企业官网建设流程全解析

二手车网站怎么做的,数商云价格,制作网站的程序语言,网站竞价托管本文介绍Ansible基础概念、安装配置、常用模块#xff0c;以及实战批量部署案例。前言 管理1台服务器#xff0c;手工操作没问题。 管理10台服务器#xff0c;写脚本能应付。 管理100台服务器#xff0c;必须用自动化工具。 Ansible是最流行的自动化运维工具之一#xff0…本文介绍Ansible基础概念、安装配置、常用模块以及实战批量部署案例。前言管理1台服务器手工操作没问题。管理10台服务器写脚本能应付。管理100台服务器必须用自动化工具。Ansible是最流行的自动化运维工具之一无需在目标机器安装Agent基于SSH即可工作。今天来入门Ansible。一、Ansible简介1.1 为什么选择Ansible特点说明无Agent基于SSH目标机器无需安装客户端YAML语法Playbook易读易写幂等性多次执行结果一致模块丰富几千个现成模块推送模式从控制机推送到目标机1.2 Ansible架构┌─────────────────┐ │ 控制机 │ │ (Ansible) │ └────────┬────────┘ │ SSH ┌────────┴────────┐ │ │ ↓ ↓ ┌─────────┐ ┌─────────┐ │ 目标机1 │ │ 目标机2 │ │ (被管理) │ │ (被管理) │ └─────────┘ └─────────┘核心组件Inventory主机清单Module执行模块Playbook剧本任务编排Role角色可复用的Playbook集合二、安装配置2.1 安装Ansible# Ubuntu/Debianaptupdateaptinstallansible# CentOS/RHELyuminstallepel-release yuminstallansible# pip安装推荐版本更新pipinstallansible# 验证ansible --version2.2 配置SSH免密登录# 生成密钥如果没有ssh-keygen -t rsa -b4096# 复制公钥到目标机器ssh-copy-id user192.168.1.10 ssh-copy-id user192.168.1.11 ssh-copy-id user192.168.1.12# 测试sshuser192.168.1.102.3 配置Inventory# /etc/ansible/hosts 或 ./inventory # 单个主机 192.168.1.10 # 主机组 [webservers] 192.168.1.10 192.168.1.11 192.168.1.12 [dbservers] 192.168.1.20 ansible_usermysql # 带变量 [webservers:vars] ansible_userdeploy ansible_port22 # 组嵌套 [production:children] webservers dbservers2.4 ansible.cfg配置# ./ansible.cfg 或 /etc/ansible/ansible.cfg [defaults] inventory ./inventory remote_user deploy private_key_file ~/.ssh/id_rsa host_key_checking False timeout 30 [privilege_escalation] become True become_method sudo become_user root become_ask_pass False三、Ad-Hoc命令3.1 基本语法ansible主机/组-m模块-a参数3.2 常用示例# 测试连通性ansible all -mping# 执行命令ansible webservers -m shell -auptime# 查看内存ansible webservers -m shell -afree -h# 复制文件ansible webservers -m copy -asrc/tmp/file.txt dest/tmp/file.txt# 安装软件ansible webservers -mapt-anamenginx statepresent--become# 管理服务ansible webservers -mservice-anamenginx statestarted--become# 创建用户ansible webservers -m user -anamedeploy statepresent--become四、常用模块4.1 文件操作# copy - 复制文件-copy:src:/local/filedest:/remote/fileowner:rootmode:0644# file - 文件/目录管理-file:path:/data/appstate:directoryowner:deploymode:0755# template - 模板渲染-template:src:nginx.conf.j2dest:/etc/nginx/nginx.conf# lineinfile - 修改文件行-lineinfile:path:/etc/hostsline:192.168.1.100 myserverstate:present4.2 软件管理# apt - Debian系-apt:name:nginxstate:presentupdate_cache:yes# yum - RedHat系-yum:name:nginxstate:present# pip - Python包-pip:name:flaskstate:presentvirtualenv:/opt/app/venv4.3 服务管理# service/systemd-systemd:name:nginxstate:startedenabled:yesdaemon_reload:yes4.4 用户管理# user-user:name:deploygroups:sudoshell:/bin/bashstate:present# authorized_key-authorized_key:user:deploykey:{{ lookup(file, ~/.ssh/id_rsa.pub) }}五、Playbook编写5.1 基本结构# deploy.yml----name:Deploy Web Applicationhosts:webserversbecome:yesvars:app_name:myappapp_port:8080tasks:-name:Install required packagesapt:name:-nginx-python3-python3-pipstate:presentupdate_cache:yes-name:Create app directoryfile:path:/opt/{{app_name}}state:directoryowner:deploymode:0755-name:Copy application filescopy:src:./app/dest:/opt/{{app_name}}/owner:deploy-name:Start nginxsystemd:name:nginxstate:startedenabled:yes5.2 执行Playbook# 执行ansible-playbook deploy.yml# 检查语法ansible-playbook deploy.yml --syntax-check# 预演不真正执行ansible-playbook deploy.yml --check# 指定主机ansible-playbook deploy.yml --limit webservers# 显示详细信息ansible-playbook deploy.yml -v# -vv, -vvv更详细5.3 变量# 在Playbook中定义vars:http_port:80app_name:myapp# 在变量文件中vars_files:-vars/main.yml# 命令行传入ansible-playbook deploy.yml-e http_port8080# 使用变量tasks:-name:Configure