playbook实战第一次优化
环境准备
| 主机名 |
外网IP |
内网IP |
角色 |
部署服务 |
| m01 |
10.0.0.61 |
172.16.1.61 |
ansible管理端 |
ansible |
| backup |
10.0.0.41 |
172.16.1.41 |
被管理端,rsync服务端,nfs备机 |
rsync、nfs |
| nfs |
10.0.0.31 |
172.16.1.31 |
被管理端,rsync客户端,nfs服务端 |
rsync、nfs、sersync |
| web01 |
10.0.0.7 |
172.16.1.7 |
被管理端,nfs客户端,web |
nginx、nfs、wordpress |
| web02 |
10.0.0.8 |
172.16.1.8 |
被管理端,nfs客户端,web |
nginx、nfs、wordpress |
| db01 |
10.0.0.51 |
172.16.1.51 |
被管理端,数据库 |
mariadb |
创建项目
# 1.创建项目目录
[Tue Aug 17 04:17:56 root@m01 /]
# mkdir /ansible_project
# 2.创建服务目录
[Tue Aug 17 04:17:56 root@m01 /]
# cd /ansible_project/
[Tue Aug 17 04:19:25 root@m01 /ansible_project]
# mkdir sersync
mkdir mariadb
mkdir nfs
mkdir nginx
mkdir php
mkdir rsync
mkdir group_vars
mkdir host_vars
# 3.主机清单
[Tue Aug 17 23:08:24 root@m01 /ansible_project]
# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
[db_group]
db01 ansible_ssh_host=172.16.1.51
[nfs_group]
nfs ansible_ssh_host=172.16.1.31
[bakcup_group]
backup ansible_ssh_host=172.16.1.41
# 4.公钥发送脚本
[Tue Aug 17 23:12:11 root@m01 /ansible_project]
# cat /root/ssh_key.sh
#!/bin/bash
. /etc/init.d/functions
ip='5 6 7 8 9 31 41 51 61'
passwd=1
for n in $ip;do
ping -c 1 172.16.1.$n &>/dev/null
if [ $? -eq 0 ];then
sshpass -p $passwd ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.1.$n &>/dev/null
if [ $? -eq 0 ];then
action "172.16.1.$n ssh-key" /bin/true
else
action "172.16.1.$n ssh-key" /bin/false
fi
fi
done
# 5.推送公钥
[Tue Aug 17 23:13:38 root@m01 /ansible_project]
# sh /root/ssh_key.sh
172.16.1.7 ssh-key [ OK ]
172.16.1.8 ssh-key [ OK ]
172.16.1.31 ssh-key [ OK ]
172.16.1.41 ssh-key [ OK ]
172.16.1.51 ssh-key [ OK ]
4.因为是先安装rsync 所以我们先配置rsync项目,进入到rsync目录中
[Tue Aug 17 04:38:50 root@m01 /ansible_project/rsync]
# cp /root/ansible/rsyncd.conf /ansible_project/rsync
[Tue Aug 17 05:31:21 root@m01 /ansible_project]
# vim rsync/install_rsync.yml
- name: Install Rsyncd
yum:
name: "{{ pkg }}"
state: present
when: ansible_hostname == 'backup' or ansible_hostname == 'nfs'
[Tue Aug 17 05:15:28 root@m01 /ansible_project/rsync]
# vim config_rsync.yml
- name: Configure Rsyncd Conf
copy:
src: /ansible_project/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
notify: Restarted rsyncd
when: ansible_hostname == 'backup'
- name: Create Passwd File
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'backup'
- name: Create backup Directory
file:
path: /backup
owner: www
group: www
state: directory
when: ansible_hostname == 'backup'
[Tue Aug 17 05:17:05 root@m01 /ansible_project/rsync]
# vim start_rsync.yml
- name: Start Rsync
service:
name: rsyncd
state: started
enabled: yes
when: ansible_hostname == 'backup'
[Tue Aug 17 05:13:39 root@m01 /ansible_project]
# vim task.yml
- hosts: all
tasks:
- include_tasks: rsync/install_rsync.yml
- include_tasks: rsync/config_rsync.yml
