ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群
Posted 我的紫霞辣辣
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群相关的知识,希望对你有一定的参考价值。
1. 生成密钥
ssh-keygen
2. 安装sshpass分发公钥命令
yum -y install sshpass.x86_64
4. 编辑批量分发公钥脚本
vim fenfa_pub_key.sh
# !/bin/bash
for ip in {5,6,7,8,9,31,41,51,71}
do
echo "===============================start====================================="
sshpass -p123 ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.$ip "-o StrictHostKeyChecking=no" &>/dev/null
echo "===============================success==================================="
echo ""
done
4. 执行脚本文件
bash fenfa_pub_key.sh
- 配置主机清单配置文件
vim /etc/ansible/hosts
# 定义可以管理的主机信息(分发过公钥的主机)
[web]
172.16.1.7
172.16.1.8
172.16.1.9
[lb]
172.16.1.5
172.16.1.6
[nfs]
172.16.1.31
[backup]
172.16.1.41
[db]
172.16.1.51
[prometheus]
172.16.1.71
- 创建roles目录
mkdir -p /ansible/roles
cd /ansible/roles
ansible-galaxy init backup
ansible-galaxy init nfs
ansible-galaxy init web
ansible-galaxy init lb
ansible-galaxy init db
ansible-galaxy init prometheus
ansible-galaxy init prometheus_db
ansible-galaxy init prometheus_web
- 查看roles目录下的ansible文件路径
tree /ansible/roles/backup
/ansible/roles/backup/
├── defaults 存放自定义的变量值
│ └── main.yml
├── files 放置压缩包,使用文件
├── handlers 执行剧本文件的目录
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks 执行文件存放的目录
│ └── main.yml
├── templates 分发的模板文件的目录,模板文件中可以设置变量信息
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
8 directories, 8 files
- 整合主剧本文件为执行文件
cd /ansible
vim all.yaml
- hosts: backup
remote_user: root
roles:
- backup
- hosts: nfs
remote_user: root
roles:
- nfs
- hosts: lb
remote_user: root
roles:
- lb
- hosts: db
remote_user: root
roles:
- db
- hosts: web
remote_user: root
roles:
- web
- hosts: prometheus
remote_user: root
roles:
- prometheus
- hosts: lb
remote_user: root
roles:
- prometheus_web
- hosts: web
remote_user: root
roles:
- prometheus_web
- hosts: db
remote_user: root
roles:
- prometheus_db
- 编写主剧本文件
cd /ansible
vim backup.yaml
- hosts: backup
remote_user: root
roles:
- backup
vim nfs.yaml
- hosts: nfs
remote_user: root
roles:
- nfs
vim lb.yaml
- hosts: lb
remote_user: root
roles:
- lb
vim db.yaml
- hosts: db
remote_user: root
roles:
- db
vim web.yaml
- hosts: web
remote_user: root
roles:
- web
vim prometheus.yaml
- hosts: prometheus
remote_user: root
roles:
- prometheus
- hosts: lb
remote_user: root
roles:
- prometheus_web
- hosts: web
remote_user: root
roles:
- prometheus_web
- hosts: db
remote_user: root
roles:
- prometheus_db
编写backup的剧本文件
cd /ansible/roles/backup/tasks
vim install.yaml
# 安装rsync
- name: 01-Install Rsyncd Server
yum: name=rsync state=installed
vim conf_file.yaml
# rsync配置文件推送
- name: 02-Rsync Config
template: src=rsyncd.conf dest=/etc
# notify: restart rsync server # 如果rsyncd.conf配置文件发生变化,重启rsync服务
vim user_add.yaml
# 创建虚拟用户
- name: 03-Useradd
user: name=www create_home=no shell=/sbin/nologin
vim backup_dir.yaml
# 创建backup备份目录
- name: 04-Create backup_dir
file: dest=/backup state=directory owner=www group=www
- name: 05-Create backup_database_dir
file: dest=/backup/database state=directory owner=www group=www
- name: 06-Create backup_web_dir
file: dest=/backup/web state=directory owner=www group=www
vim passwd.yaml
# 创建密码文件
- name: 07-passwd
copy: content='lala:123' dest=/etc/rsybc.passed mode=600
vim start.yaml
# 启动rsync服务
- name: 08-start Rsyncd Server
service: name=rsyncd state=started enabled=yes
整合backup剧本文件
vim main.yaml
- include: install.yaml
