Ansible是一款極其簡單的IT自動化運維工具,基於Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優勢,實現了批量系統配置、批量程序部署、批量運行命令等功能。Ansible是基於模塊工做的,自己沒有批量部署的能力,真正具備批量部署的是Ansible所運行的模塊,Ansible只是提供一種框架。Ansible主要承擔的工做包括:配置管理、服務即時開通、應用部署、流程編排、監控告警、日誌記錄等。php
Ansible的基本架構:html
兩臺Nginx做爲Web Proxy,配置實現KeepAlived作主備;後端兩臺Apache,一臺部署Apache+PHP,一臺部署Apache+MySQL。node
[root@ansible ~]# systemctl stop firewalld.service [root@ansible ~]# systemctl disable firewalld.serive [root@ansible ~]# vim /etc/selinux/config ... SELINUX=disabled ... [root@ansible ~]# init 6 [root@ansible ~]# ntpdate ntp1.aliyun.com [root@ansible ~]# yum -y install ansible [root@ansible ~]# vim /etc/ansible/hosts ... [hasrvs] 192.168.4.117 192.168.4.118 [websrvs] 192.168.4.119 192.168.4.120
[php]
192.168.4.119
[mysql]
192.168.4.120 [root@ansible ~]# vim /etc/hosts ... 192.168.4.117 nginx1 192.168.4.118 nginx2 192.168.4.119 apache1 192.168.4.120 apache2 [root@ansible ~]# ssh-keygen -t rsa -N '' #生成密鑰對,實現ssh免密碼登陸 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub [root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.4.117 #複製公鑰到各遠程主機 [root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.4.118 [root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.4.119 [root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.4.120
[root@ansible ~]# ansible all -m ping 192.168.4.117 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.4.118 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.4.120 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.4.119 | SUCCESS => { "changed": false, "ping": "pong" }
[root@ansible ~]# ansible all -m shell -a 'echo "TZ='Asia/Shanghai'; export TZ" >> /etc/profile' [root@ansible ~]# ansible all -m cron -a 'minute=*/5 job="/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null" name=UpdateTime' #每隔3分鐘同步一次時間 [root@ansible ~]# ansible all -m shell -a 'systemctl stop firewalld.service; systemctl disable firewalld.service; setenfore 0'
[root@ansible ~]# mkdir -pv /etc/ansible/roles/apache/{files,templates,tasks,handlers,vars,meta,default} #建立相關目錄 [root@ansible ~]# vim /etc/ansible/roles/apache/templates/vhost.conf.j2 #Apache主機模板 <virtualhost *:80> ServerName www.test.org DirectoryIndex index.html index.php DocumentRoot /var/www/html ProxyRequests off ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.4.119:9000/var/www/html/$1 ProxyPassMatch ^/(ping|status)$ fcgi://192.168.4.119:9000/$1 <Directory /> options FollowSymlinks Allowoverride None Require all granted </Directory> </virtualhost> [root@ansible ~]# vim /etc/ansible/roles/apache/templates/index.html #Apache主頁 <h1> This is {{ ansible_hostname }} </h1> [root@ansible ~]# vim /etc/ansible/roles/apache/files/index.php <?php phpinfo(); ?> [root@ansible ~]# vim /etc/ansible/roles/apache/tasks/main.yml #定義實現Apache的task - name: install apache yum: name=httpd state=latest - name: copy conf template: src=vhost.conf.j2 dest=/etc/httpd/conf.d/vhost.conf - name: copy index.html template: src=index.html dest=/var/www/html/index.html - name: copy index.php copy: src=index.php dest=/var/www/html/index.php - name: start httpd service: name=httpd state=started
[root@ansible ~]# mkdir -pv /etc/ansible/roles/php-fpm/{files,templates,tasks,handlers,vars,meta,default} #建立相關目錄
[root@ansible ~]# cp /etc/php-fpm.d/www.conf /etc/ansible/roles/php-fpm/templates/www.conf.j2 #直接複製事先準備的配置模板
[root@ansible ~]# vim /etc/ansible/roles/php-fpm/templates/www.conf.j2
#修改以下配置
listem = 0.0.0.0:9000
;listen.allowed_clients = 127.0.0.1
pm.status_path = /status
ping.path = /ping
ping.response = pong
[root@ansible ~]# vim /etc/ansible/roles/php-fpm/tasks/main.yml #定義實現php-fpm的task
- name: install php
yum: name={{ item }} state=latest
with_items:
- php-fpm
- php-mysql
- php-mbstring
- php-mcrypt
- name: copy config
template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf
- name: create directory
file: path=/var/lib/php/session group=apache owner=apache state=directory
- name: start php-fpm
service: name=php-fpm state=started
