实践项目-Ansible+Playbook自动化部署服务器上线

(241223)
环境

系统 ip 主机名 域名
debian12.8 192.168.100.6 ansible-main ansible-main.example.com
debian12.8 192.168.100.12 ansible-node1 ansible-node1.example.com
debian12.8 192.168.100.15 ansible-node2 ansible-node2.example.com
debian12.8 192.168.100.16 ansible-node3 ansible-node3.example.com

Ansible-2.9.13
Nginx-1.26.2
MySQL-8.0.40
Tomcat-10.1.34
Java-JDK11

基本配置

sudo apt-get update && apt-get upgrade
sudo apt-get install vim

/etc/hostname

ansible-main

/etc/network/interfaces

auto lo
iface lo inet loopback

auto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114

/etc/ssh/sshd_config

PermitRootLogin yes
PubkeyAuthentication no
ssh-keygen -t rsa -b 4096

main连通其他node

for i in main node1 node2 node3; do ssh-copy-id root@ansible-$i; done

安装Ansible

sudo apt update && apt upgrade
sudo apt -y install python3 python3-pip python3-dev libffi-dev gcc libssl-dev

wget https://releases.ansible.com/ansible/ansible-2.9.13.tar.gz
tar -zxvf ansible-2.9.13.tar.gz
cd ansible-2.9.13

python3 setup.py build
python3 setup.py install

任务结构

ansible_lnmt/
├── common/
│   ├── tasks/
│   │   └── main.yml
│   └── handlers/
│       └── main.yml
├── nginx/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── nginx.conf.j2
│   └── handlers/
│       └── main.yml
├── mysql/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── my.cnf.j2
│   └── handlers/
│       └── main.yml
├── tomcat/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── server.xml.j2
│   └── handlers/
│       └── main.yml
├── java/
│   ├── tasks/
│   │   └── main.yml
│   └── handlers/
│       └── main.yml

inventory

[all]
ansible-main ansible_host=192.168.100.6
ansible-node1 ansible_host=192.168.100.12
ansible-node2 ansible_host=192.168.100.15
ansible-node3 ansible_host=192.168.100.16

[all:vars]
ansible_user=root
ansible_ssh_private_key_file='SSH私钥路径'

执行脚本Playbook

ansible_lnmt.yml

---
- name: Deploy LNMT Environment
  hosts: all
  become: yes
  vars_files:
    - vars/main.yml

  roles:
    - common
    - java
    - mysql
    - tomcat
    - nginx

  handlers:
    - name: restart nginx
      service:
        name: nginx
        state: restarted

    - name: restart mysql
      service:
        name: mysql
        state: restarted

    - name: restart tomcat
      service:
        name: tomcat
        state: restarted

vars/main.yml

---
mysql_root_password: "mysql_root_password"
java_version: "11"
nginx_version: "1.26.2"
mysql_version: "8.0.40"
tomcat_version: "10.1.34"

roles/common/tasks/main.yml

---
- name: Update system packages
  apt:
    update_cache: yes
    upgrade: dist

- name: Disable swap
  command: swapoff -a
  notify: update fstab to disable swap

- name: Update /etc/fstab to disable swap
  lineinfile:
    path: /etc/fstab
    regexp: '^UUID=.*swap'
    state: absent

- name: Install required packages
  apt:
    name:
      - build-essential
      - libpcre3
      - libpcre3-dev
      - zlib1g
      - zlib1g-dev
      - libssl-dev
      - libaio1
      - libaio-dev
      - libncurses5-dev
      - libncursesw5-dev
      - libreadline-dev
      - libsqlite3-dev
      - libgdbm-dev
      - libdb5.3-dev
      - libbz2-dev
      - libexpat1-dev
      - liblzma-dev
      - tk-dev
      - libffi-dev
      - wget
      - curl
      - gnupg
      - software-properties-common
    state: present

- name: Stop and disable ufw
  service:
    name: ufw
    state: stopped
    enabled: no

roles/common/handlers/main.yml

---
- name: update fstab to disable swap
  command: sed -i '/swap/d' /etc/fstab

roles/java/tasks/main.yml

---
- name: Add Oracle Java PPA
  apt_repository:
    repo: ppa:linuxuprising/java
    state: present

