Ansible一键搭建LNMP架构
- 准备最小化安装的CentOS7.6模板机,添加一块网卡
- 基本优化
PS D:\> scp centos7.sh root@10.0.0.200:~
[root@m01 oldboyedu-lnb]# sh centos7.sh
- 克隆集群,修改IP和主机名,拍摄快照
# 修改主机名
hostnamectl set-hostname lb01
# 修改IP地址
sed -i 's#200#5#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
# 重启服务器
reboot
m01创建本地yum仓库
[root@m01 ~]# sh YumRepoServer.sh
- m01安装ansible
[root@m01 ~]# yum install -y ansible
- 准备所需资源(配置文件,密码文件,安装包,...)
[root@m01 ~]# mkdir /etc/ansible/templates
[root@m01 ~]# wget -O /etc/ansible/templates/sersync2.5.4_64bit_binary_stable_final.tar.gz https://raw.githubusercontent.com/wsgzao/sersync/master/sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@m01 ~]# cd /etc/ansible/templates && tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz && mv GNU-Linux-x86 sersync && tar zcf sersync2.5.4.tar.gz sersync && cd
[root@m01 ~]# wget -O /etc/ansible/templates/phpMyAdmin-4.8.4-all-languages.zip https://files.phpmyadmin.net/phpMyAdmin/4.8.4/phpMyAdmin-4.8.4-all-languages.zip
[root@m01 ~]# wget -O /etc/ansible/templates/jpress.war https://gitee.com/JPressProjects/jpress/attach_files/489100/download/starter-tomcat-3.0.war
[root@m01 ~]# cd /etc/ansible/templates && unzip -d jpress jpress.war && tar zcf jpress.tar.gz jpress
[root@m01 ~]# ll /etc/ansible/templates/
redis.j2
mysql-all.sql
php.ini.j2
wp-config.php.j2
config.inc.php.j2
YumRepoClient.sh
WeCenter_3-6-0.tar.gz
phpMyAdmin-4.8.4-all-languages.zip
wordpress-5.4.2-zh_CN.tar.gz
backupconf.xml.j2
sersync2.5.4.tar.gz
phpMyAdmin-4.8.4-all-languages.zip
wordpress-5.4.2-zh_CN.tar.gz
jpress.tar.gz
tomcat-server.xml.j2
tomcat.service.j2
- m01配置密钥登录
# 创建密钥对
[root@m01 ~]# ssh-keygen
# 禁用验证
[root@m01 ~]# sed -i '/#host_key_checking = False/a host_key_checking = False' /etc/ansible/ansible.cfg
- 配置主机清单,验证
[root@m01 ~]# cat > /etc/ansible/hosts <<EOF
[lb_group]
lb01 ansible_ssh_host=172.16.1.5
lb02 ansible_ssh_host=172.16.1.6
[web_group]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
[tomcat_group]
web03 ansible_ssh_host=172.16.1.9
[nfs_group]
nfs ansible_ssh_host=172.16.1.31
[backup_group]
backup ansible_ssh_host=172.16.1.41
[db_group]
db01 ansible_ssh_host=172.16.1.51
[m_group]
m01 ansible_ssh_host=172.16.1.61
[nginx_server:children]
web_group
lb_group
[nfs_server:children]
nfs_group
backup_group
[yum_client:children]
lb_group
web_group
nfs_group
backup_group
db_group
tomcat_group
EOF
[root@m01 ~]# ansible all -m ping
- 规划目录结构
[root@m01 ~]# mkdir /etc/ansible/group_vars
[root@m01 ~]# cd /etc/ansible/roles
[root@m01 roles]# ansible-galaxy init lnmp
[root@m01 roles]# ansible-galaxy init yum_client
[root@m01 roles]# ansible-galaxy init rsync_server
[root@m01 roles]# ansible-galaxy init rsync_client
[root@m01 roles]# ansible-galaxy init nfs_server
[root@m01 roles]# ansible-galaxy init nfs_client
[root@m01 roles]# ansible-galaxy init nginx
[root@m01 roles]# ansible-galaxy init php
[root@m01 roles]# ansible-galaxy init slb
[root@m01 roles]# ansible-galaxy init keepalived
[root@m01 roles]# ansible-galaxy init database
[root@m01 roles]# ansible-galaxy init wordpress
[root@m01 roles]# ansible-galaxy init phpmyadmin
[root@m01 roles]# ansible-galaxy init wecenter
[root@m01 roles]# ansible-galaxy init https
[root@m01 roles]# ansible-galaxy init ntp
[root@m01 roles]# ansible-galaxy init jpress
lnmp
- 创建lnmp角色tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/main.yml << EOF
- import_tasks: mkdir_ssh.yml
- import_tasks: ssh_key.yml
- import_tasks: group.yml
- import_tasks: user.yml
- import_tasks: mkdir_scripts.yml
- import_tasks: rc_local_openvpn.yml
EOF
# 创建公钥存放目录
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/mkdir_ssh.yml << EOF
- name: "Create SSH Key Directory"
file:
path: /root/.ssh
state: directory
EOF
# 推送公钥到所有主机
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/ssh_key.yml << EOF
- name: "Scp SSH Key"
copy:
src: /root/.ssh/id_rsa.pub
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: '0600'
EOF
# 创建www组
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/group.yml << EOF
- name: "Create www Group"
group:
name: www
gid: '666'
EOF
# 创建www用户
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/user.yml << EOF
- name: "Create www User"
user:
name: www
group: www
uid: '666'
create_home: false
shell: /sbin/nologin
EOF
# 创建脚本存放目录
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/mkdir_scripts.yml << EOF
- name: "Create Scripts Directory"
file:
path: /server/scripts
state: directory
mode: '0755'
owner: root
group: root
recurse: yes
EOF
# 推送openvpn开机自启文件
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/tasks/rc_local_openvpn.yml <<EOF
- name: "Scp OpenVPN rc.local"
copy:
src: rc.local.openvpn
dest: /etc/rc.d/rc.local
owner: root
group: root
mode: '755'
notify: "Execute rc local"
when:
- ansible_fqdn != 'nfs'
- ansible_fqdn != 'm01'
EOF
- 创建lnmp角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/handlers/main.yml <<EOF
- name: "Execute rc local"
shell:
cmd: . /etc/rc.d/rc.local
ignore_errors: yes
EOF
- 创建lnmp角色的files资源
[root@m01 roles]# cat > /etc/ansible/roles/lnmp/files/rc.local.openvpn <<EOF
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
ip route add 10.8.0.0/24 via 172.16.1.61
EOF
- 创建lnmp角色的角色执行文件lnmp.yml
[root@m01 roles]# cat > /etc/ansible/roles/lnmp.yml <<EOF
- hosts: all
remote_user: root
roles:
- lnmp
EOF
yum_client
- 创建yum_client角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/yum_client/tasks/main.yml << EOF
- import_tasks: archive_repository.yml
- import_tasks: remove_repository.yml
- import_tasks: create_repository.yml
- import_tasks: create_local_repository.yml
EOF
# 备份yum源
[root@m01 roles]# cat > /etc/ansible/roles/yum_client/tasks/archive_repository.yml << EOF
- name: "Archive Yum Repository"
archive:
path:
- /etc/yum.repos.d/*
dest: /etc/yum.repos.d.tar.gz
format: gz
force_archive: true
EOF
