: ansible_hostname is match "LB*" 7. - role: nfs 8. when: ansible_hostname is match "NFS" 9. - role: web_group 10. when: ansible_hostname is match "Web*" 11. - role: backup 12. when: ansible_hostname is match "Backup" 13. - role: mysql 14. when: ansible_hostname is match "MySQL"
3、创建各个角色的目录
1. [root@Ansible roles]# ansible-galaxy init basic 2. - Role basic was created successfully 3. [root@Ansible roles]# ansible-galaxy init lb_group 4. - Role lb_group was created successfully 5. [root@Ansible roles]# ansible-galaxy init web_group 6. - Role web_group was created successfully 7. [root@Ansible roles]# ansible-galaxy init nfs 8. - Role backup was created successfully 9. [root@Ansible roles]# ansible-galaxy init backup 10. - Role backup was created successfully 11. [root@Ansible roles]# ansible-galaxy init mysql 12. - Role mysql was created successfully 13. [root@Ansible roles]# ls 14. backup hosts mysql site.yml 15. basic lb_group nfs web_group
4、basic角色相关操作
任务
1. [root@Ansible roles]# cat basic/tasks/main.yml 2. #1.关闭防火墙 3. #2.关闭selinux 4. #3.关闭NetworkManager 5. #4.修改默认的YUM仓库 6. #5.安装扩展epel源 7. #6.配置nginxYUM源 8. #7.安装常用软件命令 9. #8.时间同步 10. #9.创建虚拟用户www 11. #10.加大文件描述符 12. 13. - name: Disabled Firewalld Server 14. systemd: 15. name: firewalld 16. state: stopped 17. enabled: no 18. 19. - name: Disable Selinux 20. selinux: 21. state: disabled 22. 23. - name: Disabled NetworkManager Server 24. systemd: 25. name: NetworkManager 26. state: stopped 27. enabled: no 28. 29. - name: Configure YUM Repo 30. yum_repository: 31. name: CentOS-Base 32. description: ALIYUN YUM repo 33. baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/ 34. gpgcheck: no 35. gpgkey: http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 36. 37. - name: Add repository 38. yum_repository: 39. name: epel 40. description: EPEL YUM repo 41. baseurl: http://mirrors.aliyun.com/epel/7/$basearch 42. gpgcheck: no 43. gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 44. 45. - name: Add repository 46. yum_repository: 47. name: nginx 48. description: Nginx YUM repo 49. baseurl: http://nginx.org/packages/centos/$releasever/$basearch/ 50. gpgcheck: no 51. gpgkey: https://nginx.org/keys/nginx_signing.key 52. 53. - name: Install Packages 54. yum: 55. name: "{{ item }}" 56. state: present 57. loop: 58. - vim 59. - tree 60. - lrzsz 61. - wget 62. - unzip 63. - net-tools 64. - ntpdate 65. - bash-completion.noarch 66. - bash-completion-extras.noarch 67. 68. - name: ntpdate 69. cron: 70. name: "ntpdate" 71. minute: '*/5' 72. job: '/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null' 73. 74. - name: Create Group www 75. group: 76. name: www 77. gid: 666 78. 79. - name: Create www User 80. user: 81. name: www 82. group: www 83. uid: 666 84. shell: /sbin/nologin 85. create_home: false 86. 87. - name: Set sysctl file limiits 88. pam_limits: 89. dest: "{{ item.dest }}" 90. domain: '*' 91. limit_type: "{{ item.limit_type }}" 92. limit_item: "{{ item.limit_item }}" 93. value: "{{ item.value }}" 94. loop: 95. - { dest: '/etc/security/limits.conf',limit_type: 'soft',limit_item: 'nofile', value: '65535' } 96. - { dest: '/etc/security/limits.conf',limit_type: 'hard',limit_item: 'nofile', value: '65535'}
5、lb_group角色相关操作
任务
