playbook实战
环境准备
| 主机名 |
外网IP |
内网IP |
角色 |
部署服务 |
| m01 |
10.0.0.61 |
172.16.1.61 |
ansible管理端 |
ansible |
| backup |
10.0.0.41 |
172.16.1.41 |
被管理端,rsync服务端,nfs备机 |
rsync、nfs |
| nfs |
10.0.0.31 |
172.16.1.31 |
被管理端,rsync客户端,nfs服务端 |
rsync、nfs、sersync |
| web01 |
10.0.0.7 |
172.16.1.7 |
被管理端,nfs客户端,web |
nginx、nfs、wordpress |
| web02 |
10.0.0.8 |
172.16.1.8 |
被管理端,nfs客户端,web |
nginx、nfs、wordpress |
| db01 |
10.0.0.51 |
172.16.1.51 |
被管理端,数据库 |
mariadb |
先决条件
[Sat Aug 14 23:12:26 root@m01 ~/ansible]
# mkdir ansible
cd ansible (首先先创建一个ansible目录,用来存放各种配置文件的)
[Sat Aug 14 23:32:32 root@m01 ~/ansible]
# yum install -y nginx
# 1.nginx配置文件
#(这个是niginx虚拟主机的配置文件)
[Sat Aug 14 23:30:21 root@m01 ~/ansible]
# vim blog.wk.com.conf
server {
listen 80;
server_name blog.wk.com;
root /code/wordpress;
index index.php;
location ~ \.php$ {
fastcgi_pass unix:/dev/shm/php71w.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
#(这个是Nginx的主配置文件)
[Sat Aug 14 23:46:31 root@m01 ~/ansible]
# vim nginx.conf
user www;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
client_max_body_size 200m;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
(这个是Nginx的主配置文件)
# 2.php-fpm配置文件
(这个前提是第六步做了 安装了PHP 然后把/etc/php-fpm.d/www.conf 里的内容做筛选 然后生成www.conf文件 存在/ansible/www.conf下面的文件是保留下来未注释的 注释的已经删除了 其中修改的部分只有 user = www group = www 然后注释 listen = 127.0.0.1:9000 重新编写了listen = /dev/shm/php71w.sock)
[Sun Aug 15 00:35:25 root@m01 ~/ansible]
# cat www.conf
; Start a new pool named 'www'.
[www]
user = www
group = www
;listen = 127.0.0.1:9000
listen = /dev/shm/php71w.sock
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
# 3.rsync配置文件
[Sat Aug 14 23:08:20 root@m01 ~/ansible]
# vim rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
comment = Backup to Rsync
path = /backup
# 4.sersync配置文件
[Sun Aug 15 00:53:24 root@m01 ~/ansible]
# vim conf.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*)\.svn"></exclude>
<exclude expression="(.*)\.gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/data">
<remote ip="172.16.1.41" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.passwd"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*)\.php"/>
<include expression="(.*)\.sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
# 5.sersync启动脚本
[Sat Aug 14 23:57:25 root@m01 ~/ansible]
# vim sersyncd.service
[Unit]
# 描述
Description=This is sersync start service
## 描述
After=xxx
[Service]
## 后台运行
Type=forking
ExecStart=/app/GNU-Linux-x86/sersync2 -rdo /app/GNU-Linu
x-x86/confxml.xml
ExecStop=kill -3 `ps -ef|grep [s]ersync|awk '{print $2}'
`
ExecReload=kill -1 `ps -ef|grep [s]ersync|awk '{print $2
}'`
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# 6.php安装包
将桌面存放的php安装包拖到ansible目录里 然后再复制到opt目录下 在解压 安装
[Sun Aug 15 00:15:59 root@m01 ~/ansible]
# cp php.tgz /opt/
[Sun Aug 15 00:18:40 root@m01 /opt]
# tar xf php.tgz
[Sun Aug 15 00:19:03 root@m01 /opt]
# yum localinstall *.rpm
# 7.wordpress安装包
将桌面的wordpress安装包拖到ansible中
# 8.sersync安装包
将桌面下载好的sersync安装包拖到ansible目录中 然后再拷贝到opt 目录 再解压, 然后进入GNU-Linux-x86目录中 找到confxml.xml目录,把里面内容复制到ansible中创建的 conf.xml目录中 并修改相关内容 最后得到的是sersync配置文件