- include_tasks: rsync/start_rsync.yml
[Tue Aug 17 05:23:28 root@m01 /ansible_project]
# mkdir group_vars
mkdir host_vars
[Tue Aug 17 05:23:58 root@m01 /ansible_project]
# vim host_vars/backup
pkg: rsync
[Tue Aug 17 05:26:55 root@m01 /ansible_project]
# vim host_vars/nfs
pkg: rsync
base项目(基础优化)
[Tue Aug 17 23:21:19 root@m01 /ansible_project]
# mkdir base
cd base
[Tue Aug 17 23:22:01 root@m01 /ansible_project/base]
# vim base.yml
- name: Stop Firewalld
service:
name: firewalld
state: stopped
- name: Disabled Selinux
selinux:
state: disabled
- name: Create {{ name }} Group
group:
name: "{{ name }}"
gid: "{{ id }}"
- name: Create {{ name }} User
user:
name: "{{ name }}"
uid: "{{ id }}"
group: "{{ name }}"
shell: /sbin/nologin
create_home: no
- name: File Limits
pam_limits:
domain: '*'
limit_type: '-'
limit_item: nofile
value: '65535'
所有变量
[Tue Aug 17 23:25:59 root@m01 /ansible_project]
# vim group_vars/all
name: www
id: 666
backup_dir: backup
data_dir: data
nfs_ip: 172.16.1.0/24
install_sersync_dir: app
rsync_passwd_file: /etc/rsync.passwd
rsync_user: rsync_backup
rsync_passwd: 123
rsync项目
# 1.先决条件
[Tue Aug 17 23:26:35 root@m01 /ansible_project]
# cd rsync/
[Tue Aug 17 23:28:21 root@m01 /ansible_project/rsync]
# cp /root/ansible/rsyncd.conf /ansible_project/rsync
[Tue Aug 17 23:28:52 root@m01 /ansible_project/rsync]
# ll
total 4
-rw-r--r-- 1 root root 285 Aug 17 23:28 rsyncd.conf
[Tue Aug 17 23:30:07 root@m01 /ansible_project/rsync]
# cat rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
# 2.rsync playbook
## rsync安装
[Tue Aug 17 23:32:10 root@m01 /ansible_project/rsync]
# vim install_rsync.yml
- name: Install rsync
yum:
name: rsync
state: present
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
## rsync配置
[Tue Aug 17 23:35:17 root@m01 /ansible_project/rsync]
# vim config_rsync.yml
- name: Configure Rsync Server
copy:
src: ./rsyncd.conf
dest: /etc/rsyncd.conf
notify: restart rsync
when: ansible_hostname == 'backup'
- name: Create backup Dir
file:
path: /backup
owner: "{{ name }}"
group: "{{ name }}"
state: directory
when: ansible_hostname == 'backup'
- name: Create Passwd File
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
when: ansible_hostname == 'backup'
## rsync启动
[Tue Aug 17 23:37:43 root@m01 /ansible_project/rsync]
# vim start_rsync.yml
- name: Start Rsync
service:
name: rsyncd
state: started
enabled: yes
when: ansible_hostname == 'backup'
# 注意当定义变量之后rsyncd.conf中的相关内容需要更改:
[Wed Aug 18 01:23:15 root@m01 /ansible_project/rsync]
# cat rsyncd.conf
uid = {{ name }}
gid = {{ name }}
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = {{ rsync_user }}
secrets file = {{ rsync_passwd_file }}
log file = /var/log/rsyncd.log
#####################################
[{{ backup_dir }}]
comment = welcome to oldboyedu backup!
