Project Description:
The company deployed a large-scale marketing activities, under the overall company turnover sprint, requires each business group to prepare for the big promotion end of the year; operation and maintenance requires that all business conducted three times the capacity expansion, and built several sets of co-development and test environments can personnel to do the test;
1, mounted on the control node Centos
It can be installed after the ansible Centos6 ansible version of the system has not yet been added to the package mounting base yum source, the source need to install epel
[root@ chenc01 ~]# yum -y install epel-release
When the Centos7, ansible installation package has been added to the base of source yum, yum installation can be used directly
[root@ chenc01 ~]# yum -y install ansible
2, ssh connection configuration without password
Control nodes and managed nodes when communication is established through openssh, the control node and definitely need the account number and password to establish communications managed node certification by! Each mission will need to enter the account number and password in the use of the process is very convenient! So we are here to establish a credit node configuration control and managed nodes, implemented by public-key authentication control nodes and managed nodes without password ssh connection!
# 在控制节点操作:
# 生成密钥对
[root@ chenc01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8d:e5:df:ca:b4:2f:2f:b7:d1:c4:0a:4b:fa:2b:a0:f7 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| = . |
| S o o o|
| . + + + |
| . .. + + .|
| . . .+oo.. |
| . .E.*B+. |
+-----------------+
# 拷贝公钥到受管节点
[root@ chenc01 ~]# ssh-copy-id root@IP
The authenticity of host 'IP (IP)' can't be established.
RSA key fingerprint is 9b:57:b9:86:84:90:a4:4b:44:3e:18:9f:8a:29:6f:e5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'IP' (RSA) to the list of known hosts.
root@IP's password:
Now try logging into the machine, with "ssh 'root@IP'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
First copy need to enter a password before you can copy the public key in the past, and then later enter after the connection does not need to enter the account password!
3, edit the host file list (Inventory)
We need all the managed node host manifest file is added in the form of a host name or ip of the
Group name in parentheses is the definition of webservers, below 50 servers is a member of the host group;
# 编辑主机清单文件
[root@ chenc01 ~]# vim /etc/ansible/hosts
# 我们也可以按如下格式添加主机
[webservers]
192.0.2.[50:100]
4, the test
ansible执行一条任务的语法格式:
ansible 主机/主机组 -m 模块 -a ‘模块的参数’
# 我们使用ping模块ping清单文件中所有节点,查看是否可达
[root@ chenc01 ~]# ansible all -m ping
10.0.0.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.63 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 当然我们也可以指定组或者主机操作
[root@ chenc01 ~]# ansible webservers -m ping
10.0.0.62 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.0.63 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 我们再来在受管节点执行一条命令,查看受管节点的ip信息
[root@ chenc01 ~]# ansible webservers -a "ifconfig"
10.0.0.62 | SUCCESS | rc=0 >>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet 10.0.0.99/30 brd 10.0.0.99 scope global lo:0
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4e:13:49 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.62/24 brd 10.0.0.255 scope global eth0
inet6 fe80::20c:29ff:fe4e:1349/64 scope link
valid_lft forever preferred_lft forever
。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。。
5, Yum install Apache
yum模块用来在CentOS系统上使用yum命令安装软件包
选项:
name: 指定安装包的名字
state:latest 安装最新版 present 默认安装 installed 安装 absent 卸载
removed 卸载
例子:[root@ chenc01 ~]# ansible webservers -m yum -a 'name=httpd state=latest'
10.0.0.62 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing httpd are up to date",
""
]
}
10.0.0.63 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing httpd are up to date",
