技能目標:
· 瞭解什麼是Ansible
· 學會如何使用Ansible部署Docker應用
· 學會如何使用Ansible部署Zabbix
5.1 案例分析
5.1.1案例概述
目前市場上有許多的運維自動化工具( 配置管理 ),例如:Ansible、SaltStack、Puppet、Fabric 等。其中,Ansible一種集成 IT 系統的配置管理、應用部署、執行特定任務的開源平臺,是 AnsibleWorks 公司名下的項目,該公司由 Cobbler 及 Func 的作者於 2012 年創建成立。
Ansible 基於 Python 語言實現,由 Paramiko 和 PyYAML 兩個關鍵模塊構建,具備如下特點:
· 部署簡單,只需在主控端部署 Ansible 環境,被控端無需做任何操作。
· 默認使用 SSH(Secure Shell)協議對設備進行管理。
· 主從集中化管理。
· 配置簡單、功能強大、擴展性強。
· 支持 API 及自定義模塊,可通過 Python 輕鬆擴展。
· 通過 Playbooks 來定製強大的配置、狀態管理。
· 對雲計算平臺、大數據都有很好的支持。
· 提供一個功能強大、操作性強的 Web 管理界面和 REST API 接口 ---- AWX 平臺。
本案例將展示如何使用Ansible部署一臺Apache + MySQL服務器,以及如何使用Ansible部署Zabbix服務端及Zabbix客戶端。
5.1.2案例前置知識點
1. Ansible主要組成部分功能說明
· PLAYBOOKS:任務劇本(任務集),編排定義Ansible任務集的配置文件,由Ansible順序依次執行,通常是JSON格式的YML文件
· INVENTORY:Ansible管理主機的清單/etc/anaible/hosts
· MODULES:Ansible執行命令的功能模塊,多數為內置的核心模塊,也可自定義,ansible-doc –l 可查看模塊
· PLUGINS:模塊功能的補充,如連接類型插件、循環插件、變量插件、過濾插件等,該功能不常用
· API:供第三方程序調用的應用程序編程接口
· ANSIBLE:組合INVENTORY、 API、 MODULES、PLUGINS的綠框,可以理解為是ansible命令工具,其為核心執行工具
2. 注意事項
· 執行ansible的主機一般稱為主控端,中控,master或堡壘機
· 主控端Python版本需要2.6或以上
· 被控端Python版本小於2.4需要安裝python-simplejson
· 被控端如開啟SELinux需要安裝libselinux-python
· windows不能做為主控端
5.1.2案例環境
1. 本案例實驗環境
本案例中環境如表5-1所示。
表5-1 創建並管理Ansible部署Docker網絡案例環境
創建並管理本實驗網絡,具體的拓撲如圖5.1所示。
圖5.1 實驗網絡拓撲
2. 案例需求
· 安裝Ansible及其依賴
· 編寫Playbook
· 實施部署
· 結果驗證
3. 案例實現思路
· 安
5.2 案例實施
5.2.1 主機配置
1. 環境初始化
· 推薦安裝 CentOS 7.3 及以上版本 Linux 操作系統。
· 配置 root 用戶免密碼 ssh 登錄到受控主機。
[root@bogon ~]# hostnamectl set-hostname master
[root@bogon ~]# bash
[root@master ~]# systemctl stop firewalld
[root@master ~]# systemctl disable firewalld
[root@master ~]# getenforce
Disabled
[root@master ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
08:c9:5b:df:13:51:04:3d:f8:24:43:1b:c8:e8:02:54 root@master
The key's randomart image is:
+--[ RSA 2048]----+
| ...E o o=*o |
| .. .. o +++ |
| .+.. o= . |
| .+.o . .. |
| ... S o |
| . |
| |
| |
| |
+-----------------+
[root@master ~]# ssh-copy-id [email protected]
[root@bogon ~]# hostnamectl set-hostname client
[root@bogon ~]# bash
[root@client ~]# systemctl stop firewalld
[root@client ~]# systemctl disable firewalld
[root@client ~]#
getenforceDisabled
2. 安裝Ansible及其依賴
[root@master ~]# rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
[root@master ~]# yum install -y ansible
5.2.2 Ansible部署Docker
建立roles目錄
首先創建一個ansible目錄,之後所有操作均在此目錄下進行。
[root@master ~]# mkdir ansible
[root@master ~]# cd ansible
[root@master ansible]# ansible-galaxy init --init-path roles common
- common was created successfully
[root@master ansible]# ansible-galaxy init --init-path roles webserver
- webserver was created successfully
[root@master ansible]# ansible-galaxy init --init-path roles dbserver
- dbserver was created successfully
創建production文件,內容為hosts和groups信息。
[root@master ansible]# vim production
[webservers]
192.168.9.168
[dbservers]
192.168.9.168
建common role任務,主要包含基礎環境設置
[root@master ansible]# vim roles/common/tasks/main.yml
---
# tasks file for common
- name: add epel repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
tags: epel
- name: add docker-ce repository
yum_repository:
name: docker-ce
description: docker-ce YUM repo
baseurl: https://download.docker.com/linux/centos/7/$basearch/stable/
gpgcheck: no
tags: docker
- name: make sure ntp is installed
yum: pkg=ntp state=installed
tags: ntp
- name: make sure docker-ce is installed
yum: pkg=docker-ce state=installed
tags: docker
- name: make sure python-pip is installed
yum: pkg=python-pip state=installed
tags: pip
- name: make sure ntp is configured
template: class="lazy" src="//p2.ttnews.xyz/loading.gif" data-original=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntpd
tags: ntp
- name: make sure ntpd is running and enabled
service: name=ntpd state=started enabled=yes
tags: ntp
- name: make sure firewalld is stopped and disabled
service: name=firewalld state=stopped enabled=no
tags: firewalld
- name: make sure docker-py is installed
pip:
name: docker-py
- name: make sure docker is installed
yum: pkg=docker-ce state=installed