- include: conf_file.yaml
- include: user_add.yaml
- include: backup_dir.yaml
- include: passwd.yaml
- include: start.yaml
负责接收notify信号文件
cd /ansible/roles/nfs/handlers
vim main.yml
# 负责接收notify的通知
- name: restart nfs server
service: name=nfs state=restarted
创建需要推送的配置文件rsyncd.conf
cd /ansible/roles/backup/templates
vim rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = lala
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#################################################################################
[web]
comment="前端代码的仓库"
path=/backup/web
[database]
comment="数据库备份"
path=/backup/database
[download]
comment="上传文件备份"
path=/backup/download
编写nfs剧本文件
cd /ansible/roles/nfs/tasks/
vim install.yaml
# 下载nfs服务
- name: install nfs rpc-bind
yum:
name: ["nfs-utils","rpcbind"]
state: installed
vim user_add.yaml
# 创建共享目录用户
- name: Create www User
user: name=www create_home=no shell=/sbin/nologin
vim conf_file.yaml
#推送配置文件
- name: Create nfs conf_file
template: src=exports dest=/etc/ owner=root
vim nfs_dir.yaml
#创建挂载目录并授权
- name: Create nfs_web Directory
file: path=/nfs/web state=directory owner=www group=www
- name: Create nfs_conf Directory
file: path=/nfs/conf state=directory owner=www group=www
- name: Create nfs_database Directory
file: path=/nfs/database state=directory owner=www group=www
- name: Create nfs_download Directory
file: path=/nfs/download state=directory owner=www group=www
- name: rm web file
shell: rm -rf /nfs/web/*
- name: scp test_file
unarchive: src=/ansible/ansible/test.zip dest=/nfs/web/
- name: chown NFS
shell: chown -R www.www /nfs/
vim start.yaml
# 启动nfs-server服务
- name: start NFS Server
service: name=nfs-server state=started enabled=yes
vim passwd.yaml
# 创建sersync密码文件
- name: Create NFS rsync_passwd
copy: content='123' dest=/etc/rsync.passed mode=600
vim sersync.yaml
# 推送sersync压缩包
- name: scp sersync file
unarchive: src=/ansible/ansible/sersync2.5.4_64bit_binary_stable_final.tar.gz dest=/usr/local/
# 推送sersync配置文件
- name: create sersync file
template: src=confxml.xml dest=/usr/local/GNU-Linux-x86/confxml.xml
# 启动sersync服务
- name: start sersync
shell: /usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml
整合nfs剧本文件
vim main.yml
- include: install.yaml
- include: user_add.yaml
- include: conf_file.yaml
- include: nfs_dir.yaml
- include: start.yaml
- include: passwd.yaml
- include: sersync.yaml
创建需要推送的配置文件和压缩包
mkdir -p /ansible/ansible
cd /ansible/ansible
rz -E sersync2.5.4_64bit_binary_stable_final.tar.gz
rz -E test.zip
cd /ansible/roles/nfs/templates
vim exports
/nfs/web 172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/conf 172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/database 172.16.1.0/20(rw,sync,all_squash,anonuid=1000,anongid=1000)
vim confxml.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*)\\.svn"></exclude>
<exclude expression="(.*)\\.gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
# 监控的动作,true就推送,false就不推送
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
# 监控的⽬录
<localpath watch="/mnt/data">
#rsync服务端IP #模块名字
<remote ip="172.16.1.41" name="nana"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
# rsync推送时的参数
<commonParams params="-az"/>
# rsync推送时认证 #认证的虚拟⽤户 #虚拟⽤户对应的密码⽂件
<auth start="true" users="lala" passwordfile="/etc/rsync.passwd"/>
# 如果rsync不使⽤默认的873端⼝,使⽤改参数指定
<userDefinedPort start="false" port="873"/><!-- port=874 -->
# 超时时间
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
