内容简介:注意点:1、添加密钥2、设置sudo免密
本文,目标是使用ansible安装lnmp+haproxy。
共四台主机,都是ubuntu14 server版,一台作为ansible管理机,另外三台作为ansible客户机用来部署服务。
客户机A安装nginx+php+mysql,客户机B安装nginx+php,客户机C安装haproxy用来负载均衡。如下图:
设计
项目结构参考 最佳实践-Content Organization ,如下图:
注意点:
- 角色分配简单明确。
- 在hosts中分组添加变量,指定安装软件。
- 二次执行脚本时不能影响已经安装的服务。
安装流程
1、添加密钥
2、设置sudo免密
3、更新安装源
4、时间同步
5、安装nginx+php+mysql+haproxy
6、检查安装
实践
文件准备
1、创建项目lnmp
mkdir lnmp && cd lnmp
2、创建角色目录
mkdir roles
mkdir -p roles/{1_key,2_sudo,3_sources,4_chrony,5_software,6_check}/{tasks,handlers,vars,files,templates}
3、创建变量目录
mkdir group_vars host_vars
4、创建hosts文件,分配安装组,内容如下:
[base] 192.168.56.102 192.168.56.103 192.168.56.104 [nginx_php_mysql] 192.168.56.102 [nginx_php] 192.168.56.103 [haproxy] 192.168.56.104 [base:vars] install_nginx=false install_php=false install_mysql=false install_haproxy=false [nginx_php_mysql:vars] install_nginx=true install_php=true install_mysql=true install_haproxy=false [nginx_php:vars] install_nginx=true install_php=true install_mysql=false install_haproxy=false [haproxy:vars] install_nginx=false install_php=false install_mysql=false install_haproxy=true
5、创建site.yml文件,内容为:
---
- hosts: all
gather_facts: false
roles:
- 1_key
- 2_sudo
- 3_sources
- 4_chrony
- 5_software
- 6_check
6、关闭第一次使用ansible连接客户端时命令提示
sudo vim /etc/ansible/ansible.cfg ,如下修改
# line 62, uncomment host_key_checking = False
添加密钥
1、设置用户和密码
vim group_vars/base.yml ,内容为:
--- ansible_ssh_user: voidking ansible_ssh_pass: voidking ansible_sudo: voidking ansible_sudo_pass: voidking
2、 vim test.yml ,内容为:
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
- 1_key
3、 vim roles/1_key/tasks/main.yml ,内容为:
---
- name: copy public key
copy:
src: /home/voidking/.ssh/id_rsa.pub
dest: /home/voidking/.ssh/id_rsa.pub.tmp
owner: voidking
group: voidking
mode: 0600
force: yes
- name: add public key
shell: cd /home/voidking/.ssh && cat id_rsa.pub.tmp | tee >> authorized_keys
4、 vim test_hosts ,内容为:
[test] 192.168.56.102
5、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts
5、在客户端查看结果
ll .ssh
6、测试登录
ssh voidking@192.168.56.102
sudo免密
1、 vim test.yml ,内容为:
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
- 2_sudo
2、 vim roles/2_sudo/tasks/main.yml ,内容为:
--- - name: add sudo user shell: 'sudo sh -c "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"' #shell: 'echo "voidking ALL = NOPASSWD: ALL" | sudo tee >> /etc/sudoers'
3、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts -s
4、在客户端查看结果
sudo ls
sudo免密2
上面的方法,虽然成功添加了sudo,但是从提示我们看出,在 shell 模块中sudo马上就不能使用了。
1、 vim roles/2_sudo/tasks/main.yml ,修改如下:
--- - name: add sudo user become_user: root become: true shell: "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"
2、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts
更新安装源
1、 vim test.yml ,内容为:
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
- 3_sources
2、 vim roles/3_sources/files/sources.list ,内容为:
deb http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse deb http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse deb http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse deb http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse ##測試版源 deb http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse # 源碼 deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse ##測試版源 deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse # Canonical 合作夥伴和附加 # deb http://archive.canonical.com/ubuntu/ trusty partner # deb http://extras.ubuntu.com/ubuntu/ trusty main
3、 vim roles/3_sources/tasks/main.yml ,内容为:
---
- name: replace sources.list
copy:
src: ../files/sources.list
dest: /etc/apt/sources.list
force: yes
- name: update
become_user: root
become: true
shell: apt update
- name: upgrade
become_user: root
become: true
apt:
upgrade: yes
4、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts
时间同步
管理机准备
1、管理机安装chrony
apt -y install chrony
2、重启chrony
service chrony restart
3、拷贝chrony.conf
cp /etc/chrony/chrony.conf roles/4_chrony/files/
4、 vim roles/4_chrony/files/chrony.conf ,如下修改:
# line 20,comment #server 0.debian.pool.ntp.org offline minpoll 8 #server 1.debian.pool.ntp.org offline minpoll 8 #server 2.debian.pool.ntp.org offline minpoll 8 #server 3.debian.pool.ntp.org offline minpoll 8 # line 24,add server 192.168.56.101 iburst
playbook配置
