Linux之Ansible部署keepalive+http+haproxy高可用集群及ansible自动化创建用户和磁盘分区
一、Ansible roles
1. Ansible roles的介绍
Ansible roles是为了层次化、结构化地组织Playbook。roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们。roles一般用于基于主机构建服务的场景中,在企业复杂业务场景中应用的频率很高。以特定的层级目录结构进行组织的tasks、variables、handlers、templates、files等;相当于函数的调用把各个功能切割成片段来执行。
2. Ansible roles中各部分的介绍
- files:存放copy或script等模块调用的函数
- tasks:定义各种任务task,需要执行的动作
- handlers:定义各种触发器handlers
- vars:定义变量variables
- templates:存储由template模块调用的模板文本,一般放置配置文件当作一个服务的>模板
- meta:定义当前角色的特殊设定及其依赖关系,要有main.yml的文件
- defaults:用于设定默认变量
3. ansible-galsxy命令
Ansible Galaxy 是一个免费共享和下载 Ansible 角色的网站,可以帮助我们更好的定义和学习roles。ansible-galaxy在 Ansible 1.4.2 就已经被包含了。
二、Ansible搭建高可用和负载均衡集群(keepalive+http+haproxy)
1. 创建角色
cd /home/devops/ansible
mkdir roles
ansible-galaxy init apache #初始化角色
ansible-galaxy init haproxy
ansible-galaxy init keepalive
rm -fr README.md tests #进入角色目录删除测试目录2. 编写规则文件roles的默认路径
vim /home/devops/ansible.cfg
[defaults]
inventory = ./inventory #管理用户的清单,其中包括用户和用户组
roles_path = ./roles #存放角色规则的路径
[privilege_escalation] #默认在执行时转化为root用户
become=True
become_method=sudo
become_user=root
become_ask_pass=False3. 编辑用户清单(用户和用户组)
vim /home/devops/ansible/inventory
[lb]
server1 STATE=MASTER VRID=5 PRIORITY=100
server4 STATE=BACKUP VRID=5 PRIORITY=50
[test]
server2
[prod]
server3
[webserver:children]
test
prod4. 编辑apache角色目录下的文件
(1)修改任务目录tasks中的main.yml文件,添加需要执行的动作
cd /home/devops/ansible/roles/apache/tasks
vim main.yml
---
- name: install httpd #安装软件
yum:
name: httpd
state: present
- name: copy index.html #默认发布文件的复制
copy:
content: "{
{ ansible_facts['hostname'] }}"
dest: /var/www/html/index.html
- name: configure httpd #配置文件的拷贝
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd and firewalld #开启服务
service:
name: "{
{ item }}"
state: started
loop:
- httpd
- firewalld
- name: configure firewalld #编辑防火墙,火墙中添加服务
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
(2)编辑触发器目录中的配置文件
vim handlers/main.yml
---
- name: restart httpd #遇到触发条件时重启httpd
service:
name: httpd
state: restarted
(3)复制apache配置文件到模板目录,并进行修改
cd /home/devops/ansible/roles/apache/templates
cp /etc/httpd/conf/httpd.conf .
mv httpd.conf httpd.conf.j2 #重命名(区分)
vim httpd.conf.j2
Listen {
{ http_host }}:{
{ http_port }} #主机名:端口(4)在角色目录vars中设置变量
vim vars/main.yml
---
http_host: "{
{ ansible_facts['default_ipv4']['address']}}"
http_port: 805. 编辑haproxy角色目录下的文件
(1)修改任务目录tasks中的main.yml文件,添加需要执行的动作
cd /home/devops/ansible/roles/haproxy
vim tasks/main.yml
---
- name: install haproxy #安装软件
yum:
name: haproxy
state: present
- name: configure haproxy #配置文件的拷贝
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
- name: start haproxy #开启服务
service:
name: haproxy
state: started(2)编辑触发器handlers目录中的配置文件
vim handlers/main.yml
---
- name: restart haproxy
service:
name: haproxy
state: restarted(3)下载haproxy软件,复制haproxy配置文件到模板目录,并进行修改
cd /home/devops/ansible/roles/haproxy/templates
cp /etc/haproxy/haproxy.cfg .
