首页
导航
统计
留言
更多
壁纸
直播
关于
推荐
星的魔法
星的导航页
星的云盘
谷歌一下
腾讯视频
Search
1
Ubuntu安装 kubeadm 部署k8s 1.30
166 阅读
2
rockylinux 9.3详细安装drbd
109 阅读
3
kubeadm 部署k8s 1.30
108 阅读
4
rockylinux 9.3详细安装drbd+keepalived
103 阅读
5
ceshi
68 阅读
默认分类
日记
linux
docker
k8s
ELK
Jenkins
Grafana
Harbor
Prometheus
Cepf
k8s安装
Gitlab
traefik
sonarqube
OpenTelemetry
MinIOn
golang
Git
Python
Web开发
HTML和CSS
JavaScript
对象模型
登录
/
注册
Search
标签搜索
k8s
linux
docker
drbd+keepalivde
ansible
dcoker
webhook
星
幸与不幸终有尽头
累计撰写
77
篇文章
累计收到
938
条评论
首页
栏目
默认分类
日记
linux
docker
k8s
ELK
Jenkins
Grafana
Harbor
Prometheus
Cepf
k8s安装
Gitlab
traefik
sonarqube
OpenTelemetry
MinIOn
golang
Git
Python
Web开发
HTML和CSS
JavaScript
对象模型
页面
导航
统计
留言
壁纸
直播
关于
推荐
星的魔法
星的导航页
星的云盘
谷歌一下
腾讯视频
搜索到
1
篇与
的结果
2023-07-19
使用ansible快速部署一套集群
1.Roles基本概述 通过使用 roles,你可以将复杂的设置和操作流程封装在一个统一的文件夹下,进而实现代码的复用和模块化例如你要部署负载均衡、web服务器、nfs、数据库,那你可以创建四个role每个role都组织管理了好了各白需要的所有元素(包括任务、变量、handler、文件等)的目录结构。2.创建单独一个Role 一个完整的Role里包含的目录和文件可能较多,手动去创建所有这些目录和文件是一件比较烦人的事,好在可以使用ansible-galaxy init ROLE NAME命令来快速创建一个符合Role文件组织规范的框架。[root@lb workspace]# ansible-galaxy init first_role [root@lb workspace]# tree first_role/ first_role/ # 角色名称,或者叫项目名 ├── README.md ├── defaults # 默认的变量(优先级很低) │ └── main.yml ├── files # 存放文件,使用copy模块时自动获取 ├── handlers # 存放触发器的配置 │ └── main.yml ├── meta # 依赖的服务,执行该项目时先执行其他的项目 │ └── main.yml ├── tasks # 默认执行的playbook │ └── main.yml ├── templates # 存放jinja2模板,使用template模块时自动获取 ├── tests │ ├── inventory │ └── test.yml └── vars # 存放变量 └── main.yml3.一些关键介绍 Ansible Roles的依赖关系说明`roles`允许你再使用roles时自动引入其他的roles。role依赖关系存储在roles目录中meta/main.yml文件中。 例如:推送wordpress并解压,前提条件,必须要安装nginx和php,把服务跑起来,才能运行wordpress的页面,此时我们就可以在wordpress的roles中定义依赖nginx和php的roles[root@m01 roles]# vim /etc/ansible/roles/wordpress/meta/main.yml dependencies: - { role: nginx } - { role: php } 如果编写了meta目录下的main.yml文件,那么Ansible会自动先执行meta目录中main.yml文件中的dependencies文件,如上所示,就会先执行nginx和php的安装。Role中有两个地方可以定义变量:roles/xxx/defaults/main.yml:用于定义Role的默认变量roles/xxx/vars/main.yml:用于定义其它变量两个文件之间的区别在于,defaults/main.yml中定义的变量优先级低于vars/main.yml中定义的变量。事实上,defaults/main.yml中的变量优先级几乎是最低的,基本上其它任何地方定义的变量都可以覆盖它4.基于roles机制重构playbook主机IP身份m01192.168.110.110控制端web01192.168.110.97受控端db01192.168.110.163受控端nfs192.168.110.51受控端web02192.168.110.191受控端lb01192.168.110.138受控端配置主机清单[root@manager ~]# cat /etc/ansible/hosts [lb] lb01 ansible_ssh_pass='1' [nfs_server] nfs ansible_ssh_pass='1' [web_group] web01 ansible_ssh_pass='1' web02 ansible_ssh_pass='1' [db_server] db01 ansible_ssh_pass='1' [www:children] lb nfs_server web_group db_server配置hosts[root@manager ~]# cat /etc/hosts # 添加如下内容 192.168.110.138 lb01 192.168.110.51 nfs 192.168.110.91 web01 192.168.110.191 web02 192.168.110.163 db01创建项目及各个role# 1、创建项目目录,项目名就叫roles吧,好理解 mkdir /project mkdir /project/roles # 2、在roles目录下创建一系列的role cd /project/roles # 切换到工作目录下 ansible-galaxy init base # 基础优化role ansible-galaxy init nfs # 部署nfs服务的role ansible-galaxy init web # 部署web服务的role ansible-galaxy init mysql # 部署mysql服务的role ansible-galaxy init lb # 部署lb负载均衡服务的role ansible-galaxy init wordpress # 部署wordpress项目的rolebase role[root@m01 tasks]# cat /project/roles/base/tasks/main.yml # tasks file for base - name: Stop Selinux selinux: state: disabled - name: Create www Group group: name: www gid: 1666 state: present - name: Create www User user: name: www uid: 1666 group: www shell: /sbin/nologin create_home: false state: presentnfs role 准备文件[root@m01 tasks]# cat /project/roles/nfs/files/exports.txt /data 192.168.110.0/24(rw,sync,all_squash) 编写tasks[root@m01 tasks]# cat /project/roles/nfs/tasks/main.yml # tasks file for nfs - name: Install nfs-util yum: name: nfs* state: present - name: mkidr /data file: path: "/data" state: directory - name: Config nfs copy: src: "exports.txt" dest: /etc/exports - name: Start nfs-server systemd: name: nfs-server state: restarted enabled: trueweb role 部署两台web上的Nginx+php环境,并且挂载好nfs共享存储 (1)准备好包和配置文件 nginx的安装源文件 cd /project/roles/web/filescat > nginx.repo << "EOF" [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EOFnginx转发php-fpm的配置cat > myweb.conf << "EOF" server { listen 8181; server_name localhost; location / { root /usr/share/nginx/html; index index.php index.html; } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } } EOF准备好php-fpm的配置文件cat > www.conf << "EOF" [www] user = www group = www listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/opt/remi/php74/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/opt/remi/php74/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[soap.wsdl_cache_dir] = /var/opt/remi/php74/lib/php/wsdlcache EOF(2)编写部署php-fpm+nginx的剧本 vi /project/roles/web/tasks/mian.yml# 1、安装php - name: Gather OS version command: cat /etc/redhat-release register: os_version - name: Extract major version from OS version set_fact: os_major_version: "{{ os_version.stdout.split()[3] | regex_replace('\\..*$', '') }}" - name: Extract minor version from OS version set_fact: os_minor_version: "{{ os_version.stdout.split()[3] | regex_replace('^[^.]*\\.', '') }}" - name: Install rpm package for CentOS 7.9 yum: name: http://rpms.remirepo.net/enterprise/remi-release-7.rpm state: latest when: os_major_version == '7' and os_minor_version == '9.2009' - name: Install rpm package for CentOS 9.3 yum: name: http://rpms.remirepo.net/enterprise/remi-release-9.3.rpm state: latest when: os_major_version == '9' and os_minor_version == '3' - name: Install php-fpm yum: name: - 'php74-php-pdo' - 'php74-php-mbstring' - 'php74-php-cli' - 'php74-php-fpm' - 'php74-php-mysqlnd' state: latest - name: Config php-fpm copy: src: www.conf dest: /etc/opt/remi/php74/php-fpm.d/www.conf notify: restart_php - name: Start php-fpm systemd: name: php74-php-fpm state: restarted enabled: true #2、安装nginx,配置nginx代理php-fpm - name: copy nginx.repo copy: src: nginx.repo dest: /etc/yum.repos.d/nginx.repo - name: Install nginx yum: name: nginx state: latest - name: Config nginx copy: src: myweb.conf dest: /etc/nginx/conf.d/myweb.conf notify: restart_nginx - name: Start nginx server systemd: name: nginx state: restarted enabled: true #3、配置所有web服务挂载nfs - name: 安装nfs yum: name: nfs-utils state: latest - name: 挂载 mount: path: /usr/share/nginx/html src: "{{ nfs_share_dir }}" fstype: nfs opts: defaults state: mounted配置触发器handler[root@m01 