(241223)
环境
系统 | ip | 主机名 | 域名 |
---|---|---|---|
debian12.8 | 192.168.100.6 | ansible-main | ansible-main.example.com |
debian12.8 | 192.168.100.12 | ansible-node1 | ansible-node1.example.com |
debian12.8 | 192.168.100.15 | ansible-node2 | ansible-node2.example.com |
debian12.8 | 192.168.100.16 | ansible-node3 | ansible-node3.example.com |
Ansible-2.9.13
Nginx-1.26.2
MySQL-8.0.40
Tomcat-10.1.34
Java-JDK11
基本配置
sudo apt-get update && apt-get upgrade
sudo apt-get install vim
/etc/hostname
ansible-main
/etc/network/interfaces
auto lo
iface lo inet loopbackauto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114
/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication no
ssh-keygen -t rsa -b 4096
main连通其他node
for i in main node1 node2 node3; do ssh-copy-id root@ansible-$i; done
安装Ansible
sudo apt update && apt upgrade
sudo apt -y install python3 python3-pip python3-dev libffi-dev gcc libssl-devwget https://releases.ansible.com/ansible/ansible-2.9.13.tar.gz
tar -zxvf ansible-2.9.13.tar.gz
cd ansible-2.9.13python3 setup.py build
python3 setup.py install
任务结构
ansible_lnmt/
├── common/
│ ├── tasks/
│ │ └── main.yml
│ └── handlers/
│ └── main.yml
├── nginx/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── nginx.conf.j2
│ └── handlers/
│ └── main.yml
├── mysql/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── my.cnf.j2
│ └── handlers/
│ └── main.yml
├── tomcat/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── server.xml.j2
│ └── handlers/
│ └── main.yml
├── java/
│ ├── tasks/
│ │ └── main.yml
│ └── handlers/
│ └── main.yml
inventory
[all]
ansible-main ansible_host=192.168.100.6
ansible-node1 ansible_host=192.168.100.12
ansible-node2 ansible_host=192.168.100.15
ansible-node3 ansible_host=192.168.100.16[all:vars]
ansible_user=root
ansible_ssh_private_key_file='SSH私钥路径'
执行脚本Playbook
ansible_lnmt.yml
---
- name: Deploy LNMT Environmenthosts: allbecome: yesvars_files:- vars/main.ymlroles:- common- java- mysql- tomcat- nginxhandlers:- name: restart nginxservice:name: nginxstate: restarted- name: restart mysqlservice:name: mysqlstate: restarted- name: restart tomcatservice:name: tomcatstate: restarted
vars/main.yml
---
mysql_root_password: "mysql_root_password"
java_version: "11"
nginx_version: "1.26.2"
mysql_version: "8.0.40"
tomcat_version: "10.1.34"
roles/common/tasks/main.yml
---
- name: Update system packagesapt:update_cache: yesupgrade: dist- name: Disable swapcommand: swapoff -anotify: update fstab to disable swap- name: Update /etc/fstab to disable swaplineinfile:path: /etc/fstabregexp: '^UUID=.*swap'state: absent- name: Install required packagesapt:name:- build-essential- libpcre3- libpcre3-dev- zlib1g- zlib1g-dev- libssl-dev- libaio1- libaio-dev- libncurses5-dev- libncursesw5-dev- libreadline-dev- libsqlite3-dev- libgdbm-dev- libdb5.3-dev- libbz2-dev- libexpat1-dev- liblzma-dev- tk-dev- libffi-dev- wget- curl- gnupg- software-properties-commonstate: present- name: Stop and disable ufwservice:name: ufwstate: stoppedenabled: no
roles/common/handlers/main.yml
---
- name: update fstab to disable swapcommand: sed -i '/swap/d' /etc/fstab
roles/java/tasks/main.yml
---
- name: Add Oracle Java PPAapt_repository:repo: ppa:linuxuprising/javastate: present- name: Install Oracle Java {{ java_version }}apt:name: oracle-java{{ java_version }}-installerstate: present- name: Set default Java versionapt:name: oracle-java{{ java_version }}-set-defaultstate: present
roles/mysql/tasks/main.yml
---
