实践项目-Ansible+Playbook自动化部署服务器上线

news/2024/12/23 19:53:48/文章来源:https://www.cnblogs.com/mugetsukun/p/18612492

(241223)
环境

系统 ip 主机名 域名
debian12.8 192.168.100.6 ansible-main ansible-main.example.com
debian12.8 192.168.100.12 ansible-node1 ansible-node1.example.com
debian12.8 192.168.100.15 ansible-node2 ansible-node2.example.com
debian12.8 192.168.100.16 ansible-node3 ansible-node3.example.com

Ansible-2.9.13
Nginx-1.26.2
MySQL-8.0.40
Tomcat-10.1.34
Java-JDK11

基本配置

sudo apt-get update && apt-get upgrade
sudo apt-get install vim

/etc/hostname

ansible-main

/etc/network/interfaces

auto lo
iface lo inet loopbackauto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114

/etc/ssh/sshd_config

PermitRootLogin yes
PubkeyAuthentication no
ssh-keygen -t rsa -b 4096

main连通其他node

for i in main node1 node2 node3; do ssh-copy-id root@ansible-$i; done

安装Ansible

sudo apt update && apt upgrade
sudo apt -y install python3 python3-pip python3-dev libffi-dev gcc libssl-devwget https://releases.ansible.com/ansible/ansible-2.9.13.tar.gz
tar -zxvf ansible-2.9.13.tar.gz
cd ansible-2.9.13python3 setup.py build
python3 setup.py install

任务结构

ansible_lnmt/
├── common/
│   ├── tasks/
│   │   └── main.yml
│   └── handlers/
│       └── main.yml
├── nginx/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── nginx.conf.j2
│   └── handlers/
│       └── main.yml
├── mysql/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── my.cnf.j2
│   └── handlers/
│       └── main.yml
├── tomcat/
│   ├── tasks/
│   │   └── main.yml
│   ├── templates/
│   │   └── server.xml.j2
│   └── handlers/
│       └── main.yml
├── java/
│   ├── tasks/
│   │   └── main.yml
│   └── handlers/
│       └── main.yml

inventory

[all]
ansible-main ansible_host=192.168.100.6
ansible-node1 ansible_host=192.168.100.12
ansible-node2 ansible_host=192.168.100.15
ansible-node3 ansible_host=192.168.100.16[all:vars]
ansible_user=root
ansible_ssh_private_key_file='SSH私钥路径'

执行脚本Playbook

ansible_lnmt.yml

---
- name: Deploy LNMT Environmenthosts: allbecome: yesvars_files:- vars/main.ymlroles:- common- java- mysql- tomcat- nginxhandlers:- name: restart nginxservice:name: nginxstate: restarted- name: restart mysqlservice:name: mysqlstate: restarted- name: restart tomcatservice:name: tomcatstate: restarted

vars/main.yml

---
mysql_root_password: "mysql_root_password"
java_version: "11"
nginx_version: "1.26.2"
mysql_version: "8.0.40"
tomcat_version: "10.1.34"

roles/common/tasks/main.yml

---
- name: Update system packagesapt:update_cache: yesupgrade: dist- name: Disable swapcommand: swapoff -anotify: update fstab to disable swap- name: Update /etc/fstab to disable swaplineinfile:path: /etc/fstabregexp: '^UUID=.*swap'state: absent- name: Install required packagesapt:name:- build-essential- libpcre3- libpcre3-dev- zlib1g- zlib1g-dev- libssl-dev- libaio1- libaio-dev- libncurses5-dev- libncursesw5-dev- libreadline-dev- libsqlite3-dev- libgdbm-dev- libdb5.3-dev- libbz2-dev- libexpat1-dev- liblzma-dev- tk-dev- libffi-dev- wget- curl- gnupg- software-properties-commonstate: present- name: Stop and disable ufwservice:name: ufwstate: stoppedenabled: no

roles/common/handlers/main.yml

---
- name: update fstab to disable swapcommand: sed -i '/swap/d' /etc/fstab

roles/java/tasks/main.yml

---
- name: Add Oracle Java PPAapt_repository:repo: ppa:linuxuprising/javastate: present- name: Install Oracle Java {{ java_version }}apt:name: oracle-java{{ java_version }}-installerstate: present- name: Set default Java versionapt:name: oracle-java{{ java_version }}-set-defaultstate: present

