title: 通过Playbook部署LAMP(5) date: 2018-12-03 13:24:07 tags: Ansible categories: Ansible copyright: true --- Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具 (puppet、cfengine、chef、func、
title: 通过Playbook部署LAMP(5)
date: 2018-12-03 13:24:07
tags:
- Ansible
categories: Ansible
copyright: true
---
Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具 (puppet、cfengine、chef、func、fabric) 的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能,Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架.
LAMP 架构也是我们每个运维人员熟知的一种网站架构,它是 Linux+Apachc+MariaDB 以及(PHP,Perl,Python)语言的首字母简称,这种网站架构很容易实现跨主机的横向与纵向扩展,可快速组建一个庞大的 Wcb 集群系统,本章我们通过 Ansible 自动化部署 LAMP 架构,这个架构也是我们日常运维过程中经常遇到的一个架构.
Ansible的PlayBook文件格式为YAML语言,所以希望你在编写PlayBook前对YAML语法有一定的了解,否则在运行PlayBook的时候经常碰到语法错误提示,这里我们通过介绍批量部署LAMP为例,介绍一下LAMP.yml这个PlayBook的具体应用写法,如果你对YAML语言没有了解的话,请自行去百度学习.
创建准备环境
首先,我们有两台虚拟机192.168.10.20 and 192.168.10.30 这两台虚拟机,下面我们将写一个剧本实现批量部署LAMP环境,在这之前我们需要先创建SSH密钥对并分发到每一台的主机上去.
[[email protected] ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:xZxM9bunwBsS03gGT5HGT4LvOnJHdr5Bwl/Iit7qQN8 [email protected] The keys randomart image is: +---[RSA 2048]----+ | .+o. | | =..=o. | | Bo.+. | | . B...o | | S +.B = .| | . . O+=.o | | . ++Eo+ .| | .o+o.+.+ | | +++o o. | +----[SHA256]-----+ [[email protected] ~]# ssh-copy-id [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 192.168.10.20 (192.168.10.20) can t be established. ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM. ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef. Are you sure you want to continue connecting (yes/no)? yes [email protected] s password: [[email protected] ~]# ssh-copy-id [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 192.168.10.30 (192.168.10.30) cant be established. ECDSA key fingerprint is SHA256:2kWFaV72YVvAl2EU2Zop4uAjP3Gy2jW92d0Va/HrSMM. ECDSA key fingerprint is MD5:fc:6c:91:b0:02:e6:7e:98:52:af:0d:b3:47:d4:69:ef. Are you sure you want to continue connecting (yes/no)? yes [email protected]'s password:
其次创建一个目录用于存放剧本中需要用到的数据文件等,这里我们只创建两个index文件,用于后期的测试,如果你有一些配置文件需要拷贝,此时应该提前准备好.
[[email protected] ~]# mkdir playbook
[[email protected] ~]# ls -lh
total 0
drwxr-xr-x. 2 root root 6 Dec 3 10:44 playbook
[[email protected] ~]# cd playbook/
[[email protected] playbook]# ls -lh
total 8.0K
drwxr-xr-x. 2 root root 6 Dec 3 10:46 apache
drwxr-xr-x. 2 root root 6 Dec 3 10:46 mariadb
drwxr-xr-x. 2 root root 6 Dec 3 10:46 php
-rw-r--r--. 1 root root 30 Dec 3 10:45 index.html
-rw-r--r--. 1 root root 29 Dec 3 10:46 index.php
[[email protected] playbook]# cat index.html
hello lyshark
www.mkdirs.com
[[email protected] playbook]# cat index.php
<?php
phpinfo();
?>
接着创建一个用户主机列表,这里我们就在当前目录下创建一个Hosts文件即可,如果有很多太主机可以使用简写.
[[email protected] playbook]# vim hosts [[email protected] playbook]# cat hosts [lamp] 192.168.10.20 192.168.10.30 #[test] #此处注释,只做说明,定义从20-100网段的主机 #192.168.10.2[0:100]
编写Apache安装过程
这里由于我们是第一次编写剧本,所有我们应该先创建一个文件,编写一个main.yml剧本,我们来写一个安装apache软件的剧本,先来看一下这个PlayBook的部分代码:
---
- hosts: lamp
tasks:
- name: Yum install httpd
yum: name={{item}} state=installed
with_items:
- apr
- apr-util
- httpd
- httpd-devel
- name: copy index.html
template: src=./index.html dest=/var/www/html/index.html owner=root group=root mode=0755
- name: copy index.php
template: src=./index.php dest=/var/www/html/index.php owner=root group=root mode=0755
notify: #上一个命令执行成功,才会执行notify
- start httpd
handlers:
- name: start httpd
service: name=httpd state=restarted
第一项:hosts指定哪些主机执行操作,此处我们将主机列表规划成了lamp组,也就是说LAMP组成员都会执行.
第二项:tasks是应用yum模块来安装apache服务程序包,name是说明信息,说明这个模块的功能.
第四项:with_items是一个迭代器,用来批量安装以下列出的包文件,此处就是apache的相关文件.
第五项:template是一个远程复制模块,目的是将当前目录下的index配置文件复制到远程主机上去.
第六项:notify发送消息的作用,这里目的是发送给名称是start httpd的handlers让其执行操作.