- name: Download MySQL {{ mysql_version }} sourceget_url:url: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-{{ mysql_version }}.tar.gzdest: /tmp/mysql-{{ mysql_version }}.tar.gz- name: Extract MySQL sourceunarchive:src: /tmp/mysql-{{ mysql_version }}.tar.gzdest: /optremote_src: yes- name: Install MySQL build dependenciesapt:name:- build-essential- cmake- libncurses5-dev- libssl-dev- libaio-dev- libaio1- libnuma-dev- libevent-dev- libjemalloc-dev- libtirpc-dev- libgflags-dev- liblz4-dev- libzstd-dev- liblzma-dev- bison- flexstate: present- name: Create MySQL build directoryfile:path: /opt/mysql-{{ mysql_version }}/buildstate: directory- name: Configure MySQLcommand: >cmake ..-DCMAKE_INSTALL_PREFIX=/usr/local/mysql-DMYSQL_DATADIR=/usr/local/mysql/data-DSYSCONFDIR=/etc-DWITH_INNOBASE_STORAGE_ENGINE=1-DWITH_PARTITION_STORAGE_ENGINE=1-DWITH_FEDERATED_STORAGE_ENGINE=1-DWITH_BLACKHOLE_STORAGE_ENGINE=1-DWITH_MYISAM_STORAGE_ENGINE=1-DENABLED_LOCAL_INFILE=1-DENABLE_DTRACE=0-DDEFAULT_CHARSET=utf8mb4-DDEFAULT_COLLATION=utf8mb4_general_ci-DWITH_SSL=system-DWITH_ZLIB=system-DWITH_EMBEDDED_SERVER=1-DWITH_READLINE=1-DWITH_UNIT_TESTS=OFF-DINSTALL_LAYOUT=STANDALONE-DCMAKE_BUILD_TYPE=Releaseargs:chdir: /opt/mysql-{{ mysql_version }}/build- name: Compile and install MySQLcommand: >make -j$(nproc) && make installargs:chdir: /opt/mysql-{{ mysql_version }}/build- name: Create MySQL data directoryfile:path: /usr/local/mysql/datastate: directoryowner: mysqlgroup: mysql- name: Create MySQL user and groupgroup:name: mysqlstate: presentuser:name: mysqlshell: /bin/falsehome: /usr/local/mysqlcreate_home: nosystem: yes- name: Initialize MySQL data directorycommand: >/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data- name: Copy MySQL configuration filetemplate:src: my.cnf.j2dest: /etc/my.cnfnotify: restart mysql- name: Create systemd service file for MySQLtemplate:src: mysql.service.j2dest: /etc/systemd/system/mysql.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure MySQL is started and enabledservice:name: mysqlstate: startedenabled: yes- name: Set MySQL root passwordcommand: >/usr/local/mysql/bin/mysqladmin -u root password '{{ mysql_root_password }}'
roles/mysql/templates/my.cnf.j2
[mysqld]
bind-address = 0.0.0.0
socket = /var/run/mysqld/mysqld.sock
datadir = /usr/local/mysql/data
log-error = /var/log/mysql/error.log
pid-file = /var/run/mysqld/mysqld.pid[client]
socket = /var/run/mysqld/mysqld.sock
roles/mysql/templates/mysql.service.j2
[Unit]
Description=MySQL Server
After=network.target[Service]
Type=forking
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
PrivateTmp=true[Install]
WantedBy=multi-user.target
roles/tomcat/tasks/main.yml
---
- name: Download Tomcat {{ tomcat_version }}get_url:url: https://downloads.apache.org/tomcat/tomcat-10/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gzdest: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz- name: Extract Tomcatunarchive:src: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gzdest: /optremote_src: yes- name: Create Tomcat useruser:name: tomcatshell: /bin/falsehome: /opt/apache-tomcat-{{ tomcat_version }}- name: Change ownership of Tomcat directoryfile:path: /opt/apache-tomcat-{{ tomcat_version }}owner: tomcatgroup: tomcatrecurse: yes- name: Copy Tomcat configuration filetemplate:src: server.xml.j2dest: /opt/apache-tomcat-{{ tomcat_version }}/conf/server.xml- name: Create systemd service file for Tomcattemplate:src: tomcat.service.j2dest: /etc/systemd/system/tomcat.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure Tomcat is started and enabledservice:name: tomcatstate: startedenabled: yes
roles/tomcat/templates/server.xml.j2
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN"><Listener className="org.apache.catalina.startup.VersionLoggerListener" /><Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /><Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /><Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /><Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /><GlobalNamingResources><Resource name="UserDatabase" auth="Container"type="org.apache.catalina.UserDatabase"description="User database that can be updated and saved"factory="org.apache.catalina.users.MemoryUserDatabaseFactory"pathname="conf/tomcat-users.xml" /></GlobalNamingResources><Service