# 移除yum源目录
[root@m01 roles]# cat > /etc/ansible/roles/yum_client/tasks/remove_repository.yml << EOF
- name: "Remove Yum Repository "
file:
path: /etc/yum.repos.d
state: absent
EOF
# 创建yum源目录
[root@m01 roles]# cat > /etc/ansible/roles/yum_client/tasks/create_repository.yml << EOF
- name: "Create Yum Repository directory"
file:
path: /etc/yum.repos.d
state: directory
EOF
# 创建本地源
[root@m01 roles]# cat > /etc/ansible/roles/yum_client/tasks/create_local_repository.yml << EOF
- name: "Create Local Repository"
yum_repository:
name: local_sync
description: CentOS-\$releasever - local_sync
baseurl: ftp://172.16.1.61
gpgcheck: no
enabled: yes
EOF
- 创建yum_client角色的角色执行文件yum_client.yml
[root@m01 roles]# cat > /etc/ansible/roles/yum_client.yml <<EOF
- hosts: yum_client
remote_user: root
roles:
- yum_client
EOF
rsync_server
- 创建rsync_server角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/main.yml << EOF
- import_tasks: install.yml
- import_tasks: config.yml
- import_tasks: passwd.yml
- import_tasks: mkdir.yml
- import_tasks: start.yml
- import_tasks: mail_config.yml
- import_tasks: push_scripts.yml
- import_tasks: crontab.yml
EOF
# 安装rsync
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/install.yml << EOF
- name: "Install Rsyncd Server"
yum:
name: rsync
state: present
EOF
# 推送rsync配置文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/config.yml << EOF
- name: "Scp Rsync Config"
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
owner: root
group: root
mode: '0644'
notify:
- Restarted Rsync Server
EOF
# 推送rsync用户密码文件并授权
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/passwd.yml << EOF
- name: "Scp Passwd File"
template:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
owner: root
group: root
mode: '0600'
EOF
# 创建/backup目录
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/mkdir.yml << EOF
- name: "Create backup Directory"
file:
path: /backup
state: directory
mode: '0755'
owner: www
group: www
recurse: yes
EOF
# 启动rsync服务并加入开机启动
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/start.yml << EOF
- name: "Start Rsyncd Server"
systemd:
name: rsyncd
state: started
daemon_reload: yes
enabled: yes
EOF
# 推送mail配置文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/mail_config.yml << EOF
- name: "Scp Mail Config"
template:
src: mail.rc.j2
dest: /etc/mail.rc
EOF
# 推送服务端脚本
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/push_scripts.yml << EOF
- name: "Scp Rsync Server Scripts"
template:
src: check_backup.sh.j2
dest: /server/scripts/check_backup.sh
owner: root
group: root
mode: 0644
EOF
# 加入crontab
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/tasks/crontab.yml << EOF
- name: "Crontab Rsync Check"
cron:
name: "Rsync Check"
minute: "00"
hour: "05"
job: "/bin/bash /server/scripts/client_rsync_backup.sh &>/dev/null"
EOF
- 创建rsync_server角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/handlers/main.yml <<EOF
- name: Restarted Rsync Server
service:
name: rsyncd
state: restarted
EOF
- 创建rsync_server角色的templates资源
# 准备rsync配置文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/templates/rsyncd.conf.j2 <<EOF
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
[data]
comment = Real time synchronization
path = /data
EOF
# 准备rsync用户密码文件
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/templates/rsync.passwd.j2 <<EOF
rsync_backup:123456
EOF
# 准备邮件配置文件
[root@m01 roles]# cp /etc/ansible/templates/mail.rc.j2 /etc/ansible/roles/rsync_server/templates/
# 准备服务端校验、以及邮件通知脚本
[root@m01 roles]# vi /etc/ansible/roles/rsync_server/templates/check_backup.sh.j2
#!/usr/bin/bash
# 1.定义全局的变量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
# 2.定义局部变量
Path=/backup
Date=$(date +%F)
# 3.查看flag文件,并对该文件进行校验, 然后将校验的结果保存至result_时间
find $Path/ -type f -name "flag_$Date"|xargs md5sum -c >$Path/result_${Date}
# 4.将校验的结果发送邮件给管理员
mailx -s "Rsync Backup $Date" 496857686@qq.com <$Path/result_${Date}
# 5.删除超过7天的校验结果文件, 删除超过180天的备份数据文件
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf
- 创建rsync_server角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建rsync_server角色的角色执行文件rsync_server.yml
[root@m01 roles]# cat > /etc/ansible/roles/rsync_server.yml <<EOF
- hosts: backup_group
remote_user: root
roles:
- rsync_server
EOF
rsync_client
- 创建rsync_client角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: scripts.yml
- import_tasks: crontab.yml
EOF
# 安装rsync
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client/tasks/install.yml << EOF
- name: "Install Rsyncd Server"
yum:
name: rsync
state: present
EOF
# 推送客户端脚本
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client/tasks/scripts.yml << EOF
- name: "Scp Rsync Client Scripts"
template:
src: client_rsync_backup.sh.j2
dest: /server/scripts/client_rsync_backup.sh
owner: root
group: root
mode: 0644
EOF
# 加入crontab
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client/tasks/crontab.yml << EOF
- name: "Crontab Rsync Backup"
cron:
name: "Rsync Backup"
minute: "00"
hour: "01"
job: "/bin/bash /server/scripts/client_rsync_backup.sh &>/dev/null"
EOF
- 创建rsync_client角色的templates资源
# 准备客户端脚本
[root@m01 roles]# vi /etc/ansible/roles/rsync_client/templates/client_rsync_backup.sh.j2
#!/usr/bin/bash
# 1.定义变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
Host=$(hostname)
Addr=$(ifconfig eth1|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup
# 2.创建备份目录
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest
# 3.备份对应的文件
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz var/log/messages var/log/secure && \
# 4.携带md5验证信息
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_$Date
# 5.推送本地数据至备份服务器
export RSYNC_PASSWORD=123456
rsync -avz $Path/ rsync_backup@172.16.1.41::backup
# 6.本地保留最近7天的数据
find $Path/ -type d -mtime +7 | xargs rm -rf
- 创建rsync_client角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建rsync_client角色的角色执行文件rsync_client.yml
[root@m01 roles]# cat > /etc/ansible/roles/rsync_client.yml <<EOF
- hosts: all
