├── LICENSE ├── README.md ├── elfk ├── README.md ├── elfk.yml └── roles │ ├── elasticsearch_install │ ├── tasks │ │ ├── copy.yml │ │ └── main.yml │ ├── templates │ │ ├── elasticsearch │ │ ├── elasticsearch.conf │ │ └── elasticsearch.service │ └── vars │ │ └── main.yml │ ├── filebeat_install │ ├── tasks │ │ ├── copy.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ └── filebeat.service │ └── vars │ │ └── main.yml │ ├── head_install │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── elasticsearch-head │ │ └── node_PATH │ └── vars │ │ └── main.yml │ ├── java_install │ ├── tasks │ │ ├── copy.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── java_PATH │ │ └── limits.conf │ └── vars │ │ └── main.yml │ ├── kibana_install │ ├── files │ │ └── Kibana_Hanization-master.zip │ ├── tasks │ │ ├── chinesization.yml │ │ ├── copy.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── kibana │ │ ├── kibana.conf │ │ └── kibana.service │ └── vars │ │ └── main.yml │ ├── logstash_install │ ├── tasks │ │ ├── copy.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── logstash │ │ ├── logstash.conf │ │ └── logstash.service │ └── vars │ │ └── main.yml │ └── nginx_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ ├── fastcgi_params │ ├── kibana.conf │ ├── nginx.conf │ └── nginx.service │ └── vars │ └── main.yml ├── k8s ├── README.md ├── k8s.yml └── roles │ ├── addons_install │ ├── tasks │ │ ├── calico.yml │ │ ├── ingress.yml │ │ └── main.yml │ ├── templates │ │ ├── calico-rbac.yaml │ │ ├── calico.yaml │ │ └── ingress-nginx.yaml │ └── vars │ │ └── main.yml │ ├── docker_install │ ├── tasks │ │ ├── install.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── daemon.json │ │ ├── install.sh │ │ ├── kubernetes.conf │ │ └── kubernetes.repo │ └── vars │ │ └── main.yml │ ├── master_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ └── kubeadm-config.yaml │ └── vars │ │ └── main.yml │ └── node_install │ ├── tasks │ ├── install.yml │ └── main.yml │ └── vars │ └── main.yml ├── k8s_ha ├── README.md ├── k8s.yml └── roles │ ├── addons_install │ ├── tasks │ │ ├── calico.yml │ │ ├── dashboard.yml │ │ └── main.yml │ ├── templates │ │ ├── calico-rbac-kdd.yaml │ │ ├── calico.yaml │ │ └── dashboard-all.yaml │ └── vars │ │ └── main.yml │ ├── docker_install │ ├── tasks │ │ ├── install.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── daemon.json │ │ ├── kubernetes.conf │ │ └── kubernetes.repo │ └── vars │ │ └── main.yml │ ├── init_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── check-apiserver.sh │ │ ├── keepalived-master.conf │ │ └── kubeadm-config.yaml │ └── vars │ │ └── main.yml │ ├── master_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── check-apiserver.sh │ │ └── keepalived-backup.conf │ └── vars │ │ └── main.yml │ └── node_install │ ├── tasks │ ├── install.yml │ └── main.yml │ └── vars │ └── main.yml ├── lnmp ├── README.md ├── lnmp.yml └── roles │ ├── mysql_install │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ ├── main.yaml │ │ └── prepare.yml │ ├── templates │ │ ├── change_passwd.sh │ │ ├── my.cnf │ │ └── mysqld.service │ └── vars │ │ └── main.yml │ ├── nginx_install │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── fastcgi_params │ │ ├── nginx.conf │ │ ├── nginx.service │ │ └── server.conf │ └── vars │ │ └── main.yml │ └── php_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ └── main.yml │ ├── templates │ └── php-fpm.conf │ └── vars │ └── main.yml ├── mysql ├── README.md ├── mysql.yml └── roles │ └── mysql_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yaml │ └── prepare.yml │ ├── templates │ ├── change_passwd.sh │ ├── my.cnf │ └── mysqld.service │ └── vars │ └── main.yml ├── nginx+keepalived+lvs ├── README.md ├── nginx+keepalived+lvs.yml └── roles │ ├── keepalived_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── check_nginx.sh │ │ ├── keepalived_backup.conf │ │ └── keepalived_master.conf │ └── vars │ │ └── main.yml │ ├── lvs_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── lvs_dr_dir.sh │ │ └── lvs_dr_rs.sh │ └── vars │ │ └── main.yml │ └── nginx_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ ├── fastcgi_params │ ├── nginx.conf │ ├── nginx.service │ └── server.conf │ └── vars │ └── main.yml ├── nginx+keepalived ├── README.md ├── nginx+keepalived.yml └── roles │ ├── keepalived_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── check_nginx.sh │ │ ├── keepalived_backup.conf │ │ └── keepalived_master.conf │ └── vars │ │ └── main.yml │ └── nginx_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ ├── fastcgi_params │ ├── nginx.conf │ ├── nginx.service │ └── server.conf │ └── vars │ └── main.yml ├── nginx ├── README.md ├── nginx.yml └── roles │ └── nginx_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ ├── fastcgi_params │ ├── nginx.conf │ ├── nginx.service │ └── server.conf │ └── vars │ └── main.yml ├── php ├── README.md ├── php.yml └── roles │ └── php_install │ ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ └── php-fpm.conf │ └── vars │ └── main.yml ├── swarm ├── README.md ├── roles │ ├── docker_install │ │ ├── tasks │ │ │ ├── install.yml │ │ │ ├── main.yml │ │ │ └── prepare.yml │ │ └── vars │ │ │ └── main.yml │ ├── init_install │ │ └── tasks │ │ │ ├── install.yml │ │ │ └── main.yml │ ├── manager_install │ │ └── tasks │ │ │ ├── install.yml │ │ │ └── main.yml │ ├── scope_install │ │ └── tasks │ │ │ ├── install.yml │ │ │ └── main.yml │ └── worker_install │ │ └── tasks │ │ ├── install.yml │ │ └── main.yml └── swarm.yml ├── tomcat ├── README.md ├── roles │ └── tomcat_install │ │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ ├── main.yml │ │ └── prepare.yml │ │ ├── templates │ │ ├── jdk_PATH │ │ └── tomcat │ │ └── vars │ │ └── main.yml └── tomcat.yml └── zabbix ├── README.md ├── roles ├── agent_install │ ├── tasks │ │ ├── install.yml │ │ └── main.yml │ └── vars │ │ └── main.yml ├── mysql_install │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ ├── main.yml │ │ └── prepare.yml │ ├── templates │ │ ├── change_passwd.sh │ │ ├── my.cnf │ │ └── mysqld.service │ └── vars │ │ └── main.yml ├── nginx_install │ ├── files │ │ ├── lzxlinux.crt │ │ └── lzxlinux.key │ ├── tasks │ │ ├── copy.yml │ │ ├── install.yml │ │ └── main.yml │ ├── templates │ │ ├── nginx.conf │ │ ├── nginx.service │ │ └── zabbix.conf │ └── vars │ │ └── main.yml └── server_install │ ├── tasks │ ├── config.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml │ ├── templates │ ├── mysql_config.sh │ └── zabbix.conf │ └── vars │ └── main.yml ├── zabbix.png └── zabbix.yml /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 [Tobewont] 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Ansible-Playbook 2 | Use ansible-playbook to install common software in batches. 3 | -------------------------------------------------------------------------------- /elfk/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,批量部署ELFK集群 2 | -------------------------------------------------------------------------------- /elfk/elfk.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: elasticsearch 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - java_install 8 | - elasticsearch_install 9 | 10 | - hosts: logstash 11 | remote_user: root 12 | gather_facts: True 13 | 14 | roles: 15 | - java_install 16 | - logstash_install 17 | 18 | - hosts: filebeat 19 | remote_user: root 20 | gather_facts: True 21 | 22 | roles: 23 | - filebeat_install 24 | 25 | - hosts: kibana 26 | remote_user: root 27 | gather_facts: True 28 | 29 | roles: 30 | - kibana_install 31 | - head_install 32 | - nginx_install 33 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建elk用户组 2 | group: name={{ ELFK_USER }} state=present 3 | 4 | - name: 创建elfk用户 5 | user: name={{ ELFK_USER }} group={{ ELFK_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 9 | 10 | - name: 创建elfk目录 11 | file: name={{ ELFK_DIR }} state=directory recurse=yes 12 | ignore_errors: yes 13 | 14 | #当前主机files目录下没有elasticsearch包 15 | #- name: 下载elasticsearch包 16 | # get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} 17 | 18 | #当前主机files目录下已有elasticsearch包 19 | - name: 拷贝现有elasticsearch包到目标主机 20 | copy: src=elasticsearch-{{ ES_VER }}.tar.gz dest={{ SOURCE_DIR }} 21 | 22 | - name: 解压elasticsearch包 23 | shell: "tar zxf elasticsearch-{{ ES_VER }}.tar.gz" 24 | args: 25 | chdir: "{{ SOURCE_DIR }}" 26 | warn: False 27 | 28 | - name: 目录重命名 29 | shell: "if [ ! -d {{ ELFK_DIR }}/elasticsearch ]; then mv {{ SOURCE_DIR }}/elasticsearch-{{ ES_VER }}/ {{ ELFK_DIR }}/elasticsearch; fi" 30 | 31 | - name: 创建数据、pid目录 32 | file: name={{ item }} state=directory recurse=yes 33 | with_items: 34 | - "{{ ELFK_DIR }}/elasticsearch/data" 35 | - "{{ ELFK_DIR }}/elasticsearch/run" 36 | 37 | - name: 创建pid文件 38 | file: name={{ item }} state=touch 39 | with_items: 40 | - "{{ ELFK_DIR }}/elasticsearch/run/elasticsearch.pid" 41 | 42 | - name: 拷贝配置文件 43 | template: src=elasticsearch.conf dest={{ SOURCE_DIR }} owner=root group=root 44 | 45 | - name: 配置elasticsearch 46 | shell: "if [ `grep 'http.port' elasticsearch.yml |wc -l` -eq 1 ]; then cat {{ SOURCE_DIR }}/elasticsearch.conf >> elasticsearch.yml; fi" 47 | args: 48 | chdir: "{{ ELFK_DIR }}/elasticsearch/config" 49 | 50 | - name: 拷贝服务配置文件 51 | template: src=elasticsearch dest=/etc/sysconfig/elasticsearch owner=root group=root 52 | 53 | - name: 拷贝服务文件 54 | template: src=elasticsearch.service dest=/usr/lib/systemd/system/elasticsearch.service mode=0755 owner=root group=root 55 | 56 | - name: 修改属主属组 57 | file: name={{ ELFK_DIR }}/elasticsearch/ state=directory owner={{ ELFK_USER }} group={{ ELFK_USER }} recurse=yes 58 | 59 | - name: 启动elasticsearch并开机启动 60 | service: 61 | name: elasticsearch 62 | state: started 63 | enabled: yes 64 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用copy模块 2 | - include: copy.yml 3 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/templates/elasticsearch: -------------------------------------------------------------------------------- 1 | ################################ 2 | # Elasticsearch 3 | ################################ 4 | 5 | # Elasticsearch home directory 6 | #ES_HOME=/usr/share/elasticsearch 7 | ES_HOME={{ ELFK_DIR }}/elasticsearch 8 | 9 | # Elasticsearch Java path 10 | #JAVA_HOME= 11 | JAVA_HOME={{ JAVA_DIR }} 12 | CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib 13 | 14 | # Elasticsearch configuration directory 15 | #ES_PATH_CONF=/etc/elasticsearch 16 | ES_PATH_CONF={{ ELFK_DIR }}/elasticsearch/config 17 | 18 | # Elasticsearch PID directory 19 | #PID_DIR=/var/run/elasticsearch 20 | PID_DIR={{ ELFK_DIR }}/elasticsearch/run 21 | 22 | # Additional Java OPTS 23 | #ES_JAVA_OPTS= 24 | 25 | # Configure restart on package upgrade (true, every other setting will lead to not restarting) 26 | #RESTART_ON_UPGRADE=true 27 | 28 | ################################ 29 | # Elasticsearch service 30 | ################################ 31 | 32 | # SysV init.d 33 | # 34 | # The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process 35 | ES_STARTUP_SLEEP_TIME=5 36 | 37 | ################################ 38 | # System properties 39 | ################################ 40 | 41 | # Specifies the maximum file descriptor number that can be opened by this process 42 | # When using Systemd, this setting is ignored and the LimitNOFILE defined in 43 | # /usr/lib/systemd/system/elasticsearch.service takes precedence 44 | #MAX_OPEN_FILES=65535 45 | 46 | # The maximum number of bytes of memory that may be locked into RAM 47 | # Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option 48 | # in elasticsearch.yml. 49 | # When using systemd, LimitMEMLOCK must be set in a unit file such as 50 | # /etc/systemd/system/elasticsearch.service.d/override.conf. 51 | #MAX_LOCKED_MEMORY=unlimited 52 | 53 | # Maximum number of VMA (Virtual Memory Areas) a process can own 54 | # When using Systemd, this setting is ignored and the 'vm.max_map_count' 55 | # property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf 56 | #MAX_MAP_COUNT=262144 57 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/templates/elasticsearch.conf: -------------------------------------------------------------------------------- 1 | cluster.name: {{ ES_CLUSTER }} 2 | node.name: {{ ES_CLUSTER }}-{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'].split('.')[-1] }} 3 | node.master: true 4 | node.data: true 5 | path.data: {{ ELFK_DIR }}/elasticsearch/data 6 | path.logs: {{ ELFK_DIR }}/elasticsearch/logs 7 | bootstrap.memory_lock: false 8 | network.host: {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} 9 | http.port: {{ ES_PORT }} 10 | transport.tcp.port: {{ TCP_PORT }} 11 | http.enabled: true 12 | http.cors.enabled: true 13 | http.cors.allow-origin: "*" 14 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/templates/elasticsearch.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Elasticsearch 3 | Documentation=http://www.elastic.co 4 | Wants=network-online.target 5 | After=network-online.target 6 | 7 | [Service] 8 | RuntimeDirectory=elasticsearch 9 | PrivateTmp=true 10 | Environment=ES_HOME={{ ELFK_DIR }}/elasticsearch 11 | Environment=ES_PATH_CONF={{ ELFK_DIR }}/elasticsearch/config 12 | Environment=PID_DIR={{ ELFK_DIR }}/elasticsearch/run 13 | EnvironmentFile=-/etc/sysconfig/elasticsearch 14 | 15 | WorkingDirectory={{ ELFK_DIR }}/elasticsearch 16 | 17 | User={{ ELFK_USER }} 18 | Group={{ ELFK_USER }} 19 | 20 | ExecStart={{ ELFK_DIR }}/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet 21 | 22 | # StandardOutput is configured to redirect to journalctl since 23 | # some error messages may be logged in standard output before 24 | # elasticsearch logging system is initialized. Elasticsearch 25 | # stores its logs in /var/log/elasticsearch and does not use 26 | # journalctl by default. If you also want to enable journalctl 27 | # logging, you can simply remove the "quiet" option from ExecStart. 28 | StandardOutput=journal 29 | StandardError=inherit 30 | 31 | # Specifies the maximum file descriptor number that can be opened by this process 32 | LimitNOFILE=65535 33 | 34 | # Specifies the maximum number of processes 35 | LimitNPROC=4096 36 | 37 | # Specifies the maximum size of virtual memory 38 | LimitAS=infinity 39 | 40 | # Specifies the maximum file size 41 | LimitFSIZE=infinity 42 | 43 | # Disable timeout logic and wait until process is stopped 44 | TimeoutStopSec=0 45 | 46 | # SIGTERM signal is used to stop the Java process 47 | KillSignal=SIGTERM 48 | 49 | # Send the signal only to the JVM rather than its control group 50 | KillMode=process 51 | 52 | # Java process is never killed 53 | SendSIGKILL=no 54 | 55 | # When a JVM receives a SIGTERM signal it exits with code 143 56 | SuccessExitStatus=143 57 | 58 | [Install] 59 | WantedBy=multi-user.target 60 | 61 | # Built for packages-6.7.1 (packages) 62 | -------------------------------------------------------------------------------- /elfk/roles/elasticsearch_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义elasticsearch安装中的变量 2 | ES_VER: 6.7.1 3 | DOWNLOAD_URL: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{{ ES_VER }}.tar.gz 4 | SOURCE_DIR: /software 5 | JAVA_DIR: /usr/local/jdk 6 | ELFK_USER: elk 7 | ELFK_DIR: /home/elfk 8 | ES_CLUSTER: elk 9 | ES_PORT: 9200 10 | TCP_PORT: 9300 11 | -------------------------------------------------------------------------------- /elfk/roles/filebeat_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 3 | 4 | - name: 创建elfk目录 5 | file: name={{ ELFK_DIR }} state=directory recurse=yes 6 | ignore_errors: yes 7 | 8 | #当前主机files目录下没有filebeat包 9 | #- name: 下载filebeat包 10 | # get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} 11 | 12 | #当前主机files目录下已有filebeat包 13 | - name: 拷贝现有filebeat包到目标主机 14 | copy: src=filebeat-{{ FILEBEAT_VER }}-linux-x86_64.tar.gz dest={{ SOURCE_DIR }} 15 | 16 | - name: 解压filebeat包 17 | shell: "tar zxf filebeat-{{ FILEBEAT_VER }}-linux-x86_64.tar.gz" 18 | args: 19 | chdir: "{{ SOURCE_DIR }}" 20 | warn: False 21 | 22 | - name: 目录重命名 23 | shell: "if [ ! -d {{ ELFK_DIR }}/filebeat ]; then mv {{ SOURCE_DIR }}/filebeat-{{ FILEBEAT_VER }}-linux-x86_64/ {{ ELFK_DIR }}/filebeat; fi" 24 | 25 | - name: 创建数据、日志目录 26 | file: name={{ item }} state=directory 27 | with_items: 28 | - "{{ ELFK_DIR }}/filebeat/data" 29 | - "{{ ELFK_DIR }}/filebeat/logs" 30 | 31 | - name: 配置filebeat1 32 | lineinfile: 33 | dest: "{{ ELFK_DIR }}/filebeat/filebeat.yml" 34 | regexp: " enabled: false" 35 | insertbefore: "# Paths that should be crawled and fetched. Glob based paths." 36 | line: " enabled: true" 37 | 38 | - name: 配置filebeat2 39 | lineinfile: 40 | dest: "{{ ELFK_DIR }}/filebeat/filebeat.yml" 41 | regexp: "output.elasticsearch:" 42 | insertbefore: "# Array of hosts to connect to." 43 | line: "#output.elasticsearch:" 44 | 45 | - name: 配置filebeat3 46 | lineinfile: 47 | dest: "{{ ELFK_DIR }}/filebeat/filebeat.yml" 48 | regexp: 'hosts: \["localhost:9200"\]' 49 | insertbefore: "# Enabled ilm (beta) to use index lifecycle management instead daily indices." 50 | line: '#hosts: ["localhost:9200"]' 51 | 52 | - name: 配置filebeat4 53 | lineinfile: 54 | dest: "{{ ELFK_DIR }}/filebeat/filebeat.yml" 55 | regexp: "#output.logstash:" 56 | insertbefore: "# The Logstash hosts" 57 | line: "output.logstash:" 58 | 59 | - name: 配置filebeat5 60 | lineinfile: 61 | dest: "{{ ELFK_DIR }}/filebeat/filebeat.yml" 62 | insertafter: "# The Logstash hosts" 63 | line: ' hosts: ["{{ LOG1_IP }}:{{ LOGSTASH_PORT }}", "{{ LOG2_IP }}:{{ LOGSTASH_PORT }}", "{{ LOG2_IP }}:{{ LOGSTASH_PORT }}"]' 64 | 65 | - name: 拷贝服务文件 66 | template: src=filebeat.service dest=/usr/lib/systemd/system/filebeat.service mode=0755 owner=root group=root 67 | 68 | - name: 启动filebeat并开机启动 69 | service: 70 | name: filebeat 71 | state: started 72 | enabled: yes 73 | -------------------------------------------------------------------------------- /elfk/roles/filebeat_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | -------------------------------------------------------------------------------- /elfk/roles/filebeat_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | ignore_errors: yes 35 | args: 36 | warn: False 37 | -------------------------------------------------------------------------------- /elfk/roles/filebeat_install/templates/filebeat.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Filebeat sends log files to Logstash or directly to Elasticsearch. 3 | Documentation=https://www.elastic.co/products/beats/filebeat 4 | Wants=network-online.target 5 | After=network-online.target 6 | 7 | [Service] 8 | ExecStart={{ ELFK_DIR }}/filebeat/filebeat -c {{ ELFK_DIR }}/filebeat/filebeat.yml -path.home {{ ELFK_DIR }}/filebeat -path.config {{ ELFK_DIR }}/filebeat -path.data {{ ELFK_DIR }}/filebeat/data -path.logs {{ ELFK_DIR }}/filebeat/logs 9 | Restart=always 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /elfk/roles/filebeat_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义filebeat安装中的变量 2 | FILEBEAT_VER: 6.7.1 3 | DOWNLOAD_URL: https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-{{ FILEBEAT_VER }}-linux-x86_64.tar.gz 4 | SOURCE_DIR: /software 5 | ELFK_DIR: /home/elfk 6 | LOGSTASH_PORT: 5050 7 | LOG1_IP: 192.168.30.131 8 | LOG2_IP: 192.168.30.132 9 | LOG3_IP: 192.168.30.133 10 | -------------------------------------------------------------------------------- /elfk/roles/head_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 3 | 4 | - name: 创建elfk目录 5 | file: name={{ ELFK_DIR }} state=directory recurse=yes 6 | ignore_errors: yes 7 | 8 | #当前主机files目录下没有node包 9 | - name: 下载node包 10 | get_url: url={{ NODE_URL }} dest={{ SOURCE_DIR }} owner=root group=root 11 | 12 | #当前主机files目录下已有node包 13 | #- name: 拷贝现有node包到所有主机 14 | # copy: src=node-v{{ NODE_VER }}-linux-x64.tar.xz dest={{ SOURCE_DIR }} owner=root group=root 15 | 16 | - name: 解压node包 17 | shell: "tar Jxf node-v{{ NODE_VER }}-linux-x64.tar.xz" 18 | args: 19 | chdir: "{{ SOURCE_DIR }}" 20 | warn: False 21 | 22 | - name: 目录重命名 23 | shell: "if [ ! -d {{ ELFK_DIR }}/node ]; then mv {{ SOURCE_DIR }}/node-v{{ NODE_VER }}-linux-x64/ {{ ELFK_DIR }}/node; fi" 24 | 25 | - name: 拷贝环境变量node_PATH 26 | template: src=node_PATH dest={{ SOURCE_DIR }} owner=root group=root 27 | 28 | - name: 加入node_PATH到~/.bashrc 29 | shell: "if [ `grep {{ ELFK_DIR }}/node ~/.bashrc |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/node_PATH >> ~/.bashrc && source ~/.bashrc; fi" 30 | 31 | - name: 加入node_PATH到/etc/profile 32 | shell: "if [ `grep {{ ELFK_DIR }}/node /etc/profile |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/node_PATH >> /etc/profile && source /etc/profile; fi" 33 | -------------------------------------------------------------------------------- /elfk/roles/head_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #当前主机files目录下没有head包 2 | - name: 下载head包 3 | get_url: url={{ HEAD_URL }} dest={{ SOURCE_DIR }} owner=root group=root 4 | 5 | #当前主机files目录下已有head包 6 | #- name: 拷贝现有head包到所有主机 7 | # copy: src=elasticsearch-head-master.zip dest={{ SOURCE_DIR }} owner=root group=root 8 | 9 | - name: 拷贝脚本到所有主机 10 | template: src=elasticsearch-head dest={{ SOURCE_DIR }} mode=0755 owner=root group=root 11 | 12 | - name: 解压node包 13 | shell: "if [ ! -d elasticsearch-head-master/ ]; then unzip elasticsearch-head-master.zip; fi" 14 | args: 15 | chdir: "{{ SOURCE_DIR }}" 16 | warn: False 17 | 18 | - name: 目录重命名 19 | shell: "if [ ! -d {{ ELFK_DIR }}/head ]; then mv {{ SOURCE_DIR }}/elasticsearch-head-master/ {{ ELFK_DIR }}/head; fi" 20 | 21 | - name: 安装grunt 1 22 | shell: npm install -g cnpm --registry=https://registry.npm.taobao.org 23 | args: 24 | chdir: "{{ ELFK_DIR }}/head" 25 | 26 | - name: 安装grunt 2 27 | shell: cnpm install -g grunt-cli 28 | args: 29 | chdir: "{{ ELFK_DIR }}/head" 30 | 31 | - name: 安装grunt 3 32 | shell: cnpm install -g grunt 33 | args: 34 | chdir: "{{ ELFK_DIR }}/head" 35 | 36 | - name: 安装grunt 4 37 | shell: cnpm install grunt-contrib-clean 38 | args: 39 | chdir: "{{ ELFK_DIR }}/head" 40 | 41 | - name: 安装grunt 5 42 | shell: cnpm install grunt-contrib-concat 43 | args: 44 | chdir: "{{ ELFK_DIR }}/head" 45 | 46 | - name: 安装grunt 6 47 | shell: cnpm install grunt-contrib-watch 48 | args: 49 | chdir: "{{ ELFK_DIR }}/head" 50 | 51 | - name: 安装grunt 7 52 | shell: cnpm install grunt-contrib-connect 53 | args: 54 | chdir: "{{ ELFK_DIR }}/head" 55 | 56 | - name: 安装grunt 8 57 | shell: cnpm install grunt-contrib-copy 58 | args: 59 | chdir: "{{ ELFK_DIR }}/head" 60 | 61 | - name: 安装grunt 9 62 | shell: cnpm install grunt-contrib-jasmine 63 | args: 64 | chdir: "{{ ELFK_DIR }}/head" 65 | ignore_errors: yes 66 | 67 | #上一步一般会报错,重复上一步安装 68 | - name: 安装grunt 10 69 | shell: cnpm install grunt-contrib-jasmine 70 | args: 71 | chdir: "{{ ELFK_DIR }}/head" 72 | 73 | - name: 添加脚本elasticsearch-head 74 | shell: "if [ ! -f /usr/bin/elasticsearch-head ]; then mv {{ SOURCE_DIR }}/elasticsearch-head /usr/bin/elasticsearch-head; fi" 75 | 76 | - name: 配置head 77 | lineinfile: 78 | dest: "{{ ELFK_DIR }}/head/Gruntfile.js" 79 | insertbefore: "port: 9100," 80 | line: " hostname: '0.0.0.0'," 81 | 82 | - name: 启动elasticsearch-head 83 | shell: "if [ `netstat -lntp |grep 9100 | wc -l` -eq 0 ]; then source ~/.bashrc && /usr/bin/elasticsearch-head start; fi" 84 | -------------------------------------------------------------------------------- /elfk/roles/head_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用copy、install模块 2 | - include: copy.