# 下载Ansible Tower
[root@fgedu-tower ~]# wget https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-4.6.0.tar.gz
[root@fgedu-tower ~]# tar xzf ansible-tower-setup-4.6.0.tar.gz
[root@fgedu-tower ~]# cd ansible-tower-setup-4.6.0

# 配置inventory
[root@fgedu-tower ansible-tower-setup-4.6.0]# cat > inventory << 'EOF' [tower] localhost ansible_connection=local [database] localhost ansible_connection=local [all:vars] admin_password='Tower@123' pg_host='localhost' pg_port='5432' pg_database='awx' pg_username='awx' pg_password='Awx@123' EOF # 安装Tower [root@fgedu-tower ansible-tower-setup-4.6.学习交流加群风哥微信: itpux-com0]# ./setup.sh PLAY [Install Tower] ********************************************************** TASK [preflight_checks : Ensure Tower is only installed on supported operating systems] ok: [localhost] => {“changed”: false}
…
PLAY RECAP *********************************************************************
localhost : ok=123 changed=45 unreachable=0 failed=0

# 访问Tower Web界面
[root@fgedu-tower ~]# curl -s http://localhost/api/v2/ping/ | jq
{
“ha”: false,
“version”: “4.6.0”,
“active_node”: “fgedu-tower”
}

# 创建项目目录
[root@fgedu-tower ~]# mkdir -p /var/lib/awx/projects/fgedu-automation

# 创建Playbook
[root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/site.yml << 'EOF' --- - name: FGEDU服务器配置 hosts: all become: yes tasks: - name: 更新系统包 yum: name: '*' state: latest update_cache: yes when: ansible_os_family == 'RedHat' - name: 安装基础软件 yum: name: - vim - wget - curl - net-tools - htop state: present - name: 配置系统参数 sysctl: name: "{{ item.name }}" value: "{{ item.value }}" state: present loop: - { name: 'net.core.somaxconn', value: '65535' } - { name: 'vm.swappiness', value: '10' } - { name: 'net.ipv4.ip_forward', value: '1' } - name: 创建运维用户 user: name: fgedu shell: /bin/bash groups: wheel append: yes - name: 配置SSH密钥 authorized_key: user: fgedu key: "{{ lookup('file', '/var/lib/awx/projects/fgedu-automation/keys/fgedu.pub') }}" - name: 配置NTP yum: name: chrony state: present notify: restart chrony handlers: - name: restart chrony service: name: chronyd state: restarted EOF # 创建主机清单 [root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/inventory << 'EOF' [web_servers] fgedu-web1 ansible_host=192.168.1.20 fgedu-web2 ansible_host=192.168.更多视频教程www.fgedu.net.cn1.21 fgedu-web3 ansible_host=192.168.1.22 [db_servers] fgedu-db1 ansible_host=192.168.1.30 fgedu-db2 ansible_host=192.168.1.31 [all:vars] ansible_user=root ansible_ssh_private_key_file=/var/lib/awx/projects/fgedu-automation/keys/fgedu.pem EOF

# 创建部署Playbook
[root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/deploy.yml << 'EOF' --- - name: 部署Web应用 hosts: web_servers become: yes serial: 1 tasks: - name: 从负载均衡移除节点 uri: url: "http://{{ lb_host }}/api/backend/{{ inventory_hostname }}/disable" method: POST delegate_to: localhost - name: 停止应用服务 service: name: nginx state: stopped - name: 更新应用代码 git: repo: http://git.fgedu.net.cn/fgedu/app.git dest: /var/www/fgedu version: "{{ deploy_version }}" - name: 安装依赖 command: npm install --production args: chdir: /var/www/fgedu - name: 启动应用服务 service: name: nginx state: started - name: 等待服务就绪 wait_for: port: 80 delay: 5 timeout: 60 - name: 添加到负载均衡 uri: url: "http://{{ lb_host }}/api/backend/{{ inventory_hostname }}/enable" method: POST delegate_to: localhost - name: 健康检查 uri: url: "http://{{ inventory_hostname }}/health" return_content: yes register: health until: health.content == "OK" retries: 3 delay: 10 EOF # 创建备份Playbook [root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/backup.yml << 'EOF' --- - name: 系统备份 hosts: all become: yes tasks: - name: 创建备份目录 file: path: /backup/{{ ansible_date_time.date }} state: directory mode: '0755' - name: 备份配置文件 archive: path: - /etc - /var/spool/cron dest: /backup/{{ ansible_date_time.date }}/config.tar.gz format: gz - name: 备份数据库 mysql_db: name: all state: dump target: /backup/{{ ansible_date_time.date }}/database.sql.gz when: "'db_servers' in group_names" - name: 同步到备份服务器 synchronize: src: /backup/{{ ansible_date_time.date }} dest: rsync://backup.fgedu.net.cn/backup/{{ inventory_hostname }}/ mode: push EOF

# 创建报告生成脚本
[root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/report.yml << 'EOF' --- - name: 生成运维报告 hosts: all become: yes tasks: - name: 收集系统信息 setup: gather_subset: - hardware - network - virtual - name: 获取系统状态 set_fact: system_info: hostname: "{{ ansible_hostname }}" ip: "{{ ansible_default_ipv4.address }}" os: "{{ ansible_distribution }} {{ ansible_distribution_version }}" kernel: "{{ ansible_kernel }}" cpu_cores: "{{ ansible_processor_vcpus }}" memory_total: "{{ (ansible_memtotal_mb / 1024) | round(1) }}GB" disk_total: "{{ (ansible_mounts | map(attribute='size_total') | sum / 1073741824) | round(1) }}GB" - name: 获取服务状态 service_facts: - name: 生成报告 template: src: report.j2 dest: /tmp/{{ inventory_hostname }}_report.txt delegate_to: localhost - name: 合并报告 assemble: src: /tmp dest: /var/lib/awx/projects/fgedu-automation/reports/daily_report_{{ ansible_date_time.date }}.txt regexp: '_report\.txt$' delegate_to: localhost run_once: yes EOF # 创建报告模板 [root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/templates/report.j2 << 'EOF' ======================================== 服务器运维报告 ======================================== 主机名: {{ system_info.hostname }} IP地址: {{ system_info.ip }} 操作系统: {{ system_info.os }} 内核版本: {{ system_info.kernel }} 资源信息: - CPU核心: {{ system_info.cpu_cores }} - 内存总量: {{ system_info.memory_total }} - 磁盘总量: {{ system_info.disk_total }} 服务状态: {% for service in ansible_facts.services.keys() | list %} - {{ service }}: {{ ansible_facts.services[service].state }} {% endfor %} 生成时间: {{ ansible_date_time.iso8601 }} ======================================== EOF # 配置定时任务 [root@fgedu-tower ~]# cat > /var/lib/awx/projects/fgedu-automation/schedules.yml << 'EOF' --- - name: 配置定时任务 hosts: localhost gather_facts: no tasks: - name: 每日备份 tower_schedule: name: "Daily Backup" state: present unified_job_template: "System Backup" rrule: "DTSTART:20260101T020000 RRULE:FREQ=DAILY;INTERVAL=1" - name: 每周报告 tower_schedule: name: "Weekly Report" state: present unified_job_template: "Generate Report" rrule: "DTSTART:20260101T080000 RRULE:FREQ=WEEKLY;BYDAY=MO" EOF