remote_user: root
roles:
- rsync_client
EOF
nfs_server
- 创建nfs_server角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: config.yml
- import_tasks: mkdir.yml
- import_tasks: start_rpcbind.yml
- import_tasks: start_nfs.yml
- import_tasks: config_rsync_password.yml
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: sersync_config.yml
- import_tasks: rc_local_nfs.yml
- import_tasks: execute.yml
EOF
# 安装nfs
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/install.yml <<EOF
- name: "Install NFS Server"
yum:
name:
- nfs-utils
- rpcbind
- inotify-tools
state: present
EOF
# 推送nfs配置文件
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/config.yml <<EOF
- name: "Scp NFS Config"
template:
src: exports.j2
dest: /etc/exports
owner: root
group: root
mode: '644'
notify: "Reloaded NFS Server"
EOF
# 创建nfs共享目录
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/mkdir.yml <<EOF
- name: "Create NFS Directory"
file:
path: /data
owner: www
group: www
state: directory
recurse: yes
EOF
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/start_rpcbind.yml <<EOF
- name: "Start Rpcbind Server"
systemd:
name: rpcbind
state: started
daemon_reload: yes
enabled: yes
EOF
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/start_nfs.yml <<EOF
- name: "Start NFS Server"
systemd:
name: nfs
state: started
daemon_reload: yes
enabled: yes
EOF
# 推送rsync密码文件
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/config_rsync_password.yml <<EOF
- name: "Scp Rsync Password"
copy:
src: rsync.password
dest: /etc/rsync.password
owner: root
group: root
mode: '600'
when: ansible_fqdn is match 'nfs*'
EOF
# 推送sersync安装包
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/download.yml <<EOF
- name: "Download Sersync"
copy:
src: sersync2.5.4.tar.gz
dest: /usr/local
when: ansible_fqdn is match 'nfs*'
EOF
# 解压sersync安装包
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/decompress.yml <<EOF
- name: "Decompress Sersync"
unarchive:
src: /usr/local/sersync2.5.4.tar.gz
dest: /usr/local
remote_src: yes
when: ansible_fqdn is match 'nfs*'
EOF
# 推送sersync配置文件
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/sersync_config.yml <<EOF
- name: "Scp Sersync Config"
template:
src: backupconf.xml.j2
dest: /usr/local/sersync/backupconf.xml
owner: root
group: root
mode: '644'
when: ansible_fqdn is match 'nfs*'
EOF
# 推送sersync开机自启文件
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/rc_local_nfs.yml <<EOF
- name: "Scp Sersync rc.local"
copy:
src: rc.local.nfs
dest: /etc/rc.d/rc.local
owner: root
group: root
mode: '755'
when: ansible_fqdn is match 'nfs*'
EOF
# 执行开机自启文件
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/tasks/execute.yml <<EOF
- name: "Execute rc.local"
shell:
cmd: . /etc/rc.d/rc.local
when: ansible_fqdn is match 'nfs*'
ignore_errors: yes
EOF
- 创建nfs_server角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/handlers/main.yml <<EOF
- name: "Reloaded NFS Server"
systemd:
name: nfs
state: reloaded
EOF
- 创建nfs_server角色的templates资源
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/templates/exports.j2 <<EOF
{{ nfs_dir }} 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
EOF
[root@m01 roles]# mv /etc/ansible/templates/backupconf.xml.j2 /etc/ansible/roles/nfs_server/templates/
- 创建nfs_server角色的files资源
[root@m01 roles]# echo "123456" > /etc/ansible/roles/nfs_server/files/rsync.password
[root@m01 roles]# mv /etc/ansible/templates/sersync2.5.4.tar.gz /etc/ansible/roles/nfs_server/files/
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/files/rc.local.nfs <<EOF
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
/usr/local/sersync/sersync2 -dro /usr/local/sersync/backupconf.xml
ip route add 10.8.0.0/24 via 172.16.1.61
EOF
- 创建nfs_server角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: rsync_client }
EOF
- 创建nfs_server角色的角色执行文件nfs_server.yml
[root@m01 roles]# cat > /etc/ansible/roles/nfs_server.yml <<EOF
- hosts: nfs_server
remote_user: root
roles:
- nfs_server
EOF
nfs_client
- 创建nfs_client角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/nfs_client/tasks/main.yml <<EOF
- name: "Mount NFS Server"
mount:
src: 172.16.1.31:{{ nfs_dir }}
path: /code/wordpress/wp-content/uploads/
fstype: nfs
opts: defaults
state: mounted
EOF
- 创建nfs_client角色的var变量
[root@m01 roles]# cat >> /etc/ansible/group_vars/all <<EOF
# NFS 服务端目录
nfs_dir: /data
EOF
- 创建nfs_client角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/nfs_client/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: wordpress }
EOF
- 创建nfs_client角色的角色执行文件nfs_client.yml
[root@m01 roles]# cat > /etc/ansible/roles/nfs_client.yml <<EOF
- hosts: web_group
remote_user: root
roles:
- nfs_client
EOF
nginx
- 创建nginx角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/nginx/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: mkdir.yml
- import_tasks: config.yml
- import_tasks: start.yml
EOF
# 安装nginx
[root@m01 roles]# cat > /etc/ansible/roles/nginx/tasks/install.yml << EOF
- name: "Install Nginx Server"
yum:
name: nginx
state: present
EOF
# 创建站点目录
[root@m01 roles]# cat > /etc/ansible/roles/nginx/tasks/mkdir.yml <<EOF
- name: "Create code Directory"
file:
path: /code
state: directory
owner: www
group: www
EOF
# 推送nginx配置文件
[root@m01 roles]# cat > /etc/ansible/roles/nginx/tasks/config.yml << EOF
- name: "Scp Nginx Config"
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
group: root
mode: '644'
notify: "Reloaded Nginx Server"
EOF
# 启动nginx
[root@m01 roles]# cat > /etc/ansible/roles/nginx/tasks/start.yml <<EOF
- name: "Start Nginx Server"
systemd:
name: nginx
state: started
daemon_reload: yes
enabled: yes
EOF
- 创建nginx角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/nginx/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建nginx角色的templates资源
[root@m01 roles]# mv /etc/ansible/templates/nginx.conf.j2 /etc/ansible/roles/nginx/templates/
[root@m01 roles]# vi /etc/ansible/roles/nginx/templates/nginx.conf.j2