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /elfk/roles/head_install/templates/elasticsearch-head: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #chkconfig: 2345 55 24 3 | #description: elasticsearch-head service manager 4 | 5 | data="cd {{ ELFK_DIR }}/head/; nohup npm run start &>/dev/null &" 6 | 7 | START() { 8 | eval $data 9 | } 10 | 11 | STOP() { 12 | ps -ef | grep grunt | grep -v "grep" | awk '{print $2}' | xargs kill -s 9 &>/dev/null 13 | } 14 | 15 | case "$1" in 16 | start) 17 | START 18 | ;; 19 | stop) 20 | STOP 21 | ;; 22 | restart) 23 | STOP 24 | sleep 2 25 | START 26 | ;; 27 | *) 28 | echo "Usage: elasticsearch-head (|start|stop|restart)" 29 | ;; 30 | esac 31 | -------------------------------------------------------------------------------- /elfk/roles/head_install/templates/node_PATH: -------------------------------------------------------------------------------- 1 | export NODE_HOME={{ ELFK_DIR }}/node 2 | export PATH=$NODE_HOME/bin:$PATH 3 | export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH 4 | -------------------------------------------------------------------------------- /elfk/roles/head_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义head安装中的变量 2 | NODE_VER: 10.16.3 3 | NODE_URL: https://nodejs.org/dist/v{{ NODE_VER }}/node-v{{ NODE_VER }}-linux-x64.tar.xz 4 | HEAD_URL: https://github.com/mobz/elasticsearch-head/archive/master.zip 5 | SOURCE_DIR: /software 6 | ELFK_DIR: /home/elfk 7 | -------------------------------------------------------------------------------- /elfk/roles/java_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 拷贝系统环境limits.conf 2 | template: src=limits.conf dest={{ SOURCE_DIR }} owner=root group=root 3 | 4 | - name: 配置系统环境limits.conf 5 | shell: "if [ `grep '* soft nofile 65536' /etc/security/limits.conf |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/limits.conf >> /etc/security/limits.conf; fi" 6 | 7 | - name: 配置系统环境 8 | shell: "if [ `grep 'vm.max_map_count' /etc/sysctl.conf |wc -l` -eq 0 ]; then echo 'vm.max_map_count=655360' >> /etc/sysctl.conf && sysctl -p; fi" 9 | 10 | - name: 创建software目录 11 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 12 | 13 | #当前主机files目录下要准备好jdk包 14 | - name: 拷贝jdk包 15 | copy: src=jdk-8u{{ JAVA_VER }}-linux-x64.tar.gz dest={{ SOURCE_DIR }} owner=root group=root 16 | 17 | - name: 解压jdk包 18 | shell: "tar zxf jdk-8u{{ JAVA_VER }}-linux-x64.tar.gz" 19 | args: 20 | chdir: "{{ SOURCE_DIR }}" 21 | warn: False 22 | 23 | - name: 目录重命名 24 | shell: "if [ ! -d {{ JAVA_DIR }} ]; then mv {{ SOURCE_DIR }}/jdk1.8.0_{{ JAVA_VER }}/ {{ JAVA_DIR }}; fi" 25 | 26 | - name: 拷贝环境变量java_PATH 27 | template: src=java_PATH dest={{ SOURCE_DIR }} owner=root group=root 28 | 29 | - name: 加入java_PATH到~/.bashrc 30 | shell: "if [ `grep {{ JAVA_DIR }} ~/.bashrc |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/java_PATH >> ~/.bashrc && source ~/.bashrc; fi" 31 | 32 | - name: 加入java_PATH到/etc/profile 33 | shell: "if [ `grep {{ JAVA_DIR }} /etc/profile |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/java_PATH >> /etc/profile && source /etc/profile; fi" 34 | -------------------------------------------------------------------------------- /elfk/roles/java_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | -------------------------------------------------------------------------------- /elfk/roles/java_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | ignore_errors: yes 35 | args: 36 | warn: False 37 | -------------------------------------------------------------------------------- /elfk/roles/java_install/templates/java_PATH: -------------------------------------------------------------------------------- 1 | JAVA_HOME={{ JAVA_DIR }} 2 | PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin 3 | CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib 4 | export JAVA_HOME PATH CLASSPATH 5 | -------------------------------------------------------------------------------- /elfk/roles/java_install/templates/limits.conf: -------------------------------------------------------------------------------- 1 | * soft nofile 65536 2 | * hard nofile 131072 3 | * soft nproc 2048 4 | * hard nproc 4096 5 | -------------------------------------------------------------------------------- /elfk/roles/java_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义java安装中的变量 2 | JAVA_VER: 191 3 | SOURCE_DIR: /software 4 | JAVA_DIR: /usr/local/jdk 5 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/files/Kibana_Hanization-master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tobewont/ansible-playbook/0d3939987f9bb0686176fcb05977488be8714342/elfk/roles/kibana_install/files/Kibana_Hanization-master.zip -------------------------------------------------------------------------------- /elfk/roles/kibana_install/tasks/chinesization.yml: -------------------------------------------------------------------------------- 1 | #当前主机files目录下没有汉化包 2 | #- name: 下载kibana汉化包 3 | # get_url: url={{ CH_URL }} dest={{ SOURCE_DIR }} 4 | 5 | #当前主机files目录下已有汉化包 6 | - name: 拷贝现有node包到所有主机 7 | copy: src=Kibana_Hanization-master.zip dest={{ SOURCE_DIR }} 8 | 9 | - name: 解压汉化包 10 | shell: "if [ ! -d Kibana_Hanization-master ]; then unzip Kibana_Hanization-master.zip; fi" 11 | args: 12 | chdir: "{{ SOURCE_DIR }}" 13 | warn: False 14 | 15 | - name: 拷贝汉化包 16 | shell: "if [ ! -d {{ ELFK_DIR }}/kibana/src/legacy/core_plugins/kibana/translations ]; then cp -r {{ SOURCE_DIR }}/Kibana_Hanization-master/translations/ {{ ELFK_DIR }}/kibana/src/legacy/core_plugins/kibana/; fi" 17 | 18 | - name: 修改kibana配置 19 | lineinfile: 20 | dest: "{{ ELFK_DIR }}/kibana/config/kibana.yml" 21 | insertbefore: "server.port: {{ KIBANA_PORT }}" 22 | line: 'i18n.locale: "zh_CN"' 23 | 24 | - name: 修改属主属组 25 | file: name={{ ELFK_DIR }}/kibana/ state=directory owner={{ ELFK_USER }} group={{ ELFK_USER }} recurse=yes 26 | 27 | - name: 重启kibana 28 | service: 29 | name: kibana 30 | state: restarted 31 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建elk用户组 2 | group: name={{ ELFK_USER }} state=present 3 | 4 | - name: 创建elfk用户 5 | user: name={{ ELFK_USER }} group={{ ELFK_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 9 | 10 | - name: 创建elfk目录 11 | file: name={{ ELFK_DIR }} state=directory recurse=yes 12 | ignore_errors: yes 13 | 14 | #当前主机files目录下没有kibana包 15 | #- name: 下载kibana包 16 | # get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} 17 | 18 | #当前主机files目录下已有kibana包 19 | - name: 拷贝现有kibana包到目标主机 20 | copy: src=kibana-{{ KIBANA_VER }}-linux-x86_64.tar.gz dest={{ SOURCE_DIR }} 21 | 22 | - name: 解压kibana包 23 | shell: "tar zxf kibana-{{ KIBANA_VER }}-linux-x86_64.tar.gz" 24 | args: 25 | chdir: "{{ SOURCE_DIR }}" 26 | warn: False 27 | 28 | - name: 目录重命名 29 | shell: "if [ ! -d {{ ELFK_DIR }}/kibana ]; then mv {{ SOURCE_DIR }}/kibana-{{ KIBANA_VER }}-linux-x86_64/ {{ ELFK_DIR }}/kibana; fi" 30 | 31 | - name: 创建日志目录 32 | file: name={{ item }} state=directory recurse=yes 33 | with_items: 34 | - "{{ ELFK_DIR }}/kibana/logs" 35 | 36 | - name: 拷贝配置文件 37 | template: src=kibana.conf dest={{ SOURCE_DIR }} owner=root group=root 38 | 39 | - name: 配置kibana 40 | shell: "if [ `grep 'server.port' kibana.yml |wc -l` -eq 1 ]; then cat {{ SOURCE_DIR }}/kibana.conf >> kibana.yml; fi" 41 | args: 42 | chdir: "{{ ELFK_DIR }}/kibana/config" 43 | 44 | - name: 创建日志文件 45 | file: name={{ item }} state=touch 46 | with_items: 47 | - "{{ ELFK_DIR }}/kibana/logs/kibana.log" 48 | 49 | - name: 拷贝服务配置文件 50 | template: src=kibana dest=/etc/default/kibana owner=root group=root 51 | 52 | - name: 拷贝服务文件 53 | template: src=kibana.service dest=/etc/systemd/system/kibana.service mode=0755 owner=root group=root 54 | 55 | - name: 修改属主属组 56 | file: name={{ ELFK_DIR }}/kibana/ state=directory owner={{ ELFK_USER }} group={{ ELFK_USER }} recurse=yes 57 | 58 | - name: 启动kibana并开机启动 59 | service: 60 | name: kibana 61 | state: started 62 | enabled: yes 63 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、chinesization模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: chinesization.yml 5 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | ignore_errors: yes 35 | args: 36 | warn: False 37 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/templates/kibana: -------------------------------------------------------------------------------- 1 | user="{{ ELFK_USER }}" 2 | group="{{ ELFK_USER }}" 3 | chroot="/" 4 | chdir="/" 5 | nice="" 6 | 7 | 8 | # If this is set to 1, then when `stop` is called, if the process has 9 | # not exited within a reasonable time, SIGKILL will be sent next. 10 | # The default behavior is to simply log a message "program stop failed; still running" 11 | KILL_ON_STOP_TIMEOUT=0 12 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/templates/kibana.conf: -------------------------------------------------------------------------------- 1 | server.port: {{ KIBANA_PORT }} 2 | server.host: "0.0.0.0" 3 | elasticsearch.hosts: ["http://{{ ES1_IP }}:{{ ES_PORT }}", "http://{{ ES2_IP }}:{{ ES_PORT }}", "http://{{ ES3_IP }}:{{ ES_PORT }}"] 4 | logging.dest: {{ ELFK_DIR }}/kibana/logs/kibana.log 5 | kibana.index: ".kibana" 6 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/templates/kibana.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Kibana 3 | StartLimitIntervalSec=30 4 | StartLimitBurst=3 5 | 6 | [Service] 7 | Type=simple 8 | User={{ ELFK_USER }} 9 | Group={{ ELFK_USER }} 10 | # Load env vars from /etc/default/ and /etc/sysconfig/ if they exist. 11 | # Prefixing the path with '-' makes it try to load, but if the file doesn't 12 | # exist, it continues onward. 13 | EnvironmentFile=-/etc/default/kibana 14 | EnvironmentFile=-/etc/sysconfig/kibana 15 | ExecStart={{ ELFK_DIR }}/kibana/bin/kibana "-c {{ ELFK_DIR }}/kibana/config/kibana.yml" 16 | Restart=always 17 | WorkingDirectory=/ 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | -------------------------------------------------------------------------------- /elfk/roles/kibana_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义kibana安装中的变量 2 | KIBANA_VER: 6.7.1 3 | KIBANA_PORT: 5601 4 | DOWNLOAD_URL: https://artifacts.elastic.co/downloads/kibana/kibana-{{ KIBANA_VER }}-linux-x86_64.tar.gz 5 | CH_URL: https://github.com/anbai-inc/Kibana_Hanization/archive/master.zip 6 | SOURCE_DIR: /software 7 | ELFK_USER: elk 8 | ELFK_DIR: /home/elfk 9 | ES_PORT: 9200 10 | ES1_IP: 192.168.30.128 11 | ES2_IP: 192.168.30.129 12 | ES3_IP: 192.168.30.130 13 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建elk用户组 2 | group: name={{ ELFK_USER }} state=present 3 | 4 | - name: 创建elfk用户 5 | user: name={{ ELFK_USER }} group={{ ELFK_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 9 | 10 | - name: 创建elfk目录 11 | file: name={{ ELFK_DIR }} state=directory recurse=yes 12 | ignore_errors: yes 13 | 14 | #当前主机files目录下没有logstash包 15 | #- name: 下载logstash包 16 | # get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} 17 | 18 | #当前主机files目录下已有logstash包 19 | - name: 拷贝现有logstash包到目标主机 20 | copy: src=logstash-{{ LOGSTASH_VER }}.tar.gz dest={{ SOURCE_DIR }} 21 | 22 | - name: 解压logstash包 23 | shell: "tar zxf logstash-{{ LOGSTASH_VER }}.tar.gz" 24 | args: 25 | chdir: "{{ SOURCE_DIR }}" 26 | warn: False 27 | 28 | - name: 目录重命名 29 | shell: "if [ ! -d {{ ELFK_DIR }}/logstash ]; then mv {{ SOURCE_DIR }}/logstash-{{ LOGSTASH_VER }}/ {{ ELFK_DIR }}/logstash; fi" 30 | 31 | - name: 创建配置、日志目录 32 | file: name={{ item }} state=directory recurse=yes 33 | with_items: 34 | - "{{ ELFK_DIR }}/logstash/conf.d" 35 | - "{{ ELFK_DIR }}/logstash/run" 36 | - "{{ ELFK_DIR }}/logstash/logs" 37 | 38 | - name: 创建pid、日志文件 39 | file: name={{ item }} state=touch 40 | with_items: 41 | - "{{ ELFK_DIR }}/logstash/run/logstash.pid" 42 | - "{{ ELFK_DIR }}/logstash/logs/gc.log" 43 | 44 | - name: 配置logstash 45 | template: src=logstash.conf dest={{ ELFK_DIR }}/logstash/conf.d/logstash.conf 46 | 47 | - name: 拷贝服务配置文件 48 | template: src=logstash dest=/etc/default/logstash owner=root group=root 49 | 50 | - name: 拷贝服务文件 51 | template: src=logstash.service dest=/etc/systemd/system/logstash.service mode=0755 owner=root group=root 52 | 53 | - name: 修改属主属组 54 | file: name={{ ELFK_DIR }}/logstash/ state=directory owner={{ ELFK_USER }} group={{ ELFK_USER }} recurse=yes 55 | 56 | - name: 启动logstash并开机启动 57 | service: 58 | name: logstash 59 | state: started 60 | enabled: yes 61 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | ignore_errors: yes 35 | args: 36 | warn: False 37 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/templates/logstash: -------------------------------------------------------------------------------- 1 | JAVA_HOME="{{ JAVA_DIR }}" 2 | LS_HOME="{{ ELFK_DIR }}/logstash" 3 | LS_SETTINGS_DIR="{{ ELFK_DIR }}/logstash" 4 | LS_PIDFILE="{{ ELFK_DIR }}/logstash/run/logstash.pid" 5 | LS_USER="{{ ELFK_USER }}" 6 | LS_GROUP="{{ ELFK_USER }}" 7 | LS_GC_LOG_FILE="{{ ELFK_DIR }}/logstash/logs/gc.log" 8 | LS_OPEN_FILES="16384" 9 | LS_NICE="19" 10 | SERVICE_NAME="logstash" 11 | SERVICE_DESCRIPTION="logstash" 12 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/templates/logstash.conf: -------------------------------------------------------------------------------- 1 | input { 2 | beats { 3 | port => {{ LOGSTASH_PORT }} 4 | } 5 | } 6 | 7 | output { 8 | elasticsearch { 9 | hosts => ["{{ ES1_IP }}:{{ ES_PORT }}", "{{ ES2_IP }}:{{ ES_PORT }}", "{{ ES3_IP }}:{{ ES_PORT }}"] 10 | index => "sys_log" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/templates/logstash.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=logstash 3 | 4 | [Service] 5 | Type=simple 6 | User={{ ELFK_USER }} 7 | Group={{ ELFK_USER }} 8 | # Load env vars from /etc/default/ and /etc/sysconfig/ if they exist. 9 | # Prefixing the path with '-' makes it try to load, but if the file doesn't 10 | # exist, it continues onward. 11 | EnvironmentFile=-/etc/default/logstash 12 | EnvironmentFile=-/etc/sysconfig/logstash 13 | ExecStart={{ ELFK_DIR }}/logstash/bin/logstash "--path.settings" "{{ ELFK_DIR }}/logstash/config" "--path.config" "{{ ELFK_DIR }}/logstash/conf.d" 14 | Restart=always 15 | WorkingDirectory=/ 16 | Nice=19 17 | LimitNOFILE=16384 18 | 19 | [Install] 20 | WantedBy=multi-user.target 21 | -------------------------------------------------------------------------------- /elfk/roles/logstash_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义logstash安装中的变量 2 | LOGSTASH_VER: 6.7.1 3 | DOWNLOAD_URL: https://artifacts.elastic.co/downloads/logstash/logstash-{{ LOGSTASH_VER }}.tar.gz 4 | SOURCE_DIR: /software 5 | ELFK_USER: elk 6 | ELFK_DIR: /home/elfk 7 | JAVA_DIR: /usr/local/jdk 8 | LOGSTASH_PORT: 5050 9 | ES1_IP: 192.168.30.128 10 | ES2_IP: 192.168.30.129 11 | ES3_IP: 192.168.30.130 12 | ES_PORT: 9200 13 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory recurse=yes 9 | 10 | - name: 创建日志目录 11 | file: name={{ item }} state=directory recurse=yes 12 | with_items: 13 | - "{{ NGINX_DIR }}" 14 | - "{{ NGINX_DIR }}/logs" 15 | 16 | - name: 创建日志文件 17 | file: name={{ item }} state=touch 18 | with_items: 19 | - "{{ NGINX_DIR }}/logs/access.log" 20 | - "{{ NGINX_DIR }}/logs/error.log" 21 | 22 | #当前主机files目录下没有nginx包 23 | - name: 下载nginx包 24 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} 25 | 26 | #当前主机files目录下已有nginx包 27 | #- name: 拷贝现有nginx包到所有主机 28 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} 29 | 30 | - name: 解压nginx包 31 | shell: "tar zxf nginx-{{ NGINX_VER }}.tar.gz" 32 | args: 33 | chdir: "{{ SOURCE_DIR }}" 34 | warn: False 35 | 36 | - name: 修改属主属组 37 | file: name={{ NGINX_DIR }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} recurse=yes 38 | 39 | - name: 拷贝nginx服务文件 40 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service mode=0755 owner=root group=root 41 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 编译nginx 2 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ NGINX_DIR }}/logs/access.log --error-log-path={{ NGINX_DIR }}/logs/error.log --with-http_ssl_module --with-http_v2_module --with-http_stub_status_module --with-pcre --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module" 3 | 4 | - name: 安装nginx 5 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 6 | 7 | - name: 拷贝nginx主配置文件 8 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf 9 | 10 | - name: 创建vhost配置文件目录 11 | file: name={{ NGINX_DIR }}/conf/vhost state=directory recurse=yes 12 | 13 | - name: 拷贝nginx vhost配置文件 14 | template: src=kibana.conf dest={{ NGINX_DIR }}/conf/vhost/kibana.conf 15 | 16 | - name: 拷贝nginx额外配置文件 17 | template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params 18 | 19 | - name: 配置环境变量 20 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 21 | 22 | - name: 修改属主属组 23 | file: name={{ NGINX_DIR }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} recurse=yes 24 | 25 | - name: 启动nginx并开机启动 26 | service: 27 | name: nginx 28 | state: started 29 | enabled: yes 30 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 安装常用软件包 2 | yum: 3 | name: 4 | - openssl 5 | - openssl-devel 6 | - pcre 7 | - pcre-devel 8 | - zlib-devel 9 | - gd-devel 10 | - libxml2-devel 11 | state: latest 12 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/templates/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 2 | fastcgi_param SERVER_SOFTWARE nginx; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param REMOTE_ADDR $remote_addr; 14 | fastcgi_param REMOTE_PORT $remote_port; 15 | fastcgi_param SERVER_ADDR $server_addr; 16 | fastcgi_param SERVER_PORT $server_port; 17 | fastcgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/templates/kibana.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name {{ DOMAIN }}; 4 | 5 | location / { 6 | proxy_pass http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ KIBANA_PORT }}; 7 | proxy_set_header Host $host; 8 | proxy_set_header X-Real-IP $remote_addr; 9 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 10 | } 11 | 12 | access_log logs/kibana.log main; 13 | } 14 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 1; 3 | error_log logs/error.log notice; 4 | pid logs/nginx.pid; 5 | worker_rlimit_nofile 65535; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 1024; 10 | multi_accept on; 11 | } 12 | http { 13 | include mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log logs/access.log main; 21 | 22 | server_tokens off; 23 | sendfile on; 24 | send_timeout 3m; 25 | tcp_nopush on; 26 | tcp_nodelay on; 27 | keepalive_timeout 65; 28 | types_hash_max_size 2048; 29 | 30 | client_header_timeout 3m; 31 | client_body_timeout 3m; 32 | connection_pool_size 256; 33 | client_header_buffer_size 4k; 34 | large_client_header_buffers 8 4k; 35 | request_pool_size 4k; 36 | output_buffers 4 32k; 37 | postpone_output 1460; 38 | client_max_body_size 10m; 39 | client_body_buffer_size 256k; 40 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 41 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 42 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 43 | fastcgi_intercept_errors on; 44 | 45 | gzip on; 46 | gzip_min_length 2k; 47 | gzip_buffers 4 32k; 48 | gzip_comp_level 6; 49 | gzip_http_version 1.1; 50 | gzip_types text/plain application/x-javascript text/css text/htm 51 | application/xml; 52 | 53 | include {{ NGINX_DIR }}/conf/vhost/*.conf; 54 | } 55 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile={{ NGINX_DIR }}/logs/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f {{ NGINX_DIR }}/logs/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /elfk/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.17.2 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | KIBANA_PORT: 5601 7 | SOURCE_DIR: /software 8 | NGINX_DIR: /usr/local/nginx 9 | DOMAIN: kibana.lzxlinux.com 10 | -------------------------------------------------------------------------------- /k8s/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以Kubeadm方式部署K8S集群(一主多从)。 