基于ansible的生产环境部署构建(十) 角色web_pro
角色功能说明:
- 该角色实现对客户端主机的业务账号web_pro部署以及tomcat项目的部署
角色部署:
- 创建目录结构,创建软连接,关联默认变量文件
WorkDir=~/devops/ansible/os_init && cd ${WorkDir}
RoleName=web_pro
mkdir -pv roles/${RoleName}/{defaults,files,handlers,meta,tasks,templates,vars}
ln -s ${WorkDir}/defaults_var.yml roles/${RoleName}/defaults/main.yml
- 创建tomcat自动拉起脚本
cat>roles/${RoleName}/files/checktomcat.sh<<\EOF
#!/bin/bash
source /etc/profile
# 工作目录
CPWD=$(dirname ${0})
# 配置表单
CHKLIST=${CPWD}/checktomcat.lst
# 超时对比文件
TIMESTANDARD=${CPWD}/checktomcat.tsd
# 自动拉起行为日志
CHECKLOG=${CPWD}/checktomcat_log.txt
# 脚本运行日志
RUNLOG=${CPWD}/checktomcat_run_$(date +%F).log
echo "$(date +%F.%T) Check file ${CHKLIST}">>${RUNLOG}
# 处理过程:
while read line
do
if [ "${line:0:1}" == "#" -o "${line}" == "" ]
then
continue
# 如果配置表单为注释行或者空行,则忽略
fi
# 标志性项目名:BIN目录:统计进程数项目名:启动命令:监控日志:日志超时时间
# 标志性项目名 便于人工识别项目
# 统计进程数项目名 唯一定义该项目的进程 不能有歧义
VNAME=$(echo ${line}|awk -F ':' '{print $1}')
VWORKDIR=$(echo ${line}|awk -F ':' '{print $2}')
VPROC=$(echo ${line}|awk -F ':' '{print $3}')
VSTART=$(echo ${line}|awk -F ':' '{print $4}')
VLOG=$(echo ${line}|awk -F ':' '{print $5}')
VTIME=$(echo ${line}|awk -F ':' '{print $6}')
# 如果配置表单该行BIN目录不存在,则打日志并忽略该行处理
if [ -d "${VWORKDIR}" ]
then
cd "${VWORKDIR}"
else
echo "$(date +%F.%T) WARNNING ${VWORKDIR} is not exists, check ${VNAME} is skip...">>$CHECKLOG
continue
fi
# 当前该项目的进程数量
PROCCOUNTS=$(ps -ef|grep "${VPROC}"|grep java|grep -v "grep"|wc -l)
# 注意:${VPROC}必须能够唯一标识该项目的进程
# 如果当前该项目的进程数量为0,则拉起该项目
if [ "${PROCCOUNTS}" == "0" ]
then
echo ${VNAME} not running, restarted.>>${CHECKLOG}
echo "$(date +%F.%T) ${VNAME} not running">>${CHECKLOG}
echo "$(date +%F.%T) ${VSTART}">>${CHECKLOG}
${VSTART} &
continue
fi
# 日志超时检测
if [ "${VTIME}" != "0" ]
then
# 刷新对比文件的时间戳
touch -t $(date -d "-${VTIME} second" +"%Y%m%d%H%M.%S") ${TIMESTANDARD}
# 对比日志是否比对比文件时间戳新
LOGFILECOUNTS=$(find ${VLOG} -newer ${TIMESTANDARD}|wc -l)
if [ "${LOGFILECOUNTS}" == "0" ]
then
echo "${VLOG} is not exists or is expired ${VTIME} second.">>${CHECKLOG}
echo "$(date +"%F.%T") ${VNAME} logfile is expired ${VTIME} second">>${CHECKLOG}
echo "$(date +"%F.%T") ${VSTART}">>${CHECKLOG}
touch ${VLOG}
for i in $(ps -ef|grep "${VPROC}"|grep java|grep -v "grep"|awk '{print $2}')
do
kill -9 ${i}
done
# 杀掉该项目的所有进程
${VSTART} &
continue
fi
fi
done<${CHKLIST}
cd ${CPWD}
EOF
- 创建项目部署脚本
cat >roles/${RoleName}/files/pro_deploy.sh<<\EOF
#!/bin/bash
source ~/.bash_profile
# JAVA环境目录
JAVA_ENV=/usr/local/java
# TOMCAT模板目录
TOMCAT_ENV=/usr/local/tomcat
# 实例目录
IPWD=/web
# 工作目录
CPWD=$(dirname ${0})
# 配置表单
CHKLIST=${CPWD}/checktomcat.lst
# 执行帮助
if [ "$#" -ne 6 ]
then
echo $"Usage: bash $(basename $0) -n PRO_NAME -j JAVA_VERSION -t TOMCAT_VERSION"
echo $"Example: bash $(basename $0) -n vincent_test -j java_1.6 -t tomcat6"
echo $"JAVA_VERSION can be java_1.6/java_1.7/java_1.8"
echo $"TOMCAT_VERSION can be tomcat6/tomcat7/tomcat8"
exit 1
fi
while [ "$#" -gt 0 ]
do
case "${1}" in
-n)
shift
typeset -l PRO_NAME="${1}"
shift
;;
-j)
shift
typeset -l JAVA_VERSION="${1}"
shift
;;
-t)
shift
typeset -l TOMCAT_VERSION="${1}"
shift
;;
esac
done
