(241223)
环境
| 系统 | ip | 主机名 | 域名 |
|---|---|---|---|
| debian12.8 | 192.168.100.6 | ansible-main | ansible-main.example.com |
| debian12.8 | 192.168.100.12 | ansible-node1 | ansible-node1.example.com |
| debian12.8 | 192.168.100.15 | ansible-node2 | ansible-node2.example.com |
| debian12.8 | 192.168.100.16 | ansible-node3 | ansible-node3.example.com |
Ansible-2.9.13
Nginx-1.26.2
MySQL-8.0.40
Tomcat-10.1.34
Java-JDK11
基本配置
sudo apt-get update && apt-get upgrade
sudo apt-get install vim
/etc/hostname
ansible-main
/etc/network/interfaces
auto lo
iface lo inet loopback
auto ens33
iface ens33 inet static
address 192.168.100.12
netmask 255.255.255.0
gateway 192.168.100.254
search localdomain
nameserver 8.8.8.8
nameserver 114.114.114.114
/etc/ssh/sshd_config
PermitRootLogin yes
PubkeyAuthentication no
ssh-keygen -t rsa -b 4096
main连通其他node
for i in main node1 node2 node3; do ssh-copy-id root@ansible-$i; done
安装Ansible
sudo apt update && apt upgrade
sudo apt -y install python3 python3-pip python3-dev libffi-dev gcc libssl-dev
wget https://releases.ansible.com/ansible/ansible-2.9.13.tar.gz
tar -zxvf ansible-2.9.13.tar.gz
cd ansible-2.9.13
python3 setup.py build
python3 setup.py install
任务结构
ansible_lnmt/
├── common/
│ ├── tasks/
│ │ └── main.yml
│ └── handlers/
│ └── main.yml
├── nginx/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── nginx.conf.j2
│ └── handlers/
│ └── main.yml
├── mysql/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── my.cnf.j2
│ └── handlers/
│ └── main.yml
├── tomcat/
│ ├── tasks/
│ │ └── main.yml
│ ├── templates/
│ │ └── server.xml.j2
│ └── handlers/
│ └── main.yml
├── java/
│ ├── tasks/
│ │ └── main.yml
│ └── handlers/
│ └── main.yml
inventory
[all]
ansible-main ansible_host=192.168.100.6
ansible-node1 ansible_host=192.168.100.12
ansible-node2 ansible_host=192.168.100.15
ansible-node3 ansible_host=192.168.100.16
[all:vars]
ansible_user=root
ansible_ssh_private_key_file='SSH私钥路径'
执行脚本Playbook
ansible_lnmt.yml
---
- name: Deploy LNMT Environment
hosts: all
become: yes
vars_files:
- vars/main.yml
roles:
- common
- java
- mysql
- tomcat
- nginx
handlers:
- name: restart nginx
service:
name: nginx
state: restarted
- name: restart mysql
service:
name: mysql
state: restarted
- name: restart tomcat
service:
name: tomcat
state: restarted
vars/main.yml
---
mysql_root_password: "mysql_root_password"
java_version: "11"
nginx_version: "1.26.2"
mysql_version: "8.0.40"
tomcat_version: "10.1.34"
roles/common/tasks/main.yml
---
- name: Update system packages
apt:
update_cache: yes
upgrade: dist
- name: Disable swap
command: swapoff -a
notify: update fstab to disable swap
- name: Update /etc/fstab to disable swap
lineinfile:
path: /etc/fstab
regexp: '^UUID=.*swap'
state: absent
- name: Install required packages
apt:
name:
- build-essential
- libpcre3
- libpcre3-dev
- zlib1g
- zlib1g-dev
- libssl-dev
- libaio1
- libaio-dev
- libncurses5-dev
- libncursesw5-dev
- libreadline-dev
- libsqlite3-dev
- libgdbm-dev
- libdb5.3-dev
- libbz2-dev
- libexpat1-dev
- liblzma-dev
- tk-dev
- libffi-dev
- wget
- curl
- gnupg
- software-properties-common
state: present
- name: Stop and disable ufw
service:
name: ufw
state: stopped
enabled: no
roles/common/handlers/main.yml
---
- name: update fstab to disable swap
command: sed -i '/swap/d' /etc/fstab
roles/java/tasks/main.yml
---
- name: Add Oracle Java PPA
apt_repository:
repo: ppa:linuxuprising/java
state: present
- name: Install Oracle Java {{ java_version }}