# 错误⽇志保存路径
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
# 定时任务,设置多久进⾏⼀次全量备份
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*)\\.php"/>
<include expression="(.*)\\.sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
编写lb(负载均衡+keepalived高可用)剧本文件
cd /ansible/roles/lb/tasks
vim install.yaml
# yum安装epel源
- name: yum install epel
yum: name=epel-release state=installed
- name: yum repolist
shell: yum repolist
# 安装nginx
- name: install nginx
yum: name=nginx state=installed
# 安装keepalived
- name: install keepalived
yum: name=keepalived state=installed
vim user_add.yaml
# 创建用户组
- name: create www group
group: name=www gid=1000
# 创建用户
- name: create www user
user: name=www uid=1000 group=www
vim conf_file.yaml
# nginx配置文件推送
- name: scp nginx Config
template: src=nginx.conf dest=/etc/nginx/nginx.conf owner=www
# 负载均衡配置文件推送
- name: scp nginx Config
template: src=lb.conf dest=/etc/nginx/conf.d/lb.conf owner=www
# keepalive推送配置文件
- name: scp 01keepalived conf_file
template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf
- name: scp track_script
template: src=check_web.sh dest=/etc/keepalived/check_web.sh
- name: create crontab
cron: minute='*' job=/etc/keepalived/ name=check_web.sh disabled=yes
vim start.yaml
#启动nginx
- name: Start nginx Server
service: name=nginx state=started enabled=yes
#启动keepalived
- name: start keepalived
service: name=keepalived.service state=started enabled=yes
整合lb(负载均衡+keepalived)文件
vim main.yml
- include: install.yaml
- include: user_add.yaml
- include: conf_file.yaml
- include: start.yaml
创建需要推送的配置文件
cd /ansible/roles/lb/templates
vim lb.conf
upstream web {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 80;
server_name www.linux.com;
location / {
proxy_pass http://web;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
}
}
vim check_web.sh
#!/bin/bash
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl start nginx
sleep 3
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl stop keepalived.service
fi
fi
vim keepalived.conf
global_defs {
router_id lb01 # {{ ansible_hostname }}
}
# 设置自定化检测脚本
vrrp_script check_web {
script "/etc/keepalived/check_web.sh"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
nopreempt
advert_int 3
authentication {
auth_type PASS
auth_pass 1314
}
virtual_ipaddress {
172.16.1.3
}
# 调用脚本
track_script {
check_web
}
}
vim nginx.conf
user www;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
编写db剧本文件(mariadb+redis)
cd /ansible/db/tasks
vim epel_install.yaml
#安装epel源
- name: install epel repo
shell: "yum -y install epel-release"
vim install.yaml
#安装redis
- name: install redis
yum: name=redis state=installed
#安装mariadb
- name: install mariadb
yum: name=mariadb,mariadb-server state=installed
#安装nfs和rpcbind
- name: install nfs rpcbind
yum: name=nfs-utils,rpcbind state=installed
vim user_add.yaml
# 用户mysql系统创建
- name: Create mysql_system User
user: name=mysql group=mysql shell=/sbin/nologin system=yes
vim start.yaml
#启动redis服务
- name: Start redis Service
service: name=redis state=started
#启动mariadb服务
- name: Start mariadb Server
service: name=mariadb state=started enabled=yes
vim database.yaml
# 创建数据库管理员
- name: create mysql_admind user
shell: mysqladmin -uroot password '123'
# shell: mysql -uroot -p123 -e "grant all privileges on *.* to 'root'@'%' identified by '123' with grant option;"
- name: create database user
shell: mysql -uroot -p123 -e "grant all on *.* to lala@'%' identified by '123';"
