ansible Playbook导演系统部署

ansible

字数统计: 1.5k阅读时长: 9 min

 2017/05/28   Share

playbook

playbook是由yaml组织的一系列指导系统操作的指令集，通过playbook我们可以固化下系统操作，达到一次性部署一个小集群的目的。

编写剧本

由上图可以我们想要部署的是lnamp集群，并且我们还需要高可用使用keepalived高可用nginx。

整个过程我们不需要到每台机器上部署，我们只需要在ansible上编写ansible roles即可。

nginx+keepalived-1 主机名:proxy1 ip:10.211.55.38 centos
nginx+keepalived-2 主机名:proxy2 ip:10.211.55.39 centos
httpd+php-1 主机名:www1 ip:10.211.55.40 centos
httpd+php-2 主机名:www2 ip:10.211.55.41 centos
mysql 主机名:db ip:10.211.55.42 centos

vip:10.211.55.24

nginx roles

ansible部署机与各主机双机互信

ansible：

~]# yum install -y ansible
~]# cd /etc/ansible
~]# cat hosts
[proxy]
10.211.55.38
10.211.55.39

[www]
10.211.55.40
10.211.55.41

[db]
10.211.55.42
~]# cd roles
~]# mkdir nginx keepalived httpd php mysql epel
~]# cd nginx
~]# mkdir tasks
~]# cd tasks
~]# cat main.yml
- name: install nginx
  yum: name=nginx state=latest
- name: install config
  template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
  notify: restart nginx
  tag: nginxconf
- name: start nginx
  service: name=nginx state=started
~]# mkdir ../handlers
~]# cd ../handlers
~]# cat main.yml
- name: restart nginx
  service: name=nginx state=restarted
~]# mkdir ../templates
~]# cd ../templates
~]# cat nginx.conf.j2
user nginx;
worker_processes {{ ansible_processor_vcpus }};
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;


include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
upstream www_pool {
	server 10.211.55.40:80;
	server 10.211.55.41:80;
	ip_hash;
}

server {
	listen 80;
	server_name www.jusene.me;
	location / {
		proxy_pass http://www_pool;
		proxy_set_header Host $host
		proxy_set_header X_Forward_For $remote_addr;
		proxy_connect_timeout 60;
		proxy_send_timeout 60;
		proxy_read_timeout 60;
		proxy_buffer_size 4k;
		proxy_buffers 4 32k;
		proxy_busy_buffers_size 64k;
		proxy_temp_file_write_size 64k;
	}

}
}

keepalived role

~]# cd /etc/ansible/roles/keepalived
~]# mkdir tasks
~]# cd tasks
~]# cat main.yml
- name: install keepalived
  yum: name=keepalived state=latest
- name: install config
  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
  notify: restart keepalived
  tag: keepalivedconf
- name: start keepalived
  service: name=keepalived state=started
~]# mkdir ../handlers
~]# cd ../handlers
~]# cat main.yml
- name: restart keepalived
  service: name=keepalived state=restarted
~]# mkdir ../templates
~]# cd ../templates
~]# cat keepalived.conf.j2
global_defs {
	notification_email {
		root@{{ ansible_hostname }}
	}
	notification_email_from keepalived@{{ ansible_hostname}}
	smtp_server 127.0.0.1
	smtp_connect_timeout 30
	router_id {{ ansible_hostname }}
	vrrp_mcast_group4 224.0.100.18
}
vrrp_script chk_nginx {
	script 'killall -0 nginx'
	interval 2
	weight -10
}
vrrp_instance VI_1 {
	{% if ansible_eth0[ipv4][address] == '10.211.55.38' %}
	state MASTER
	{% if ansible_eth0[ipv4][address] == '10.211.55.39' %}
	state BACKUP
	{% endif %}
	interface eth0
	virtual_router_id 100
	{% if ansible_eth0[ipv4][address] == '10.211.55.38' %}
	priority 100
	{% if ansible_eth0[ipv4][address] == '10.211.55.39' %}
	priority 98
	{% endif %}
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass jusene
	}
	virtual_ipaddress {
		10.211.44.24 dev eth0 label eth0:0
	}
	track_script {
		chk_nginx
	}
}