2 | 3 | --- 4 | 5 | > ps:建议提前准备好镜像;不建议部署至生产环境。 6 | 7 | 部署完成, 8 | 9 | ```bash 10 | # kubectl命令补全生效 11 | source ~/.bash_profile 12 | 13 | # 修改mode为ipvs 14 | kubectl edit cm kube-proxy -n kube-system 15 | 16 | # 重启kube-proxy 17 | kubectl delete pod -n kube-system `kubectl get pod -n kube-system |grep 'kube-proxy' | awk '{print $1}'` 18 | ``` 19 | -------------------------------------------------------------------------------- /k8s/k8s.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | gather_facts: True 5 | roles: 6 | - docker_install 7 | 8 | - hosts: master 9 | remote_user: root 10 | gather_facts: True 11 | roles: 12 | - master_install 13 | 14 | - hosts: node 15 | remote_user: root 16 | gather_facts: True 17 | roles: 18 | - node_install 19 | 20 | - hosts: master 21 | remote_user: root 22 | gather_facts: True 23 | roles: 24 | - addons_install 25 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/tasks/calico.yml: -------------------------------------------------------------------------------- 1 | - name: 创建addons目录 2 | file: name=/etc/kubernetes/addons state=directory 3 | 4 | - name: 拷贝calico-rbac.yaml 5 | template: src=calico-rbac.yaml dest=/etc/kubernetes/addons 6 | 7 | - name: 拷贝calico.yaml 8 | template: src=calico.yaml dest=/etc/kubernetes/addons 9 | 10 | - name: 拉取kube-controllers镜像 11 | shell: "ansible all -m docker_image -a 'name=calico/kube-controllers tag={{ CALICO_VER }} source=pull timeout=3600'" 12 | 13 | - name: 拉取cni镜像 14 | shell: "ansible all -m docker_image -a 'name=calico/cni tag={{ CALICO_VER }} source=pull timeout=3600'" 15 | 16 | - name: 拉取pod2daemon-flexvol镜像 17 | shell: "ansible all -m docker_image -a 'name=calico/pod2daemon-flexvol tag={{ CALICO_VER }} source=pull timeout=3600'" 18 | 19 | - name: 拉取node镜像 20 | shell: "ansible all -m docker_image -a 'name=calico/node tag={{ CALICO_VER }} source=pull timeout=3600'" 21 | 22 | - name: 部署calico-rbac 23 | shell: "kubectl apply -f /etc/kubernetes/addons/calico-rbac.yaml" 24 | 25 | - name: 部署calico 26 | shell: "kubectl apply -f /etc/kubernetes/addons/calico.yaml" 27 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/tasks/ingress.yml: -------------------------------------------------------------------------------- 1 | - name: 拷贝ingress-nginx.yaml 2 | template: src=ingress-nginx.yaml dest=/etc/kubernetes/addons 3 | 4 | #- name: 拉取defaultbackend-amd64镜像 5 | # shell: "ansible node -m docker_image -a 'name=huqian123/nginx-ingress-default-backend tag={{ BACKEND_VER }} source=pull timeout=3600'" 6 | 7 | #- name: tag defaultbackend-amd64镜像 8 | # shell: "ansible node -m shell -a 'docker tag huqian123/nginx-ingress-default-backend:{{ BACKEND_VER }} k8s.gcr.io/defaultbackend-amd64:{{ BACKEND_VER }}'" 9 | # args: 10 | # warn: False 11 | 12 | - name: 拉取nginx-ingress-controller镜像 13 | shell: "ansible node -m docker_image -a 'name=quay.io/kubernetes-ingress-controller/nginx-ingress-controller tag={{ INGRESS_VER }} source=pull timeout=3600'" 14 | 15 | - name: 部署ingress-nginx 16 | shell: "kubectl apply -f /etc/kubernetes/addons/ingress-nginx.yaml" 17 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: calico.yml 2 | - include: ingress.yml 3 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/templates/calico-rbac.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: calico-kube-controllers 5 | namespace: kube-system 6 | 7 | --- 8 | kind: ClusterRole 9 | apiVersion: rbac.authorization.k8s.io/v1 10 | metadata: 11 | name: calico-kube-controllers 12 | rules: 13 | - apiGroups: [""] 14 | resources: 15 | - nodes 16 | verbs: 17 | - watch 18 | - list 19 | - get 20 | - apiGroups: [""] 21 | resources: 22 | - pods 23 | verbs: 24 | - get 25 | - apiGroups: ["crd.projectcalico.org"] 26 | resources: 27 | - ippools 28 | verbs: 29 | - list 30 | - apiGroups: ["crd.projectcalico.org"] 31 | resources: 32 | - blockaffinities 33 | - ipamblocks 34 | - ipamhandles 35 | verbs: 36 | - get 37 | - list 38 | - create 39 | - update 40 | - delete 41 | - apiGroups: ["crd.projectcalico.org"] 42 | resources: 43 | - hostendpoints 44 | verbs: 45 | - get 46 | - list 47 | - create 48 | - update 49 | - delete 50 | - apiGroups: ["crd.projectcalico.org"] 51 | resources: 52 | - clusterinformations 53 | verbs: 54 | - get 55 | - create 56 | - update 57 | - apiGroups: ["crd.projectcalico.org"] 58 | resources: 59 | - kubecontrollersconfigurations 60 | verbs: 61 | - get 62 | - create 63 | - update 64 | - watch 65 | 66 | --- 67 | kind: ClusterRoleBinding 68 | apiVersion: rbac.authorization.k8s.io/v1 69 | metadata: 70 | name: calico-kube-controllers 71 | roleRef: 72 | apiGroup: rbac.authorization.k8s.io 73 | kind: ClusterRole 74 | name: calico-kube-controllers 75 | subjects: 76 | - kind: ServiceAccount 77 | name: calico-kube-controllers 78 | namespace: kube-system 79 | 80 | --- 81 | apiVersion: v1 82 | kind: ServiceAccount 83 | metadata: 84 | name: calico-node 85 | namespace: kube-system 86 | 87 | --- 88 | kind: ClusterRole 89 | apiVersion: rbac.authorization.k8s.io/v1 90 | metadata: 91 | name: calico-node 92 | rules: 93 | - apiGroups: [""] 94 | resources: 95 | - pods 96 | - nodes 97 | - namespaces 98 | verbs: 99 | - get 100 | - apiGroups: [""] 101 | resources: 102 | - endpoints 103 | - services 104 | verbs: 105 | - watch 106 | - list 107 | - get 108 | - apiGroups: [""] 109 | resources: 110 | - configmaps 111 | verbs: 112 | - get 113 | - apiGroups: [""] 114 | resources: 115 | - nodes/status 116 | verbs: 117 | - patch 118 | - update 119 | - apiGroups: ["networking.k8s.io"] 120 | resources: 121 | - networkpolicies 122 | verbs: 123 | - watch 124 | - list 125 | - apiGroups: [""] 126 | resources: 127 | - pods 128 | - namespaces 129 | - serviceaccounts 130 | verbs: 131 | - list 132 | - watch 133 | - apiGroups: [""] 134 | resources: 135 | - pods/status 136 | verbs: 137 | - patch 138 | - apiGroups: ["crd.projectcalico.org"] 139 | resources: 140 | - globalfelixconfigs 141 | - felixconfigurations 142 | - bgppeers 143 | - globalbgpconfigs 144 | - bgpconfigurations 145 | - ippools 146 | - ipamblocks 147 | - globalnetworkpolicies 148 | - globalnetworksets 149 | - networkpolicies 150 | - networksets 151 | - clusterinformations 152 | - hostendpoints 153 | - blockaffinities 154 | verbs: 155 | - get 156 | - list 157 | - watch 158 | - apiGroups: ["crd.projectcalico.org"] 159 | resources: 160 | - ippools 161 | - felixconfigurations 162 | - clusterinformations 163 | verbs: 164 | - create 165 | - update 166 | - apiGroups: [""] 167 | resources: 168 | - nodes 169 | verbs: 170 | - get 171 | - list 172 | - watch 173 | - apiGroups: ["crd.projectcalico.org"] 174 | resources: 175 | - bgpconfigurations 176 | - bgppeers 177 | verbs: 178 | - create 179 | - update 180 | - apiGroups: ["crd.projectcalico.org"] 181 | resources: 182 | - blockaffinities 183 | - ipamblocks 184 | - ipamhandles 185 | verbs: 186 | - get 187 | - list 188 | - create 189 | - update 190 | - delete 191 | - apiGroups: ["crd.projectcalico.org"] 192 | resources: 193 | - ipamconfigs 194 | verbs: 195 | - get 196 | - apiGroups: ["crd.projectcalico.org"] 197 | resources: 198 | - blockaffinities 199 | verbs: 200 | - watch 201 | - apiGroups: ["apps"] 202 | resources: 203 | - daemonsets 204 | verbs: 205 | - get 206 | 207 | --- 208 | apiVersion: rbac.authorization.k8s.io/v1 209 | kind: ClusterRoleBinding 210 | metadata: 211 | name: calico-node 212 | roleRef: 213 | apiGroup: rbac.authorization.k8s.io 214 | kind: ClusterRole 215 | name: calico-node 216 | subjects: 217 | - kind: ServiceAccount 218 | name: calico-node 219 | namespace: kube-system 220 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/templates/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: ingress-nginx 5 | 6 | --- 7 | apiVersion: v1 8 | kind: Service 9 | metadata: 10 | name: default-http-backend 11 | namespace: ingress-nginx 12 | labels: 13 | app.kubernetes.io/name: default-http-backend 14 | app.kubernetes.io/part-of: ingress-nginx 15 | spec: 16 | ports: 17 | - port: 80 18 | targetPort: 8080 19 | selector: 20 | app.kubernetes.io/name: default-http-backend 21 | app.kubernetes.io/part-of: ingress-nginx 22 | 23 | --- 24 | apiVersion: apps/v1 25 | kind: Deployment 26 | metadata: 27 | name: default-http-backend 28 | namespace: ingress-nginx 29 | labels: 30 | app.kubernetes.io/name: default-http-backend 31 | app.kubernetes.io/part-of: ingress-nginx 32 | spec: 33 | replicas: 1 34 | selector: 35 | matchLabels: 36 | app.kubernetes.io/name: default-http-backend 37 | app.kubernetes.io/part-of: ingress-nginx 38 | template: 39 | metadata: 40 | labels: 41 | app.kubernetes.io/name: default-http-backend 42 | app.kubernetes.io/part-of: ingress-nginx 43 | spec: 44 | terminationGracePeriodSeconds: 60 45 | containers: 46 | - name: default-http-backend 47 | image: k8s.gcr.io/defaultbackend-amd64:{{ BACKEND_VER }} 48 | imagePullPolicy: IfNotPresent 49 | ports: 50 | - containerPort: 8080 51 | resources: 52 | limits: 53 | cpu: 10m 54 | memory: 20Mi 55 | requests: 56 | cpu: 10m 57 | memory: 20Mi 58 | livenessProbe: 59 | httpGet: 60 | path: /healthz 61 | port: 8080 62 | scheme: HTTP 63 | initialDelaySeconds: 30 64 | timeoutSeconds: 5 65 | 66 | --- 67 | apiVersion: v1 68 | kind: ConfigMap 69 | metadata: 70 | name: nginx-configuration 71 | namespace: ingress-nginx 72 | labels: 73 | app.kubernetes.io/name: ingress-nginx 74 | app.kubernetes.io/part-of: ingress-nginx 75 | 76 | --- 77 | apiVersion: v1 78 | kind: ConfigMap 79 | metadata: 80 | name: tcp-services 81 | namespace: ingress-nginx 82 | labels: 83 | app.kubernetes.io/name: ingress-nginx 84 | app.kubernetes.io/part-of: ingress-nginx 85 | 86 | --- 87 | apiVersion: v1 88 | kind: ConfigMap 89 | metadata: 90 | name: udp-services 91 | namespace: ingress-nginx 92 | labels: 93 | app.kubernetes.io/name: ingress-nginx 94 | app.kubernetes.io/part-of: ingress-nginx 95 | 96 | --- 97 | apiVersion: v1 98 | kind: ServiceAccount 99 | metadata: 100 | name: nginx-ingress-serviceaccount 101 | namespace: ingress-nginx 102 | labels: 103 | app.kubernetes.io/name: ingress-nginx 104 | app.kubernetes.io/part-of: ingress-nginx 105 | 106 | --- 107 | apiVersion: rbac.authorization.k8s.io/v1beta1 108 | kind: ClusterRole 109 | metadata: 110 | name: nginx-ingress-clusterrole 111 | labels: 112 | app.kubernetes.io/name: ingress-nginx 113 | app.kubernetes.io/part-of: ingress-nginx 114 | rules: 115 | - apiGroups: 116 | - "" 117 | resources: 118 | - configmaps 119 | - endpoints 120 | - nodes 121 | - pods 122 | - secrets 123 | verbs: 124 | - list 125 | - watch 126 | - apiGroups: 127 | - "" 128 | resources: 129 | - nodes 130 | verbs: 131 | - get 132 | - apiGroups: 133 | - "" 134 | resources: 135 | - services 136 | verbs: 137 | - get 138 | - list 139 | - watch 140 | - apiGroups: 141 | - "extensions" 142 | resources: 143 | - ingresses 144 | verbs: 145 | - get 146 | - list 147 | - watch 148 | - apiGroups: 149 | - "" 150 | resources: 151 | - events 152 | verbs: 153 | - create 154 | - patch 155 | - apiGroups: 156 | - "extensions" 157 | resources: 158 | - ingresses/status 159 | verbs: 160 | - update 161 | 162 | --- 163 | apiVersion: rbac.authorization.k8s.io/v1beta1 164 | kind: Role 165 | metadata: 166 | name: nginx-ingress-role 167 | namespace: ingress-nginx 168 | labels: 169 | app.kubernetes.io/name: ingress-nginx 170 | app.kubernetes.io/part-of: ingress-nginx 171 | rules: 172 | - apiGroups: 173 | - "" 174 | resources: 175 | - configmaps 176 | - pods 177 | - secrets 178 | - namespaces 179 | verbs: 180 | - get 181 | - apiGroups: 182 | - "" 183 | resources: 184 | - configmaps 185 | resourceNames: 186 | - "ingress-controller-leader-nginx" 187 | verbs: 188 | - get 189 | - update 190 | - apiGroups: 191 | - "" 192 | resources: 193 | - configmaps 194 | verbs: 195 | - create 196 | - apiGroups: 197 | - "" 198 | resources: 199 | - endpoints 200 | verbs: 201 | - get 202 | 203 | --- 204 | apiVersion: rbac.authorization.k8s.io/v1beta1 205 | kind: ClusterRoleBinding 206 | metadata: 207 | name: nginx-ingress-clusterrole-binding 208 | labels: 209 | app.kubernetes.io/name: ingress-nginx 210 | app.kubernetes.io/part-of: ingress-nginx 211 | roleRef: 212 | apiGroup: rbac.authorization.k8s.io 213 | kind: ClusterRole 214 | name: nginx-ingress-clusterrole 215 | subjects: 216 | - kind: ServiceAccount 217 | name: nginx-ingress-serviceaccount 218 | namespace: ingress-nginx 219 | 220 | --- 221 | apiVersion: rbac.authorization.k8s.io/v1beta1 222 | kind: RoleBinding 223 | metadata: 224 | name: nginx-ingress-role-binding 225 | namespace: ingress-nginx 226 | labels: 227 | app.kubernetes.io/name: ingress-nginx 228 | app.kubernetes.io/part-of: ingress-nginx 229 | roleRef: 230 | apiGroup: rbac.authorization.k8s.io 231 | kind: Role 232 | name: nginx-ingress-role 233 | subjects: 234 | - kind: ServiceAccount 235 | name: nginx-ingress-serviceaccount 236 | namespace: ingress-nginx 237 | 238 | --- 239 | apiVersion: v1 240 | kind: Service 241 | metadata: 242 | name: ingress-nginx 243 | namespace: ingress-nginx 244 | labels: 245 | app.kubernetes.io/name: ingress-nginx 246 | app.kubernetes.io/part-of: ingress-nginx 247 | spec: 248 | selector: 249 | app.kubernetes.io/name: ingress-nginx 250 | app.kubernetes.io/part-of: ingress-nginx 251 | ports: 252 | - name: http 253 | port: 80 254 | targetPort: http 255 | - name: https 256 | port: 443 257 | targetPort: https 258 | 259 | --- 260 | apiVersion: apps/v1 261 | kind: DaemonSet 262 | metadata: 263 | name: ingress-nginx 264 | namespace: ingress-nginx 265 | labels: 266 | app.kubernetes.io/name: ingress-nginx 267 | app.kubernetes.io/part-of: ingress-nginx 268 | spec: 269 | revisionHistoryLimit: 2147483647 270 | selector: 271 | matchLabels: 272 | app.kubernetes.io/name: ingress-nginx 273 | app.kubernetes.io/part-of: ingress-nginx 274 | updateStrategy: 275 | rollingUpdate: 276 | maxUnavailable: 1 277 | type: RollingUpdate 278 | template: 279 | metadata: 280 | labels: 281 | app.kubernetes.io/name: ingress-nginx 282 | app.kubernetes.io/part-of: ingress-nginx 283 | annotations: 284 | prometheus.io/port: "10254" 285 | prometheus.io/scrape: "true" 286 | spec: 287 | containers: 288 | - name: nginx-ingress-controller 289 | image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:{{ INGRESS_VER }} 290 | imagePullPolicy: IfNotPresent 291 | args: 292 | - /nginx-ingress-controller 293 | - --default-backend-service=$(POD_NAMESPACE)/default-http-backend 294 | - --configmap=$(POD_NAMESPACE)/nginx-configuration 295 | - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services 296 | - --udp-services-configmap=$(POD_NAMESPACE)/udp-services 297 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx 298 | - --annotations-prefix=nginx.ingress.kubernetes.io 299 | env: 300 | - name: POD_NAME 301 | valueFrom: 302 | fieldRef: 303 | apiVersion: v1 304 | fieldPath: metadata.name 305 | - name: POD_NAMESPACE 306 | valueFrom: 307 | fieldRef: 308 | apiVersion: v1 309 | fieldPath: metadata.namespace 310 | ports: 311 | - containerPort: 80 312 | hostPort: 80 313 | name: http 314 | protocol: TCP 315 | - containerPort: 443 316 | hostPort: 443 317 | name: https 318 | protocol: TCP 319 | livenessProbe: 320 | failureThreshold: 3 321 | httpGet: 322 | path: /healthz 323 | port: 10254 324 | scheme: HTTP 325 | initialDelaySeconds: 10 326 | periodSeconds: 10 327 | successThreshold: 1 328 | timeoutSeconds: 1 329 | readinessProbe: 330 | failureThreshold: 3 331 | httpGet: 332 | path: /healthz 333 | port: 10254 334 | scheme: HTTP 335 | periodSeconds: 10 336 | successThreshold: 1 337 | timeoutSeconds: 1 338 | resources: {} 339 | securityContext: 340 | capabilities: 341 | add: 342 | - NET_BIND_SERVICE 343 | drop: 344 | - ALL 345 | procMount: Default 346 | runAsUser: 33 347 | terminationMessagePath: /dev/termination-log 348 | terminationMessagePolicy: File 349 | dnsPolicy: ClusterFirst 350 | hostNetwork: true 351 | restartPolicy: Always 352 | schedulerName: default-scheduler 353 | securityContext: {} 354 | serviceAccount: nginx-ingress-serviceaccount 355 | serviceAccountName: nginx-ingress-serviceaccount 356 | terminationGracePeriodSeconds: 30 357 | -------------------------------------------------------------------------------- /k8s/roles/addons_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | POD_CIDR: 172.10.0.0/16 3 | CALICO_VER: v3.15.1 4 | BACKEND_VER: 1.5 5 | INGRESS_VER: 0.19.0 6 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name={{ SOURCE_DIR }} state=directory 3 | 4 | - name: 更改hostname 5 | raw: "echo {{ hostname }} > /etc/hostname" 6 | 7 | - name: 更改生效 8 | shell: "hostname {{ hostname }}" 9 | 10 | - name: 设置本地dns 11 | shell: "if [ `grep '{{ ansible_ssh_host }} {{ hostname }}' /etc/hosts |wc -l` -eq 0 ]; then echo {{ ansible_ssh_host }} {{ hostname }} >> /etc/hosts; fi" 12 | 13 | - name: 下载repo文件 14 | shell: "if [ ! -f /etc/yum.repos.d/docker.repo ]; then curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo; fi" 15 | 16 | - name: 生成缓存 17 | shell: "yum makecache fast" 18 | args: 19 | warn: False 20 | 21 | - name: 安装docker-ce 22 | yum: 23 | name: docker-ce 24 | state: latest 25 | 26 | - name: 启动docker并开机启动 27 | service: 28 | name: docker 29 | state: started 30 | enabled: yes 31 | 32 | - name: 配置docker 33 | template: src=daemon.json dest=/etc/docker/daemon.json 34 | 35 | - name: 重启docker 36 | service: 37 | name: docker 38 | state: restarted 39 | 40 | - name: 配置kubernetes源 41 | template: src=kubernetes.repo dest=/etc/yum.repos.d/kubernetes.repo 42 | 43 | - name: 安装kubernetes-cni 44 | yum: 45 | name: kubernetes-cni 46 | state: latest 47 | 48 | - name: 安装kubeadm、kubelet、kubectl 49 | shell: "yum install -y kubeadm-{{ VERSION }} kubelet-{{ VERSION }} kubectl-{{ VERSION }} --disableexcludes=kubernetes" 50 | args: 51 | warn: False 52 | 53 | - name: 启动kubelet并开机启动 54 | service: 55 | name: kubelet 56 | state: started 57 | enabled: yes 58 | 59 | - name: 拷贝脚本 60 | template: src=install.sh dest={{ SOURCE_DIR }} mode=0755 61 | 62 | - name: 安装docker-py 63 | script: "{{ SOURCE_DIR }}/install.sh" 64 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: prepare.yml 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | - iptables 31 | - conntrack 32 | - ipvsadm 33 | - ipset 34 | - jq 35 | - sysstat 36 | - libseccomp 37 | state: latest 38 | 39 | - name: 更新系统 40 | shell: "yum update -y --exclude kubeadm,kubelet,kubectl" 41 | ignore_errors: yes 42 | args: 43 | warn: False 44 | 45 | - name: 配置iptables 46 | shell: "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT" 47 | 48 | - name: 关闭swap 49 | shell: "swapoff -a && sed -i '/swap/s/^\\(.