6.安装chrony
6.1 安装chrony-server
[root@ansible-server ansible]# mkdir -p roles/chrony-server/{tasks,handlers}
[root@ansible-server ansible]# cd roles/chrony-server/
[root@ansible-server chrony-server]# ls
handlers tasks
[root@ansible-server chrony-server]# vim tasks/install_chrony_yum.yml
- name: install CentOS or Rocky chrony
yum:
name: chrony
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: delete CentOS or Rocky /etc/chrony.conf file contains '^pool.*' string line
lineinfile:
path: /etc/chrony.conf
regexp: '^pool.*'
state: absent
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: delete CentOS or Rocky /etc/chrony.conf file contains '^server.*' string line
lineinfile:
path: /etc/chrony.conf
regexp: '^server.*'
state: absent
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: add Time server for CentOS or Rocky /etc/chrony.conf file
lineinfile:
path: /etc/chrony.conf
insertafter: '^# Please consider .*'
line: "server ntp.aliyun.com iburst\nserver time1.cloud.tencent.com iburst\nserver ntp.tuna.tsinghua.edu.cn iburst"
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: Substitution '^#(allow).*' string for CentOS or Rocky /etc/chrony.conf file
replace:
path: /etc/chrony.conf
regexp: '^#(allow).*'
replace: '\1 0.0.0.0/0'
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: Substitution '^#(local).*' string for CentOS or Rocky /etc/chrony.conf file
replace:
path: /etc/chrony.conf
regexp: '^#(local).*'
replace: '\1 stratum 10'
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
[root@ansible-server chrony-server]# vim tasks/install_chrony_apt.yml
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu chrony
apt:
name: chrony
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: delete Ubuntu /etc/chrony/chrony.conf file contains '^pool.*' string line
lineinfile:
path: /etc/chrony/chrony.conf
regexp: '^pool.*'
state: absent
when:
- ansible_distribution=="Ubuntu"
notify:
- restart chronyd
- name: add Time server for Ubuntu /etc/chrony/chrony.conf file
lineinfile:
path: /etc/chrony/chrony.conf
insertafter: '^# See http:.*'
line: "server ntp.aliyun.com iburst\nserver time1.cloud.tencent.com iburst\nserver ntp.tuna.tsinghua.edu.cn iburst"
when:
- ansible_distribution=="Ubuntu"
- name: add 'allow 0.0.0.0/0' string and 'local stratum 10' string for Ubuntu /etc/chrony/chrony.conf file
lineinfile:
path: /etc/chrony/chrony.conf
line: "{
{ item }}"
loop:
- "allow 0.0.0.0/0"
- "local stratum 10"
when:
- ansible_distribution=="Ubuntu"
notify:
- restart chronyd
[root@ansible-server chrony-server]# vim tasks/service.yml
- name: start chronyd
systemd:
name: chronyd
state: started
enabled: yes
[root@ansible-server chrony-server]# vim tasks/main.yml
- include: install_chrony_yum.yml
- include: install_chrony_apt.yml
- include: service.yml
[root@ansible-server chrony-server]# vim handlers/main.yml
- name: restart chronyd
systemd:
name: chronyd
state: restarted
[root@ansible-server chrony-server]# cd ../../
[root@ansible-server ansible]# tree roles/chrony-server/
roles/chrony-server/
├── handlers
│ └── main.yml
└── tasks
├── install_chrony_apt.yml
├── install_chrony_yum.yml
├── main.yml
└── service.yml
2 directories, 5 files
[root@ansible-server ansible]# vim chrony_server_role.yml
---
- hosts: chrony_server
roles:
- role: chrony-server
[root@ansible-server ansible]# ansible-playbook chrony_server_role.yml
[root@k8s-ha01 ~]# chronyc sources -nv
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- 203.107.6.88 2 6 37 62 -15ms[ -15ms] +/- 35ms
^* 139.199.215.251 2 6 37 62 -10us[+1488us] +/- 37ms
^? 101.6.6.172 0 7 0 - +0ns[ +0ns] +/- 0ns
[root@k8s-ha02 ~]# chronyc sources -nv
210 Number of sources = 3
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 77 3 -4058us[+2582us] +/- 31ms
^+ 139.199.215.251 2 6 77 2 +6881us[+6881us] +/- 33ms
^? 101.6.6.172 0 7 0 - +0ns[ +0ns] +/- 0ns
6.2 安装chrony-client
[root@ansible-server ansible]# mkdir -p roles/chrony-client/{tasks,handlers,vars}
[root@ansible-server ansible]# cd roles/chrony-client/
[root@ansible-server chrony-client]# ls
handlers tasks vars
[root@ansible-server chrony-client]# vim vars/main.yml
SERVER1: 172.31.3.104
SERVER2: 172.31.3.105
[root@ansible-server chrony-client]# vim tasks/install_chrony_yum.yml
- name: install CentOS or Rocky chrony
yum:
name: chrony
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: delete CentOS or Rocky /etc/chrony.conf file contains '^pool.*' string line
lineinfile:
path: /etc/chrony.conf