path = /{{ backup_dir }}
#config_rsync.yml这个文件中的变量也需要更改:
[Wed Aug 18 01:31:31 root@m01 /ansible_project/rsync]
# cat config_rsync.yml
- name: Configure Rsync Server
copy:
src: ./rsyncd.conf
dest: /etc/rsyncd.conf
notify: restart rsync
when: ansible_hostname == 'backup'
- name: Create {{ backup_dir }} Dir
file:
path: /{{ backup_dir }}
owner: "{{ name }}"
group: "{{ name }}"
state: directory
when: ansible_hostname == 'backup'
- name: Create Passwd File
copy:
content: "{{ rsync_user }}:{{ rsync_passwd }}"
dest: "{{ rsync_passwd_file }}"
mode: 0600
when: ansible_hostname == 'backup'
nfs项目
# 1.nfs playbook
## nfs 安装
[Tue Aug 17 23:39:01 root@m01 /ansible_project]
# cd nfs/
[Tue Aug 17 23:39:07 root@m01 /ansible_project/nfs]
# vim install_nfs.yml
- name: Install NFS
yum:
name: nfs-utils
when: ansible_hostname != 'db01'
# (注意一下这里选择是不是db01的都安装 如果后期服务器更多台 那这里就要注意是否这么写了)
## nfs 配置
[Tue Aug 17 23:45:37 root@m01 /ansible_project/nfs]
# vim config_nfs.yml
- name: Configure NFS Conf
copy:
content: /{{ data_dir }} {{ nfs_ip }}(rw,sync,all_squash,anonuid={{ id }},anongid={{ id }})
dest: /etc/exports
notify: restart nfs
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
- name: Create {{ data_dir }} Dir
file:
path: /{{ data_dir }}
state: directory
owner: "{{ name }}"
group: "{{ name }}"
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
## nfs启动
[Tue Aug 17 23:47:48 root@m01 /ansible_project/nfs]
# vim start_nfs.yml
- name: Start NFS
service:
name: nfs-server
state: started
enabled: yes
when: ansible_hostname == 'nfs' or ansible_hostname == 'backup'
sersync项目
# 1.先决条件
[Tue Aug 17 23:51:27 root@m01 /ansible_project]
# cd sersync/
[Tue Aug 17 06:17:25 root@m01 /ansible_project/sersync]
# cp /root/ansible/sersync2.5.4_64bit_binary_stable_final.tar.gz .
[Tue Aug 17 06:22:30 root@m01 /ansible_project/sersync]
# cp /root/ansible/conf.xml .
[Tue Aug 17 06:22:30 root@m01 /ansible_project/sersync]
cp /root/ansible/sersyncd.service .
[Tue Aug 17 23:52:27 root@m01 /ansible_project/sersync]
# ll
total 720
-rw-r--r-- 1 root root 2214 Aug 17 23:52 conf.xml
-rw-r--r-- 1 root root 727290 Aug 17 23:51 sersync2.5.4_64bit_binary_stable_final.tar.gz
-rw-r--r-- 1 root root 362 Aug 17 23:52 sersyncd.service
(修改压缩包包名)
[Wed Aug 18 00:00:48 root@m01 /ansible_project/sersync]
# mv sersync2.5.4_64bit_binary_stable_final.tar.gz sersync2.tar.gz
# 2.sersync playbook
## 安装sersync
[Tue Aug 17 23:52:29 root@m01 /ansible_project/sersync]
# vim install_sersync.yml
- name: Create {{ install_sersync_dir }} Dir
file:
path: /{{ install_sersync_dir }}
state: directory
when: ansible_hostname == 'nfs'
- name: Install Sersync
unarchive:
src: ./sersync2.tar.gz
dest: /{{ install_sersync_dir }}
when: ansible_hostname == 'nfs'
## 配置 sersync
[Tue Aug 17 23:54:54 root@m01 /ansible_project/sersync]
# vim config_sersync.yml
- name: Push All File
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: "./conf.xml",dest: "/{{ install_sersync_dir }}/GNU-Linux-x86/confxml.xml"}
- {src: "./sersyncd.service",dest: "/usr/lib/systemd/system/sersyncd.service"}
notify: restart sersync
when: ansible_hostname == 'nfs'
- name: Sersync Passwd File
copy:
content: "{{ rsync_passwd }}"
dest: "{{ rsync_passwd_file }}"
mode: 0600
when: ansible_hostname == 'nfs'
## 启动sersync
[Tue Aug 17 23:57:05 root@m01 /ansible_project/sersync]
# vim start_sersync.yml
- name: Start Sersync
service:
name: sersyncd
state: started
enabled: yes
when: ansible_hostname == 'nfs'
注意其中conf.xml需要修改相关的变量其中变动的是: <localpath watch="/{{ data_dir }}"> <remote ip="172.16.1.41" name="{{ backup_dir }}"/> ,<auth start="true" users="{{ rsync_user }}" passwordfile="{{ rsync_passwd_file }}"/>
mariadb项目
# 1.期中架构,准备sql文件 (这个注意看前期视频或者咨询清楚了)
# 2.mariadb playbook
## 安装mariadb
[Wed Aug 18 00:03:40 root@m01 /ansible_project]
