ansible實戰示例

要求:

    使用ansible部署以下任務:

    (1) 在VS部署主/備模型的keepalived + nginx的負載均衡;

    (2) 在RS主機上部署httpd + php + php-mysql;

    (3) 在第五臺主機上部署mariadb-server, 并且數據庫擁有testdb庫, 并運行testuser對其擁有所有權;

步驟:

1. 各主機IP規劃

    主機A: IPADDR=10.1.52.11

    主機B: IPADDR=10.1.52.22

    主機C: IPADDR=10.1.52.2

    主機D: IPADDR=10.1.52.3

    主機E: IPADDR=10.1.52.4

    其中主機A,B為keepalived+nginx的VS主機; 主機C,D部署httpd,php和php-mysql; 主機E部署mariadb-server.

2. 首先在A上安裝ansible, 并編輯/etc/ansible/hosts文件, 添加如下內容

[lvssrv]
10.1.52.11 STATE='MASTER' WEIGHT='100' VRIP='123' # 提供lvs服務
10.1.52.22 STATE='BACKUP' WEIGHT='98' VRIP='122'  # 提供lvs服務
[websrv]
10.1.52.2  #提供httpd服務
10.1.52.3  #提供httpd服務
[dbsrv]
10.1.52.4  #提供mysql服務

3. 在/etc/ansible/roles目錄下創建各需要的目錄

mkdir -pv /etc/ansible/roles/{nginx,keepalived,httpd,mysql}/{files,tasks,templates,vars,handlers,meta,defaults}

4. 為keepalived提供playbook的roles文件

(1) 創建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下內容

- name: install keepalived
  yum: name=keepalived state=latest
- name: copy nofigy.sh
  copy: src=notify.sh dest=/etc/keepalived/notify
- name: Virtual IP address
  shell: /usr/sbin/ip add add 10.1.52.123/16 dev eno16777736
- name: start keepalived service
  shell: /usr/bin/systemctl start keepalived
- name: copy conf file
  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
  tags: instconf
  notify: reload keepalived service

(2) 提供templates的模板配置文件/etc/ansible/roles/keepalived/templates/keepalived.conf.j2, 內同如下, 其中參數部分, 在/etc/ansible/hosts文件中已經給出:

! Configuration File for keepalived

global_defs {
	notification_email {
		root@localhost
	}
	notification_email_from keepalived@localhost
	smtp_server 127.0.0.1
	smtp_connect_timeout 30
	router_id {{ ansible_hostname }}
	vrrp_mcast_group4 224.0.52.123
}

vrrp_script chk_down {
	script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
	interval 1
	weight -5
}

vrrp_script chk_nginx {
	script "killall -0 nginx && exit 0 || exit 1"
	interval 1
	weight -5
}
vrrp_instance VI_1 {
	state {{ STATE }}
	interface eno16777736
	virtual_router_id {{ VRIP }}
	priority {{ WEIGHT }}
	advert_int 1
	authentication {
		auth_type PASS
		auth_pass 571f97b2
	}
	virtual_ipaddress {
		10.1.52.123/16 dev eno16777736
	}
	track_script {
		chk_down
		chk_nginx
	}
	notify_master "/etc/keepalived/notify.sh master"
	notify_backup "/etc/keepalived/notify.sh backup"
	notify_fault "/etc/keepalived/notify.sh fault"
}

(3) 提供notify.sh腳本, 放置在/etc/ansible/roles/keepalived/files/目錄下, 內容如下

#!/bin/bash
#

contact='root@localhost'

notify() {
	mailsubject="$(hostname) to be $1, vip floating"
	mailbody="$(date +'%F %T'):vrrp transition, $(hostname) changed to be $1"
	echo "$mailbody" | mail -s "$mailsubject" $contact
}

case $1 in
master)
	notify master
	;;
backup)
	notify backup
	;;
fault)
	notify fault
	;;
*)
	echo "Usage: $(basename $0) {maseter|backup|fault}"
	exit 1
esac

(4) 提供handlers文件, 文件名為/etc/ansible/roles/keepalived/handlers/main.yml, 內容如下

- name: reload keepalived service
  shell: "/usr/bin/systemctl restart keepalived.service"

5. 為nginx提供playbook的roles文件

(1) 創建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下內容

- name: copy nginx package
  copy: src=nginx-1.10.2-1.el7.ngx.x86_64.rpm dest=/tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm
- name: install nginx 
  shell: "/usr/bin/yum -y install /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm"
- name: delete nginx package 
  shell: "/usr/bin/rm -f /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm"
- name: copy conf file
  copy: src={{ item.ngxconfj2 }} dest={{ item.ngxconf }}
  with_items:
  - { ngxconfj2: nginx.conf.j2, ngxconf: /etc/nginx/nginx.conf }
  - { ngxconfj2: nginx.default.conf.j2, ngxconf: /etc/nginx/conf.d/default.conf }
- name: start nginx service 
  shell: "/usr/bin/systemctl start nginx"

