ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群

Posted 我的紫霞辣辣

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群相关的知识,希望对你有一定的参考价值。

1. 生成密钥
ssh-keygen

2. 安装sshpass分发公钥命令
yum -y install sshpass.x86_64

4. 编辑批量分发公钥脚本
vim fenfa_pub_key.sh 
# !/bin/bash

for ip in {5,6,7,8,9,31,41,51,71}
do
        echo "===============================start====================================="
        sshpass -p123 ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.$ip "-o StrictHostKeyChecking=no" &>/dev/null
        echo "===============================success==================================="
        echo ""
done

4. 执行脚本文件
bash fenfa_pub_key.sh
- 配置主机清单配置文件
vim /etc/ansible/hosts
# 定义可以管理的主机信息(分发过公钥的主机)
[web]
172.16.1.7 
172.16.1.8 
172.16.1.9 

[lb]
172.16.1.5 
172.16.1.6 

[nfs]
172.16.1.31 

[backup]
172.16.1.41 

[db]
172.16.1.51 

[prometheus]
172.16.1.71  
- 创建roles目录
mkdir -p /ansible/roles
cd /ansible/roles
ansible-galaxy init backup 
ansible-galaxy init nfs
ansible-galaxy init web
ansible-galaxy init lb
ansible-galaxy init db
ansible-galaxy init prometheus
ansible-galaxy init prometheus_db
ansible-galaxy init prometheus_web

- 查看roles目录下的ansible文件路径
tree /ansible/roles/backup
/ansible/roles/backup/
├── defaults					存放自定义的变量值
│   └── main.yml
├── files						放置压缩包,使用文件
├── handlers					执行剧本文件的目录
│   └── main.yml
├── meta
│   └── main.yml
├── README.md
├── tasks						执行文件存放的目录
│   └── main.yml
├── templates					分发的模板文件的目录,模板文件中可以设置变量信息	
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml

8 directories, 8 files
- 整合主剧本文件为执行文件
cd /ansible
vim all.yaml
- hosts: backup
  remote_user: root
  roles:
    - backup

- hosts: nfs
  remote_user: root
  roles:
    - nfs

- hosts: lb
  remote_user: root
  roles:
    - lb

- hosts: db
  remote_user: root
  roles:
    - db

- hosts: web
  remote_user: root
  roles:
    - web

- hosts: prometheus
  remote_user: root
  roles:
    - prometheus

- hosts: lb
  remote_user: root
  roles:
    - prometheus_web

- hosts: web
  remote_user: root
  roles:
    - prometheus_web

- hosts: db
  remote_user: root
  roles:
    - prometheus_db
- 编写主剧本文件
cd /ansible
vim backup.yaml
- hosts: backup
  remote_user: root
  roles:
    - backup

vim nfs.yaml
- hosts: nfs
  remote_user: root
  roles:
    - nfs

vim lb.yaml
- hosts: lb
  remote_user: root
  roles:
    - lb
    
vim db.yaml
- hosts: db
  remote_user: root
  roles:
    - db
    
vim web.yaml
- hosts: web
  remote_user: root
  roles:
    - web

vim prometheus.yaml
- hosts: prometheus
  remote_user: root
  roles:
    - prometheus

- hosts: lb
  remote_user: root
  roles:
    - prometheus_web

- hosts: web
  remote_user: root
  roles:
    - prometheus_web

- hosts: db
  remote_user: root
  roles:
    - prometheus_db
编写backup的剧本文件
cd /ansible/roles/backup/tasks
vim install.yaml
# 安装rsync
- name: 01-Install Rsyncd Server
  yum: name=rsync state=installed

vim conf_file.yaml
# rsync配置文件推送
- name: 02-Rsync Config
  template: src=rsyncd.conf dest=/etc
#  notify: restart rsync server				# 如果rsyncd.conf配置文件发生变化,重启rsync服务
  
vim user_add.yaml
# 创建虚拟用户
- name: 03-Useradd
  user: name=www create_home=no shell=/sbin/nologin

vim backup_dir.yaml 
# 创建backup备份目录
- name: 04-Create backup_dir 
  file: dest=/backup state=directory owner=www group=www

