一、环境准备
1、安装ansible服务
[root@ansible-70 ~]# yum install epel-release -y #安装epel源
[root@ansible-70 ~]# yum -y install ansible
2、添加管理远程主机和本地解析 编辑/etc/ansible/hosts:
[root@ansible-70 ~]# vim /etc/ansible/hosts
....
[nginx] #定义nginx主机组
192.168.1.71
192.168.1.72
[apache] #定义Apache主机组
192.168.1.73
192.168.1.74
[php] #定义php主机组
192.168.1.73
[mysql] #定义mysql主机组
192.168.1.74
编辑/etc/hosts,添加相应的主机名解析
[root@ansible-70 ~]# vim /etc/hosts
......
192.168.1.71 keepalive1-71
192.168.1.72 keepalive2-72
192.168.1.73 httpd1-73
192.168.1.74 httpd2-74
3、配置使用ssh免密钥认证管理远程主机
[root@ansible-70 ~]# ssh-keygen -t rsa -P ""
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cGdyniKMaOzYLxH9qetFr6LADwBCtxL/NmRtvFPWVgk root@ansible-70
The key's randomart image is:
+---[RSA 2048]----+
| o . E... |
|. + . o . .. |
|o. + o.+oo+o |
|o.o.=o.o+*.. |
|. +..=++S o |
|o=. ..+o.. |
|ooo. .. . |
| .+.o. . |
| .=+o. |
+----[SHA256]-----+
[root@ansible-70 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.71
[root@ansible-70 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.72
[root@ansible-70 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.73
[root@ansible-70 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.74
[root@ansible-70 ~]# ansible all --list-hosts
hosts (4):
192.168.1.71
192.168.1.72
192.168.1.74
192.168.1.73
[root@ansible-70 ~]# ansible all -m ping #对所有目标主机测试
192.168.1.73 | SUCCESS => { #成功
"changed": false,
"ping": "pong"
}
192.168.1.74 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.71 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.1.72 | SUCCESS => {
"changed": false,
"ping": "pong"
}
4、配置时间同步
[root@ansible-70 ~]# ansible all -m shell -a 'echo "TZ='Asia/Shanghai'; export TZ" > /etc/profile '
192.168.1.74 | SUCCESS | rc=0 >>
192.168.1.72 | SUCCESS | rc=0 >>
192.168.1.71 | SUCCESS | rc=0 >>
192.168.1.73 | SUCCESS | rc=0 >
[root@ansible-70 ~]# ansible all -m cron -a "minute=*/3 job='/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null' name=dateupdate"
192.168.1.72 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"dateupdate"
]
}
192.168.1.71 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"dateupdate"
]
}
192.168.1.73 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"dateupdate"
]
}
192.168.1.74 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"dateupdate"
]
}
5、关闭firewalld和selinux
[root@ansible-70 ~]# ansible all -m shell -a 'systemctl stop firewalld; systemctl disable firewalld; setenforce 0'
二、配置角色(roles)
1、 配置后端apache服务role
在/etc/ansible/roles目录下创建相关的目录:
[root@ansible-70 ~]# mkdir -pv /etc/ansible/roles/apache/{files,templates,tasks,handlers,vars,meta,default}
mkdir: 已创建目录 "/etc/ansible/roles/apache"
mkdir: 已创建目录 "/etc/ansible/roles/apache/files"
mkdir: 已创建目录 "/etc/ansible/roles/apache/templates"
mkdir: 已创建目录 "/etc/ansible/roles/apache/tasks"
mkdir: 已创建目录 "/etc/ansible/roles/apache/handlers"
mkdir: 已创建目录 "/etc/ansible/roles/apache/vars"
mkdir: 已创建目录 "/etc/ansible/roles/apache/meta"
mkdir: 已创建目录 "/etc/ansible/roles/apache/default"
[root@ansible-70 ~]# vim /etc/ansible/roles/apache/templates/vhost1.conf.j2
<virtualhost *:80>
servername www.hehe.io
DirectoryIndex index.html index.php
Documentroot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.1.73:9000/var/www/html/$1 #匹配动态页面
ProxyPassMatch ^/(ping|status)$ fcgi://192.168.0.73:9000/$1
<Directory / >
options FollowSymlinks
Allowoverride none
Require all granted
</Directory>
</virtualhost>
[root@ansible-70 ~]# httpd -t #语法检查
[root@ansible-70 ~]# vim /etc/ansible/roles/apache/templates/index.html#静态请求页面
<h1>This is {{ ansible_hostname }}</h1>
[root@ansible-70 ~]# vim /etc/ansible/roles/apache/templates/index.php#动态请求页面
<?php
phpinfo();
?>
配置apache的task标签任务:
[root@ansible-70 ~]# vim /etc/ansible/roles/apache/tasks/main.yml
- name: install apache #安装httpd
yum: name=httpd state=latest
- name: install vhost file #传递httpd虚拟机配置文件
template: src=/etc/ansible/roles/apache/templates/vhost1.conf.j2 dest=/etc/httpd/conf.d/vhost.conf
- name: install index.html #传递httpd测试页