httpd role

~]# cd /etc/ansible/roles/httpd
~]# mkdir tasks
~]# cd tasks
~]# cat main.yml
- name: install httpd
  yum: name=httpd state=latest
- name: install config
  template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
  notify: restart httpd
  tag: httpdconf
- name: start httpd
  service: name=httpd state=started
~]# mkdir ../handlers
~]# cd ../handlers
~]# cat main.yml
- name: restart httpd
  service: name=httpd state=restarted
~]# mkdir ../templates
~]# cd ../templates
~]# cat httpd.conf.j2
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
    AllowOverride none
    Require all denied
</Directory>
ServerName www.jusene.me
DocumentRoot "/www"
<Directory "/www">
    Options None
    AllowOverride None
    Require all granted
</Directory>
<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>
<Files ".ht*">
    Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
    LogFormat "%(X_Forward_For)i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access_log" combined
</IfModule>
<IfModule mime_module>
    TypesConfig /etc/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
    MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on

php role

~]# cd /etc/ansible/roles/php
~]# mkdir tasks
~]# cd tasks
~]# cat main.yml
- name: install php as mod
  yum: name=php state=latest
  notify: restart httpd

mysql role

~]# cd /etc/ansible/roles/mysql
~]# mkdir tasks
~]# cat main.yml
- name: install mysqld
  yum: name=mysql-server state=latest
- name: install config
  template: src=my.cnf.j2 dest=/etc/my.cnf
  notify: restart mysqld
  tag: mysqldconf
- name: create datadir
  file: path=/data/mysqldata state=directory ower=mysql group=mysql
- name: init datadir
  command: mysql_install_db --datadir=/data/mysqldata --user=mysql
- name: start mysqld
  service: name=mysqld state=started
~]# mkdir ../handlers
~]# cd ../handlers
~]# cat main.yml
- name: restart mysqld
  service: name=mysqld state=restarted
~]# mkdir ../templates
~]# cd ../templates
~]# cat my.cnf.j2
[client]
port=3306
socket=/tmp/mysql.sock
[mysqld]
port=3306
socket=/tmp/mysql.sock
datadir=/data/mysqldata
skip-extrnal-locking
query_cache_size=32M
thread_concurrency = 8
key_buffer = 512M
max_allowed_packet = 2048M
myisam_sort_buffer_size = 128M
query_cache_size= 128M
thread_concurrency = 32
wait_timeout=2592000
interactive_timeout=2592000
group_concat_max_len=4096
back_log=500
key_buffer_size=512M
max_heap_table_size=128M
thread_cache_size=128
sort_buffer_size=8M
read_buffer_size=8M
read_rnd_buffer_size = 8M
open_files_limit=200000
max_connections=4000
expire_logs_days = 3
event_scheduler = on
log-bin=mysql-bin
server-id       = 1
innodb_file_per_table =1
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M

[mysqlhotcopy]
interactive-timeout

epel role

~]# cd /etc/ansible/roles/epel
~]# mkdir tasks
~]# cd tasks
~]# cat main.yml
- name: install epel repo
  template: src=epel.repo.j2 dest=/ect/epel.repo
~]# mkdir ../templates
~]# cd ../templates
~]# cat epel.repo.j2
[epel]
name=aliyun_epel
baseurl=https://mirrors.aliyun.com/epel/{{ ansible_distribution_major_version }}/x86_64/
enable=1
gpgcheck=0
cost=1000

lnamp.yml

~]# cd /etc/ansible
~]# cat lnamp.yml
---
- hosts: all
  remote_user: root
  forks: 5
  roles:
  - {role: epel}
  - {role: nginx, when group_names == 'proxy'}
  - {role: keepalived, when group_names == 'proxy'}
  - {role: httpd,when group_names == 'www'}
  - {role: php,when group_names == 'www'}
  - {role: mysql,when group_names == 'db'}



~]# ansible-playbook lnamp.yml

原文作者：Zhang Jusene

原文链接：http://jusene.github.io/2017/05/28/ansible-playbook/

发表日期：May 28th 2017, 3:52:01 pm

更新日期：November 30th 2019, 1:54:24 am

Next Post

python3解析yaml文件
Previous Post

python3 操作 memcached

CATALOG

1. playbook
2. 编写剧本
3. nginx roles
4. keepalived role
5. httpd role
6. php role
7. mysql role
8. epel role
9. lnamp.yml



