@ansible剧本(一键部署lnmp项目)
文章目录
ansible剧本(一键部署lnmp项目)
ansible—hosts(ip+密码)
[backup]
172.16.1.41 ansible_ssh_pass=‘1’
[nfs]
172.16.1.31 ansible_ssh_pass=‘1’
[web]
172.16.1.7 ansible_ssh_pass=‘1’
172.16.1.8 ansible_ssh_pass=‘1’
172.16.1.9 ansible_ssh_pass=‘1’
[db]
172.16.1.51 ansible_ssh_pass=‘1’
[lb]
172.16.1.5 ansible_ssh_pass=‘1’
172.16.1.6 ansible_ssh_pass=‘1’
[prometheus]
172.16.1.71 ansible_ssh_pass=‘1’
基于秘钥(生成------>传输)
(生成)ssh-keygen
(传输)for i in 5 6 7 8 9 31 41 51 71;do sshpass -p1 ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.$i -o StrictHostKeyChecking=no;done
一、backup
#################ansible部署backup剧本编写:
---
- hosts: backup
remote_user: root
roles:
- backup
1)#安装rsync
- name: Install Rsyncd Server
yum:
name: rsync
state: present
2)#创建用户组
- name: Create www Group
group:
name: www
gid: 1000
#创建/用户
- name: Create www User
user:
name: www
group: www
uid: 1000
create_home: false
shell: /sbin/nologin
3)#rsync配置文件推送
- name: Rsync Config
template:
src: rsyncd.conf.j2
dest: /etc/rsynd.conf
owner: root
4)#推送密码文件
- name: Create Passwd File
template:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
owner: root
mode: 600
#推送配置文件
- name: Create conf File
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
owner: root
mode: 600
#配置文件授权
- name: chown rsync.passwd
shell: chmod 600 /etc/rsync.passwd
- name: chown rsyncd.conf
shell: chmod 600 /etc/rsyncd.conf
5)#创建backup目录
- name: Create backup Directory
file:
path: /backup
mode: 0755
owner: www
group: www
state: directory
recurse: yes
- name: Create bac_database Directory
file:
path: /backup/database
mode: 0755
owner: www
group: www
state: directory
recurse: yes
- name: Create bac_web Directory
file:
path: /backup/web
mode: 0755
owner: www
group: www
state: directory
recurse: yes
6)#启动rsync服务
- name: Start Rsyncd Server
systemd:
name: rsyncd
state: started
二、nfs
#################ansible部署nfs剧本编写:
- hosts: nfs
remote_user: root
roles:
- nfs
1)#安装nfs
- name: install nfs-utils
yum:
name: nfs-utils
state: present
#安装nfs
- name: install rpcbind
yum:
name: rpcbind
state: present
2)#创建用户
- name: Create www User
user:
name: www
uid: 1000
create_home: false
shell: /sbin/nologin
#推送配置文件
- name: create nfs conf_file
template:
src: exrorts.j2
dest: /etc/exports
owner: root
3)#推送密码文件
- name: create rsync passwd_file
template:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
#owner: www
#mode: 600
#notify: restart rsyncd
#授权密码文件
- name: chmod rsync.passwd
shell: chmod 600 /etc/rsync.passwd
- name: chown rsync.passwd
shell: chown root.root /etc/rsync.passwd
#创建挂载目录并授权
- name: Create nfs Directory
file:
path: /nfs
state: directory
owner: www
group: www
#mode: 755
recurse: yes
4)#创建web目录
- name: Create nfs_web Directory
file:
path: /nfs/web
state: directory
owner: www
group: www
# mode: 755
recurse: yes
#创建conf目录
- name: Create nfs_conf Directory
file:
path: /nfs/conf
state: directory
owner: www
group: www
# mode: 755
recurse: yes
#常见database目录
- name: Create nfs_database Directory
file:
path: /nfs/database
state: directory
owner: www
group: www
#mode: 755
recurse: yes
#创建download目录
- name: Create nfs_download Directory
file:
path: /nfs/download
state: directory
owner: www
group: www
# mode: 755
recurse: yes
#清除web目录残留文件
- name: rm web file
shell: rm -rf /nfs/web/*
#指定解压项目文件
- name: scp test_file
unarchive:
remote_src: no
src: /hzl/hzl/test.zip
dest: /nfs/web/
# wner: www
# mode: 755
#更改项目文件权限
- name: chown
shell: chown -R www.www /nfs/
5)#启动nfs-server
- name: Start NFS Server
systemd:
name: nfs-server
state: started
enabled: yes
6)#推送解压指定的目录
- name: scp sersync file
unarchive:
src: sersync2.5.4_64bit_binary_stable_final.tar.gz #使用软件包
dest: /usr/local/
#推送sersync模板文件
- name: create sersync file
template:
src: confxml.xml.j2
dest: /usr/local/GNU-Linux-x86/confxml.xml
#force: yes
#启动sersync守护进程
- name: start sersync
shell: /usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml
三、web
#####################ansible部署web剧本编写:
- hosts: web
remote_user: root
roles:
- web
1)#yum安装epel源
