前言 Ansible是一款極其簡單的IT自動化運維工具,基於Python開發,集合了眾多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程式部署、批量運行命令等功能。Ansible是基於模塊工作的,本身沒有批量部署的能力,真正具有批量部署的 ...
前言
Ansible是一款極其簡單的IT自動化運維工具,基於Python開發,集合了眾多運維工具(puppet、cfengine、chef、func、fabric)的優點,實現了批量系統配置、批量程式部署、批量運行命令等功能。Ansible是基於模塊工作的,本身沒有批量部署的能力,真正具有批量部署的是Ansible所運行的模塊,Ansible只是提供一種框架。Ansible主要承擔的工作包括:配置管理、服務即時開通、應用部署、流程編排、監控告警、日誌記錄等。
Ansible的基本架構:
- 核心模塊(Core Module):在模塊庫(Module Library)中分為兩塊,一個是核心模塊,另外一個就是自定義模塊(Custom Modules)。核心模塊中都是Ansible自帶的模塊,模塊資源分發到遠程節點使其執行特定任務或匹配一個特定的狀態;
- 自定義模塊(Custom Modules):如果Ansible滿足不了你所需求的模塊,則在此處添加自定義化的模塊;
- 插件(Plugins):協助模塊來完成某個功能;
- 劇本(Playbooks):定義需要給遠程主機執行的一系列任務;
- 連接插件(Connectior Plugins):Ansible預設基於SSH連接到目標機器上執行操作的,但也支持不同的連接方法,此時需要連接插件來幫助我們完成連接;
- 主機清單(Host Inventory):定義需要管理的主機,小型環境中我們只需要在host文件中寫入主機的IP地址即可,但到了中大型環境我們有可能需要使用靜態inventory或者動態主機清單來生成我們所需要執行的目標主機。
實驗拓撲圖
兩台Nginx作為Web Proxy,配置實現KeepAlived做主備;後端兩台Apache,一臺部署Apache+PHP,一臺部署Apache+MySQL。
搭建Ansible
[root@ansible ~]# systemctl stop firewalld.service
[root@ansible ~]# systemctl disable firewalld.serive
[root@ansible ~]# vim /etc/selinux/config
...
SELINUX=disabled
...
[root@ansible ~]# init 6
[root@ansible ~]# ntpdate ntp1.aliyun.com
[root@ansible ~]# yum -y install ansible
[root@ansible ~]# vim /etc/ansible/hosts
...
[hasrvs]
192.168.4.117
192.168.4.118
[websrvs]
192.168.4.119
192.168.4.120
[php]
192.168.4.119
[mysql]
192.168.4.120
[root@ansible ~]# vim /etc/hosts
...
192.168.4.117 nginx1
192.168.4.118 nginx2
192.168.4.119 apache1
192.168.4.120 apache2
[root@ansible ~]# ssh-keygen -t rsa -N '' #生成密鑰對,實現ssh免密碼登錄
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected] #複製公鑰到各遠程主機
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
測試連通性
[root@ansible ~]# ansible all -m ping
192.168.4.117 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.4.118 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.4.120 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.4.119 | SUCCESS => {
"changed": false,
"ping": "pong"
}
同步時間,關閉firewalld及selinux
[root@ansible ~]# ansible all -m shell -a 'echo "TZ='Asia/Shanghai'; export TZ" >> /etc/profile' [root@ansible ~]# ansible all -m cron -a 'minute=*/5 job="/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null" name=UpdateTime' #每隔3分鐘同步一次時間 [root@ansible ~]# ansible all -m shell -a 'systemctl stop firewalld.service; systemctl disable firewalld.service; setenfore 0'
配置Apache服務的roles
[root@ansible ~]# mkdir -pv /etc/ansible/roles/apache/{files,templates,tasks,handlers,vars,meta,default} #創建相關目錄
[root@ansible ~]# vim /etc/ansible/roles/apache/templates/vhost.conf.j2 #Apache主機模板
<virtualhost *:80>
ServerName www.test.org
DirectoryIndex index.html index.php
DocumentRoot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.4.119:9000/var/www/html/$1
ProxyPassMatch ^/(ping|status)$ fcgi://192.168.4.119:9000/$1
<Directory />
options FollowSymlinks
Allowoverride None
Require all granted
</Directory>
</virtualhost>
[root@ansible ~]# vim /etc/ansible/roles/apache/templates/index.html #Apache主頁
<h1> This is {{ ansible_hostname }} </h1>
[root@ansible ~]# vim /etc/ansible/roles/apache/files/index.php
<?php
phpinfo();
?>
[root@ansible ~]# vim /etc/ansible/roles/apache/tasks/main.yml #定義實現Apache的task
- name: install apache
yum: name=httpd state=latest
- name: copy conf
template: src=vhost.conf.j2 dest=/etc/httpd/conf.d/vhost.conf
- name: copy index.html
template: src=index.html dest=/var/www/html/index.html
- name: copy index.php
copy: src=index.php dest=/var/www/html/index.php
- name: start httpd
service: name=httpd state=started
配置php-fpm服務的roles
[root@ansible ~]# mkdir -pv /etc/ansible/roles/php-fpm/{files,templates,tasks,handlers,vars,meta,default} #創建相關目錄
[root@ansible ~]# cp /etc/php-fpm.d/www.conf /etc/ansible/roles/php-fpm/templates/www.conf.j2 #直接複製事先準備的配置模板
[root@ansible ~]# vim /etc/ansible/roles/php-fpm/templates/www.conf.j2
#修改如下配置
listem = 0.0.0.0:9000
;listen.allowed_clients = 127.0.0.1
pm.status_path = /status
ping.path = /ping
ping.response = pong
[root@ansible ~]# vim /etc/ansible/roles/php-fpm/tasks/main.yml #定義實現php-fpm的task
- name: install php
yum: name={{ item }} state=latest
with_items:
- php-fpm
- php-mysql
- php-mbstring
- php-mcrypt
- name: copy config
template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf
- name: create directory
file: path=/var/lib/php/session group=apache owner=apache state=directory
- name: start php-fpm
service: name=php-fpm state=started
配置MySQL服務的roles
[root@ansible ~]# mkdir -pv /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,meta,default} #創建相關目錄
[root@ansible ~]# cp /etc/my.cnf /etc/ansible/roles/mysql/templates/my.cnf.j2 #複製事先準備的模板
[root@ansible ~]# vim /etc/ansible/roles/mysql/templates/my.cnf.j2
#添加如下配置
skip-name-resolve=ON
innodb-file-per-table=ON
[root@ansible ~]# vim /etc/ansible/roles/mysql/tasks/main.yml #定義實現MySQL的task
- name: install mysql
yum: name=mariadb-server state=latest
- name: copy config
template: src=my.cnf.j2 dest=/etc/my.cnf
- name: start mysql
service: name=mariadb state=started
配置Nginx服務的roles
[root@ansible ~]# mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,meta,default} #創建相關目錄
[root@ansible ~]# cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2 #複製事先準備的模板
[root@ansible ~]# vim /etc/ansible/roles/nginx/templates/nginx.conf.j2
#修改配置
http {
...