mv haproxy.cfg haproxy.cfg.j2
vim haproxy.cfg.j2
stats uri /status
default_backend app
backend app
balance roundrobin
{% for host in groups['webserver'] %}
server {
{ hostvars[host]['ansible_facts']['hostname'] }} {
{ hostvars[host]['ansible_facts']['eth0']['ipv4']['address'] }}:80 check
{% endfor %}6. 编辑keepalived角色目录下的文件
(1)修改任务目录tasks中的main.yml文件,添加需要执行的动作
cd /home/devops/ansible/roles/keepalived
vim tasks/main.yml
---
- name: install keepalived
yum:
name: keepalived
state: present
- name: configure keepalived
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: restart keepalived
- name: start keepalived
service:
name: keepalived
state: started(2)编辑触发器handlers目录中的配置文件
vim handlers/main.yml
---
- name: restart keepalived
service:
name: keepalived
state: restarted(3)下载keepalived软件,复制keepalived配置文件到模板目录,并进行修改
cd /home/devops/ansible/roles/keepalived/templates
cp /etc/keepalived/keepalived.conf .
mv keepalived.conf keepalived.conf.j2
vim keepalived.conf.j2
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {
{ STATE }}
interface eth0
virtual_router_id {
{ VRID }}
priority {
{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.5.100
}
}7. 编写主yml文件,用来推送
/home/devops/ansible
vim apache_keepalive.yml
---
- hosts: all
tasks:
- import_role:
name: apache
when: ansible_hostname in groups['webserver']
- import_role:
name: haproxy
when: ansible_hostname in groups['lb']
- import_role:
name: keepalived
when: ansible_hostname in groups['lb']8. 测试高可用和负载均衡
http://172.25.5.100
systemctl stop keepalived三、ansible自动化创建用户
方法一:
cd /home/devops/ansible
vim createuser.yml
---
- hosts: test
tasks:
- name: create user
user:
name: "{
{ item }}"
password: "{
{ 'westos' | password_hash('sha512') }}"
state: present
loop:
- { user: user1, pass: 123 }
- { user: user2, pass: 456 }
- { user: user3, pass: 789 }
ansible-playbook createuser.yml方法二:
cd /home/devops/ansible/
vim createuser.yml #创建用户列表文件
---
- hosts: test
vars_files:
- userlist.yml
tasks:
- name: create user
user:
name: "{
{ item.user }}"
password: "{
{ item.pass | password_hash('sha512') }}"
state: present
loop: "{
{ userlist }}"
vim userlist.yml
---
userlist:
- user: user1
pass: 123
- user: user2
pass: 456
- user: user3
pass: 789
ansible-playbook createuser.yml用户列表的加密及查看等命令
ansible-vault encrypt userlist.yml #加密文件
ansible-vault view userlist.yml #查看文件
ansible-vault edit userlist.yml #编辑该文件
ansible-playbook createuser.yml --ask-vault-pass #推送四、ansible自动创建分区及自动挂载目录
1. 编辑分区列表
cd /home/devops/ansible
vim storage_vars.yml
---
partitions:
- number: 1
start: 1MiB
end: 1GiB
- number: 2
start: 1GiB
end: 2GiB2. 编辑分区及自动挂载目录的my_disk.yml推送文件
---
- hosts: test
vars_files: #变量列表
- storage_vars.yml
tasks:
- name: Create a new primary partition #创建分区
parted:
device: /dev/sdb
number: "{
{ item.number }}"
part_start: "{
{ item.start }}"
part_end: "{
{ item.end }}"
state: present
loop: "{
{ partitions }}"
- name: create volume group #创建卷组
lvg:
vg: demo_vg
pvs: /dev/sdb1
- name: Create a logical volume #创建逻辑卷
lvol:
vg: demo_vg
lv: test
size: 100%VG
resizefs: true
force: yes
state: present
- name: Create a xfs filesystem #创建文件系统
filesystem:
fstype: xfs
dev: /dev/demo_vg/test
- name: mount lvs #自动挂载
mount:
path: /var/www/html
src: /dev/demo_vg/test
fstype: xfs
state: mounted
opts: noatime3. server1推送并在server2中进行查看实验结果
ansible-playbook.yml my_disk.yml
#server2中查看
fdisk -l #查看分区情况
df #查看自动挂载情况