这里有个注意的地方就是关于上方写了两个Copy才完成了复制,其实我们可以把它们放入一个迭代器里,代码如下:
- name: copy index.html and index.php
copy: src={{item.src}} dest={{item.dest}} owner=root group=root mode=644
with_items:
- {src: ./index.html,dest:/var/www/html/index.html}
- {src: ./index.php,dest:/var/www/html/index.php}
接着写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[[email protected] playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
编写MariaDB安装过程
接下来我们,继续编辑main.yml剧本,写一个安装mariadb数据库的剧本,由于无需规范化,所以我们就把他们写在一个剧本里就可以了,先来看一下这个PlayBook的部分代码:
- hosts: lamp
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
notify:
- start mariadb
- name: set mysql password
shell: mysql -e "set password for [email protected]=password('123123');"
handlers:
- name: start mariadb
service: name=mariadb state=restarted
上图的例子,我们在安装Mariadb数据库时,可以使用shell模块直接赋值初始密码,也可以使用下面声明变量并调用mysql_user系统模块完成数据库密码的设置,需要注意的是,如果使用系统模块的话,被控主机必须安装MySQL-python包.
- hosts: lamp
vars:
- username: root #这里声明两个变量
- password: 123123
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
- MySQL-python #如果要使用MySQL函数,这里需要安装这个包
notify:
- start mariadb
# - name: set mysql password
# shell: mysql -e "set password=password('123123');"
- name: set mysql password #这里使用两个变量来赋值
mysql_user: name={{username}} password={{password}} priv=*.*:ALL host='localhost' state=present
handlers:
- name: start mariadb
service: name=mariadb state=restarted
写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[[email protected] playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
编写PHP环境安装过程
最后编辑main.yml剧本,来写一个安装PHP的剧本,先来看一下这个PlayBook的部分代码:
- hosts: lamp
tasks:
- name: install PHP
yum: name={{item}} state=installed
with_items:
- php
- php-mysql
notify:
- start apache
handlers:
- name: start apache
service: name=apache state=restarted
写完了这些配置以后,我们运行下面的几条命令,检查一下上面的文件是否有语法错误,和检查主机列表是否生效了.
[[email protected] playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
将剧本合并起来并执行
将剧本串联起来,然后我们在最后再次添加以下内容,目的是关闭防火墙,关闭SELinux,重启http服务.
- hosts: lamp
tasks:
- name: check iptables
shell: iptables -F
- name: check selinux
shell: setenforce 0
- name: restart httpd
shell: systemctl restart httpd
最后我们得到了,整个LAMP的剧本安装过程,完整代码如下所示:
[[email protected] playbook]# cat main.yml
---
- hosts: lamp
tasks:
- name: yum install httpd
yum: name={{item}} state=installed
with_items:
- apr
- apr-util
- httpd
- httpd-devel
- name: copy index.html
template: src=./index.html dest=/var/www/html/index.html owner=root group=root mode=0755
- name: copy index.php
template: src=./index.php dest=/var/www/html/index.php owner=root group=root mode=0755
notify:
- Start httpd
handlers:
- name: Start httpd
service: name=httpd state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: install mariadb
yum: name={{item}} state=installed
with_items:
- mariadb
- mariadb-server
notify:
- start mariadb
- name: set mysql password
shell: mysql -e "set password for [email protected]=password('123123');"
handlers:
- name: start mariadb
service: name=mariadb state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: install PHP
yum: name={{item}} state=installed
with_items:
- php
- php-mysql
# notify:
# - start apache
# handlers:
# - name: start apache
# service: name=apache state=restarted
#-------------------------------------------------------------------
- hosts: lamp
tasks:
- name: check iptables
shell: iptables -F
- name: check selinux
shell: setenforce 0
- name: restart httpd
shell: systemctl restart httpd
接着我们执行检测程序,检查整体是否有语法错误.
[[email protected] playbook]# ansible-playbook -i hosts main.yml --syntax-check
playbook: main.yml
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-task
playbook: main.yml
play #1 (lamp): lamp TAGS: []
tasks:
yum install httpd TAGS: []
copy index.html TAGS: []
copy index.php TAGS: []
[[email protected] playbook]# ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (lamp): lamp TAGS: []
pattern: [u'lamp']
hosts (2):
192.168.10.20
192.168.10.30
执行剧本: 确认过以后,直接使用下面的命令一键部署,我们写好的PlayBook剧本,此时我们等它一会.
[[email protected] playbook]# ansible-playbook -i hosts main.yml PLAY [lamp] ****************************************************************************** TASK [Gathering Facts] ******************************************************************* ok: [192.168.10.30] ok: [192.168.10.20] ....省略.... PLAY RECAP ******************************************************************************* 192.168.10.20 : ok=5 changed=4 unreachable=0 failed=0 192.168.10.30 : ok=5 changed=4 unreachable=0 failed=0
最后说明,本小结内容通过一个简单案例介绍如何利用 Ansiblc 部署 LAMP 架构,这是 Ansible 在构建集群甚至跨机器部署上面的人门案例,通过本章案例可以清晰地了解到如何用 Ansible 在配置部署过程中实现一个业务逻辑架构,这也是我们在实际工作作中经常遇到的,随着公司业务的扩张,会有很多需要维护和部署的集群架构,而这些繁复的下作对于 Ansible 来说易如反掌.