1. [root@Ansible roles]# cat /ansible/roles/lb_group/tasks/main.yml 2. #1.组内安装nginx,删除default.conf 3. #2.lb01、lb02配置nginx.conf 4. #3.lb01、lb02配置proxy_params 5. #4.lb01和lb02配置七层负载均衡 6. #5.lb01、lb02开启nginx 7. #6.lb01、lb02安装keepalived 8. #7.lb01、lb02分别配置keepalived文件 9. #8.传送lb01防止脑裂的脚本文件,并在lb01上做与lb02的免密钥 10. #9.lb01、lb02开启keepalived 11. 12. - name: install nginx 13. yum: 14. name: nginx 15. state: present 16. - name: delete default.conf 17. file: 18. name: /etc/nginx/conf.d/default.conf 19. state: absent 20. - name: configure nginx.conf 21. template: 22. src: nginx.conf.j2 #提前准备 23. dest: /etc/nginx/nginx.conf 24. - name: copy proxy_params 25. copy: 26. src: proxy_params #提前准备 27. dest: /etc/nginx 28. - name: copy ssl_key 29. copy: 30. src: ssl_key 31. dest: /etc/nginx 32. - name: configure proxy_7 to lb01 and lb02 33. template: 34. src: proxy_7.conf.j2 #提前准备 35. dest: /etc/nginx/conf.d/proxy_7.conf 36. notify: restart nginx 37. - name: start nginx 38. systemd: 39. name: nginx 40. state: started 41. enabled: yes 42. - name: install keepalive 43. yum: 44. name: keepalived 45. state: present 46. - name: configure keepalived 47. template: 48. src: keepalived.conf.j2 #提前准备 49. dest: /etc/keepalived/keepalived.conf 50. notify: restart keepalived 51. - name: copy check_split_brain.sh to lb01 52. copy: 53. src: check_split_brain.sh #提前准备 54. dest: /etc/keepalived/check_split_brain.sh 55. when: ansible_hostname is match "LB01" 56. - name: start keepalive 57. systemd: 58. name: keepalived 59. state: started
提前准备的文件、变量、handlers
1. [root@Ansible lb_group]# ls files/ 2. check_split_brain.sh proxy_params ssl_key 3. [root@Ansible lb_group]# ls templates/ 4. keepalived.conf.j2 nginx.conf.j2 proxy_7.conf.j2 5. [root@Ansible lb_group]# cat vars/main.yml 6. user: www 7. [root@Ansible lb_group]# cat handlers/main.yml 8. - name: restart nginx 9. systemd: 10. name: nginx 11. state: restarted 12. - name: restart keepalived 13. systemd: 14. name: keepalived 15. state: restarted
6、nfs角色相关操作
任务
1. [root@Ansible roles]# cat nfs/tasks/main.yml 2. - name: install nfs server 3. yum: 4. name: nfs-utils 5. state: present 6. - name: configure nfs server 7. template: 8. src: exports 9. dest: /etc/exports 10. notify: restart nfs server 11. - name: create directory data/... 12. file: 13. path: "{{ item }}" 14. state: directory 15. owner: www 16. group: www 17. mode: 0755 18. loop: "{{ directory_list }}" 19. - name: start nfs server 20. systemd: 21. name: nfs 22. state: started 23. enabled: yes 24. #实时同步 25. - name: install rsync inotify-tools 26. yum: 27. name: 28. - rsync 29. - inotify-tools 30. state: present 31. - name: mkdir server 32. file: 33. path: /server 34. state: directory 35. - name: tar xf sersync.tar.gz 36. unarchive: 37. src: sersync2.5.4_64bit_binary_stable_final.tar.gz 38. dest: /server 39. - name: mv GNU-Linux-x86/ sersyncd 40. command: 41. cmd: mv /server/GNU-Linux-x86 /server/sersyncd 42. become: true 43. - name: copy confxml.xml to nfs 44. copy: 45. src: confxml.xml 46. dest: /server/sersyncd/confxml.xml 47. - name: copy rsync.pass 48. copy: 49. src: rsync.pass 50. dest: /etc/rsync.pass 51. mode: "0600" 52. - name: ./sersync2 -dr 53. command: cd /server/sersyncd/ && ./sersync2 -dr
提前准备的文件、变量、handlers
1. [root@Ansible roles]# ls nfs/templates/ 2. exports 3. [root@Ansible roles]# cat nfs/vars/main.yml 4. directory_list: 5. - /data/wordpress 6. - /data/wecenter 7. - /data/phpshe 8. - /data/kod 9. share_ip : 172.16.1.0/24 10. [root@Ansible roles]# cat nfs/handlers/main.yml 11. - name: restart nfs server 12. systemd: 13. name: nfs 14. state: restarted
7、web_group角色相关操作
任务