regexp: '^pool.*'
state: absent
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: delete CentOS or Rocky /etc/chrony.conf file contains '^server.*' string line
lineinfile:
path: /etc/chrony.conf
regexp: '^server.*'
state: absent
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
- name: add Time server for CentOS or Rocky /etc/chrony.conf file
lineinfile:
path: /etc/chrony.conf
insertafter: '^# Please consider .*'
line: "server {
{ SERVER1 }} iburst\nserver {
{ SERVER2 }} iburst"
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
notify:
- restart chronyd
[root@ansible-server chrony-client]# vim tasks/install_chrony_apt.yml
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu chrony
apt:
name: chrony
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: delete Ubuntu /etc/chrony/chrony.conf file contains '^pool.*' string line
lineinfile:
path: /etc/chrony/chrony.conf
regexp: '^pool.*'
state: absent
when:
- ansible_distribution=="Ubuntu"
notify:
- restart chronyd
- name: add Time server for Ubuntu /etc/chrony/chrony.conf file
lineinfile:
path: /etc/chrony/chrony.conf
insertafter: '^# See http:.*'
line: "server {
{ SERVER1 }} iburst\nserver {
{ SERVER2 }} iburst"
when:
- ansible_distribution=="Ubuntu"
notify:
- restart chronyd
[root@ansible-server chrony-client]# vim tasks/service.yml
- name: start chronyd
systemd:
name: chronyd
state: started
enabled: yes
[root@ansible-server chrony-client]# vim tasks/main.yml
- include: install_chrony_yum.yml
- include: install_chrony_apt.yml
- include: service.yml
[root@ansible-server chrony-client]# vim handlers/main.yml
- name: restart chronyd
systemd:
name: chronyd
state: restarted
[root@ansible-server chrony-client]# cd ../../
[root@ansible-server ansible]# tree roles/chrony-client/
roles/chrony-client/
├── handlers
│ └── main.yml
├── tasks
│ ├── install_chrony_apt.yml
│ ├── install_chrony_yum.yml
│ ├── main.yml
│ └── service.yml
└── vars
└── main.yml
3 directories, 6 files
[root@ansible-server ansible]# vim chrony_client_role.yml
---
- hosts: chrony_client
roles:
- role: chrony-client
[root@ansible-server ansible]# ansible-playbook chrony_client_role.yml
[root@k8s-master01 ~]# chronyc sources -nv
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* k8s-ha01 3 6 17 28 -57us[ -29us] +/- 31ms
^+ k8s-ha02 3 6 17 29 +204us[ +231us] +/- 34ms
7.安装haproxy
[root@ansible-server ansible]# mkdir -p roles/haproxy/{tasks,vars,files,templates}
[root@ansible-server ansible]# cd roles/haproxy/
[root@ansible-server haproxy]# ls
files tasks templates vars
[root@ansible-server haproxy]# wget http://www.lua.org/ftp/lua-5.4.3.tar.gz -P files/
[root@ansible-server haproxy]# wget https://www.haproxy.org/download/2.4/src/haproxy-2.4.10.tar.gz -P files/
[root@ansible-server haproxy]# vim files/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/lib/haproxy/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@ansible-server haproxy]# vim vars/main.yml
SRC_DIR: /usr/local/src
LUA_FILE: lua-5.4.3.tar.gz
HAPROXY_FILE: haproxy-2.4.10.tar.gz
HAPROXY_INSTALL_DIR: /apps/haproxy
STATS_AUTH_USER: admin
STATS_AUTH_PASSWORD: 123456
VIP: 172.31.3.188
[root@ansible-server haproxy]# vim templates/haproxy.cfg.j2
global
maxconn 100000
chroot {
{
HAPROXY_INSTALL_DIR }}
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
uid 99
gid 99
daemon
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen stats
mode http
bind 0.0.0.0:9999
stats enable
log global
stats uri /haproxy-status
stats auth {
{
STATS_AUTH_USER }}:{
{
STATS_AUTH_PASSWORD }}
listen kubernetes-6443
bind {
{
VIP }}:6443
mode tcp
log global
{
% for i in groups.master %}
server {
{
i }} {
{
i }}:6443 check inter 3s fall 2 rise 5
{
% endfor %}
listen harbor-80
bind {
{
VIP }}:80
mode http
log global
balance source
{
% for i in groups.harbor %}
server {
{
i }} {
{
i }}:80 check inter 3s fall 2 rise 5
{
% endfor %}
[root@ansible-server haproxy]# vim tasks/install_package.yml
- name: install CentOS or Rocky depend on the package
yum:
name: gcc,make,gcc-c++,glibc,glibc-devel,pcre,pcre-devel,openssl,openssl-devel,systemd-devel,libtermcap-devel,ncurses-devel,libevent-devel,readline-devel
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- inventory_hostname in groups.haproxy
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- inventory_hostname in groups.haproxy
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- inventory_hostname in groups.haproxy
- name: install Ubuntu depend on the package
