Ansible playbook实现apache批量部署
1. 免密授权
1.1 生成kekgen
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:4aqra2UsAQCj+4Ocl/bB97dmnrjRkmCjzFBwEuztvG8 root@centos-18
The key's randomart image is:
+---[RSA 3072]----+
|* .+.. |
|o. .+ |
|... .. . |
| ..... . . |
|. +o +S |
|.oo Xoo.o o |
|.ooB *o. + . |
| +..ooE. ++. |
| .ooooo. +*+. |
+----[SHA256]-----+
1.2 将key复制到客户端
这部分可以用expect实现批量自动应答
ssh-copy-id 192.168.31.8
ssh-copy-id 192.168.31.18
ssh-copy-id 192.168.31.28
ssh-copy-id 192.168.31.38
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.31.18 (192.168.31.18)' can't be established.
ECDSA key fingerprint is SHA256:aZUazuZyvuiNf55ChJy2bp5RfyZg4crLYyn09wu79fU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.31.18'"
and check to make sure that only the key(s) you wanted were added.
2. Ansible服务器文件准备
mkdir httpd_install
cd httpd_install
2.1 安装包准备
wget wget https://downloads.apache.org/apr/apr-1.7.0.tar.bz2
wget https://downloads.apache.org//apr/apr-util-1.6.1.tar.bz2
wget wget https://downloads.apache.org/apr/apr-1.7.0.tar.bz2
2.2 本地源准备
cat > centos8.repo <<EOF
[BaseOS]
name=CentOS Linux 8
baseurl=file:///media/BaseOS
gpgcheck=0
enabled=1
[AppStream]
name=AppStream
baseurl=file:///media/AppStream
enabled=1
gpgcheck=0
EOF
2.3 Httpd service文件准备
cat > httpd.service <<EOF
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/apps/httpd/bin/apachectl start
#ExecStart=/apps/httpd/bin/httpd $OPTIONS -k start
ExecReload=/apps/httpd/bin/apachectl graceful
#ExecReload=/apps/httpd/bin/httpd $OPTIONS -k graceful
ExecStop=/apps/httpd/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
2.4 hosts 文件准备
cat > hosts << EOF
[httpd]
192.168.31.8
192.168.31.18
192.168.31.28
192.168.31.38
EOF
3. Ansible-playbook文件
- hosts: httpd
remote_user: root
gather_facts: no
vars:
httpd_file: httpd-2.4.46.tar.bz2
arp_file: apr-1.7.0.tar.bz2
arp_util_file: apr-util-1.6.1.tar.bz2
tasks:
- name: Ansible delete file /etc/yum.repos.d/*.repo
find:
paths: /etc/yum.repos.d/
patterns: "*.repo"
register: repos_to_del
- name: yum repo file clean
file:
path: "{
{ item.path }}"
state: absent
with_items: "{
{ repos_to_del.files }}"
- name: copy repo file to remote
copy:
src: centos8.repo
dest: /etc/yum.repos.d/
- name: yum repo init
mount:
path: /media
src: /dev/sr0
fstype: iso9660
opts: ro,noauto
state: mounted
- name: install packages
yum:
name:
- gcc
- lrzsz
- wget
- make
- pcre-devel
- openssl-devel
- expat-devel
state: present
- name: Create a directory if it does not exist
file:
path: /apps
state: directory
mode: '0755'
- name: Extract {
{
httpd_file }} into /apps/httpd24
unarchive:
src: ./{
{
httpd_file }}
dest: /apps/
- name: Extract {
{
arp_file }} into /apps/apr/
unarchive:
src: ./{
{
arp_file }}
dest: /apps/httpd-2.4.46/srclib
- name: Extract {
{
arp_util_file }} into /apps/apr/
unarchive:
src: ./{
{
arp_util_file }}
dest: /apps/httpd-2.4.46/srclib
- name: move directory /apps/httpd-2.4.46/srclib/apr
shell: mv /apps/httpd-2.4.46/srclib/apr-1.7.0 /apps/httpd-2.4.46/srclib/apr
- name: move directory /apps/httpd-2.4.46/srclib/apr-util
shell: mv /apps/httpd-2.4.46/srclib/apr-util-1.6.1 /apps/httpd-2.4.46/srclib/apr-util
- name: Ensure group "apache" exists
group:
name: apache
state: present
gid: 80
- name: Add the user 'apache' with a specific uid and a primary group of 'apache'
user:
name: apache
comment: apache
uid: 80
group: apache
- name: configure httpd
shell: ./configure --prefix=/apps/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork chdir=/apps/httpd-2.4.46/
- name: make
shell: make -j 2 chdir=/apps/httpd-2.4.46/
- name: make install
shell: make install chdir=/apps/httpd-2.4.46/
- name: make ln
file:
src: /apps/httpd24
dest: /apps/httpd
owner: apache
group: apache
state: link
- name: copy http.service file to remote
copy:
src: httpd.service
dest: /usr/lib/systemd/system/
notify: start httpd service
- name: config index.html
shell: echo `hostname -I` > /apps/httpd/htdocs/index.html
- name: Replace httpd config file
replace:
path: /apps/httpd/conf/httpd.conf
regexp: '^#(ServerName).*$'
replace: '\1 :80'
handlers:
- name: start httpd service
service:
name: httpd
state: started
enabled: yes
4. 执行批量安装
ansible-playbook -i hosts playbook.yaml