- name: yum install epel
yum:
name: epel-release
state: present
- name: yum repolist
shell: yum repolist
#推送安装包
- name: scp php_rpm file
unarchive:
remote_src: no
src: php.tar.gz #安装php软件压缩包
dest: /opt
owner: root
#php源推送
- name: scp php.repo file
copy:
src: php.repo #配置php的yum源
dest: /etc/yum.repos.d/
owner: root
force: yes
#刷新repo源
- name: yum makecache
shell: yum makecache
2)#安装nfs及rpcbind
- name: install nfs-utils
yum:
name: nfs-utils
state: present
state: present
- name: install rpcbind
yum:
name: rpcbind
state: present
#启动nfs-server
- name: Start nfs Server
shell: systemctl restart nfs rpcbind
# - name: Start rpcbind Server
# systemd:
# name: rpcbind
# state: started
# enabled: yes
#安装nginx
- name: install nginx
yum:
name: nginx
state: present
#安装php
- name: install php
shell: yum -y install php71w php71w-cli php71w-common php71w-devel php71w-embedded php71w-gd php71w-mcrypt php71w-mbstring php71w-pdo php71wxml php71w-fpm php71w-mysqlnd php71w-opcache php71w-pecl-memcached php71wpecl-redis php71w-pecl-mongodb
#本地安装php
- name: install php-fpm
shell: yum localinstall -y /opt/*rpm #使用本地软件包安装php
3)#创建用户组
- name: create www group
group:
name: www
gid: 1000
#创建用户
- name: create www user
user:
name: www
uid: 1000
group: www
4)#创建挂载目录
- name: Create code Directory
file:
path: /code
state: directory
owner: www
group: www
# mode: 755
recurse: yes
#使用nfs挂载web
- name: Mount NFS Server
mount:
path: /code
src: 172.16.1.31:/nfs/web
fstype: nfs
opts: defaults
state: mounted
#使用nfs挂载conf
- name: Mount conf_file NFS Server
mount:
path: /etc/nginx/conf.d/
src: 172.16.1.31:/nfs/conf
fstype: nfs
opts: defaults
state: mounted
5)#nginx配置文件推送
- name: scp nginx_conf file
template:
remote_src: no
src: ./nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: root
#推送配置文件
- name: scp hzl_conf file
copy:
src: hzl.conf
dest: /etc/nginx/conf.d/hzl.conf
owner: www
force: yes
#php配置文件推送
- name: scp php_conf file
copy:
src: /hzl/hzl/www.conf
dest: /etc/php-fpm.d/www.conf
owner: root
force: yes
6)#启动nginx
- name: Start nginx Server
service:
name: nginx
state: started
enabled: yes
#启动php-server
- name: Start php Server
service:
name: php-fpm.service
state: started
enabled: yes
四、mariadb(数据库)
#####################ansible部署mariadb剧本编写:
- hosts: db
remote_user: root
roles:
- db
1)#安装epel源
- name: install epel repo
shell: yum install -y epel-release
#使用URL安装epel
# shell: yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpmll
2)#安装redis
- name: install redis
yum:
name: redis
state: present
#安装mariadb
- name: install mariadb
yum:
name: mariadb,mariadb-server
state: present
#安装nfs
- name: install nfs
yum:
name: nfs-utils,rpcbind
state: present
#安装rpcbind
- name: install rpcbind
yum:
name: nfs-utils,rpcbind
state: present
#启动nfs与rpcbind
- name: start nfs server
service:
name: nfs
state: started
enabled: yes
#启动nfs与rpcbind
- name: start rpcbind server
service:
name: rpcbind.service
state: started
enabled: yes
3)#用户创建
- name: Create vhost User
user:
name: mysql
group: mysql
shell: /sbin/nologin
system: yes
4)#启动redis服务
- name: Start redis Service
service:
name: redis
state: started
#启动mariadb服务
- name: Start mariadb Server
service:
name: mariadb
state: started
enabled: yes
5)#数据库登录
- name: create mysql_admind user
shell: mysqladmin -uroot password '888' #新安装的数据库首次登录
#创建数据库管理用户并授权
- name: create database user
shell: mysql -uhzl -p888 -e "grant all on *.* to hzl@'%' identified by '888';"
# shell: mysql -uroot -p123 -e "grant all privileges on *.* to 'hzl'@'%' identified by '888' with grant option;"
#刷新用户权限
- name:
shell: mysql -uhzl -p888 -e "flush privileges;"
#数据库库创建
- name:
shell: mysql -uhzl -p888 -e "create database word;"
五、lb&keepalived(负载均衡)
###########################ansible部署slb剧本编写:
- hosts: lb
remote_user: root
roles:
- lb
1)#安装nginx
- name: install nginx
yum:
name: nginx
state: present
#安装keepalived
- name: install keepalived
yum:
name: keepalived
state: present
2)#创建用户组
- name: create www group
group:
name: www
gid: 1000
#创建用户
- name: create www user
user:
name: www
uid: 1000
group: www
3)#nginx配置文件推送
- name: scp nginx Config
template:
src: ./nginx.conf.j2
dest: /etc/nginx/nginx.conf
owner: www
- name: scp nginx Config
template:
src: ./hzl.conf.j2
dest: /etc/nginx/conf.d/hzl.conf
owner: www
#推送keepalived配置文件
- name: scp 01keepalived conf_file
template:
src: ./keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
- name: scp track_script
template:
src: ./check_web.sh.j2
dest: /etc/keepalived/check_web.sh
#加入定时任务
- name: create crontab
cron:
minute: '*'
job: /etc/keepalived/
name: check_web.sh
disabled: yes
4)#启动nginx
- name: Start nginx Server
service:
name: nginx
state: started
enabled: yes
#启动keepalived
- name: start keepalived
service:
name: keepalived.service
state: started
enabled: yes
六、prometheus
#prometheus链接地址https://download.csdn.net/download/weixin_55972781/19515183
#########################ansible部署prometheus剧本编写:
- hosts: prometheus
remote_user: root
roles:
- prometheus
1)#下载ntpdate
- name: ntpdate
yum:
name: ntpdate
state: present
#同步time
- name: ntpdate time
shell: ntpdate ntp.aliyun.com
2)#上传prometheus
- name: prometheus
unarchive:
src: /hzl/hzl/prometheus-2.25.0.linux-amd64.tar.gz
dest: /usr/local/
#建立软连接
- name: ln
shell: ln -s /usr/local/prometheus-2.25.0.linux-amd64 /usr/local/prometheus
3)#创建系统system启动项目
- name: create system
template:
src: prometheus.service
dest: /etc/systemd/system
#system文件编写
[root@m01 /]# cat >> /etc/systemd/system/prometheus.service <<EOF
[Unit]
Description=Prometheus Monitoring System
Documentation=Prometheus Monitoring System
[Service]
ExecStart=/usr/local/prometheus/prometheus \
--config.file=/usr/local/prometheus/prometheus.yml \
--web.listen-address=:9090
[Install]
WantedBy=multi-user.target
EOF
#修改prometheus配置文件
- name: scp conf file
template:
src: prometheus.yml
dest: /usr/local/prometheus
#重载系统文件
- name: daemon
service:
daemon_reload: yes
4)#启动prometheus服务
- name: restart
service:
name: prometheus
state: started
enabled: yes
5)#上传grafana
- name: scp grafana
copy:
src: /hzl/hzl/grafana-7.3.6-1.x86_64.rpm
dest: /opt/
#安装grafana
- name: install grafana
yum:
name: /opt/grafana-7.3.6-1.x86_64.rpm
#启动grafana
- name: start grafana-server
service:
name: grafana-server
state: started
enabled: yes
七、prometheus(web)
#####################ansible部署prometheus_web剧本编写:
- hosts: web
remote_user: root
roles:
- prometheus_web
1)#下载ntpdate
- name: install ntpdate
yum:
name: ntpdate
state: present
#同步time
- name: ntpdate time
shell: ntpdate ntp.aliyun.com
2)#使用node_exproter插件包
- name: scp node_exporter.tar.gz
unarchive :
src: node_exporter.tar.gz
dest: /usr/local/
#添加系统system启动项
- name: scp node-exporter.service
copy:
src: node-exporter.service
dest: /etc/systemd/system/
#启动node_exproter插件
- name: start node-exporter.service
service:
name: node-exporter.service
state: started
八、prometheus(database)
#####################ansible部署prometheus_db剧本编写:
- hosts: db
remote_user: root
roles:
- prometheus_db
1)#下载ntpdate
- name: install ntpdate
yum:
name: ntpdate
state: present
#同步time
- name: ntpdate time
shell: ntpdate ntp.aliyun.com
2)#上传mysqld_exproter插件包
- name: scp mysqld_exporter.tar.gz
unarchive :
src: mysqld_exporter.tar.gz
dest: /usr/local/
3)#添加系统system启动项
- name: scp mysqld_exporter.service
copy:
src: mysqld_exporter.service
dest: /etc/systemd/system/
#配置文件
[root@m01 files]# cat > mysqld_exporter.service << EOF
[Unit]
Description=Prometheus
[Service]
ExecStart=/usr/local/mysqld_exporter/mysqld_exporter \
--config.my-cnf=/usr/local/mysqld_exporter/.my.cnf \
--web.listen-address=:9104
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
4)#mysqld.exproter配置文件修改
- name: scp conf file
copy:
src: .my.cnf
dest: /usr/local/mysqld_exporter/
#添加mysqld.exproter配置文件
[root@m01 files]# cat .my.cnf
[client]
host=172.16.1.51
user=hzl #与database创建的用户及密码一致(获得所有权限)
password=888
5)#启动mysqld_exproter
- name: start mysqld_exporter.service
service:
name: mysqld_exporter.service
state: started
本文来自博客园,作者:ଲ一笑奈&何,转载请注明原文链接:https://www.cnblogs.com/zeny/p/15121534.html