roles/mysql/tasks/main.yml

---
- name: Download MySQL {{ mysql_version }} sourceget_url:url: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-{{ mysql_version }}.tar.gzdest: /tmp/mysql-{{ mysql_version }}.tar.gz- name: Extract MySQL sourceunarchive:src: /tmp/mysql-{{ mysql_version }}.tar.gzdest: /optremote_src: yes- name: Install MySQL build dependenciesapt:name:- build-essential- cmake- libncurses5-dev- libssl-dev- libaio-dev- libaio1- libnuma-dev- libevent-dev- libjemalloc-dev- libtirpc-dev- libgflags-dev- liblz4-dev- libzstd-dev- liblzma-dev- bison- flexstate: present- name: Create MySQL build directoryfile:path: /opt/mysql-{{ mysql_version }}/buildstate: directory- name: Configure MySQLcommand: >cmake ..-DCMAKE_INSTALL_PREFIX=/usr/local/mysql-DMYSQL_DATADIR=/usr/local/mysql/data-DSYSCONFDIR=/etc-DWITH_INNOBASE_STORAGE_ENGINE=1-DWITH_PARTITION_STORAGE_ENGINE=1-DWITH_FEDERATED_STORAGE_ENGINE=1-DWITH_BLACKHOLE_STORAGE_ENGINE=1-DWITH_MYISAM_STORAGE_ENGINE=1-DENABLED_LOCAL_INFILE=1-DENABLE_DTRACE=0-DDEFAULT_CHARSET=utf8mb4-DDEFAULT_COLLATION=utf8mb4_general_ci-DWITH_SSL=system-DWITH_ZLIB=system-DWITH_EMBEDDED_SERVER=1-DWITH_READLINE=1-DWITH_UNIT_TESTS=OFF-DINSTALL_LAYOUT=STANDALONE-DCMAKE_BUILD_TYPE=Releaseargs:chdir: /opt/mysql-{{ mysql_version }}/build- name: Compile and install MySQLcommand: >make -j$(nproc) && make installargs:chdir: /opt/mysql-{{ mysql_version }}/build- name: Create MySQL data directoryfile:path: /usr/local/mysql/datastate: directoryowner: mysqlgroup: mysql- name: Create MySQL user and groupgroup:name: mysqlstate: presentuser:name: mysqlshell: /bin/falsehome: /usr/local/mysqlcreate_home: nosystem: yes- name: Initialize MySQL data directorycommand: >/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data- name: Copy MySQL configuration filetemplate:src: my.cnf.j2dest: /etc/my.cnfnotify: restart mysql- name: Create systemd service file for MySQLtemplate:src: mysql.service.j2dest: /etc/systemd/system/mysql.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure MySQL is started and enabledservice:name: mysqlstate: startedenabled: yes- name: Set MySQL root passwordcommand: >/usr/local/mysql/bin/mysqladmin -u root password '{{ mysql_root_password }}'

roles/mysql/templates/my.cnf.j2

[mysqld]
bind-address = 0.0.0.0
socket = /var/run/mysqld/mysqld.sock
datadir = /usr/local/mysql/data
log-error = /var/log/mysql/error.log
pid-file = /var/run/mysqld/mysqld.pid[client]
socket = /var/run/mysqld/mysqld.sock

roles/mysql/templates/mysql.service.j2

[Unit]
Description=MySQL Server
After=network.target[Service]
Type=forking
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
PrivateTmp=true[Install]
WantedBy=multi-user.target

roles/tomcat/tasks/main.yml

---
- name: Download Tomcat {{ tomcat_version }}get_url:url: https://downloads.apache.org/tomcat/tomcat-10/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gzdest: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz- name: Extract Tomcatunarchive:src: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gzdest: /optremote_src: yes- name: Create Tomcat useruser:name: tomcatshell: /bin/falsehome: /opt/apache-tomcat-{{ tomcat_version }}- name: Change ownership of Tomcat directoryfile:path: /opt/apache-tomcat-{{ tomcat_version }}owner: tomcatgroup: tomcatrecurse: yes- name: Copy Tomcat configuration filetemplate:src: server.xml.j2dest: /opt/apache-tomcat-{{ tomcat_version }}/conf/server.xml- name: Create systemd service file for Tomcattemplate:src: tomcat.service.j2dest: /etc/systemd/system/tomcat.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure Tomcat is started and enabledservice:name: tomcatstate: startedenabled: yes