# cd mariadb/
[Wed Aug 18 00:03:47 root@m01 /ansible_project/mariadb]
# vim install_mariadb.yml
- name: Install Maraidb
yum:
name:
- mariadb-server
- MySQL-python
when: ansible_hostname == 'db01'
## 启动mariadb
[Wed Aug 18 00:04:59 root@m01 /ansible_project/mariadb]
# vim start_mariadb.yml
- name: Start Mariadb
service:
name: mariadb
state: started
enabled: yes
when: ansible_hostname == 'db01'
## 创建用户 库
[Wed Aug 18 00:06:50 root@m01 /ansible_project/mariadb]
# vim config_mariadb.yml
- name: Create Database
mysql_db:
name: "{{ item.name }}"
state: present
encoding: utf8
with_items:
- {name: "wordpress"}
- {name: "zh"}
when: ansible_hostname == 'db01'
- name: Create User
mysql_user:
name: "{{ item.name }}"
priv: "{{ item.priv }}"
host: "{{ item.host }}"
state: present
password: "{{ item.password }}"
with_items:
- {name: "wordpress",priv: "wordpress.*:ALL",host: "172.16.1.%",password: "123"}
when: ansible_hostname == 'db01'
nginx项目
# 1.先决条件
[Wed Aug 18 00:11:20 root@m01 /ansible_project]
# cd nginx/
[Wed Aug 18 00:11:25 root@m01 /ansible_project/nginx]
# cp /root/ansible/nginx.conf .
[Wed Aug 18 00:11:53 root@m01 /ansible_project/nginx]
# cp /root/ansible/blog.wk.com.conf .
[Wed Aug 18 00:12:04 root@m01 /ansible_project/nginx]
# ll
total 8
-rw-r--r-- 1 root root 280 Aug 18 00:12 blog.wk.com.conf
-rw-r--r-- 1 root root 1175 Aug 18 00:11 nginx.conf
# 2.nginx playbook
## 安装nginx
[Wed Aug 18 00:12:07 root@m01 /ansible_project/nginx]
# vim install_nginx.yml
- name: Install Nginx
yum:
name: nginx
when: ansible_hostname is match 'web*'
## 配置nginx
[Wed Aug 18 00:13:55 root@m01 /ansible_project/nginx]
# vim config_nginx.yml
- name: Push Nginx Conf
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: "./nginx.conf",dest: "/etc/nginx/nginx.conf"}
- {src: "./blog.wk.com.conf",dest: "/etc/nginx/conf.d/blog.wk.com.conf"}
when: ansible_hostname is match 'web*'
## 启动nginx
[Wed Aug 18 00:15:32 root@m01 /ansible_project/nginx]
# vim start_nginx.yml
- name: Start Nginx
service:
name: nginx
state: started
enabled: yes
when: ansible_hostname is match 'web*'
php项目
# 1.先决条件
[Wed Aug 18 00:17:48 root@m01 /ansible_project]
# cd php/
[Wed Aug 18 00:17:51 root@m01 /ansible_project/php]
# cp /root/ansible/php.tgz .
[Wed Aug 18 00:18:52 root@m01 /ansible_project/php]
# cp /root/ansible/www.conf .
[Wed Aug 18 00:19:23 root@m01 /ansible_project/php]
# ll
total 19236
-rw-r--r-- 1 root root 19674604 Aug 18 00:18 php.tgz
-rw-r--r-- 1 root root 17992 Aug 18 00:19 www.conf
# 2.php playbook
## 安装php
[Wed Aug 18 00:19:46 root@m01 /ansible_project/php]
# vim install_php.yml
- name: Tar PHP
unarchive:
src: ./php.tgz
dest: /tmp
when: ansible_hostname is match 'web*'
- name: panduan PHP
shell: 'rpm -qa|grep php'
register: get_php
ignore_errors: yes
when: ansible_hostname is match 'web*'
- name: Install PHP
shell: 'rpm -Uvh /tmp/*.rpm'
when: (ansible_hostname == 'web01' and get_php.rc != 0) or (ansible_hostname == 'web02' and get_php.rc != 0)
## 配置php
[Wed Aug 18 00:22:45 root@m01 /ansible_project/php]
# vim config_php.yml
- name: Push PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: "./www.conf",dest: "/etc/php-fpm.d/www.conf"}
notify:
- restart php
- chmod sock
when: ansible_hostname is match 'web*'
## 启动php
[Wed Aug 18 00:24:39 root@m01 /ansible_project/php]
# vim start_php.yml
- name: Start PHP
service:
name: php-fpm
state: started
enabled: yes
when: ansible_hostname is match 'web*'
#注意PHP项目中的www.conf配置文件里的相关变量不需要去更改 因为这里面有很多特殊符号 jinja模板读取之后不认识里面的变量 所有还是用原来的
或者也可以使用相关命令 grep -Ev '^;|^$' www.conf 把相关的内容取出来之后 在重新放进www.conf配置文件中 那就可以继续用jinja模板 然后config_php.yml中的copy就可以换成template
wordpress项目
[Wed Aug 18 00:27:28 root@m01 /ansible_project]
# mkdir wordpress
[Wed Aug 18 00:28:09 root@m01 /ansible_project]
# cd wordpress/
[Wed Aug 18 00:28:43 root@m01 /ansible_project/wordpress]