1. [root@Ansible roles]# cat web_group/tasks/main.yml 2. #1.安装nginx,php,nfs 3. #2.配置nginx.conf conf.d文件,并监控 4. #3.配置php.ini www.conf,并监控 5. #4.开启nginx和php 6. #5.创建代码目录,导入代码文件,更改代码文件的权限 7. #6.挂载存放静态文件的目录到nfs 8. - name: install nginx 9. yum: 10. name: nginx 11. state: present 12. - name: tar php.tar.gz 13. unarchive: 14. src: php71.tar.gz #准备 15. dest: /root 16. - name: localinstall rpm 17. yum: 18. name: 19. - /root/autoconf-2.69-11.el7.noarch.rpm 20. - /root/automake-1.13.4-3.el7.noarch.rpm 21. - /root/libevent-2.0.21-4.el7.x86_64.rpm 22. - /root/libjpeg-turbo-1.2.90-8.el7.x86_64.rpm 23. - /root/libmcrypt-2.5.8-13.el7.x86_64.rpm 24. - /root/libmemcached-1.0.16-5.el7.x86_64.rpm 25. - /root/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm 26. - /root/libX11-1.6.7-3.el7_9.x86_64.rpm 27. - /root/libX11-common-1.6.7-3.el7_9.noarch.rpm 28. - /root/libXau-1.0.8-2.1.el7.x86_64.rpm 29. - /root/libxcb-1.13-1.el7.x86_64.rpm 30. - /root/libXpm-3.5.12-1.el7.x86_64.rpm 31. - /root/libxslt-1.1.28-6.el7.x86_64.rpm 32. - /root/mod_php71w-7.1.33-1.w7.x86_64.rpm 33. - /root/pcre-devel-8.32-17.el7.x86_64.rpm 34. - /root/perl-Data-Dumper-2.145-3.el7.x86_64.rpm 35. - /root/perl-Test-Harness-3.28-3.el7.noarch.rpm 36. - /root/perl-Thread-Queue-3.02-2.el7.noarch.rpm 37. - /root/php71w-cli-7.1.33-1.w7.x86_64.rpm 38. - /root/php71w-common-7.1.33-1.w7.x86_64.rpm 39. - /root/php71w-devel-7.1.33-1.w7.x86_64.rpm 40. - /root/php71w-embedded-7.1.33-1.w7.x86_64.rpm 41. - /root/php71w-fpm-7.1.33-1.w7.x86_64.rpm 42. - /root/php71w-gd-7.1.33-1.w7.x86_64.rpm 43. - /root/php71w-mbstring-7.1.33-1.w7.x86_64.rpm 44. - /root/php71w-mcrypt-7.1.33-1.w7.x86_64.rpm 45. - /root/php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm 46. - /root/php71w-opcache-7.1.33-1.w7.x86_64.rpm 47. - /root/php71w-pdo-7.1.33-1.w7.x86_64.rpm 48. - /root/php71w-pear-1.10.4-1.w7.noarch.rpm 49. - /root/php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm 50. - /root/php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm 51. - /root/php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm 52. - /root/php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm 53. - /root/php71w-process-7.1.33-1.w7.x86_64.rpm 54. - /root/php71w-xml-7.1.33-1.w7.x86_64.rpm 55. state: present 56. - name: install nfs-utils 57. yum: 58. name: nfs-utils 59. state: present 60. - name: configure nginx.conf 61. template: 62. src: nginx.conf.j2 63. dest: /etc/nginx/nginx.conf 64. notify: restart nginx 65. - name: configure conf.d 66. copy: 67. src: conf.d/ 68. dest: /etc/nginx/conf.d 69. notify: restart nginx 70. - name: configure php.ini 71. copy: 72. src: php.ini 73. dest: /etc/php.ini 74. notify: restart php-fpm 75. - name: configure www.conf 76. copy: 77. src: www.conf 78. dest: /etc/php-fpm.d/www.conf 79. notify: restart php-fpm 80. - name: start nginx 81. systemd: 82. name: nginx 83. state: started 84. enabled: yes 85. - name: start php-fpm 86. systemd: 87. name: php-fpm 88. state: started 89. enabled: yes 90. - name: tar code.tar.gz 91. unarchive: 92. src: code.tar.gz 93. dest: / 94. creates: /code 95. - name: chown -R www.www code 96. file: 97. path: /code 98. owner: www 99. group: www 100. - name: Mount wordpress_NFS Server 101. mount: 102. src: 172.16.1.31:/data/wordpress 103. path: /code/wordpress/wp-content/uploads 104. fstype: nfs 105. opts: defaults 106. state: mounted 107. - name: Mount wecenter_NFS Server 108. mount: 109. src: 172.16.1.31:/data/wecenter 110. path: /code/wecenter/uploads 111. fstype: nfs 112. opts: defaults 113. state: mounted 114. - name: Mount phpshe_NFS Server 115. mount: 116. src: 172.16.1.31:/data/phpshe 117. path: /code/phpshe/data 118. fstype: nfs 119. opts: defaults 120. state: mounted 121. - name: mount kod server 122. mount: 123. src: 172.16.1.31:/data/kod 124. path: /code/kod/data 125. fstype: nfs 126. opts: defaults 127. state: mounted
提前准备的文件、变量、handlers
