Ansible实战

文章目录
  1. 1. 目标
  2. 2. 设计
  3. 3. 安装流程
  4. 4. 实践
    1. 4.1. 文件准备
    2. 4.2. 添加密钥
    3. 4.3. sudo免密
    4. 4.4. sudo免密2
    5. 4.5. 更新安装源
    6. 4.6. 时间同步
      1. 4.6.1. 管理机准备
      2. 4.6.2. playbook配置
    7. 4.7. 安装核心软件
    8. 4.8. 整合所有步骤
    9. 4.9. 检查安装
  5. 5. 源码分享
  6. 6. 书签

目标

本文,目标是使用ansible安装lnmp+haproxy。
共四台主机,都是ubuntu14 server版,一台作为ansible管理机,另外三台作为ansible客户机用来部署服务。
客户机A安装nginx+php+mysql,客户机B安装nginx+php,客户机C安装haproxy用来负载均衡。如下图:

设计

项目结构参考最佳实践-Content Organization,如下图:

注意点:

  • 角色分配简单明确。
  • 在hosts中分组添加变量,指定安装软件。
  • 二次执行脚本时不能影响已经安装的服务。

安装流程

1、添加密钥
2、设置sudo免密
3、更新安装源
4、时间同步
5、安装nginx+php+mysql+haproxy
6、检查安装

实践

文件准备

1、创建项目lnmp
mkdir lnmp && cd lnmp

2、创建角色目录
mkdir roles
mkdir -p roles/{1_key,2_sudo,3_sources,4_chrony,5_software,6_check}/{tasks,handlers,vars,files,templates}

3、创建变量目录
mkdir group_vars host_vars

4、创建hosts文件,分配安装组,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[base]
192.168.56.102
192.168.56.103
192.168.56.104

[nginx_php_mysql]
192.168.56.102

[nginx_php]
192.168.56.103

[haproxy]
192.168.56.104

[base:vars]
install_nginx=false
install_php=false
install_mysql=false
install_haproxy=false

[nginx_php_mysql:vars]
install_nginx=true
install_php=true
install_mysql=true
install_haproxy=false

[nginx_php:vars]
install_nginx=true
install_php=true
install_mysql=false
install_haproxy=false

[haproxy:vars]
install_nginx=false
install_php=false
install_mysql=false
install_haproxy=true

5、创建site.yml文件,内容为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
gather_facts: false
roles:
- 1_key
- 2_sudo
- 3_sources
- 4_chrony
- 5_software
- 6_check

6、关闭第一次使用ansible连接客户端时命令提示
sudo vim /etc/ansible/ansible.cfg,如下修改

1
2
# line 62, uncomment
host_key_checking = False

添加密钥

1、设置用户和密码
vim group_vars/base.yml,内容为:

1
2
3
4
5
---
ansible_ssh_user: voidking
ansible_ssh_pass: voidking
ansible_sudo: voidking
ansible_sudo_pass: voidking

2、vim test.yml,内容为:

1
2
3
4
5
6
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
- 1_key

3、vim roles/1_key/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
---
- name: copy public key
copy:
src: /home/voidking/.ssh/id_rsa.pub
dest: /home/voidking/.ssh/id_rsa.pub.tmp
owner: voidking
group: voidking
mode: 0600
force: yes
- name: add public key
shell: cd /home/voidking/.ssh && cat id_rsa.pub.tmp | tee >> authorized_keys

4、vim test_hosts,内容为:

1
2
[test]
192.168.56.102

5、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

5、在客户端查看结果
ll .ssh

6、测试登录
ssh voidking@192.168.56.102

sudo免密

1、vim test.yml,内容为:

1
2
3
4
5
6
7
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
- 2_sudo

2、vim roles/2_sudo/tasks/main.yml,内容为:

1
2
3
4
---
- name: add sudo user
shell: 'sudo sh -c "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"'
#shell: 'echo "voidking ALL = NOPASSWD: ALL" | sudo tee >> /etc/sudoers'

3、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts -s

4、在客户端查看结果
sudo ls

sudo免密2

上面的方法,虽然成功添加了sudo,但是从提示我们看出,在shell模块中sudo马上就不能使用了。

1、vim roles/2_sudo/tasks/main.yml,修改如下:

1
2
3
4
5
---
- name: add sudo user
become_user: root
become: true
shell: "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"

2、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

更新安装源

1、vim test.yml,内容为:

1
2
3
4
5
6
7
8
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
- 3_sources

2、vim roles/3_sources/files/sources.list,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
deb http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
##測試版源
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse
# 源碼
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
##測試版源
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse
# Canonical 合作夥伴和附加
# deb http://archive.canonical.com/ubuntu/ trusty partner
# deb http://extras.ubuntu.com/ubuntu/ trusty main

3、vim roles/3_sources/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
---
- name: replace sources.list
copy:
src: ../files/sources.list
dest: /etc/apt/sources.list
force: yes
- name: update
become_user: root
become: true
shell: apt update
- name: upgrade
become_user: root
become: true
apt:
upgrade: yes

