项目简介:
公司部署一次大型市场促销活动,全面冲刺下交易额公司,要求各业务组对年底大促做准备;运维部要求所有业务容量进行三倍的扩容,并搭建出多套环境可以共开发和测试人员做测试;
1、在Centos上安装控制节点
在Centos6版本的系统上ansible安装包还未被加入到yum的base源中,需要安装epel源之后才可以安装ansible
[root@ chenc01 ~]# yum -y install epel-release
在Centos7上时,ansible安装包已经被加入到了yum的base源中,所以可以直接使用yum安装
[root@ chenc01 ~]# yum -y install ansible
2 、ssh无密码连接配置
控制节点在和受管节点在通信时是通过openssh建立的,所以控制节点在和受管节点建立通信时肯定需要账号和密码的认证!每次执行任务都需要输入账号和密码在使用过程当中是很不方便的!所以我们这里要建立起控制节点和受管节点的授信配置,通过公钥认证来实现控制节点和受管节点ssh的无密码连接!
# 在控制节点操作:
# 生成密钥对
[root@ chenc01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8d:e5:df:ca:b4:2f:2f:b7:d1:c4:0a:4b:fa:2b:a0:f7 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| = . |
| S o o o|
| . + + + |
| . .. + + .|
| . . .+oo.. |
| . .E.*B+. |
+-----------------+
# 拷贝公钥到受管节点
[root@ chenc01 ~]# ssh-copy-id root@IP
The authenticity of host 'IP (IP)' can't be established.
RSA key fingerprint is 9b:57:b9:86:84:90:a4:4b:44:3e:18:9f:8a:29:6f:e5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'IP' (RSA) to the list of known hosts.
root@IP's password:
Now try logging into the machine, with "ssh 'root@IP'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
首次拷贝需要再输入一次密码才可以将公钥复制过去,输入完毕后以后再连接就不需要输入账号密码了!
3、编辑主机清单文件(Inventory)
我们需要将所有受管节点以主机名或者ip的形式添加的主机清单文件中
中括号中的webservers就是定义的组名,下面50台服务器是这个组的成员主机;
# 编辑主机清单文件
[root@ chenc01 ~]# vim /etc/ansible/hosts
# 我们也可以按如下格式添加主机
[webservers]
192.0.2.[50:100]
4、测试
ansible执行一条任务的语法格式:
ansible 主机/主机组 -m 模块 -a ‘模块的参数’
# 我们使用ping模块ping清单文件中所有节点,查看是否可达
[root@ chenc01 ~]# ansible all -m ping
10.0.0.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.63 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 当然我们也可以指定组或者主机操作
[root@ chenc01 ~]# ansible webservers -m ping
10.0.0.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.63 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 我们再来在受管节点执行一条命令,查看受管节点的ip信息
[root@ chenc01 ~]# ansible webservers -a "ifconfig"
10.0.0.62 | SUCCESS | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 10.0.0.99/30 brd 10.0.0.99 scope global lo:0
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4e:13:49 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.62/24 brd 10.0.0.255 scope global eth0
inet6 fe80::20c:29ff:fe4e:1349/64 scope link
valid_lft forever preferred_lft forever
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
5、Yum安装Apache
yum模块用来在CentOS系统上使用yum命令安装软件包
选项:
name: 指定安装包的名字
state:latest 安装最新版 present 默认安装 installed 安装 absent 卸载
removed 卸载
例子:[root@ chenc01 ~]# ansible webservers -m yum -a 'name=httpd state=latest'
10.0.0.62 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing httpd are up to date",
""
]
}
10.0.0.63 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing httpd are up to date",
""
]
}
# service开启服务器
service模块用来管理CentOS上的服务的启动、关闭、重启和重载
选项:
name: 服务名字
state: started(启动) stopped(停止) restarted(重启) reloaded(重载)
enabled: 默认是no,将服务设置为开机自启
例子:[root@ chenc01 ~]# ansible webservers -m service -a 'name=httpd state=started enabled=yes'
10.0.0.62 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
10.0.0.63 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
6、Ansible-playbook批量部署Tomcat
1) 构建目录结构
# 此操作是安装nginx+mysql+tomcat+db的目录结构,可以参考一下,不错~
[root@ chenc01 ~]# mkdir -p /ansible/roles/{nginx,mysql,tomcat,db}/{defaults,files,handlers,meta,tasks,templates,vars}
- defaults 默认寻找路径
- tasks 存放playbooks路径
- files 存放文件和脚本包,copy模块文件搜索路径
- templates 模版存放路径
- handlers notify调用部分playbook存放路径
- vars roles内变量存放路径
2)文件目录结构
[root@ chenc01 ~]# tree /ansible/
/ansible/
└── roles
├── db
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── mysql
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── nginx
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
└── tomcat
├── defaults
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
33 directories, 0 files
3)使用playbook安装Tomcat
[root@ chenc01 ~]# cat main.yml
---
- hosts: webservers # 这里根据自己的需要修改成要被操作的远程主机
remote_user: root # 远程执行命令的用户名
tasks: # 任务列表
#创建用户
- name: group
group: name=tomcat
- name: user
user: name=tomcat group=tomcat home=/usr/tomcat
sudo: True
##############################这个源码包安装JDK#############################
# 复制jdk到tmp目录下
- name: "复制jdk到tmp目录下"
copy: src=/root/jdk-8u131-linux-x64_.rpm dest=/tmp/jdk-8u131-linux-x64_.rpm
# 解压jdk包到/application
- name: "解压jdk包"
yum:
name: /tmp/jdk-8u131-linux-x64_.rpm
