一、环境:
Ansible控制机:172.16.0.6 Ansible nginx:172.16.0.{2|4} Ansible Keepalived: 172.16.0.{2|4} Ansible httpd: 172.16.0.{128|129} Keepalived IP:192.168.220.5/32
除控制机全部采用Linux Cento7,外网统一192.168.220.0/27
一般生产机我们会把Yum仓库指向自己搭建的,这里我们使用ail以及163的Yum仓库
{2|4}使用ail仓库源
root@centos7 nginx]# cat /etc/yum.repos.d/ail.repo [centos7] name=centeros7 base baseurl=http://mirrors.aliyun.com/centos/7/os/x86_64/ gpgcheck=0 [epel] name=epel base baseurl=http://mirrors.aliyun.com/epel/7/x86_64 gpgcheck=0
{128|129}使用163仓库源,地址:
[root@Centos7 yum.repos.d]# cat /etc/yum.repos.d/CentOS7-Base-163.repo # CentOS-Base.repo ... [base] name=CentOS-$releasever - Base - 163.com #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os baseurl=http://mirrors.163.com/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7 ...
二、Ansible控制机目录结构:
[root@HA2 ansible]# tree . . ├── ansible.cfg #Ansible配置文件 ├── hosts #Ansible主机清单 ├── roles #Ansible 角色目录 │ ├── httpd #httpd角色 │ │ ├── default #定义默认配置yml │ │ ├── files #copy模块用到的目录 │ │ │ ├── index.html │ │ │ └── index.php │ │ ├── handlers #nodify触发用到的目录 │ │ │ └── main.yml │ │ ├── meta │ │ ├── tasks #任务用到的目录 │ │ │ ├── install_httpd.yml │ │ │ ├── main.yml │ │ │ └── remove_httpd.yml │ │ ├── templates #模块用到的目录 │ │ │ └── httpd.conf.j2 │ │ └── vars #表里用到的目录 │ │ └── main.yml │ ├── keepalived │ │ ├── default │ │ ├── files │ │ ├── handlers │ │ │ └── main.yml │ │ ├── meta │ │ ├── tasks │ │ │ ├── install_keepalived.yml │ │ │ ├── main.yml │ │ │ └── remove_keepalived.yml │ │ ├── templates │ │ │ ├── keepalived.conf.j2 │ │ │ └── keepalived.conf.j2.bak │ │ └── vars │ ├── memcached │ │ ├── default │ │ ├── files │ │ │ └── memcached.j2 │ │ ├── handlers │ │ ├── meta │ │ ├── tasks │ │ │ ├── install_memcached.yml │ │ │ ├── main.yml │ │ │ └── remove_memcached.yml │ │ ├── templates │ │ │ ├── main.yml │ │ │ └── memcached.j2 │ │ └── vars │ │ └── main.yml │ └── nginx │ ├── default │ ├── files │ │ └── index.html │ ├── handlers │ │ └── main.yml │ ├── meta │ ├── tasks │ │ ├── install_nginx.yml │ │ ├── main.yml │ │ └── remove_nginx.yml │ ├── templates │ │ └── nginx.conf.j2 │ └── vars │ └── main.yml ├── service.retry └── service.yml #定义主机以及远程用户
三、问件分析:
ansible.cfg:这里使用的是默认
hosts:
[root@HA2 ansible]# cat hosts[nginx] #定义nginx主机清单列表,下面mb,prioroty为变量 172.16.0.2 mb=MASTER prioroty=100 172.16.0.4 mb=BACKUP prioroty=98 [httpd] #定义httpd主机清单,hname为变量 172.16.0.128 hname=httpd128 172.16.0.129 hname=httpd129 [dbserver] #定义dbserver主机清单,这里我没有去安装 172.16.0.5 hname=dbserver
server.yml:
[root@HA2 ansible]# cat service.yml - hosts: all #定义hosts范围 remote_user: root #定义远程用户 roles: #使用roles - nginx #nginx列表,就是roles目录下的nginx目录 - httpd #httpd列表,就是roles目录下的httpd目录 - keepalived #keepalived列表,就是roles目录下的keepalived目录
[root@HA2 ansible]# cat service.retry #执行后自动生成,无需理会 172.16.0.2 172.16.0.4
roles:
[root@HA2 ansible]# ls roles/ #每一个文件目录名称为一个角色 httpd keepalived memcached nginx
nginx
每个角色结构如下,上面解释过就不介绍,下面介绍配置文件
[root@HA2 ansible]# tree roles/nginx/ roles/nginx/ ├── default ├── files │ └── index.html ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_nginx.yml │ ├── main.yml │ └── remove_nginx.yml ├── templates │ └── nginx.conf.j2 └── vars └── main.yml7 directories, 7 files
files/index.html:存放copy所用到的文件
handlers/main.yml:
[root@HA2 ansible]# cat roles/nginx/handlers/main.yml - name: restart nginx #与nodify:定义的名字保持一致 service: name=nginx state=restarted #定义使用service Module采取的动作为重启,对应的程序为nginx
tasks/install_nginx.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/install_nginx.yml - name: install nginx #定义一个输出名称为install nginx yum: name=nginx state=present #使用yum Module 安装nginx - name: install nginx index.html copy: src=index.html dest=/usr/share/nginx/html/index.html #使用copy Module 复制files/index.html文件到远程服务器 notify: restart nginx #使用notify Module 定义一个引用 tags: modify nginx config copy #定义一个tags,使用ansible-playbook可以使用-t "XXXX"指定执行的区域命令 - name: install config template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf #使用template Module 引用template/nginx.conf.j2模块 notify: restart nginx #定义notify tags: modify nginx config #定义tags - name: start nginx service: name=nginx state=started enabled=true #定义使用service Module采取的动作为重启,对应的程序为nginx 并开机自动启动
