天天看點

架構——17——Ansible playbook(web-nfs-rsync)ansible playbook:劇本———————————分隔線————————————安裝ansibleAnsible的基礎配置:測試案例:通過playbook安裝httpd,并修改端口号為8080playbook配置web-nfs-rsync架構環境

ansible playbook:劇本

由一個或多個子產品組成,完成統一的目的,實作自動化操作

劇本編寫遵循yaml文法

yaml的三要素:

縮進:兩個字元,預設的tab鍵是四個字元,是以要使用tab鍵,需要修改.vimrc

vim /root/.vimrc

set tabstop=2

冒号:冒号後面需要空格,除非以冒号結尾

短橫杠:清單項,後面跟空格

playbook文法結構:ansible-playbook 選項 檔案路徑

選項:

-C 模拟預運作
–list-hosts 列出清單
–list-tasks 列出任務
–list-tags 列出标簽
–syntax-check 文法檢查

———————————分隔線————————————

環境:

ansible 192.168.1.128
web 192.168.1.129
nfs 192.168.1.134
rsync 192.168.1.135

修改主機名:

hostnamectl set-hostname ansible
bash
hostnamectl set-hostname web
bash
hostnamectl set-hostname nfs
bash
hostnamectl set-hostname rsync
bash
           

修改hosts檔案

[[email protected] ~]# vim /etc/hosts
192.168.1.128	ansible
192.168.1.129	web1
192.168.1.134	nfs1
192.168.1.135	rsync1
           

安裝ansible

[[email protected] ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo	#epel源(擴充包)
[[email protected] ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo	#linux鏡像源(組包)
[[email protected] ~]# yum -y install ansible		#安裝ansible
[[email protected] ~]# ansible --version		#檢視版本

二選其一即可↑↓

[[email protected] ~]# yum -y install epel-release		#安裝epel擴充源
[[email protected] ~]# yum -y install ansible		#安裝ansible
           

Ansible的基礎配置:

1)配置清單

[[email protected] ~]# vim /etc/ansible/hosts
[web]
web1
[nfs]
nfs1
[rsync]
rsync1

[hao:children]
web
nfs
rsync
           

2)在ansible上配置ssh秘鑰對通路

[[email protected] ~]# ssh-keygen -t rsa			#全部回車
[[email protected] ~]# ssh-copy-id [email protected]		#web伺服器
[[email protected] ~]# ssh-copy-id [email protected]		#nfs伺服器
[[email protected] ~]# ssh-copy-id [email protected]		#rsync伺服器
           

3)複制/etc/hosts到被管理端

[[email protected] ~]# scp /etc/hosts [email protected]:/etc/
[[email protected] ~]# scp /etc/hosts [email protected]:/etc/
[[email protected] ~]# scp /etc/hosts [email protected]:/etc/

或者直接使用ansible-copy子產品
[[email protected] ~]# ansible all -m copy -a "src=/etc/hosts dest=/etc/ backup=yes"
           

4)建立ansible目錄

[[email protected] ~]# mkdir -p /etc/ansible/ansible_playbook/{conf,file,scripts,tools}
           

測試案例:通過playbook安裝httpd,并修改端口号為8080

1)本地安裝httpd,修改端口為8080
[[email protected] ~]# yum -y install httpd
[[email protected] ~]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/
[[email protected] ~]# cd /etc/ansible/ansible_playbook/
[[email protected] ansible_playbook]# vim httpd.conf
Listen 8080				#修改端口号
ServerName www.example.com:80			#去注釋
           
2)修改tab鍵縮進為兩個字元,修改.vimrc
[[email protected] ansible_playbook]# vim /root/.vimrc
set tabstop=2
           
3)編寫httpd.yaml
[[email protected] ansible_playbook]# vim httpd.yaml
- hosts: web

  tasks:
    - name: install httpd
      yum: name=httpd state=latest

    - name: httpd config
      copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf
      notify: restart httpd

    - name: start httpd
      shell: systemctl start httpd

  handlers:
    - name: restart httpd
      shell: systemctl restart httpd

[[email protected] ansible_playbook]# ansible-playbook -C httpd.yaml			#測試yaml
[[email protected] ansible_playbook]# ansible-playbook httpd.yaml			#執行yaml
           