apt:
name: oracle-java{{ java_version }}-installer
state: present
- name: Set default Java version
apt:
name: oracle-java{{ java_version }}-set-default
state: present
roles/mysql/tasks/main.yml
---
- name: Download MySQL {{ mysql_version }} source
get_url:
url: https://dev.mysql.com/get/Downloads/MySQL-8.0/mysql-{{ mysql_version }}.tar.gz
dest: /tmp/mysql-{{ mysql_version }}.tar.gz
- name: Extract MySQL source
unarchive:
src: /tmp/mysql-{{ mysql_version }}.tar.gz
dest: /opt
remote_src: yes
- name: Install MySQL build dependencies
apt:
name:
- build-essential
- cmake
- libncurses5-dev
- libssl-dev
- libaio-dev
- libaio1
- libnuma-dev
- libevent-dev
- libjemalloc-dev
- libtirpc-dev
- libgflags-dev
- liblz4-dev
- libzstd-dev
- liblzma-dev
- bison
- flex
state: present
- name: Create MySQL build directory
file:
path: /opt/mysql-{{ mysql_version }}/build
state: directory
- name: Configure MySQL
command: >
cmake ..
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql
-DMYSQL_DATADIR=/usr/local/mysql/data
-DSYSCONFDIR=/etc
-DWITH_INNOBASE_STORAGE_ENGINE=1
-DWITH_PARTITION_STORAGE_ENGINE=1
-DWITH_FEDERATED_STORAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1
-DWITH_MYISAM_STORAGE_ENGINE=1
-DENABLED_LOCAL_INFILE=1
-DENABLE_DTRACE=0
-DDEFAULT_CHARSET=utf8mb4
-DDEFAULT_COLLATION=utf8mb4_general_ci
-DWITH_SSL=system
-DWITH_ZLIB=system
-DWITH_EMBEDDED_SERVER=1
-DWITH_READLINE=1
-DWITH_UNIT_TESTS=OFF
-DINSTALL_LAYOUT=STANDALONE
-DCMAKE_BUILD_TYPE=Release
args:
chdir: /opt/mysql-{{ mysql_version }}/build
- name: Compile and install MySQL
command: >
make -j$(nproc) && make install
args:
chdir: /opt/mysql-{{ mysql_version }}/build
- name: Create MySQL data directory
file:
path: /usr/local/mysql/data
state: directory
owner: mysql
group: mysql
- name: Create MySQL user and group
group:
name: mysql
state: present
user:
name: mysql
shell: /bin/false
home: /usr/local/mysql
create_home: no
system: yes
- name: Initialize MySQL data directory
command: >
/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data
- name: Copy MySQL configuration file
template:
src: my.cnf.j2
dest: /etc/my.cnf
notify: restart mysql
- name: Create systemd service file for MySQL
template:
src: mysql.service.j2
dest: /etc/systemd/system/mysql.service
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Ensure MySQL is started and enabled
service:
name: mysql
state: started
enabled: yes
- name: Set MySQL root password
command: >
/usr/local/mysql/bin/mysqladmin -u root password '{{ mysql_root_password }}'
roles/mysql/templates/my.cnf.j2
[mysqld]
bind-address = 0.0.0.0
socket = /var/run/mysqld/mysqld.sock
datadir = /usr/local/mysql/data
log-error = /var/log/mysql/error.log
pid-file = /var/run/mysqld/mysqld.pid
[client]
socket = /var/run/mysqld/mysqld.sock
roles/mysql/templates/mysql.service.j2
[Unit]
Description=MySQL Server
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf --user=mysql
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=on-failure
PrivateTmp=true
[Install]
WantedBy=multi-user.target
roles/tomcat/tasks/main.yml
---
- name: Download Tomcat {{ tomcat_version }}
get_url:
url: https://downloads.apache.org/tomcat/tomcat-10/v{{ tomcat_version }}/bin/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz
- name: Extract Tomcat
unarchive:
src: /tmp/apache-tomcat-{{ tomcat_version }}.tar.gz
dest: /opt
remote_src: yes
- name: Create Tomcat user
user:
name: tomcat
shell: /bin/false
home: /opt/apache-tomcat-{{ tomcat_version }}