apt:
name: gcc,make,openssl,libssl-dev,libpcre3,libpcre3-dev,zlib1g-dev,libreadline-dev,libsystemd-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- inventory_hostname in groups.haproxy
[root@ansible-server haproxy]# vim tasks/build_lua.yml
- name: unarchive lua package
unarchive:
src: "{
{ LUA_FILE }}"
dest: "{
{ SRC_DIR }}"
when:
- inventory_hostname in groups.haproxy
- name: get LUA_DIR directory
shell:
cmd: echo {
{
LUA_FILE }} | sed -nr 's/^(.*[0-9]).([[:lower:]]).*/\1/p'
register: LUA_DIR
when:
- inventory_hostname in groups.haproxy
- name: Build and install lua
shell:
chdir: "{
{ SRC_DIR }}/{
{ LUA_DIR.stdout }}"
cmd: make all test
when:
- inventory_hostname in groups.haproxy
[root@ansible-server haproxy]# vim tasks/build_haproxy.yml
- name: unarchive haproxy package
unarchive:
src: "{
{ HAPROXY_FILE }}"
dest: "{
{ SRC_DIR }}"
when:
- inventory_hostname in groups.haproxy
- name: get HAPROXY_DIR directory
shell:
cmd: echo {
{
HAPROXY_FILE }} | sed -nr 's/^(.*[0-9]).([[:lower:]]).*/\1/p'
register: HAPROXY_DIR
when:
- inventory_hostname in groups.haproxy
- name: make Haproxy
shell:
chdir: "{
{ SRC_DIR }}/{
{ HAPROXY_DIR.stdout }}"
cmd: make -j {
{
ansible_processor_vcpus }} ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 LUA_INC={
{
SRC_DIR }}/{
{
LUA_DIR.stdout }}/src/ LUA_LIB={
{
SRC_DIR }}/{
{
LUA_DIR.stdout }}/src/ PREFIX={
{
HAPROXY_INSTALL_DIR }}
when:
- inventory_hostname in groups.haproxy
- name: make install Haproxy
shell:
chdir: "{
{ SRC_DIR }}/{
{ HAPROXY_DIR.stdout }}"
cmd: make install PREFIX={
{
HAPROXY_INSTALL_DIR }}
when:
- inventory_hostname in groups.haproxy
[root@ansible-server haproxy]# vim tasks/config.yml
- name: copy haproxy.service file
copy:
src: haproxy.service
dest: /lib/systemd/system
when:
- inventory_hostname in groups.haproxy
- name: create haproxy link
file:
src: "../..{
{ HAPROXY_INSTALL_DIR }}/sbin/{
{ item.src }}"
dest: "/usr/sbin/{
{ item.src }}"
state: link
owner: root
group: root
mode: 755
force: yes
with_items:
- src: haproxy
when:
- inventory_hostname in groups.haproxy
- name: create /etc/haproxy directory
file:
path: /etc/haproxy
state: directory
when:
- inventory_hostname in groups.haproxy
- name: create /var/lib/haproxy/ directory
file:
path: /var/lib/haproxy/
state: directory
when:
- inventory_hostname in groups.haproxy
- name: copy haproxy.cfg file
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
when:
- inventory_hostname in groups.haproxy
- name: Add the kernel
sysctl:
name: net.ipv4.ip_nonlocal_bind
value: "1"
when:
- inventory_hostname in groups.haproxy
- name: PATH variable
copy:
content: 'PATH={
{ HAPROXY_INSTALL_DIR }}/sbin:$PATH'
dest: /etc/profile.d/haproxy.sh
when:
- inventory_hostname in groups.haproxy
- name: PATH variable entry
shell:
cmd: . /etc/profile.d/haproxy.sh
when:
- inventory_hostname in groups.haproxy
[root@ansible-server haproxy]# vim tasks/service.yml
- name: start haproxy
systemd:
name: haproxy
state: started
enabled: yes
daemon_reload: yes
when:
- inventory_hostname in groups.haproxy
[root@ansible-server haproxy]# vim tasks/main.yml
- include: install_package.yml
- include: build_lua.yml
- include: build_haproxy.yml
- include: config.yml
- include: service.yml
[root@ansible-server haproxy]# cd ../../
[root@ansible-server ansible]# tree roles/haproxy/
roles/haproxy/
├── files
│ ├── haproxy-2.4.10.tar.gz
│ ├── haproxy.service
│ └── lua-5.4.3.tar.gz
├── tasks
│ ├── build_haproxy.yml
│ ├── build_lua.yml
│ ├── config.yml
│ ├── install_package.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ └── haproxy.cfg.j2
└── vars
└── main.yml
4 directories, 11 files
[root@ansible-server ansible]# vim haproxy_role.yml
---
- hosts: haproxy:master:harbor
roles:
- role: haproxy
[root@ansible-server ansible]# ansible-playbook haproxy_role.yml
8.安装keepalived
8.1 安装keepalived-master
[root@ansible-server ansible]# mkdir -p roles/keepalived-master/{tasks,files,vars,templates}
[root@ansible-server ansible]# cd roles/keepalived-master/
[root@ansible-server keepalived-master]# ls
files tasks templates vars
[root@ansible-server keepalived-master]# wget https://keepalived.org/software/keepalived-2.2.4.tar.gz -P files/
[root@ansible-server keepalived-master]# vim files/check_haproxy.sh
#!/bin/bash
#
#**********************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2022-01-09
#FileName: check_haproxy.sh
#URL: raymond.blog.csdn.net
#Description: The test script
#Copyright (C): 2022 All rights reserved