发送公钥
[Sun Aug 15 01:23:21 root@m01 /opt/GNU-Linux-x86]
# ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.7
ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.8
ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.31
ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.41
ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.51
主机清单
[Sun Aug 15 01:25:18 root@m01 /opt/GNU-Linux-x86]
# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
[db_group]
db01 ansible_ssh_host=172.16.1.51
[nfs_group]
nfs ansible_ssh_host=172.16.1.31
[bakcup_group]
backup ansible_ssh_host=172.16.1.41
[rsync_install_group:children]
nfs_group
bakcup_group
[nfs_install_group:children]
web_group
nfs_group
bakcup_group
#在检测一下是否都通了
[Sun Aug 15 01:26:36 root@m01 /opt/GNU-Linux-x86]
# ansible all -m ping
playbook
[Sun Aug 15 07:22:35 root@m01 ~/ansible]
# cat web.yml
- hosts: all
tasks:
- name: Greate www Group
group:
name: www
gid: 666
state: present
- name: Greate www user
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
state: present
create_home: no
- name: Stop Firewalld Server
service:
name: firewalld
state: stopped
- name: Disabled Selinux
selinux:
state: disabled
- hosts: rsync_install_group
tasks:
- name: Install Rsyncd Server
yum:
name: rsync
state: present
- hosts: backup
tasks:
- name: Configure Rsyncd Conf
copy:
src: /root/ansible/rsyncd.conf
dest: /etc/rsyncd.conf
- name: Create Passwd File
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
- name: Create backup Directory
file:
path: /backup
owner: www
group: www
state: directory
- name: Start Rsyncd Server
service:
name: rsyncd
state: started
enabled: yes
- hosts: nfs_install_group
tasks:
- name: Install NFS Server
yum:
name: nfs-utils
state: present
- hosts: rsync_install_group
tasks:
- name: Configure NFS Server
copy:
content: /data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
dest: /etc/exports
- name: Greate NFS Directory
file:
path: /data
state: directory
owner: www
group: www
mode: 0755
- name: Start NFS Server
service:
name: nfs-server
state: restarted
enabled: yes
- hosts: nfs
tasks:
- name: Create App Dirctory
file:
path: /app
state: directory
- name: Install Sersync Server
unarchive:
src: /root/ansible/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /app
- name: Configure Sersync Conf
copy:
src: /root/ansible/conf.xml
dest: /app/GNU-Linux-x86/confxml.xml
mode: 0755
- name: Push Sersync Start Shell
copy:
src: /root/ansible/sersyncd.service
dest: /usr/lib/systemd/system
- name: Create Rsyncd Password File
copy:
content: "123"
dest: /etc/rsync.passwd
mode: 0600
- name: Start Sersync
service:
name: sersyncd
state: restarted
enabled: yes
- hosts: db01
tasks:
- name: Install Maraidb
yum:
name:
- mariadb-server
- MySQL-python
state: present
- name: Start Maraidb
service:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
encoding: utf8
- name: Create wordpress User
mysql_user:
name: wordpress
state: present