*\\)$/#\\1/g' /etc/fstab" 50 | 51 | - name: 系统配置 52 | template: src=kubernetes.conf dest=/etc/sysctl.d/kubernetes.conf 53 | 54 | - name: 加载br_netfilter 55 | shell: "modprobe br_netfilter" 56 | 57 | - name: 生效配置 58 | shell: "sysctl -p /etc/sysctl.d/kubernetes.conf" 59 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/templates/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "registry-mirrors": ["http://f1361db2.m.daocloud.io"], 3 | "exec-opts":["native.cgroupdriver=systemd"] 4 | } 5 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/templates/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | loop_exec() { 4 | CMD=$1 5 | while :; do 6 | ${CMD} 7 | if [ $? -eq 0 ] ; then 8 | break; 9 | fi 10 | done 11 | } 12 | 13 | main() { 14 | loop_exec "yum install -y python python-pip" 15 | loop_exec "pip install --upgrade pip" 16 | loop_exec "pip install docker-py" 17 | } 18 | 19 | main 20 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/templates/kubernetes.conf: -------------------------------------------------------------------------------- 1 | net.bridge.bridge-nf-call-iptables=1 2 | net.bridge.bridge-nf-call-ip6tables=1 3 | net.ipv4.ip_forward=1 4 | vm.swappiness=0 5 | vm.overcommit_memory=1 6 | vm.panic_on_oom=0 7 | fs.inotify.max_user_watches=89100 8 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/templates/kubernetes.repo: -------------------------------------------------------------------------------- 1 | [kubernetes] 2 | name=Kubernetes 3 | baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 4 | enabled=1 5 | gpgcheck=0 6 | repo_gpgcheck=0 7 | gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg 8 | http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 9 | -------------------------------------------------------------------------------- /k8s/roles/docker_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | VERSION: 1.18.3 3 | -------------------------------------------------------------------------------- /k8s/roles/master_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 拷贝kubeadm配置文件 2 | template: src=kubeadm-config.yaml dest={{ SOURCE_DIR }} 3 | 4 | - name: 集群初始化准备1 5 | shell: "swapoff -a && kubeadm reset -f" 6 | 7 | - name: 集群初始化准备2 8 | shell: "systemctl daemon-reload && systemctl restart kubelet" 9 | 10 | - name: 集群初始化准备3 11 | shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X" 12 | 13 | - name: 拉取镜像 14 | shell: "kubeadm config images pull --kubernetes-version={{ VERSION }} --image-repository=registry.aliyuncs.com/google_containers" 15 | 16 | - name: 集群初始化 17 | shell: "kubeadm init --config={{ SOURCE_DIR }}/kubeadm-config.yaml --upload-certs &>{{ SOURCE_DIR }}/token" 18 | 19 | - name: 获取master的token 20 | shell: "grep -B2 'control-plane --certificate-key' {{ SOURCE_DIR }}/token > {{ SOURCE_DIR }}/master.sh" 21 | 22 | - name: 获取node的token 23 | shell: "grep -A1 'kubeadm join' {{ SOURCE_DIR }}/token |tail -2 > {{ SOURCE_DIR }}/node.sh" 24 | 25 | - name: 分发master.sh 26 | shell: "ansible master -m copy -a 'src={{ SOURCE_DIR }}/master.sh dest={{ SOURCE_DIR }} mode=0755'" 27 | args: 28 | warn: False 29 | 30 | - name: 分发node.sh 31 | shell: "ansible node -m copy -a 'src={{ SOURCE_DIR }}/node.sh dest={{ SOURCE_DIR }} mode=0755'" 32 | args: 33 | warn: False 34 | 35 | - name: 创建 $HOME/.kube 目录 36 | file: name=$HOME/.kube state=directory 37 | 38 | - name: 拷贝KubeConfig 39 | copy: src=/etc/kubernetes/admin.conf dest=$HOME/.kube/config owner=root group=root 40 | 41 | - name: kubectl命令补全1 42 | shell: "kubectl completion bash > $HOME/.kube/completion.bash.inc" 43 | 44 | - name: kubectl命令补全2 45 | shell: "if [ `grep 'source $HOME/.kube/completion.bash.inc' $HOME/.bash_profile |wc -l` -eq 0 ]; then echo 'source $HOME/.kube/completion.bash.inc' >> $HOME/.bash_profile; fi" 46 | 47 | - name: 生效配置 48 | shell: "source $HOME/.bash_profile" 49 | ignore_errors: yes 50 | -------------------------------------------------------------------------------- /k8s/roles/master_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: install.yml 2 | -------------------------------------------------------------------------------- /k8s/roles/master_install/templates/kubeadm-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeadm.k8s.io/v1beta2 2 | kind: ClusterConfiguration 3 | kubernetesVersion: "{{ VERSION }}" 4 | controlPlaneEndpoint: "{{ MASTER_IP }}:6443" 5 | networking: 6 | podSubnet: "{{ POD_CIDR }}" 7 | imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers 8 | -------------------------------------------------------------------------------- /k8s/roles/master_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | VERSION: v1.18.3 3 | POD_CIDR: 172.10.0.0/16 4 | MASTER_IP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" 5 | -------------------------------------------------------------------------------- /k8s/roles/node_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 集群初始化准备1 2 | shell: "swapoff -a && kubeadm reset -f" 3 | 4 | - name: 集群初始化准备2 5 | shell: "systemctl daemon-reload && systemctl restart kubelet" 6 | 7 | - name: 集群初始化准备3 8 | shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X" 9 | 10 | - name: 集群增加node 11 | script: "{{ SOURCE_DIR }}/node.sh" 12 | 13 | - name: 删除node的token 14 | file: name={{ SOURCE_DIR }}/node.sh state=absent 15 | -------------------------------------------------------------------------------- /k8s/roles/node_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - include: install.yml 2 | -------------------------------------------------------------------------------- /k8s/roles/node_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | -------------------------------------------------------------------------------- /k8s_ha/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以Kubeadm方式部署高可用K8S集群(多主多从),版本是v1.14.0。 2 | -------------------------------------------------------------------------------- /k8s_ha/k8s.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - docker_install 8 | 9 | - hosts: master 10 | remote_user: root 11 | gather_facts: True 12 | 13 | roles: 14 | - init_install 15 | 16 | - hosts: add_master 17 | remote_user: root 18 | gather_facts: True 19 | 20 | roles: 21 | - master_install 22 | 23 | - hosts: add_node 24 | remote_user: root 25 | gather_facts: True 26 | 27 | roles: 28 | - node_install 29 | 30 | - hosts: master 31 | remote_user: root 32 | gather_facts: True 33 | 34 | roles: 35 | - addons_install 36 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/tasks/calico.yml: -------------------------------------------------------------------------------- 1 | - name: 创建addons目录 2 | file: name=/etc/kubernetes/addons state=directory 3 | 4 | - name: 拷贝calico-rbac-kdd.yaml 5 | template: src=calico-rbac-kdd.yaml dest=/etc/kubernetes/addons 6 | 7 | - name: 拷贝calico.yaml 8 | template: src=calico.yaml dest=/etc/kubernetes/addons 9 | 10 | - name: 拉取calico typha镜像 11 | shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-typha:v0.7.4'" 12 | 13 | - name: tag calico typha镜像 14 | shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-typha:v0.7.4 quay.io/calico/typha:v0.7.4'" 15 | 16 | - name: 拉取calico node镜像 17 | shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-node:v3.1.3'" 18 | 19 | - name: tag calico node镜像 20 | shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-node:v3.1.3 quay.io/calico/node:v3.1.3'" 21 | 22 | - name: 拉取calico cni镜像 23 | shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-cni:v3.1.3'" 24 | 25 | - name: tag calico cni镜像 26 | shell: "ansible all -m shell -a 'docker tag registry.cn-hangzhou.aliyuncs.com/liuyi01/calico-cni:v3.1.3 quay.io/calico/cni:v3.1.3'" 27 | 28 | - name: 创建calico-rbac 29 | shell: "kubectl apply -f /etc/kubernetes/addons/calico-rbac-kdd.yaml" 30 | 31 | - name: 部署calico 32 | shell: "kubectl apply -f /etc/kubernetes/addons/calico.yaml" 33 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/tasks/dashboard.yml: -------------------------------------------------------------------------------- 1 | - name: 拷贝dashboard-all.yaml 2 | template: src=dashboard-all.yaml dest=/etc/kubernetes/addons 3 | 4 | - name: 拉取dashboard镜像 5 | shell: "ansible all -m shell -a 'docker pull registry.cn-hangzhou.aliyuncs.com/imooc/kubernetes-dashboard-amd64:v1.8.3'" 6 | 7 | - name: 部署dashboard 8 | shell: "kubectl apply -f /etc/kubernetes/addons/dashboard-all.yaml" 9 | 10 | - name: 创建ServiceaAccount 11 | shell: "kubectl create sa dashboard-admin -n kube-system" 12 | 13 | - name: 权限绑定 14 | shell: "kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin" 15 | 16 | - name: 获取登录token 17 | shell: "ADMIN_SECRET=$(kubectl get secrets -n kube-system | grep dashboard-admin | awk '{print $1}'); kubectl describe secret -n kube-system ${ADMIN_SECRET} | grep -E '^token' | awk '{print $2}' > {{ SOURCE_DIR }}/token.txt" 18 | register: token 19 | 20 | - name: 显示token位置 21 | debug: var=token.cmd verbosity=0 22 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用calico、dashboard模块 2 | - include: calico.yml 3 | - include: dashboard.yml 4 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/templates/calico-rbac-kdd.yaml: -------------------------------------------------------------------------------- 1 | # Calico Version v3.1.3 2 | # https://docs.projectcalico.org/v3.1/releases#v3.1.3 3 | kind: ClusterRole 4 | apiVersion: rbac.authorization.k8s.io/v1beta1 5 | metadata: 6 | name: calico-node 7 | rules: 8 | - apiGroups: [""] 9 | resources: 10 | - namespaces 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: [""] 16 | resources: 17 | - pods/status 18 | verbs: 19 | - update 20 | - apiGroups: [""] 21 | resources: 22 | - pods 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - patch 28 | - apiGroups: [""] 29 | resources: 30 | - services 31 | verbs: 32 | - get 33 | - apiGroups: [""] 34 | resources: 35 | - endpoints 36 | verbs: 37 | - get 38 | - apiGroups: [""] 39 | resources: 40 | - nodes 41 | verbs: 42 | - get 43 | - list 44 | - update 45 | - watch 46 | - apiGroups: ["extensions"] 47 | resources: 48 | - networkpolicies 49 | verbs: 50 | - get 51 | - list 52 | - watch 53 | - apiGroups: ["networking.k8s.io"] 54 | resources: 55 | - networkpolicies 56 | verbs: 57 | - watch 58 | - list 59 | - apiGroups: ["crd.projectcalico.org"] 60 | resources: 61 | - globalfelixconfigs 62 | - felixconfigurations 63 | - bgppeers 64 | - globalbgpconfigs 65 | - bgpconfigurations 66 | - ippools 67 | - globalnetworkpolicies 68 | - globalnetworksets 69 | - networkpolicies 70 | - clusterinformations 71 | - hostendpoints 72 | verbs: 73 | - create 74 | - get 75 | - list 76 | - update 77 | - watch 78 | --- 79 | apiVersion: rbac.authorization.k8s.io/v1beta1 80 | kind: ClusterRoleBinding 81 | metadata: 82 | name: calico-node 83 | roleRef: 84 | apiGroup: rbac.authorization.k8s.io 85 | kind: ClusterRole 86 | name: calico-node 87 | subjects: 88 | - kind: ServiceAccount 89 | name: calico-node 90 | namespace: kube-system 91 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/templates/dashboard-all.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | labels: 5 | k8s-app: kubernetes-dashboard 6 | # Allows editing resource and makes sure it is created first. 7 | addonmanager.kubernetes.io/mode: EnsureExists 8 | name: kubernetes-dashboard-settings 9 | namespace: kube-system 10 | --- 11 | apiVersion: v1 12 | kind: ServiceAccount 13 | metadata: 14 | labels: 15 | k8s-app: kubernetes-dashboard 16 | addonmanager.kubernetes.io/mode: Reconcile 17 | name: kubernetes-dashboard 18 | namespace: kube-system 19 | --- 20 | apiVersion: apps/v1 21 | kind: Deployment 22 | metadata: 23 | name: kubernetes-dashboard 24 | namespace: kube-system 25 | labels: 26 | k8s-app: kubernetes-dashboard 27 | kubernetes.io/cluster-service: "true" 28 | addonmanager.kubernetes.io/mode: Reconcile 29 | spec: 30 | selector: 31 | matchLabels: 32 | k8s-app: kubernetes-dashboard 33 | template: 34 | metadata: 35 | labels: 36 | k8s-app: kubernetes-dashboard 37 | annotations: 38 | scheduler.alpha.kubernetes.io/critical-pod: '' 39 | seccomp.security.alpha.kubernetes.io/pod: 'docker/default' 40 | spec: 41 | priorityClassName: system-cluster-critical 42 | containers: 43 | - name: kubernetes-dashboard 44 | image: registry.cn-hangzhou.aliyuncs.com/imooc/kubernetes-dashboard-amd64:v1.8.3 45 | resources: 46 | limits: 47 | cpu: 100m 48 | memory: 300Mi 49 | requests: 50 | cpu: 50m 51 | memory: 100Mi 52 | ports: 53 | - containerPort: 8443 54 | protocol: TCP 55 | args: 56 | # PLATFORM-SPECIFIC ARGS HERE 57 | - --auto-generate-certificates 58 | volumeMounts: 59 | - name: kubernetes-dashboard-certs 60 | mountPath: /certs 61 | - name: tmp-volume 62 | mountPath: /tmp 63 | livenessProbe: 64 | httpGet: 65 | scheme: HTTPS 66 | path: / 67 | port: 8443 68 | initialDelaySeconds: 30 69 | timeoutSeconds: 30 70 | volumes: 71 | - name: kubernetes-dashboard-certs 72 | secret: 73 | secretName: kubernetes-dashboard-certs 74 | - name: tmp-volume 75 | emptyDir: {} 76 | serviceAccountName: kubernetes-dashboard 77 | tolerations: 78 | - key: "CriticalAddonsOnly" 79 | operator: "Exists" 80 | --- 81 | apiVersion: rbac.authorization.k8s.io/v1 82 | kind: Role 83 | metadata: 84 | labels: 85 | k8s-app: kubernetes-dashboard 86 | addonmanager.kubernetes.io/mode: Reconcile 87 | name: kubernetes-dashboard-minimal 88 | namespace: kube-system 89 | rules: 90 | # Allow Dashboard to get, update and delete Dashboard exclusive secrets. 91 | - apiGroups: [""] 92 | resources: ["secrets"] 93 | resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"] 94 | verbs: ["get", "update", "delete"] 95 | # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map. 96 | - apiGroups: [""] 97 | resources: ["configmaps"] 98 | resourceNames: ["kubernetes-dashboard-settings"] 99 | verbs: ["get", "update"] 100 | # Allow Dashboard to get metrics from heapster. 101 | - apiGroups: [""] 102 | resources: ["services"] 103 | resourceNames: ["heapster"] 104 | verbs: ["proxy"] 105 | - apiGroups: [""] 106 | resources: ["services/proxy"] 107 | resourceNames: ["heapster", "http:heapster:", "https:heapster:"] 108 | verbs: ["get"] 109 | --- 110 | apiVersion: rbac.authorization.k8s.io/v1 111 | kind: RoleBinding 112 | metadata: 113 | name: kubernetes-dashboard-minimal 114 | namespace: kube-system 115 | labels: 116 | k8s-app: kubernetes-dashboard 117 | addonmanager.kubernetes.io/mode: Reconcile 118 | roleRef: 119 | apiGroup: rbac.authorization.k8s.io 120 | kind: Role 121 | name: kubernetes-dashboard-minimal 122 | subjects: 123 | - kind: ServiceAccount 124 | name: kubernetes-dashboard 125 | namespace: kube-system 126 | --- 127 | apiVersion: v1 128 | kind: Secret 129 | metadata: 130 | labels: 131 | k8s-app: kubernetes-dashboard 132 | # Allows editing resource and makes sure it is created first. 133 | addonmanager.kubernetes.io/mode: EnsureExists 134 | name: kubernetes-dashboard-certs 135 | namespace: kube-system 136 | type: Opaque 137 | --- 138 | apiVersion: v1 139 | kind: Secret 140 | metadata: 141 | labels: 142 | k8s-app: kubernetes-dashboard 143 | # Allows editing resource and makes sure it is created first. 144 | addonmanager.kubernetes.io/mode: EnsureExists 145 | name: kubernetes-dashboard-key-holder 146 | namespace: kube-system 147 | type: Opaque 148 | --- 149 | apiVersion: v1 150 | kind: Service 151 | metadata: 152 | name: kubernetes-dashboard 153 | namespace: kube-system 154 | labels: 155 | k8s-app: kubernetes-dashboard 156 | kubernetes.io/cluster-service: "true" 157 | addonmanager.kubernetes.io/mode: Reconcile 158 | spec: 159 | selector: 160 | k8s-app: kubernetes-dashboard 161 | ports: 162 | - port: 443 163 | targetPort: 8443 164 | nodePort: 30005 165 | type: NodePort 166 | -------------------------------------------------------------------------------- /k8s_ha/roles/addons_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义k8s集群插件安装中的变量 2 | 3 | #Pod网段 4 | POD_CIDR: 172.10.0.0/16 5 | 6 | SOURCE_DIR: /software 7 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name={{ SOURCE_DIR }} state=directory 3 | 4 | - name: 更改hostname 5 | raw: "echo {{ hostname }} > /etc/hostname" 6 | 7 | - name: 更改生效 8 | shell: "hostname {{ hostname }}" 9 | 10 | - name: 设置本地dns 11 | shell: "if [ `grep '{{ ansible_ssh_host }} {{ hostname }}' /etc/hosts |wc -l` -eq 0 ]; then echo {{ ansible_ssh_host }} {{ hostname }} >> /etc/hosts; fi" 12 | 13 | - name: 下载repo文件 14 | shell: "if [ ! -f /etc/yum.repos.d/docker.repo ]; then curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo; fi" 15 | 16 | - name: 生成缓存 17 | shell: "yum makecache fast" 18 | args: 19 | warn: False 20 | 21 | - name: 安装docker-ce 22 | yum: 23 | name: docker-ce 24 | state: latest 25 | 26 | - name: 启动docker并开机启动 27 | service: 28 | name: docker 29 | state: started 30 | enabled: yes 31 | 32 | - name: 配置docker 33 | template: src=daemon.json dest=/etc/docker/daemon.json 34 | 35 | - name: 重启docker 36 | service: 37 | name: docker 38 | state: restarted 39 | 40 | - name: 配置kubernetes源 41 | template: src=kubernetes.repo dest=/etc/yum.repos.d/kubernetes.repo 42 | 43 | - name: 安装kubernetes-cni 44 | yum: 45 | name: kubernetes-cni 46 | state: latest 47 | 48 | - name: 安装kubeadm、kubelet、kubectl 49 | shell: "yum install -y kubeadm-{{ VERSION }} kubelet-{{ VERSION }} kubectl-{{ VERSION }} --disableexcludes=kubernetes" 50 | args: 51 | warn: False 52 | 53 | - name: 启动kubelet并开机启动 54 | service: 55 | name: kubelet 56 | state: started 57 | enabled: yes 58 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、install模块 2 | - include: prepare.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | - iptables 31 | - conntrack 32 | - ipvsadm 33 | - ipset 34 | - jq 35 | - sysstat 36 | - libseccomp 37 | state: latest 38 | 39 | - name: 更新系统 40 | shell: "yum update -y --exclude kubeadm,kubelet,kubectl" 41 | ignore_errors: yes 42 | args: 43 | warn: False 44 | 45 | - name: 配置iptables 46 | shell: "iptables -F && iptables -X && iptables -F -t nat && iptables -X -t nat && iptables -P FORWARD ACCEPT" 47 | 48 | - name: 关闭swap 49 | shell: "swapoff -a && sed -i '/swap/s/^\\(.*\\)$/#\\1/g' /etc/fstab" 50 | 51 | - name: 系统配置 52 | template: src=kubernetes.conf dest=/etc/sysctl.d/kubernetes.conf 53 | 54 | - name: 加载br_netfilter 55 | shell: "modprobe br_netfilter" 56 | 57 | - name: 生效配置 58 | shell: "sysctl -p /etc/sysctl.d/kubernetes.conf" 59 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/templates/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "registry-mirrors": ["http://f1361db2.m.daocloud.io"], 3 | "exec-opts":["native.cgroupdriver=systemd"] 4 | } 5 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/templates/kubernetes.conf: -------------------------------------------------------------------------------- 1 | net.bridge.bridge-nf-call-iptables=1 2 | net.bridge.bridge-nf-call-ip6tables=1 3 | net.ipv4.ip_forward=1 4 | vm.swappiness=0 5 | vm.overcommit_memory=1 6 | vm.panic_on_oom=0 7 | fs.inotify.max_user_watches=89100 8 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/templates/kubernetes.repo: -------------------------------------------------------------------------------- 1 | [kubernetes] 2 | name=Kubernetes 3 | baseurl=http://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64 4 | enabled=1 5 | gpgcheck=0 6 | repo_gpgcheck=0 7 | gpgkey=http://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg 8 | http://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg 9 | -------------------------------------------------------------------------------- /k8s_ha/roles/docker_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义docker安装中的变量 2 | SOURCE_DIR: /software 3 | VERSION: 1.14.0-0 4 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 安装keepalived 2 | yum: name=keepalived state=present 3 | 4 | - name: 拷贝keepalived配置文件 5 | template: src=keepalived-master.conf dest=/etc/keepalived/keepalived.conf 6 | 7 | - name: 拷贝keepalived检查脚本 8 | template: src=check-apiserver.sh dest=/etc/keepalived/check-apiserver.sh mode=0755 9 | 10 | - name: 启动keepalived并开机启动 11 | service: 12 | name: keepalived 13 | state: started 14 | enabled: yes 15 | 16 | - name: 拷贝kubeadm配置文件 17 | template: src=kubeadm-config.yaml dest={{ SOURCE_DIR }} 18 | 19 | - name: 集群初始化准备1 20 | shell: "swapoff -a && kubeadm reset -f" 21 | 22 | - name: 集群初始化准备2 23 | shell: "systemctl daemon-reload && systemctl restart kubelet" 24 | 25 | - name: 集群初始化准备3 26 | shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X" 27 | 28 | - name: 拉取kube-scheduler镜像 29 | shell: "docker pull registry.cn-hangzhou.aliyuncs.com/imooc/kube-scheduler:{{ VERSION }}" 30 | 31 | - name: 集群初始化 32 | shell: "kubeadm init --config={{ SOURCE_DIR }}/kubeadm-config.yaml --experimental-upload-certs &>{{ SOURCE_DIR }}/token.txt" 33 | 34 | - name: 获取master的token 35 | shell: "grep -B2 'experimental-control-plane' {{ SOURCE_DIR }}/token.txt > {{ SOURCE_DIR }}/master.sh" 36 | 37 | - name: 获取node的token 38 | shell: "grep -A1 'kubeadm join' {{ SOURCE_DIR }}/token.txt |tail -2 > {{ SOURCE_DIR }}/node.sh" 39 | 40 | - name: 分发master.sh 41 | shell: "ansible all -m copy -a 'src={{ SOURCE_DIR }}/master.sh dest={{ SOURCE_DIR }} mode=0755'" 42 | args: 43 | warn: False 44 | 45 | - name: 分发node.sh 46 | shell: "ansible all -m copy -a 'src={{ SOURCE_DIR }}/node.sh dest={{ SOURCE_DIR }} mode=0755'" 47 | args: 48 | warn: False 49 | 50 | - name: 创建 $HOME/.kube 目录 51 | file: name=$HOME/.kube state=directory 52 | 53 | - name: 拷贝KubeConfig 54 | copy: src=/etc/kubernetes/admin.conf dest=$HOME/.kube/config owner=root group=root 55 | 56 | - name: kubectl命令补全1 57 | shell: "kubectl completion bash > $HOME/.kube/completion.bash.inc" 58 | 59 | - name: kubectl命令补全2 60 | shell: "if [ `grep 'source $HOME/.kube/completion.bash.inc' $HOME/.bash_profile |wc -l` -eq 0 ]; then echo 'source $HOME/.kube/completion.bash.inc' >> $HOME/.bash_profile; fi" 61 | 62 | - name: 生效配置 63 | shell: "source $HOME/.bash_profile" 64 | ignore_errors: yes 65 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/templates/check-apiserver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | netstat -lntp |grep 6443 || exit 1 4 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/templates/keepalived-master.conf: -------------------------------------------------------------------------------- 1 | ! Configuration File for keepalived 2 | global_defs { 3 | router_id keepalive-master 4 | } 5 | 6 | vrrp_script check_apiserver { 7 | script "/etc/keepalived/check-apiserver.sh" 8 | interval 3 9 | weight -{{ Cluster_Num }} 10 | } 11 | 12 | vrrp_instance VI-kube-master { 13 | state MASTER 14 | interface {{ VIP_IF }} 15 | virtual_router_id {{ Virtual_Router_ID }} 16 | priority 100 17 | dont_track_primary 18 | advert_int 3 19 | virtual_ipaddress { 20 | {{ MASTER_VIP }} 21 | } 22 | track_script { 23 | check_apiserver 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/templates/kubeadm-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kubeadm.k8s.io/v1beta1 2 | kind: ClusterConfiguration 3 | kubernetesVersion: {{ VERSION }} 4 | controlPlaneEndpoint: "{{ MASTER_VIP }}:6443" 5 | networking: 6 | # This CIDR is a Calico default. Substitute or remove for your CNI provider. 