龙空技术网

Ansible-运维自动化利器

删库跑路吧 4961

前言:

如今我们对“php主控”都比较着重,我们都想要剖析一些“php主控”的相关内容。那么小编也在网上网罗了一些对于“php主控””的相关文章,希望咱们能喜欢,你们快快来了解一下吧!

技能目标:

· 了解什么是Ansible

· 学会如何使用Ansible部署Docker应用

· 学会如何使用Ansible部署Zabbix

5.1 案例分析

5.1.1案例概述

目前市场上有许多的运维自动化工具( 配置管理 ),例如:Ansible、SaltStack、Puppet、Fabric 等。其中,Ansible一种集成 IT 系统的配置管理、应用部署、执行特定任务的开源平台,是 AnsibleWorks 公司名下的项目,该公司由 Cobbler 及 Func 的作者于 2012 年创建成立。

Ansible 基于 Python 语言实现,由 Paramiko 和 PyYAML 两个关键模块构建,具备如下特点:

· 部署简单,只需在主控端部署 Ansible 环境,被控端无需做任何操作。

· 默认使用 SSH(Secure Shell)协议对设备进行管理。

· 主从集中化管理。

· 配置简单、功能强大、扩展性强。

· 支持 API 及自定义模块,可通过 Python 轻松扩展。

· 通过 Playbooks 来定制强大的配置、状态管理。

· 对云计算平台、大数据都有很好的支持。

· 提供一个功能强大、操作性强的 Web 管理界面和 REST API 接口 ---- AWX 平台。

本案例将展示如何使用Ansible部署一台Apache + MySQL服务器,以及如何使用Ansible部署Zabbix服务端及Zabbix客户端。

5.1.2案例前置知识点

1. Ansible主要组成部分功能说明

· PLAYBOOKS:任务剧本(任务集),编排定义Ansible任务集的配置文件,由Ansible顺序依次执行,通常是JSON格式的YML文件

· INVENTORY:Ansible管理主机的清单/etc/anaible/hosts

· MODULES:Ansible执行命令的功能模块,多数为内置的核心模块,也可自定义,ansible-doc –l 可查看模块

· PLUGINS:模块功能的补充,如连接类型插件、循环插件、变量插件、过滤插件等,该功能不常用

· API:供第三方程序调用的应用程序编程接口

· ANSIBLE:组合INVENTORY、 API、 MODULES、PLUGINS的绿框,可以理解为是ansible命令工具,其为核心执行工具

2. 注意事项

· 执行ansible的主机一般称为主控端,中控,master或堡垒机

· 主控端Python版本需要2.6或以上

· 被控端Python版本小于2.4需要安装python-simplejson

· 被控端如开启SELinux需要安装libselinux-python

· windows不能做为主控端

5.1.2案例环境

1. 本案例实验环境

本案例中环境如表5-1所示。

表5-1 创建并管理Ansible部署Docker网络案例环境

创建并管理本实验网络,具体的拓扑如图5.1所示。

图5.1 实验网络拓扑

2. 案例需求

· 安装Ansible及其依赖

· 编写Playbook

· 实施部署

· 结果验证

3. 案例实现思路

· 安

5.2 案例实施

5.2.1 主机配置

1. 环境初始化

· 推荐安装 CentOS 7.3 及以上版本 Linux 操作系统。

· 配置 root 用户免密码 ssh 登录到受控主机。

[root@bogon ~]# hostnamectl set-hostname master

[root@bogon ~]# bash

[root@master ~]# systemctl stop firewalld

[root@master ~]# systemctl disable firewalld

[root@master ~]# getenforce

Disabled

[root@master ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

08:c9:5b:df:13:51:04:3d:f8:24:43:1b:c8:e8:02:54 root@master

The key's randomart image is:

+--[ RSA 2048]----+

| ...E o o=*o |

| .. .. o +++ |

| .+.. o= . |

| .+.o . .. |

| ... S o |

| . |

| |

| |

| |

+-----------------+

[root@master ~]# ssh-copy-id root@192.168.9.168

[root@bogon ~]# hostnamectl set-hostname client

[root@bogon ~]# bash

[root@client ~]# systemctl stop firewalld

[root@client ~]# systemctl disable firewalld

[root@client ~]# getenforce

Disabled

2. 安装Ansible及其依赖

[root@master ~]# rpm -Uvh

[root@master ~]# yum install -y ansible

5.2.2 Ansible部署Docker

建立roles目录

首先创建一个ansible目录,之后所有操作均在此目录下进行。

[root@master ~]# mkdir ansible

[root@master ~]# cd ansible

[root@master ansible]# ansible-galaxy init --init-path roles common

- common was created successfully

[root@master ansible]# ansible-galaxy init --init-path roles webserver

- webserver was created successfully

[root@master ansible]# ansible-galaxy init --init-path roles dbserver

- dbserver was created successfully

创建production文件,内容为hosts和groups信息。

[root@master ansible]# vim production

[webservers]

192.168.9.168

[dbservers]