- name: Change ownership of Tomcat directory
file:
path: /opt/apache-tomcat-{{ tomcat_version }}
owner: tomcat
group: tomcat
recurse: yes
- name: Copy Tomcat configuration file
template:
src: server.xml.j2
dest: /opt/apache-tomcat-{{ tomcat_version }}/conf/server.xml
- name: Create systemd service file for Tomcat
template:
src: tomcat.service.j2
dest: /etc/systemd/system/tomcat.service
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Ensure Tomcat is started and enabled
service:
name: tomcat
state: started
enabled: yes
roles/tomcat/templates/server.xml.j2
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
roles/tomcat/templates/tomcat.service.j2
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/java-{{ java_version }}-oracle
Environment=CATALINA_PID=/opt/apache-tomcat-{{ tomcat_version }}/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/apache-tomcat-{{ tomcat_version }}
Environment=CATALINA_BASE=/opt/apache-tomcat-{{ tomcat_version }}
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/apache-tomcat-{{ tomcat_version }}/bin/startup.sh
ExecStop=/opt/apache-tomcat-{{ tomcat_version }}/bin/shutdown.sh
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
roles/nginx/tasks/main.yml
---
- name: Download Nginx {{ nginx_version }} source
get_url:
url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
dest: /tmp/nginx-{{ nginx_version }}.tar.gz
- name: Extract Nginx source
unarchive:
src: /tmp/nginx-{{ nginx_version }}.tar.gz
dest: /opt
remote_src: yes
- name: Install Nginx dependencies
apt:
name:
- libpcre3
- libpcre3-dev
- zlib1g
- zlib1g-dev
- libssl-dev
state: present
- name: Configure Nginx
command: cd /opt/nginx-{{ nginx_version }} && ./configure --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module
- name: Compile and install Nginx
command: cd /opt/nginx-{{ nginx_version }} && make && make install
- name: Create Nginx user
user:
name: nginx
shell: /bin/false
home: /var/lib/nginx
- name: Change ownership of Nginx directories
file:
path: /usr/local/nginx
owner: nginx
group: nginx
recurse: yes
- name: Copy Nginx configuration file
template:
src: nginx.conf.j2
dest: /usr/local/nginx/conf/nginx.conf
notify: restart nginx
- name: Create systemd service file for Nginx
template:
src: nginx.service.j2
dest: /etc/systemd/system/nginx.service
- name: Reload systemd daemon
systemd:
daemon_reload: yes
- name: Ensure Nginx is started and enabled
service:
name: nginx
state: started
enabled: yes
roles/nginx/templates/nginx.conf.j2
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
upstream tomcat_servers {
server 192.168.100.12:8080;
server 192.168.100.15:8080;
server 192.168.100.16:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://tomcat_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
roles/nginx/templates/nginx.service.j2
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
check_deployment.yml
---
- name: Check LNMT Deployment
hosts: all
become: yes
tasks:
- name: Check Nginx service status
service_facts:
- name: Verify Nginx is running
assert:
that:
- ansible_facts.services.nginx.state == 'running'
- name: Check MySQL service status
service_facts:
- name: Verify MySQL is running
assert:
that:
- ansible_facts.services.mysql.state == 'running'
- name: Check Tomcat service status
service_facts:
- name: Verify Tomcat is running
assert:
that:
- ansible_facts.services.tomcat.state == 'running'
ansible-playbook deploy_lnmt.yml
ansible-playbook check_deployment.yml