[toc]
使用Ansible部署架构
需求
使用rsync、nfs、httpd部署上传作业的网站
搭建环境
| 主机名 |
WanIP |
LanIP |
角色 |
安装应用 |
| m01 |
10.0.0.61 |
172.16.1.61 |
ansible管理机 |
ansible |
| web01 |
10.0.0.7 |
172.16.1.7 |
作业网站 |
httpd php nfs |
| web02 |
10.0.0.8 |
172.16.1.8 |
作业网站 |
httpd php nfs |
| nfs |
10.0.0.31 |
172.16.1.31 |
共享存储 |
nfs rsync |
| backup |
10.0.0.41 |
172.16.1.41 |
实时同步备份 |
nfs rsync |
准备内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
vim /etc/rsync.conf
rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
comment = welcome
path = /backup
vim /etc/httpd/conf/httpd.conf
. /etc/init.d/functions
ls -l ~/.ssh/id_rsa &>/dev/null || ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa &>/dev/null
for n in 7 8 31 41;do
sshpass -p 1 ssh-copy-id -o 'StrictHostKeyChecking no' -i ~/.ssh/id_rsa.pub root@10.0.0.$n &>/dev/null && \
action "10.0.0.$n send public key " /bin/true || \
action "10.0.0.$n send public key " /bin/false
done
|
搭建架构
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
ansible all -m group -a 'name=www gid=666'
ansible all -m user -a 'name=www uid=666 group=666 shell=/sbin/nologin create_home=false'
ansible rsyncd -m yum -a 'name=rsync,nfs-utils state=present'
ansible backup -m copy -a 'src=/root/web/rsyncd.conf dest=/etc/'
ansible backup -m copy -a 'content=rsync_backup:123 dest=/etc/rsync.passwd mode=600'
ansible backup -m file -a 'path=/backup owner=www group=www mode=755 state=directory'
ansible backup -m service -a 'name=rsyncd state=started'
ansible nfs -m copy -a 'content=123 dest=/etc/rsync.passwd mode=600'
ansible nfs -m copy -a 'content="/data 172.16.1.0/24(rw,sync,anonuid=666,anongid=666,all_squash)" dest=/etc/exports'
ansible nfs -m file -a 'path=/data owner=www group=www mode=755 state=directory'
ansible nfs -m service -a 'name=nfs state=started'
ansible web_group -m yum -a 'name=httpd,php state=present'
ansible web_group -m copy -a 'src=/root/web/httpd.conf dest=/etc/httpd/conf'
ansible web_group -m unarchive -a 'src=/root/web/kaoshi.tgz dest=/var/www/html owner=www group=www'
ansible web_group -m file -a 'path=/var/www/html/user_data owner=www group=www state=directory'
ansible web_group -m mount -a 'src=172.16.1.31:/data fstype=nfs path=/var/www/html/user_data state=mounted'
ansible web_group -m service -a 'name=httpd state=started'
|
Ansible PlayBook
什么是PlayBook
- PlayBook含义
- play: 定义的是主机的角色。(主角还是配角)
- task: 定义的是具体执行的任务。(角色的台词和动作)
- playbook: 由一个或多个play(角色)组成,一个play(角色)可以包含多个task(台词,动作)。
- 文件区别
- 在Ansible中”剧本文件”是以yml结尾的文件。
- 在SaltStack中”剧本文件”是以sls结尾的文件。
- 使用的都是yaml语法
PlayBook与ad-hoc的区别
| 特点 |
PlayBook |
Ad-hoc |
| 完整性 |
有 |
无 |
| 持久性 |
有 |
无 |
| 执行效率 |
低 |
高 |
| 变量 |
支持 |
不支持 |
| 耦合度 |
低 |
高 |
- PlayBook功能比ad-hoc更全,是对ad-hoc的一种编排.
- PlayBook能很好的控制先后执行顺序, 以及依赖关系.
- PlayBook语法展现更加的直观.
- playbook可以持久使用,ad-hoc无法持久使用.
YAML语法
| 语法 |
描述 |
| 缩进 |
YAML使用固定的缩进风格表示层级结构,每个缩进由两个空格组成, 不能使用TAB |
| 冒号 |
以冒号结尾的除外,其他所有冒号后面必须有一个空格 |
| 短横线 |
表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作为同一列表 |
1
2
3
4
5
6
7
8
9
10
11
|
yum:
name: vsftpd
state: present
yum:
name:
- httpd
- nginx
- php-fpm
state: present
|
示例:编写PlayBook
结构
host:对哪些主机进行操作(演员)
remote_user:使用什么用户执行(通行证)
tasks:具体执行任务(台词和动作)
示例:
1
2
3
4
5
6
7
8
9
| cat foo.yml
---
- hosts: all
remote_user: root
vars:
file_name: zls.txt
tasks:
- name: Create New File
file: name=/tmp/{{ file_name }} state=touch
|
示例:编写PlayBook
安装httpd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
mkdir /root/ansible
vim httpd.yml
- host: nfs_group
tasks:
- name: install httpd
yum:
name: httpd
state: present
ansible-playbook httpd.yml
ansible-playbook --syntax--check httpd.yml
ansible-playbook -C httpd.yml
|
启动httpd并加入开机自启
1
2
3
4
5
6
7
8
9
10
11
| - hosts: nfs_group
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: start httpd service
service:
name: httpd
state: started
enabled: true
|
编写http前端页面
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| - hosts: nfs_group
tasks:
- name: install httpd
yum:
name: httpd
state: present
- name: start httpd service
service:
name: httpd
state: started
enabled: true
- name: set web index
copy:
content: xxx_web_page
dest: /var/www/html/index.html
|
示例:用PlayBook部署交作业网站
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
| - hosts: all
tasks:
- name: create group for 'www'
group:
name: www
gid: 666
- name: create user for 'www'
user:
name: www
uid: 666
group: 666
shell: /sbin/nologin
create_home: false
- hosts: rsyncd
tasks:
- name: install rsync,nfs
yum:
name: rsync,nfs-utils
state: present
- hosts: backup
tasks:
- name: rsync server
copy:
src: /root/web/rsyncd.conf
dest: /etc/
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 600
- name: create directory for rsync
file:
path: /backup
owner: www
group: www
mode: 755
state: directory
- name: start rsyncd server
service:
name: rsyncd
state: started
- hosts: nfs
tasks:
- name: nfs client
copy:
content: 123
dest: /etc/rsync.passwd
mode: 600
content: "/data 172.16.1.0/24(rw,sync,anonuid=666,anongid=666,all_squash)
- name: create directory for nfs
file:
path: /data
owner: www
group: www
mode: 755
state: directory
- name: start nfs server
service:
name: nfs
state: started
- hosts: web_group
tasks:
- name: install httpd,php
yum:
name: httpd,php
state: present
- name: Modify profile
copy:
src: /root/web/httpd.conf
dest: /etc/httpd/conf
- name: unarchive kaoshi.tfz
unarchive:
src: /root/web/kaoshi.tgz
dest: /var/www/html
owner: www group=www
- name: create directory for user_data
file:
path: /var/www/html/user_data
owner: www group=www
state: directory
- name: mount for user_data>>nfs
mount:
src: 172.16.1.31:/data
fstype: nfs
path: /var/www/html/user_data
state: mounted
- name: start http server
service:
name: httpd
state: started
|
wechat
alipay
