Linux系統實現ansible自動化安裝配置httpd

時間 2020-02-14

標籤 linux 系統實現 ansible 自動化安裝配置 httpd 欄目 Linux 简体版

原文原文鏈接

一、使用ansible的playbook實現自動化安裝httpdhtml

　　1）首先配置好ansible的hosts文件，讓其對應主機可以受ansible控制node

　　提示：咱們在主機清單上配置了所管控的主機地址，可是直接用ansible的ping模塊去探測主機的存活狀況，卻顯示權限拒絕。從提示上說讓咱們要指定用什麼驗證。默認狀況ansible是經過ssh的key驗證的，因此咱們在ansible的主機清單中配置了管控主機的ip是不夠的，還要配置ssh基於KEY驗證react

　　2）配置管控主機可以基於SSH key驗證web

[root@test ~]# ip a s enp2s0
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:30:18:51:af:3c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.99/24 brd 192.168.0.255 scope global noprefixroute enp2s0
       valid_lft forever preferred_lft forever
    inet 172.16.1.2/16 brd 172.16.255.255 scope global noprefixroute enp2s0:0
       valid_lft forever preferred_lft forever
    inet6 fe80::230:18ff:fe51:af3c/64 scope link 
       valid_lft forever preferred_lft forever
[root@test ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UORxi5JhiKDBOhZP3FsbsZfyCjqUcjwqdl1qcnTyGsw root@test
The key's randomart image is:
+---[RSA 2048]----+
|+.....oo= .      |
|.+.o.o B.+..     |
|o +   *o=o.      |
|o..... ++        |
|.o * + oS.       |
|  = B B .        |
|.o = E o         |
|o . = o          |
|     .           |
+----[SHA256]-----+
[root@test ~]# ssh-copy-id 192.168.0.99 -p 41319
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '[192.168.0.99]:41319 ([192.168.0.99]:41319)' can't be established.
ECDSA key fingerprint is SHA256:W2pD2PA2K9tGKGVK+weiINcVESkUaHjsTI263OVqBh4.
ECDSA key fingerprint is MD5:3a:f8:c9:b1:63:c6:c1:ae:e0:6e:e2:ca:17:4a:20:7a.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.99's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh -p '41319' '192.168.0.99'"
and check to make sure that only the key(s) you wanted were added.

[root@test ~]# scp -r .ssh 192.168.0.10:~/
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
ECDSA key fingerprint is SHA256:EG9nua4JJuUeofheXlgQeL9hX5H53JynOqf2vf53mII.
ECDSA key fingerprint is MD5:57:83:e6:46:2c:4b:bb:33:13:56:17:f7:fd:76:71:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (ECDSA) to the list of known hosts.
root@192.168.0.10's password: 
id_rsa                                                              100% 1675   677.0KB/s   00:00    
id_rsa.pub                                                          100%  391   207.6KB/s   00:00    
known_hosts                                                         100%  356    12.2KB/s   00:00    
authorized_keys                                                     100%  391    12.6KB/s   00:00    
[root@test ~]#

　　提示：作ssh基於key驗證須要在ansible主機上作，我上面是如今ansible主機上生成一對ssh密鑰，而後經過ssh-copy-id 把公鑰複製給本機生成authorized_keys文件，而後在把.ssh目錄複製給遠端客戶機，這樣一來ansible主機能夠經過ssh基於key免密登陸遠端客戶機，同時遠端客戶機也能夠經過ssh免密登陸ansible主機，這樣就實現了雙向的ssh基於key驗證，若是你只想單向的經過ssh基於key認證，你能夠在ansible主機上生成密鑰對，而後把公鑰發給對方便可。有關ssh基於key認證的詳細說明請參考本人博客http://www.javashuo.com/article/p-rjibahxc-bk.htmlshell