4)還原初始環境(為後續實驗)
[[email protected] ~]# yum -y remove httpd		#解除安裝本地httpd
[[email protected] ~]# ansible web -m shell -a "yum -y remove httpd"		#解除安裝web伺服器httpd
[[email protected] ~]# rm -rf httpd.*
           

playbook配置web-nfs-rsync架構環境

1、基礎環境部署

1)網絡環境(關閉firewall selinux)

2)epel倉庫

3)安裝rsync,nfs-utils

4)建立組

5)建立使用者

6)建立目錄,并修改權限

7)推送腳本

8)推送rsync用戶端密碼檔案,修改權限

9)計劃任務

[[email protected] ansible_playbook]# cd scripts/
[[email protected] scripts]# vim /etc/ansible/ansible_playbook/base.yaml
- hosts: all
  tasks:
    - name: clear repos.d
      file: path=/etc/yum.repos.d/ state=absent

    - name: create repos.d
      file: path=/etc/yum.repos.d/ state=directory

    - name: install base repo
      get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo

    - name: install epel repo
      get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo

    - name: install rsync nfs-utils
      yum: name=rsync,nfs-utils state=installed

    - name: create group www
      group: name=www gid=666

    - name: create user www
      user: name=www uid=666 create_home=no shell=/sbin/nologin

    - name: create rsync client password
      copy: content='1' dest=/etc/rsync.pass mode=600

    - name: create scripts directory
      file: path=/server/scripts/ recurse=yes state=directory

    - name: push scripts
      copy: src=./scripts/rsync_backup.sh dest=/server/scripts

    - name: crontab
      cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup.sh &> /dev/null"


[[email protected] scripts]# vim rsync_backup.sh
#!/usr/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#1.定義變量
Host=$(hostname)
Addr=$(ifconfig ens33|awk 'NR==2{print $2}')
Date=$(date +%F)
Dest=${Host}_${Addr}_${Date}
Path=/backup

#2.建立備份目錄
[ -d $Path/$Dest ] || mkdir -p $Path/$Dest

#3.備份對應的檔案
cd / && \
[ -f $Path/$Dest/system.tar.gz ] || tar czf $Path/$Dest/system.tar.gz etc/fstab etc/rsyncd.conf && \
[ -f $Path/$Dest/log.tar.gz ] || tar czf $Path/$Dest/log.tar.gz  var/log/messages var/log/secure && \

#4.攜帶md5驗證資訊
[ -f $Path/$Dest/flag ] || md5sum $Path/$Dest/*.tar.gz >$Path/$Dest/flag_${Date}

#4.推送本地資料至備份伺服器
export RSYNC_PASSWORD=1
rsync -avz $Path/ [email protected]::backup

#5.本地保留最近7天的資料
find $Path/ -type d -mtime +7|xargs rm -rf


[[email protected] scripts]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C base.yaml
           

2、rsync配置

1)安裝rsync

2)配置

3)啟動

4)腳本

5)計劃任務

[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/rsync.yaml
- hosts: rsync
  tasks:

    - name: install rsync
      yum: name=rsync,mailx state=installed

    - name: config rsync
      copy: src=/etc/ansible/ansible_playbook/conf/rsyncd.conf dest=/etc/rsyncd.conf
      notify: restart rsync

    - name: create rsync local user
      copy: content='rsync_backup:1' dest=/etc/rsync.password mode=600

    - name: create data
      file: path=/data state=directory recurse=yes owner=www group=www mode=755

    - name: create backup
      file: path=/backup state=directory recurse=yes owner=www group=www mode=755

    - name: start rsync
      service: name=rsyncd state=started enabled=yes

    - name: push check scripts
      copy: src=./scripts/rsync_check.sh dest=/server/scripts/

    - name: crond check scripts
      cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check.sh &> /dev/null"

  handlers:
    - name: restart rsync
      service: name=rsyncd state=restarted


[[email protected] ansible_playbook]# cd conf/
[[email protected] conf]# vim rsyncd.conf 
uid = nobody
gid = nobody
port 873
address = 192.168.1.135
hosts allow = 192.168.1.0/24
max connections = 4
pid file = /var/run/rsyncd.pid
timeout = 900
dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
[backup]
    path = /backup
    read only = no
    auth users = rsync_backup
    secrets file = /etc/rsync.password