7 | podSubnet: "{{ POD_CIDR }}" 8 | imageRepository: registry.cn-hangzhou.aliyuncs.com/imooc 9 | -------------------------------------------------------------------------------- /k8s_ha/roles/init_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义初始化k8s集群中的变量 2 | 3 | #kubernetes版本 4 | VERSION: v1.14.0 5 | #Pod网段 6 | POD_CIDR: 172.10.0.0/16 7 | #master虚拟ip(建议为同网段地址) 8 | MASTER_VIP: 192.168.30.188 9 | #keepalived用到的网卡接口名 10 | VIP_IF: ens33 11 | 12 | SOURCE_DIR: /software 13 | Cluster_Num: "{{ groups['all'] | length }}" 14 | Virtual_Router_ID: 68 15 | -------------------------------------------------------------------------------- /k8s_ha/roles/master_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 安装keepalived 2 | yum: name=keepalived state=present 3 | 4 | - name: 拷贝keepalived配置文件 5 | template: src=keepalived-backup.conf dest=/etc/keepalived/keepalived.conf 6 | 7 | - name: 拷贝keepalived检查脚本 8 | template: src=check-apiserver.sh dest=/etc/keepalived/check-apiserver.sh mode=0755 9 | 10 | - name: 启动keepalived并开机启动 11 | service: 12 | name: keepalived 13 | state: started 14 | enabled: yes 15 | 16 | - name: 集群初始化准备1 17 | shell: "swapoff -a && kubeadm reset -f" 18 | 19 | - name: 集群初始化准备2 20 | shell: "systemctl daemon-reload && systemctl restart kubelet" 21 | 22 | - name: 集群初始化准备3 23 | shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X" 24 | 25 | - name: 集群增加master 26 | script: "{{ SOURCE_DIR }}/master.sh" 27 | 28 | - name: 创建 $HOME/.kube 目录 29 | file: name=$HOME/.kube state=directory 30 | 31 | - name: 拷贝KubeConfig 32 | copy: src=/etc/kubernetes/admin.conf dest=$HOME/.kube/config owner=root group=root 33 | 34 | - name: kubectl命令补全1 35 | shell: "kubectl completion bash > $HOME/.kube/completion.bash.inc" 36 | 37 | - name: kubectl命令补全2 38 | shell: "if [ `grep 'source $HOME/.kube/completion.bash.inc' $HOME/.bash_profile |wc -l` -eq 0 ]; then echo 'source $HOME/.kube/completion.bash.inc' >> $HOME/.bash_profile; fi" 39 | 40 | - name: 生效配置 41 | shell: "source $HOME/.bash_profile" 42 | ignore_errors: yes 43 | 44 | - name: 删除master的token 45 | file: name={{ SOURCE_DIR }}/master.sh state=absent 46 | 47 | - name: 删除node的token 48 | file: name={{ SOURCE_DIR }}/node.sh state=absent 49 | -------------------------------------------------------------------------------- /k8s_ha/roles/master_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /k8s_ha/roles/master_install/templates/check-apiserver.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | netstat -lntp |grep 6443 || exit 1 4 | -------------------------------------------------------------------------------- /k8s_ha/roles/master_install/templates/keepalived-backup.conf: -------------------------------------------------------------------------------- 1 | ! Configuration File for keepalived 2 | global_defs { 3 | router_id keepalive-backup 4 | } 5 | 6 | vrrp_script check_apiserver { 7 | script "/etc/keepalived/check-apiserver.sh" 8 | interval 3 9 | weight -{{ Cluster_Num }} 10 | } 11 | 12 | vrrp_instance VI-kube-master { 13 | state BACKUP 14 | interface {{ VIP_IF }} 15 | virtual_router_id {{ Virtual_Router_ID }} 16 | priority 99 17 | dont_track_primary 18 | advert_int 3 19 | virtual_ipaddress { 20 | {{ MASTER_VIP }} 21 | } 22 | track_script { 23 | check_apiserver 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /k8s_ha/roles/master_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义新增master到集群中的变量 2 | 3 | #注意与keepalived master一致 4 | #master虚拟ip(建议为同网段地址) 5 | MASTER_VIP: 192.168.30.188 6 | #keepalived用到的网卡接口名 7 | VIP_IF: ens33 8 | 9 | SOURCE_DIR: /software 10 | Cluster_Num: "{{ groups['all'] | length }}" 11 | Virtual_Router_ID: 68 12 | -------------------------------------------------------------------------------- /k8s_ha/roles/node_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 集群初始化准备1 2 | shell: "swapoff -a && kubeadm reset -f" 3 | 4 | - name: 集群初始化准备2 5 | shell: "systemctl daemon-reload && systemctl restart kubelet" 6 | 7 | - name: 集群初始化准备3 8 | shell: "iptables -F && iptables -t nat -F && iptables -t mangle -F && iptables -X" 9 | 10 | - name: 集群增加node 11 | script: "{{ SOURCE_DIR }}/node.sh" 12 | 13 | - name: 删除master的token 14 | file: name={{ SOURCE_DIR }}/master.sh state=absent 15 | 16 | - name: 删除node的token 17 | file: name={{ SOURCE_DIR }}/node.sh state=absent 18 | -------------------------------------------------------------------------------- /k8s_ha/roles/node_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /k8s_ha/roles/node_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义新增node到集群中的变量 2 | 3 | SOURCE_DIR: /software 4 | -------------------------------------------------------------------------------- /lnmp/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,批量部署LNMP环境 2 | -------------------------------------------------------------------------------- /lnmp/lnmp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: dbserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - mysql_install 8 | 9 | - hosts: webserver 10 | remote_user: root 11 | gather_facts: True 12 | 13 | roles: 14 | - php_install 15 | - nginx_install 16 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建mysql用户组 2 | group: name={{ MYSQL_USER }} state=present 3 | 4 | - name: 创建mysql用户 5 | user: name={{ MYSQL_USER }} group={{ MYSQL_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建所需目录 8 | file: name={{ item }} state=directory mode=0755 recurse=yes 9 | with_items: 10 | - "{{ SOURCE_DIR }}" 11 | - "{{ DATA_DIR }}" 12 | 13 | - name: 更改目录属主属组 14 | file: name={{ DATA_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 15 | 16 | #当前主机下没有mysql包 17 | - name: 下载mysql包 18 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 19 | 20 | #当前主机file目录下已有mysql包 21 | #- name: 拷贝现有mysql包到所有主机 22 | # copy: src=mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 23 | 24 | - name: 解压mysql包 25 | unarchive: src={{ SOURCE_DIR }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest=/usr/local owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 26 | 27 | - name: 目录重命名 28 | shell: "mv /usr/local/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64 {{ BASE_DIR }} && chown -R {{ MYSQL_USER }}:{{ MYSQL_USER }} {{ BASE_DIR }}" 29 | 30 | #复制mysql配置文件 31 | - name: 拷贝mysql配置文件 32 | template: src=my.cnf dest=/etc/my.cnf owner=root group=root 33 | 34 | #复制mysql服务文件 35 | - name: 拷贝mysql服务文件 36 | template: src=mysqld.service dest=/usr/lib/systemd/system/mysqld.service owner=root group=root 37 | 38 | #复制更改密码脚本 39 | - name: 拷贝更改密码脚本 40 | template: src=change_passwd.sh dest={{ SOURCE_DIR }} owner=root group=root 41 | 42 | - name: 创建日志目录 43 | file: name={{ item }} state=directory owner={{ MYSQL_USER }} group={{ MYSQL_USER }} mode=0755 recurse=yes 44 | with_items: 45 | - "/var/log/mysql" 46 | - "/var/run/mysqld" 47 | - "{{ BASE_DIR }}/tmp" 48 | - "{{ BASE_DIR }}/log" 49 | 50 | - name: 创建错误日志文件 51 | file: dest={{ BASE_DIR }}/log/error.log state=touch owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 52 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #初始化安装mysql 2 | - name: mysql初始化 3 | shell: "{{ BASE_DIR }}/bin/mysqld --initialize-insecure --user={{ MYSQL_USER }} --basedir={{ BASE_DIR }} --datadir={{ DATA_DIR }}" 4 | 5 | - name: 拷贝启动脚本到/etc下 6 | copy: src={{ BASE_DIR }}/support-files/mysql.server dest=/etc/init.d/mysql 7 | 8 | - name: 修改启动脚本_1 9 | lineinfile: 10 | dest: /etc/init.d/mysql 11 | regexp: "^basedir=" 12 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 13 | line: "basedir={{ BASE_DIR }}" 14 | 15 | - name: 修改启动脚本_2 16 | lineinfile: 17 | dest: /etc/init.d/mysql 18 | regexp: "^datadir=" 19 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 20 | line: "datadir={{ DATA_DIR }}" 21 | 22 | - name: 修改启动脚本_3 23 | file: dest=/etc/init.d/mysql state=file mode=0755 24 | 25 | - name: 配置环境变量 26 | shell: " if [ `grep {{ BASE_DIR }}/bin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ BASE_DIR }}/bin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 27 | 28 | - name: 启动mysql并开机启动 29 | shell: "systemctl daemon-reload && systemctl enable mysqld && systemctl start mysqld" 30 | 31 | - name: 设置数据库root密码 32 | shell: "bash {{ SOURCE_DIR }}/change_passwd.sh" 33 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | - perl-Data-Dumper 31 | - libaio-devel 32 | - autoconf 33 | - cmake 34 | - openssl 35 | - openssl-devel 36 | - pcre 37 | - pcre-devel 38 | - zlib 39 | - zlib-devel 40 | - gd-devel 41 | - libxml2-devel 42 | - bzip2-devel 43 | - gnutls-devel 44 | - ncurses-devel 45 | - bison 46 | - bison-devel 47 | - openldap 48 | - openldap-devel 49 | - libcurl-devel 50 | - libevent 51 | - libevent-devel 52 | - expat-devel 53 | - numactl 54 | state: latest 55 | 56 | - name: 更新系统 57 | shell: "yum update -y" 58 | args: 59 | warn: False 60 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/templates/change_passwd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #该脚本用于更改数据库root密码 3 | 4 | passwd={{ MYSQL_PASSWD }} 5 | n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l` 6 | 7 | if [ $n -eq 0 ] 8 | then 9 | echo "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profile 10 | source /etc/profile 11 | else 12 | source /etc/profile 13 | fi 14 | 15 | {{ BASE_DIR }}/bin/mysql -uroot -D mysql -e "UPDATE user SET authentication_string=PASSWORD("$passwd") WHERE user='root';" 16 | 17 | {{ BASE_DIR }}/bin/mysql -uroot -e "FLUSH PRIVILEGES;" 18 | 19 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all privileges on *.* to root@'%' identified by '$passwd';" 20 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/templates/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = {{ MYSQL_PORT }} 3 | socket = {{ BASE_DIR }}/tmp/mysql.sock 4 | 5 | [mysql] 6 | default-character-set=utf8 7 | 8 | [mysqld] 9 | default-storage-engine=INNODB 10 | character_set_server=utf8 11 | explicit_defaults_for_timestamp 12 | basedir={{ BASE_DIR }} 13 | datadir={{ DATA_DIR }} 14 | socket={{ BASE_DIR }}/tmp/mysql.sock 15 | log_error = {{ BASE_DIR }}/log/error.log 16 | 17 | sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION 18 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/templates/mysqld.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=MySQL Server 3 | After=network.target 4 | After=syslog.target 5 | 6 | [Install] 7 | WantedBy=multi-user.target 8 | 9 | [Service] 10 | User=mysql 11 | Group=mysql 12 | ExecStart={{ BASE_DIR }}/bin/mysqld --defaults-file=/etc/my.cnf 13 | 14 | #连接数限制 15 | LimitNOFILE=65535 16 | LimitNPROC=65535 17 | 18 | #Restart配置可以在进程被kill掉之后,让systemctl产生新的进程,避免服务挂掉 19 | #Restart=always 20 | PrivateTmp=false 21 | -------------------------------------------------------------------------------- /lnmp/roles/mysql_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义mysql安装中的变量 2 | MYSQL_VER: 5.7.25 3 | MYSQL_VER_MAIN: "{{ MYSQL_VER.split('.')[0] }}.{{ MYSQL_VER.split('.')[1] }}" 4 | 5 | DOWNLOAD_URL: https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-{{ MYSQL_VER_MAIN }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz 6 | MYSQL_USER: mysql 7 | MYSQL_PORT: 3306 8 | MYSQL_PASSWD: 123456789 9 | SOURCE_DIR: /software 10 | BASE_DIR: /usr/local/mysql 11 | DATA_DIR: /data/mysql 12 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | #- name: 创建software目录 8 | # file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | - name: 创建日志目录 11 | file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 12 | with_items: 13 | - "{{ DATA_DIR }}" 14 | - "{{ DATA_DIR }}/log" 15 | 16 | - name: 创建日志文件 17 | file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 18 | with_items: 19 | - "{{ DATA_DIR }}/log/access.log" 20 | - "{{ DATA_DIR }}/log/error.log" 21 | 22 | #当前主机下没有nginx包 23 | - name: 下载nginx包 24 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 25 | 26 | #当前主机file目录下已有nginx包 27 | #- name: 拷贝现有nginx包到所有主机 28 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 29 | 30 | - name: 解压nginx包 31 | unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 32 | 33 | #复制nginx服务文件 34 | - name: 拷贝nginx服务文件 35 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root 36 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译nginx 2 | - name: 编译nginx 3 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" 4 | 5 | #安装nginx 6 | - name: 安装nginx 7 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 8 | 9 | #复制nginx主配置文件 10 | - name: 拷贝nginx主配置文件 11 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} 12 | 13 | - name: 创建vhost配置文件目录 14 | file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 15 | 16 | #复制nginx vhost配置文件 17 | - name: 拷贝nginx vhost配置文件 18 | template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 19 | 20 | #复制nginx额外配置文件 21 | - name: 拷贝nginx额外配置文件 22 | template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 23 | 24 | - name: 配置环境变量 25 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 26 | 27 | - name: 启动nginx并开机启动 28 | shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx" 29 | 30 | - name: 添加php测试页index.php 31 | shell: " echo '' >> {{ NGINX_DIR }}/html/index.php" 32 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: copy.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/templates/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 2 | fastcgi_param SERVER_SOFTWARE nginx; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param REMOTE_ADDR $remote_addr; 14 | fastcgi_param REMOTE_PORT $remote_port; 15 | fastcgi_param SERVER_ADDR $server_addr; 16 | fastcgi_param SERVER_PORT $server_port; 17 | fastcgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 1; 3 | error_log {{ DATA_DIR }}/log/error.log crit; 4 | pid /run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | events { 7 | worker_connections 1024; 8 | } 9 | http { 10 | include mime.types; 11 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 12 | '$status $body_bytes_sent "$http_referer" ' 13 | '"$http_user_agent" "$http_x_forwarded_for"'; 14 | 15 | access_log {{ DATA_DIR }}/log/access.log main; 16 | 17 | server_tokens off; 18 | sendfile on; 19 | send_timeout 3m; 20 | tcp_nopush on; 21 | tcp_nodelay on; 22 | keepalive_timeout 65; 23 | types_hash_max_size 2048; 24 | 25 | client_header_timeout 3m; 26 | client_body_timeout 3m; 27 | connection_pool_size 256; 28 | client_header_buffer_size 1k; 29 | large_client_header_buffers 8 4k; 30 | request_pool_size 4k; 31 | output_buffers 4 32k; 32 | postpone_output 1460; 33 | client_max_body_size 10m; 34 | client_body_buffer_size 256k; 35 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 36 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 37 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 38 | fastcgi_intercept_errors on; 39 | 40 | gzip on; 41 | gzip_min_length 1k; 42 | gzip_buffers 4 8k; 43 | gzip_comp_level 5; 44 | gzip_http_version 1.1; 45 | gzip_types text/plain application/x-javascript text/css text/htm 46 | application/xml; 47 | 48 | default_type application/octet-stream; 49 | include {{ NGINX_DIR }}/conf/vhost/*.conf; 50 | } 51 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f /run/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/templates/server.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | location / { 5 | root {{ NGINX_DIR }}/html; 6 | index index.php index.html index.htm; 7 | } 8 | 9 | error_page 500 502 503 504 /50x.html; 10 | location = /50x.html { 11 | root html; 12 | } 13 | 14 | location ~ \.php$ { 15 | root {{ NGINX_DIR }}/html; 16 | fastcgi_pass 127.0.0.1:9000; 17 | fastcgi_index index.php; 18 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 19 | include fastcgi_params; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /lnmp/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.15.0 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | SOURCE_DIR: /software 7 | NGINX_DIR: /usr/local/nginx 8 | DATA_DIR: /data/nginx 9 | -------------------------------------------------------------------------------- /lnmp/roles/php_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建php用户组 2 | group: name={{ PHP_USER }} state=present 3 | 4 | - name: 创建php用户 5 | user: name={{ PHP_USER }} group={{ PHP_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | #- name: 创建software目录 8 | # file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | #当前主机下没有libmcrypt依赖包 11 | - name: 下载依赖包libmcrypt 12 | get_url: url=http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 13 | 14 | #当前主机file目录下已有libmcrypt依赖包 15 | #- name: 拷贝现有libmcrypt依赖包到所有主机 16 | # copy: src=libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 17 | 18 | #当前主机下没有php包 19 | - name: 下载php包 20 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 21 | 22 | #当前主机file目录下已有php包 23 | #- name: 拷贝现有php包到所有主机 24 | # copy: src=php-{{ PHP_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 25 | 26 | - name: 解压依赖包libmcrypt 27 | unarchive: src={{ SOURCE_DIR }}/libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 28 | 29 | - name: 编译安装libmcrypt 30 | shell: "cd {{ SOURCE_DIR }}/libmcrypt-2.5.8 && ./configure && make && make install" 31 | 32 | - name: 解压php包 33 | unarchive: src={{ SOURCE_DIR }}/php-{{ PHP_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 34 | -------------------------------------------------------------------------------- /lnmp/roles/php_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译php 2 | - name: 编译php 3 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && ./configure --prefix={{ PHP_DIR }} --with-config-file-path={{ PHP_DIR }}/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-mysql={{ MYSQL_DIR }} --with-mysql-sock={{ MYSQL_DIR }}/tmp/mysql.sock --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-bz2 --with-libxml-dir --with-curl --with-gd --with-openssl --with-mhash --with-xmlrpc --with-pdo-mysql --with-libmbfl --with-onig --with-pear --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-fpm --enable-mbstring --enable-pcntl --enable-sockets --enable-zip --enable-soap --enable-opcache --enable-pdo --enable-mysqlnd-compression-support --enable-maintainer-zts --enable-session --with-fpm-user={{ PHP_USER }} --with-fpm-group={{ PHP_USER }}" 4 | 5 | #安装php 6 | - name: 安装php 7 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && make -j 2 && make -j 2 install" 8 | 9 | - name: 创建php-fpm配置目录 10 | file: name={{ PHP_DIR }}/etc state=directory owner={{ PHP_USER }} group={{ PHP_USER }} mode=0755 recurse=yes 11 | 12 | - name: 修改php-fpm配置_1 13 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && cp php.ini-production {{ PHP_DIR }}/etc/php.ini" 14 | 15 | - name: 修改php-fpm配置_2 16 | lineinfile: 17 | dest: "{{ PHP_DIR }}/etc/php.ini" 18 | regexp: "post_max_size = 8M" 19 | line: "post_max_size = 16M" 20 | 21 | - name: 修改php-fpm配置_3 22 | lineinfile: 23 | dest: "{{ PHP_DIR }}/etc/php.ini" 24 | regexp: "max_execution_time = 30" 25 | line: "max_execution_time = 300" 26 | 27 | - name: 修改php-fpm配置_4 28 | lineinfile: 29 | dest: "{{ PHP_DIR }}/etc/php.ini" 30 | regexp: "max_input_time = 60" 31 | line: "max_input_time = 300" 32 | 33 | - name: 修改php-fpm配置_5 34 | lineinfile: 35 | dest: "{{ PHP_DIR }}/etc/php.ini" 36 | regexp: ";date.timezone =" 37 | line: "date.timezone = Asia/Shanghai" 38 | 39 | #复制启动配置文件 40 | - name: 拷贝启动配置文件 41 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm && chmod +x /etc/init.d/php-fpm" 42 | 43 | #复制php主配置文件 44 | - name: 拷贝php主配置文件 45 | template: src=php-fpm.conf dest={{ PHP_DIR }}/etc/php-fpm.conf owner={{ PHP_USER }} group={{ PHP_USER }} 46 | 47 | #编译安装ldap模块 48 | - name: 编译安装ldap模块 49 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }}/ext/ldap && cp -af /usr/lib64/libldap* /usr/lib/ && {{ PHP_DIR }}/bin/phpize && ./configure --with-php-config={{ PHP_DIR }}/bin/php-config && make && make install" 50 | 51 | - name: 修改php-fpm配置_6 52 | lineinfile: 53 | dest: "{{ PHP_DIR }}/etc/php.ini" 54 | regexp: ";extension=bz2" 55 | line: "aextension=ldap.so" 56 | 57 | #编译安装gettext模块 58 | - name: 编译安装gettext模块 59 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }}/ext/gettext && cp -af /usr/lib64/libldap* /usr/lib/ && {{ PHP_DIR }}/bin/phpize && ./configure --with-php-config={{ PHP_DIR }}/bin/php-config && make && make install" 60 | 61 | - name: 修改php-fpm配置_7 62 | lineinfile: 63 | dest: "{{ PHP_DIR }}/etc/php.ini" 64 | regexp: ";extension=bz2" 65 | line: "aextension=gettext.so" 66 | 67 | - name: 启动php并开机启动 68 | shell: "chkconfig --add php-fpm && chkconfig php-fpm on && /etc/init.d/php-fpm start" 69 | -------------------------------------------------------------------------------- /lnmp/roles/php_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: copy.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /lnmp/roles/php_install/templates/php-fpm.