- name: 05-Create backup_database_dir	  
  file: dest=/backup/database state=directory owner=www group=www 

- name: 06-Create backup_web_dir
  file: dest=/backup/web state=directory owner=www group=www  

vim passwd.yaml 
# 创建密码文件
- name: 07-passwd
  copy: content='lala:123' dest=/etc/rsybc.passed mode=600

vim start.yaml
# 启动rsync服务
- name: 08-start Rsyncd Server
  service: name=rsyncd state=started enabled=yes

整合backup剧本文件
vim main.yaml 				
- include: install.yaml
- include: conf_file.yaml
- include: user_add.yaml
- include: backup_dir.yaml
- include: passwd.yaml
- include: start.yaml

负责接收notify信号文件
cd /ansible/roles/nfs/handlers
vim main.yml 
# 负责接收notify的通知
- name: restart nfs server
  service: name=nfs state=restarted
  
创建需要推送的配置文件rsyncd.conf
cd /ansible/roles/backup/templates
vim rsyncd.conf
uid = www				
gid = www			
port = 873						
fake super = yes				
use chroot = no					
max connections = 200			
timeout = 600					
ignore errors					
read only = false				
list = false				
auth users = lala				
secrets file = /etc/rsync.passwd			
log file = /var/log/rsyncd.log				
#################################################################################
[web]											
comment="前端代码的仓库"						
path=/backup/web

[database]
comment="数据库备份"
path=/backup/database

[download]
comment="上传文件备份"
path=/backup/download							
编写nfs剧本文件
cd /ansible/roles/nfs/tasks/
vim install.yaml 
# 下载nfs服务
- name: install nfs rpc-bind 
  yum:
    name: ["nfs-utils","rpcbind"]
    state: installed

vim user_add.yaml
# 创建共享目录用户
- name: Create www User
  user: name=www create_home=no shell=/sbin/nologin

vim conf_file.yaml
#推送配置文件
- name: Create nfs conf_file
  template: src=exports dest=/etc/ owner=root
                                      
vim nfs_dir.yaml
#创建挂载目录并授权
- name: Create nfs_web Directory
  file: path=/nfs/web state=directory owner=www group=www

- name: Create nfs_conf Directory
  file: path=/nfs/conf state=directory owner=www group=www

- name: Create nfs_database Directory
  file: path=/nfs/database state=directory owner=www group=www

- name: Create nfs_download Directory
  file: path=/nfs/download state=directory owner=www group=www

- name: rm web file
  shell: rm -rf /nfs/web/*

- name: scp test_file
  unarchive: src=/ansible/ansible/test.zip dest=/nfs/web/ 

- name: chown NFS 
  shell: chown -R www.www /nfs/
      
vim start.yaml
# 启动nfs-server服务
- name: start NFS Server
  service: name=nfs-server state=started enabled=yes

vim passwd.yaml 
# 创建sersync密码文件
- name: Create NFS rsync_passwd
  copy: content='123' dest=/etc/rsync.passed mode=600 
  
vim sersync.yaml
# 推送sersync压缩包
- name: scp sersync file
  unarchive: src=/ansible/ansible/sersync2.5.4_64bit_binary_stable_final.tar.gz dest=/usr/local/

# 推送sersync配置文件
- name: create sersync file
  template: src=confxml.xml dest=/usr/local/GNU-Linux-x86/confxml.xml
   
# 启动sersync服务   
- name: start sersync
  shell: /usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml

整合nfs剧本文件
vim main.yml
- include: install.yaml
- include: user_add.yaml
- include: conf_file.yaml
- include: nfs_dir.yaml
- include: start.yaml
- include: passwd.yaml
- include: sersync.yaml