tasks/remove_nginx.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/remove_nginx.yml - name: remove nginx yum: name=nginx state=absent #使用yum Module采取的动作为删除,对应程序为nginx
tasks/main.yml:
[root@HA2 ansible]# cat roles/nginx/tasks/main.yml - include: tasks/install_nginx.yml #使用include包含我们之前定义的.yml文件 tags: install #定义tags when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' #定义只有等于{2|4}才执行 - include: tasks/remove_nginx.yml #使用include包含我们之前定义的.yml文件 tags: remove #定义tags when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' #定义只有等于{2|4}才执行 template/nginx.conf.j2:
[root@HA2 ansible]# cat roles/nginx/templates/nginx.conf.j2 ... user { { runuser }}; #我们在vars/main.yml定义的变量 worker_processes { { ansible_processor_vcpus-1 }}; #setup获取的fastc变量 ... server { listen { { nginx_prot }} default_server; #我们在vars/main.yml定义的变量 ... 7.vars/main.yml:
[root@HA2 ansible]# cat roles/nginx/vars/main.yml runuser: daemon #定义变量 nginx_prot: 80 #定义变量
httpd
每个角色结构如下,上面解释过就不介绍,下面介绍配置文件
[root@HA2 ansible]# tree roles/httpd/ #httpd角色目录结构 roles/httpd/ ├── default ├── files │ ├── index.html │ └── index.php ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_httpd.yml │ ├── main.yml │ └── remove_httpd.yml ├── templates │ └── httpd.conf.j2 └── vars └── main.yml7 directories, 8 files
[root@HA2 ansible]# cat roles/httpd/files/index.htmlTest file.
[root@HA2 ansible]# cat roles/httpd/files/index.php
[root@HA2 ansible]# cat roles/httpd/handlers/main.yml - name: restart httpd service: name=httpd state=restarted
[root@HA2 ansible]# cat roles/httpd/tasks/install_httpd.yml - name: install httpd yum: name=httpd state=present - name: install php yum: name=php state=present - name: install httpd index.html copy: src=index.html dest=/var/www/html/index.html notify: restart httpd tags: modify httpd config copy - name: install httpd index.php copy: src=index.php dest=/var/www/html/index.php notify: restart httpd tags: modify httpd config copy - name: install config template: src=httpd.conf.j2 dest=/etc/nginx/httpd.conf notify: restart httpd tags: modify httpd config - name: start httpd service: name=httpd state=started enabled=true
[root@HA2 ansible]# cat roles/httpd/tasks/remove_httpd.yml - name: remove httpd yum: name=httpd state=absent - name: remove php yum: name=php state=absent
[root@HA2 ansible]# cat roles/httpd/tasks/main.yml - include: tasks/install_httpd.yml when: ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129' tags: install - include: tasks/remove_httpd.yml tags: remove when: ansible_eth0.ipv4.address == '172.16.0.128' or ansible_eth0.ipv4.address == '172.16.0.129'
[root@HA2 ansible]# cat roles/httpd/templates/httpd.conf.j2 #默认配置,里面可以定义变量就懒得贴了
[root@HA2 ansible]# cat roles/httpd/vars/main.yml index: - index.php - index.html
[root@HA2 ansible]# tree roles/keepalived/ #keepalived角色目录结构 roles/keepalived/ ├── default ├── files ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_keepalived.yml │ ├── main.yml │ └── remove_keepalived.yml ├── templates │ ├── keepalived.conf.j2 │ └── keepalived.conf.j2.bak└── vars7 directories, 6 files
[root@HA2 ansible]# cat roles/keepalived/handlers/main.yml - name: restart keepalived service: name=keepalived state=restarted
[root@HA2 ansible]# cat roles/keepalived/tasks/install_keepalived.yml - name: install keepalived yum: name=keepalived state=present - name: install keepalived config template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf notify: restart keepalived tags: modify keepalived config - name: start keepalived service: name=keepalived state=started enabled=true
[root@HA2 ansible]# cat roles/keepalived/tasks/remove_keepalived.yml - name: remove keepalived yum: name=keepalived state=absent
[root@HA2 ansible]# cat roles/keepalived/tasks/main.yml - include: tasks/install_keepalived.yml tags: install when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2' - include: tasks/remove_keepalived.yml tags: remove when: ansible_eth1.ipv4.address == '172.16.0.4' or ansible_eth1.ipv4.address == '172.16.0.2'
