ansible-playbook(集群管理)
0、准备项目目录与hosts主机清单文件
[root@manager ~]# mkdir cluster
[root@manager ~]# cp project/ansible.cfg project/hosts cluster/
[root@manager ~]# vim hosts
1、准备redis
准备redis配置文件(包括存放位置)
[root@manager cluster]# mkdir files
找一台手动安装redis服务的机器将配置文件发送至主机
[root@redis ~]# scp /etc/redis.conf root@172.16.1.62:cluster/files/
修改redis配置文件,添加redis主机内网地址
[root@manager cluster]# vim redis.conf
安装
- hosts: dbservers
tasks:
- name: install redis
yum:
name: redis
state: present
配置(找一台机器手动安装redis后把配置文件复制过来)
- name: cfg redis
copy:
src: ./files/redis.conf.j2
dest: /etc/redis.conf
owner: redis
group: root
mode: "0640"
notify: restart redis
启动
- name: systemd redis
systemd:
name: redis
state: started
enabled: yes
触发器
handlers:
- name: restart redis
systemd:
name: redis
state: restarted
测试redis连接(找一台被控端测试)
[root@web01 ~]# redis-cli -h 172.16.1.41
172.16.1.41:6379>
172.16.1.41:6379> exit
2、准备nginx、php
安装nginx
- name: install nginx
yum:
name: nginx
state: present
安装php
[root@manager ~]# ansible-doc yum
(安装多个包时需要按照这个格式编写)
- name: install php
yum:
name: "{{ pack }}"
vars:
pack:
- mod_php72w
- php72w-cli
- php72w-common
- php72w-devel
- php72w-embedded
- php72w-fpm
- php72w-gd
- php72w-mbstring
- php72w-mysqlnd
- php72w-opcache
- php72w-pdo
- php72w-pear
- php72w-pecl-igbinary
- php72w-pecl-memcached
- php72w-pecl-mongodb
- php72w-pecl-redis
- php72w-process
- php72w-xml
管理nginx.conf文件(找一台机器手动安装nginx后把配置文件复制过来)
- name: cfg nginx
copy:
src: ./files/nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: "0644"
notify: restart nginx
创建组
- name: init group
group:
name: www
gid: 666
创建用户
- name: init user
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
管理php.ini(找一台机器手动安装php后把配置文件复制过来)
- name: cfg php.ini
copy:
src: ./files/php.ini.j2
dest: /etc/php.ini
owner: root
group: root
mode: "0644"
notify: restart php
管理php.ini php-fpm.d/www.conf(同上)
- name: cfg php-fmp.d/www.conf
copy:
src: ./files/www.conf.j2
dest: /etc/php-fpm.d/www.conf
owner: root
group: root
mode: "0644"
notify: restart php
启动php
- name: start php
systemd:
name: php-fpm
state: started
enabled: yes
管理/etc/nginx/conf.d/ansible.zjh.net.conf
[root@manager files]# cat ansible.zjh.net.conf.j2
server {
listen 80;
server_name ansible.zjh.net;
root /ansible/phpmyadmin;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
- name: copy nginx virtual site
copy:
src: ./files/ansible.zjh.net.conf.j2
dest: /etc/nginx/conf.d/ansible.zjh.net.conf
notify: restart nginx
启动nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: yes
创建/ansible存放phpmyadmin
- name: create ansible directory
file:
path: /ansible
state: directory
owner: www
group: www
mode: "0755"
recurse: yes
部署phpmyadmin(下载到管理主机,管理解压软件包)
- name: unarchive phpmyadmin
unarchive:
src: ./project/phpMyAdmin-5.2.2-all-languages.zip
dest: /ansible/
creates: /ansible/phpMyAdmin-5.2.2-all-languages/config.inc.php
创建软链接
- name: create link
file:
src: /ansible/phpMyAdmin-5.2.2-all-languages
dest: /ansible/phpmyadmin
state: link
管理config.inc.php.j2((找一台机器手动安装php后把配置文件复制过来))
- name: change phpmyadmin cfg
copy:
src: ./files/config.inc.php.j2
dest: /ansible/phpmyadmin/config.inc.php
创建触发器
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
- name: restart php
systemd:
name: php-fpm
state: restarted
完整剧本文件
[root@manager cluster]# cat nginx_php.yml
- hosts: webservers
tasks:
- name: install nginx
yum:
name: nginx
state: present
- name: install php
yum:
name: "{{ pack }}"
vars:
pack:
- mod_php72w
- php72w-cli
- php72w-common
- php72w-devel
- php72w-embedded
- php72w-fpm
- php72w-gd
- php72w-mbstring
- php72w-mysqlnd
- php72w-opcache
- php72w-pdo
- php72w-pear
- php72w-pecl-igbinary
- php72w-pecl-memcached
- php72w-pecl-mongodb
- php72w-pecl-redis
- php72w-process
- php72w-xml
- name: cfg nginx
copy:
src: ./files/nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: "0644"
notify: restart nginx
- name: init group
group:
name: www
gid: 666
- name: init user
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
- name: cfg php.ini
copy:
src: ./files/php.ini.j2
dest: /etc/php.ini
owner: root
group: root
mode: "0644"
notify: restart php
- name: cfg php-fmp.d/www.conf
copy:
src: ./files/www.conf.j2
dest: /etc/php-fpm.d/www.conf
owner: root
group: root