""
]
}
# service开启服务器
service模块用来管理CentOS上的服务的启动、关闭、重启和重载
选项:
name: 服务名字
state: started(启动) stopped(停止) restarted(重启) reloaded(重载)
enabled: 默认是no,将服务设置为开机自启
例子:[root@ chenc01 ~]# ansible webservers -m service -a 'name=httpd state=started enabled=yes'
10.0.0.62 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
10.0.0.63 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
6, Ansible-playbook-volume deployment of Tomcat
1) Construction of a directory structure
# 此操作是安装nginx+mysql+tomcat+db的目录结构,可以参考一下,不错~
[root@ chenc01 ~]# mkdir -p /ansible/roles/{nginx,mysql,tomcat,db}/{defaults,files,handlers,meta,tasks,templates,vars}
- defaults to find the default path
- tasks stored playbooks path
- files to store files and scripts package, copy the file module search path
- templates template storage path
- call handlers notify part playbook storage path
- Vars roles within the variable storage path
2) file directory structure
[root@ chenc01 ~]# tree /ansible/
/ansible/
└── roles
├── db
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── mysql
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
├── nginx
│ ├── defaults
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ ├── templates
│ └── vars
└── tomcat
├── defaults
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
33 directories, 0 files
3) Install Tomcat using playbook
[root@ chenc01 ~]# cat main.yml
---
- hosts: webservers # 这里根据自己的需要修改成要被操作的远程主机
remote_user: root # 远程执行命令的用户名
tasks: # 任务列表
#创建用户
- name: group
group: name=tomcat
- name: user
user: name=tomcat group=tomcat home=/usr/tomcat
sudo: True
##############################这个源码包安装JDK#############################
# 复制jdk到tmp目录下
- name: "复制jdk到tmp目录下"
copy: src=/root/jdk-8u131-linux-x64_.rpm dest=/tmp/jdk-8u131-linux-x64_.rpm
# 解压jdk包到/application
- name: "解压jdk包"
yum:
name: /tmp/jdk-8u131-linux-x64_.rpm
state: present
# command: /bin/rpm -ivh /tmp/jdk-8u131-linux-x64_.rpm -C /application
##########################安装tomcat###########################################
- name: "解压Tomcat"
copy: src=apache-tomcat-8.5.35.tar.gz dest=/tmp/apache-tomcat-8.5.35.tar.gz
# 解压tomcat到opt目录
- name: "解压tomcat到opt目录"
command: /bin/tar xf /tmp/apache-tomcat-8.5.35.tar.gz -C /opt
# 创建软连接
- name: "创建软连接"
file: src=/opt/apache-tomcat-8.5.35/ dest=/tmp/tomcat state=link
# 赋予目录权限
- name: "赋予目录权限"
file: path=/application/tomcat/ owner=tomcat group=tomcat state=directory recurse=yes
# 开启tomcat
- name: "开启tomcat"
shell: ss -anpt|grep 8080 || nohup /tmp/tomcat/bin/catalina.sh run &
[root@ chenc01 ~]# ansible-playbook main.yml --syntax-check #检查语法
[root@ chenc01 ~]# ansible-playbook main.yml #执行
7, Ansible-playbook-volume deployment of MySQL
[root@ chenc01 ~]# mkdir mysql
[root@ chenc01 mysql]# vim mysql.yml
---
- hosts: webservers
tasks:
- name: copy mysql_tar_gz to client
copy: src=mysql-5.6.35.tar.gz dest=/tmp/mysql-5.6.35.tar.gz
- name: copy install_script to client
copy: src=mysql_install.sh dest=/tmp/mysql_install.sh owner=root group=root mode=755
- name: install mysql
shell: /bin/bash /tmp/mysql_install.sh
1) Create a mysql installation script
[root@ chenc01 mysql]# cat mysql_install.sh
#!/bin/bash
# 定义mysql数据库路径,和mysql登录密码
DBDIR='/application/mysql/data'
PASSWD='bingoclo123'
# 判断数据目录是否存在如果不存在递归创建目录
[ -d $DBDIR ] || mkdir $DBDIR -p
# 安装mysql组件
yum install cmake make gcc-c++ bison-devel ncurses-devel -y
id mysql &> /dev/null
# 如果执行id mysql输出为0 那么就是执行正确创建mysql用户
if [ $? -ne 0 ];then
useradd mysql -s /sbin/nologin -M
fi
# 赋予数据目录权限
chown -R mysql.mysql $DBDIR
# 切换到tmp目录,解压mysql,编译安装mysql到/application/mysql
cd /tmp/
tar xf mysql-5.6.35.tar.gz
cd mysql-5.6.35
cmake . -DCMAKE_INSTALL_PREFIX=/application/mysql \
-DMYSQL_DATADIR=$DBDIR \
-DMYSQL_UNIX_ADDR=$DBDIR/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_READLINE=1 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EMBEDDED_SERVER=1