(2) 在/etc/ansible/roles/nginx/files/目錄下放置nginx的rpm安裝文件

示例用版本為: nginx-1.10.2-1.el7.ngx.x86_64.rpm

(3) 為nginx提供負載均衡的配置文件, 放置在/etc/ansible/roles/nginx/files/目錄下, 文件名與修改的配置文件內容如下, 其他為默認:

   (a) nginx.conf.j2

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    access_log  /var/log/nginx/access.log  main;    
    keepalive_timeout  65;
    upstream websrvs {
	server 10.1.52.2;
	server 10.1.52.3;
    }   
    include /etc/nginx/conf.d/*.conf;
}

    (b) nginx.default.conf.j2

server {
    listen       80;
    server_name  localhost;
    location / {
        root   /usr/share/nginx/html;
	proxy_pass http://websrvs;
        index  index.html index.htm;
    }    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

6. 為httpd, php, php-mysql提供playbook的roles文件

(1) 在/etc/ansible/roles/httpd/templates/index.html.j2文件, 內容如下

<h1> {{ ansible_hostname }} </h1>

(2) 創建/etc/ansilbe/roles/httpd/tasks/main.yml文件, 添加如下內容

- name: install httpd php and php-mysql
  yum: name={{ item }} state=latest
  with_items:
  - httpd
  - php
  - php-mysql
- name: support index.html
  template: src=index.html.j2 dest=/var/www/html/index.html
- name: copy set.sh
  copy: src=set.sh dest=/root/set.sh
- name: add ip address
  shell: bash /root/set.sh start
- name: start httpd service
  shell: "/usr/bin/systemctl start httpd.service"

(3) 在/etc/ansible/roles/httpd/files/目錄下, 創建set.sh文件, 內容如下:

#!/bin/bash
#
vip='10.1.52.123'
vport='80'
netmask='255.255.255.255'
iface='lo:0'

case $1 in
start)
	echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
	echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce

	ifconfig $iface $vip netmask $netmask broadcast $vip up
	route add -host $vip dev $iface
	;;
stop)
	ifconfig $iface down
	echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore
	echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore
	echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce
	echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce
esac

7. 為httpd, php, php-mysql提供playbook的roles文件

(1) 在/etc/ansible/roles/mysql/tasks/index.html.j2文件, 內容如下

- name: isntall mariadb-server
  yum: name=mariadb-server state=latest
- name: copy cnf file
  copy: src=my.cnf dest=/etc/my.cnf
- name: copy sql script
  copy: src=grant_testuser.sql dest=/root/grant_testuser.sql
- name: start mariadb service
  shell: /usr/bin/systemctl start mariadb.service
- name: create database and grant user
  shell: "/usr/bin/mysql < /root/grant_testuser.sql"

(2) 在/etc/ansible/roles/mysql/files/目錄下創建grant_testuser.sql文件, 內容如下

CREATE DATABASE testdb;
GRANT ALL ON *.* TO 'testuser'@'localhost' IDENTIFIED BY 'testpass';
GRANT ALL ON *.* TO 'testuser'@'10.1.52.%' IDENTIFIED BY 'testpass';
GRANT ALL ON *.* TO 'testuser'@'127.0.0.1' IDENTIFIED BY 'testpass';

(3) 在/etc/ansible/roles/mysql/files/下創建my.cnf, 內容如下:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
skip_name_resolve = ON
innodb_file_per_table = ON
!includedir /etc/my.cnf.d

8. 在/erc/ansible/目錄下分別創建各程序的playbook的yml文件

(1) 創建keepalived.yml, 內容如下

- hosts: lvssrv
  remote_user: root
  roles:
  - keepalived

(2) 創建nginx.yml, 內容如下:

- hosts: lvssrv
  remote_user: root
  roles:
  - nginx

(3) 創建httpd.yml, 內容如下

- hosts: websrv
  remote_user: root
  roles:
  - httpd

(4) 創建mysql.yml, 內容如下

- hosts: dbsrv
  remote_user: root
  roles:
  - mysql

9. 分別運行各yml文件

ansible-playbook /etc/ansible/keepalived.yml
ansible-playbook /etc/ansible/nginx.yml
ansible-playbook /etc/ansible/httpd.yml
ansible-playbook /etc/ansible/mysql.yml

10. 使用curl測試實驗

[root@node1 ~]# (for i in {1..10}; do curl http://10.1.52.123 ; done;)
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>

11. 經測試, 實驗成功.