创建需要推送的配置文件和压缩包
mkdir -p /ansible/ansible
cd /ansible/ansible
rz -E sersync2.5.4_64bit_binary_stable_final.tar.gz  
rz -E test.zip

cd /ansible/roles/nfs/templates
vim exports 
/nfs/web          172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/conf         172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/database     172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)

vim confxml.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
    <host hostip="localhost" port="8008"></host>
    <debug start="false"/>
    <fileSystem xfs="false"/>
    <filter start="false">
        <exclude expression="(.*)\\.svn"></exclude>
        <exclude expression="(.*)\\.gz"></exclude>
        <exclude expression="^info/*"></exclude>
        <exclude expression="^static/*"></exclude>
    </filter>
    <inotify>
    # 监控的动作,true就推送,false就不推送
        <delete start="true"/>
        <createFolder start="true"/>
        <createFile start="true"/>
        <closeWrite start="true"/>
        <moveFrom start="true"/>
        <moveTo start="true"/>
        <attrib start="true"/>
        <modify start="true"/>
    </inotify>

    <sersync>
    # 监控的⽬录
        <localpath watch="/mnt/data">
                #rsync服务端IP                   #模块名字
            <remote ip="172.16.1.41" name="nana"/>
            <!--<remote ip="192.168.8.39" name="tongbu"/>-->
            <!--<remote ip="192.168.8.40" name="tongbu"/>-->
        </localpath>
        <rsync>
                # rsync推送时的参数
            <commonParams params="-az"/>
            # rsync推送时认证 #认证的虚拟⽤户 #虚拟⽤户对应的密码⽂件
            <auth start="true" users="lala" passwordfile="/etc/rsync.passwd"/>
            # 如果rsync不使⽤默认的873端⼝,使⽤改参数指定
            <userDefinedPort start="false" port="873"/><!-- port=874 -->
            # 超时时间
            <timeout start="false" time="100"/><!-- timeout=100 -->
            <ssh start="false"/>
        </rsync>
        # 错误⽇志保存路径
        <failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
        # 定时任务,设置多久进⾏⼀次全量备份
        <crontab start="false" schedule="600"><!--600mins-->
            <crontabfilter start="false">
                <exclude expression="*.php"></exclude>
                <exclude expression="info/*"></exclude>
            </crontabfilter>
        </crontab>
        <plugin start="false" name="command"/>
    </sersync>

    <plugin name="command">
        <param prefix="/bin/sh" suffix="" ignoreError="true"/>  <!--prefix /opt/tongbu/mmm.sh suffix-->
        <filter start="false">
            <include expression="(.*)\\.php"/>
            <include expression="(.*)\\.sh"/>
        </filter>
    </plugin>

    <plugin name="socket">
        <localpath watch="/opt/tongbu">
            <deshost ip="192.168.138.20" port="8009"/>
        </localpath>
    </plugin>
    <plugin name="refreshCDN">
        <localpath watch="/data0/htdocs/cms.xoyo.com/site/">
            <cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
            <sendurl base="http://pic.xoyo.com/cms"/>
            <regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
        </localpath>
    </plugin>
</head>                                    
编写lb(负载均衡+keepalived高可用)剧本文件		
cd /ansible/roles/lb/tasks
vim install.yaml
# yum安装epel源
- name: yum install epel
  yum: name=epel-release state=installed

- name: yum repolist
  shell: yum repolist
  
# 安装nginx 
- name: install nginx
  yum: name=nginx state=installed

# 安装keepalived
- name: install keepalived
  yum: name=keepalived state=installed              

vim user_add.yaml
# 创建用户组       
- name: create www group
  group: name=www gid=1000
  
# 创建用户
- name: create www user
  user: name=www uid=1000 group=www

vim conf_file.yaml
# nginx配置文件推送
- name: scp nginx Config
  template: src=nginx.conf dest=/etc/nginx/nginx.conf owner=www