user www;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
- 创建nginx角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/nginx/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: yum_client }
EOF
- 创建nginx角色的角色执行文件nginx.yml
[root@m01 roles]# cat > /etc/ansible/roles/nginx.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- nginx
EOF
php
- 创建php角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/php/tasks/main.yml << EOF
- import_tasks: install.yml
- import_tasks: php_config.yml
- import_tasks: php-fpm.d_config.yml
- import_tasks: start.yml
EOF
# 安装php
[root@m01 roles]# cat > /etc/ansible/roles/php/tasks/install.yml << EOF
- name: "Install PHP Server"
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: php72w }
- { name: php72w-cli }
- { name: php72w-common }
- { name: php72w-devel }
- { name: php72w-embedded }
- { name: php72w-gd }
- { name: php72w-mbstring }
- { name: php72w-pdo }
- { name: php72w-xml }
- { name: php72w-fpm }
- { name: php72w-mysqlnd }
- { name: php72w-opcache }
- { name: php72w-pecl-memcached }
- { name: php72w-pecl-redis }
- { name: php72w-pecl-mongodb }
EOF
[root@m01 roles]# cat > /etc/ansible/roles/php/tasks/php_config.yml << EOF
- name: "Scp PHP Config"
template:
src: php.ini.j2
dest: /etc/php.ini
notify: Reloaded PHP-fpm Server
EOF
[root@m01 roles]# cat > /etc/ansible/roles/php/tasks/php-fpm.d_config.yml << EOF
- name: "Scp PHP-fpm.d Config"
copy:
src: www.conf.j2
dest: /etc/php-fpm.d/www.conf
notify: Reloaded PHP-fpm Server
EOF
[root@m01 roles]# cat > /etc/ansible/roles/php/tasks/start.yml << EOF
- name: "Start PHP Server"
systemd:
name: php-fpm
daemon_reload: yes
state: started
enabled: yes
EOF
- 创建php角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/php/handlers/main.yml << EOF
- name: Reloaded PHP-fpm Server
systemd:
name: php-fpm
state: reloaded
EOF
- 创建php角色的templates资源
[root@m01 roles]# mv /etc/ansible/templates/php.ini.j2 /etc/ansible/roles/php/templates/
- 创建php角色的files资源
[root@m01 roles]# mv /etc/ansible/templates/www.conf.j2 /etc/ansible/roles/php/files/
- 创建php角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/php/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: yum_client }
EOF
- 创建php角色的角色执行文件php.yml
[root@m01 roles]# cat > /etc/ansible/roles/php.yml <<EOF
- hosts: web_group
remote_user: root
roles:
- php
EOF
slb
- 创建slb角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/slb/tasks/main.yml <<EOF
- import_tasks: config_proxy.yml
- import_tasks: config_proxy_params.yml
EOF
# 推送proxy配置文件
[root@m01 roles]# cat > /etc/ansible/roles/slb/tasks/config_proxy.yml <<EOF
- name: "Scp slb Config"
template:
src: proxy.j2
dest: /etc/nginx/conf.d/proxy.conf
notify: "Reloaded Nginx Server"
EOF
# 推送proxy_params配置文件
[root@m01 roles]# cat > /etc/ansible/roles/slb/tasks/config_proxy_params.yml <<EOF
- name: "Scp proxy_params Config"
copy:
src: proxy_params
dest: /etc/nginx/proxy_params
EOF
- 创建slb角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/slb/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建slb角色的templates资源
[root@m01 roles]# cat > /etc/ansible/roles/slb/templates/proxy.j2 <<EOF
upstream webs {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name _;
location / {
proxy_pass http://webs;
include proxy_params;
}
}
EOF
- 创建slb角色的files资源
[root@m01 roles]# cat > /etc/ansible/roles/slb/files/proxy_params <<EOF
proxy_http_version 1.1;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
EOF
- 创建slb角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/slb/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
EOF
- 创建slb角色的角色执行文件slb.yml
[root@m01 roles]# cat > /etc/ansible/roles/slb.yml <<EOF
- hosts: lb_group
remote_user: root
roles:
- slb
EOF
keepalived
- 创建keepalived角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: config.yml
- import_tasks: start.yml
EOF
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/tasks/install.yml <<EOF
- name: "Install Keepalived Server"
yum:
name: keepalived
state: present
EOF
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/tasks/config.yml <<EOF
- name: "Scp Keepalive Config"
template:
src: keepalived.j2
dest: /etc/keepalived/keepalived.conf
notify: "Reloaded Keepalived Server"
EOF
# 推送脚本
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/tasks/scripts.yml << EOF
- name: "Scp Rsync Scripts"
file:
src: check_web.sh
dest: /server/scripts/check_web.sh
owner: root
group: root
mode: 0644
EOF
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/tasks/start.yml <<EOF
- name: "Start Keepalived"
systemd:
name: keepalived
state: restarted
EOF
- 创建keepalived角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/handlers/main.yml <<EOF
- name: "Reloaded Keepalived Server"
service:
name: keepalived
state: reloaded
EOF
- 创建keepalived角色的templates资源
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/templates/keepalived.j2 <<EOF
global_defs {
router_id {{ ansible_fqdn }}
}
# 每5秒执行一次脚本,脚本执行内容不能超过5秒,否则会中断再次重新执行脚本
vrrp_script check_web {
script "/server/scripts/check_web.sh"
interval 5
}
vrrp_instance VI_1 {
{% if ansible_fqdn == "lb01" %}
state MASTER
priority 150
{% else %}
state BACKUP
priority 100
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{{ VIP }}
}
# 调用并运行脚本
track_script {
check_web
}
}
EOF
- 创建keepalived角色的files资源
[root@m01 roles]# vi /etc/ansible/roles/keepalived/templates/check_web.sh
#!/bin/sh
nginxpid=$(ps -C nginx --no-header|wc -l)
# 1.判断Nginx是否存活,如果不存活则尝试启动Nginx
if [ $nginxpid -eq 0 ];then
systemctl start nginx
sleep 3
# 2.等待3秒后再次获取Nginx状态
nginxpid=$(ps -C nginx --no-header|wc -l)
# 3.再次进行判断, 如Nginx还不存活则停止Keepalived,让地址进行漂移,并退出脚本
if [ $nginxpid -eq 0 ];then
systemctl stop keepalived
fi
fi
- 创建keepalived角色的var变量
[root@m01 roles]# cat >> /etc/ansible/group_vars/all <<EOF
VIP: 10.0.0.3
EOF
- 创建keepalived角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/keepalived/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