# 端口偏移
PORT_OFFSET=$(awk -F':' '{if($NF~/[0-9]+/) print $NF}' ${CHKLIST}|wc -l)
# 实例名称
TOMCAT_NAME=${TOMCAT_VERSION}_$((8080+$PORT_OFFSET))_${PRO_NAME}
# 实例复制
cp -a ${TOMCAT_ENV}/${TOMCAT_VERSION}/ ${IPWD}/${TOMCAT_NAME}
# 配置文件修改
sed -i "s|#!/bin/sh|&\nsource ${JAVA_ENV}/${JAVA_VERSION}_env|g" ${IPWD}/${TOMCAT_NAME}/bin/catalina.sh
sed -i "s/tomcat/${TOMCAT_NAME}/g" ${IPWD}/${TOMCAT_NAME}/bin/cat.sh
sed -i "s/18080/$((18080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/8080/$((8080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/9443/$((9443+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/28080/$((28080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s|/web/project/tomcat|/web/project/${TOMCAT_NAME}|g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s|/web/logs/access/tomcat|/web/logs/access/${TOMCAT_NAME}|g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
# 配置表单添加
echo "${PRO_NAME}:${IPWD}/${TOMCAT_NAME}/bin:${TOMCAT_NAME}:./startup.sh:CHECK_LOG:0:${PORT_OFFSET}">>${CHKLIST}
# 添加日志日切任务
crontab -l>/tmp/web_pro_crontab.txt
echo "# ${TOMCAT_NAME} HOURLY LOG ARCHIVE" >>/tmp/web_pro_crontab.txt
echo "0 * * * * /bin/bash /web/${TOMCAT_NAME}/bin/cat.sh">>/tmp/web_pro_crontab.txt
cat /tmp/web_pro_crontab.txt |crontab
rm -rf /tmp/web_pro_crontab.txt
# 生成测试页面:
mkdir -p /web/project/${TOMCAT_NAME}/ROOT
echo "$(hostname -i):${TOMCAT_NAME}">>/web/project/${TOMCAT_NAME}/ROOT/index.html
echo "curl http://$(hostname -i):$((8080+$PORT_OFFSET))/index.html"
EOF
- 创建tomcat版本升级脚本
cat >roles/${RoleName}/files/pro_update.sh<<\EOF
#!/bin/bash
source /etc/profile
TOMCAT_ENV=/usr/local/tomcat
IPWD=/web
for FULLPATH in $(find ${IPWD} -maxdepth 1 -type d -name "tomcat*_808*_*")
do
TOMCAT_NAME=$(basename ${FULLPATH})
TOMCAT_VERSION=$(echo ${TOMCAT_NAME}|awk -F'_' '{print $1}')
# 同步相应版本的tomcat的bin目录、conf目录和lib目录,忽略文件catalina.sh、cat.sh和server.xml的同步
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/bin -type f ! -name "catalina.sh" -a ! -name "cat.sh" -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/bin \;
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/conf -type f ! -name "server.xml" -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/conf \;
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/lib -type f -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/lib \;
done
EOF
- 创建角色任务
cat >roles/${RoleName}/tasks/main.yml<<EOF
---
- name: "预先生成web_pro密码密值"
shell:
python -c 'import crypt,getpass;pw="web_pro";print(crypt.crypt(pw))'
register: web_pro_pass
- name: "创建web_pro业务用户"
user:
name: web_pro
createhome: yes
password: "{{ web_pro_pass.stdout }}"
update_password: on_create
- name: "分发ssh公钥到web_pro用户"
authorized_key:
user: web_pro
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
- name: "设置web_pro系统资源限制"
lineinfile:
path: /etc/security/limits.conf
line: "web_pro soft nproc 2047\nweb_pro hard nproc 16384\nweb_pro soft nofile 1024\nweb_pro hard nofile 65536\nweb_pro soft stack 10240\nweb_pro hard stack 32768\n"
- name: "创建业务根目录1"
file:
path: "/web"
state: directory
recurse: yes
owner: web_pro
group: web_pro
mode: 0750