# 负载均衡配置文件推送
- name: scp nginx Config
  template: src=lb.conf dest=/etc/nginx/conf.d/lb.conf owner=www

# keepalive推送配置文件
- name: scp 01keepalived conf_file
  template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf

- name: scp track_script
  template: src=check_web.sh dest=/etc/keepalived/check_web.sh

- name: create  crontab
  cron: minute='*' job=/etc/keepalived/ name=check_web.sh disabled=yes

vim start.yaml
#启动nginx
- name: Start nginx Server
  service: name=nginx state=started enabled=yes

#启动keepalived
- name: start keepalived
  service: name=keepalived.service state=started enabled=yes

整合lb(负载均衡+keepalived)文件
vim main.yml
- include: install.yaml
- include: user_add.yaml
- include: conf_file.yaml
- include: start.yaml
   
创建需要推送的配置文件
cd /ansible/roles/lb/templates  
vim lb.conf
upstream web {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
        server 172.16.1.9:80;
}

server {
        listen 80;
        server_name www.linux.com;
        location / {
                proxy_pass http://web;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout 30;
        proxy_send_timeout 60;
        proxy_read_timeout 60;

        proxy_buffering on;
        proxy_buffer_size 32k;
        proxy_buffers 4 128k;
        }
}

vim check_web.sh
#!/bin/bash
nginxnum=`ps -ef | grep [n]ginx | wc -l`

if [ $nginxnum -eq 0 ];then
  systemctl start nginx
  
  sleep 3

 nginxnum=`ps -ef | grep [n]ginx | wc -l`

  if [ $nginxnum -eq 0 ];then
    systemctl stop keepalived.service
  fi
fi

vim keepalived.conf
global_defs {
    router_id lb01    # {{ ansible_hostname }}
}

# 设置自定化检测脚本
vrrp_script check_web {
    script "/etc/keepalived/check_web.sh"
    interval 2
}

vrrp_instance VI_1 {
        state BACKUP
        interface eth1
        virtual_router_id 51
        priority 100
        nopreempt
        advert_int 3
        authentication {
            auth_type PASS
            auth_pass 1314
        }
        virtual_ipaddress {
            172.16.1.3
        }
        # 调用脚本
        track_script {
            check_web
        }
}
 
vim nginx.conf
user  www;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}      
编写db剧本文件(mariadb+redis)
cd /ansible/db/tasks
vim epel_install.yaml
#安装epel源
- name: install epel repo
  shell: "yum -y install epel-release"

vim install.yaml
#安装redis
- name: install redis
  yum: name=redis state=installed

#安装mariadb
- name: install mariadb
  yum: name=mariadb,mariadb-server state=installed

#安装nfs和rpcbind
- name: install nfs rpcbind
  yum: name=nfs-utils,rpcbind state=installed
   
vim user_add.yaml
# 用户mysql系统创建
- name: Create mysql_system User
  user: name=mysql group=mysql shell=/sbin/nologin system=yes

vim start.yaml
#启动redis服务
- name: Start redis Service
  service: name=redis state=started
  
#启动mariadb服务
- name: Start mariadb Server
  service: name=mariadb state=started enabled=yes

vim database.yaml 
# 创建数据库管理员
- name: create mysql_admind user
  shell: mysqladmin -uroot password '123'

# shell: mysql -uroot -p123 -e "grant all privileges on *.* to 'root'@'%' identified by '123' with grant option;"
- name: create database user
  shell: mysql -uroot -p123 -e "grant all on *.* to lala@'%' identified by '123';"

# 刷新数据库中的用户表和用户权限
- name:
  shell: mysql -uroot -p123 -e "flush privileges;"

#数据库用户创建  
- name:
  shell: mysql -uroot -p123 -e "create database lala;"