EOF
- 创建keepalived角色的角色执行文件keepalived.yml
[root@m01 roles]# cat > /etc/ansible/roles/keepalived.yml <<EOF
- hosts: lb_group
remote_user: root
roles:
- keepalived
EOF
database
- 创建database角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/main.yml << EOF
- import_tasks: install.yml
- import_tasks: start.yml
- import_tasks: redis_config.yml
- import_tasks: mariadb_sql.yml
- import_tasks: mariadb_config_password.yml
- import_tasks: create_database_user.yml
- import_tasks: import.yml
EOF
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/install.yml << EOF
- name: Install Mariadb Redis Server
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: mariadb-server }
- { name: redis }
- { name: MySQL-python }
EOF
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/start.yml << EOF
- name: Start Mariadb Redis Server
systemd:
name: "{{ item.name }}"
state: started
enabled: yes
with_items:
- { name: mariadb }
- { name: redis }
EOF
# 推送redis配置文件
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/redis_config.yml << EOF
- name: "Scp Redis Config"
template:
src: redis.j2
dest: /etc/redis.conf
notify: "Restarted Redis Server"
EOF
# 推送mariadb数据库文件
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/mariadb_sql.yml << EOF
- name: "Scp Mariadb Sql"
copy:
src: mysql-all.sql
dest: /tmp/mysql-all.sql
EOF
# 配置数据库密码
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/mariadb_config_password.yml << EOF
- name: "Create Database Password"
mysql_user:
name: root
password: '123'
ignore_errors: yes
EOF
# 创建wordpress数据库用户
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/create_database_user.yml << EOF
- name: "Create Database User root"
mysql_user:
name: root
host: "172.16.1.%"
password: '123'
priv: "*.*:ALL"
state: present
login_user: root
login_password: '123'
ignore_errors: yes
EOF
# 导入mariadb数据库
[root@m01 roles]# cat > /etc/ansible/roles/database/tasks/import.yml << EOF
- name: "Import MariaDB Database"
mysql_db:
name: my_db
state: import
target: /tmp/mysql-all.sql
login_user: root
login_password: '123'
EOF
- 创建database角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/database/handlers/main.yml <<EOF
- name: "Restarted Redis Server"
systemd:
name: redis
state: restarted
- name: "Restarted MariaDB Server"
systemd:
name: mariadb
state: restarted
EOF
- 创建database角色的templates资源
[root@m01 roles]# cp /etc/ansible/templates/redis.j2 /etc/ansible/roles/database/templates/
- 创建database角色的files资源
[root@m01 roles]# cp /etc/ansible/templates/mysql-all.sql /etc/ansible/roles/database/files/
- 创建database角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/database/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建database角色的角色执行文件database.yml
[root@m01 roles]# cat > /etc/ansible/roles/database.yml <<EOF
- hosts: db_group
remote_user: root
roles:
- database
EOF
wordpress
- 创建wordpress角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/main.yml <<EOF
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: config_nginx.yml
- import_tasks: config_wordpress.yml
- import_tasks: config_proxy.yml
EOF
# 推送wordpress安装包
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/download.yml <<EOF
- name: "Download Wordpress"
copy:
src: wordpress-5.4.2-zh_CN.tar.gz
dest: /code/wordpress-5.4.2-zh_CN.tar.gz
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 解压wordpress安装包
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/decompress.yml <<EOF
- name: "Decompress Wordpress"
unarchive:
src: /code/wordpress-5.4.2-zh_CN.tar.gz
dest: /code
owner: www
group: www
remote_src: yes
when: ansible_fqdn is match 'web*'
EOF
# 推送nginx配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/config_nginx.yml <<EOF
- name: "Scp Wordpress Nginx Config"
template:
src: wordpress.conf
dest: /etc/nginx/conf.d/
when: ansible_fqdn is match 'web*'
notify: "Reloaded Nginx Server"
EOF
# 推送wordpress配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/config_wordpress.yml << EOF
- name: "Scp Wordpress Config"
template:
src: wp-config.php.j2
dest: /code/wordpress/wp-config.php
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 推送proxy配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/tasks/config_proxy.yml <<EOF
- name: "Scp Wordpress slb Config"
template:
src: proxy_wordpress.j2
dest: /etc/nginx/conf.d/proxy_wordpress.conf
when: ansible_fqdn is match 'lb*'
notify: "Reloaded Nginx Server"
EOF
- 创建wordpress角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建wordpress角色的templates资源
[root@m01 roles]# cp /etc/ansible/templates/wp-config.php.j2 /etc/ansible/roles/wordpress/templates/
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/templates/proxy_wordpress.j2 <<EOF
upstream blog {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name blog.oldboy.com;
location / {
proxy_pass http://blog;
include proxy_params;
}
}
EOF
[root@m01 roles]# vi /etc/ansible/roles/wordpress/templates/wordpress.conf
server {
listen 80;
server_name blog.oldboy.com;
root /code/wordpress;
index index.php index.html;
client_max_body_size 100m;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
- 创建wordpress角色的files资源
[root@m01 roles]# mv /etc/ansible/templates/wordpress-5.4.2-zh_CN.tar.gz /etc/ansible/roles/wordpress/files/
- 创建wordpress角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/wordpress/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
- { role: php }
EOF
- 创建wordpress角色的角色执行文件wordpress.yml
[root@m01 roles]# cat > /etc/ansible/roles/wordpress.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- wordpress
EOF
phpmyadmin
- 创建phpmyadmin角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/main.yml <<EOF
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: config_nginx.yml
- import_tasks: config_phpmyadmin.yml
- import_tasks: config_proxy.yml
EOF
# 推送phpmyadmin安装包
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/download.yml <<EOF
