说明:
1)在VM上装了一个4核8G的centos7.5系统
2)docker版本为 18.06.0-ce
docker的安装不再讲述
1、创建一个带有含有ssh的镜像,通过编写Dockerfile
# Set the base image to centos
FROM centos:latest
MAINTAINER fei
#mount volume
VOLUME ["/root/docker/ansible-demo/volume2"]
################## BEGIN INSTALLATION ######################
#install EPEL
RUN rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
&& rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
&& yum install -y yum-priorities
RUN yum install -y sudo
RUN yum install -y
net-tools
openssh-clients
openssh-server
ansible
vim
################## END INSTALLATION ######################
# 将sshd的UsePAM参数设置成no,优化ssh连接
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
# 修改root用户密码,这里密码为:devilf
RUN echo "root:devilf"|chpasswd
RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
# 启动sshd服务并且暴露22端口
RUN mkdir /var/run/sshd
EXPOSE 22
ENTRYPOINT ["/usr/sbin/sshd","-D"]
2、开始构建镜像
docker build --no-cache -t fei/centos:ssh_ansible .
3、启动容器(需要开启特权模式,否则会报错:Failed to get D-Bus connection: Operation not permitted)
docker run -itd -p 20021:22 --privileged=true --name node1 fei/centos:ssh_ansible
docker run -itd -p 20022:22 --privileged=true --name node2 fei/centos:ssh_ansible
...
...
docker run -itd -p 20020:22 --privileged=true --name ansible_server fei/centos:ssh_ansible
4、配置ansible主机清单,并建立互信关系
修改ansible.cfg文件,将默认的hosts文件改为一个目录,修改为:
inventory = /etc/ansible/conf.d
设置清单
# cat conf.d/docker
[nodes]
172.17.0.2
172.17.0.3
172.17.0.4
172.17.0.5
生成密钥
ssh-keygen
下发密钥
ssh-copy-id [email protected]
5、测试
ansible nodes -m ping
注意:
查看容器IP的方法:
docker inspect --format '{{ .NetworkSettings.IPAddress }}' container_id
停止容器:
docker stop container_id
删除容器:
docker container rm container_id
下面就要开始通过playbook来源码编译安装nginx
可以针对所有的服务安装创建一个专门的目录,例如这里安装nginx,可以创建一个目录,目录结构为:
tree roles/
roles/
├── conf
│ ├── default
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── temp_server.conf
│ └── vars
│ └── main.yml
├── install
│ ├── default
│ ├── files
│ │ └── nginx-1.12.0.tar.gz
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ ├── nginx.conf
│ │ ├── web1.conf
│ │ └── web2.conf
│ └── vars
│ └── main.yml
├── nginx.retry
├── nginx.yaml
└── site.yml
分为两部分,conf目录主要是方便增加站点,存放配置文件;install目录主要是为了安装nginx,该目录下会存放安装所用的源码包,配置文件等
install目录下定义一个任务:
# cat tasks/main.yml
- name: cp nginx package to remote host
copy: src=nginx-1.12.0.tar.gz dest=/tmp/nginx-1.12.0.tar.gz #去files目录中拉取源码包
tags: cp-nginx-pkg
- name: tar nginx package
shell: cd /tmp; tar zxf nginx-1.12.0.tar.gz
- name: install nginx depend pkg
yum: name={{ item }} state=latest #item是一个变量,用来指定下面的一些依赖包名
with_items:
- openssl-devel
- pcre-devel
- gcc
- gcc-c++
- autoconf
- automake
- libtool
- make
- cmake
- zlib
- zlib-devel
- openssl
- pcre-devel
- libxslt-devel
- name: install nginx
shell: cd /tmp/nginx-1.12.0; ./configure --user=www --group=www --prefix=/usr/local/nginx
--with-http_stub_status_module
--with-http_ssl_module
--with-pcre && make && make install
- name: cp conf
template: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf #这个是去templates目录中拉取配置文件
tags: nginx-conf
- name: cp shell
copy: src=/ansible/script/create_users.sh dest=/tmp/create_users.sh #这个脚本的目的是检测目标机器是否已经存在所建的用户,如果存在机会创建用户会报错
- name: create nginx user
shell: /bin/bash /tmp/create_users.sh
tags: add-nginx
notify: start nginx service
上面脚本内容:
# cat /ansible/script/create_users.sh
#!/bin/bash
name="www"
num=$(grep -c $name /etc/passwd)
if [ $num -eq 0 ];then
groupadd $name
useradd -g $name $name -s /sbin/nologin
fi
给nginx的主配置文件指定一个端口,通过设置一个变量,后面主配置里面会去引用
# cat vars/main.yml
ngxport: "8080"
主配置文件
# cat templates/nginx.conf
user www;
worker_processes {{ ansible_processor_vcpus }};
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user[$time_local] "$request" '
'$status $body_bytes_sent"$http_referer" '
'"$http_user_agent""$http_x_forwarded_for"';
access_log logs/access.log main;
sendfile on;
keepalive_timeout 65;
server {
listen {{ ngxport }};
server_name www.a.com;
access_log logs/a.com;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
include conf.d/*.conf;
}
定义触发器
# cat handlers/main.yml
- name: start nginx service
shell: /usr/local/nginx/sbin/nginx
我们这里要新增一个站点做测试,需要修改的目录(需要切换到conf目录中)有:
定义变量,用于配置文件的引用:
# cat vars/main.yml
server_name: "www.a.com" #每次新增站点时,可以修改此域名
root_dir: "/data/web"
因为新增站点时,是基于域名的虚拟主机,所以端口均为默认的80端口
编写新增站的配置文件:
# cat templates/temp_server.conf
server
{
listen 80;
server_name {{server_name}};
index index.php index.html;
root {{root_dir}};
}
在var目录中定义变量:
cat main.yml
server_name: "www.a.com"
root_dir: "/data/web"
编写配置nginx的tasks步骤哦:
cd tasks
cat main.yml
- name: create vhosts
shell: mkdir -p /usr/local/nginx/conf/conf.d/
tags: create_dir
- name: cp file nginx.conf
template: src=temp_server.conf dest=/usr/local/nginx/conf/conf.d/{{server_name}}.conf
tags: ngxconf
notify: reload nginx service
定义角色路径
#回到roles的上级目录下
cat nginx.yaml
- hosts: web1
remote_user: root
roles:
- install
- conf
测试:
ansible-playbook -C nginx.yaml
测试通过后可以真正去执行
ansible-playbook nginx.yaml