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | pid = {{ PHP_DIR }}/var/run/php-fpm.pid 3 | error_log = {{ PHP_DIR }}/var/log/php-fpm.log 4 | [www] 5 | listen = 127.0.0.1:{{ PHP_PORT }} 6 | listen.mode = 666 7 | listen.owner = nobody 8 | listen.group = nobody 9 | user = {{ PHP_USER }} 10 | group = {{ PHP_USER }} 11 | pm = dynamic 12 | pm.max_children = 50 13 | pm.start_servers = 20 14 | pm.min_spare_servers = 5 15 | pm.max_spare_servers = 35 16 | pm.max_requests = 500 17 | rlimit_files = 1024 18 | -------------------------------------------------------------------------------- /lnmp/roles/php_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义php安装中的变量 2 | PHP_VER: 7.2.6 3 | DOWNLOAD_URL: http://mirrors.sohu.com/php/php-{{ PHP_VER }}.tar.gz 4 | PHP_USER: php-fpm 5 | PHP_PORT: 9000 6 | SOURCE_DIR: /software 7 | PHP_DIR: /usr/local/php7 8 | MYSQL_DIR: /usr/local/mysql 9 | -------------------------------------------------------------------------------- /mysql/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以二进制包方式批量部署mysql 2 | -------------------------------------------------------------------------------- /mysql/mysql.yml: -------------------------------------------------------------------------------- 1 | #用于批量安装MySQL 2 | --- 3 | - hosts: dbserver 4 | remote_user: root 5 | gather_facts: True 6 | 7 | roles: 8 | - mysql_install 9 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建mysql用户组 2 | group: name={{ MYSQL_USER }} state=present 3 | 4 | - name: 创建mysql用户 5 | user: name={{ MYSQL_USER }} group={{ MYSQL_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建所需目录 8 | file: name={{ item }} state=directory mode=0755 recurse=yes 9 | with_items: 10 | - "{{ SOURCE_DIR }}" 11 | - "{{ DATA_DIR }}" 12 | 13 | - name: 更改目录属主属组 14 | file: name={{ DATA_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 15 | 16 | #当前主机下没有mysql包 17 | - name: 下载mysql包 18 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 19 | 20 | #当前主机file目录下已有mysql包 21 | #- name: 拷贝现有mysql包到所有主机 22 | # copy: src=mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 23 | 24 | - name: 解压mysql包 25 | unarchive: src={{ SOURCE_DIR }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest=/usr/local owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 26 | 27 | - name: 目录重命名 28 | shell: "mv /usr/local/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64 {{ BASE_DIR }} && chown -R {{ MYSQL_USER }}:{{ MYSQL_USER }} {{ BASE_DIR }}" 29 | 30 | #复制mysql配置文件 31 | - name: 拷贝mysql配置文件 32 | template: src=my.cnf dest=/etc/my.cnf owner=root group=root 33 | 34 | #复制mysql服务文件 35 | - name: 拷贝mysql服务文件 36 | template: src=mysqld.service dest=/usr/lib/systemd/system/mysqld.service owner=root group=root 37 | 38 | #复制更改密码脚本 39 | - name: 拷贝更改密码脚本 40 | template: src=change_passwd.sh dest={{ SOURCE_DIR }} owner=root group=root 41 | 42 | - name: 创建日志目录 43 | file: name={{ item }} state=directory owner={{ MYSQL_USER }} group={{ MYSQL_USER }} mode=0755 recurse=yes 44 | with_items: 45 | - "/var/log/mysql" 46 | - "/var/run/mysqld" 47 | - "{{ BASE_DIR }}/tmp" 48 | - "{{ BASE_DIR }}/log" 49 | 50 | - name: 创建错误日志文件 51 | file: dest={{ BASE_DIR }}/log/error.log state=touch owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 52 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #初始化安装mysql 2 | - name: mysql初始化 3 | shell: "{{ BASE_DIR }}/bin/mysqld --initialize-insecure --user={{ MYSQL_USER }} --basedir={{ BASE_DIR }} --datadir={{ DATA_DIR }}" 4 | 5 | - name: 拷贝启动脚本到/etc下 6 | copy: src={{ BASE_DIR }}/support-files/mysql.server dest=/etc/init.d/mysql 7 | 8 | - name: 修改启动脚本_1 9 | lineinfile: 10 | dest: /etc/init.d/mysql 11 | regexp: "^basedir=" 12 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 13 | line: "basedir={{ BASE_DIR }}" 14 | 15 | - name: 修改启动脚本_2 16 | lineinfile: 17 | dest: /etc/init.d/mysql 18 | regexp: "^datadir=" 19 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 20 | line: "datadir={{ DATA_DIR }}" 21 | 22 | - name: 修改启动脚本_3 23 | file: dest=/etc/init.d/mysql state=file mode=0755 24 | 25 | - name: 配置环境变量 26 | shell: " if [ `grep {{ BASE_DIR }}/bin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ BASE_DIR }}/bin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 27 | 28 | - name: 启动mysql并开机启动 29 | shell: "systemctl daemon-reload && systemctl enable mysqld && systemctl start mysqld" 30 | 31 | - name: 设置数据库root密码 32 | shell: "bash {{ SOURCE_DIR }}/change_passwd.sh" 33 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/tasks/main.yaml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | - perl-Data-Dumper 31 | - libaio-devel 32 | state: latest 33 | 34 | - name: 更新系统 35 | shell: "yum update -y" 36 | args: 37 | warn: False 38 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/templates/change_passwd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #该脚本用于更改数据库root密码 3 | 4 | passwd={{ MYSQL_PASSWD }} 5 | n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l` 6 | 7 | if [ $n -eq 0 ] 8 | then 9 | echo "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profile 10 | source /etc/profile 11 | else 12 | source /etc/profile 13 | fi 14 | 15 | {{ BASE_DIR }}/bin/mysql -uroot -D mysql -e "UPDATE user SET authentication_string=PASSWORD("$passwd") WHERE user='root';" 16 | 17 | {{ BASE_DIR }}/bin/mysql -uroot -e "FLUSH PRIVILEGES;" 18 | 19 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all privileges on *.* to root@'%' identified by '$passwd';" 20 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/templates/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = {{ MYSQL_PORT }} 3 | socket = {{ BASE_DIR }}/tmp/mysql.sock 4 | 5 | [mysql] 6 | default-character-set=utf8 7 | 8 | [mysqld] 9 | default-storage-engine=INNODB 10 | character_set_server=utf8 11 | explicit_defaults_for_timestamp 12 | basedir={{ BASE_DIR }} 13 | datadir={{ DATA_DIR }} 14 | socket={{ BASE_DIR }}/tmp/mysql.sock 15 | log_error = {{ BASE_DIR }}/log/error.log 16 | 17 | sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION 18 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/templates/mysqld.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=MySQL Server 3 | After=network.target 4 | After=syslog.target 5 | 6 | [Install] 7 | WantedBy=multi-user.target 8 | 9 | [Service] 10 | User=mysql 11 | Group=mysql 12 | ExecStart={{ BASE_DIR }}/bin/mysqld --defaults-file=/etc/my.cnf 13 | 14 | #连接数限制 15 | LimitNOFILE=65535 16 | LimitNPROC=65535 17 | 18 | #Restart配置可以在进程被kill掉之后,让systemctl产生新的进程,避免服务挂掉 19 | #Restart=always 20 | PrivateTmp=false 21 | -------------------------------------------------------------------------------- /mysql/roles/mysql_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义mysql安装中的变量 2 | MYSQL_VER: 5.7.25 3 | MYSQL_VER_MAIN: "{{ MYSQL_VER.split('.')[0] }}.{{ MYSQL_VER.split('.')[1] }}" 4 | 5 | DOWNLOAD_URL: https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-{{ MYSQL_VER_MAIN }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz 6 | MYSQL_USER: mysql 7 | MYSQL_PORT: 3306 8 | MYSQL_PASSWD: 123456789 9 | SOURCE_DIR: /software 10 | BASE_DIR: /usr/local/mysql 11 | DATA_DIR: /data/mysql 12 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,部署nginx高可用负载均衡集群 2 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/nginx+keepalived+lvs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: webserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - nginx_install 8 | - keepalived_install 9 | - lvs_install 10 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: yum安装keepalived 2 | yum: name=keepalived state=latest 3 | 4 | - name: 拷贝master配置文件 5 | template: src=keepalived_master.conf dest=/etc/keepalived/keepalived.conf mode=0644 owner=root group=root 6 | when: 7 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 8 | 9 | - name: 拷贝backup配置文件 10 | template: src=keepalived_backup.conf dest=/etc/keepalived/keepalived.conf mode=0644 owner=root group=root 11 | when: 12 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] != "{{ MASTER_IP }}" 13 | 14 | - name: 拷贝监控nginx服务脚本 15 | template: src=check_nginx.sh dest={{ SCRIPT_DIR }} mode=0755 owner=root group=root 16 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/templates/check_nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | n=`ps -C nginx --no-heading |wc -l` 3 | 4 | #如果进程为0,则启动nginx,并且再次检测nginx进程数量, 5 | #如果还为0,说明nginx无法启动,此时需要关闭keepalived 6 | 7 | if [ $n -eq "0" ]; then 8 | systemctl start nginx 9 | n2=`ps -C nginx --no-heading |wc -l` 10 | 11 | if [ $n2 -eq "0" ]; then 12 | systemctl stop keepalived 13 | fi 14 | fi 15 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/templates/keepalived_backup.conf: -------------------------------------------------------------------------------- 1 | global_defs { 2 | notification_email { 3 | lzx@lzxlinux.com 4 | } 5 | notification_email_from root@lzxlinux.com 6 | smtp_server 127.0.0.1 7 | smtp_connect_timeout 30 8 | router_id LVS_DEVEL 9 | } 10 | 11 | vrrp_script {{ VRRP_SCRIPT }} { 12 | script "{{ SCRIPT_DIR }}/check_nginx.sh" 13 | interval 3 14 | } 15 | 16 | vrrp_instance VI_1 { 17 | state BACKUP 18 | interface {{ INF }} 19 | virtual_router_id 51 20 | priority 90 21 | advert_int 1 22 | authentication { 23 | auth_type PASS 24 | auth_pass {{ PASSWORD }} 25 | } 26 | virtual_ipaddress { 27 | {{ VIP_IP }} 28 | } 29 | 30 | track_script { 31 | {{ VRRP_SCRIPT }} 32 | } 33 | } 34 | 35 | virtual_server {{ VIP_IP }} {{ NGINX_PORT }} { 36 | lb_kind DR 37 | persistence_timeout 60 38 | protocol TCP 39 | 40 | real_server {{ MASTER_IP }} {{ NGINX_PORT }} { 41 | weight 100 42 | TCP_CHECK { 43 | connect_timeout 10 44 | nb_get_retry 3 45 | delay_before_retry 3 46 | connect_port {{ NGINX_PORT }} 47 | } 48 | } 49 | 50 | real_server {{ BACKUP1_IP }} {{ NGINX_PORT }} { 51 | weight 100 52 | TCP_CHECK { 53 | connect_timeout 10 54 | nb_get_retry 3 55 | delay_before_retry 3 56 | connect_port {{ NGINX_PORT }} 57 | } 58 | } 59 | 60 | real_server {{ BACKUP2_IP }} {{ NGINX_PORT }} { 61 | weight 100 62 | TCP_CHECK { 63 | connect_timeout 10 64 | nb_get_retry 3 65 | delay_before_retry 3 66 | connect_port {{ NGINX_PORT }} 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/templates/keepalived_master.conf: -------------------------------------------------------------------------------- 1 | global_defs { 2 | notification_email { 3 | lzx@lzxlinux.com 4 | } 5 | notification_email_from root@lzxlinux.com 6 | smtp_server 127.0.0.1 7 | smtp_connect_timeout 30 8 | router_id LVS_DEVEL 9 | } 10 | 11 | vrrp_script {{ VRRP_SCRIPT }} { 12 | script "{{ SCRIPT_DIR }}/check_nginx.sh" 13 | interval 3 14 | } 15 | 16 | vrrp_instance VI_1 { 17 | state MASTER 18 | interface {{ INF }} 19 | virtual_router_id 51 20 | priority 100 21 | advert_int 1 22 | authentication { 23 | auth_type PASS 24 | auth_pass {{ PASSWORD }} 25 | } 26 | virtual_ipaddress { 27 | {{ VIP_IP }} 28 | } 29 | 30 | track_script { 31 | {{ VRRP_SCRIPT }} 32 | } 33 | } 34 | 35 | virtual_server {{ VIP_IP }} {{ NGINX_PORT }} { 36 | lb_kind DR 37 | persistence_timeout 60 38 | protocol TCP 39 | 40 | real_server {{ MASTER_IP }} {{ NGINX_PORT }} { 41 | weight 100 42 | TCP_CHECK { 43 | connect_timeout 10 44 | nb_get_retry 3 45 | delay_before_retry 3 46 | connect_port {{ NGINX_PORT }} 47 | } 48 | } 49 | real_server {{ BACKUP1_IP }} {{ NGINX_PORT }} { 50 | weight 100 51 | TCP_CHECK { 52 | connect_timeout 10 53 | nb_get_retry 3 54 | delay_before_retry 3 55 | connect_port {{ NGINX_PORT }} 56 | } 57 | } 58 | real_server {{ BACKUP2_IP }} {{ NGINX_PORT }} { 59 | weight 100 60 | TCP_CHECK { 61 | connect_timeout 10 62 | nb_get_retry 3 63 | delay_before_retry 3 64 | connect_port {{ NGINX_PORT }} 65 | } 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/keepalived_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | INF: ens33 3 | NGINX_PORT: 80 4 | MASTER_IP: 192.168.30.128 5 | BACKUP1_IP: 192.168.30.129 6 | BACKUP2_IP: 192.168.30.130 7 | VIP_IP: 192.168.30.100 8 | VRRP_SCRIPT: check_nginx 9 | SCRIPT_DIR: /usr/local/sbin/ 10 | PASSWORD: 123456 11 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/lvs_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: yum安装ipvsadm 2 | yum: name=ipvsadm state=latest 3 | when: 4 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 5 | 6 | - name: 拷贝lvs dir配置脚本 7 | template: src=lvs_dr_dir.sh dest={{ SCRIPT_DIR }} mode=0755 owner=root group=root 8 | when: 9 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 10 | 11 | - name: 拷贝lvs rs配置脚本 12 | template: src=lvs_dr_rs.sh dest={{ SCRIPT_DIR }} mode=0755 owner=root group=root 13 | 14 | - name: 清空ipvsadm规则 15 | shell: "ipvsadm -C && systemctl restart network" 16 | when: 17 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 18 | 19 | - name: dir执行配置脚本 20 | shell: "bash {{ SCRIPT_DIR }}/lvs_dr_dir.sh" 21 | when: 22 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 23 | 24 | - name: rs执行配置脚本 25 | shell: "bash {{ SCRIPT_DIR }}/lvs_dr_rs.sh" 26 | 27 | - name: 启动keepalived服务 28 | service: name=keepalived state=started enabled=yes 29 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/lvs_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/lvs_install/templates/lvs_dr_dir.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | echo 1 > /proc/sys/net/ipv4/ip_forward 3 | 4 | ipv=/usr/sbin/ipvsadm 5 | vip={{ VIP_IP}} 6 | rs1={{ MASTER_IP }} 7 | rs2={{ BACKUP1_IP }} 8 | rs3={{ BACKUP2_IP }} 9 | 10 | ifdown {{ INF }} 11 | ifup {{ INF }} 12 | ifconfig {{ INF }}:1 $vip broadcast $vip netmask 255.255.255.255 up 13 | route add -host $vip dev {{ INF }}:1 14 | 15 | $ipv -C 16 | $ipv -A -t $vip:{{ NGINX_PORT }} -s {{ SA }} 17 | $ipv -a -t $vip:{{ NGINX_PORT }} -r $rs1:{{ NGINX_PORT }} -g -w 1 18 | $ipv -a -t $vip:{{ NGINX_PORT }} -r $rs2:{{ NGINX_PORT }} -g -w 1 19 | $ipv -a -t $vip:{{ NGINX_PORT }} -r $rs3:{{ NGINX_PORT }} -g -w 1 20 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/lvs_install/templates/lvs_dr_rs.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | vip={{ VIP_IP}} 3 | 4 | #把vip绑定在lo上,实现real_server直接把结果返回给客户端 5 | ifdown lo 6 | ifup lo 7 | ifconfig lo:0 $vip broadcast $vip netmask 255.255.255.255 up 8 | route add -host $vip lo:0 9 | 10 | #更改arp内核参数,让real_server顺利发送mac地址给客户端 11 | 12 | echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore 13 | echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce 14 | echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore 15 | echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce 16 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/lvs_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义lvs安装中的变量 2 | INF: ens33 3 | NGINX_PORT: 80 4 | MASTER_IP: 192.168.30.128 5 | BACKUP1_IP: 192.168.30.129 6 | BACKUP2_IP: 192.168.30.130 7 | VIP_IP: 192.168.30.100 8 | SCRIPT_DIR: /usr/local/sbin 9 | SA: wrr #调度算法 10 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | - name: 创建日志目录 11 | file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 12 | with_items: 13 | - "{{ DATA_DIR }}" 14 | - "{{ DATA_DIR }}/log" 15 | 16 | - name: 创建日志文件 17 | file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 18 | with_items: 19 | - "{{ DATA_DIR }}/log/access.log" 20 | - "{{ DATA_DIR }}/log/error.log" 21 | 22 | #当前主机下没有nginx包 23 | - name: 下载nginx包 24 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 25 | 26 | #当前主机file目录下已有nginx包 27 | #- name: 拷贝现有nginx包到所有主机 28 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 29 | 30 | - name: 解压nginx包 31 | unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 32 | 33 | #复制nginx服务文件 34 | - name: 拷贝nginx服务文件 35 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root 36 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译nginx 2 | - name: 编译nginx 3 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" 4 | 5 | #安装nginx 6 | - name: 安装nginx 7 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 8 | 9 | #复制nginx主配置文件 10 | - name: 拷贝nginx主配置文件 11 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} 12 | 13 | - name: 创建vhost配置文件目录 14 | file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 15 | 16 | #复制nginx vhost配置文件 17 | - name: 拷贝nginx vhost配置文件 18 | template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 19 | 20 | #复制nginx额外配置文件 21 | - name: 拷贝nginx额外配置文件 22 | template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 23 | 24 | - name: 配置环境变量 25 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 26 | 27 | - name: 启动nginx并开机启动 28 | shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx" 29 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - gcc-c++ 29 | - unzip 30 | - git 31 | - autoconf 32 | - cmake 33 | - openssl 34 | - openssl-devel 35 | - pcre 36 | - pcre-devel 37 | - zlib 38 | - zlib-devel 39 | - gd-devel 40 | - libxml2-devel 41 | state: latest 42 | 43 | - name: 更新系统 44 | shell: "yum update -y" 45 | args: 46 | warn: False 47 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/templates/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 2 | fastcgi_param SERVER_SOFTWARE nginx; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param REMOTE_ADDR $remote_addr; 14 | fastcgi_param REMOTE_PORT $remote_port; 15 | fastcgi_param SERVER_ADDR $server_addr; 16 | fastcgi_param SERVER_PORT $server_port; 17 | fastcgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 4; 3 | error_log {{ DATA_DIR }}/log/error.log crit; 4 | pid /run/nginx.pid; 5 | worker_rlimit_nofile 65535; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 1024; 10 | } 11 | 12 | http { 13 | include mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log {{ DATA_DIR }}/log/access.log main; 21 | 22 | server_tokens off; 23 | sendfile on; 24 | send_timeout 3m; 25 | tcp_nopush on; 26 | tcp_nodelay on; 27 | keepalive_timeout 65; 28 | types_hash_max_size 2048; 29 | 30 | client_header_timeout 3m; 31 | client_body_timeout 3m; 32 | connection_pool_size 256; 33 | client_header_buffer_size 4k; 34 | large_client_header_buffers 8 4k; 35 | request_pool_size 4k; 36 | output_buffers 4 32k; 37 | postpone_output 1460; 38 | client_max_body_size 10m; 39 | client_body_buffer_size 256k; 40 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 41 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 42 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 43 | fastcgi_intercept_errors on; 44 | 45 | gzip on; 46 | gzip_min_length 2k; 47 | gzip_buffers 4 32k; 48 | gzip_comp_level 5; 49 | gzip_http_version 1.1; 50 | gzip_types text/plain application/x-javascript text/css text/htm 51 | application/xml; 52 | 53 | include {{ NGINX_DIR }}/conf/vhost/*.conf; 54 | } 55 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f /run/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/templates/server.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | location / { 5 | root {{ NGINX_DIR }}/html; 6 | index index.php index.html index.htm; 7 | } 8 | 9 | error_page 500 502 503 504 /50x.html; 10 | location = /50x.html { 11 | root html; 12 | } 13 | 14 | location ~ \.php$ { 15 | root {{ NGINX_DIR }}/html; 16 | fastcgi_pass 127.0.0.1:9000; 17 | fastcgi_index index.php; 18 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 19 | include fastcgi_params; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /nginx+keepalived+lvs/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.15.0 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | SOURCE_DIR: /software 7 | NGINX_DIR: /usr/local/nginx 8 | DATA_DIR: /data/nginx 9 | -------------------------------------------------------------------------------- /nginx+keepalived/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,部署nginx高可用集群 2 | -------------------------------------------------------------------------------- /nginx+keepalived/nginx+keepalived.