1	~]# yum install -y ansible
2	~]# cd /etc/ansible
3	~]# cat hosts
4	[proxy]
5	10.211.55.38
6	10.211.55.39
7
8	[www]
9	10.211.55.40
10	10.211.55.41
11
12	[db]
13	10.211.55.42
14	~]# cd roles
15	~]# mkdir nginx keepalived httpd php mysql epel
16	~]# cd nginx
17	~]# mkdir tasks
18	~]# cd tasks
19	~]# cat main.yml
20	- name: install nginx
21	yum: name=nginx state=latest
22	- name: install config
23	template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
24	notify: restart nginx
25	tag: nginxconf
26	- name: start nginx
27	service: name=nginx state=started
28	~]# mkdir ../handlers
29	~]# cd ../handlers
30	~]# cat main.yml
31	- name: restart nginx
32	service: name=nginx state=restarted
33	~]# mkdir ../templates
34	~]# cd ../templates
35	~]# cat nginx.conf.j2
36	user nginx;
37	worker_processes {{ ansible_processor_vcpus }};
38	error_log /var/log/nginx/error.log;
39	pid /run/nginx.pid;
40
41
42	include /usr/share/nginx/modules/*.conf;
43
44	events {
45	worker_connections 1024;
46	}
47
48	http {
49	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
50	'$status $body_bytes_sent "$http_referer" '
51	'"$http_user_agent" "$http_x_forwarded_for"';
52
53	access_log /var/log/nginx/access.log main;
54
55	sendfile on;
56	tcp_nopush on;
57	tcp_nodelay on;
58	keepalive_timeout 65;
59	types_hash_max_size 2048;
60
61	include /etc/nginx/mime.types;
62	default_type application/octet-stream;
63	upstream www_pool {
64	server 10.211.55.40:80;
65	server 10.211.55.41:80;
66	ip_hash;
67	}
68
69	server {
70	listen 80;
71	server_name www.jusene.me;
72	location / {
73	proxy_pass http://www_pool;
74	proxy_set_header Host $host
75	proxy_set_header X_Forward_For $remote_addr;
76	proxy_connect_timeout 60;
77	proxy_send_timeout 60;
78	proxy_read_timeout 60;
79	proxy_buffer_size 4k;
80	proxy_buffers 4 32k;
81	proxy_busy_buffers_size 64k;
82	proxy_temp_file_write_size 64k;
83	}
84
85	}
86	}

1	~]# cd /etc/ansible/roles/keepalived
2	~]# mkdir tasks
3	~]# cd tasks
4	~]# cat main.yml
5	- name: install keepalived
6	yum: name=keepalived state=latest
7	- name: install config
8	template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
9	notify: restart keepalived
10	tag: keepalivedconf
11	- name: start keepalived
12	service: name=keepalived state=started
13	~]# mkdir ../handlers
14	~]# cd ../handlers
15	~]# cat main.yml
16	- name: restart keepalived
17	service: name=keepalived state=restarted
18	~]# mkdir ../templates
19	~]# cd ../templates
20	~]# cat keepalived.conf.j2
21	global_defs {
22	notification_email {
23	root@{{ ansible_hostname }}
24	}
25	notification_email_from keepalived@{{ ansible_hostname}}
26	smtp_server 127.0.0.1
27	smtp_connect_timeout 30
28	router_id {{ ansible_hostname }}
29	vrrp_mcast_group4 224.0.100.18
30	}
31	vrrp_script chk_nginx {
32	script 'killall -0 nginx'
33	interval 2
34	weight -10
35	}
36	vrrp_instance VI_1 {
37	{% if ansible_eth0[ipv4][address] == '10.211.55.38' %}
38	state MASTER
39	{% if ansible_eth0[ipv4][address] == '10.211.55.39' %}
40	state BACKUP
41	{% endif %}
42	interface eth0
43	virtual_router_id 100
44	{% if ansible_eth0[ipv4][address] == '10.211.55.38' %}
45	priority 100
46	{% if ansible_eth0[ipv4][address] == '10.211.55.39' %}
47	priority 98
48	{% endif %}
49	advert_int 1
50	authentication {
51	auth_type PASS
52	auth_pass jusene
53	}
54	virtual_ipaddress {
55	10.211.44.24 dev eth0 label eth0:0
56	}
57	track_script {
58	chk_nginx
59	}
60	}

