Ansible playbook實現apache批量部署,並對不同主機提供以各自IP地址為內容的index.html
阿新 • • 發佈:2021-12-23
1、基於key驗證免密授權
1.1 生成kekgen
# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:6XyhlugUDjs1ntsb4GCu0fPuwBCSEOhrPjU56RJ6xxE root@8-2 The key's randomart image is: +---[RSA 3072]----+ |+. | |o. | |+ . | | o .E . | | o *.= S . | | + %.O O o . | |+ [email protected] B . | |.+.+oB + o | | .+. o* o. | +----[SHA256]-----+
1.2 複製到遠端客戶端
# ssh-copy-id [email protected]
# ssh-copy-id [email protected]
# ssh-copy-id [email protected]
# ssh-copy-id [email protected]
# ssh-copy-id [email protected]
2、ansible伺服器配置
2.1 使用yum倉庫安裝
# yum -y install ansible
2.2 配置主機清單
# vi /etc/ansible/hosts [local] 10.0.0.7 ansible_connection=local #指定連線型別為本地,無需通過ssh連線 [webserver] 10.0.0.17 10.0.0.27 10.0.0.37 10.0.0.8 10.0.0.18
2.3 檢查服務端到遠端主機的健康性
# ansible all -m ping #顯示綠色表示健康 10.0.0.7 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.0.0.37 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.0.0.8 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.18 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.27 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.0.0.17 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" }
2.4 準備工作
# cd /apps/httpd
# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.51.tar.bz2 --no-check-certificate
# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.bz2 --no-check-certificate
# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.bz2 --no-check-certificate
# vi /apps/httpd/httpd.service
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
ExecStart=/apps/httpd/bin/apachectl start
ExecReload=/apps/httpd/bin/apachectl graceful
ExecStop=/apps/httpd/bin/apachectl stop
# We want systemd to give httpd some time to finish gracefully, but still want
# it to kill httpd after TimeoutStopSec if something went wrong during the
# graceful stop. Normally, Systemd sends SIGTERM signal right after the
# ExecStop, which would kill httpd. We are sending useless SIGCONT here to give
# httpd time to finish.
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now httpd.service
# ls #最終準備好四個檔案
apr-1.7.0.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.51.tar.bz2 httpd.service
2.5 準備playbook
# cat install_httpd.yml
---
# install httpd
# 需要將相關檔案放到如下目錄
# tree /apps/httpd/
# apps/httpd/
# ├── apr-1.7.0.tar.bz2
# ├── apr-util-1.6.1.tar.bz2
# ├── httpd-2.4.51.tar.bz2
# └── httpd.service
- hosts: webserver
remote_user: root
gather_facts: no
vars:
data_dir: /usr/local/src
base_dir : /apps/httpd
install_dir: /apps/httpd
httpd_version: httpd-2.4.51
apr_version: apr-1.7.0
apr_util_version: apr-util-1.6.1
httpd_url: https://mirrors.tuna.tsinghua.edu.cn/apache/httpd
apr_url: https://mirrors.tuna.tsinghua.edu.cn/apache/apr
tasks :
- name : install packages
yum : name=gcc,make,pcre-devel,openssl-devel,expat-devel,bzip2 state=installed
- name : download httpd file
unarchive :
src: "{{ base_dir }}/{{ httpd_version }}.tar.bz2"
dest: "{{ data_dir }}"
owner: root
copy: yes
- name : download apr file
unarchive :
src: "{{ base_dir }}/{{ apr_version }}.tar.bz2"
dest: "{{ data_dir }}"
owner: root
copy: yes
- name : download apr_util file
unarchive :
src: "{{ base_dir }}/{{ apr_util_version }}.tar.bz2"
dest: "{{ data_dir }}"
owner: root
copy: yes
- name : prepare apr dir
shell: mv {{ apr_version }} {{ httpd_version }}/srclib/apr
args:
chdir: "{{ data_dir }}"
- name : prepare apr_util dir
shell : mv {{ apr_util_version }} {{ httpd_version }}/srclib/apr-util
args:
chdir: "{{ data_dir }}"
- name : build httpd
shell : ./configure --prefix={{ install_dir }} --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-enablempms-shared=all --with-mpm=prefork && make -j && make install
args:
chdir: "{{ data_dir }}/{{ httpd_version }}"
- name : create group
group : name=apache gid=80 system=yes
- name : create user
user : name=apache uid=80 group=apache shell=/sbin/nologin system=yes create_home=no home={{ install_dir }}/conf/httpd
- name : set httpd user
lineinfile : path={{ install_dir }}/conf/httpd.conf regexp='^User' line='User apache'
- name : set httpd group
lineinfile : path={{ install_dir }}/conf/httpd.conf regexp='^Group' line='Group apache'
- name : set variable PATH
shell : echo PATH={{ install_dir }}/bin:$PATH >> /etc/profile.d/httpd.sh
- name : copy service file to remote
copy:
src: "{{ base_dir }}/httpd.service"
dest: /usr/lib/systemd/system/httpd.service
- name : start service
service : name=httpd state=started enabled=yes
2.6 批量安裝
# ansible-playbook install_httpd.yml
PLAY [webserver] ****************************************************************************************************************************************************************************