#*********************************************************************************************
err=0
for k in $(seq 1 3);do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
[root@ansible-server keepalived-master]# vim vars/main.yml
URL: mirrors.cloud.tencent.com
ROCKY_URL: mirrors.sjtug.sjtu.edu.cn
KEEPALIVED_FILE: keepalived-2.2.4.tar.gz
SRC_DIR: /usr/local/src
KEEPALIVED_INSTALL_DIR: /apps/keepalived
STATE: MASTER
PRIORITY: 100
VIP: 172.31.3.188
[root@ansible-server keepalived-master]# vim templates/PowerTools.repo.j2
[PowerTools]
name=PowerTools
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/PowerTools/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/PowerTools/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[root@ansible-server keepalived-master]# vim templates/keepalived.conf.j2
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script check_haoroxy {
script "/etc/keepalived/check_haproxy.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state {
{
STATE }}
interface {
{
ansible_default_ipv4.interface }}
virtual_router_id 51
priority {
{
PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{
{
VIP }} dev {
{
ansible_default_ipv4.interface }} label {
{
ansible_default_ipv4.interface }}:1
}
track_script {
check_haproxy
}
}
[root@ansible-server keepalived-master]# vim tasks/install_package.yml
- name: find "[PowerTools]" mirror warehouse
find:
path: /etc/yum.repos.d/
contains: '\[PowerTools\]'
register: RETURN
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: copy repo file
template:
src: PowerTools.repo.j2
dest: /etc/yum.repos.d/PowerTools.repo
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky") and (ansible_distribution_major_version=="8")
- RETURN.matched == 0
- name: install CentOS8 or Rocky8 depend on the package
yum:
name: make,gcc,ipvsadm,autoconf,automake,openssl-devel,libnl3-devel,iptables-devel,ipset-devel,file-devel,net-snmp-devel,glib2-devel,pcre2-devel,libnftnl-devel,libmnl-devel,systemd-devel
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: install CentOS7 depend on the package
yum:
name: make,gcc,libnfnetlink-devel,libnfnetlink,ipvsadm,libnl,libnl-devel,libnl3,libnl3-devel,lm_sensors-libs,net-snmp-agent-libs,net-snmp-libs,openssh-server,openssh-clients,openssl,openssl-devel,automake,iproute
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu 20.04 depend on the package
apt:
name: make,gcc,ipvsadm,build-essential,pkg-config,automake,autoconf,libipset-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev,libxtables-dev,libip4tc-dev,libip6tc-dev,libipset-dev,libmagic-dev,libsnmp-dev,libglib2.0-dev,libpcre2-dev,libnftnl-dev,libmnl-dev,libsystemd-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- ansible_distribution_major_version=="20"
- name: install Ubuntu 18.04 depend on the package
apt:
name: make,gcc,ipvsadm,build-essential,pkg-config,automake,autoconf,iptables-dev,libipset-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev,libxtables-dev,libip4tc-dev,libip6tc-dev,libipset-dev,libmagic-dev,libsnmp-dev,libglib2.0-dev,libpcre2-dev,libnftnl-dev,libmnl-dev,libsystemd-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- ansible_distribution_major_version=="18"
[root@ansible-server keepalived-master]# vim tasks/keepalived_file.yml
- name: unarchive keepalived package
unarchive:
src: "{
{ KEEPALIVED_FILE }}"
dest: "{
{ SRC_DIR }}"
[root@ansible-server keepalived_master]# vim tasks/build.yml
- name: get KEEPALIVED_DIR directory
shell:
cmd: echo {
{
KEEPALIVED_FILE }} | sed -nr 's/^(.*[0-9]).([[:lower:]]).*/\1/p'
register: KEEPALIVED_DIR
- name: Build and install Keepalived
shell:
chdir: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}"
cmd: ./configure --prefix={
{
KEEPALIVED_INSTALL_DIR }} --disable-fwmark
- name: make && make install
shell:
chdir: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}"
cmd: make -j {
{
ansible_processor_vcpus }} && make install
[root@ansible-server keepalived-master]# vim tasks/config.yml
- name: create /etc/keepalived directory
file:
path: /etc/keepalived
state: directory
- name: copy keepalived.conf file
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
- name: copy check_haproxy.sh file
copy:
src: check_haproxy.sh
dest: /etc/keepalived/
mode: 0755
- name: copy keepalived.service file
copy:
remote_src: True
src: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}/keepalived/keepalived.service"
dest: /lib/systemd/system/
- name: PATH variable
copy:
content: 'PATH={