　　測試：用ansible主機經過ssh遠程客戶端主機windows

[root@test ~]# ssh 192.168.0.10
Last login: Mon Jan 27 04:58:46 2020 from 192.168.0.99
[root@test-centos7-node1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:f2:82:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.10/24 brd 192.168.0.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef2:820c/64 scope link 
       valid_lft forever preferred_lft forever
[root@test-centos7-node1 ~]# exit
登出
Connection to 192.168.0.10 closed.
[root@test ~]#

　　提示：能夠看到ansible主機可以正常免密登陸遠端主機，接下咱們在用ansible的ping模塊去探測下被管控主機的存活centos

[root@test ~]# ansible websers -m ping
192.168.0.10 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[root@test ~]#

　　提示：可以看到用ansible的ping模塊去探測遠端主機的存活，返回的狀態是SUCCESS，數據是pong說明對端主機上存活的瀏覽器

到此ansible的環境就準備好了，接下來寫playbook來安裝httpdbash

[root@test ~]# cat install_httpd.yml 
---
  - hosts: websers
    remote_user: root

    tasks:
      - name: copy epel file
        copy: src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/CentOS-Base.repo
      - name: install httpd 
        yum: name=httpd 
      - name: start httpd
        service: name=httpd state=started enabled=yes

      
[root@test ~]# ansible-playbook -C install_httpd.yml 

PLAY [websers] ***********************************************************************************************************

TASK [copy epel file] ****************************************************************************************************
changed: [192.168.0.10]

TASK [install httpd] *****************************************************************************************************
changed: [192.168.0.10]

TASK [start httpd] *******************************************************************************************************
changed: [192.168.0.10]

PLAY RECAP ***************************************************************************************************************
192.168.0.10               : ok=3    changed=3    unreachable=0    failed=0   

[root@test ~]#

　　提示：以上playbook的主要內容是把本機的yum源複製到遠端服務器上，而後經過yum去安裝httpd包，最後啓動httpd;在寫好playbook後，咱們用ansible-playbook -C install_httpd.yml 命令對咱們寫的playbook進行了測試，沒有問題，接下來咱們使用ansible-playbook來安裝httpd服務器

[root@test ~]# ansible-playbook  install_httpd.yml   

PLAY [websers] ***********************************************************************************************************

TASK [copy epel file] ****************************************************************************************************
changed: [192.168.0.10]

TASK [install httpd] *****************************************************************************************************
changed: [192.168.0.10]

TASK [start httpd] *******************************************************************************************************
changed: [192.168.0.10]

PLAY RECAP ***************************************************************************************************************
192.168.0.10               : ok=3    changed=3    unreachable=0    failed=0   

[root@test ~]#

　　提示：從ansible-playbook 對playbook的執行狀態來看是成功了，接下來咱們直接使用瀏覽器來訪問192.168.0.10，看看httpd是否已經可以正常訪問，若是能正常訪問說明httpd已經安裝好了

　　提示：能夠看到咱們用瀏覽器是直接能夠訪問到192.168.0.10的測試頁面，說明httpd在192.168.0.10上安裝成功

二、創建httpd服務器，要求提供兩個基於名稱的虛擬主機:

(1)www.X.com，頁面文件目錄爲/web/vhosts/x;錯誤日誌爲/var/log/httpd/x.err，訪問日誌爲/var/log/httpd/x.access

　　新建虛擬主機www.X.com的配置文件

[root@test ~]# cat x_com.conf 
<VirtualHost *:80>
        ServerName www.X.com
        DocumentRoot "/web/vhosts/x"
        <Directory "/web/vhosts/x">
                Options None
                AllowOverride None
                Require all granted
        </Directory>
        ErrorLog "logs/x.err"
        CustomLog "logs/x.access" combined
</VirtualHost>
[root@test ~]#

　　提示：咱們在ansible主機上把配置文件創建好，待會直接用ansible把文件推送到對應主機的對應目錄下便可使用

(2)www.Y.com，頁面文件目錄爲/web/vhosts/y;錯誤日誌爲 /var/log/httpd/www2.err，訪問日誌爲/var/log/httpd/y.access