state: present
# command: /bin/rpm -ivh /tmp/jdk-8u131-linux-x64_.rpm -C /application
##########################安装tomcat###########################################
- name: "解压Tomcat"
copy: src=apache-tomcat-8.5.35.tar.gz dest=/tmp/apache-tomcat-8.5.35.tar.gz
# 解压tomcat到opt目录
- name: "解压tomcat到opt目录"
command: /bin/tar xf /tmp/apache-tomcat-8.5.35.tar.gz -C /opt
# 创建软连接
- name: "创建软连接"
file: src=/opt/apache-tomcat-8.5.35/ dest=/tmp/tomcat state=link
# 赋予目录权限
- name: "赋予目录权限"
file: path=/application/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes
# 开启tomcat
- name: "开启tomcat"
shell: ss -anpt|grep 8080 || nohup /tmp/tomcat/bin/catalina.sh run &
[root@ chenc01 ~]# ansible-playbook main.yml --syntax-check #检查语法
[root@ chenc01 ~]# ansible-playbook main.yml #执行
7、Ansible-playbook批量部署MySQL
[root@ chenc01 ~]# mkdir mysql
[root@ chenc01 mysql]# vim mysql.yml
---
- hosts: webservers
tasks:
- name: copy mysql_tar_gz to client
copy: src=mysql-5.6.35.tar.gz dest=/tmp/mysql-5.6.35.tar.gz
- name: copy install_script to client
copy: src=mysql_install.sh dest=/tmp/mysql_install.sh owner=root group=root mode=755
- name: install mysql
shell: /bin/bash /tmp/mysql_install.sh
1)创建mysql 安装脚本
[root@ chenc01 mysql]# cat mysql_install.sh
#!/bin/bash
# 定义mysql数据库路径,和mysql登录密码
DBDIR='/application/mysql/data'
PASSWD='bingoclo123'
# 判断数据目录是否存在如果不存在递归创建目录
[ -d $DBDIR ] || mkdir $DBDIR -p
# 安装mysql组件
yum install cmake make gcc-c++ bison-devel ncurses-devel -y
id mysql &> /dev/null
# 如果执行id mysql输出为0 那么就是执行正确创建mysql用户
if [ $? -ne 0 ];then
useradd mysql -s /sbin/nologin -M
fi
# 赋予数据目录权限
chown -R mysql.mysql $DBDIR
# 切换到tmp目录,解压mysql,编译安装mysql到/application/mysql
cd /tmp/
tar xf mysql-5.6.35.tar.gz
cd mysql-5.6.35
cmake . -DCMAKE_INSTALL_PREFIX=/application/mysql \
-DMYSQL_DATADIR=$DBDIR \
-DMYSQL_UNIX_ADDR=$DBDIR/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_READLINE=1 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EMBEDDED_SERVER=1
# 判断如果以上执行结果不等于0,说明执行失败,退出!
if [ $? != 0 ];then
echo "cmake error!"
exit 1
fi
# 判断执行成功,继续往下走
make && make install
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
sleep 2
# 做软连接
ln -s /application/mysql/bin/* /usr/bin/
# 复制mysql配置文件
cp -f /application/mysql/support-files/my-default.cnf /etc/my.cnf
# 复制mysql启停脚本到init.d
cp -f /application/mysql/support-files/mysql.server /etc/init.d/mysqld
# 执行权
chmod 700 /etc/init.d/mysqld
# 初始化mysql
/application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=$DBDIR --user=mysql
# 如果mysql初始化失败提示install mysql is failed! 否则/etc/init.d/mysqld start
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
/etc/init.d/mysqld start
# 如果mysql开启失败提示install mysql is failed! 否则继续往下走
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
# 开机自启
chkconfig --add mysqld
chkconfig mysqld on
/application/mysql/bin/mysql -e "update mysql.user set password=password('$PASSWD') where host='localhost' and user=
'root';"
/application/mysql/bin/mysql -e "update mysql.user set password=password('$PASSWD') where host='127.0.0.1' and user=
'root';"
/application/mysql/bin/mysql -e "delete from mysql.user where password='';"
/application/mysql/bin/mysql -e "flush privileges;"
if [ $? -eq 0 ];then
echo "ins_done"
fi
2)执行ansible 命令
[root@ chenc01 mysql]# ansible-playbook mysql.yml --syntax-check #检查语法
[root@ chenc01 mysql]# ansible-playbook mysql.yml #执行
8、Ansible-playbook批量部署Nginx
# 创建nginx目录
[root@ chenc01 ~]# mkdir nginx
[root@ chenc01 ~]# cd nginx
# 上传并解压nginx包
[root@ chenc01 nginx]# tar zxf nginx-1.12.2.tar.gz
[root@ chenc01 nginx]# cd nginx-1.12.2
# 把nginx.conf文件复制到root下的nginx里
[root@ chenc01 nginx-1.12.2]# cp conf/nginx.conf /root/nginx/
[root@ chenc01 nginx-1.12.2]# cd /root/nginx/
[root@ chenc01 nginx]# ls
nginx-1.12.2 nginx-1.12.2.tar.gz nginx.conf
# 删除本机解压的nginx包
[root@ chenc01 nginx]# rm -rf nginx-1.12.2
[root@ chenc01 nginx]# vim nginx.yml
[root@ chenc01 nginx]# cat nginx.yml
---
- hosts: webservers
tasks:
- name: "推送Nginx源码包"
unarchive: src=nginx-1.12.2.tar.gz dest=/root/
- name: "安装依赖环境库"
yum: name=gcc,gcc-c++,pcre-devel,zlib-devel state=latest
- name: "安装Nginx"
shell: cd /root/nginx-1.12.2 && ./configure && make && make install
- name: "推送配置文件"
copy: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf
- name: "启动Nginx服务"
shell: netstat -ntl | grep -qw 80 || /usr/local/nginx/sbin/nginx