1. [root@Ansible roles]# ls web_group/files/ 2. code.tar.gz conf.d php71.tar.gz php.ini www.conf 3. [root@Ansible web_group]# ls templates/ 4. nginx_.conf.j2 5. [root@Ansible web_group]# cat vars/main.yml 6. user: www 7. [root@Ansible web_group]# cat handlers/main.yml 8. - name: restart nginx 9. systemd: 10. name: nginx 11. state: restarted 12. - name: restart php-fpm 13. systemd: 14. name: php-fpm 15. state: restarted
8、backup角色相关操作
任务
1. [root@Ansible roles]# cat backup/tasks/main.yml 2. - name: Install Rsync Server 3. yum: 4. name: rsync 5. state: present 6. 7. - name: Copy Srsync Configure File 8. template: 9. src: "{{ item.src }}" 10. dest: "{{ item.dest }}" 11. mode: "{{ item.mode }}" 12. loop: 13. - { src: rsyncd.conf.j2, dest: /etc/rsyncd.conf,mode: '0644' } 14. - { src: rsync.passwd.j2, dest: /etc/rsync.passwd,mode: '0600' } 15. notify: restart rsyncd 16. 17. 18. - name: Create Dir "{{ rsync_dir }}" 19. file: 20. path: /{{ rsync_dir }} 21. state: directory 22. owner: "{{ rs_user }}" 23. group: "{{ rsg_user }}" 24. 25. - name: Start Rsync Server 26. systemd: 27. name: rsyncd 28. state: started 29. enabled: yes 30. 31. - name: mkdir /data 32. file: 33. name: "{{ item }}" 34. state: directory 35. owner: www 36. group: www 37. loop: 38. - /data 39. - /bash 40. 41. - name: copy rsync_all.sh 42. copy: 43. src: rsync_all.sh 44. dest: /bash/rsync_all.sh
提前准备的文件、变量、handlers
1. [root@Ansible roles]# ls backup/files/ 2. rsync_all.sh 3. [root@Ansible backup]# ls templates/ 4. rsyncd.conf.j2 rsync.passwd.j2 5. [root@Ansible backup]# cat vars/main.yml 6. rs_user: www 7. rsg_user: www 8. pass: 123456 9. rsync_dir: /backup 10. [root@Ansible backup]# cat handlers/main.yml 11. - name: restart rsyncd 12. systemd: 13. name: rsyncd 14. state: restarted
9、mysql角色相关操作
任务
1. [root@Ansible roles]# cat mysql/tasks/main.yml 2. - name: Install mariadb mysql-python redis 3. yum: 4. name: 5. - mariadb-server 6. - MySQL-python 7. - redis 8. state: present 9. - name: Start httpd Server 10. systemd: 11. name: mariadb 12. state: started 13. enabled: yes 14. - name: Copy all.sql to Mysql 15. copy: 16. src: all.sql 17. dest: /root/all.sql 18. - name: import all.sql 19. mysql_db: 20. login_host: localhost 21. login_port: 3306 22. login_user: root 23. name: all 24. state: import 25. target: /root/all.sql 26. - name: Restart MariaDB Server 27. systemd: 28. name: mariadb 29. state: restarted 30. - name: copy redis.conf to mysql 31. copy: 32. src: redis.conf 33. dest: /etc/redis.conf 34. - name: start and redis 35. systemd: 36. name: redis 37. state: started 38. enabled: yes
提前准备的文件、变量、handlers
1. [root@Ansible roles]# ls mysql/files/ 2. all.sql redis.conf
10、执行测试(密钥分发+检查playbook语法+执行playbook)
1. [root@Ansible ~]# cd /bash/ 2. [root@Ansible bash]# sh batchSendKey.sh #执行密钥分发,要在bash目录执行 3. [root@Ansible bash]# ansible-playbook --syntax-check /ansible/roles/site.yml 4. 5. playbook: /ansible/roles/site.yml 6. [root@Ansible roles]# ansible-playbook -i hosts /ansible/roles/site.yml 7. 8. -----密钥分发与主机列表----- 9. [root@Ansible bash]# cat batchSendKey.sh 10. #!/bin/bash 11. if [ ! -f ~/.ssh/id_rsa ];then 12. ssh-keygen -t rsa 13. else 14. echo "id_rsa has created ..." 15. fi 16. 17. while read line 18. do 19. user="root" 20. ip=`echo $line | cut -d " " -f 1` 21. passwd="1" 22. expect <<EOF 23. set timeout 10 24. spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user@$ip 25. expect { 26. "yes/no" { send "yes\n";exp_continue } 27. "password" { send "$passwd\n" } 28. } 29. expect "password" { send "$passwd\n" } 30. EOF 31. done < hostlist.txt 32. [root@Ansible bash]# cat hostlist.txt 33. 172.16.1.5 34. 172.16.1.6 35. 172.16.1.7 36. 172.16.1.8 37. 172.16.1.31 38. 172.16.1.41 39. 172.16.1.51 40. 172.16.1.52
运行完后浏览器访问网页查看项目是否正常访问,模拟脑裂等等操作,检查剧本执行结果。
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!