name="Catalina"><Connector port="8080" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /><Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /><Engine name="Catalina" defaultHost="localhost"><Realm className="org.apache.catalina.realm.LockOutRealm"><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="localhost" appBase="webapps"unpackWARs="true" autoDeploy="true"><Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"prefix="localhost_access_log" suffix=".txt"pattern="%h %l %u %t "%r" %s %b" /></Host></Engine></Service>
</Server>
roles/tomcat/templates/tomcat.service.j2
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target[Service]
Type=forkingEnvironment=JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-oracle
Environment=CATALINA_PID=/opt/apache-tomcat-{{ tomcat_version }}/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/apache-tomcat-{{ tomcat_version }}
Environment=CATALINA_BASE=/opt/apache-tomcat-{{ tomcat_version }}
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'ExecStart=/opt/apache-tomcat-{{ tomcat_version }}/bin/startup.sh
ExecStop=/opt/apache-tomcat-{{ tomcat_version }}/bin/shutdown.shUser=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always[Install]
WantedBy=multi-user.target
roles/nginx/tasks/main.yml
---
- name: Download Nginx {{ nginx_version }} sourceget_url:url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gzdest: /tmp/nginx-{{ nginx_version }}.tar.gz- name: Extract Nginx sourceunarchive:src: /tmp/nginx-{{ nginx_version }}.tar.gzdest: /optremote_src: yes- name: Install Nginx dependenciesapt:name:- libpcre3- libpcre3-dev- zlib1g- zlib1g-dev- libssl-devstate: present- name: Configure Nginxcommand: cd /opt/nginx-{{ nginx_version }} && ./configure --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module- name: Compile and install Nginxcommand: cd /opt/nginx-{{ nginx_version }} && make && make install- name: Create Nginx useruser:name: nginxshell: /bin/falsehome: /var/lib/nginx- name: Change ownership of Nginx directoriesfile:path: /usr/local/nginxowner: nginxgroup: nginxrecurse: yes- name: Copy Nginx configuration filetemplate:src: nginx.conf.j2dest: /usr/local/nginx/conf/nginx.confnotify: restart nginx- name: Create systemd service file for Nginxtemplate:src: nginx.service.j2dest: /etc/systemd/system/nginx.service- name: Reload systemd daemonsystemd:daemon_reload: yes- name: Ensure Nginx is started and enabledservice:name: nginxstate: startedenabled: yes
roles/nginx/templates/nginx.conf.j2
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;events {worker_connections 1024;
}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format main '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log /var/log/nginx/access.log main;sendfile on;tcp_nopush on;tcp_nodelay on;keepalive_timeout 65;types_hash_max_size 2048;upstream tomcat_servers {server 192.168.100.12:8080;server 192.168.100.15:8080;server 192.168.100.16:8080;}server {listen 80;server_name localhost;location / {proxy_pass http://tomcat_servers;proxy_set_header Host $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;}}
}
roles/nginx/templates/nginx.service.j2
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true[Install]
WantedBy=multi-user.target
check_deployment.yml
---
- name: Check LNMT Deploymenthosts: allbecome: yestasks:- name: Check Nginx service statusservice_facts:- name: Verify Nginx is runningassert:that:- ansible_facts.services.nginx.state == 'running'- name: Check MySQL service statusservice_facts:- name: Verify MySQL is runningassert:that:- ansible_facts.services.mysql.state == 'running'- name: Check Tomcat service statusservice_facts:- name: Verify Tomcat is runningassert:that:- ansible_facts.services.tomcat.state == 'running'
ansible-playbook deploy_lnmt.yml
ansible-playbook check_deployment.yml