{ KEEPALIVED_INSTALL_DIR }}/sbin:$PATH'
dest: /etc/profile.d/keepalived.sh
- name: PATH variable entry
shell:
cmd: . /etc/profile.d/keepalived.sh
[root@ansible-server keepalived-master]# vim tasks/service.yml
- name: start keepalived
systemd:
name: keepalived
state: started
enabled: yes
daemon_reload: yes
[root@ansible-server keepalived-master]# vim tasks/main.yml
- include: install_package.yml
- include: keepalived_file.yml
- include: build.yml
- include: config.yml
- include: service.yml
[root@ansible-server keepalived-master]# cd ../../
[root@ansible-server ansible]# tree roles/keepalived-master/
roles/keepalived-master/
├── files
│ ├── check_haproxy.sh
│ └── keepalived-2.2.4.tar.gz
├── tasks
│ ├── build.yml
│ ├── config.yml
│ ├── install_package.yml
│ ├── keepalived_file.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── keepalived.conf.j2
│ └── PowerTools.repo.j2
└── vars
└── main.yml
4 directories, 11 files
[root@ansible-server ansible]# vim keepalived_master_role.yml
---
- hosts: keepalives_master
roles:
- role: keepalived-master
[root@ansible-server ansible]# ansible-playbook keepalived_master_role.yml
8.2 安装keepalived-backup
[root@ansible-server ansible]# mkdir -p roles/keepalived-backup/{tasks,files,vars,templates}
[root@ansible-server ansible]# cd roles/keepalived-backup/
[root@ansible-server keepalived-master]# ls
files tasks templates vars
[root@ansible-server keepalived-backup]# wget https://keepalived.org/software/keepalived-2.2.4.tar.gz -P files/
[root@ansible-server keepalived-backup]# vim files/check_haproxy.sh
#!/bin/bash
#
#**********************************************************************************************
#Author: Raymond
#QQ: 88563128
#Date: 2022-01-09
#FileName: check_haproxy.sh
#URL: raymond.blog.csdn.net
#Description: The test script
#Copyright (C): 2022 All rights reserved
#*********************************************************************************************
err=0
for k in $(seq 1 3);do
check_code=$(pgrep haproxy)
if [[ $check_code == "" ]]; then
err=$(expr $err + 1)
sleep 1
continue
else
err=0
break
fi
done
if [[ $err != "0" ]]; then
echo "systemctl stop keepalived"
/usr/bin/systemctl stop keepalived
exit 1
else
exit 0
fi
[root@ansible-server keepalived-backup]# vim vars/main.yml
URL: mirrors.cloud.tencent.com
ROCKY_URL: mirrors.sjtug.sjtu.edu.cn
KEEPALIVED_FILE: keepalived-2.2.4.tar.gz
SRC_DIR: /usr/local/src
KEEPALIVED_INSTALL_DIR: /apps/keepalived
STATE: BACKUP
PRIORITY: 90
VIP: 172.31.3.188
[root@ansible-server keepalived-backup]# vim templates/PowerTools.repo.j2
[PowerTools]
name=PowerTools
{
% if ansible_distribution =="Rocky" %}
baseurl=https://{
{
ROCKY_URL }}/rocky/$releasever/PowerTools/$basearch/os/
{
% elif ansible_distribution=="CentOS" %}
baseurl=https://{
{
URL }}/centos/$releasever/PowerTools/$basearch/os/
{
% endif %}
gpgcheck=1
{
% if ansible_distribution =="Rocky" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
{
% elif ansible_distribution=="CentOS" %}
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
{
% endif %}
[root@ansible-server keepalived-backup]# vim templates/keepalived.conf.j2
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
script_user root
enable_script_security
}
vrrp_script check_haoroxy {
script "/etc/keepalived/check_haproxy.sh"
interval 5
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state {
{
STATE }}
interface {
{
ansible_default_ipv4.interface }}
virtual_router_id 51
priority {
{
PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{
{
VIP }} dev {
{
ansible_default_ipv4.interface }} label {
{
ansible_default_ipv4.interface }}:1
}
track_script {
check_haproxy
}
}
[root@ansible-server keepalived-backup]# vim tasks/install_package.yml
- name: find "[PowerTools]" mirror warehouse
find:
path: /etc/yum.repos.d/
contains: '\[PowerTools\]'
register: RETURN
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: copy repo file
template:
src: PowerTools.repo.j2
dest: /etc/yum.repos.d/PowerTools.repo
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky") and (ansible_distribution_major_version=="8")
- RETURN.matched == 0
- name: install CentOS8 or Rocky8 depend on the package
yum:
name: make,gcc,ipvsadm,autoconf,automake,openssl-devel,libnl3-devel,iptables-devel,ipset-devel,file-devel,net-snmp-devel,glib2-devel,pcre2-devel,libnftnl-devel,libmnl-devel,systemd-devel
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: install CentOS7 depend on the package
yum:
name: make,gcc,libnfnetlink-devel,libnfnetlink,ipvsadm,libnl,libnl-devel,libnl3,libnl3-devel,lm_sensors-libs,net-snmp-agent-libs,net-snmp-libs,openssh-server,openssh-clients,openssl,openssl-devel,automake,iproute
when:
- ansible_distribution=="CentOS"
- ansible_distribution_major_version=="7"
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu 20.04 depend on the package
apt:
name: make,gcc,ipvsadm,build-essential,pkg-config,automake,autoconf,libipset-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev,libxtables-dev,libip4tc-dev,libip6tc-dev,libipset-dev,libmagic-dev,libsnmp-dev,libglib2.0-dev,libpcre2-dev,libnftnl-dev,libmnl-dev,libsystemd-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- ansible_distribution_major_version=="20"
- name: install Ubuntu 18.04 depend on the package
apt:
name: make,gcc,ipvsadm,build-essential,pkg-config,automake,autoconf,iptables-dev,libipset-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev,libxtables-dev,libip4tc-dev,libip6tc-dev,libipset-dev,libmagic-dev,libsnmp-dev,libglib2.0-dev,libpcre2-dev,libnftnl-dev,libmnl-dev,libsystemd-dev
force: yes
when:
- ansible_distribution=="Ubuntu"
- ansible_distribution_major_version=="18"
[root@ansible-server keepalived-backup]# vim tasks/keepalived_file.yml
- name: unarchive keepalived package
unarchive:
src: "{
{ KEEPALIVED_FILE }}"
dest: "{
{ SRC_DIR }}"
[root@ansible-server keepalived_backup]# vim tasks/build.yml
- name: get KEEPALIVED_DIR directory
shell:
cmd: echo {
{
KEEPALIVED_FILE }} | sed -nr 's/^(.*[0-9]).([[:lower:]]).*/\1/p'
register: KEEPALIVED_DIR
- name: Build and install Keepalived
shell:
chdir: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}"
cmd: ./configure --prefix={
{
KEEPALIVED_INSTALL_DIR }} --disable-fwmark
- name: make && make install
shell:
chdir: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}"
cmd: make -j {
{
ansible_processor_vcpus }} && make install
[root@ansible-server keepalived-backup]# vim tasks/config.yml
- name: create /etc/keepalived directory
file:
path: /etc/keepalived
state: directory
- name: copy keepalived.conf file
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
- name: copy check_haproxy.sh file
copy:
src: check_haproxy.sh
dest: /etc/keepalived/
mode: 0755
- name: copy keepalived.service file
copy:
remote_src: True
src: "{
{ SRC_DIR }}/{
{ KEEPALIVED_DIR.stdout }}/keepalived/keepalived.service"
dest: /lib/systemd/system/
- name: PATH variable
copy:
content: 'PATH={
{ KEEPALIVED_INSTALL_DIR }}/sbin:$PATH'
dest: /etc/profile.d/keepalived.sh
- name: PATH variable entry
shell:
cmd: . /etc/profile.d/keepalived.sh
[root@ansible-server keepalived-backup]# vim tasks/service.yml
- name: start keepalived
systemd:
name: keepalived
state: started
enabled: yes
daemon_reload: yes
[root@ansible-server keepalived-backup]# vim tasks/main.yml
- include: install_package.yml
- include: keepalived_file.yml
- include: build.yml
- include: config.yml
- include: service.yml
[root@ansible-server keepalived-backup]# cd ../../
[root@ansible-server ansible]# tree roles/keepalived-backup/
roles/keepalived-backup/
├── files
│ ├── check_haproxy.sh
│ └── keepalived-2.2.4.tar.gz
├── tasks
│ ├── build.yml
│ ├── config.yml
│ ├── install_package.yml
│ ├── keepalived_file.yml
│ ├── main.yml
│ └── service.yml
├── templates
│ ├── keepalived.conf.j2
│ └── PowerTools.repo.j2
└── vars
└── main.yml
4 directories, 11 files
[root@ansible-server ansible]# vim keepalived_backup_role.yml
---
- hosts: keepalives_backup
roles:
- role: keepalived-backup
[root@ansible-server ansible]# ansible-playbook keepalived_backup_role.yml
9.安装harbor
9.1 docker基于镜像仓库
[root@ansible-server ansible]# mkdir -p roles/docker/{tasks,vars,templates}
[root@ansible-server ansible]# cd roles/docker/
[root@ansible-server docker]# ls
tasks templates vars
[root@ansible-server docker]# vim templates/daemon.json.j2
{
"registry-mirrors": [
"https://registry.docker-cn.com",
"http://hub-mirror.c.163.com",
"https://docker.mirrors.ustc.edu.cn"
],
"insecure-registries": ["{
{ HARBOR_DOMAIN }}"],
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 10,
"max-concurrent-uploads": 5,
"log-opts": {
"max-size": "300m",
"max-file": "2"
},
"live-restore": true
}
[root@ansible-server docker]# vim vars/main.yml
DOCKER_VERSION: 19.03.15
DOCKER_MIRRORS: mirrors.cloud.tencent.com
HARBOR_DOMAIN: harbor.raymonds.cc
[root@ansible-server docker]# vim tasks/install_docker_yum.yml
- name: remove podman
yum:
name: podman
state: absent