roles/tomcat/templates/server.xml.j2

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener" /><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /><GlobalNamingResources><Resource name="UserDatabase" auth="Container"type="org.apache.catalina.UserDatabase"description="User database that can be updated and saved"factory="org.apache.catalina.users.MemoryUserDatabaseFactory"pathname="conf/tomcat-users.xml" /></GlobalNamingResources><Service name="Catalina"><Connector port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /><Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /><Engine name="Catalina" defaultHost="localhost"><Realm className="org.apache.catalina.realm.LockOutRealm"><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="localhost"  appBase="webapps"unpackWARs="true" autoDeploy="true"><Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"prefix="localhost_access_log" suffix=".txt"pattern="%h %l %u %t &quot;%r&quot; %s %b" /></Host></Engine></Service>
</Server>

roles/tomcat/templates/tomcat.service.j2

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target[Service]
Type=forkingEnvironment=JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-oracle
Environment=CATALINA_PID=/opt/apache-tomcat-{{ tomcat_version }}/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/apache-tomcat-{{ tomcat_version }}
Environment=CATALINA_BASE=/opt/apache-tomcat-{{ tomcat_version }}
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'ExecStart=/opt/apache-tomcat-{{ tomcat_version }}/bin/startup.sh
ExecStop=/opt/apache-tomcat-{{ tomcat_version }}/bin/shutdown.shUser=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always[Install]
WantedBy=multi-user.target

roles/nginx/tasks/main.yml

---
- name: Download Nginx {{ nginx_version }} sourceget_url:url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gzdest: /tmp/nginx-{{ nginx_version }}.tar.gz- name: Extract Nginx sourceunarchive:src: /tmp/nginx-{{ nginx_version }}.tar.gzdest: /optremote_src: yes- name: Install Nginx dependenciesapt:name:- libpcre3- libpcre3-dev- zlib1g- zlib1g-dev- libssl-devstate: present- name: Configure Nginxcommand: cd /opt/nginx-{{ nginx_version }} && ./configure --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module- name: Compile and install Nginxcommand: cd /opt/nginx-{{ nginx_version }} && make && make install- name: Create Nginx useruser:name: nginxshell: /bin/falsehome: /var/lib/nginx- name: Change ownership of Nginx directoriesfile:path: /usr/local/nginxowner: nginxgroup: nginxrecurse: yes- name: Copy Nginx configuration filetemplate:src: nginx.conf.j2dest: /usr/local/nginx/conf/nginx.confnotify: restart nginx- name: Create systemd service file for Nginxtemplate:src: nginx.service.j2dest: /etc/systemd/system/nginx.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure Nginx is started and enabledservice:name: nginxstate: startedenabled: yes

roles/nginx/templates/nginx.conf.j2

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;events {worker_connections 1024;
}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;upstream tomcat_servers {server 192.168.100.12:8080;server 192.168.100.15:8080;server 192.168.100.16:8080;}server {listen 80;server_name localhost;location / {proxy_pass http://tomcat_servers;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;}}
}

roles/nginx/templates/nginx.service.j2

[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true[Install]
WantedBy=multi-user.target

check_deployment.yml

---
- name: Check LNMT Deploymenthosts: allbecome: yestasks:- name: Check Nginx service statusservice_facts:- name: Verify Nginx is runningassert:that:- ansible_facts.services.nginx.state == 'running'- name: Check MySQL service statusservice_facts:- name: Verify MySQL is runningassert:that:- ansible_facts.services.mysql.state == 'running'- name: Check Tomcat service statusservice_facts:- name: Verify Tomcat is runningassert:that:- ansible_facts.services.tomcat.state == 'running'
ansible-playbook deploy_lnmt.yml
ansible-playbook check_deployment.yml

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.hqwc.cn/news/857631.html

如若内容造成侵权/违法违规/事实不符,请联系编程知识网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

VScode + cmake编写Qt程序

本机环境 Ubuntu 20.04 Qt 5.12.81. 安装Vscode直接在官网下载对应的deb包安装即 可。下载后在deb包所在目录执行如下命令安装deb包。sudo dpkg -i 安装包名.deb然后在应用程序中应该就有了Vscode的图标了。2. 安装cmake与gcc g++先安装cmakesudo apt-get install cmake然后安装…

