内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文
风哥提示:
档介绍Ansible在企业环境中的实战案例。
Part01-大规模服务器部署
1.1 批量服务器初始化
[root@ansible ~]# cat > /fglinux/ansible/playbooks/server_init.yml << 'EOF' --- - name: 服务器批量初始化 hosts: new_servers become: yes serial: 20 vars: admin_users: - name: admin uid: 1000 key: "{{ lookup('file', 'keys/admin.pub') }}" - name: ops uid: 1001 key: "{{ lookup('file', 'keys/ops.pub') }}" base_packages: - vim - wget - curl - htop - iotop - net-tools - sysstat - lsof - tree - jq tasks: - name: 配置主机名 hostname: name: "{{ inventory_hostname }}" - name: 配置hosts文件 template: src: hosts.j2 dest: /etc/hosts backup: yes - name: 创建管理员用户 user: name: "{{ item.name }}" uid: "{{ item.uid }}" groups: wheel shell: /bin/bash state: present loop: "{{ admin_users }}" - name: 配置SSH密钥 authorized_key: user: "{{ item.name }}" key: "{{ item.key }}" state: present loop: "{{ admin_users }}" - name: 配置sudo权限 lineinfile: path: /etc/sudoers.d/admin line: "{{ item.name }} ALL=(ALL) NOPASSWD: ALL" create: yes mode: '0440' loop: "{{ admin_users }}" - name: 安装基础软件包 dnf: name: "{{ base_packages }}" state: present - name: 配置系统参数 sysctl: name: "{{ item.key }}" value: "{{ item.value }}" state: present reload: yes loop: - { key: 'net.core.somaxconn', value: '65535' } - { key: 'vm.swappiness', value: '10' } - { key: 'fs.file-max', value: '1000000' } - name: 配置时间同步 template: src: chrony.conf.j2 dest: /etc/chrony.conf backup: yes notify: Restart chrony - name: 配置日志轮转 template: src: logrotate.conf.j2 dest: /etc/logrotate.d/fgedu mode: '0644' - name: 配置监控Agent include_role: name: zabbix-agent - name: 配置日志收集 include_role: name: filebeat - name: 安全加固 include_role: name: security-hardening - name: 生成初始化报告 copy: content: | 服务器初始化报告 ================ 主机名: {{ inventory_hostname }} IP地址: {{ ansible_default_ipv4.address }} 初始化时间: {{ ansible_date_time.iso8601 }} 管理员用户: {{ admin_users | map(attribute='name') | join(', ') }} 软件包数量: {{ base_packages | length }} dest: /root/init_report.txt handlers: - name: Restart chrony service: name: chronyd state: restarted EOF # 执行服务器初始化 [root@ansible ~]# ansible-playbook /fglinux/ansible/playbooks/server_init.yml -f 50 PLAY [服务器批量初始化] ****************************************************** TASK [Gathering Facts] ****************************************************** ok: [server001.fgedu.net.cn] ok: [server002.fgedu.net.cn] ... ok: [server020.fgedu.net.cn] TASK [配置主机名] *********************************************************** changed: [server001.fgedu.net.cn] changed: [server002.fgedu.net.cn] ... TASK [配置hosts文件] ******************************************************** changed: [server001.fgedu.net.cn] changed: [server002.fgedu.net.cn] ... TASK [创建管理员用户] ******************************************************** changed: [server001.fgedu.net.cn] => (item={‘name’: ‘admin’, ‘uid’: 1000, …})
changed: [server002.学习交流加群风哥微信: itpux-comfgedu.net.cn] => (item={‘name’: ‘admin’, ‘uid’: 1000, …})
…
PLAY RECAP ******************************************************************
server001.fgedu.net.cn : ok=12 changed=10 unreachable=0 failed=0
server002.fgedu.net.cn : ok=12 changed=10 unreachable=0 failed=0
…
server020.fgedu.net.cn : ok=12 changed=10 unreachable=0 failed=0
Part02-应用发布系统
2.1 自动化发布流程