[[email protected] ansible_playbook]# cd ../scripts/
[[email protected] scripts]# vim rsync_check.sh 
#!/usr/bin/bash

#1.定義全局的變量
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2.定義局部變量
Path=/backup
Date=$(date +%F)

#3.檢視flag檔案,将校驗的結果儲存至result_時間
find $Path/*_${Date} -type f -name "flag$Date"  >$Path/result_${Date}

#4.将校驗的結果發送郵件給管理者
mail -s "Rsync Backup $Date" [email protected] <$Path/result_${Date}

#5.删除超過7天的校驗結果檔案, 删除超過180天的備份資料檔案
find $Path/ -type f -name "result*" -mtime +7|xargs rm -f
find $Path/ -type d -mtime +180|xargs rm -rf


[[email protected] scripts]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C rsync.yaml
           

3、nfs部署

1)安裝nfs-utils

2)配置

3)啟動

[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/nfs.yaml
- hosts: nfs

  tasks:
    - name: install nfs
      yum: name=nfs-utils state=installed

    - name: config nfs
      copy: src=./conf/exports dest=/etc/exports

    - name: create data
      file: path=/data state=directory recurse=yes owner=www group=www mode=755

    - name: start nfs
      service: name=nfs-server state=started enabled=yes

  handlers:
    - name: restart nfs
      service: name=nfs-server state=restarted


[[email protected] ansible_playbook]# cd conf/
[[email protected] conf]# vim exports 
/data 192.168.1.0/24(rw,sync,all_squash)

[[email protected] conf]# cd ..
[[email protected] ansible_playbook]# ansible-playbook -C nfs.yaml
           

4、sersync部署

1)在ansible伺服器先下載下傳sersync

2)解壓到/etc/ansible/ansible_playbook/并修改配置檔案

3)推送到nfs

4)啟動sersync

[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/sersync.yaml
- hosts: nfs

  tasks:
    - name: scp sersync
      copy: src=./tools/sersync/ dest=/usr/local/sersync owner=www group=www mode=755

    - name: start sersync
      shell: pgrep sersync; [ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml


[[email protected] ansible_playbook]# cd tools/
[[email protected] tools]# rz -E
[[email protected] tools]# tar zxf sersync2.5.4_64bit_binary_stable_final.tar.gz 
[[email protected] tools]# ls
GNU-Linux-x86  sersync2.5.4_64bit_binary_stable_final.tar.gz
[[email protected] tools]# mv GNU-Linux-x86/ sersync
[[email protected] tools]# ls
sersync  sersync2.5.4_64bit_binary_stable_final.tar.gz
[[email protected] tools]# cd sersync/
[[email protected] sersync]# ls
confxml.xml  sersync2
[[email protected] sersync]# cd ../..
[r[email protected] ansible_playbook]# ansible-playbook -C sersync.yaml
           

5、web部署

1)本地安裝httpd

2)修改配置檔案,複制到/etc/ansible/ansible_playbook/conf

3)挂載

4)啟動

[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/web.yaml
- hosts: web

  tasks:
    - name: mount nfs
      mount: src=nfs1:/data path=/data fstype=nfs state=mounted
    - name: install httpd
      yum: name=httpd state=installed

    - name: config httpd
      copy: src=./conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
      notify: restart httpd

    - name: start httpd
      shell: systemctl start httpd

  handlers:
    - name: restart httpd
      shell: systemctl restart httpd


[[email protected] ansible_playbook]# yum -y install httpd
[[email protected] ansible_playbook]# cp /etc/httpd/conf/httpd.conf /etc/ansible/ansible_playbook/conf/
[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/conf/httpd.conf
ServerName www.example.com:80

[[email protected] ansible_playbook]# ansible-playbook -C web.yaml
           

6、main.yaml

[[email protected] ansible_playbook]# vim /etc/ansible/ansible_playbook/main.yaml
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml


[[email protected] ansible_playbook]# ansible-playbook -C main.yaml				#預檢測
[[email protected] ansible_playbook]# ansible-playbook main.yaml                 #執行