Ansible 一键配置安装Keepalived+Nginx作为前端,httpd+php作为后端
一、环境:Ansible控制机:172.16.0.6
Ansible nginx:172.16.0.{2|4}
Ansible Keepalived: 172.16.0.{2|4}
Ansible httpd: 172.16.0.{128|129}
Keepalived IP:192.168.220.5/32
除控制机全部采用Linux Cento7,外网统一192.168.220.0/27
一般生产机我们会把Yum仓库指向自己搭建的,这里我们使用ail以及163的Yum仓库
{2|4}使用ail仓库源
root@centos7 nginx]# cat /etc/yum.repos.d/ail.repo
name=centeros7 base
baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck=0
name=epel base
baseurl=http://mirrors.aliyun.com/epel/7/x86_64
gpgcheck=0
{128|129}使用163仓库源,地址:http://mirrors.163.com/.help/CentOS7-Base-163.repo
# cat /etc/yum.repos.d/CentOS7-Base-163.repo
# CentOS-Base.repo
...
name=CentOS-$releasever - Base - 163.com
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7
...
二、Ansible控制机目录结构:
# tree .
.
├── ansible.cfg #Ansible配置文件
├── hosts #Ansible主机清单
├── roles #Ansible 角色目录
│ ├── httpd #httpd角色
│ │ ├── default #定义默认配置yml
│ │ ├── files #copy模块用到的目录
│ │ │ ├── index.html
│ │ │ └── index.php
│ │ ├── handlers #nodify触发用到的目录
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks #任务用到的目录
│ │ │ ├── install_httpd.yml
│ │ │ ├── main.yml
│ │ │ └── remove_httpd.yml
│ │ ├── templates #模块用到的目录
│ │ │ └── httpd.conf.j2
│ │ └── vars #表里用到的目录
│ │ └── main.yml
│ ├── keepalived
│ │ ├── default
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── install_keepalived.yml
│ │ │ ├── main.yml
│ │ │ └── remove_keepalived.yml
│ │ ├── templates
│ │ │ ├── keepalived.conf.j2
│ │ │ └── keepalived.conf.j2.bak
│ │ └── vars
│ ├── memcached
│ │ ├── default
│ │ ├── files
│ │ │ └── memcached.j2
│ │ ├── handlers
│ │ ├── meta
│ │ ├── tasks
│ │ │ ├── install_memcached.yml
│ │ │ ├── main.yml
│ │ │ └── remove_memcached.yml
│ │ ├── templates
│ │ │ ├── main.yml
│ │ │ └── memcached.j2
│ │ └── vars
│ │ └── main.yml
│ └── nginx
│ ├── default
│ ├── files
│ │ └── index.html
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ ├── install_nginx.yml
│ │ ├── main.yml
│ │ └── remove_nginx.yml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yml
├── service.retry
└── service.yml #定义主机以及远程用户
三、问件分析:
ansible.cfg:这里使用的是默认
hosts:
# cat hosts
#定义nginx主机清单列表,下面mb,prioroty为变量
172.16.0.2 mb=MASTER prioroty=100
172.16.0.4 mb=BACKUP prioroty=98
#定义httpd主机清单,hname为变量
172.16.0.128 hname=httpd128 172.16.0.129 hname=httpd129
#定义dbserver主机清单,这里我没有去安装
172.16.0.5 hname=dbserver
server.yml:
# cat service.yml
- hosts: all #定义hosts范围
remote_user: root #定义远程用户
roles: #使用roles
- nginx #nginx列表,就是roles目录下的nginx目录
- httpd #httpd列表,就是roles目录下的httpd目录
- keepalived #keepalived列表,就是roles目录下的keepalived目录
# cat service.retry #执行后自动生成,无需理会
172.16.0.2
172.16.0.4
roles:
# ls roles/ #每一个文件目录名称为一个角色
httpdkeepalivedmemcachednginx
nginx
每个角色结构如下,上面解释过就不介绍,下面介绍配置文件
# tree roles/nginx/
roles/nginx/
├── default
├── files
│ └── index.html
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── install_nginx.yml
│ ├── main.yml
│ └── remove_nginx.yml
├── templates
│ └── nginx.conf.j2
└── vars
└── main.yml7 directories, 7 files
files/index.html:存放copy所用到的文件
handlers/main.yml:
# cat roles/nginx/handlers/main.yml
- name: restart nginx #与nodify:定义的名字保持一致
service: name=nginx state=restarted #定义使用service Module采取的动作为重启,对应的程序为nginx
tasks/install_nginx.yml:
# cat roles/nginx/tasks/install_nginx.yml
- name: install nginx
#定义一个输出名称为install nginx
yum: name=nginx state=present
#使用yum Module 安装nginx
- name: install nginx index.html
copy: src=index.html dest=/usr/share/nginx/html/index.html
#使用copy Module 复制files/index.html文件到远程服务器
notify: restart nginx
#使用notify Module 定义一个引用
tags: modify nginx config copy
#定义一个tags,使用ansible-playbook可以使用-t "XXXX"指定执行的区域命令
- name: install config template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
#使用template Module 引用template/nginx.conf.j2模块
notify: restart nginx
#定义notify
tags: modify nginx config
#定义tags
- name: start nginx
service: name=nginx state=started enabled=true
#定义使用service Module采取的动作为重启,对应的程序为nginx 并开机自动启动
tasks/remove_nginx.yml:
# cat roles/nginx/tasks/remove_nginx.yml
- name: remove nginx
yum: name=nginx state=absent
#使用yum Module采取的动作为删除,对应程序为nginx
tasks/main.yml:
# cat roles/nginx/tasks/main.yml
- include: tasks/install_nginx.yml
#使用include包含我们之前定义的.yml文件
tags: install
#定义tags
when:ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
#定义只有等于{2|4}才执行
- include: tasks/remove_nginx.yml
#使用include包含我们之前定义的.yml文件
tags: remove
#定义tags
when:ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
#定义只有等于{2|4}才执行
template/nginx.conf.j2:
# cat roles/nginx/templates/nginx.conf.j2
...