template: src=/etc/ansible/roles/apache/templates/index.html dest=/var/www/html/index.html
- name: install index.php #传递php测试页
template: src=/etc/ansible/roles/apache/templates/index.php dest=/var/www/html/index.php
- name: start httpd #启动httpd
service: name=httpd state=started
2、配置php-fpm服务的role
[root@ansible-70 ~]# mkdir -pv /etc/ansible/roles/php-fpm/{files,templates,tasks,handlers,vars,meta,default}
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/files"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/templates"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/tasks"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/handlers"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/vars"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/meta"
mkdir: 已创建目录 "/etc/ansible/roles/php-fpm/default"
安装php-fpm用于得到配置文件,复制到指定的模板目录下并进行编辑
[root@ansible-70 ~]# yum install php-fpm -y #安装php-fpm用于得到配置文件
[root@ansible-70 ~]# cp /etc/php-fpm.d/www.conf /etc/ansible/roles/php-fpm/templates/www.conf #拷贝配置文件到角色目录下
[root@ansible-70 ~]# vim /etc/ansible/roles/php-fpm/templates/www.conf
#修改这些配置
listen = 0.0.0.0:9000
;listen.allowed_clients = 127.0.0.1
pm.status_path = /status
ping.path = /ping
ping.response = pong
配置相应的task标签任务文件:
[root@ansible-70 ~]# vim /etc/ansible/roles/php-fpm/tasks/main.yml
- name: install epel repo #安装epel仓库
yum: name=epel-release state=latest
- name: install php package #安装php包
yum: name={{ item }} state=latest #依次执行安装with_item中的程序
with_items:
- php-fpm
- php-mysql
- php-mbstring
- php-mcrypt
- name: install config file #传递php-fpm配置文件
template: src=/etc/ansible/roles/php-fpm/templates/www.conf dest=/etc/php-fpm.d/www.conf
- name: install session directory #创建php会话保存目录
file: path=/var/lib/php/session group=apache owner=apache state=directory
- name: start php-fpm #启动php-fpm
service: name=php-fpm state=started
3、配置mysql服务role
先创建对应的mysql服务的roles目录:
[root@ansible-70 ~]# mkdir -pv /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,meta,default}
mkdir: 已创建目录 "/etc/ansible/roles/mysql"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/files"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/templates"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/tasks"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/handlers"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/vars"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/meta"
mkdir: 已创建目录 "/etc/ansible/roles/mysql/default"
本机安装mysql或到其他主机找一个mysql的my.cnf配置文件,拷贝到角色指定目录下进行编辑
[root@ansible-70 ~]# cp /etc/my.cnf /etc/ansible/roles/mysql/templates/#拷贝配置文件
[root@ansible-70 ~]# vim /etc/ansible/roles/mysql/templates/my.cnf
skip-name-resolve=ON #添加此句
innodb-file-per-table=ON #添加此句
配置mysql服务的task标签任务:
[root@ansible-70 ~]# vim /etc/ansible/roles/mysql/tasks/main.yml
- name: install mysql #安装mariadb服务
yum: name=mariadb-server state=latest
- name: install config file #传递mariadb配置文件
template: src=/etc/ansible/roles/mysql/templates/my.cnf dest=/etc/my.cnf
- name: start mysql #启动mariadb服务
service: name=mariadb state=started
4、配置nginx服务的role
先创建对应的ngixn服务的目录:
[root@ansible-70 ~]# mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,meta,default}
mkdir: 已创建目录 "/etc/ansible/roles/nginx"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/files"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/templates"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/tasks"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/handlers"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/vars"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/meta"
mkdir: 已创建目录 "/etc/ansible/roles/nginx/default"
[root@ansible-70 ~]# cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/
[root@ansible-70 ~]# vim /etc/ansible/roles/nginx/templates/nginx.conf
http {
......
upstream apservers {
server 192.168.0.83:80;
server 192.168.0.84:80;
}
......
server {
......
location / {
proxy_pass http://apservers; #反向代理到apservers组
proxy_set_header host $http_host;
proxy_set_header X-Forward-For $remote_addr;
}
......