# cp /root/ansible/wordpress-5.7.2-zh_CN.tar.gz .
[Wed Aug 18 00:29:23 root@m01 /ansible_project/wordpress]
# mv wordpress-5.7.2-zh_CN.tar.gz latest.tar.gz
[Wed Aug 18 00:30:13 root@m01 /ansible_project/wordpress]
# ll
total 16048
-rw-r--r-- 1 root root 16429648 Aug 18 00:29 latest.tar.gz
[Wed Aug 18 00:30:16 root@m01 /ansible_project/wordpress]
# vim install_wordpress.yml
- name: Create code Dir
file:
path: /code
state: directory
owner: "{{ name }}"
group: "{{ name }}"
when: ansible_hostname is match 'web*'
- name: Install Wordpress
unarchive:
src: ./latest.tar.gz
dest: /code
owner: "{{ name }}"
group: "{{ name }}"
when: ansible_hostname is match 'web*'
- name: Create uploads
file:
path: /code/wordpress/wp-content/uploads
state: directory
owner: "{{ name }}"
group: "{{ name }}"
when: ansible_hostname is match 'web*'
- name: chmod nginx
file:
path: /var/lib/nginx
owner: "{{ name }}"
group: "{{ name }}"
recurse: yes
when: ansible_hostname is match 'web*'
mount挂载
[Wed Aug 18 00:46:31 root@m01 /ansible_project]
# mkdir mount
[Wed Aug 18 00:46:39 root@m01 /ansible_project]
# cd mount/
#挂载wordpress
[Wed Aug 18 00:46:50 root@m01 /ansible_project/mount]
# vim mounted_wordpress.yml
- name: mounted wordpress
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/{{ data_dir }}
fstype: nfs
state: mounted
when: ansible_hostname is match 'web*'
task入口文件
[Wed Aug 18 01:05:07 root@m01 /ansible_project]
# vim task.yml
- hosts: all
tasks:
- include_tasks: base/base.yml
- include_tasks: rsync/install_rsync.yml
- include_tasks: rsync/config_rsync.yml
- include_tasks: rsync/start_rsync.yml
- include_tasks: nfs/install_nfs.yml
- include_tasks: nfs/config_nfs.yml
- include_tasks: nfs/start_nfs.yml
- include_tasks: sersync/install_sersync.yml
- include_tasks: sersync/config_sersync.yml
- include_tasks: sersync/start_sersync.yml
- include_tasks: mariadb/install_mariadb.yml
- include_tasks: mariadb/start_mariadb.yml
- include_tasks: mariadb/config_mariadb.yml
- include_tasks: nginx/install_nginx.yml
- include_tasks: nginx/config_nginx.yml
- include_tasks: nginx/start_nginx.yml
- include_tasks: php/install_php.yml
- include_tasks: php/config_php.yml
- include_tasks: php/start_php.yml
- include_tasks: wordpress/install_wordpress.yml
- include_tasks: mount/mounted_wordpress.yml
handlers:
- name: restart rsync
service:
name: rsyncd
state: restarted
- name: restart nfs
service:
name: nfs-server
state: restarted
- name: restart sersync
service:
name: sersyncd
state: restarted
- name: restart nginx
service:
name: nginx
state: reloaded
- name: restart php
service:
name: php-fpm
state: restarted
- name: chmod sock
file:
path: /dev/shm/php71w.sock
owner: "{{ name }}"
group: "{{ name }}"
浙公网安备 33010602011771号