RK3588开发板入门教程

一、EVM-RK3588 评估板外观二、常用系统信息查看1、查看系统内核版本信息,使用uname命令:$unamet-a2、查看操作系统信息:$ cat /etc/issue3、查看系统内存使用情况:$free-h4、查看系统磁盘使用情况:$ df -h5、查看磁盘和分区:# 查看所有分区 $ fdisk -l # 查看文件可看到…

【教程】第十章:任务仪表盘(2) —— 各有千秋

通过循序渐进的功能升级,你将打造一个强大的管理系统,让团队协作更高效、流程更智能。在本章中,我们将带您一步步完成任务仪表盘的下一部分,有任何疑问记得随时来论坛咨询。 从复习上章内容开始,让我们一起展开这段探索之旅吧! 10.1 揭晓上一章节答案 10.1.1 状态与链接 …

Llama 3.2 900亿参数视觉多模态大模型本地部署及案例展示

本文介绍了如何在本地部署Llama 3.2 90B(900亿参数)视觉多模态大模型,并开发一些Use Case,展示其强大的视觉理解能力。Llama 3.2 900亿参数视觉多模态大模型本地部署及案例展示 本文将介绍如何在本地部署Llama 3.2 90B(900亿参数)视觉多模态大模型,并开发一些Use Case,…

【新教程】Ubuntu server 24.04配置无线网WiFi

0 相关信息 Ubuntu Server 24.04 1 工具准备 sudo apt install network-manager wpasupplicant wireless-tools2 过程 查看无线网卡名称: ip addr一般wl开头的为无线网卡。比如,我这里的无线网卡就是wlo1 扫描无线网络: sudo iwlist wlo1 scan | grep ESSID # 注意将 wlan0…

BOE(京东方)亮相世界显示产业创新发展大会 以创新科技全面引领行业风向标

2024年12月19日,世界显示产业创新发展大会在成都举办,来自全球的显示领域企业及行业专家汇聚一堂,共同探讨新一轮产业升级趋势及行业未来发展方向。BOE(京东方)总裁高文宝博士应邀出席大会,并在开幕式发表《屏之物联 聚智创新》主题演讲,引发现场嘉宾和观众强烈共鸣。大…

BOE(京东方)“向新2025”年终媒体智享会落地成都 持续创新引领产业步入高价值增长新纪元

12月20日,BOE(京东方)“向新 2025”年终媒体智享会的脚步从上海延伸至成都。川渝之地,作为 BOE(京东方)产业生态战略布局中的关键一子,此刻再度成为行业瞩目的焦点。本次活动全面回溯了BOE(京东方)在2024年多个关键领域斩获的斐然佳绩,深入剖析了六大维度构建的“向新…

BOE(京东方)绿色低碳显示生态交流会成功举办 共筑行业绿色未来

2024年12月19日,世界显示产业创新发展大会在成都盛大召开,众多行业专家及产业链伙伴齐聚一堂,共同探讨显示产业科技创新成果与未来发展方向。作为全球半导体显示行业龙头企业,BOE(京东方)在大会同期举办了主题为“物联视界,碳索未来”的绿色低碳显示生态交流会,携手上下…

聊一下新电脑-macbook air 15寸 m2 16+512g

购买于转转二手商城 售价: 6250 配置:16+512g m2芯片 15寸 已经过保了,激活日期是去年的12月,差不多刚好一年电池健康:100%算是保养得很好的了!磁盘读写也不多:整体橙色95新以上! 我使用时间机器去换机的,整个过程十分的流畅! 除了换完之后开机有点卡顿,不知道是网络还是什么原…

小学数学思维训练 一年级 第一周(少儿思维启蒙)

前言 本文主要介绍了通过各种题型和解题方法培养孩子的数学思维能力。通过系统的方法训练一年级学生的数学思维能力,帮助他们学会举一反三,融会贯通地解决各类数学问题。 点击获取小学数学1-6年级思维训练电子版 第一周 比一比 比一比是实际生活中常见的一类数学问题,需要同…

VXLAN 网络中报文转发过程

以同网段的 VM 间互通简单介绍 VXLAN 网络中的报文转发过程。本文分享自天翼云开发者社区《VXLAN 网络中报文转发过程》,作者:刘****林 以同网段的 VM 间互通简单介绍 VXLAN 网络中的报文转发过程。1.VM1 发送目的地址为 VM2 的报文。 2.VTEP1 收到该报文后进行 VXLAN 封装,…