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: webserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - nginx_install 8 | - keepalived_install 9 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: yum安装keepalived 2 | yum: name=keepalived state=latest 3 | 4 | - name: 拷贝master配置文件 5 | template: src=keepalived_master.conf dest=/etc/keepalived/keepalived.conf mode=0644 owner=root group=root 6 | when: 7 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] == "{{ MASTER_IP }}" 8 | 9 | - name: 拷贝backup配置文件 10 | template: src=keepalived_backup.conf dest=/etc/keepalived/keepalived.conf mode=0644 owner=root group=root 11 | when: 12 | - hostvars[inventory_hostname]['ansible_default_ipv4']['address'] != "{{ MASTER_IP }}" 13 | 14 | - name: 拷贝监控nginx服务脚本 15 | template: src=check_nginx.sh dest={{ SCRIPT_DIR }} mode=0755 owner=root group=root 16 | 17 | - name: 启动keepalived服务 18 | service: name=keepalived state=started enabled=yes 19 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/templates/check_nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | n=`ps -C nginx --no-heading |wc -l` 3 | 4 | #如果进程为0,则启动nginx,并且再次检测nginx进程数量, 5 | #如果还为0,说明nginx无法启动,此时需要关闭keepalived 6 | 7 | if [ $n -eq "0" ]; then 8 | systemctl start nginx 9 | n2=`ps -C nginx --no-heading |wc -l` 10 | 11 | if [ $n2 -eq "0" ]; then 12 | systemctl stop keepalived 13 | fi 14 | fi 15 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/templates/keepalived_backup.conf: -------------------------------------------------------------------------------- 1 | global_defs { 2 | notification_email { 3 | lzx@lzxlinux.com 4 | } 5 | notification_email_from root@lzxlinux.com 6 | smtp_server 127.0.0.1 7 | smtp_connect_timeout 30 8 | router_id LVS_DEVEL 9 | } 10 | 11 | vrrp_script {{ VRRP_SCRIPT }} { 12 | script "{{ SCRIPT_DIR }}/check_nginx.sh" 13 | interval 3 14 | } 15 | 16 | vrrp_instance VI_1 { 17 | state BACKUP 18 | interface {{ INF }} 19 | virtual_router_id 51 20 | priority 90 21 | advert_int 1 22 | authentication { 23 | auth_type PASS 24 | auth_pass {{ PASSWORD }} 25 | } 26 | virtual_ipaddress { 27 | {{ VIP_IP }} 28 | } 29 | 30 | track_script { 31 | {{ VRRP_SCRIPT }} 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/templates/keepalived_master.conf: -------------------------------------------------------------------------------- 1 | global_defs { 2 | notification_email { 3 | lzx@lzxlinux.com 4 | } 5 | notification_email_from root@lzxlinux.com 6 | smtp_server 127.0.0.1 7 | smtp_connect_timeout 30 8 | router_id LVS_DEVEL 9 | } 10 | 11 | vrrp_script {{ VRRP_SCRIPT }} { 12 | script "{{ SCRIPT_DIR }}/check_nginx.sh" 13 | interval 3 14 | } 15 | 16 | vrrp_instance VI_1 { 17 | state MASTER 18 | interface {{ INF }} 19 | virtual_router_id 51 20 | priority 100 21 | advert_int 1 22 | authentication { 23 | auth_type PASS 24 | auth_pass {{ PASSWORD }} 25 | } 26 | virtual_ipaddress { 27 | {{ VIP_IP }} 28 | } 29 | 30 | track_script { 31 | {{ VRRP_SCRIPT }} 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/keepalived_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | SOURCE_DIR: /software 2 | INF: ens33 3 | MASTER_IP: 192.168.30.128 4 | VIP_IP: 192.168.30.100 5 | VRRP_SCRIPT: check_nginx 6 | SCRIPT_DIR: /usr/local/sbin/ 7 | PASSWORD: 123456 8 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | - name: 创建日志目录 11 | file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 12 | with_items: 13 | - "{{ DATA_DIR }}" 14 | - "{{ DATA_DIR }}/log" 15 | 16 | - name: 创建日志文件 17 | file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 18 | with_items: 19 | - "{{ DATA_DIR }}/log/access.log" 20 | - "{{ DATA_DIR }}/log/error.log" 21 | 22 | #当前主机下没有nginx包 23 | - name: 下载nginx包 24 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 25 | 26 | #当前主机file目录下已有nginx包 27 | #- name: 拷贝现有nginx包到所有主机 28 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 29 | 30 | - name: 解压nginx包 31 | unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 32 | 33 | #复制nginx服务文件 34 | - name: 拷贝nginx服务文件 35 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root 36 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译nginx 2 | - name: 编译nginx 3 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" 4 | 5 | #安装nginx 6 | - name: 安装nginx 7 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 8 | 9 | #复制nginx主配置文件 10 | - name: 拷贝nginx主配置文件 11 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} 12 | 13 | - name: 创建vhost配置文件目录 14 | file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 15 | 16 | #复制nginx vhost配置文件 17 | - name: 拷贝nginx vhost配置文件 18 | template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 19 | 20 | #复制nginx额外配置文件 21 | - name: 拷贝nginx额外配置文件 22 | template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 23 | 24 | - name: 配置环境变量 25 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 26 | 27 | - name: 启动nginx并开机启动 28 | shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx" 29 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - gcc-c++ 29 | - unzip 30 | - git 31 | - autoconf 32 | - cmake 33 | - openssl 34 | - openssl-devel 35 | - pcre 36 | - pcre-devel 37 | - zlib 38 | - zlib-devel 39 | - gd-devel 40 | - libxml2-devel 41 | state: latest 42 | 43 | - name: 更新系统 44 | shell: "yum update -y" 45 | args: 46 | warn: False 47 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/templates/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 2 | fastcgi_param SERVER_SOFTWARE nginx; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param REMOTE_ADDR $remote_addr; 14 | fastcgi_param REMOTE_PORT $remote_port; 15 | fastcgi_param SERVER_ADDR $server_addr; 16 | fastcgi_param SERVER_PORT $server_port; 17 | fastcgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 4; 3 | error_log {{ DATA_DIR }}/log/error.log crit; 4 | pid /run/nginx.pid; 5 | worker_rlimit_nofile 65535; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 1024; 10 | } 11 | 12 | http { 13 | include mime.types; 14 | default_type application/octet-stream; 15 | 16 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 17 | '$status $body_bytes_sent "$http_referer" ' 18 | '"$http_user_agent" "$http_x_forwarded_for"'; 19 | 20 | access_log {{ DATA_DIR }}/log/access.log main; 21 | 22 | server_tokens off; 23 | sendfile on; 24 | send_timeout 3m; 25 | tcp_nopush on; 26 | tcp_nodelay on; 27 | keepalive_timeout 65; 28 | types_hash_max_size 2048; 29 | 30 | client_header_timeout 3m; 31 | client_body_timeout 3m; 32 | connection_pool_size 256; 33 | client_header_buffer_size 4k; 34 | large_client_header_buffers 8 4k; 35 | request_pool_size 4k; 36 | output_buffers 4 32k; 37 | postpone_output 1460; 38 | client_max_body_size 10m; 39 | client_body_buffer_size 256k; 40 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 41 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 42 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 43 | fastcgi_intercept_errors on; 44 | 45 | gzip on; 46 | gzip_min_length 2k; 47 | gzip_buffers 4 32k; 48 | gzip_comp_level 5; 49 | gzip_http_version 1.1; 50 | gzip_types text/plain application/x-javascript text/css text/htm 51 | application/xml; 52 | 53 | include {{ NGINX_DIR }}/conf/vhost/*.conf; 54 | } 55 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f /run/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/templates/server.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | location / { 5 | root {{ NGINX_DIR }}/html; 6 | index index.php index.html index.htm; 7 | } 8 | 9 | error_page 500 502 503 504 /50x.html; 10 | location = /50x.html { 11 | root html; 12 | } 13 | 14 | location ~ \.php$ { 15 | root {{ NGINX_DIR }}/html; 16 | fastcgi_pass 127.0.0.1:9000; 17 | fastcgi_index index.php; 18 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 19 | include fastcgi_params; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /nginx+keepalived/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.15.0 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | SOURCE_DIR: /software 7 | NGINX_DIR: /usr/local/nginx 8 | DATA_DIR: /data/nginx 9 | -------------------------------------------------------------------------------- /nginx/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以源码编译方式部署nginx 2 | -------------------------------------------------------------------------------- /nginx/nginx.yml: -------------------------------------------------------------------------------- 1 | #用于批量安装Nginx 2 | - hosts: webserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - nginx_install 8 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | - name: 创建日志目录 11 | file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 12 | with_items: 13 | - "{{ DATA_DIR }}" 14 | - "{{ DATA_DIR }}/log" 15 | 16 | - name: 创建日志文件 17 | file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 18 | with_items: 19 | - "{{ DATA_DIR }}/log/access.log" 20 | - "{{ DATA_DIR }}/log/error.log" 21 | 22 | #当前主机下没有nginx包 23 | - name: 下载nginx包 24 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 25 | 26 | #当前主机file目录下已有nginx包 27 | #- name: 拷贝现有nginx包到所有主机 28 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 29 | 30 | - name: 解压nginx包 31 | unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 32 | 33 | #复制nginx服务文件 34 | - name: 拷贝nginx服务文件 35 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root 36 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译nginx 2 | - name: 编译nginx 3 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" 4 | 5 | #安装nginx 6 | - name: 安装nginx 7 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 8 | 9 | #复制nginx主配置文件 10 | - name: 拷贝nginx主配置文件 11 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} 12 | 13 | - name: 创建vhost配置文件目录 14 | file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 15 | 16 | #复制nginx vhost配置文件 17 | - name: 拷贝nginx vhost配置文件 18 | template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 19 | 20 | #复制nginx额外配置文件 21 | - name: 拷贝nginx额外配置文件 22 | template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 23 | 24 | - name: 配置环境变量 25 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 26 | 27 | - name: 启动nginx并开机启动 28 | shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx" 29 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - gcc-c++ 29 | - unzip 30 | - git 31 | - autoconf 32 | - cmake 33 | - openssl 34 | - openssl-devel 35 | - pcre 36 | - pcre-devel 37 | - zlib 38 | - zlib-devel 39 | - gd-devel 40 | - libxml2-devel 41 | state: latest 42 | 43 | - name: 更新系统 44 | shell: "yum update -y" 45 | args: 46 | warn: False 47 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/templates/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 2 | fastcgi_param SERVER_SOFTWARE nginx; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param REMOTE_ADDR $remote_addr; 14 | fastcgi_param REMOTE_PORT $remote_port; 15 | fastcgi_param SERVER_ADDR $server_addr; 16 | fastcgi_param SERVER_PORT $server_port; 17 | fastcgi_param SERVER_NAME $server_name; 18 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 1; 3 | error_log {{ DATA_DIR }}/log/error.log crit; 4 | pid /run/nginx.pid; 5 | worker_rlimit_nofile 51200; 6 | 7 | events { 8 | use epoll; 9 | worker_connections 1024; 10 | } 11 | 12 | http { 13 | include mime.types; 14 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 15 | '$status $body_bytes_sent "$http_referer" ' 16 | '"$http_user_agent" "$http_x_forwarded_for"'; 17 | 18 | access_log {{ DATA_DIR }}/log/access.log main; 19 | 20 | server_tokens off; 21 | sendfile on; 22 | send_timeout 3m; 23 | tcp_nopush on; 24 | tcp_nodelay on; 25 | keepalive_timeout 65; 26 | types_hash_max_size 2048; 27 | 28 | client_header_timeout 3m; 29 | client_body_timeout 3m; 30 | connection_pool_size 256; 31 | client_header_buffer_size 1k; 32 | large_client_header_buffers 8 4k; 33 | request_pool_size 4k; 34 | output_buffers 4 32k; 35 | postpone_output 1460; 36 | client_max_body_size 10m; 37 | client_body_buffer_size 256k; 38 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 39 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 40 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 41 | fastcgi_intercept_errors on; 42 | 43 | gzip on; 44 | gzip_min_length 1k; 45 | gzip_buffers 4 8k; 46 | gzip_comp_level 5; 47 | gzip_http_version 1.1; 48 | gzip_types text/plain application/x-javascript text/css text/htm 49 | application/xml; 50 | 51 | default_type application/octet-stream; 52 | include {{ NGINX_DIR }}/conf/vhost/*.conf; 53 | } 54 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f /run/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/templates/server.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name localhost; 4 | location / { 5 | root {{ NGINX_DIR }}/html; 6 | index index.php index.html index.htm; 7 | } 8 | 9 | error_page 500 502 503 504 /50x.html; 10 | location = /50x.html { 11 | root html; 12 | } 13 | 14 | location ~ \.php$ { 15 | root {{ NGINX_DIR }}/html; 16 | fastcgi_pass 127.0.0.1:9000; 17 | fastcgi_index index.php; 18 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 19 | include fastcgi_params; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /nginx/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.15.0 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | SOURCE_DIR: /software 7 | NGINX_DIR: /usr/local/nginx 8 | DATA_DIR: /data/nginx 9 | -------------------------------------------------------------------------------- /php/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以源码编译方式部署php 2 | -------------------------------------------------------------------------------- /php/php.yml: -------------------------------------------------------------------------------- 1 | #用于批量安装PHP 2 | - hosts: webserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - php_install 8 | -------------------------------------------------------------------------------- /php/roles/php_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建php用户组 2 | group: name={{ PHP_USER }} state=present 3 | 4 | - name: 创建php用户 5 | user: name={{ PHP_USER }} group={{ PHP_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建software目录 8 | file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | #当前主机下没有libmcrypt依赖包 11 | - name: 下载依赖包libmcrypt 12 | get_url: url=http://nchc.dl.sourceforge.net/project/mcrypt/Libmcrypt/2.5.8/libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 13 | 14 | #当前主机file目录下已有libmcrypt依赖包 15 | #- name: 拷贝现有libmcrypt依赖包到所有主机 16 | # copy: src=libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 17 | 18 | #当前主机下没有php包 19 | - name: 下载php包 20 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 21 | 22 | #当前主机file目录下已有php包 23 | #- name: 拷贝现有php包到所有主机 24 | # copy: src=php-{{ PHP_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 25 | 26 | - name: 解压依赖包libmcrypt 27 | unarchive: src={{ SOURCE_DIR }}/libmcrypt-2.5.8.tar.gz dest={{ SOURCE_DIR }} 28 | 29 | - name: 编译安装libmcrypt 30 | shell: "cd {{ SOURCE_DIR }}/libmcrypt-2.5.8 && ./configure && make && make install" 31 | 32 | - name: 解压php包 33 | unarchive: src={{ SOURCE_DIR }}/php-{{ PHP_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ PHP_USER }} group={{ PHP_USER }} 34 | -------------------------------------------------------------------------------- /php/roles/php_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译php 2 | - name: 编译php 3 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && ./configure --prefix={{ PHP_DIR }} --with-config-file-path={{ PHP_DIR }}/etc --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-mysql={{ MYSQL_DIR }} --with-mysql-sock={{ MYSQL_DIR }}/tmp/mysql.sock --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-bz2 --with-libxml-dir --with-curl --with-gd --with-openssl --with-mhash --with-xmlrpc --with-pdo-mysql --with-libmbfl --with-onig --with-pear --enable-xml --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --enable-fpm --enable-mbstring --enable-pcntl --enable-sockets --enable-zip --enable-soap --enable-opcache --enable-pdo --enable-mysqlnd-compression-support --enable-maintainer-zts --enable-session --with-fpm-user={{ PHP_USER }} --with-fpm-group={{ PHP_USER }}" 4 | 5 | #安装php 6 | - name: 安装php 7 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && make -j 2 && make -j 2 install" 8 | 9 | - name: 创建php-fpm配置目录 10 | file: name={{ PHP_DIR }}/etc state=directory owner={{ PHP_USER }} group={{ PHP_USER }} mode=0755 recurse=yes 11 | 12 | - name: 修改php-fpm配置_1 13 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && cp php.ini-production {{ PHP_DIR }}/etc/php.ini" 14 | 15 | - name: 修改php-fpm配置_2 16 | lineinfile: 17 | dest: "{{ PHP_DIR }}/etc/php.ini" 18 | regexp: "post_max_size = 8M" 19 | line: "post_max_size = 16M" 20 | 21 | - name: 修改php-fpm配置_3 22 | lineinfile: 23 | dest: "{{ PHP_DIR }}/etc/php.ini" 24 | regexp: "max_execution_time = 30" 25 | line: "max_execution_time = 300" 26 | 27 | - name: 修改php-fpm配置_4 28 | lineinfile: 29 | dest: "{{ PHP_DIR }}/etc/php.ini" 30 | regexp: "max_input_time = 60" 31 | line: "max_input_time = 300" 32 | 33 | - name: 修改php-fpm配置_5 34 | lineinfile: 35 | dest: "{{ PHP_DIR }}/etc/php.ini" 36 | regexp: ";date.timezone =" 37 | line: "date.timezone = Asia/Shanghai" 38 | 39 | #复制启动配置文件 40 | - name: 拷贝启动配置文件 41 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }} && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm && chmod +x /etc/init.d/php-fpm" 42 | 43 | #复制php主配置文件 44 | - name: 拷贝php主配置文件 45 | template: src=php-fpm.conf dest={{ PHP_DIR }}/etc/php-fpm.conf owner={{ PHP_USER }} group={{ PHP_USER }} 46 | 47 | #编译安装ldap模块 48 | - name: 编译安装ldap模块 49 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }}/ext/ldap && cp -af /usr/lib64/libldap* /usr/lib/ && {{ PHP_DIR }}/bin/phpize && ./configure --with-php-config={{ PHP_DIR }}/bin/php-config && make && make install" 50 | 51 | - name: 修改php-fpm配置_6 52 | lineinfile: 53 | dest: "{{ PHP_DIR }}/etc/php.ini" 54 | regexp: ";extension=bz2" 55 | line: "aextension=ldap.so" 56 | 57 | #编译安装gettext模块 58 | - name: 编译安装gettext模块 59 | shell: "cd {{ SOURCE_DIR }}/php-{{ PHP_VER }}/ext/gettext && cp -af /usr/lib64/libldap* /usr/lib/ && {{ PHP_DIR }}/bin/phpize && ./configure --with-php-config={{ PHP_DIR }}/bin/php-config && make && make install" 60 | 61 | - name: 修改php-fpm配置_7 62 | lineinfile: 63 | dest: "{{ PHP_DIR }}/etc/php.ini" 64 | regexp: ";extension=bz2" 65 | line: "aextension=gettext.so" 66 | 67 | - name: 启动php并开机启动 68 | shell: "chkconfig --add php-fpm && chkconfig php-fpm on && /etc/init.d/php-fpm start" 69 | -------------------------------------------------------------------------------- /php/roles/php_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /php/roles/php_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - gcc-c++ 29 | - unzip 30 | - git 31 | - autoconf 32 | - cmake 33 | - openssl 34 | - openssl-devel 35 | - pcre 36 | - pcre-devel 37 | - zlib 38 | - zlib-devel 39 | - gd-devel 40 | - libxml2-devel 41 | - bzip2-devel 42 | - gnutls-devel 43 | - ncurses-devel 44 | - bison 45 | - bison-devel 46 | - openldap 47 | - openldap-devel 48 | - libcurl-devel 49 | - libevent 50 | - libevent-devel 51 | - expat-devel 52 | - numactl 53 | state: latest 54 | 55 | - name: 更新系统 56 | shell: "yum update -y" 57 | args: 58 | warn: False 59 | -------------------------------------------------------------------------------- /php/roles/php_install/templates/php-fpm.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | pid = {{ PHP_DIR }}/var/run/php-fpm.pid 3 | error_log = {{ PHP_DIR }}/var/log/php-fpm.log 4 | [www] 5 | listen = 127.0.0.1:{{ PHP_PORT }} 6 | listen.mode = 666 7 | listen.owner = nobody 8 | listen.group = nobody 9 | user = {{ PHP_USER }} 10 | group = {{ PHP_USER }} 11 | pm = dynamic 12 | pm.max_children = 50 13 | pm.start_servers = 20 14 | pm.min_spare_servers = 5 15 | pm.max_spare_servers = 35 16 | pm.max_requests = 500 17 | rlimit_files = 1024 18 | -------------------------------------------------------------------------------- /php/roles/php_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义php安装中的变量 2 | PHP_VER: 7.2.6 3 | DOWNLOAD_URL: http://mirrors.sohu.com/php/php-{{ PHP_VER }}.tar.gz 4 | PHP_USER: php-fpm 5 | PHP_PORT: 9000 6 | SOURCE_DIR: /software 7 | PHP_DIR: /usr/local/php7 8 | MYSQL_DIR: /usr/local/mysql 9 | -------------------------------------------------------------------------------- /swarm/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,部署Docker Swarm集群 2 | -------------------------------------------------------------------------------- /swarm/roles/docker_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name=/software state=directory 3 | 4 | - name: 更改hostname 5 | raw: "echo {{ hostname }} > /etc/hostname" 6 | 7 | - name: 更改生效 8 | shell: "hostname {{ hostname }}" 9 | 10 | - name: 下载repo文件 11 | shell: "if [ ! -f /etc/yum.repos.d/docker.repo ]; then curl http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo -o /etc/yum.repos.d/docker.repo; fi" 12 | 13 | - name: 生成缓存 14 | shell: "yum makecache fast" 15 | args: 16 | warn: False 17 | 18 | - name: 安装docker-ce 19 | yum: 20 | name: docker-ce 21 | state: present 22 | 23 | - name: 启动docker并开机启动 24 | service: 25 | name: docker 26 | state: started 27 | enabled: yes 28 | 29 | - name: 下载docker-compose 30 | shell: "if [ ! -f /usr/local/bin/docker-compose ]; then curl -L https://github.com/docker/compose/releases/download/{{ COMPOSE_VER }}/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose; fi" 31 | 32 | - name: 给予执行权限 33 | file: name=/usr/local/bin/docker-compose mode=0755 34 | 35 | - name: 提高docker pull速度 36 | shell: "curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io" 37 | args: 38 | warn: False 39 | 40 | - name: 重启docker 41 | service: 42 | name: docker 43 | state: restarted 44 | -------------------------------------------------------------------------------- /swarm/roles/docker_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、install模块 2 | - include: prepare.