　　新建虛擬主機www.Y.com的配置文件

[root@test ~]# cat y_com.conf 
<VirtualHost *:80>
        ServerName www.Y.com
        DocumentRoot "/web/vhosts/y"
        <Directory "/web/vhosts/y">
                Options None
                AllowOverride None
                Require all granted
        </Directory>
        ErrorLog "logs/www2.err"
        CustomLog "logs/y.access" combined
</VirtualHost>
[root@test ~]#

(3)爲兩個虛擬主機創建各自的主頁文件index.html，內容分別爲其對應的主機名

[root@test ~]# cat x_index.html 
<h1> www.X.com</h1>
[root@test ~]# cat y_index.html  
<h1> www.Y.com</h1>
[root@test ~]#

　　提示：以上文件在ansible主機上準備好了之後，咱們接下來寫一個playbook把對應的文件直接推送到遠端主機便可

[root@test ~]# cat set_virtualhost_conf_file.yml 
---
  - hosts: websers
    remote_user: root

    tasks:
    - name: mkdir virtualhost documentroot directory
      shell: mkdir -p /web/vhosts/{x,y}

    - name: copy x_com.conf to remotehost
      copy: src=/root/x_com.conf dest=/etc/httpd/conf.d/x_com.conf
    - name: copy x_com index file
      copy: src=/root/x_index.html dest=/web/vhosts/x/index.html

    - name: copy y_com.conf to remotehost
      copy: src=/root/y_com.conf dest=/etc/httpd/conf.d/y_com.conf
    - name: copy y_com index file
      copy: src=/root/y_index.html dest=/web/vhosts/y/index.html

[root@test ~]#

　　提示：以上文件的內容主要把咱們創建好的配置文件推送到對應主機的對應目錄，接下來咱們來檢查下咱們寫的playbook是否語法問題

[root@test ~]# ansible-playbook -C set_virtualhost_conf_file.yml             

PLAY [websers] ***********************************************************************************************************

TASK [mkdir virtualhost documentroot directory] **************************************************************************
skipping: [192.168.0.10]

TASK [copy x_com.conf to remotehost] *************************************************************************************
changed: [192.168.0.10]

TASK [copy x_com index file] *********************************************************************************************
changed: [192.168.0.10]

TASK [copy y_com.conf to remotehost] *************************************************************************************
changed: [192.168.0.10]

TASK [copy y_com index file] *********************************************************************************************
changed: [192.168.0.10]

PLAY RECAP ***************************************************************************************************************
192.168.0.10               : ok=4    changed=4    unreachable=0    failed=0   

[root@test ~]#

　　提示：測試playbook沒有問題，接下來咱們來運行playbook，把對應的文件推送到httpd服務器上，而後在服務器上檢查咱們寫的配置文件是否正確

[root@test ~]# ansible-playbook set_virtualhost_conf_file.yml 

PLAY [websers] ***********************************************************************************************************

TASK [mkdir virtualhost documentroot directory] **************************************************************************
 [WARNING]: Consider using file module with state=directory rather than running mkdir

changed: [192.168.0.10]

TASK [copy x_com.conf to remotehost] *************************************************************************************
changed: [192.168.0.10]

TASK [copy x_com index file] *********************************************************************************************
changed: [192.168.0.10]

TASK [copy y_com.conf to remotehost] *************************************************************************************
changed: [192.168.0.10]

TASK [copy y_com index file] *********************************************************************************************
changed: [192.168.0.10]

PLAY RECAP ***************************************************************************************************************
192.168.0.10               : ok=5    changed=5    unreachable=0    failed=0   

[root@test ~]#

　　提示：從上面的返回狀態看，都是成功的，只是第一個任務提示咱們使用file模塊去建立目錄會更好一些，接下來咱們使用ansible的shell模塊去檢查遠端服務器上的配置文件的語法是否正確

