Ansible实战

目标

本文,目标是使用ansible安装lnmp+haproxy。
共四台主机,都是ubuntu14 server版,一台作为ansible管理机,另外三台作为ansible客户机用来部署服务。
客户机A安装nginx+php+mysql,客户机B安装nginx+php,客户机C安装haproxy用来负载均衡。如下图:

设计

项目结构参考最佳实践-Content Organization,如下图:

注意点:

  • 角色分配简单明确。
  • 在hosts中分组添加变量,指定安装软件。
  • 二次执行脚本时不能影响已经安装的服务。

安装流程

1、添加密钥
2、设置sudo免密
3、更新安装源
4、时间同步
5、安装nginx+php+mysql+haproxy
6、检查安装

实践

文件准备

1、创建项目lnmp
mkdir lnmp && cd lnmp

2、创建角色目录
mkdir roles
mkdir -p roles/{1_key,2_sudo,3_sources,4_chrony,5_software,6_check}/{tasks,handlers,vars,files,templates}

3、创建变量目录
mkdir group_vars host_vars

4、创建hosts文件,分配安装组,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
[base]
192.168.56.102
192.168.56.103
192.168.56.104

[nginx_php_mysql]
192.168.56.102

[nginx_php]
192.168.56.103

[haproxy]
192.168.56.104

[base:vars]
install_nginx=false
install_php=false
install_mysql=false
install_haproxy=false

[nginx_php_mysql:vars]
install_nginx=true
install_php=true
install_mysql=true
install_haproxy=false

[nginx_php:vars]
install_nginx=true
install_php=true
install_mysql=false
install_haproxy=false

[haproxy:vars]
install_nginx=false
install_php=false
install_mysql=false
install_haproxy=true

5、创建site.yml文件,内容为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
gather_facts: false
roles:
- 1_key
- 2_sudo
- 3_sources
- 4_chrony
- 5_software
- 6_check

6、关闭第一次使用ansible连接客户端时命令提示
sudo vim /etc/ansible/ansible.cfg,如下修改

1
2
# line 62, uncomment
host_key_checking = False

添加密钥

1、设置用户和密码
vim group_vars/base.yml,内容为:

1
2
3
4
5
---
ansible_ssh_user: voidking
ansible_ssh_pass: voidking
ansible_sudo: voidking
ansible_sudo_pass: voidking

2、vim test.yml,内容为:

1
2
3
4
5
6
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
- 1_key

3、vim roles/1_key/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
---
- name: copy public key
copy:
src: /home/voidking/.ssh/id_rsa.pub
dest: /home/voidking/.ssh/id_rsa.pub.tmp
owner: voidking
group: voidking
mode: 0600
force: yes
- name: add public key
shell: cd /home/voidking/.ssh && cat id_rsa.pub.tmp | tee >> authorized_keys

4、vim test_hosts,内容为:

1
2
[test]
192.168.56.102

5、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

5、在客户端查看结果
ll .ssh

6、测试登录
ssh voidking@192.168.56.102

sudo免密

1、vim test.yml,内容为:

1
2
3
4
5
6
7
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
- 2_sudo

2、vim roles/2_sudo/tasks/main.yml,内容为:

1
2
3
4
---
- name: add sudo user
shell: 'sudo sh -c "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"'
#shell: 'echo "voidking ALL = NOPASSWD: ALL" | sudo tee >> /etc/sudoers'

3、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts -s

4、在客户端查看结果
sudo ls

sudo免密2

上面的方法,虽然成功添加了sudo,但是从提示我们看出,在shell模块中sudo马上就不能使用了。

1、vim roles/2_sudo/tasks/main.yml,修改如下:

1
2
3
4
5
---
- name: add sudo user
become_user: root
become: true
shell: "echo voidking ALL = NOPASSWD: ALL >> /etc/sudoers"

2、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

更新安装源

1、vim test.yml,内容为:

1
2
3
4
5
6
7
8
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
- 3_sources

2、vim roles/3_sources/files/sources.list,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
deb http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
##測試版源
deb http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse
# 源碼
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-security main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
##測試版源
deb-src http://cn.archive.ubuntu.com/ubuntu/ trusty-proposed main restricted universe multiverse
# Canonical 合作夥伴和附加
# deb http://archive.canonical.com/ubuntu/ trusty partner
# deb http://extras.ubuntu.com/ubuntu/ trusty main

3、vim roles/3_sources/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
---
- name: replace sources.list
copy:
src: ../files/sources.list
dest: /etc/apt/sources.list
force: yes
- name: update
become_user: root
become: true
shell: apt update
- name: upgrade
become_user: root
become: true
apt:
upgrade: yes

4、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

时间同步

管理机准备

1、管理机安装chrony
apt -y install chrony

2、重启chrony
service chrony restart

3、拷贝chrony.conf
cp /etc/chrony/chrony.conf roles/4_chrony/files/

4、vim roles/4_chrony/files/chrony.conf,如下修改:

1
2
3
4
5
6
7
# line 20,comment
#server 0.debian.pool.ntp.org offline minpoll 8
#server 1.debian.pool.ntp.org offline minpoll 8
#server 2.debian.pool.ntp.org offline minpoll 8
#server 3.debian.pool.ntp.org offline minpoll 8
# line 24,add
server 192.168.56.101 iburst

playbook配置

1、vim test.yml,内容为:

1
2
3
4
5
6
7
8
9
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
- 4_chrony

2、vim group_vars/base.yml,内容为:

1
2
3
4
5
6
7
8
---
ansible_ssh_user: voidking
ansible_ssh_pass: voidking
ansible_sudo: voidking
ansible_sudo_pass: voidking
ansible_become_user: root
ansible_become_pass: voidking
ansible_become: true

3、vim roles/4_chrony/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
---
- name: install chrony
apt:
name: chrony
state: latest
- name: change config
copy:
src: ../files/chrony.conf
dest: /etc/chrony/chrony.conf
owner: root
group: root
mode: 0644
force: yes
- name: restart chrony
service:
name: chrony
state: restarted

4、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

5、在客户机验证chrony
chronyc sources

安装核心软件

1、vim test_hosts,内容为:

1
2
3
4
5
6
7
8
[test]
192.168.56.102

[test:vars]
install_nginx=true
install_php=true
install_mysql=true
install_haproxy=true

2、vim test.yml,内容为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
vars_files:
- group_vars/base.yml
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
- 5_software

3、vim roles/5_software/tasks/main.yml,内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
---
- name: install nginx
apt:
name: nginx
state: latest
when: install_nginx
- name: install php
apt:
name: "{{item}}"
state: latest
update_cache: yes
with_items:
- php5
- libapache2-mod-php5
- php5-mcrypt
- php5-curl
- php5-imagick
- php5-cli
- php5-json
- php5-fpm
- php5-mysql
when: install_php
- name: install mysql
apt:
name: "{{item}}"
state: latest
with_items:
- mysql-common
- mysql-server
- mysql-client
- python-mysqldb
when: install_mysql
- name: config mysql passwd
mysql_user:
login_user: root
login_password: "\n"
name: root
password: "voidking"
host: "{{item}}"
priv: '*.*:ALL,GRANT'
state: present
check_implicit_admin: yes
with_items:
- "localhost"
- "%"
when: install_mysql
- name: comment bind-address
shell: sed -i 's/^bind-address/#bind-address/g' /etc/mysql/my.cnf
when: install_mysql
- name: restart mysql service
service:
name: mysql
state: restarted
enabled: true
when: install_mysql
- name: install haproxy
apt:
name: haproxy
state: latest
environment:
RUNLEVEL: 1
when: install_haproxy
- name: config haproxy
shell: sed -i 's/ENABLED=0/ENABLED=1/g' /etc/default/haproxy
when: install_haproxy
- name: config haproxy port
copy:
src: ../files/haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
force: yes
when: install_haproxy
- name: restart haproxy
service:
name: haproxy
state: restarted
when: install_haproxy

4、vim roles/5_software/files/haproxy.cfg,内容为

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
contimeout 5000
clitimeout 50000
srvtimeout 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

frontend http_front
bind *:8080
stats uri /haproxy?stats
default_backend http_back

backend http_back
balance roundrobin
option httpchk GET /index.html
option forwardfor header X-Forwarded-For
server node1 192.168.56.102:80 check inter 2000 rise 3 fall 3 weight 30
server node2 192.168.56.103:80 check inter 2000 rise 3 fall 3 weight 30

5、执行脚本

1
2
ansible-playbook test.yml -i test_hosts --syntax-check
ansible-playbook test.yml -i test_hosts

6、在客户机测试
mysql -uroot -p -h 192.168.56.102

curl localhost

curl localhost:8080

整合所有步骤

1、执行脚本

1
2
ansible-playbook site.yml -i hosts --syntax-check
ansible-playbook site.yml -i hosts

2、查看安装

1
2
3
curl 192.168.56.102
curl 192.168.56.103
curl 192.168.56.104:8080

检查安装

1、vim site.yml,修改为:

1
2
3
4
5
6
7
8
9
10
---
- hosts: all
gather_facts: false
roles:
#- 1_key
#- 2_sudo
#- 3_sources
#- 4_chrony
#- 5_software
- 6_check

2、vim roles/6_check/tasks/main.yml,内容为:

1
2
3
4
5
6
7
---
- name: copy index.html
template:
src: ../templates/index.j2
dest: /usr/share/nginx/html/index.html
force: yes
when: install_nginx

3、vim roles/6_check/templates/index.j2,内容为:

1
2
3
4
5
6
7
8
9
10
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Home Page</title>
</head>
<body>
{{ ansible_eth0.ipv4.address }}
</body>
</html>

PS:查看变量ansible 192.168.56.102 -m setup > var.txt

4、执行脚本

1
2
ansible-playbook site.yml -i hosts --syntax-check
ansible-playbook site.yml -i hosts

5、测试访问
curl 192.168.56.104:8080

多次执行,可以看到两个不同的IP会来回切换。

源码分享

项目地址:https://github.com/voidking/lnmp.git

书签

Ansible Documentation

Ansible中文权威指南

Ansible精讲

烂泥:高负载均衡学习haproxy之安装与配置

HAproxy 配置参数详解

0%