4、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

时间同步

管理机准备

1、管理机安装chrony
apt -y install chrony

2、重启chrony
service chrony restart

3、拷贝chrony.conf
cp /etc/chrony/chrony.conf roles/4_chrony/files/

4、vim roles/4_chrony/files/chrony.conf,如下修改:

1
2
3
4
5
6
7
# line 20,comment
#server 0.debian.pool.ntp.org offline minpoll 8
#server 1.debian.pool.ntp.org offline minpoll 8
#server 2.debian.pool.ntp.org offline minpoll 8
#server 3.debian.pool.ntp.org offline minpoll 8
# line 24,add
server 192.168.56.101 iburst

playbook配置

1、vim test.yml,内容为:

1
2
3
4
5
6
7
8
9
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
- 4_chrony

2、vim group_vars/base.yml,内容为:

1
2
3
4
5
6
7
8
---
ansible_ssh_user: voidking
ansible_ssh_pass: voidking
ansible_sudo: voidking
ansible_sudo_pass: voidking
ansible_become_user: root
ansible_become_pass: voidking
ansible_become: true

3、vim roles/4_chrony/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
- name: install chrony
apt:
name: chrony
state: latest
- name: change config
copy:
src: ../files/chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: 0644
force: yes
- name: restart chrony
service:
name: chrony
state: restarted

4、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

5、在客户机验证chrony
chronyc sources

安装核心软件

1、vim test_hosts,内容为:

1
2
3
4
5
6
7
8
[test]
192.168.56.102

[test:vars]
install_nginx=true
install_php=true
install_mysql=true
install_haproxy=true

2、vim test.yml,内容为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
- 5_software

3、vim roles/5_software/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
---
- name: install nginx
apt:
name: nginx
state: latest
when: install_nginx
- name: install php
apt:
name: "{{item}}"
state: latest
update_cache: yes
with_items:
- php5
- libapache2-mod-php5
- php5-mcrypt
- php5-curl
- php5-imagick
- php5-cli
- php5-json
- php5-fpm
- php5-mysql
when: install_php
- name: install mysql
apt:
name: "{{item}}"
state: latest
with_items:
- mysql-common
- mysql-server
- mysql-client
- python-mysqldb
when: install_mysql
- name: config mysql passwd
mysql_user:
login_user: root
login_password: "\n"
name: root
password: "voidking"
host: "{{item}}"
priv: '*.*:ALL,GRANT'
state: present
check_implicit_admin: yes
with_items:
- "localhost"
- "%"
when: install_mysql
- name: comment bind-address
shell: sed -i 's/^bind-address/#bind-address/g' /etc/mysql/my.cnf
when: install_mysql
- name: restart mysql service
service:
name: mysql
state: restarted
enabled: true
when: install_mysql
- name: install haproxy
apt:
name: haproxy
state: latest
environment:
RUNLEVEL: 1
when: install_haproxy
- name: config haproxy
shell: sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/haproxy
when: install_haproxy
- name: config haproxy port
copy:
src: ../files/haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
force: yes
when: install_haproxy
- name: restart haproxy
service:
name: haproxy
state: restarted
when: install_haproxy

4、vim roles/5_software/files/haproxy.cfg,内容为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
contimeout 5000
clitimeout 50000
srvtimeout 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend http_front
bind *:8080
stats uri /haproxy?stats
default_backend http_back

backend http_back
balance roundrobin
option httpchk GET /index.html
option forwardfor header X-Forwarded-For
server node1 192.168.56.102:80 check inter 2000 rise 3 fall 3 weight 30
server node2 192.168.56.103:80 check inter 2000 rise 3 fall 3 weight 30

5、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

6、在客户机测试
mysql -uroot -p -h 192.168.56.102

curl localhost

curl localhost:8080

整合所有步骤

1、执行脚本

1
2
ansible-playbook site.yml -i hosts --syntax-check
ansible-playbook site.yml -i hosts

2、查看安装

1
2
3
curl 192.168.56.102
curl 192.168.56.103
curl 192.168.56.104:8080

检查安装

1、vim site.yml,修改为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
gather_facts: false
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
#- 5_software
- 6_check

2、vim roles/6_check/tasks/main.yml,内容为:

1
2
3
4
5
6
7
---
- name: copy index.html
template:
src: ../templates/index.j2
dest: /usr/share/nginx/html/index.html
force: yes
when: install_nginx

3、vim roles/6_check/templates/index.j2,内容为:

1
2
3
4
5
6
7
8
9
10
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Home Page</title>
</head>
<body>
{{ ansible_eth0.ipv4.address }}
</body>
</html>

PS:查看变量ansible 192.168.56.102 -m setup > var.txt

4、执行脚本

1
2
ansible-playbook site.yml -i hosts --syntax-check
ansible-playbook site.yml -i hosts

5、测试访问
curl 192.168.56.104:8080

多次执行,可以看到两个不同的IP会来回切换。

源码分享

项目地址:https://github.com/voidking/lnmp.git

书签

Ansible Documentation

Ansible中文权威指南

Ansible精讲

烂泥:高负载均衡学习haproxy之安装与配置

HAproxy 配置参数详解