1、 vim test.yml ,内容为:
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
- 4_chrony
2、 vim group_vars/base.yml ,内容为:
--- ansible_ssh_user: voidking ansible_ssh_pass: voidking ansible_sudo: voidking ansible_sudo_pass: voidking ansible_become_user: root ansible_become_pass: voidking ansible_become: true
3、 vim roles/4_chrony/tasks/main.yml ,内容为:
---
- name: install chrony
apt:
name: chrony
state: latest
- name: change config
copy:
src: ../files/chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: 0644
force: yes
- name: restart chrony
service:
name: chrony
state: restarted
4、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts
5、在客户机验证chrony
chronyc sources
安装核心软件
1、 vim test_hosts ,内容为:
[test] 192.168.56.102 [test:vars] install_nginx=true install_php=true install_mysql=true install_haproxy=true
2、 vim test.yml ,内容为:
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
- 5_software
3、 vim roles/5_software/tasks/main.yml ,内容为:
---
- name: install nginx
apt:
name: nginx
state: latest
when: install_nginx
- name: install php
apt:
name: "{{item}}"
state: latest
update_cache: yes
with_items:
- php5
- libapache2-mod-php5
- php5-mcrypt
- php5-curl
- php5-imagick
- php5-cli
- php5-json
- php5-fpm
- php5-mysql
when: install_php
- name: install mysql
apt:
name: "{{item}}"
state: latest
with_items:
- mysql-common
- mysql-server
- mysql-client
- python-mysqldb
when: install_mysql
- name: config mysql passwd
mysql_user:
login_user: root
login_password: "\n"
name: root
password: "voidking"
host: "{{item}}"
priv: '*.*:ALL,GRANT'
state: present
check_implicit_admin: yes
with_items:
- "localhost"
- "%"
when: install_mysql
- name: comment bind-address
shell: sed -i 's/^bind-address/#bind-address/g' /etc/mysql/my.cnf
when: install_mysql
- name: restart mysql service
service:
name: mysql
state: restarted
enabled: true
when: install_mysql
- name: install haproxy
apt:
name: haproxy
state: latest
environment:
RUNLEVEL: 1
when: install_haproxy
- name: config haproxy
shell: sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/haproxy
when: install_haproxy
- name: config haproxy port
copy:
src: ../files/haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
force: yes
when: install_haproxy
- name: restart haproxy
service:
name: haproxy
state: restarted
when: install_haproxy
4、 vim roles/5_software/files/haproxy.cfg ,内容为
global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy user haproxy group haproxy daemon defaults log global mode http option httplog option dontlognull contimeout 5000 clitimeout 50000 srvtimeout 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http frontend http_front bind *:8080 stats uri /haproxy?stats default_backend http_back backend http_back balance roundrobin option httpchk GET /index.html option forwardfor header X-Forwarded-For server node1 192.168.56.102:80 check inter 2000 rise 3 fall 3 weight 30 server node2 192.168.56.103:80 check inter 2000 rise 3 fall 3 weight 30
5、执行脚本
ansible-playbook test.yml -i test_hosts --syntax-check ansible-playbook test.yml -i test_hosts
6、在客户机测试
mysql -uroot -p -h 192.168.56.102
curl localhost
curl localhost:8080
整合所有步骤
1、执行脚本
ansible-playbook site.yml -i hosts --syntax-check ansible-playbook site.yml -i hosts
2、查看安装
curl 192.168.56.102 curl 192.168.56.103 curl 192.168.56.104:8080
检查安装
1、 vim site.yml ,修改为:
---
- hosts: all
gather_facts: false
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
#- 5_software
- 6_check
2、 vim roles/6_check/tasks/main.yml ,内容为:
---
- name: copy index.html
template:
src: ../templates/index.j2
dest: /usr/share/nginx/html/index.html
force: yes
when: install_nginx
3、 vim roles/6_check/templates/index.j2 ,内容为:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Home Page</title>
</head>
<body>
{{ ansible_eth0.ipv4.address }}
</body>
</html>
PS:查看变量 ansible 192.168.56.102 -m setup > var.txt
4、执行脚本
ansible-playbook site.yml -i hosts --syntax-check ansible-playbook site.yml -i hosts
5、测试访问
curl 192.168.56.104:8080
多次执行,可以看到两个不同的IP会来回切换。
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- 「Flask实战」鱼书项目实战一
- 「Flask实战」鱼书项目实战三
- 「Flask实战」鱼书项目实战四
- 「Flask实战」鱼书项目实战六
- RocketMQ实战系列从理论到实战
- 「Flask实战」flask鱼书项目实战二
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