base]# cat /project/roles/web/handlers/main.yml # handlers file for web - name: restart_php systemd: name: php74-php-fpm state: restarted - name: restart_nginx systemd: name: nginx state: restarted 创建变量[root@m01 roles]# cat web/vars/main.yml nfs_share_dir: "192.168.110.51:/data"mysql role安装mysql_db模块ansible-galaxy collection install community.mysql编写剧本[root@m01 base]# cat /project/roles/web/handlers/main.yml # handlers file for web - name: restart_php systemd: name: php74-php-fpm state: restarted - name: restart_nginx systemd: name: nginx state: restarted [root@m01 base]# cat /project/roles/mysql/tasks/main.yml # tasks file for mysql - name: Download PyMySQL tar.gz get_url: url: https://files.pythonhosted.org/packages/44/39/6bcb83cae0095a31b6be4511707fdf2009d3e29903a55a0494d3a9a2fac0/PyMySQL-0.8.1.tar.gz dest: /tmp/PyMySQL-0.8.1.tar.gz - name: Extract PyMySQL tar.gz unarchive: src: /tmp/PyMySQL-0.8.1.tar.gz dest: /tmp/ remote_src: yes - name: Install PyMySQL command: cmd: "python setup.py install" chdir: "/tmp/PyMySQL-0.8.1" - name: clear mysql shell: "yum remove mysql* -y" ignore_errors: True - name: Install mariadb yum: name: mariadb* state: latest - name: init maridb shell: "rm -rf /var/lib/mysql/*" - name: Start mariadb systemd: name: mariadb state: restarted enabled: true - name: create database mysql_db: # root登录localhost不允许,需要用套接字登录 login_unix_socket: /var/lib/mysql/mysql.sock # 引用变量名必须加引号,否则报错 name: "{{ my_db.name }}" state: present encoding: "{{ my_db.encoding }}" - name: grant all on *.* to 'bob'@'192.168.110.%' identified by '12345'; mysql_user: login_unix_socket: /var/lib/mysql/mysql.sock # 引用变量名必须加引号,否则报错 name: "{{ my_user.name }}" host: "{{ my_user.host }}" password: "{{ my_user.password }}" priv: "{{ my_user.priv }}" state: present创建变量文件[root@m01 base]# cat /project/roles/mysql/vars/main.yml # vars file for mysql my_db: name: wordpress encoding: utf8mb4 my_user: name: bob host: 192.168.110.% password: 12345 priv: '*.*:ALL' lb role 准备nginx.repo cd /project/roles/lb/filescat > lb/files/nginx.repo << "EOF" [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EOF准备证书openssl genrsa -out server.key 2048 openssl req -new -x509 -days 3650 -key server.key -out server.crt -subj "/C=CH/ST=mykey/L=mykey/O=mykey/OU=mykey/CN=domain1/CN=www.egon.com/CN=domain3"放置证书到lb/files目录下[root@m01 roles]# mv server.* /project/roles/lb/files/准备配置文件[root@m01 base]# cat /project/roles/lb/files/nginx.conf user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { upstream webserver { server 192.168.110.97:8181; server 192.168.110.191:8181; } server { listen 443 ssl; server_name www.egon.com 192.168.110.138; ssl_certificate /etc/nginx/ssl_key/server.crt; ssl_certificate_key /etc/nginx/ssl_key/server.key; location / { proxy_pass http://webserver; # 把真实的访问者ip发给后端web,后端web会据此来拼接静态文件的url地址以便让访问者浏览器发起二次请求 # 如果没有下面的这段内容,后端web会将静态资源的url地址拼成http://webserver/static/img/1.jpg的形式,导致访问者浏览器二次访问失败 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_403 http_404; } } server { listen 80; server_name 192.168.110.138 www.egon.com; rewrite (.