整合mariadb+redis
vim main.yml 
- include: epel_install.yaml
- include: install.yaml
- include: user_add.yaml
- include: start.yaml
# - include: mount.yaml
- include: database.yaml
编写web集群剧本文件
cd /ansible/roles/web/tasks
vim remove_file.yaml
- name: rm nginx_php_nfs file
  shell: find / -name "nginx*" -exec rm -rf {} \\; &>/dev/null
- name: rm php file
  shell: find / -name "php*" -exec rm -rf {} \\; &>/dev/null
- name: rm nfs file
  shell: find / -name "*nfs*" -exec rm -rf {} \\; &>/dev/null

vim repo.yaml
# yum安装epel源
- name: yum install epel
  yum: name=epel-release state=installed

- name: yum repolist
  shell: yum repolist
  
# 推送安装包     
- name: scp php_rpm file
  unarchive: src=/ansible/ansible/php.tar.gz dest=/opt owner=root

# php源推送
# - name: scp php.repo file
#   copy: src=/ansible/ansible/php.repo dest=/etc/yum.repos.d/ owner=root force=yes

- name: yum makecache
  shell: yum makecache

vim install.yaml 
#安装nfs和rpcbind
- name: install nfs rpcbind
  yum: name=nfs-utils,rpcbind state=installed
  
#安装nginx 
- name: install nginx
  yum: name=nginx state=installed

#安装php
- name: install php-fpm
  shell: yum localinstall -y /opt/*rpm
  
#- name: install php-fpm
#  shell: yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71wxml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71wpecl-redis php71w-pecl-mongodb

#启动nfs-server
- name: Start nfs Server
  shell: systemctl restart nfs rpcbind

vim user_add.yaml
#创建用户组       
- name: create www group
  group: name=www gid=1000
    
 #创建用户
- name: create www user
  user: name=www uid=1000 group=www

vim mount.yaml
#创建挂载目录
- name: Create code  Directory
  file: path=/code state=directory owner=www group=www

#使用nfs挂载web
- name: Mount NFS Server
  mount: src=172.16.1.31:/nfs/web path=/code fstype=nfs state=mounted

#使用nfs挂载conf
- name: Mount conf_file  NFS Server
  mount: src=172.16.1.31:/nfs/conf path=/etc/nginx/conf.d/ fstype=nfs state=mounted

vim conf_file.yaml
#nginx配置文件推送
- name: scp nginx_conf file
  template: src=nginx.conf dest=/etc/nginx/nginx.conf owner=root
  
- name: scp ansible_conf file
  copy: src=/ansible/ansible/ansible.conf dest=/etc/nginx/conf.d/ansible.conf owner=www force=yes

#php配置文件推送
- name: scp php_conf file
  copy: src=/ansible/ansible/www.conf dest=/etc/php-fpm.d/www.conf owner=root force=yes

vim start.yaml
#启动nginx
- name: Start nginx Server
  service: name=nginx state=started enabled=yes

#启动php-server
- name: Start php Server
  service: name=php-fpm.service state=started enabled=yes

整合web剧本文件
vim main.yml
# - include: remove_file.yaml
- include: repo.yaml
- include: install.yaml
- include: user_add.yaml
- include: mount.yaml
- include: conf_file.yaml
- include: start.yaml

创建需要推送的配置文件和压缩包
cd /ansible/ansible
rz -E php.tar.gz

vim php.repo
[php-web]
name = php
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
enabled=1
gpgcheck = 0

nginx服务配置文件
vim ansible.conf
server {
    listen 80;
    server_name localhost;
        root /code;
        index index.html index.php;

    location ~* \\.php$ {
        root /code;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
     }
}

php服务配置文件
vim www.conf
; Start a new pool named 'www'.
[www]
...
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
...

cd /ansible/roles/web/t

以上是关于ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群的主要内容,如果未能解决你的问题,请参考以下文章

Linux:综合架构批量管理服务(ansible)-- 下

ansible-playbook一键化部署apache服务

如何控制Ansible Playbook的执行顺序运行选定的剧本资源

如何控制Ansible Playbook的执行顺序运行选定的剧本资源

ansible 一键安装mysql

ansible——playbook剧本