- name: "Download Phpmyadmin"
copy:
src: phpMyAdmin-4.8.4-all-languages.zip
dest: /code/phpMyAdmin-4.8.4-all-languages.zip
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 解压phpmyadmin安装包
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/decompress.yml <<EOF
- name: "Decompress Phpmyadmin"
unarchive:
src: /code/phpMyAdmin-4.8.4-all-languages.zip
dest: /code
owner: www
group: www
remote_src: yes
when: ansible_fqdn is match 'web*'
EOF
# 推送nginx配置文件
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/config_nginx.yml <<EOF
- name: "Scp Phpmyadmin Nginx Config"
copy:
src: phpmyadmin.conf
dest: /etc/nginx/conf.d/
when: ansible_fqdn is match 'web*'
notify: "Reloaded Nginx Server"
EOF
# 推送phpmyadmin配置文件
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/config_phpmyadmin.yml <<EOF
- name: "Scp Phpmyadmin Scp"
template:
src: config.inc.php.j2
dest: /code/phpMyAdmin-4.8.4-all-languages/config.inc.php
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 推送proxy配置文件
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/tasks/config_proxy.yml <<EOF
- name: "Scp Phpmyadmin slb"
template:
src: proxy_php.j2
dest: /etc/nginx/conf.d/proxy_php.conf
when: ansible_fqdn is match 'lb*'
notify: "Reloaded Nginx Server"
EOF
- 创建phpmyadmin角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建phpmyadmin角色的templates资源
[root@m01 roles]# mv /etc/ansible/templates/config.inc.php.j2 /etc/ansible/roles/phpmyadmin/templates/
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/templates/proxy_php.j2 << EOF
upstream php {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name php.oldboy.com;
location / {
proxy_pass http://php;
include proxy_params;
}
}
EOF
- 创建phpmyadmin角色的files资源
[root@m01 roles]# mv /etc/ansible/templates/phpMyAdmin-4.8.4-all-languages.zip /etc/ansible/roles/phpmyadmin/files/
[root@m01 roles]# vi /etc/ansible/roles/phpmyadmin/files/phpmyadmin.conf
server {
listen 80;
server_name php.oldboy.com;
root /code/phpMyAdmin-4.8.4-all-languages;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
- 创建phpmyadmin角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
- { role: php }
EOF
- 创建phpmyadmin角色的角色执行文件phpmyadmin.yml
[root@m01 roles]# cat > /etc/ansible/roles/phpmyadmin.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- phpmyadmin
EOF
wecenter
- 创建wecenter角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/main.yml <<EOF
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: config_nginx.yml
- import_tasks: config_wecenter.yml
- import_tasks: config_proxy.yml
EOF
# 推送wecenter安装包
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/download.yml <<EOF
- name: "Download Wecenter"
copy:
src: WeCenter_3-6-0.tar.gz
dest: /code/WeCenter_3-6-0.tar.gz
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 解压wecenter安装包
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/decompress.yml <<EOF
- name: "Decompress Wecenter"
unarchive:
src: /code/WeCenter_3-6-0.tar.gz
dest: /code
owner: www
group: www
remote_src: yes
when: ansible_fqdn is match 'web*'
EOF
# 推送nginx配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/config_nginx.yml <<EOF
- name: "Scp Wecenter Nginx Config"
template:
src: wecenter.conf
dest: /etc/nginx/conf.d/
when: ansible_fqdn is match 'web*'
notify: "Reloaded Nginx Server"
EOF
# 推送wecenter配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/config_wecenter.yml << EOF
- name: "Scp Wecenter Config"
template:
src: database.php.j2
dest: /code/wecenter/system/config/database.php
owner: www
group: www
when: ansible_fqdn is match 'web*'
EOF
# 推送proxy配置文件
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/tasks/config_proxy.yml <<EOF
- name: "Scp Wecenter slb Config"
template:
src: proxy_wecenter.j2
dest: /etc/nginx/conf.d/proxy_wecenter.conf
when: ansible_fqdn is match 'lb*'
notify: "Reloaded Nginx Server"
EOF
- 创建wecenter角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建wecenter角色的templates资源
[root@m01 roles]# cp /etc/ansible/templates/database.php.j2 /etc/ansible/roles/wecenter/templates/
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/templates/proxy_wecenter.j2 <<EOF
upstream zh {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name zh.oldboy.com;
location / {
proxy_pass http://zh;
include proxy_params;
}
}
EOF
[root@m01 roles]# vi /etc/ansible/roles/wecenter/templates/wecenter.conf
server {
listen 80;
server_name zh.oldboy.com;
root /code/wecenter;
index index.php index.html;
client_max_body_size 100m;
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
- 创建wecenter角色的files资源
[root@m01 roles]# mv /etc/ansible/templates/WeCenter_3-6-0.tar.gz /etc/ansible/roles/wecenter/files/
- 创建wecenter角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/wecenter/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
- { role: php }
EOF
- 创建wecenter角色的角色执行文件wecenter.yml
[root@m01 roles]# cat > /etc/ansible/roles/wecenter.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- wecenter
EOF
https
- 创建https角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/main.yml <<EOF
- import_tasks: mkdir.yml
- import_tasks: certificate.yml
- import_tasks: secret_key.yml
- import_tasks: remove_proxy_config_directory.yml
- import_tasks: create_proxy_config_directory.yml
- import_tasks: proxy_config.yml
- import_tasks: remove_config_directory.yml
- import_tasks: create_config_directory.yml
- import_tasks: config.yml
EOF
# 创建证书存放目录
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/mkdir.yml <<EOF
- name: "Create ssl_key Directory"
file:
path: /etc/nginx/ssl_key
state: directory
when: ansible_fqdn is match 'lb*'
EOF
# 推送ssl证书
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/certificate.yml <<EOF
- name: "Scp ssl Certificate"
copy:
src: server.crt
dest: /etc/nginx/ssl_key/server.crt
when: ansible_fqdn is match 'lb*'
EOF
# 推送ssl密钥
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/secret_key.yml <<EOF
- name: "Scp ssl Secret Key"