1	~]# cd /etc/ansible/roles/httpd
2	~]# mkdir tasks
3	~]# cd tasks
4	~]# cat main.yml
5	- name: install httpd
6	yum: name=httpd state=latest
7	- name: install config
8	template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
9	notify: restart httpd
10	tag: httpdconf
11	- name: start httpd
12	service: name=httpd state=started
13	~]# mkdir ../handlers
14	~]# cd ../handlers
15	~]# cat main.yml
16	- name: restart httpd
17	service: name=httpd state=restarted
18	~]# mkdir ../templates
19	~]# cd ../templates
20	~]# cat httpd.conf.j2
21	ServerRoot "/etc/httpd"
22	Listen 80
23	Include conf.modules.d/*.conf
24	User apache
25	Group apache
26	ServerAdmin root@localhost
27	<Directory />
28	AllowOverride none
29	Require all denied
30	</Directory>
31	ServerName www.jusene.me
32	DocumentRoot "/www"
33	<Directory "/www">
34	Options None
35	AllowOverride None
36	Require all granted
37	</Directory>
38	<IfModule dir_module>
39	DirectoryIndex index.html index.php
40	</IfModule>
41	<Files ".ht*">
42	Require all denied
43	</Files>
44	ErrorLog "logs/error_log"
45	LogLevel warn
46	<IfModule log_config_module>
47	LogFormat "%(X_Forward_For)i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
48	LogFormat "%h %l %u %t \"%r\" %>s %b" common
49	<IfModule logio_module>
50	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
51	</IfModule>
52	CustomLog "logs/access_log" combined
53	</IfModule>
54	<IfModule mime_module>
55	TypesConfig /etc/mime.types
56	AddType application/x-compress .Z
57	AddType application/x-gzip .gz .tgz
58	AddType text/html .shtml
59	AddOutputFilter INCLUDES .shtml
60	</IfModule>
61	AddDefaultCharset UTF-8
62	<IfModule mime_magic_module>
63	MIMEMagicFile conf/magic
64	</IfModule>
65	EnableSendfile on

1	~]# cd /etc/ansible/roles/php
2	~]# mkdir tasks
3	~]# cd tasks
4	~]# cat main.yml
5	- name: install php as mod
6	yum: name=php state=latest
7	notify: restart httpd

1	~]# cd /etc/ansible/roles/mysql
2	~]# mkdir tasks
3	~]# cat main.yml
4	- name: install mysqld
5	yum: name=mysql-server state=latest
6	- name: install config
7	template: src=my.cnf.j2 dest=/etc/my.cnf
8	notify: restart mysqld
9	tag: mysqldconf
10	- name: create datadir
11	file: path=/data/mysqldata state=directory ower=mysql group=mysql
12	- name: init datadir
13	command: mysql_install_db --datadir=/data/mysqldata --user=mysql
14	- name: start mysqld
15	service: name=mysqld state=started
16	~]# mkdir ../handlers
17	~]# cd ../handlers
18	~]# cat main.yml
19	- name: restart mysqld
20	service: name=mysqld state=restarted
21	~]# mkdir ../templates
22	~]# cd ../templates
23	~]# cat my.cnf.j2
24	[client]
25	port=3306
26	socket=/tmp/mysql.sock
27	[mysqld]
28	port=3306
29	socket=/tmp/mysql.sock
30	datadir=/data/mysqldata
31	skip-extrnal-locking
32	query_cache_size=32M
33	thread_concurrency = 8
34	key_buffer = 512M
35	max_allowed_packet = 2048M
36	myisam_sort_buffer_size = 128M
37	query_cache_size= 128M
38	thread_concurrency = 32
39	wait_timeout=2592000
40	interactive_timeout=2592000
41	group_concat_max_len=4096
42	back_log=500
43	key_buffer_size=512M
44	max_heap_table_size=128M
45	thread_cache_size=128
46	sort_buffer_size=8M
47	read_buffer_size=8M
48	read_rnd_buffer_size = 8M
49	open_files_limit=200000
50	max_connections=4000
51	expire_logs_days = 3
52	event_scheduler = on
53	log-bin=mysql-bin
54	server-id = 1
55	innodb_file_per_table =1
56	[mysqldump]
57	quick
58	max_allowed_packet = 16M
59	[mysql]
60	no-auto-rehash
61	[myisamchk]
62	key_buffer_size = 256M
63	sort_buffer_size = 256M
64	read_buffer = 2M
65	write_buffer = 2M
66
67	[mysqlhotcopy]
68	interactive-timeout

1	~]# cd /etc/ansible/roles/epel
2	~]# mkdir tasks
3	~]# cd tasks
4	~]# cat main.yml
5	- name: install epel repo
6	template: src=epel.repo.j2 dest=/ect/epel.repo
7	~]# mkdir ../templates
8	~]# cd ../templates
9	~]# cat epel.repo.j2
10	[epel]
11	name=aliyun_epel
12	baseurl=https://mirrors.aliyun.com/epel/{{ ansible_distribution_major_version }}/x86_64/
13	enable=1
14	gpgcheck=0
15	cost=1000

1	~]# cd /etc/ansible
2	~]# cat lnamp.yml
3	---
4	- hosts: all
5	remote_user: root
6	forks: 5
7	roles:
8	- {role: epel}
9	- {role: nginx, when group_names == 'proxy'}
10	- {role: keepalived, when group_names == 'proxy'}
11	- {role: httpd,when group_names == 'www'}
12	- {role: php,when group_names == 'www'}
13	- {role: mysql,when group_names == 'db'}
14
15
16
17	~]# ansible-playbook lnamp.yml