priv: "wordpress.*:ALL"
host: "%"
password: "123"
- hosts: web_group
tasks:
- name: Install nginx
yum:
name: nginx
state: present
- name: Push PHP
unarchive:
src: /root/ansible/php.tgz
dest: /tmp
- name: Install PHP
shell: 'rpm -Uvh /tmp/*.rpm'
ignore_errors: yes
- name: Push Nginx Conf
copy:
src: /root/ansible/nginx.conf
dest: /etc/nginx/nginx.conf
- name: Push Vhost Conf
copy:
src: /root/ansible/blog.wk.com.conf
dest: /etc/nginx/conf.d/blog.wk.com.conf
- name: Push PHP Conf
copy:
src: /root/ansible/www.conf
dest: /etc/php-fpm.d/www.conf
- name: Create Code Directory
file:
path: /code
state: directory
owner: www
group: www
mode: 0755
- name: Push code
unarchive:
src: /root/ansible/wordpress-5.7.2-zh_CN.tar.gz
dest: /code
owner: www
group: www
- name: Create uploads Directory
file:
path: /code/wordpress/wp-content/uploads
state: directory
owner: www
group: www
- name: Start PHP
service:
name: php-fpm
state: started
enabled: yes
- name: Chmod Sock
file:
path: /dev/shm/php71w.sock
owner: www
group: www
- name: Start Nginx
service:
name: nginx
state: started
enabled: yes
- name: Mount Code Dirctory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/data
fstype: nfs
state: mounted
- name: Shouquan
file:
path: /var/lib/nginx
owner: www
group: www
recurse: yes
总结一下整体逻辑思路
首先就是把把必要的准备条件都准备好了 如前面的先决条件 包括主机清单和下发公钥 当条件都准备好了,就开始编写代码
1.首先统一用户 创建www用户组 和www用户 (All)
2.关闭防火墙和selinux (All)
3.接下来先安装rsync服务(包括了nfs 和backup)
4.在backup中
- 我们需要推送rsync的配置文件 rsyncd.conf
- 创建存放密码的文件passwd file 并授权0600
- 创建共享目录 /data
- 启动rsyncd服务
5.在安装nfs的组中包括(web_group nfs_group bakcup_group)安装nfs服务 :nfs-utils
6.在nfs和back组合中
- 推送nfs服务
content: /data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
dest: /etc/exports
- 创建data目录 属主和属组是www 授权是0755
- 启动nfs服务 这里可以用重启restarted 防止后期错误之后 再用started 启动不起来
7.在单独的nfs中
- 创建app目录
- 安装sersync服务(这个是可以在drz的下载目录里把安装包下载到桌面 然后可以把安装包解压到APP目录中)
- 推送sersync的配置文件conf.xml 到/app/GNU-Linux-x86/confxml.xml 并授权0755
- 推送sersync的启动脚本sersyncd.service 到/usr/lib/systemd/system
- 创建rsync的密码文件 /etc/rsync.passwd 并且只存放密码123 同时给文件授权0600
- 启动sersyncd服务 并加入开机自启 这里也可以用restarted
8.在db01中(这是专门做数据库的)
- 安装Maraidb (总共是两个服务mariadb-server ,MySQL-python)
- 启动Maraidb 并加入开机自启
- 创建数据库的库名信息 (name: wordpress ,encoding: utf8)
- 创建数据库的用户和密码 name: wordpress priv: "wordpress.*:ALL" host: "%" password: "123"
9.在web_group组中
- 先安装Nginx
- 把桌面的PHP的安装包推到/tmp下
- 在安装PHP 可以用shell模块 shell: 'rpm -Uvh /tmp/*.rpm' 同时记得要再加一个 ignore_errors: yes
- 推送Nginx的主配置文件nginx.conf 到/etc/nginx/nginx.conf
- 推送虚拟主机的配置文件blog.wk.com.conf到etc/nginx/conf.d/blog.wk.com.conf
- 推送PHP的配置文件 www.conf 到 /etc/php-fpm.d/www.conf
- 创建一个code目录 属主和属组是www 同时授权0755
- 把桌面的wordpress压缩包推到code目录中 同时属组和属主设为www
- 在创建一个下载目录uploads 路径是/code/wordpress/wp-content/uploads 属主和属组是www 同时授权www
- 启动PHP服务 php-fpm
- 给sock文件属组和属主授权 www 路径/dev/shm/php71w.sock
- 启动Nginx服务
- 在把创建的下载目录挂载到/data下
name: Mount Code Dirctory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/data
fstype: nfs
state: mounted
- 再给/var/lib/nginx 授权属主和属组是www 是为了防止登录博客 出现的都是目录
浙公网安备 33010602011771号