[root@ansible ~]# cat > /fglinux/ansible/playbooks/app_release.yml << 'EOF' --- - name: 应用发布系统 hosts: app_servers become: yes serial: 1 vars: app_name: fgedu_web app_version: "{{ lookup('env', 'APP_VERSION') | default('latest') }}" deploy_strategy: rolling health_check_url: /health health_check_timeout: 60 tasks: - name: 显示发布信息 debug: msg: | 开始发布应用 应用名称: {{ app_name }} 版本: {{ app_version }} 策略: {{ deploy_strategy }} - name: 从负载均衡移除 uri: url: "http://{{ lb_server }}/api/v1/servers/{{ ansible_default_ipv4.address }}/disable" method: POST status_code: 200 delegate_to: localhost - name: 等待连接排空 wait_for: port: 8080 state: drained timeout: 30 - name: 停止应用服务 service: name: "{{ app_name }}" state: stopped - name: 备份当前版本 command: | cp -r {{ deploy_dir }}/current {{ deploy_dir }}/backup/{{ ansible_date_time.epoch }} when: ansible_stat.exists - name: 部署新版本 unarchive: src: "{{ artifact_repo }}/{{ app_name }}-{{ app_version }}.tar.gz" dest: "{{ deploy_dir }}/releases/{{ app_version }}" remote_src: yes - name: 更新符号链接 file: src: "{{ deploy_dir }}/releases/{{ app_version }}" dest: "{{ deploy_dir }}/current" state: link - name: 执行数据库迁移 command: "{{ deploy_dir }}/current/bin/migrate" when: db_migration | default(false) - name: 启动应用服务 service: name: "{{ app_name }}" state: started - name: 等待服务就绪 wait_for: port: 8080 delay: 5 timeout: "{{ health_check_timeout }}" - name: 健康检查 uri: url: "http://localhost:8080{{ health_check_url }}" return_content: yes register: health_result until: health_result.status == 200 and 'ok' in health_result.content retries: 10 delay: 5 - name: 加入负载均衡 uri: url: "http://{{ lb_server }}/api/v1/servers/{{ ansible_default_ipv4.address }}/enable" method: POST status_code: 200 delegate_to: localhost - name: 发送发布通知 mail: host: smtp.fgedu.net.cn to: ops@fgedu.net.cn subject: "[发布完成] {{ app_name }} {{ app_version }}" body: | 应用发布完成 应用: {{ app_name }} 版本: {{ app_version }} 主机: {{ inventory_hostname }} 时间: {{ ansible_date_time.iso8601 }} delegate_to: localhost EOF # 执行应用发布 [root@ansible ~]# ansible-playbook /fglinux/ansible/playbooks/app_release.yml -e "app_version=v2.0.0" PLAY [应用发布系统] ********************************************************** TASK [Gathering Facts] ******************************************************from PG视频:www.itpux.com ok: [app1.fgedu.net.cn] TASK [显示发布信息] ********************************************************** ok: [app1.fgedu.net.cn] => {
“msg”: “开始发布应用\n应用名称: fgedu_web\n版本: v2.0.0\n策略: rolling”
}
TASK [从负载均衡移除] ********************************************************
ok: [app1.fgedu.net.cn]
TASK [等待连接排空] **********************************************************
ok: [app1.fgedu.net.cn]
TASK [停止应用服务] **********************************************************
更多学习教程公众号风哥教程itpux_comchanged: [app1.fgedu.net.cn]
TASK [备份当前版本] **********************************************************
changed: [app1.fgedu.net.cn]
TASK [部署新版本] ***********************************************************
changed: [app1.fgedu.net.cn]
TASK [更新符号链接] **********************************************************
changed: [app1.更多视频教程www.fgedu.net.cnfgedu.net.cn]
TASK [启动应用服务] **********************************************************
changed: [app1.fgedu.net.cn]
TASK [等待服务就绪] ************************************学习交流加群风哥QQ113257174**********************
ok: [app1.fgedu.net.cn]
TASK [健康检查] *************************************************************
ok: [app1.fgedu.net.cn]
TASK [加入负载均衡] **********************************************************
ok: [app1.fgedu.net.cn]
TASK [发送发布通知] **********************************************************
ok: [app1.fgedu.net.cn]
PLAY RECAP ******************************************************************
app1.fgedu.net.cn : ok=13 changed=5 unreachable=0 failed=0
- 使用滚动更新策略
- 配置健康检查机制
- 实现自动化回滚
- 记录发布日志
- 配置告警通知
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