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- ansible_distribution_major_version=="8"
- name: add CentOS or Rocky docker mirror warehouse
yum_repository:
name: docker-ce
description: docker-ce
file: docker-ce
baseurl: https://{
{
DOCKER_MIRRORS }}/docker-ce/linux/centos/{
{
ansible_distribution_major_version }}/x86_64/stable/
gpgkey: https://{
{
DOCKER_MIRRORS }}/docker-ce/linux/centos/gpg
gpgcheck: yes
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: install CentOS or Rocky docker
yum:
name: docker-ce-{
{
DOCKER_VERSION }},docker-ce-cli-{
{
DOCKER_VERSION }}
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
[root@ansible-server docker]# vim tasks/install_docker_apt.yml
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu docker depend on the package
apt:
name: apt-transport-https,ca-certificates,curl,software-properties-common
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: import Ubuntu docker key
apt_key:
url: https://{
{
DOCKER_MIRRORS }}/docker-ce/linux/ubuntu/gpg
when:
- ansible_distribution=="Ubuntu"
- name: import Ubuntu docker installation source
apt_repository:
repo: "deb [arch=amd64] https://{
{ DOCKER_MIRRORS }}/docker-ce/linux/ubuntu {
{ ansible_distribution_release }} stable"
filename: docker-ce
when:
- ansible_distribution=="Ubuntu"
- name: delete /var/lib/dpkg/lock file
file:
path: /var/lib/dpkg/lock
state: absent
when:
- ansible_distribution=="Ubuntu"
- name: delete /var/lib/apt/lists/lock file
file:
path: /var/lib/apt/lists/lock
state: absent
when:
- ansible_distribution=="Ubuntu"
- name: delete /var/cache/apt/archives/lock file
file:
path: /var/cache/apt/archives/lock
state: absent
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu docker
apt:
name: docker-ce=5:{
{
DOCKER_VERSION }}~3-0~ubuntu-{
{
ansible_distribution_release }},docker-ce-cli=5:{
{
DOCKER_VERSION }}~3-0~ubuntu-{
{
ansible_distribution_release }}
force: yes
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server docker]# vim tasks/set_mirror_accelerator.yml
- name: mkdir /etc/docker
file:
path: /etc/docker
state: directory
- name: set mirror_accelerator
template:
src: daemon.json.j2
dest: /etc/docker/daemon.json
[root@ansible-server docker]# vim tasks/service.yml
- name: start docker
systemd:
name: docker
state: started
enabled: yes
daemon_reload: yes
[root@ansible-server docker]# vim tasks/set_alias.yml
- name: set docker alias
lineinfile:
path: ~/.bashrc
line: "{
{ item }}"
loop:
- "alias rmi=\"docker images -qa|xargs docker rmi -f\""
- "alias rmc=\"docker ps -qa|xargs docker rm -f\""
[root@ansible-server docker]# vim tasks/set_swap.yml
- name: set WARNING No swap limit support
replace:
path: /etc/default/grub
regexp: '^(GRUB_CMDLINE_LINUX=.*)\"$'
replace: '\1 swapaccount=1"'
when:
- ansible_distribution=="Ubuntu"
- name: update-grub
shell:
cmd: update-grub
when:
- ansible_distribution=="Ubuntu"
- name: reboot Ubuntu system
reboot:
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server docker]# vim tasks/main.yml
- include: install_docker_yum.yml
- include: install_docker_apt.yml
- include: set_mirror_accelerator.yml
- include: service.yml
- include: set_alias.yml
- include: set_swap.yml
[root@ansible-server docker]# cd ../../
[root@ansible-server ansible]# tree roles/docker
roles/docker
├── tasks
│ ├── install_docker_apt.yml
│ ├── install_docker_yum.yml
│ ├── main.yml
│ ├── service.yml
│ ├── set_alias.yml
│ ├── set_mirror_accelerator.yml
│ └── set_swap.yml
├── templates
│ └── daemon.json.j2
└── vars
└── main.yml
3 directories, 9 files
9.2 docker-compose
[root@ansible-server ansible]# mkdir -p roles/docker-compose/{tasks,files}
[root@ansible-server ansible]# cd roles/docker-compose/
[root@ansible-server docker-compose]# ls
files tasks
[root@ansible-server docker-compose]# wget https://github.com/docker/compose/releases/download/1.29.2/docker-compose-Linux-x86_64 -P files
[root@ansible-server docker-compose]# vim tasks/install_docker_compose.yml
- name: copy docker compose file
copy:
src: docker-compose-linux-x86_64
dest: /usr/bin/docker-compose
mode: 755
[root@ansible-server docker-compose]# vim tasks/main.yml
- include: install_docker_compose.yml
[root@ansible-server ansible]# tree roles/docker-compose/
roles/docker-compose/
├── files
│ └── docker-compose-linux-x86_64
└── tasks
├── install_docker_compose.yml
└── main.yml
2 directories, 3 files
9.3 harbor
[root@ansible-server ansible]# mkdir -p roles/harbor/{tasks,files,templates,vars,meta}
