Ansible部署Tomcat
环境
系统平台 | IP | 主机名 |
---|---|---|
centos8 redhat8 | 192.168.229.152 | ansible |
centos8 redhat8 | 192.168.229.148 | tomcat |
在部署之前需关闭防火墙跟SElinux
## 配置域名
[root@ansible ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.229.148 tomcat
## 设置免密登录
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QE1mMmEAEZJnG7uSkhxllmv0m68HkQD1D4EduYydQPc root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|.oB*==O++ |
|..+Xo=o=. |
| o=+Oo=E |
| .o+ Oo. |
|.oo. +.S |
|=.. + |
|.. o |
| o |
| .o |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id root@tomcat
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'tomcat (192.168.229.148)' can't be established.
ECDSA key fingerprint is SHA256:n2ckGGr820b4Fez6NUHXuOApoQ3oCuf3POTLfTxOsS4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@tomcat's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@tomcat'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# mkdir tomcat
[root@ansible ~]# cd tomcat/
[root@ansible tomcat]# cat inventory
[web]
tomcat
[root@ansible tomcat]# cp /etc/ansible/ansible.cfg . # 复制ansible.cfg文件到当前目录
[root@ansible tomcat]# sed -i '/inventory\ /s/^#//;s/\/etc\/ansible\/hosts/inventory/g' ansible.cfg
[root@ansible tomcat]# grep '^inventory' ansible.cfg
inventory = inventory
## ping 是否能ping通
[root@ansible tomcat]# ansible tomcat -m ping
tomcat | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
对面的受控主机是否有yum源呢?
配置受控主机的几种方式:
要么下载到本地再用copy模块传过去
关闭防火墙跟SElinux也是可以用这种方法
要么使用脚本的方式下载
我在这里使用脚本方式
[root@ansible tomcat]# pwd
/root/tomcat
[root@ansible tomcat]# mkdir files
[root@ansible tomcat]# cd files/
[root@ansible files]# cat config_yum.sh
#!/bin/bash
rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
dnf clean all
dnf makecache
yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
dnf clean all
dnf makecache
[root@ansible files]# chmod +x config_yum.sh
[root@ansible tomcat]# cat yum.yml
---
- hosts: tomcat
tasks:
- name: config yum
script: files/config_yum.sh
执行此 playbook
配置 主 playbook
## 提前下载好Tomcat 软件包
[root@ansible files]# pwd
/root/tomcat/files
[root@ansible files]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.65/bin/apache-tomcat-9.0.65.tar.gz
[root@ansible ~]# cd tomcat/files/
[root@ansible files]# cat tomcat.sh
#!/bin/bash
cd /usr/src
if [ ! -d /usr/local/tomcat ];then
tar xf apache-tomcat-9.0.65.tar.gz
mv apache-tomcat-9.0.65 /usr/local/tomcat
fi
mkdir -p /usr/local/tomcat/webapps/tomcat &> /dev/null
cat > /usr/local/tomcat/webapps/tomcat/index.jsp <<EOF
<html>
<head>
<title>test page</title>
</head>
<body>
<%
out.println("Hello Tomcat");
%>
</body>
</html>
EOF
sed -i '/AJP 1.3/{n;/<!--/d}' /usr/local/tomcat/conf/server.xml
sed -i '/port="8009"/{N;/redirectPort="8443"/{n;/-->/d}}' /usr/local/tomcat/conf/server.xml
grep '<role rolename="manager-gui"/>' /usr/local/tomcat/conf/tomcat-users.xml
if [ $? -ne 0 ];then
sed -i '/<\/tomcat-users>/i <role rolename="manager-gui"/>\n<role rolename="admin-gui"/>\n<user username="tomcat"password="tomcat" roles="manager-gui,admin-gui"/>' /usr/local/tomcat/conf/tomcat-users.xml
fi
sed -i '/allow/c \ allow="192\\.168\\.229\\.\\d+|127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1" />' /usr/local/tomcat/webapps/manager/META-INF/context.xml
sed -i '/allow/c \ allow="192\\.168\\.229\\.\\d+|127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1" />' /usr/local/tomcat/webapps/host-manager/META-INF/context.xml
cat > /usr/lib/systemd/system/tomcat.service <<EOF
[Unit]
Description=tomcat server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/catalina.sh start
ExecStop=/usr/local/tomcat/bin/catalina.sh stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now tomcat
[root@ansible files]# chmod +x tomcat.sh ## 脚本都要给执行权限
[root@ansible tomcat]# vim tomcat.yml
---
- hosts: tomcat
gather_facts: no
tasks:
- name: install jdk
dnf:
name:
- java-17-openjdk
- java-17-openjdk-devel
state: present
- name: copy software pkgs
copy:
src: files/apache-tomcat-9.0.65.tar.gz
dest: /usr/src/
- name: exec script
script: files/tomcat.sh
运行此 playbook
[root@ansible tomcat]# ansible-playbook tomcat.yml
...运行步骤省略N
IP
访问
Tomcat
首页
点击 Server status
登录进来后的页面
点击 manager App
点击 Host manager