*) https://$server_name$1; } } 编写剧本[root@m01 base]# cat /project/roles/lb/tasks/main.yml # tasks file for lb - name: clear nginx shell: > yum remove nginx* -y ; rm -rf /etc/nginx /usr/share/nginx - name: copy nginx.repo copy: src: nginx.repo dest: /etc/yum.repos.d/nginx.repo - name: Install nginx yum: name: nginx state: latest - name: Create dir file: path: /etc/nginx/ssl_key state: directory - name: copy multiple files copy: src: "{{ item.src }}" dest: "{{ item.dest }}" with_items: - { src: 'nginx.conf', dest: '/etc/nginx/nginx.conf'} - { src: 'server.crt', dest: '/etc/nginx/ssl_key/server.crt'} - { src: 'server.key', dest: '/etc/nginx/ssl_key/server.key'} notify: restart_nginx - name: Start nginx server systemd: name: nginx state: restarted enabled: true 配置触发器[root@m01 base]# cat /project/roles/lb/handlers/main.yml # handlers file for lb - name: restart_nginx systemd: name: nginx state: restartedwordpress role 安装包cd /project/roles/wordpress/files wget https://wordpress.org/latest.zip准备好配置文件(配置上数据库相关信息)[root@m01 base]# cat /project/roles/wordpress/files/wp-config.php <?php define( 'DB_NAME', 'wordpress' ); define( 'DB_USER', 'bob' ); define( 'DB_PASSWORD', '12345' ); define( 'DB_HOST', '192.168.110.138' ); define( 'DB_CHARSET', 'utf8mb4' ); define( 'DB_COLLATE', '' ); define( 'AUTH_KEY', 'put your unique phrase here' ); define( 'SECURE_AUTH_KEY', 'put your unique phrase here' ); define( 'LOGGED_IN_KEY', 'put your unique phrase here' ); define( 'NONCE_KEY', 'put your unique phrase here' ); define( 'AUTH_SALT', 'put your unique phrase here' ); define( 'SECURE_AUTH_SALT', 'put your unique phrase here' ); define( 'LOGGED_IN_SALT', 'put your unique phrase here' ); define( 'NONCE_SALT', 'put your unique phrase here' ); $table_prefix = 'wp_'; define( 'WP_DEBUG', false ); if ( ! defined( 'ABSPATH' ) ) { define( 'ABSPATH', __DIR__ . '/' ); } require_once ABSPATH . 'wp-settings.php'; EOF 编写剧本(解压到nfs共享目录里就发布给了所有的web服务)[root@m01 base]# cat /project/roles/lb/handlers/main.yml # handlers file for lb - name: restart_nginx systemd: name: nginx state: restarted [root@m01 base]# cat /project/roles/wordpress/tasks/main.yml --- # tasks file for wordpress - name: mkdir /data copy: src: "latest.zip" dest: "/data" - name: install unzip yum: name: unzip state: present - name: 发布 shell: unzip /data/latest.zip -d /data - name: 传送配置 copy: src: "wp-config.php" dest: "/data/wordpress/wp-config.php"整合为一个playbook编写一个playbook剧本,剧本里面一如各个子role,运行的时候运行这一个playbook即可[root@m01 base]# cat /project/roles/run.yml - name: 优化部分 hosts: all roles: - base - name: 安装nfs hosts: nfs_server roles: - nfs - name: 安装web hosts: web_group roles: # 其实你可以将安装web进一步细分为nginx role与php role,留给你作业了 - web - name: 安装数据库 hosts: db_server roles: - mysql - name: 配置负载均衡和高可用 hosts: lb_server roles: - lb #- keepalived # 高可用role留给你来实现 - name: 发布wordpress项目 hosts: nfs_server roles: - wordpress补充:各个子role里的hosts其实不用指定,run.yml已经指定了ansible-playbook /project/roles/run.yml访问负载均衡:https://192.168.110.138/wordpress/
2023年07月19日
18 阅读
0 评论
0 点赞
这一生关于你的风景
- 枯木逢春
00:00
在加纳共和国离婚
蓝心羽 / 高睿
嘉宾
路飞文
你说(demo)
枯木逢春
谜底
枯木逢春
你说
枯木逢春
亦是此间少年(demo)
枯木逢春
这城市风总是很大
枯木逢春
这一生关于你的风景
枯木逢春
我在昨天的梦里又看见了你
枯木逢春
无歌词,请欣赏。