}
[root@ansible-70 ~]# nginx -t #语法检查
配置nignx服务role的task任务:
[root@ansible-70 ~]# vim /etc/ansible/roles/nginx/tasks/main.yml
- name: install epel #安装epel仓库
yum: name=epel-release state=latest
- name: install nginx #安装nginx
yum: name=nginx state=latest
- name: install config file #传递nginx配置文件
template: src=/etc/ansible/roles/nginx/templates/nginx.conf dest=/etc/nginx/nginx.conf
- name: start nginx #启动nginx服务
service: name=nginx state=started
5、配置keepalived服务role
先创建keepalived的role目录:
[root@ansible-70 ~]# mkdir -pv /etc/ansible/roles/keepalived/{files,templates,tasks,handlers,vars,meta,default}
mkdir: 已创建目录 "/etc/ansible/roles/keepalived"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/files"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/templates"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/tasks"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/handlers"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/vars"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/meta"
mkdir: 已创建目录 "/etc/ansible/roles/keepalived/default"
本机安装或到其他主机找一个keepalive的配置文件,复制文件到指定的模板目录下,并编辑:
[root@ansible-70 ~]# cp /etc/keepalived/keepalived.conf /etc/ansible/roles/keepalived/templates/
[root@ansible-70 ~]# vim /etc/ansible/roles/keepalived/templates/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_nodename }}
vrrp_mcast_group4 224.1.101.33
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ keepalived_role }}
interface ens33
virtual_router_id 51
priority {{ keepalived_pri }}
advert_int 1
authentication {
auth_type PASS
auth_pass IKHN^2(1
}
virtual_ipaddress {
192.168.1.99/24 dev ens33 label ens33:0
}
}
编辑/etc/ansible/hosts文件,给nginx主机添加指定的对应变量:
[root@ansible-70 ~]# vim /etc/ansible/hosts
[nginx]
192.168.1.71 keepalived_role=MASTER keepalived_pri=100 #传递参数设置为主机,优先级100
192.168.1.72 keepalived_role=BACKUP keepalived_pri=98 #传递参数设置为从机,优先级98
[root@ansible-70 ~]# vim /etc/ansible/roles/keepalived/tasks/main.yml
- name: install keepalived #安装keepalived服务
yum: name=keepalived state=latest
- name: install config file #传递配置文件
template: src=/etc/ansible/roles/keepalived/templates/keepalived.conf dest=/etc/keepalived/keepalived.conf
- name: start keepalived #启动keepalived服务
service: name=keepalived state=started
四、配置playbook下发配置
定义相应的playbook调用roles,对目标主机下发配置。
在/etc/ansible目录下创建目录playbooks用于存放playbook文件:
[root@ansible-70 ~]# mkdir /etc/ansible/playbooks
1、定义httpd1的playbook并下发
在/etc/ansible/playbook目录下创建httpd1.yaml文件:
[root@ansible-70 ~]# vim /etc/ansible/playbooks/httpd1.yaml
- hosts: php #面对PHP主机组
remote_user: root
roles:
- apache #执行apache模板
- php-fpm #执行PHP-fpm模板
[root@ansible-70 ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/httpd1.yaml
#语法测试
2、 定义httpd2的playbook并下发
[root@ansible-70 ~]# vim /etc/ansible/playbooks/httpd2.yaml
- hosts: mysql #面向mysql主机组
remote_user: root
roles:
- apache #执行apache模板
- mysql #执行mysql模板
[root@ansible-70 ~]# ansible-playbook /etc/ansible/playbooks/httpd2.yaml
3、定义两台nginx服务器的playbook并下发
编辑创建HAnginx.yaml
[root@ansible-70 ~]# vim /etc/ansible/playbooks/HAnginx.yaml
- hosts: nginx #面向nginx主机组
remote_user: root
roles:
- nginx #执行nginx模块
- keepalived #执行keepalived模块
[root@ansible-70 ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/HAnginx.yaml
playbook: /etc/ansible/playbooks/HAnginx.yaml
[root@ansible-70 ~]# ansible-playbook /etc/ansible/playbooks/HAnginx.yaml
4、客户机测试:
[root@clien-69 ~]# for i in {1..10} ; do curl http://192.168.1.99/ ; done #负载均衡测试
<h1>This is httpd1-73</h1>
<h1>This is httpd2-74</h1>
<h1>This is httpd1-73</h1>
<h1>This is httpd2-74</h1>
<h1>This is httpd1-73</h1>
<h1>This is httpd2-74</h1>
<h1>This is httpd1-73</h1>
<h1>This is httpd2-74</h1>
<h1>This is httpd1-73</h1>
<h1>This is httpd2-74</h1>