[root@test ~]# ansible websers -m shell -a 'httpd -t'
192.168.0.10 | SUCCESS | rc=0 >>
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fef2:820c. Set the 'ServerName' directive globally to suppress this message
Syntax OK

[root@test ~]#

　　提示：咱們利用ansible在遠程主機上檢查httpd的配置文件語法是沒有問題，它提示咱們沒有servername，這個提示能夠不用管它，若是你以爲非要處理一下也能夠，在httpd的主配置文件中找到ServerName 把對應的servername配置上就行了；接下來咱們重啓httpd，而後在客戶機上訪問兩個虛擬主機

[root@test ~]# ansible websers -m shell -a 'systemctl restart httpd'
192.168.0.10 | SUCCESS | rc=0 >>


[root@test ~]#

　　在客戶端上更改/etc/hosts文件，讓其訪問www.X.com 和www.Y.com 可以解析到遠程主機

[root@test ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.10 www.X.com www.Y.com
[root@test ~]#

　　測試：利用curl 分別訪問兩個虛擬主機，看看對應的主頁文件內容是否不一樣

[root@test ~]# curl http://www.X.com/index.html
<h1> www.X.com</h1>
[root@test ~]# curl http://www.Y.com/index.html
<h1> www.Y.com</h1>
[root@test ~]#

　　提示：咱們利用curl對其各自虛擬主機的主頁文件訪問，都能看到對應的主頁文件內容，固然你也能夠更改Windows的hosts文件，把對應的解析內容寫進去，而後經過Windows瀏覽器也是能夠的，以下所示：

　　提示：在windows上找到hosts文件，而後把對應的記錄添加進去，以下

　　提示：接下來咱們利用Windows的瀏覽器來訪問下兩個虛擬主機

　　接下咱們在看看httpd服務器的日誌是否都已生成

[root@test ~]# ansible websers -m shell -a 'ls -l /var/log/httpd'        
192.168.0.10 | SUCCESS | rc=0 >>
總用量 16
-rw-r--r--. 1 root root 2668 1月  27 06:30 access_log
-rw-r--r--. 1 root root 2940 1月  27 07:34 error_log
-rw-r--r--. 1 root root    0 1月  27 07:38 www2.err
-rw-r--r--. 1 root root  500 1月  27 07:52 x.access
-rw-r--r--. 1 root root    0 1月  27 07:38 x.err
-rw-r--r--. 1 root root  500 1月  27 07:52 y.access

[root@test ~]# ansible websers -m shell -a 'cat  /var/log/httpd/x.access'
192.168.0.10 | SUCCESS | rc=0 >>
192.168.0.99 - - [27/Jan/2020:07:39:15 -0500] "GET /index.html HTTP/1.1" 200 20 "-" "curl/7.29.0"
192.168.0.232 - - [27/Jan/2020:07:52:31 -0500] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
192.168.0.232 - - [27/Jan/2020:07:52:31 -0500] "GET /favicon.ico HTTP/1.1" 404 209 "http://www.x.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"

[root@test ~]# ansible websers -m shell -a 'cat  /var/log/httpd/y.access'
192.168.0.10 | SUCCESS | rc=0 >>
192.168.0.99 - - [27/Jan/2020:07:39:19 -0500] "GET /index.html HTTP/1.1" 200 20 "-" "curl/7.29.0"
192.168.0.232 - - [27/Jan/2020:07:52:48 -0500] "GET / HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"
192.168.0.232 - - [27/Jan/2020:07:52:48 -0500] "GET /favicon.ico HTTP/1.1" 404 209 "http://www.y.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"

[root@test ~]#

　　提示：能夠看到httpd服務器上都已經生成了對應名稱的日誌文件。有關ansible的用法能夠參考本人博客https://www.cnblogs.com/qiuhom-1874/category/1642813.html