mode: "0644"
notify: restart php
- name: start php
systemd:
name: php-fpm
state: started
enabled: yes
- name: copy nginx virtual site
copy:
src: ./files/ansible.zjh.net.conf.j2
dest: /etc/nginx/conf.d/ansible.zjh.net.conf
notify: restart nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: yes
- name: create ansible directory
file:
path: /ansible
state: directory
owner: www
group: www
mode: "0755"
recurse: yes
- name: unarchive phpmyadmin
unarchive:
src: ./project/phpMyAdmin-5.2.2-all-languages.zip
dest: /ansible/
creates: /ansible/phpMyAdmin-5.2.2-all-languages/config.inc.php
- name: create link
file:
src: /ansible/phpMyAdmin-5.2.2-all-languages
dest: /ansible/phpmyadmin
state: link
- name: change phpmyadmin cfg
copy:
src: ./files/config.inc.php.j2
dest: /ansible/phpmyadmin/config.inc.php
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
- name: restart php
systemd:
name: php-fpm
state: restarted
3、准备负载均衡(nginx80或haproxy8080)
安装nginx
- hosts: lbservers
tasks:
- name: install nginx
yum:
name: nginx
state: present
管理nginx.conf(找一台机器手动安装nginx后把配置文件复制过来)
- name: cfg nginx.conf
copy:
src: ./files/nginx_lb.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
管理proxy_ansible.zjh.net
[root@manager files]# cat proxy.ansible.zjh.net.conf.j2
upstream ansible {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name ansible.zjh.net;
location / {
proxy_pass http://ansible;
proxy_set_header Host $http_host;
}
}
- name: cfg nginx proxy.conf
copy:
src: ./files/proxy.ansible.zjh.net.conf.j2
dest: /etc/nginx/conf.d/proxy_ansible.zjh.net.conf
notify: restart nginx
启动nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: no
管理触发器
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
完整ansible剧本
[root@manager cluster]# cat nginx_lb.yml
- hosts: lbservers
tasks:
- name: install nginx
yum:
name: nginx
state: present
- name: cfg nginx.conf
copy:
src: ./files/nginx_lb.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
- name: cfg nginx proxy.conf
copy:
src: ./files/proxy.ansible.zjh.net.conf.j2
dest: /etc/nginx/conf.d/proxy_ansible.zjh.net.conf
notify: restart nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: no
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
4、接入https
准备证书
将证书压缩包上传到管理主机上
创建目录
- name: create ssl directory
file:
path: /ssl
state: directory
owner: root
group: root
mode: "0755"
解压证书
- name: unarchive ssl file
unarchive:
src: ./files/rhien.cn_nginx.zip
dest: /ssl
creates: /ssl/ansible.rhien.cn.key
creates: /ssl/ansible.rhien.cn.pem
管理配置文件
[root@manager cluster]# cat files/proxy.ansible.zjh.net.https.conf.j2
upstream ansible_https {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name ansible.rhien.cn;
return 302 https://$http_host$request_uri;
}
server {
listen 443 ssl http2;
server_name ansible.rhien.cn;
ssl_certificate /ssl/ansible.rhien.cn.pem;
ssl_certificate_key /ssl/ansible.rhien.cn.key;
location / {
proxy_pass http://ansible_https;
proxy_set_header Host $http_host;
}
}
- name: cfg proxy.ansible.zjh.net.https.conf.j2
copy:
src: ./files/proxy.ansible.zjh.net.https.conf.j2
dest: /etc/nginx/conf.d/proxy_ansible.zjh.net.conf
notify: restart nginx
完整ansible剧本
[root@manager cluster]# cat nginx_https.yml
- hosts: lbservers
tasks:
- name: install nginx
yum:
name: nginx
state: present
- name: cfg nginx.conf
copy:
src: ./files/nginx_lb.conf.j2
dest: /etc/nginx/nginx.conf
notify: restart nginx
- name: create ssl directory
file:
path: /ssl
state: directory
owner: root
group: root
mode: "0755"
- name: unarchive ssl file
unarchive:
src: ./files/rhien.cn_nginx.zip
dest: /ssl
creates: /ssl/ansible.rhien.cn.key
creates: /ssl/ansible.rhien.cn.pem
- name: cfg proxy.ansible.zjh.net.https.conf.j2
copy:
src: ./files/proxy.ansible.zjh.net.https.conf.j2
dest: /etc/nginx/conf.d/proxy_ansible.zjh.net.conf
notify: restart nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: no
handlers:
- name: restart nginx
systemd:
name: nginx
state: restarted
将执行多个ansible剧本编写为脚本
http版
[root@manager cluster]# cat http.sh
ansible-playbook redis.yml
ansible-playbook nginx_php.yml
ansible-playbook nginx_lb.yml
https版
[root@manager cluster]# cat https.sh
ansible-playbook redis.yml
ansible-playbook nginx_php.yml
ansible-playbook nginx_https.yml
