Ansible部署Tomcat

Ansible部署Tomcat

环境

系统平台	IP	主机名
centos8 redhat8	192.168.229.152	ansible
centos8 redhat8	192.168.229.148	tomcat

在部署之前需关闭防火墙跟SElinux

## 配置域名
[root@ansible ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.229.148 tomcat

## 设置免密登录
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QE1mMmEAEZJnG7uSkhxllmv0m68HkQD1D4EduYydQPc root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|.oB*==O++        |
|..+Xo=o=.        |
| o=+Oo=E         |
| .o+ Oo.         |
|.oo.  +.S        |
|=..  +           |
|..    o          |
|       o         |
|     .o          |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id root@tomcat
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'tomcat (192.168.229.148)' can't be established.
ECDSA key fingerprint is SHA256:n2ckGGr820b4Fez6NUHXuOApoQ3oCuf3POTLfTxOsS4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@tomcat's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@tomcat'"
and check to make sure that only the key(s) you wanted were added.

[root@ansible ~]# mkdir tomcat
[root@ansible ~]# cd tomcat/
[root@ansible tomcat]# cat inventory
[web]
tomcat
[root@ansible tomcat]# cp /etc/ansible/ansible.cfg .  # 复制ansible.cfg文件到当前目录

[root@ansible tomcat]# sed -i '/inventory\      /s/^#//;s/\/etc\/ansible\/hosts/inventory/g' ansible.cfg
[root@ansible tomcat]# grep '^inventory' ansible.cfg
inventory      = inventory


## ping 是否能ping通
[root@ansible tomcat]# ansible tomcat -m ping
tomcat | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

对面的受控主机是否有yum源呢？

配置受控主机的几种方式：

要么下载到本地再用copy模块传过去

关闭防火墙跟SElinux也是可以用这种方法

要么使用脚本的方式下载

我在这里使用脚本方式

[root@ansible tomcat]# pwd
/root/tomcat
[root@ansible tomcat]# mkdir files
[root@ansible tomcat]# cd files/
[root@ansible files]# cat config_yum.sh
#!/bin/bash

rm -rf /etc/yum.repos.d/*
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
dnf clean all
dnf makecache

yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
dnf clean all
dnf makecache
[root@ansible files]# chmod +x  config_yum.sh

[root@ansible tomcat]# cat yum.yml
---
- hosts: tomcat
  tasks:
    - name: config yum
      script: files/config_yum.sh
      
执行此 playbook     

配置 主 playbook

## 提前下载好Tomcat 软件包
[root@ansible files]# pwd
/root/tomcat/files
[root@ansible files]# wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.65/bin/apache-tomcat-9.0.65.tar.gz


[root@ansible ~]# cd tomcat/files/
[root@ansible files]# cat tomcat.sh
#!/bin/bash

cd /usr/src
if [ ! -d /usr/local/tomcat ];then
    tar xf apache-tomcat-9.0.65.tar.gz
    mv apache-tomcat-9.0.65 /usr/local/tomcat
fi

mkdir -p /usr/local/tomcat/webapps/tomcat &> /dev/null

cat > /usr/local/tomcat/webapps/tomcat/index.jsp <<EOF
<html>
<head>
        <title>test page</title>
</head>
<body>
        <%
            out.println("Hello Tomcat");
        %>
</body>
</html>
EOF

sed -i '/AJP 1.3/{n;/<!--/d}' /usr/local/tomcat/conf/server.xml
sed -i '/port="8009"/{N;/redirectPort="8443"/{n;/-->/d}}' /usr/local/tomcat/conf/server.xml

grep '<role rolename="manager-gui"/>' /usr/local/tomcat/conf/tomcat-users.xml
if [ $? -ne 0 ];then
sed -i '/<\/tomcat-users>/i <role rolename="manager-gui"/>\n<role rolename="admin-gui"/>\n<user username="tomcat"password="tomcat" roles="manager-gui,admin-gui"/>' /usr/local/tomcat/conf/tomcat-users.xml
fi

sed -i '/allow/c \         allow="192\\.168\\.229\\.\\d+|127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1" />' /usr/local/tomcat/webapps/manager/META-INF/context.xml

sed -i '/allow/c \         allow="192\\.168\\.229\\.\\d+|127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1" />' /usr/local/tomcat/webapps/host-manager/META-INF/context.xml

cat > /usr/lib/systemd/system/tomcat.service <<EOF
[Unit]
Description=tomcat server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/tomcat/bin/catalina.sh start
ExecStop=/usr/local/tomcat/bin/catalina.sh stop
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now tomcat

[root@ansible files]# chmod +x tomcat.sh  ## 脚本都要给执行权限



[root@ansible tomcat]# vim tomcat.yml
---
- hosts: tomcat
  gather_facts: no
  tasks:
    - name: install jdk
      dnf:
        name:
          - java-17-openjdk
          - java-17-openjdk-devel
        state: present
    - name: copy software pkgs
      copy:
        src: files/apache-tomcat-9.0.65.tar.gz
        dest: /usr/src/
    - name: exec script
      script: files/tomcat.sh
      
运行此 playbook      
[root@ansible tomcat]# ansible-playbook  tomcat.yml
...运行步骤省略N

IP 访问

Tomcat 首页

点击 Server status

登录进来后的页面

点击 manager App

点击 Host manager