# 刷新数据库中的用户表和用户权限
- name:
shell: mysql -uroot -p123 -e "flush privileges;"
#数据库用户创建
- name:
shell: mysql -uroot -p123 -e "create database lala;"
整合mariadb+redis
vim main.yml
- include: epel_install.yaml
- include: install.yaml
- include: user_add.yaml
- include: start.yaml
# - include: mount.yaml
- include: database.yaml
编写web集群剧本文件
cd /ansible/roles/web/tasks
vim remove_file.yaml
- name: rm nginx_php_nfs file
shell: find / -name "nginx*" -exec rm -rf {} \\; &>/dev/null
- name: rm php file
shell: find / -name "php*" -exec rm -rf {} \\; &>/dev/null
- name: rm nfs file
shell: find / -name "*nfs*" -exec rm -rf {} \\; &>/dev/null
vim repo.yaml
# yum安装epel源
- name: yum install epel
yum: name=epel-release state=installed
- name: yum repolist
shell: yum repolist
# 推送安装包
- name: scp php_rpm file
unarchive: src=/ansible/ansible/php.tar.gz dest=/opt owner=root
# php源推送
# - name: scp php.repo file
# copy: src=/ansible/ansible/php.repo dest=/etc/yum.repos.d/ owner=root force=yes
- name: yum makecache
shell: yum makecache
vim install.yaml
#安装nfs和rpcbind
- name: install nfs rpcbind
yum: name=nfs-utils,rpcbind state=installed
#安装nginx
- name: install nginx
yum: name=nginx state=installed
#安装php
- name: install php-fpm
shell: yum localinstall -y /opt/*rpm
#- name: install php-fpm
# shell: yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71wxml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71wpecl-redis php71w-pecl-mongodb
#启动nfs-server
- name: Start nfs Server
shell: systemctl restart nfs rpcbind
vim user_add.yaml
#创建用户组
- name: create www group
group: name=www gid=1000
#创建用户
- name: create www user
user: name=www uid=1000 group=www
vim mount.yaml
#创建挂载目录
- name: Create code Directory
file: path=/code state=directory owner=www group=www
#使用nfs挂载web
- name: Mount NFS Server
mount: src=172.16.1.31:/nfs/web path=/code fstype=nfs state=mounted
#使用nfs挂载conf
- name: Mount conf_file NFS Server
mount: src=172.16.1.31:/nfs/conf path=/etc/nginx/conf.d/ fstype=nfs state=mounted
vim conf_file.yaml
#nginx配置文件推送
- name: scp nginx_conf file
template: src=nginx.conf dest=/etc/nginx/nginx.conf owner=root
- name: scp ansible_conf file
copy: src=/ansible/ansible/ansible.conf dest=/etc/nginx/conf.d/ansible.conf owner=www force=yes
#php配置文件推送
- name: scp php_conf file
copy: src=/ansible/ansible/www.conf dest=/etc/php-fpm.d/www.conf owner=root force=yes
vim start.yaml
#启动nginx
- name: Start nginx Server
service: name=nginx state=started enabled=yes
#启动php-server
- name: Start php Server
service: name=php-fpm.service state=started enabled=yes
整合web剧本文件
vim main.yml
# - include: remove_file.yaml
- include: repo.yaml
- include: install.yaml
- include: user_add.yaml
- include: mount.yaml
- include: conf_file.yaml
- include: start.yaml
创建需要推送的配置文件和压缩包
cd /ansible/ansible
rz -E php.tar.gz
vim php.repo
[php-web]
name = php
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
enabled=1
gpgcheck = 0
nginx服务配置文件
vim ansible.conf
server {
listen 80;
server_name localhost;
root /code;
index index.html index.php;
location ~* \\.php$ {
root /code;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
php服务配置文件
vim www.conf
; Start a new pool named 'www'.
[www]
...
user = www
; RPM: Keep a group allowed to write in log dir.
group = www
...
cd /ansible/roles/web/t以上是关于ansible剧本 一键执行负载均衡+Keepalived+web集群+mysql+redis+NFS+Rsync数据同步+Prometheus+Grafana监控数控库和web集群的主要内容,如果未能解决你的问题,请参考以下文章
如何控制Ansible Playbook的执行顺序运行选定的剧本资源