192.168.9.168

建common role任务,主要包含基础环境设置

[root@master ansible]# vim roles/common/tasks/main.yml

---

# tasks file for common

- name: add epel repository

yum_repository:

name: epel

description: EPEL YUM repo

baseurl:

gpgcheck: no

tags: epel

- name: add docker-ce repository

yum_repository:

name: docker-ce

description: docker-ce YUM repo

baseurl:

gpgcheck: no

tags: docker

- name: make sure ntp is installed

yum: pkg=ntp state=installed

tags: ntp

- name: make sure docker-ce is installed

yum: pkg=docker-ce state=installed

tags: docker

- name: make sure python-pip is installed

yum: pkg=python-pip state=installed

tags: pip

- name: make sure ntp is configured

template: src=ntp.conf.j2 dest=/etc/ntp.conf

notify:

- restart ntpd

tags: ntp

- name: make sure ntpd is running and enabled

service: name=ntpd state=started enabled=yes

tags: ntp

- name: make sure firewalld is stopped and disabled

service: name=firewalld state=stopped enabled=no

tags: firewalld

- name: make sure docker-py is installed

pip:

name: docker-py

- name: make sure docker is installed

yum: pkg=docker-ce state=installed

tags: docker

- name: make sure docker is running and enabled

service: name=docker state=started enabled=yes

tags: docker

[root@master ansible]# vim roles/common/handlers/main.yml

---

# handlers file for common

- name: restart ntpd

service: name=ntpd state=restarted

[root@master ansible]# mkdir group_vars

[root@master ansible]# vim group_vars/all

ntpserver: cn.ntp.org.cn

[root@master ansible]# vim roles/common/templates/ntp.conf.j2

driftfile /var/lib/ntp/drift

pidfile /var/run/ntpd.pid

logfile /var/log/ntp.log

# Access Control Support

restrict default ignore

restrict -6 default ignore

restrict 127.0.0.1

server {{ ntpserver }}

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

创建webserver role任务,主要包含httpd容器的启动

[root@master ansible]# vim roles/webserver/tasks/main.yml

---

# tasks file for webserver

- name: create httpd container

docker_container:

name: apache

image: httpd

state: started

restart: yes

ports:

- "80:80"

tags: httpd

创建dbserverrole任务,主要包含mysql容器的启动

[root@master ansible]# vim roles/dbserver/tasks/main.yml

[root@master ansible]# /root/ansible/roles/dbserver/tasks/main.yml

---

# tasks file for dbserver

- name: create mysql container

docker_container:

name: mysql

image: mysql

state: started

restart: yes

ports:

- "3306:3306"

env:

MYSQL_ROOT_PASSWORD: mysql@135

tags: mysql

创建webservers.yml

[root@master ansible]# vim webservers.yml

---

- hosts: webservers

roles:

- common

- webserver

创建dbservers.yml

[root@master ansible]# vim dbservers.yml

---

- hosts: dbservers

roles:

- common

- dbserver

创建site.yml

[root@master ansible]# vim site.yml

---

- import_playbook: webservers.yml

- import_playbook: dbservers.yml

运行部署命令

[root@master ansible]# ansible-playbook site.yml -i production

。。。。。。 //省略部分内容

TASK [dbserver : create mysql container] ****************************************************

changed: [192.168.9.168]

PLAY RECAP **********************************************************************************

192.168.9.168 : ok=27 changed=10 unreachable=0 failed=0

验证结果

登录受控主机,执行"docker ps"命令,查看docker容器是否运行。

[root@client ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

39ef95a4e3f4 mysql "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 0.0.0.0:3306->3306/tcp, 33060/tcp mysql

b22c957feb4c httpd "httpd-foreground" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp apache

5.2.3 Ansible部署Zabbix

建立roles目录

首先创建一个ansible目录,之后所有操作均在此目录下进行。

[root@master ansible]# mkdir zabbix

[root@master ansible]# cd zabbix/

[root@master zabbix]# ansible-galaxy init --init-path roles common

- common was created successfully

[root@master zabbix]# ansible-galaxy init --init-path roles zbxserver

- zbxserver was created successfully

[root@master zabbix]# ansible-galaxy init --init-path roles zbxagent

- zbxagent was created successfully

创建production文件,内容为hosts和groups信息

[root@master zabbix]# vim production-zabbix

[zbxservers]

192.168.9.168

[zbxagents]

192.168.9.168

创建common role任务,主要包含基础环境设置

[root@master zabbix]# vim roles/common/tasks/main.yml

---

# tasks file for common

- name: add epel repository

yum_repository:

name: epel

description: EPEL YUM repo

baseurl:

gpgcheck: no

tags: epel

- name: add zabbix repository

yum_repository:

name: zabbix

description: Zabbix YUM repo

baseurl:

gpgcheck: no

tags: zabbix

- name: add non-support zabbix repository

yum_repository:

name: zabbix-non-supported

description: Zabbix-non-supported YUM repo

baseurl:

gpgcheck: no

tags: zabbix

- name: make sure ntp is installed

yum: pkg=ntp state=installed

tags: ntp

- name: make sure python-pip is installed

yum: pkg=python-pip state=installed

tags: pip

- name: make sure ntp is configured

template: src=ntp.conf.j2 dest=/etc/ntp.conf

notify:

- restart ntpd

tags: ntp

- name: make sure ntpd is running and enabled

service: name=ntpd state=started enabled=yes

tags: ntp

- name: make sure firewalld is stopped and disabled

service: name=firewalld state=stopped enabled=no

tags: firewalld

[root@master zabbix]# vim roles/common/handlers/main.yml

---

# handlers file for common

- name: restart ntpd

service: name=ntpd state=restarted

[root@master zabbix]# mkdir group_vars

[root@master zabbix]# vim group_vars/all

ntpserver: cn.ntp.org.cn

[root@master zabbix]# vim roles/common/templates/ntp.conf.j2

driftfile /var/lib/ntp/drift

pidfile /var/run/ntpd.pid

logfile /var/log/ntp.log

# Access Control Support

restrict default ignore

restrict -6 default ignore

restrict 127.0.0.1

server {{ ntpserver }}

includefile /etc/ntp/crypto/pw

keys /etc/ntp/keys

创建zbxserver role任务,主要包含httpd、php、mariadb-server、zabbix-server和zabbix-web的安装、配置及启动操作

[root@master zabbix]# vim roles/zbxserver/tasks/main.yml

---

# tasks file for zbxserver

- name: make sure httpd/php/mariadb-server/zabbix-server/zabbix-web are installed

yum: pkg={{ item }} state=installed

with_items:

- httpd

- php

- mariadb-server

- zabbix-server-mysql

- zabbix-web-mysql

- name: make sure php is configured

template: src=php.ini.j2 dest=/etc/php.ini

- name: make sure zabbix-server is configured

template: src=zabbix_server.conf.j2 dest=/etc/zabbix/zabbix_server.conf

- name: make sure httpd & mariadb & zabbix-server are running and enabled

service: name={{ item }} state=started enabled=yes

with_items:

- httpd

- mariadb

- zabbix-server

在主控端手动安装php,然后拷贝现有/etc/php.ini文件至roles/zbxserver/templates/php.ini.j2,并修改以下配置项

[root@master zabbix]# yum install -y php

[root@master zabbix]# cp /etc/php.ini roles/zbxserver/templates/php.ini.j2

[root@master zabbix]# vim roles/zbxserver/templates/php.ini.j2

post_max_size = 16M

max_execution_time = 300

max_input_time = 300

memory_limit = 128M

upload_max_filesize = 2M

date.timezone = Asia/Shanghai

在主控端手动安装zabbix-server,然后拷贝现有/etc/zabbix/zabbix_server.conf文件至roles/zbxserver/templates/zabbix_server.conf.j2,并修改以下配置项

[root@master zabbix]# rpm -Uvh

[root@master zabbix]# yum install -y zabbix-server

[root@master zabbix]# cp /etc/zabbix/zabbix_server.conf roles/zbxserver/templates/zabbix_server.conf.j2

[root@master zabbix]# vim roles/zbxserver/templates/zabbix_server.conf.j2

DBHost=localhost

DBName=zabbix

DBUser=zabbix

DBPassword=123.com

创建zbxagent role任务,主要包含zabbix-agent的安装、配置及启动操作

[root@master zabbix]# vim roles/zbxagent/tasks/main.yml

---

# tasks file for zbxagent

- name: make sure zabbix-agent is installed

yum: pkg=zabbix-agent state=installed

- name: make sure zabbix-agent is configured

template: src=zabbix_agent.conf.j2 dest=/etc/za bbix/zabbix_agent.conf

- name: make sure zabbix-agent is running and enabled

service: name=zabbix-agent state=started enabled=yes

在主控端手动安装zabbix-agent,然后拷贝现有/etc/zabbix/zabbix_agentd.conf文件至roles/zbxagent/templates/zabbix_agentd.conf.j2,并修改以下配置项

[root@master zabbix]# yum install -y zabbix-agent

[root@master zabbix]# cp /etc/zabbix/zabbix_agentd.conf roles/zbxagent/templates/zabbix_agentd.conf.j2

[root@master zabbix]# vim roles/zbxagent/templates/zabbix_agent.conf.j2

Server=192.168.9.168

ServerActive=192.168.9.168

Hostname=Zabbix server #Agent本地的名称,此名称需要与将来在server端的WEB页面上的主机名称一致,名称自定义

创建zbxservers.yml

[root@master zabbix]# vim zbxservers.yml

---

- hosts: zbxservers

roles:

- common

- zbxserver

创建zbxagents.yml

[root@master zabbix]# vim zbxagents.yml

---

- hosts: zbxagents

roles:

- common

- zbxagent

创建site.yml

[root@master zabbix]# vim site.yml

---

- import_playbook: zbxservers.yml

- import_playbook: zbxagents.yml

运行部署命令

[root@master zabbix]# ansible-playbook site.yml -i production-zabbix

登录受控主机完成数据库设置

[root@client ~]# mysql

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 4714

Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE zabbix character set utf8 collate utf8_bin;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED BY '123.com';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit

Bye

结果验证

浏览器访问进入Zabbix 安装界面,如图5.2所示,按步骤完成Zabbix安装操作即可。

图5.2

标签: #php主控