copy:
src: server.key
dest: /etc/nginx/ssl_key/server.key
when: ansible_fqdn is match 'lb*'
EOF
# 清空proxy在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/remove_proxy_config_directory.yml <<EOF
- name: "Remove Proxy Nginx Config"
file:
path: /etc/nginx/conf.d
state: absent
when: ansible_fqdn is match 'lb*'
EOF
# 创建proxy在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/create_proxy_config_directory.yml << EOF
- name: "Create Proxy Nginx Config"
file:
path: /etc/nginx/conf.d
state: directory
EOF
# 推送proxy在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/proxy_config.yml <<EOF
- name: "Scp Proxy Nginx Config"
template:
src: proxy_https.conf
dest: /etc/nginx/conf.d/proxy_https.conf
when: ansible_fqdn is match 'lb*'
notify: "Reloaded Nginx Server"
EOF
# 清空nginx在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/remove_config_directory.yml <<EOF
- name: "Remove Nginx Config"
file:
path: /etc/nginx/conf.d
state: absent
when: ansible_fqdn is match 'web*'
EOF
# 创建nginx在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/create_config_directory.yml << EOF
- name: "Create Proxy Nginx Config"
file:
path: /etc/nginx/conf.d
state: directory
EOF
# 推送nginx在conf.d目录下的配置文件
[root@m01 roles]# cat > /etc/ansible/roles/https/tasks/config.yml <<EOF
- name: "Scp Nginx Config"
template:
src: https.conf
dest: /etc/nginx/conf.d/https.conf
when: ansible_fqdn is match 'web*'
notify: "Reloaded Nginx Server"
EOF
- 创建https角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/https/handlers/main.yml <<EOF
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建https角色的templates资源
[root@m01 ~]# vi /etc/ansible/roles/https/templates/proxy_https.conf
upstream web {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name blog.oldboy.com;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name zh.oldboy.com;
return 302 https://$server_name$request_uri;
}
server {
listen 80;
server_name php.oldboy.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name blog.oldboy.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 443 ssl;
server_name zh.oldboy.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
server {
listen 443 ssl;
server_name php.oldboy.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://web;
include proxy_params;
}
}
[root@m01 ~]# vi /etc/ansible/roles/https/templates/https.conf
server {
listen 80;
server_name blog.oldboy.com;
root /code/wordpress;
index index.php index.html;
client_max_body_size 100m;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# 告诉PHP前置的负载使用的是https协议
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
server {
listen 80;
server_name zh.oldboy.com;
root /code/wecenter;
index index.php index.html;
location ~ \.php$ {
root /code/wecenter;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
server {
listen 80;
server_name php.oldboy.com;
root /code/phpMyAdmin-4.8.4-all-languages;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
- 创建https角色的files资源
[root@m01 ~]# openssl req -days 3650 -x509 -sha256 -nodes -newkey rsa:2048 -keyout /etc/ansible/roles/https/files/server.key -out /etc/ansible/roles/https/files/server.crt
Generating a 2048 bit RSA private key
.+++
...................................+++
writing new private key to '/etc/nginx/ssl_key/server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:CHINA
Locality Name (eg, city) [Default City]:Name
Organization Name (eg, company) [Default Company Ltd]:Test
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:m01
Email Address []:123@qq.com
- 创建https角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/https/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
- { role: nginx }
EOF
- 创建https角色的角色执行文件https.yml
[root@m01 roles]# cat > /etc/ansible/roles/https.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- https
EOF
ntp
- 创建ntp角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: ntp_server_config.yml
- import_tasks: ntp_client_config.yml
- import_tasks: ntpd_config.yml
- import_tasks: start.yml
EOF
# 安装ntp
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/install.yml << EOF
- name: "Install NTP Server"
yum:
name: ntp
state: present
EOF
# 推送ntp_server配置文件
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/ntp_server_config.yml << EOF
- name: "Scp NTP Server Config"
copy:
src: ntp.server
dest: /etc/ntp.conf
when: ansible_fqdn == 'm01'
notify: "Restarted NTP Server"
EOF
# 推送ntp_client配置文件
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/ntp_client_config.yml << EOF
- name: "Scp NTP Client Config"
template:
src: ntp.client
dest: /etc/ntp.conf
when: ansible_fqdn != 'm01'
notify: "Restarted NTP Server"
EOF
# 推送ntpd配置文件
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/ntpd_config.yml << EOF
- name: "Scp Ntpd Client Config"
copy:
src: ntpd
dest: /etc/sysconfig/ntpd
notify: "Restarted NTP Server"
EOF
# 启动nginx
[root@m01 roles]# cat > /etc/ansible/roles/ntp/tasks/start.yml <<EOF
- name: "Start NTP Server"
systemd:
name: ntpd
state: started
daemon_reload: yes
enabled: yes
EOF
- 创建ntp角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/ntp/handlers/main.yml <<EOF
- name: "Restarted NTP Server"
systemd:
name: ntpd
state: restarted
EOF
- 创建ntp角色的templates资源
[root@m01 roles]# cp /etc/ansible/templates/ntp.client /etc/ansible/roles/ntp/templates/
- 创建ntp角色的files资源
[root@m01 roles]# cp /etc/ansible/templates/ntp.server /etc/ansible/roles/ntp/files/
[root@m01 roles]# cp /etc/ansible/templates/ntpd /etc/ansible/roles/ntp/files/
- 创建ntp角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/ntp/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建ntp角色的角色执行文件ntp.yml
[root@m01 roles]# cat > /etc/ansible/roles/ntp.yml <<EOF
- hosts: all
remote_user: root
roles:
- ntp
EOF
jpress
- 创建jpress角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/main.yml <<EOF
- import_tasks: install.yml
- import_tasks: mkdir.yml