user {{ runuser }};
#我们在vars/main.yml定义的变量
worker_processes {{ ansible_processor_vcpus-1 }};
#setup获取的fastc变量
...
server {
listen {{ nginx_prot }} default_server;
#我们在vars/main.yml定义的变量
...
7.vars/main.yml:
# cat roles/nginx/vars/main.yml
runuser: daemon #定义变量
nginx_prot: 80 #定义变量
httpd
每个角色结构如下,上面解释过就不介绍,下面介绍配置文件
# tree roles/httpd/ #httpd角色目录结构
roles/httpd/
├── default
├── files
│ ├── index.html
│ └── index.php
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── install_httpd.yml
│ ├── main.yml
│ └── remove_httpd.yml
├── templates
│ └── httpd.conf.j2
└── vars
└── main.yml7 directories, 8 files
# cat roles/httpd/files/index.html
<h1>Test file.</h1>
# cat roles/httpd/files/index.php
<?php
phpinfo();
?>
# cat roles/httpd/handlers/main.yml
- name: restart httpd
service: name=httpd state=restarted
# cat roles/httpd/tasks/install_httpd.yml
- name: install httpd
yum: name=httpd state=present
- name: install php
yum: name=php state=present
- name: install httpdindex.html
copy: src=index.html dest=/var/www/html/index.html
notify: restart httpd
tags: modify httpdconfig copy
- name: install httpdindex.php
copy: src=index.php dest=/var/www/html/index.php
notify: restart httpd
tags: modify httpdconfig copy
- name: install config template: src=httpd.conf.j2 dest=/etc/nginx/httpd.conf
notify: restart httpd
tags: modify httpd config
- name: start httpd
service: name=httpd state=started enabled=true
# cat roles/httpd/tasks/remove_httpd.yml
- name: remove httpd
yum: name=httpd state=absent
- name: remove php
yum: name=php state=absent
# cat roles/httpd/tasks/main.yml
- include: tasks/install_httpd.yml
when:ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129'
tags: install
- include: tasks/remove_httpd.yml tags: remove
when:ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129'
# cat roles/httpd/templates/httpd.conf.j2
#默认配置,里面可以定义变量就懒得贴了
# cat roles/httpd/vars/main.yml
index:
- index.php
- index.html
# tree roles/keepalived/ #keepalived角色目录结构
roles/keepalived/
├── default
├── files
├── handlers
│ └── main.yml
├── meta
├── tasks
│ ├── install_keepalived.yml
│ ├── main.yml
│ └── remove_keepalived.yml
├── templates
│ ├── keepalived.conf.j2
│ └── keepalived.conf.j2.bak
└── vars7 directories, 6 files
# cat roles/keepalived/handlers/main.yml
- name: restart keepalived
service: name=keepalived state=restarted
# cat roles/keepalived/tasks/install_keepalived.yml
- name: install keepalived
yum: name=keepalived state=present
- name: install keepalived config
template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
notify: restart keepalived
tags: modify keepalived config
- name: start keepalived
service: name=keepalived state=started enabled=true
# cat roles/keepalived/tasks/remove_keepalived.yml
- name: remove keepalived
yum: name=keepalived state=absent
# cat roles/keepalived/tasks/main.yml
- include: tasks/install_keepalived.yml
tags: install
when:ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
- include: tasks/remove_keepalived.yml
tags: remove
when:ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
# cat roles/keepalived/templates/keepalived.conf.j2
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from sunshineboy@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 224.0.100.18
}
vrrp_instance VI_1 {
state {{ mb }}
interface eth0
virtual_router_id 51
priority {{ prioroty }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { 192.168.220.5/24
}
}
四、执行ansible-playbook
# pwd #查看所在目录
/etc/ansible
# ls #查看有没有service.tml文件
ansible.cfghostsrolesservice.retryservice.yml
# ansible-playbook -t "install" --check service.yml
#执行前测试使用--check ,-t指定我要所需要的tags这里选择"install"在每个tasks/main.yml都有定义另外一个是"remove"
statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml
statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml
statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml
statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml
statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml
statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml
PLAY *********************************************************************
TASK *******************************************************************
ok:
ok:
ok:
ok:
ok:
TASK ***************************************************
#定义的- name: install nginx的名称就是这里用的
skipping:
#skipping,因为我们使用了when判断
skipping:
skipping:
changed:
#符合我们的判断才执行
changed:
TASK ****************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK **************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK ***************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK ***************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK ****************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK **************************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK **********************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *******************************************
skipping:
skipping:
skipping:
changed:
changed:
RUNNING HANDLER ****************************************
fatal: : FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "}
#请注意查看提示报错,systemd could not find the requested service \"'nginx'\,因为我们这里是测试而且是由定义配置触发的handlers
fatal: : FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "}
#请注意查看提示报错,systemd could not find the requested service \"'nginx'\,因为我们这里是测试而且是由定义配置触发的handlers
RUNNING HANDLER ******************************
NO MORE HOSTS LEFT *************************************************************
to retry, use: --limit @/etc/ansible/service.retry
PLAY RECAP ********************************************************************* #显示测试的返回统计,没什么问题
172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0
172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0
172.16.0.2 : ok=8 changed=7 unreachable=0 failed=1
172.16.0.4 : ok=8 changed=7 unreachable=0 failed=1
172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0
# ansible-playbook -t "install"service.yml
#执行去掉--check ,-t指定我要所需要的tags这里选择"install"在每个tasks/main.yml都有定义另外一个是"remove"
statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml
statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml
statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml
statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml
statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml
statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml
PLAY *********************************************************************
TASK *******************************************************************
ok:
ok:
ok:
ok:
ok:
TASK ***************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK ****************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK **************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK ***************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK ***************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK ****************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK **************************************************
skipping:
skipping:
skipping:
ok:
ok:
TASK *****************************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *****************************************
skipping:
skipping:
skipping:
changed:
changed:
TASK **********************************
skipping:
skipping:
skipping:
changed:
changed:
TASK *******************************************
skipping:
skipping:
skipping:
changed:
changed:
RUNNING HANDLER ****************************************
changed:
changed:
RUNNING HANDLER ******************************
changed:
changed:
PLAY RECAP *********************************************************************
172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0
172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0
172.16.0.2 : ok=10 changed=9 unreachable=0 failed=0
172.16.0.4 : ok=10 changed=9 unreachable=0 failed=0
172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0
五、验证服务
# ansible all -m shell -a "ss -tnlp| grep 'nginx\|httpd\|keepalived'"
172.16.0.129 | SUCCESS | rc=0 >>
LISTEN 0 128 :::80 :::* users:(("httpd",pid=15560,fd=4),("httpd",pid=15559,fd=4),("httpd",pid=15558,fd=4),("httpd",pid=15557,fd=4),("httpd",pid=15556,fd=4),("httpd",pid=15554,fd=4))
172.16.0.5 | FAILED | rc=1 >> 172.16.0.2 | SUCCESS | rc=0 >>
LISTEN 0 128 *:80 *:* users:(("nginx",pid=44210,fd=6),("nginx",pid=44209,fd=6))
172.16.0.4 | SUCCESS | rc=0 >>
LISTEN 0 128 *:80 *:* users:(("nginx",pid=44424,fd=6),("nginx",pid=44423,fd=6))
172.16.0.128 | SUCCESS | rc=0 >>
LISTEN 0 128 :::80 :::* users:(("httpd",pid=16300,fd=4),("httpd",pid=16299,fd=4),("httpd",pid=16298,fd=4),("httpd",pid=16297,fd=4),("httpd",pid=16296,fd=4),("httpd",pid=16294,fd=4))
# curl 192.168.220.5
<h1>Test file.</h1>
# curl 192.168.220.5/index.php | grep Centos7
% Total % Received % XferdAverage Speed Time Time TimeCurrentDloadUpload Total Spent LeftSpeed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0<tr><td class="e">System </td><td class="v">Linux Centos7 3.10.0-327.el7.x86_64
#1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 </td> </tr> 100 53535 0 53535 0 01376k 0 --:--:-- --:--:-- --:--:-- 1493k
ps:其它的可以自行研究~
页:
[1]