upstream websrvs {
server 192.168.4.119:80;
server 192.168.4.120:80;
server 127.0.0.1:80 backup;
}
server {
listen 80;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://websrvs;
proxy_set_header host $http_host;
proxy_set_header X-Forward-For $remote_addr;
}
...
}
...
}
[root@ansible ~]# vim /etc/ansible/roles/nginx/templates/localhost.conf.j2 #定義本地的Nginx服務
server {
listen 127.0.0.1:80;
root /usr/share/nginx/html;
index index.html;
}
[root@ansible ~]# vim /etc/ansible/roles/nginx/templates/index.html
<h1> Balance Server {{ ansible_hostname }} </h1>
[root@ansible ~]# vim /etc/ansible/roles/nginx/tasks/main.yml #定義實現Nginx的task
- name: install nginx
yum: name=nginx state=latest
- name: copy nginx conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: copy local conf
template: src=localhost.conf.j2 dest=/etc/nginx/conf.d/localhost.conf
- name: copy index
template: src=index.html dest=/usr/share/nginx/html/index.html
- name: start nginx
service: name=nginx state=started
配置KeepAlived服務的roles
[root@ansible keepalived]# mkdir -pv /etc/ansible/roles/keepalived/{files,templates,tasks,handlers,vars,meta,default} #創建相關目錄
[root@ansible keepalived]# vim /etc/ansible/roles/keepalived/templates/keepalived.conf.j2 #KeepAlived配置文件
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_nodename }}
vrrp_skip_check_adv_addr
vrrp_mcast_group4 224.0.0.10
}
vrrp_instance VIP_1 {
state {{ keepalived_role }}
interface eno16777736
virtual_router_id 1
priority {{ keepalived_pri }}
advert_int 1
authentication {
auth_type PASS
auth_pass %&hhjj99
}
virtual_ipaddress {
192.168.4.155/24 dev eno16777736 label eno16777736:0
}
}
[root@ansible keepalived]# vim /etc/ansible/hosts #添加變數
...
[hasrvs]
192.168.4.117 keepalived_role=MASTER keepalived_pri=100
192.168.4.118 keepalived_role=BACKUP keepalived_pri=99
...
[root@ansible keepalived]# vim /etc/ansible/roles/keepalived/tasks/main.yml #定義實現Keepalived的task
- name: install keepalived
yum: name=keepalived state=latest
- name: copy config
template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
- name: start keepalived
service: name=keepalived state=started
配置Apache+PHP服務的playbook
[root@ansible keepalived]# mkdir /etc/ansible/playbooks #創建playbook存放目錄
[root@ansible roles]# vim /etc/ansible/playbooks/ap1.yml 定義實現Apache+php-fpm的playbook
- hosts: php
remote_user: root
roles:
- apache
- php-fpm
[root@ansible roles]# ansible-playbook --syntax-check /etc/ansible/playbooks/ap1.yml #檢查是否有語法錯誤
[root@ansible roles]# ansible-playbook /etc/ansible/playbooks/ap1.yml #執行
配置Apache+MySQL服務的playbook
[root@ansible ~]# vim /etc/ansible/playbooks/ap2.yml
- hosts: mysql
remote_user: root
roles:
- apache
- mysql
[root@ansible ~]# ansible-playbook --syntax-check /etc/ansibleplaybooks/ap2.yml
[root@ansible ~]# ansible-playbook /etc/ansibleplaybooks/ap2.yml
配置Nginx+Keepalived服務的playbook
[root@ansible ~]# vim /etc/ansible/playbooks/ha.yml
- hosts: hasrvs
remote_user: root
roles:
- nginx
- keepalived
[root@ansible ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml
[root@ansible ~]# ansible-playbook /etc/ansible/playbooks/ha.yml
客戶端測試訪問
[root@client ~]# vim /etc/hosts
...
192.168.4.155 www.test.org
...
[root@client ~]# for i in {1..10};do curl http://www.test.org;done
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
小插曲:
[root@ansible ~]# ansible all -m ping --list-hosts
ERROR! Unexpected Exception, this is probably a bug: (cryptography 0.8.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.1'))
運行ansible命令時報錯,python的cryptography版本必須>=1.1。
解決辦法:
[root@ansible ~]# yum -y install python-pip
[root@ansible ~]# pip install --upgrade cryptography