porttemplate:src:config.j2dest:/etc/app/configvars:port:{{ http_port }}5.4 条件判断tasks:-name:Install nginx on Debianapt:name:nginxwhen:ansible_os_family Debian-name:Install nginx on RedHatyum:name:nginxwhen:ansible_os_family RedHat5.5 循环tasks:-name:Install packagesapt:name:{{ item }}state:presentloop:-nginx-vim-git-name:Create usersuser:name:{{ item.name }}groups:{{ item.groups }}loop:-{name:user1,groups:sudo}-{name:user2,groups:docker}5.6 Handlertasks:-name:Update nginx configtemplate:src:nginx.conf.j2dest:/etc/nginx/nginx.confnotify:Restart nginxhandlers:-name:Restart nginxsystemd:name:nginxstate:restarted六、实战案例6.1 批量初始化服务器# init_server.yml----name:Initialize Servershosts:allbecome:yestasks:-name:Update apt cacheapt:update_cache:yescache_valid_time:3600-name:Install basic packagesapt:name:-vim-curl-wget-htop-git-net-toolsstate:present-name:Set timezonetimezone:name:Asia/Shanghai-name:Configure sysctlsysctl:name:{{ item.key }}value:{{ item.value }}sysctl_set:yesloop:-{key:net.core.somaxconn,value:65535}-{key:vm.swappiness,value:10}-name:Create deploy useruser:name:deploygroups:sudoshell:/bin/bash-name:Set up SSH key for deploy userauthorized_key:user:deploykey:{{ lookup(file, ~/.ssh/id_rsa.pub) }}6.2 部署Nginx 应用# deploy_app.yml----name:Deploy Applicationhosts:webserversbecome:yesvars:app_name:myappapp_port:8080tasks:-name:Install Nginxapt:name:nginxstate:present-name:Configure Nginxtemplate:src:templates/nginx.conf.j2dest:/etc/nginx/sites-available/{{app_name}}notify:Restart nginx-name:Enable sitefile:src:/etc/nginx/sites-available/{{app_name}}dest:/etc/nginx/sites-enabled/{{app_name}}state:link-name:Deploy applicationcopy:src:app/dest:/opt/{{app_name}}/-name:Install dependenciespip:requirements:/opt/{{app_name}}/requirements.txtvirtualenv:/opt/{{app_name}}/venvhandlers:-name:Restart nginxsystemd:name:nginxstate:restarted6.3 组网批量部署如果你的服务器分布在不同地点可以先用组网软件如星空组网连接起来然后通过组网的虚拟IP进行Ansible管理# inventory [remote_servers] 10.10.0.1 ansible_host10.10.0.1 # 组网虚拟IP 10.10.0.2 ansible_host10.10.0.2 10.10.0.3 ansible_host10.10.0.3 [remote_servers:vars] ansible_userdeploy这样即使服务器没有公网IP也能通过组网进行批量管理非常方便。七、Role组织7.1 Role结构roles/ └── nginx/ ├── tasks/ │ └── main.yml ├── handlers/ │ └── main.yml ├── templates/ │ └── nginx.conf.j2 ├── files/ ├── vars/ │ └── main.yml └── defaults/ └── main.yml7.2 使用Role# site.yml----hosts:webserversbecome:yesroles:-nginx-php-mysql7.3 Ansible Galaxy# 搜索Roleansible-galaxy search nginx# 安装Roleansible-galaxyinstallgeerlingguy.nginx# 列出已安装ansible-galaxy list八、最佳实践8.1 目录结构project/ ├── ansible.cfg ├── inventory/ │ ├── production │ └── staging ├── group_vars/ │ ├── all.yml │ └── webservers.yml ├── host_vars/ │ └── 192.168.1.10.yml ├── roles/ │ ├── common/ │ └── nginx/ ├── playbooks/ │ ├── deploy.yml │ └── init.yml └── templates/8.2 安全建议# 使用Ansible Vault加密敏感信息ansible-vault create secrets.yml ansible-vault edit secrets.yml# 使用加密变量ansible-playbook deploy.yml --ask-vault-pass# 或使用密码文件ansible-playbook deploy.yml --vault-password-file ~/.vault_pass8.3 调试技巧# 打印变量-debug:var:ansible_facts# 打印消息-debug:msg:The value is {{ my_var }}# 注册结果-shell:whoamiregister:result-debug:var:result.stdout九、总结Ansible入门要点基础概念Inventory、Module、Playbook、RoleSSH免密Ansible基于SSH先配置好免密登录Ad-Hoc简单任务用命令行Playbook复杂任务用YAML编排幂等性多次执行结果一致模块化用Role组织可复用的配置常用命令速查# 测试连通性ansible all -mping# 执行命令ansible all -m shell -auptime# 执行Playbookansible-playbook deploy.yml# 检查语法ansible-playbook deploy.yml --syntax-check# 预演ansible-playbook deploy.yml --check参考资料Ansible官方文档https://docs.ansible.com/Ansible Galaxyhttps://galaxy.ansible.com/《Ansible权威指南》建议从简单的Ad-Hoc命令开始熟练后再写Playbook。不要一开始就追求完美的Role结构。