[root@ansible ~]# mkdir -pv /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,meta,default} #建立相關目錄 [root@ansible ~]# cp /etc/my.cnf /etc/ansible/roles/mysql/templates/my.cnf.j2 #複製事先準備的模板 [root@ansible ~]# vim /etc/ansible/roles/mysql/templates/my.cnf.j2 #添加以下配置 skip-name-resolve=ON innodb-file-per-table=ON [root@ansible ~]# vim /etc/ansible/roles/mysql/tasks/main.yml #定義實現MySQL的task - name: install mysql yum: name=mariadb-server state=latest - name: copy config template: src=my.cnf.j2 dest=/etc/my.cnf - name: start mysql service: name=mariadb state=started
[root@ansible ~]# mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,meta,default} #建立相關目錄 [root@ansible ~]# cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2 #複製事先準備的模板 [root@ansible ~]# vim /etc/ansible/roles/nginx/templates/nginx.conf.j2
#修改配置 http { ... upstream websrvs { server 192.168.4.119:80; server 192.168.4.120:80; server 127.0.0.1:80 backup; } server { listen 80; include /etc/nginx/default.d/*.conf; location / { proxy_pass http://websrvs; proxy_set_header host $http_host; proxy_set_header X-Forward-For $remote_addr; } ... } ... } [root@ansible ~]# vim /etc/ansible/roles/nginx/templates/localhost.conf.j2 #定義本地的Nginx服務 server { listen 127.0.0.1:80; root /usr/share/nginx/html; index index.html; } [root@ansible ~]# vim /etc/ansible/roles/nginx/templates/index.html <h1> Balance Server {{ ansible_hostname }} </h1> [root@ansible ~]# vim /etc/ansible/roles/nginx/tasks/main.yml #定義實現Nginx的task - name: install nginx yum: name=nginx state=latest - name: copy nginx conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf - name: copy local conf template: src=localhost.conf.j2 dest=/etc/nginx/conf.d/localhost.conf - name: copy index template: src=index.html dest=/usr/share/nginx/html/index.html - name: start nginx service: name=nginx state=started
[root@ansible keepalived]# mkdir -pv /etc/ansible/roles/keepalived/{files,templates,tasks,handlers,vars,meta,default} #建立相關目錄 [root@ansible keepalived]# vim /etc/ansible/roles/keepalived/templates/keepalived.conf.j2 #KeepAlived配置文件 global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ansible_nodename }} vrrp_skip_check_adv_addr vrrp_mcast_group4 224.0.0.10 } vrrp_instance VIP_1 { state {{ keepalived_role }} interface eno16777736 virtual_router_id 1 priority {{ keepalived_pri }} advert_int 1 authentication { auth_type PASS auth_pass %&hhjj99 } virtual_ipaddress { 192.168.4.155/24 dev eno16777736 label eno16777736:0 } } [root@ansible keepalived]# vim /etc/ansible/hosts #添加變量 ... [hasrvs] 192.168.4.117 keepalived_role=MASTER keepalived_pri=100 192.168.4.118 keepalived_role=BACKUP keepalived_pri=99 ... [root@ansible keepalived]# vim /etc/ansible/roles/keepalived/tasks/main.yml #定義實現Keepalived的task - name: install keepalived yum: name=keepalived state=latest - name: copy config template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf - name: start keepalived service: name=keepalived state=started
[root@ansible keepalived]# mkdir /etc/ansible/playbooks #建立playbook存放目錄 [root@ansible roles]# vim /etc/ansible/playbooks/ap1.yml 定義實現Apache+php-fpm的playbook - hosts: php remote_user: root roles: - apache - php-fpm [root@ansible roles]# ansible-playbook --syntax-check /etc/ansible/playbooks/ap1.yml #檢查是否有語法錯誤 [root@ansible roles]# ansible-playbook /etc/ansible/playbooks/ap1.yml #執行
[root@ansible ~]# vim /etc/ansible/playbooks/ap2.yml - hosts: mysql remote_user: root roles: - apache - mysql [root@ansible ~]# ansible-playbook --syntax-check /etc/ansibleplaybooks/ap2.yml [root@ansible ~]# ansible-playbook /etc/ansibleplaybooks/ap2.yml
[root@ansible ~]# vim /etc/ansible/playbooks/ha.yml - hosts: hasrvs remote_user: root roles: - nginx - keepalived [root@ansible ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml [root@ansible ~]# ansible-playbook /etc/ansible/playbooks/ha.yml
[root@client ~]# vim /etc/hosts ... 192.168.4.155 www.test.org ... [root@client ~]# for i in {1..10};do curl http://www.test.org;done <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1>
[root@ansible ~]# ansible all -m ping --list-hosts
ERROR! Unexpected Exception, this is probably a bug: (cryptography 0.8.2 (/usr/lib64/python2.7/site-packages), Requirement.parse('cryptography>=1.1'))python
運行ansible命令時報錯,python的cryptography版本必須>=1.1。mysql
解決辦法:linux
[root@ansible ~]# yum -y install python-pipnginx
[root@ansible ~]# pip install --upgrade cryptographyweb