# 判断如果以上执行结果不等于0,说明执行失败,退出!
if [ $? != 0 ];then
echo "cmake error!"
exit 1
fi
# 判断执行成功,继续往下走
make && make install
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
sleep 2
# 做软连接
ln -s /application/mysql/bin/* /usr/bin/
# 复制mysql配置文件
cp -f /application/mysql/support-files/my-default.cnf /etc/my.cnf
# 复制mysql启停脚本到init.d
cp -f /application/mysql/support-files/mysql.server /etc/init.d/mysqld
# 执行权
chmod 700 /etc/init.d/mysqld
# 初始化mysql
/application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=$DBDIR --user=mysql
# 如果mysql初始化失败提示install mysql is failed! 否则/etc/init.d/mysqld start
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
/etc/init.d/mysqld start
# 如果mysql开启失败提示install mysql is failed! 否则继续往下走
if [ $? -ne 0 ];then
echo "install mysql is failed!" && /bin/false
fi
# 开机自启
chkconfig --add mysqld
chkconfig mysqld on
/application/mysql/bin/mysql -e "update mysql.user set password=password('$PASSWD') where host='localhost' and user=
'root';"
/application/mysql/bin/mysql -e "update mysql.user set password=password('$PASSWD') where host='127.0.0.1' and user=
'root';"
/application/mysql/bin/mysql -e "delete from mysql.user where password='';"
/application/mysql/bin/mysql -e "flush privileges;"
if [ $? -eq 0 ];then
echo "ins_done"
fi
2) command execution ansible
[root@ chenc01 mysql]# ansible-playbook mysql.yml --syntax-check #检查语法
[root@ chenc01 mysql]# ansible-playbook mysql.yml #执行
8, Ansible-playbook-volume deployment Nginx
# 创建nginx目录
[root@ chenc01 ~]# mkdir nginx
[root@ chenc01 ~]# cd nginx
# 上传并解压nginx包
[root@ chenc01 nginx]# tar zxf nginx-1.12.2.tar.gz
[root@ chenc01 nginx]# cd nginx-1.12.2
# 把nginx.conf文件复制到root下的nginx里
[root@ chenc01 nginx-1.12.2]# cp conf/nginx.conf /root/nginx/
[root@ chenc01 nginx-1.12.2]# cd /root/nginx/
[root@ chenc01 nginx]# ls
nginx-1.12.2 nginx-1.12.2.tar.gz nginx.conf
# 删除本机解压的nginx包
[root@ chenc01 nginx]# rm -rf nginx-1.12.2
[root@ chenc01 nginx]# vim nginx.yml
[root@ chenc01 nginx]# cat nginx.yml
---
- hosts: webservers
tasks:
- name: "推送Nginx源码包"
unarchive: src=nginx-1.12.2.tar.gz dest=/root/
- name: "安装依赖环境库"
yum: name=gcc,gcc-c++,pcre-devel,zlib-devel state=latest
- name: "安装Nginx"
shell: cd /root/nginx-1.12.2 && ./configure && make && make install
- name: "推送配置文件"
copy: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf
- name: "启动Nginx服务"
shell: netstat -ntl | grep -qw 80 || /usr/local/nginx/sbin/nginx