[root@HA2 ansible]# cat roles/keepalived/templates/keepalived.conf.j2 ! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from sunshineboy@163.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL vrrp_mcast_group4 224.0.100.18 } vrrp_instance VI_1 { state { { mb }} interface eth0 virtual_router_id 51 priority { { prioroty }} advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.220.5/24 } } 四、执行ansible-playbook
[root@HA2 ansible]# pwd #查看所在目录 /etc/ansible[root@HA2 ansible]# ls #查看有没有service.tml文件 ansible.cfg hosts roles service.retry service.yml
[root@HA2 ansible]# ansible-playbook -t "install" --check service.yml #执行前测试使用--check ,-t指定我要所需要的tags这里选择"install"在每个tasks/main.yml都有定义另外一个是"remove" statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [172.16.0.2] ok: [172.16.0.128] ok: [172.16.0.4] ok: [172.16.0.129] ok: [172.16.0.5] TASK [nginx : install nginx] *************************************************** #定义的- name: install nginx的名称就是这里用的 skipping: [172.16.0.128] #skipping,因为我们使用了when判断 skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] #符合我们的判断才执行 changed: [172.16.0.2] TASK [nginx : install nginx index.html] **************************************** skipping: [172.16.0.5] skipping: [172.16.0.128] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : install config] ************************************************** skipping: [172.16.0.129] skipping: [172.16.0.5] skipping: [172.16.0.128] changed: [172.16.0.2] changed: [172.16.0.4] TASK [nginx : start nginx] ***************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [httpd : install httpd] *************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.128] changed: [172.16.0.129] TASK [httpd : install php] ***************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install httpd index.html] *************************************** skipping: [172.16.0.2] skipping: [172.16.0.5] skipping: [172.16.0.4] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : install httpd index.php] **************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : install config] ************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : start httpd] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [keepalived : install keepalived] ***************************************** skipping: [172.16.0.129] skipping: [172.16.0.5] skipping: [172.16.0.128] changed: [172.16.0.2] changed: [172.16.0.4] TASK [keepalived : install keepalived config] ********************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [keepalived : start keepalived] ******************************************* skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] RUNNING HANDLER [nginx : restart nginx] **************************************** fatal: [172.16.0.2]: FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "} #请注意查看提示报错,systemd could not find the requested service \"'nginx'\,因为我们这里是测试而且是由定义配置触发的handlers fatal: [172.16.0.4]: FAILED! => {"changed": false, "failed": true, "msg": "systemd could not find the requested service \"'nginx'\": "} #请注意查看提示报错,systemd could not find the requested service \"'nginx'\,因为我们这里是测试而且是由定义配置触发的handlers RUNNING HANDLER [keepalived : restart keepalived] ****************************** NO MORE HOSTS LEFT ************************************************************* to retry, use: --limit @/etc/ansible/service.retry PLAY RECAP ********************************************************************* #显示测试的返回统计,没什么问题 172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.2 : ok=8 changed=7 unreachable=0 failed=1 172.16.0.4 : ok=8 changed=7 unreachable=0 failed=1 172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0 [root@HA2 ansible]# ansible-playbook -t "install" service.yml #执行去掉--check ,-t指定我要所需要的tags这里选择"install"在每个tasks/main.yml都有定义另外一个是"remove" statically included: /etc/ansible/roles/nginx/tasks/install_nginx.yml statically included: /etc/ansible/roles/nginx/tasks/remove_nginx.yml statically included: /etc/ansible/roles/httpd/tasks/install_httpd.yml