[root@ansible-server ansible]# cd roles/harbor/
[root@ansible-server harbor]# ls
files meta tasks templates vars
[root@ansible-server harbor]# wget https://github.com/goharbor/harbor/releases/download/v2.4.1/harbor-offline-installer-v2.4.1.tgz -P files/
[root@ansible-server harbor]# vim templates/harbor.service.j2
[Unit]
Description=Harbor
After=docker.service systemd-networkd.service systemd-resolved.service
Requires=docker.service
Documentation=http://github.com/vmware/harbor
[Service]
Type=simple
Restart=on-failure
RestartSec=5
ExecStart=/usr/bin/docker-compose -f {
{
HARBOR_INSTALL_DIR }}/harbor/docker-compose.yml up
ExecStop=/usr/bin/docker-compose -f {
{
HARBOR_INSTALL_DIR }}/harbor/docker-compose.yml down
[Install]
WantedBy=multi-user.target
[root@ansible-server harbor]# vim vars/main.yml
HARBOR_INSTALL_DIR: /apps
HARBOR_VERSION: 2.4.1
HARBOR_ADMIN_PASSWORD: 123456
[root@ansible-server harbor]# vim tasks/harbor_files.yml
- name: create HARBOR_INSTALL_DIR directory
file:
path: "{
{ HARBOR_INSTALL_DIR }}"
state: directory
- name: unarchive harbor package
unarchive:
src: "harbor-offline-installer-v{
{ HARBOR_VERSION }}.tgz"
dest: "{
{ HARBOR_INSTALL_DIR }}/"
creates: "{
{ HARBOR_INSTALL_DIR }}/harbor"
[root@ansible-server harbor]# vim tasks/config.yml
- name: mv harbor.yml
shell:
cmd: mv {
{
HARBOR_INSTALL_DIR }}/harbor/harbor.yml.tmpl {
{
HARBOR_INSTALL_DIR }}/harbor/harbor.yml
creates: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
- name: set harbor.yml file 'hostname' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: '^(hostname:) .*'
replace: '\1 {
{ ansible_default_ipv4.address }}'
- name: set harbor.yml file 'harbor_admin_password' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: '^(harbor_admin_password:) .*'
replace: '\1 {
{ HARBOR_ADMIN_PASSWORD }}'
- name: set harbor.yml file 'https' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: '^(https:)'
replace: '#\1'
- name: set harbor.yml file 'port' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: ' (port: 443)'
replace: '# \1'
- name: set harbor.yml file 'certificate' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: ' (certificate: .*)'
replace: '# \1'
- name: set harbor.yml file 'private_key' string line
replace:
path: "{
{ HARBOR_INSTALL_DIR }}/harbor/harbor.yml"
regexp: ' (private_key: .*)'
replace: '# \1'
[root@ansible-server harbor]# vim tasks/install_python.yml
- name: install CentOS or Rocky python
yum:
name: python3
when:
- (ansible_distribution=="CentOS" or ansible_distribution=="Rocky")
- name: delete lock files
file:
path: "{
{ item }}"
state: absent
loop:
- /var/lib/dpkg/lock
- /var/lib/apt/lists/lock
- /var/cache/apt/archives/lock
when:
- ansible_distribution=="Ubuntu"
- name: apt update
apt:
update_cache: yes
force: yes
when:
- ansible_distribution=="Ubuntu"
- name: install Ubuntu python
apt:
name: python3
when:
- ansible_distribution=="Ubuntu"
[root@ansible-server harbor]# vim tasks/install_harbor.yml
- name: install harbor
shell:
cmd: "{
{ HARBOR_INSTALL_DIR }}/harbor/install.sh"
[root@ansible-server harbor]# vim tasks/service_file.yml
- name: copy harbor.service
template:
src: harbor.service.j2
dest: /lib/systemd/system/harbor.service
[root@ansible-server harbor]# vim tasks/service.yml
- name: service enable
systemd:
name: harbor
state: started
enabled: yes
daemon_reload: yes
[root@ansible-server harbor]# vim tasks/main.yml
- include: harbor_files.yml
- include: config.yml
- include: install_python.yml
- include: install_harbor.yml
- include: service_file.yml
- include: service.yml
#这里是harbor依赖的角色,docker-binary就是docker基于二进制安装,根据情况修改
[root@ansible-server harbor]# vim meta/main.yml
dependencies:
- role: docker
- role: docker-compose
[root@ansible-server harbor]# cd ../../
[root@ansible-server ansible]# tree roles/harbor/
roles/harbor/
├── files
│ └── harbor-offline-installer-v2.4.1.tgz
├── meta
│ └── main.yml
├── tasks
│ ├── config.yml
│ ├── harbor_files.yml
│ ├── install_harbor.yml
│ ├── install_python.yml
│ ├── main.yml
│ ├── service_file.yml
│ └── service.yml
├── templates
│ └── harbor.service.j2
└── vars
└── main.yml
5 directories, 11 files
[root@ansible-server ansible]# vim harbor_role.yml
---
- hosts: harbor
roles:
- role: harbor
[root@ansible-server ansible]# ansible-playbook harbor_role.yml
9.4 创建harbor仓库
这步一定要做,不然后面镜像下载了上传不到harbor,ansible会执行出错
在harbor01新建项目google_containers
在harbor02新建项目google_containers
在harbor02上新建目标
在harbor02上新建规则
在harbor01上新建目标
在harbor01上新建规则