tags: docker
- name: make sure docker is running and enabled
service: name=docker state=started enabled=yes
tags: docker
[root@master ansible]# vim roles/common/handlers/main.yml
---
# handlers file for common
- name: restart ntpd
service: name=ntpd state=restarted
[root@master ansible]#
mkdir group_vars[root@master ansible]# vim group_vars/all
ntpserver: cn.ntp.org.cn
[root@master ansible]# vim roles/common/templates/ntp.conf.j2
driftfile /var/lib/ntp/drift
pidfile /var/run/ntpd.pid
logfile /var/log/ntp.log
# Access Control Support
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
server {{ ntpserver }}
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
創建webserver role任務,主要包含httpd容器的啟動
[root@master ansible]# vim roles/webserver/tasks/main.yml
---
# tasks file for webserver
- name: create httpd container
docker_container:
name: apache
image: httpd
state: started
restart: yes
ports:
- "80:80"
tags: httpd
創建dbserverrole任務,主要包含mysql容器的啟動
[root@master ansible]# vim roles/dbserver/tasks/main.yml
[root@master ansible]# /root/ansible/roles/dbserver/tasks/main.yml
---
# tasks file for dbserver
- name: create mysql container
docker_container:
name: mysql
image: mysql
state: started
restart: yes
ports:
- "3306:3306"
env:
MYSQL_ROOT_PASSWORD: mysql@135
tags: mysql
創建webservers.yml
[root@master ansible]# vim webservers.yml
---
- hosts: webservers
roles:
- common
- webserver
創建dbservers.yml
[root@master ansible]# vim dbservers.yml
---
- hosts: dbservers
roles:
- common
- dbserver
創建site.yml
[root@master ansible]# vim site.yml
---
- import_playbook: webservers.yml
- import_playbook: dbservers.yml
運行部署命令
[root@master ansible]# ansible-playbook site.yml -i production
。。。。。。 //省略部分內容
TASK [dbserver : create mysql container] ****************************************************
changed: [192.168.9.168]
PLAY RECAP **********************************************************************************
192.168.9.168 : ok=27 changed=10 unreachable=0 failed=0
驗證結果
登錄受控主機,執行"docker ps"命令,查看docker容器是否運行。
[root@client ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
39ef95a4e3f4 mysql "docker-entrypoint.s…" 2 minutes ago Up 2 minutes 0.0.0.0:3306->3306/tcp, 33060/tcp mysql
b22c957feb4c httpd "httpd-foreground" 6 minutes ago Up 6 minutes 0.0.0.0:80->80/tcp apache
5.2.3 Ansible部署Zabbix
建立roles目錄
首先創建一個ansible目錄,之後所有操作均在此目錄下進行。
[root@master ansible]# mkdir zabbix
[root@master ansible]# cd zabbix/
[root@master zabbix]# ansible-galaxy init --init-path roles common
- common was created successfully
[root@master zabbix]# ansible-galaxy init --init-path roles zbxserver
- zbxserver was created successfully
[root@master zabbix]# ansible-galaxy init --init-path roles zbxagent
- zbxagent was created successfully
創建production文件,內容為hosts和groups信息
[root@master zabbix]# vim production-zabbix
[zbxservers]
192.168.9.168
[zbxagents]
192.168.9.168
創建common role任務,主要包含基礎環境設置
[root@master zabbix]#
vim roles/common/tasks/main.yml---
# tasks file for common
- name: add epel repository
yum_repository:
name: epel
description: EPEL YUM repo
baseurl: https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
gpgcheck: no
tags: epel
- name: add zabbix repository
yum_repository:
name: zabbix
description: Zabbix YUM repo
baseurl: http://repo.zabbix.com/zabbix/3.2/rhel/7/$basearch/
gpgcheck: no
tags: zabbix
- name: add non-support zabbix repository
yum_repository:
name: zabbix-non-supported
description: Zabbix-non-supported YUM repo
baseurl: http://repo.zabbix.com/non-supported/rhel/7/$basearch/
gpgcheck: no
tags: zabbix
- name: make sure ntp is installed
yum: pkg=ntp state=installed
tags: ntp
- name: make sure python-pip is installed
yum: pkg=python-pip state=installed
tags: pip
- name: make sure ntp is configured
template: class="lazy" src="//p2.ttnews.xyz/loading.gif" data-original=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart ntpd
tags: ntp
- name: make sure ntpd is running and enabled
service: name=ntpd state=started enabled=yes
tags: ntp