- name: Install Oracle Java {{ java_version }}
  apt:
    name: oracle-java{{ java_version }}-installer
    state: present

- name: Set default Java version
  apt:
    name: oracle-java{{ java_version }}-set-default
    state: present

roles/mysql/tasks/main.yml

---
- name: Download MySQL {{ mysql_version }} source
  get_url:
    url: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-{{ mysql_version }}.tar.gz
    dest: /tmp/mysql-{{ mysql_version }}.tar.gz

- name: Extract MySQL source
  unarchive:
    src: /tmp/mysql-{{ mysql_version }}.tar.gz
    dest: /opt
    remote_src: yes

- name: Install MySQL build dependencies
  apt:
    name:
      - build-essential
      - cmake
      - libncurses5-dev
      - libssl-dev
      - libaio-dev
      - libaio1
      - libnuma-dev
      - libevent-dev
      - libjemalloc-dev
      - libtirpc-dev
      - libgflags-dev
      - liblz4-dev
      - libzstd-dev
      - liblzma-dev
      - bison
      - flex
    state: present

- name: Create MySQL build directory
  file:
    path: /opt/mysql-{{ mysql_version }}/build
    state: directory

- name: Configure MySQL
  command: >
    cmake ..
    -DCMAKE_INSTALL_PREFIX=/usr/local/mysql
    -DMYSQL_DATADIR=/usr/local/mysql/data
    -DSYSCONFDIR=/etc
    -DWITH_INNOBASE_STORAGE_ENGINE=1
    -DWITH_PARTITION_STORAGE_ENGINE=1
    -DWITH_FEDERATED_STORAGE_ENGINE=1
    -DWITH_BLACKHOLE_STORAGE_ENGINE=1
    -DWITH_MYISAM_STORAGE_ENGINE=1
    -DENABLED_LOCAL_INFILE=1
    -DENABLE_DTRACE=0
    -DDEFAULT_CHARSET=utf8mb4
    -DDEFAULT_COLLATION=utf8mb4_general_ci
    -DWITH_SSL=system
    -DWITH_ZLIB=system
    -DWITH_EMBEDDED_SERVER=1
    -DWITH_READLINE=1
    -DWITH_UNIT_TESTS=OFF
    -DINSTALL_LAYOUT=STANDALONE
    -DCMAKE_BUILD_TYPE=Release
  args:
    chdir: /opt/mysql-{{ mysql_version }}/build

- name: Compile and install MySQL
  command: >
    make -j$(nproc) && make install
  args:
    chdir: /opt/mysql-{{ mysql_version }}/build

- name: Create MySQL data directory
  file:
    path: /usr/local/mysql/data
    state: directory
    owner: mysql
    group: mysql

- name: Create MySQL user and group
  group:
    name: mysql
    state: present
  user:
    name: mysql
    shell: /bin/false
    home: /usr/local/mysql
    create_home: no
    system: yes

- name: Initialize MySQL data directory
  command: >
    /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data

- name: Copy MySQL configuration file
  template:
    src: my.cnf.j2
    dest: /etc/my.cnf
  notify: restart mysql

- name: Create systemd service file for MySQL
  template:
    src: mysql.service.j2
    dest: /etc/systemd/system/mysql.service

- name: Reload systemd daemon
  systemd:
    daemon_reload: yes

- name: Ensure MySQL is started and enabled
  service:
    name: mysql
    state: started
    enabled: yes

- name: Set MySQL root password
  command: >
    /usr/local/mysql/bin/mysqladmin -u root password '{{ mysql_root_password }}'

roles/mysql/templates/my.cnf.j2

[mysqld]
bind-address = 0.0.0.0
socket = /var/run/mysqld/mysqld.sock
datadir = /usr/local/mysql/data
log-error = /var/log/mysql/error.log
pid-file = /var/run/mysqld/mysqld.pid

[client]
socket = /var/run/mysqld/mysqld.sock

roles/mysql/templates/mysql.service.j2

[Unit]
Description=MySQL Server
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
PrivateTmp=true

[Install]
WantedBy=multi-user.target

roles/tomcat/tasks/main.yml

---
- name: Download Tomcat {{ tomcat_version }}
  get_url:
    url: https://downloads.apache.org/tomcat/tomcat-10/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz
    dest: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz

- name: Extract Tomcat
  unarchive:
    src: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz
    dest: /opt
    remote_src: yes

- name: Create Tomcat user
  user:
    name: tomcat
    shell: /bin/false
    home: /opt/apache-tomcat-{{ tomcat_version }}

- name: Change ownership of Tomcat directory
  file:
    path: /opt/apache-tomcat-{{ tomcat_version }}
    owner: tomcat
    group: tomcat
    recurse: yes

- name: Copy Tomcat configuration file
  template:
    src: server.xml.j2
    dest: /opt/apache-tomcat-{{ tomcat_version }}/conf/server.xml

- name: Create systemd service file for Tomcat
  template:
    src: tomcat.service.j2
    dest: /etc/systemd/system/tomcat.service

- name: Reload systemd daemon
  systemd:
    daemon_reload: yes

- name: Ensure Tomcat is started and enabled
  service:
    name: tomcat
    state: started
    enabled: yes

roles/tomcat/templates/server.xml.j2

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
      </Host>
    </Engine>
  </Service>
</Server>

roles/tomcat/templates/tomcat.service.j2

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-oracle
Environment=CATALINA_PID=/opt/apache-tomcat-{{ tomcat_version }}/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/apache-tomcat-{{ tomcat_version }}
Environment=CATALINA_BASE=/opt/apache-tomcat-{{ tomcat_version }}
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/apache-tomcat-{{ tomcat_version }}/bin/startup.sh
ExecStop=/opt/apache-tomcat-{{ tomcat_version }}/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

roles/nginx/tasks/main.yml

---
- name: Download Nginx {{ nginx_version }} source
  get_url:
    url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
    dest: /tmp/nginx-{{ nginx_version }}.tar.gz

- name: Extract Nginx source
  unarchive:
    src: /tmp/nginx-{{ nginx_version }}.tar.gz
    dest: /opt
    remote_src: yes

- name: Install Nginx dependencies
  apt:
    name:
      - libpcre3
      - libpcre3-dev
      - zlib1g
      - zlib1g-dev
      - libssl-dev
    state: present

- name: Configure Nginx
  command: cd /opt/nginx-{{ nginx_version }} && ./configure --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module

- name: Compile and install Nginx
  command: cd /opt/nginx-{{ nginx_version }} && make && make install

- name: Create Nginx user
  user:
    name: nginx
    shell: /bin/false
    home: /var/lib/nginx

- name: Change ownership of Nginx directories
  file:
    path: /usr/local/nginx
    owner: nginx
    group: nginx
    recurse: yes

- name: Copy Nginx configuration file
  template:
    src: nginx.conf.j2
    dest: /usr/local/nginx/conf/nginx.conf
  notify: restart nginx

- name: Create systemd service file for Nginx
  template:
    src: nginx.service.j2
    dest: /etc/systemd/system/nginx.service

- name: Reload systemd daemon
  systemd:
    daemon_reload: yes

- name: Ensure Nginx is started and enabled
  service:
    name: nginx
    state: started
    enabled: yes

roles/nginx/templates/nginx.conf.j2

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    upstream tomcat_servers {
        server 192.168.100.12:8080;
        server 192.168.100.15:8080;
        server 192.168.100.16:8080;
    }

    server {
        listen 80;
        server_name localhost;

        location / {
            proxy_pass http://tomcat_servers;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

roles/nginx/templates/nginx.service.j2

[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

check_deployment.yml

---
- name: Check LNMT Deployment
  hosts: all
  become: yes
  tasks:
    - name: Check Nginx service status
      service_facts:

    - name: Verify Nginx is running
      assert:
        that:
          - ansible_facts.services.nginx.state == 'running'

    - name: Check MySQL service status
      service_facts:

    - name: Verify MySQL is running
      assert:
        that:
          - ansible_facts.services.mysql.state == 'running'

    - name: Check Tomcat service status
      service_facts:

    - name: Verify Tomcat is running
      assert:
        that:
          - ansible_facts.services.tomcat.state == 'running'
ansible-playbook deploy_lnmt.yml
ansible-playbook check_deployment.yml
posted @ 2024-12-23 19:52  Mugetsukun  阅读(6)  评论(0编辑  收藏  举报