statically included: /etc/ansible/roles/httpd/tasks/remove_httpd.yml statically included: /etc/ansible/roles/keepalived/tasks/install_keepalived.yml statically included: /etc/ansible/roles/keepalived/tasks/remove_keepalived.yml PLAY [all] ********************************************************************* TASK [setup] ******************************************************************* ok: [172.16.0.2] ok: [172.16.0.129] ok: [172.16.0.4] ok: [172.16.0.128] ok: [172.16.0.5] TASK [nginx : install nginx] *************************************************** skipping: [172.16.0.5] skipping: [172.16.0.129] skipping: [172.16.0.128] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : install nginx index.html] **************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] TASK [nginx : install config] ************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [nginx : start nginx] ***************************************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [httpd : install httpd] *************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install php] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.129] changed: [172.16.0.128] TASK [httpd : install httpd index.html] *************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] ok: [172.16.0.129] ok: [172.16.0.128] TASK [httpd : install httpd index.php] **************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.129] ok: [172.16.0.128] TASK [httpd : install config] ************************************************** skipping: [172.16.0.2] skipping: [172.16.0.4] skipping: [172.16.0.5] ok: [172.16.0.128] ok: [172.16.0.129] TASK [httpd : start httpd] ***************************************************** skipping: [172.16.0.4] skipping: [172.16.0.2] skipping: [172.16.0.5] changed: [172.16.0.128] changed: [172.16.0.129] TASK [keepalived : install keepalived] ***************************************** skipping: [172.16.0.5] skipping: [172.16.0.128] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [keepalived : install keepalived config] ********************************** skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.4] changed: [172.16.0.2] TASK [keepalived : start keepalived] ******************************************* skipping: [172.16.0.128] skipping: [172.16.0.5] skipping: [172.16.0.129] changed: [172.16.0.2] changed: [172.16.0.4] RUNNING HANDLER [nginx : restart nginx] **************************************** changed: [172.16.0.2] changed: [172.16.0.4] RUNNING HANDLER [keepalived : restart keepalived] ****************************** changed: [172.16.0.4] changed: [172.16.0.2] PLAY RECAP ********************************************************************* 172.16.0.128 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.129 : ok=7 changed=3 unreachable=0 failed=0 172.16.0.2 : ok=10 changed=9 unreachable=0 failed=0 172.16.0.4 : ok=10 changed=9 unreachable=0 failed=0 172.16.0.5 : ok=1 changed=0 unreachable=0 failed=0
五、验证服务
[root@HA2 ansible]# ansible all -m shell -a "ss -tnlp| grep 'nginx\|httpd\|keepalived'" 172.16.0.129 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=15560,fd=4),("httpd",pid=15559,fd=4),("httpd",pid=15558,fd=4),("httpd",pid=15557,fd=4),("httpd",pid=15556,fd=4),("httpd",pid=15554,fd=4)) 172.16.0.5 | FAILED | rc=1 >> 172.16.0.2 | SUCCESS | rc=0 >> LISTEN 0 128 *:80 *:* users:(("nginx",pid=44210,fd=6),("nginx",pid=44209,fd=6)) 172.16.0.4 | SUCCESS | rc=0 >> LISTEN 0 128 *:80 *:* users:(("nginx",pid=44424,fd=6),("nginx",pid=44423,fd=6)) 172.16.0.128 | SUCCESS | rc=0 >> LISTEN 0 128 :::80 :::* users:(("httpd",pid=16300,fd=4),("httpd",pid=16299,fd=4),("httpd",pid=16298,fd=4),("httpd",pid=16297,fd=4),("httpd",pid=16296,fd=4),("httpd",pid=16294,fd=4))[root@HA2 ansible]# curl 192.168.220.5 Test file.
[root@HA2 ansible]# curl 192.168.220.5/index.php | grep Centos7 % Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 System Linux Centos7 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 100 53535 0 53535 0 0 1376k 0 --:--:-- --:--:-- --:--:-- 1493k ps:其它的可以自行研究~