TASK [install packages] *********************************************************************************************************************************************************************
changed: [10.0.0.8]
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.27]
changed: [10.0.0.18]
TASK [download httpd file] ******************************************************************************************************************************************************************
changed: [10.0.0.17]
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [download apr file] ********************************************************************************************************************************************************************
changed: [10.0.0.17]
changed: [10.0.0.37]
changed: [10.0.0.27]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [download apr_util file] ***************************************************************************************************************************************************************
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.27]
changed: [10.0.0.8]
changed: [10.0.0.18]
TASK [prepare apr dir] **********************************************************************************************************************************************************************
changed: [10.0.0.37]
changed: [10.0.0.27]
changed: [10.0.0.17]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [prepare apr_util dir] *****************************************************************************************************************************************************************
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [build httpd] **************************************************************************************************************************************************************************
changed: [10.0.0.17]
changed: [10.0.0.37]
changed: [10.0.0.27]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [create group] *************************************************************************************************************************************************************************
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [create user] **************************************************************************************************************************************************************************
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.8]
changed: [10.0.0.18]
TASK [set httpd user] ***********************************************************************************************************************************************************************
changed: [10.0.0.27]
changed: [10.0.0.17]
changed: [10.0.0.37]
changed: [10.0.0.8]
changed: [10.0.0.18]
TASK [set httpd group] **********************************************************************************************************************************************************************
changed: [10.0.0.37]
changed: [10.0.0.27]
changed: [10.0.0.17]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [set variable PATH] ********************************************************************************************************************************************************************
changed: [10.0.0.17]
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [copy service file to remote] **********************************************************************************************************************************************************
changed: [10.0.0.27]
changed: [10.0.0.37]
changed: [10.0.0.17]
changed: [10.0.0.18]
changed: [10.0.0.8]
TASK [start service] ************************************************************************************************************************************************************************
changed: [10.0.0.17]
changed: [10.0.0.8]
changed: [10.0.0.18]
changed: [10.0.0.37]
changed: [10.0.0.27]
PLAY RECAP **********************************************************************************************************************************************************************************
10.0.0.17 : ok=14 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.0.0.18 : ok=14 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.0.0.27 : ok=14 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.0.0.37 : ok=14 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.0.0.8 : ok=14 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.7 測試
# curl 10.0.0.17
<html><body><h1>It works!</h1></body></html>
# curl 10.0.0.27
<html><body><h1>It works!</h1></body></html>
# curl 10.0.0.37
<html><body><h1>It works!</h1></body></html>
# curl 10.0.0.8
<html><body><h1>It works!</h1></body></html>
# curl 10.0.0.18
<html><body><h1>It works!</h1></body></html>
# 測試完成,批量安裝成功