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: jpress_config.yml
- import_tasks: jpress_config_install.yml
- import_tasks: tomcat_config.yml
- import_tasks: tomcat_server_config.yml
- import_tasks: start.yml
- import_tasks: auth.yml
- import_tasks: config_proxy.yml
EOF
# 安装tomcat
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/install.yml << EOF
- name: "Install Tomcat Server"
yum:
name: tomcat
state: present
when: ansible_fqdn == 'web03'
EOF
# 创建站点目录
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/mkdir.yml <<EOF
- name: "Create code Directory"
file:
path: /code
state: directory
owner: www
group: www
when: ansible_fqdn == 'web03'
EOF
# 推送jpress包
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/download.yml << EOF
- name: "Download Jpress"
copy:
src: jpress.tar.gz
dest: /code/jpress.tar.gz
owner: www
group: www
when: ansible_fqdn == 'web03'
EOF
# 解压jpress包
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/decompress.yml <<EOF
- name: "Decompress Jpress"
unarchive:
src: /code/jpress.tar.gz
dest: /code
owner: www
group: www
remote_src: yes
when: ansible_fqdn == 'web03'
EOF
# 推送jpress配置文件
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/jpress_config.yml << EOF
- name: "Scp Jpress Config"
template:
src: jboot.properties.j2
dest: /code/jpress/WEB-INF/classes/jboot.properties
owner: www
group: www
when: ansible_fqdn == 'web03'
EOF
# 创建jpress安装锁文件
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/jpress_config_install.yml << EOF
- name: "Create Jpress Install.lock"
file:
path: /code/jpress/WEB-INF/classes/install.lock
state: touch
owner: www
group: www
when: ansible_fqdn == 'web03'
EOF
# 推送tomcat配置文件
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/tomcat_config.yml << EOF
- name: "Scp Tomcat Config"
template:
src: tomcat-server.xml.j2
dest: /etc/tomcat/server.xml
when: ansible_fqdn == 'web03'
notify: "Restarted Tomcat Server"
EOF
# 推送tomcat服务配置文件
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/tomcat_server_config.yml << EOF
- name: "Scp Tomcat.server Config"
template:
src: tomcat.service.j2
dest: /usr/lib/systemd/system/tomcat.service
when: ansible_fqdn == 'web03'
notify:
- "Reloaded Systemctl Server"
- "Restarted Tomcat Server"
EOF
# 启动tomcat
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/start.yml <<EOF
- name: "Start Tomcat Server"
systemd:
name: tomcat
state: started
daemon_reload: yes
enabled: yes
when: ansible_fqdn == 'web03'
EOF
# 修改tomcat目录属主属组
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/auth.yml <<EOF
- name: "Modify Tomcat Directory Auth"
file:
path: "{{ item.name }}"
state: directory
owner: www
group: www
recurse: yes
when: ansible_fqdn == 'web03'
with_items:
- { name: /usr/share/tomcat }
- { name: /var/cache/tomcat }
- { name: /var/lib/tomcat }
- { name: /var/log/tomcat }
- { name: /etc/tomcat }
EOF
# 推送proxy配置文件
[root@m01 roles]# cat > /etc/ansible/roles/jpress/tasks/config_proxy.yml <<EOF
- name: "Scp Jpress slb"
template:
src: proxy_jpress.j2
dest: /etc/nginx/conf.d/proxy_jpress.conf
when: ansible_fqdn is match 'lb*'
notify: "Reloaded Nginx Server"
EOF
- 创建jpress角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/jpress/handlers/main.yml <<EOF
- name: "Restarted Tomcat Server"
systemd:
name: tomcat
state: restarted
- name: "Reloaded Systemctl Server"
shell: systemctl daemon-reload
- name: "Reloaded Nginx Server"
systemd:
name: nginx
state: reloaded
EOF
- 创建jpress角色的templates资源
[root@m01 roles]# cp /etc/ansible/templates/tomcat-server.xml.j2 /etc/ansible/roles/jpress/templates/
[root@m01 roles]# cp /etc/ansible/templates/tomcat.service.j2 /etc/ansible/roles/jpress/templates/
[root@m01 roles]# cp /etc/ansible/templates/jboot.properties.j2 /etc/ansible/roles/jpress/templates/
[root@m01 roles]# cat > /etc/ansible/roles/jpress/templates/proxy_jpress.j2 << EOF
upstream jpress {
server 172.16.1.9:8080;
}
server {
listen 80;
server_name jpress.oldboy.com;
location / {
proxy_pass http://jpress;
include proxy_params;
}
}
EOF
- 创建jpress角色的files资源
[root@m01 roles]# cp /etc/ansible/templates/jpress.tar.gz /etc/ansible/roles/jpress/files/
- 创建jpress角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/jpress/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建jpress角色的角色执行文件jpress.yml
[root@m01 roles]# cat > /etc/ansible/roles/jpress.yml <<EOF
- hosts: tomcat_group lb_group
remote_user: root
roles:
- jpress
EOF
main playbook
[root@m01 roles]# cat > /etc/ansible/roles/site.yml <<EOF
- import_playbook: lnmp.yml
- import_playbook: yum_client.yml
- import_playbook: rsync_server.yml
- import_playbook: rsync_client.yml
- import_playbook: nfs_server.yml
- import_playbook: nginx.yml
- import_playbook: php.yml
- import_playbook: slb.yml
- import_playbook: keepalived.yml
- import_playbook: database.yml
- import_playbook: wordpress.yml
- import_playbook: nfs_client.yml
- import_playbook: phpmyadmin.yml
- import_playbook: wecenter.yml
- import_playbook: https.yml
- import_playbook: ntp.yml
- import_playbook: jpress.yml
EOF
运行测试
[root@m01 roles]# ansible-playbook site.yml
windows配置:在C:\Windows\System32\drivers\etc\hosts文件中添加一行10.0.0.3 blog.oldboy.com zh.oldboy.com php.oldboy.com jpress.oldboy.com
打开浏览器访问:https://blog.oldboy.com/ https://zh.oldboy.com/ https://php.oldboy.com/ http://jpress.oldboy.com/
验证
模板
- 创建xxx角色的tasks任务
[root@m01 roles]# cat > /etc/ansible/roles/xxx/tasks/main.yml <<EOF
- import_tasks: download.yml
- import_tasks: decompress.yml
- import_tasks: config.yml
EOF
- 创建xxx角色的handlers任务
[root@m01 roles]# cat > /etc/ansible/roles/xxx/handlers/main.yml <<EOF
- name: "Reloaded xxx Server"
systemd:
name: xxx
state: reloaded
EOF
- 创建xxx角色的templates资源
- 创建xxx角色的meta依赖
[root@m01 roles]# cat > /etc/ansible/roles/xxx/meta/main.yml <<EOF
dependencies:
- { role: lnmp }
EOF
- 创建xxx角色的角色执行文件xxx.yml
[root@m01 roles]# cat > /etc/ansible/roles/xxx.yml <<EOF
- hosts: nginx_server
remote_user: root
roles:
- xxx
EOF