- name: make sure firewalld is stopped and disabled
service: name=firewalld state=stopped enabled=no
tags: firewalld
[root@master zabbix]# vim roles/common/handlers/main.yml
---
# handlers file for common
- name: restart ntpd
service: name=ntpd state=restarted
[root@master zabbix]# mkdir group_vars
[root@master zabbix]# vim group_vars/all
ntpserver: cn.ntp.org.cn
[root@master zabbix]# vim roles/common/templates/ntp.conf.j2
driftfile /var/lib/ntp/drift
pidfile /var/run/ntpd.pid
logfile /var/log/ntp.log
# Access Control Support
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
server {{ ntpserver }}
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keys
創建zbxserver role任務,主要包含httpd、php、mariadb-server、zabbix-server和zabbix-web的安裝、配置及啟動操作
[root@master zabbix]# vim roles/zbxserver/tasks/main.yml
---
# tasks file for zbxserver
- name: make sure httpd/php/mariadb-server/zabbix-server/zabbix-web are installed
yum: pkg={{ item }} state=installed
with_items:
- httpd
- php
- mariadb-server
- zabbix-server-mysql
- zabbix-web-mysql
- name: make sure php is configured
template: class="lazy" data-original=php.ini.j2 dest=/etc/php.ini
- name: make sure zabbix-server is configured
template: class="lazy" data-original=zabbix_server.conf.j2 dest=/etc/zabbix/zabbix_server.conf
- name: make sure httpd & mariadb & zabbix-server are running and enabled
service: name={{ item }} state=started enabled=yes
with_items:
- httpd
- mariadb
- zabbix-server
在主控端手動安裝php,然後拷貝現有/etc/php.ini文件至roles/zbxserver/templates/php.ini.j2,並修改以下配置項
[root@master zabbix]# yum install -y php
[root@master zabbix]# cp /etc/php.ini roles/zbxserver/templates/php.ini.j2
[root@master zabbix]# vim roles/zbxserver/templates/php.ini.j2
post_max_size = 16M
max_execution_time = 300
max_input_time = 300
memory_limit = 128M
upload_max_filesize = 2M
date.timezone = Asia/Shanghai
在主控端手動安裝zabbix-server,然後拷貝現有/etc/zabbix/zabbix_server.conf文件至roles/zbxserver/templates/zabbix_server.conf.j2,並修改以下配置項
[root@master zabbix]# rpm -Uvh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
[root@master zabbix]# yum install -y zabbix-server
[root@master zabbix]# cp /etc/zabbix/zabbix_server.conf roles/zbxserver/templates/zabbix_server.conf.j2
[root@master zabbix]# vim roles/zbxserver/templates/zabbix_server.conf.j2
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=123.com
創建zbxagent role任務,主要包含zabbix-agent的安裝、配置及啟動操作
[root@master zabbix]# vim roles/zbxagent/tasks/main.yml
---
# tasks file for zbxagent
- name: make sure zabbix-agent is installed
yum: pkg=zabbix-agent state=installed
- name: make sure zabbix-agent is configured
template: class="lazy" data-original=zabbix_agent.conf.j2 dest=/etc/za bbix/zabbix_agent.conf
- name: make sure zabbix-agent is running and enabled
service: name=zabbix-agent state=started enabled=yes
在主控端手動安裝zabbix-agent,然後拷貝現有/etc/zabbix/zabbix_agentd.conf文件至roles/zbxagent/templates/zabbix_agentd.conf.j2,並修改以下配置項
[root@master zabbix]# yum install -y zabbix-agent
[root@master zabbix]# cp /etc/zabbix/zabbix_agentd.conf roles/zbxagent/templates/zabbix_agentd.conf.j2
[root@master zabbix]#
vim roles/zbxagent/templates/zabbix_agent.conf.j2Server=192.168.9.168
ServerActive=192.168.9.168
Hostname=Zabbix server #Agent本地的名稱,此名稱需要與將來在server端的WEB頁面上的主機名稱一致,名稱自定義
創建zbxservers.yml
[root@master zabbix]# vim zbxservers.yml
---
- hosts: zbxservers
roles:
- common
- zbxserver
創建zbxagents.yml
[root@master zabbix]# vim zbxagents.yml
---
- hosts: zbxagents
roles:
- common
- zbxagent
創建site.yml
[root@master zabbix]# vim site.yml
---
- import_playbook: zbxservers.yml
- import_playbook: zbxagents.yml
運行部署命令
[root@master zabbix]# ansible-playbook site.yml -i production-zabbix
登錄受控主機完成數據庫設置
[root@client ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4714
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'localhost' IDENTIFIED BY '123.com';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
結果驗證
瀏覽器訪問http://192.168.9.168/zabbix進入Zabbix 安裝界面,如圖5.2所示,按步驟完成Zabbix安裝操作即可。
圖5.2
閱讀更多 Linux高級運維 的文章