- name: "创建业务根目录2"
file:
path: "/web/{{ item }}"
state: directory
recurse: yes
owner: web_pro
group: web_pro
mode: 0750
with_items:
- profile
- project
- logs
- checkTOMCAT
- name: "同步自动拉起脚本"
copy:
src: checktomcat.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "创建表单文件"
copy:
content: "# TOMCAT_NAME:BIN_PATH:PROCESS_NAME:START_SCRIPT:CHECK_LOG:LOG_TIMEOUT:PORT_OFFSET\n"
dest: /web/checkTOMCAT/checktomcat.lst
owner: web_pro
group: web_pro
mode: 0644
force: no
- name: "设置自动拉起任务1"
cron:
user: web_pro
name: "Check TOMCAT Process1"
job: "/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务2"
cron:
user: web_pro
name: "Check TOMCAT Process2"
job: "sleep 10;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务3"
cron:
user: web_pro
name: "Check TOMCAT Process3"
job: "sleep 20;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务4"
cron:
user: web_pro
name: "Check TOMCAT Process4"
job: "sleep 30;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务5"
cron:
user: web_pro
name: "Check TOMCAT Process5"
job: "sleep 40;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务6"
cron:
user: web_pro
name: "Check TOMCAT Process6"
job: "sleep 50;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "设置自动拉起任务运行日志清理"
cron:
user: web_pro
name: "Check TOMCAT Process Log clear"
job: '/usr/bin/find /web/checkTOMCAT/checktomcat_run_*.log -type f -mtime +10 -exec rm -rf {} \;'
minute: "0"
hour: "3"
- name: "同步项目部署脚本"
copy:
src: pro_deploy.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "同步项目升级脚本"
copy:
src: pro_update.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "部署项目并生成项目配置文件"
shell:
su - web_pro -c "/bin/bash /web/checkTOMCAT/pro_deploy.sh -n {{ sub_pro }} -j {{ java_version }} -t {{ tomcat_version }} && \
echo '{{ ansible_ssh_host }} {{ gitlib_url }} {{ project }} {{ sub_pro }} {{ java_version }} {{ tomcat_version }} 8080'>/web/checkTOMCAT/pro_mark"
args:
creates: /web/checkTOMCAT/pro_mark
warn: false
- name: "将项目配置文件拉取到服务端"
fetch:
src: /web/checkTOMCAT/pro_mark
dest: "{{pro_mark}}/pro_mark-{{ansible_ssh_host}}"
flat: yes
EOF
- 创建任务playbook并执行
cat >os-init-9-${RoleName}.yml<<EOF
---
- hosts: all
remote_user: sudoler
gather_facts: true
become: yes
become_user: root
become_method: su
roles:
- ${RoleName}
EOF
ansible-playbook -i inventory/hosts os-init-9-${RoleName}.yml
注意事项:
-
如果要进行java包的升级,则:
-
- 1,将高版本的包上传到文件共享服务器
-
- 2,修改 defaults_var.yml 中相应信息
-
- 3,下载包到部署主机 ansible-playbook -i inventory/hosts os-init-1-*.yml
-
- 4,重新执行java角色,完成升级 ansible-playbook -i inventory/hosts os-init-7-*.yml
-
- 5,这个升级可以是降级
-
如果要进行tomcat包的升级,则:
-
- 1,将高版本的包上传到文件共享服务器
-
- 2,修改 defaults_var.yml 中相应信息
-
- 3,下载包到部署主机 ansible-playbook -i inventory/hosts os-init-1-*.yml
-
- 4,重新执行tomcat角色,完成升级 ansible-playbook -i inventory/hosts os-init-8-*.yml
-
- 5,这个升级可以是降级
-
如果要进行项目升级,则:
-
- 1,如果java版本进行了升级,则重启项目即可完成升级
-
- 2,如果tomcat版本进行了升级,则使用业务账号 web_pro 执行升级脚本,并重启项目即可:
-
su - web_pro -
bash /web/checkTOMCAT/pro_update.sh -
ps -ef|grep java|grep tomcat|awk '{print $2}'|xargs kill -9 -
如果要在一个主机上部署多个项目,则:
-
su - web_pro -
bash /web/checkTOMCAT/pro_update.sh -n ... -j ... -t ...
[TOC]