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /swarm/roles/docker_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | ignore_errors: yes 35 | args: 36 | warn: False 37 | -------------------------------------------------------------------------------- /swarm/roles/docker_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义docker安装中的变量 2 | COMPOSE_VER: 1.24.1 3 | -------------------------------------------------------------------------------- /swarm/roles/init_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: manager离开集群 2 | shell: "docker swarm leave -f" 3 | ignore_errors: yes 4 | 5 | - name: 初始化swarm集群 6 | shell: "docker swarm init --advertise-addr {{ ansible_ssh_host }}" 7 | 8 | - name: 获取manager的token 9 | shell: "echo `docker swarm join-token manager |grep docker` > /software/manager.sh" 10 | 11 | - name: 获取worker的token 12 | shell: "echo `docker swarm join-token worker |grep docker` > /software/worker.sh" 13 | 14 | - name: 获取所有ip 15 | shell: "echo `ansible all -m setup -a 'filter='ansible_default_ipv4'' |grep 'address' |grep -v 'macaddress' |awk -F '\"' '{print $4}'` > /software/hosts.txt" 16 | 17 | - name: 拷贝manager.sh 18 | shell: "ansible all -m copy -a 'src=/software/manager.sh dest=/software mode=0755'" 19 | args: 20 | warn: False 21 | 22 | - name: 拷贝worker.sh 23 | shell: "ansible all -m copy -a 'src=/software/worker.sh dest=/software mode=0755'" 24 | args: 25 | warn: False 26 | 27 | - name: 拷贝hosts.txt 28 | shell: "ansible all -m copy -a 'src=/software/hosts.txt dest=/software'" 29 | args: 30 | warn: False 31 | -------------------------------------------------------------------------------- /swarm/roles/init_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /swarm/roles/manager_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: manager离开集群 2 | shell: "docker swarm leave -f" 3 | ignore_errors: yes 4 | 5 | - name: 集群增加manager 6 | script: /software/manager.sh 7 | -------------------------------------------------------------------------------- /swarm/roles/manager_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /swarm/roles/scope_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 下载scope 2 | shell: "if [ ! -f /usr/local/bin/scope ]; then curl -L git.io/scope -o /usr/local/bin/scope; fi" 3 | 4 | - name: 给予执行权限 5 | file: name=/usr/local/bin/scope mode=0755 6 | 7 | - name: 停止scope容器 8 | shell: "docker stop weavescope && docker rm weavescope" 9 | ignore_errors: yes 10 | 11 | - name: 启动scope容器 12 | shell: "hosts=`cat /software/hosts.txt`; scope launch $hosts" 13 | register: scope_url 14 | 15 | - debug: msg="{{ scope_url.stdout }}" 16 | -------------------------------------------------------------------------------- /swarm/roles/scope_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /swarm/roles/worker_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: worker离开集群 2 | shell: "docker swarm leave -f" 3 | ignore_errors: yes 4 | 5 | - name: 集群增加worker 6 | script: /software/worker.sh 7 | -------------------------------------------------------------------------------- /swarm/roles/worker_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /swarm/swarm.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - docker_install 8 | 9 | - hosts: manager 10 | remote_user: root 11 | gather_facts: True 12 | 13 | roles: 14 | - init_install 15 | 16 | - hosts: add_manager 17 | remote_user: root 18 | gather_facts: True 19 | 20 | roles: 21 | - manager_install 22 | 23 | - hosts: add_worker 24 | remote_user: root 25 | gather_facts: True 26 | 27 | roles: 28 | - worker_install 29 | 30 | - hosts: all 31 | remote_user: root 32 | gather_facts: True 33 | 34 | roles: 35 | - scope_install 36 | -------------------------------------------------------------------------------- /tomcat/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,以源码编译方式部署tomcat 2 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建software目录 2 | file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 3 | 4 | #本地files目录下要准备好jdk包 5 | - name: 拷贝jdk包 6 | copy: src=jdk-8u{{ JDK_VER }}-linux-x64.tar.gz dest={{ SOURCE_DIR }} owner=root group=root 7 | 8 | - name: 解压jdk包 9 | unarchive: src={{ SOURCE_DIR }}/jdk-8u{{ JDK_VER }}-linux-x64.tar.gz dest={{ SOURCE_DIR }} owner=root group=root 10 | 11 | - name: 目录重命名 12 | shell: "if [ ! -d {{ JDK_DIR }} ]; then mv {{ SOURCE_DIR }}/jdk1.8.0_{{ JDK_VER }}/ {{ JDK_DIR }}; fi" 13 | 14 | - name: 拷贝环境变量jdk_PATH 15 | template: src=jdk_PATH dest={{ SOURCE_DIR }} owner=root group=root 16 | 17 | - name: 加入环境变量jdk_PATH 18 | shell: "if [ `grep {{ JDK_DIR }}/bin /etc/profile |wc -l` -eq 0 ]; then cat {{ SOURCE_DIR }}/jdk_PATH >> /etc/profile && source /etc/profile; fi" 19 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #当前主机下没有tomcat包 2 | - name: 下载tomcat包 3 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner=root group=root 4 | 5 | #当前主机files目录下已有tomcat包 6 | #- name: 拷贝现有tomcat包到所有主机 7 | # copy: src=apache-tomcat-{{ TOMCAT_VER }}.tar.gz dest={{ SOURCE_DIR }} 8 | 9 | - name: 解压tomcat包 10 | unarchive: src={{ SOURCE_DIR }}/apache-tomcat-{{ TOMCAT_VER }}.tar.gz dest={{ SOURCE_DIR }} owner=root group=root 11 | 12 | - name: 目录重命名 13 | shell: "if [ ! -d {{ TOMCAT_DIR }} ]; then mv {{ SOURCE_DIR }}/apache-tomcat-{{ TOMCAT_VER }}/ {{ TOMCAT_DIR }}; fi" 14 | 15 | - name: 加入环境变量_1 16 | lineinfile: 17 | dest: "{{ TOMCAT_DIR }}/bin/catalina.sh" 18 | insertbefore: "cygwin=false" 19 | line: "CATALINA_HOME={{ TOMCAT_DIR }}" 20 | 21 | - name: 加入环境变量_2 22 | lineinfile: 23 | dest: "{{ TOMCAT_DIR }}/bin/catalina.sh" 24 | insertbefore: "cygwin=false" 25 | line: "JAVA_HOME={{ JDK_DIR }}" 26 | 27 | - name: 加入环境变量_3 28 | lineinfile: 29 | dest: "{{ TOMCAT_DIR }}/bin/catalina.sh" 30 | insertbefore: "cygwin=false" 31 | line: "JRE_BIN={{ JDK_DIR }}/bin" 32 | 33 | - name: 加入环境变量_4 34 | lineinfile: 35 | dest: "{{ TOMCAT_DIR }}/bin/catalina.sh" 36 | insertbefore: "cygwin=false" 37 | line: "JRE_HOME={{ JDK_DIR }}/jre" 38 | 39 | - name: 加入环境变量_5 40 | lineinfile: 41 | dest: "{{ TOMCAT_DIR }}/bin/catalina.sh" 42 | insertbefore: "cygwin=false" 43 | line: "CLASSPATH={{ JDK_DIR }}/jre/lib:{{ JDK_DIR }}/lib:{{ JDK_DIR }}/jre/lib/charsets.jar" 44 | 45 | - name: 拷贝tomcat启动脚本_1 46 | template: src=tomcat dest=/usr/bin/ owner=root group=root mode=0755 47 | 48 | - name: 拷贝tomcat启动脚本_2 49 | template: src=tomcat dest=/etc/init.d/ owner=root group=root mode=0755 50 | 51 | - name: 启动tomcat并开机启动 52 | service: 53 | name: tomcat 54 | state: restarted 55 | enabled: yes 56 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | state: latest 31 | 32 | - name: 更新系统 33 | shell: "yum update -y" 34 | args: 35 | warn: False 36 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/templates/jdk_PATH: -------------------------------------------------------------------------------- 1 | JAVA_HOME={{ JDK_DIR }} 2 | JAVA_BIN={{ JDK_DIR }}/bin 3 | JRE_HOME={{ JDK_DIR }}/jre 4 | PATH=$PATH:{{ JDK_DIR }}/bin:{{ JDK_DIR }}/jre/bin 5 | CLASSPATH={{ JDK_DIR }}/jre/lib:{{ JDK_DIR }}/lib:{{ JDK_DIR }}/jre/lib/charsets.jar 6 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/templates/tomcat: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # chkconfig: 345 99 10 3 | # description: Auto-starts tomcat 4 | # /etc/init.d/tomcatd 5 | # Tomcat auto-start 6 | # Source function library. 7 | #. /etc/init.d/functions 8 | # source networking configuration. 9 | #. /etc/sysconfig/network 10 | prog="tomcat" 11 | RETVAL=0 12 | 13 | CATALINA_HOME={{ TOMCAT_DIR }} 14 | 15 | start() 16 | { 17 | if [ -f $CATALINA_HOME/bin/startup.sh ]; 18 | then 19 | echo $"Starting $prog" 20 | $CATALINA_HOME/bin/startup.sh 21 | RETVAL=$? 22 | echo " OK" 23 | return $RETVAL 24 | fi 25 | } 26 | stop() 27 | { 28 | if [ -f $CATALINA_HOME/bin/shutdown.sh ]; 29 | then 30 | echo $"Stopping $prog" 31 | $CATALINA_HOME/bin/shutdown.sh 32 | RETVAL=$? 33 | #sleep 1 34 | ps -ef |grep $CATALINA_HOME |grep -v grep |grep -v PID | awk '{print $2}'|xargs kill -9 35 | echo " OK" 36 | # [ $RETVAL -eq 0 ] && rm -f /var/lock/... 37 | return $RETVAL 38 | fi 39 | } 40 | case "$1" in 41 | start) 42 | start 43 | ;; 44 | stop) 45 | stop 46 | ;; 47 | restart) 48 | echo $"Restaring $prog" 49 | $0 stop && sleep 1 && $0 start 50 | ;; 51 | *) 52 | echo $"Usage: $0 {start|stop|restart}" 53 | exit 1 54 | ;; 55 | esac 56 | exit $RETVAL 57 | -------------------------------------------------------------------------------- /tomcat/roles/tomcat_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义tomcat安装中的变量 2 | JDK_VER: 191 3 | TOMCAT_VER: 8.5.39 4 | TOMCAT_VER_MAIN: "{{ TOMCAT_VER.split('.')[0] }}" 5 | DOWNLOAD_URL: https://mirrors.shu.edu.cn/apache/tomcat/tomcat-{{ TOMCAT_VER_MAIN }}/v{{ TOMCAT_VER }}/bin/apache-tomcat-{{ TOMCAT_VER }}.tar.gz 6 | 7 | TOMCAT_URL: tomcat 8 | TOMCAT_PORT: 8080 9 | SOURCE_DIR: /software 10 | JDK_DIR: /usr/local/jdk 11 | TOMCAT_DIR: /usr/local/tomcat 12 | DATA_DIR: /data/tomcat 13 | -------------------------------------------------------------------------------- /tomcat/tomcat.yml: -------------------------------------------------------------------------------- 1 | #用于批量安装Tomcat 2 | - hosts: javaserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - tomcat_install 8 | -------------------------------------------------------------------------------- /zabbix/README.md: -------------------------------------------------------------------------------- 1 | 通过ansible-playbook,批量部署Zabbix-server和Zabbix-agent 2 | -------------------------------------------------------------------------------- /zabbix/roles/agent_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 安装RPM包 2 | yum: 3 | name: "{{ RPM_URL }}" 4 | state: present 5 | 6 | - name: 安装软件 7 | yum: 8 | name: 9 | - zabbix-agent 10 | state: latest 11 | 12 | - name: 修改zabbix_agent配置_1 13 | lineinfile: 14 | dest: /etc/zabbix/zabbix_agentd.conf 15 | regexp: "Server=127.0.0.1" 16 | insertbefore: "### Option: ListenPort" 17 | line: "Server={{ SERVER_IP }}" 18 | 19 | - name: 修改zabbix_server配置_2 20 | lineinfile: 21 | dest: /etc/zabbix/zabbix_agentd.conf 22 | insertafter: "# StartAgents=3" 23 | line: "StartAgents=3" 24 | 25 | - name: 修改zabbix_server配置_3 26 | lineinfile: 27 | dest: /etc/zabbix/zabbix_agentd.conf 28 | regexp: "ServerActive=127.0.0.1" 29 | insertbefore: "### Option: Hostname" 30 | line: "ServerActive={{ SERVER_IP }}" 31 | 32 | - name: 修改zabbix_server配置_4 33 | lineinfile: 34 | dest: /etc/zabbix/zabbix_agentd.conf 35 | regexp: "Hostname=Zabbix server" 36 | insertbefore: "### Option: HostnameItem" 37 | line: "Hostname={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" 38 | 39 | - name: 修改zabbix_server配置_5 40 | lineinfile: 41 | dest: /etc/zabbix/zabbix_agentd.conf 42 | insertafter: "# UnsafeUserParameters=0" 43 | line: "UnsafeUserParameters=1" 44 | 45 | - name: 启动zabbix-agent并开机启动 46 | service: 47 | name: zabbix-agent 48 | state: started 49 | enabled: yes 50 | -------------------------------------------------------------------------------- /zabbix/roles/agent_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用install模块 2 | - include: install.yml 3 | -------------------------------------------------------------------------------- /zabbix/roles/agent_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义zabbix安装中的变量 2 | ZABBIX_VER: 3.4 3 | RPM_URL: https://repo.zabbix.com/zabbix/{{ ZABBIX_VER }}/rhel/7/x86_64/zabbix-release-{{ ZABBIX_VER }}-2.el7.noarch.rpm 4 | 5 | SERVER_IP: 192.168.30.128 #安装前必须指定zabbix-server IP 6 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建mysql用户组 2 | group: name={{ MYSQL_USER }} state=present 3 | 4 | - name: 创建mysql用户 5 | user: name={{ MYSQL_USER }} group={{ MYSQL_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | - name: 创建所需目录 8 | file: name={{ item }} state=directory mode=0755 recurse=yes 9 | with_items: 10 | - "{{ SOURCE_DIR }}" 11 | - "{{ DATA_DIR }}" 12 | 13 | - name: 更改目录属主属组 14 | file: name={{ DATA_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 15 | 16 | #当前主机下没有mysql包 17 | - name: 下载mysql包 18 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 19 | 20 | #当前主机files目录下已有mysql包 21 | #- name: 拷贝现有mysql包到所有主机 22 | # copy: src=mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest={{ SOURCE_DIR }} owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 23 | 24 | - name: 解压mysql包 25 | unarchive: src={{ SOURCE_DIR }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz dest=/usr/local owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 26 | 27 | - name: 目录重命名 28 | shell: "mv /usr/local/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64 {{ BASE_DIR }} && chown -R {{ MYSQL_USER }}:{{ MYSQL_USER }} {{ BASE_DIR }}" 29 | 30 | - name: 拷贝mysql配置文件 31 | template: src=my.cnf dest=/etc/my.cnf owner=root group=root 32 | 33 | - name: 拷贝mysql服务文件 34 | template: src=mysqld.service dest=/usr/lib/systemd/system/mysqld.service owner=root group=root 35 | 36 | - name: 拷贝更改密码脚本 37 | template: src=change_passwd.sh dest={{ SOURCE_DIR }} owner=root group=root 38 | 39 | - name: 创建日志目录 40 | file: name={{ item }} state=directory owner={{ MYSQL_USER }} group={{ MYSQL_USER }} mode=0755 recurse=yes 41 | with_items: 42 | - "/var/log/mysql" 43 | - "/var/run/mysqld" 44 | - "{{ BASE_DIR }}/tmp" 45 | - "{{ BASE_DIR }}/log" 46 | 47 | - name: 创建错误日志文件 48 | file: dest={{ BASE_DIR }}/log/error.log state=touch owner={{ MYSQL_USER }} group={{ MYSQL_USER }} 49 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #初始化安装mysql 2 | - name: mysql初始化 3 | shell: "{{ BASE_DIR }}/bin/mysqld --initialize-insecure --user={{ MYSQL_USER }} --basedir={{ BASE_DIR }} --datadir={{ DATA_DIR }}" 4 | 5 | - name: 拷贝启动脚本到/etc下 6 | copy: src={{ BASE_DIR }}/support-files/mysql.server dest=/etc/init.d/mysql 7 | 8 | - name: 修改启动脚本_1 9 | lineinfile: 10 | dest: /etc/init.d/mysql 11 | regexp: "^basedir=" 12 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 13 | line: "basedir={{ BASE_DIR }}" 14 | 15 | - name: 修改启动脚本_2 16 | lineinfile: 17 | dest: /etc/init.d/mysql 18 | regexp: "^datadir=" 19 | insertbefore: "^# Default value, in seconds, afterwhich the script should timeout waiting" 20 | line: "datadir={{ DATA_DIR }}" 21 | 22 | - name: 修改启动脚本_3 23 | file: dest=/etc/init.d/mysql state=file mode=0755 24 | 25 | - name: 配置环境变量 26 | shell: " if [ `grep {{ BASE_DIR }}/bin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ BASE_DIR }}/bin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 27 | 28 | - name: 启动mysql并开机启动 29 | shell: "systemctl daemon-reload && systemctl enable mysqld && systemctl start mysqld" 30 | 31 | - name: 设置数据库root密码 32 | shell: "bash {{ SOURCE_DIR }}/change_passwd.sh" 33 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、copy、install模块 2 | - include: prepare.yml 3 | - include: copy.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 关闭firewalld 2 | service: name=firewalld state=stopped enabled=no 3 | 4 | - name: 临时关闭 selinux 5 | shell: "setenforce 0" 6 | failed_when: false 7 | 8 | - name: 永久关闭 selinux 9 | lineinfile: 10 | dest: /etc/selinux/config 11 | regexp: "^SELINUX=" 12 | line: "SELINUX=disabled" 13 | 14 | - name: 添加EPEL仓库 15 | yum: name=epel-release state=latest 16 | 17 | - name: 安装常用软件包 18 | yum: 19 | name: 20 | - vim 21 | - lrzsz 22 | - net-tools 23 | - wget 24 | - curl 25 | - bash-completion 26 | - rsync 27 | - gcc 28 | - unzip 29 | - git 30 | - perl-Data-Dumper 31 | - libaio-devel 32 | - autoconf 33 | - cmake 34 | - openssl 35 | - openssl-devel 36 | - pcre 37 | - pcre-devel 38 | - zlib 39 | - zlib-devel 40 | - gd-devel 41 | - libxml2-devel 42 | state: latest 43 | 44 | - name: 更新系统 45 | shell: "yum update -y" 46 | args: 47 | warn: False 48 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/templates/change_passwd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #该脚本用于更改数据库root密码 3 | 4 | passwd={{ MYSQL_PASSWD }} 5 | n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l` 6 | 7 | if [ $n -eq 0 ] 8 | then 9 | echo "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profile 10 | source /etc/profile 11 | else 12 | source /etc/profile 13 | fi 14 | 15 | {{ BASE_DIR }}/bin/mysql -uroot -D mysql -e "UPDATE user SET authentication_string=PASSWORD("$passwd") WHERE user='root';" 16 | 17 | {{ BASE_DIR }}/bin/mysql -uroot -e "FLUSH PRIVILEGES;" 18 | 19 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all privileges on *.* to root@'%' identified by '$passwd';" 20 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/templates/my.cnf: -------------------------------------------------------------------------------- 1 | [client] 2 | port = {{ MYSQL_PORT }} 3 | socket = {{ BASE_DIR }}/tmp/mysql.sock 4 | 5 | [mysql] 6 | default-character-set=utf8 7 | 8 | [mysqld] 9 | default-storage-engine=INNODB 10 | character_set_server=utf8 11 | explicit_defaults_for_timestamp 12 | basedir={{ BASE_DIR }} 13 | datadir={{ DATA_DIR }} 14 | socket={{ BASE_DIR }}/tmp/mysql.sock 15 | log_error = {{ BASE_DIR }}/log/error.log 16 | 17 | sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION 18 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/templates/mysqld.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=MySQL Server 3 | After=network.target 4 | After=syslog.target 5 | 6 | [Install] 7 | WantedBy=multi-user.target 8 | 9 | [Service] 10 | User=mysql 11 | Group=mysql 12 | ExecStart={{ BASE_DIR }}/bin/mysqld --defaults-file=/etc/my.cnf 13 | 14 | #连接数限制 15 | LimitNOFILE=65535 16 | LimitNPROC=65535 17 | 18 | #Restart配置可以在进程被kill掉之后,让systemctl产生新的进程,避免服务挂掉 19 | #Restart=always 20 | PrivateTmp=false 21 | -------------------------------------------------------------------------------- /zabbix/roles/mysql_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义mysql安装中的变量 2 | MYSQL_VER: 5.7.25 3 | MYSQL_VER_MAIN: "{{ MYSQL_VER.split('.')[0] }}.{{ MYSQL_VER.split('.')[1] }}" 4 | 5 | DOWNLOAD_URL: https://mirrors.tuna.tsinghua.edu.cn/mysql/downloads/MySQL-{{ MYSQL_VER_MAIN }}/mysql-{{ MYSQL_VER }}-linux-glibc2.12-x86_64.tar.gz 6 | MYSQL_USER: mysql 7 | MYSQL_PORT: 3306 8 | MYSQL_PASSWD: 123456789 9 | SOURCE_DIR: /software 10 | BASE_DIR: /usr/local/mysql 11 | DATA_DIR: /data/mysql 12 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/files/lzxlinux.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDWjCCAkICCQDuSrwCyWxPRTANBgkqhkiG9w0BAQsFADBvMQswCQYDVQQGEwJD 3 | TjERMA8GA1UECAwIemhlamlhbmcxETAPBgNVBAcMCGhhbmd6aG91MRwwGgYDVQQK 4 | DBNEZWZhdWx0IENvbXBhbnkgTHRkMRwwGgYDVQQDDBN6YWJiaXgubHp4bGludXgu 5 | Y29tMB4XDTE5MDQwNTAzMjAwMloXDTIwMDQwNDAzMjAwMlowbzELMAkGA1UEBhMC 6 | Q04xETAPBgNVBAgMCHpoZWppYW5nMREwDwYDVQQHDAhoYW5nemhvdTEcMBoGA1UE 7 | CgwTRGVmYXVsdCBDb21wYW55IEx0ZDEcMBoGA1UEAwwTemFiYml4Lmx6eGxpbnV4 8 | LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMnnkhdtnoIo1q1+ 9 | tWag60LG6CK+JwCllZjQ2yyeBzid+llqG2B/3zFNkcP1gHHAqRalmYZG/ROoGJnu 10 | zDB+FhMTBKapD+ftZy/z1CjH8MnArGvGio6l2H4MDANXvGcI5g/DDLsq4a7Z9c6q 11 | aClgd6RohwhrfqaapiE8yUIWwaDg3jOChOJTcfuaxs6nkKrRZAVOmzk798SAuYi7 12 | 2wr1v3NKhknDicnCQzkK95ntFvP5Rswk4wUkQ+fdvRsIq/p6CVpHUVgYuuUDQCNA 13 | Zx9gppv/S5QysgWY5GgssZ0knRPUyi3LgfHgHSN8cTh4MGF8UGqlBQHgzv+V3AmP 14 | CmQJlTsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAnPEAQqIuYPtHRK99snKEBOd 15 | VBCqMimget3mGPPmu8eJDOZuxmHljg6p8Q5zgHD9yXWy0nMZVTs3qJ9amx/iV2yf 16 | sqHIduCZuaRfIi2QL5iojEU1MY3A+sEWmHa9RMmBncYKhxReh4qHnLzmrwl1wrOk 17 | zoJdlSrZZda4PNZ5XSbEUYDpe74CxC98/CJh9SNnVQD8YyYm8wClhrx9GGy2W4X6 18 | bDuoAcWiYRSLUGE6HKKRIYY9YKadCx3L80r35On8tH0dC3Hz/2ZIXiPHIw7j2CCh 19 | 133VQ6/lrNB7CIIdH1GtOw/kvNSF/h+S+0RDig68V/axlt512M88XhItWiV+Lw== 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/files/lzxlinux.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEowIBAAKCAQEAyeeSF22egijWrX61ZqDrQsboIr4nAKWVmNDbLJ4HOJ36WWob 3 | YH/fMU2Rw/WAccCpFqWZhkb9E6gYme7MMH4WExMEpqkP5+1nL/PUKMfwycCsa8aK 4 | jqXYfgwMA1e8ZwjmD8MMuyrhrtn1zqpoKWB3pGiHCGt+ppqmITzJQhbBoODeM4KE 5 | 4lNx+5rGzqeQqtFkBU6bOTv3xIC5iLvbCvW/c0qGScOJycJDOQr3me0W8/lGzCTj 6 | BSRD5929Gwir+noJWkdRWBi65QNAI0BnH2Cmm/9LlDKyBZjkaCyxnSSdE9TKLcuB 7 | 8eAdI3xxOHgwYXxQaqUFAeDO/5XcCY8KZAmVOwIDAQABAoIBAE6Q29pd/5Yqig8N 8 | BU2gRKvBdsc+MzMfO+0xKHheLfUsFCUDExAj8hffVV9pgsfA7osveWQ073ncqWYM 9 | 9EvSZIibl+26T8QyLzsLqH0OAHahkPaHVZdYlbvGuE38sAVwAwYTIjsa3qMJkYsP 10 | 6GRhc2z4d8MhATGXcBny62XaMRKGfMU3WLZnBAEYjsSCMuaid+0aP0zCGEQxTfeD 11 | yJ0tCYlQQEIv0T01/LwIsGKi62Iiig2WHp6VI+1W9NXaKcN3W6F8oKvdUamfBJ8I 12 | GjlF3X3fnGlwZu47jQ1IIeEwuWfAytJ7c5ErTqer7xng3PHGrTTQYiHRuUpfBu4B 13 | MTWcaUECgYEA9McNWX3tgqKzS9tBcBGdxf3g+susAO1/jQBLdO38/f58FAAEmOFb 14 | O3xteR3nYwbYeJ4TvyKg1H+qQsrxdcU6hDOntyim6/Wyp4J6jor7ekdg1+Ut5UUd 15 | 1kypTHwTKzRF2hJFpuVsJHau+EnCabWmkyJ4Bzz+bQJ8ZvQaw4T90/ECgYEA0ylR 16 | y3esuMweof1TyHPilNuy99Uf9xkU8rQRjfTC4eB7ElD5B3bBUP88axOwmMq3mcxU 17 | wchBW2z9lvl4FiD/2GvTZiQkMipQWlQ7i0UcXecmG7yK2Wn8GKOz6L1hZ6tgagBb 18 | K/jjrkfKQJlDaPdT5HohjtzMGzyjtq9DBCCzd+sCgYA2FfmUKagecnbtrv/RlILp 19 | KcTZhcF23wONE2CY8LEzKlUeUjax1THEfiTuWzYygmO4my0/0ZX5/k+PvKoH3NGm 20 | Poezh+8COmMEcmdEMd+JUFZMvh4bB9+k54GNHelaZY19twXe79iqYfMdd6bWlsW8 21 | wyQEbWzGh4MXeJ6lTzCK8QKBgQCCPYwLuSa5XHzQYRWaH4/zTIbYQYXTvI6lG9dv 22 | /TVuaCzAoVzX87FMqgCz8pMLyozvuY3VcBSPtWu8AObGj1f+PpNG/qesoViqPiXz 23 | wo66hGWG2gWyD6LD98Rxms1HSfbPqqSRPJQB3JmsultPlK0T0Rh9q0XgzsgTV4o4 24 | M4s+PQKBgA0GQ3jEmqYPsk1IsaPTsQtBpCKsp24kTNyRU8SMYFqHbPDrlr06JU0w 25 | ztZS0jCYov17yxgAyMDWH1Ta//pRR9D333sP1HYCJ9wze2zpWSmWWtXAT4Xdf88i 26 | rg486BQpQCvEXHuLYgoJubkro8HCT6kj36gXlq4HrgdtvjF6vbiy 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/tasks/copy.yml: -------------------------------------------------------------------------------- 1 | - name: 创建nginx用户组 2 | group: name={{ NGINX_USER }} state=present 3 | 4 | - name: 创建nginx用户 5 | user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=False shell=/sbin/nologin 6 | 7 | #- name: 创建software目录 8 | # file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes 9 | 10 | - name: 创建证书目录 11 | file: name={{ CERT_DIR }} state=directory mode=0755 recurse=yes 12 | 13 | - name: 拷贝证书文件到所有主机_1 14 | copy: src=lzxlinux.key dest={{ CERT_DIR }} 15 | 16 | - name: 拷贝证书文件到所有主机_2 17 | copy: src=lzxlinux.crt dest={{ CERT_DIR }} 18 | 19 | - name: 创建日志目录 20 | file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 21 | with_items: 22 | - "{{ DATA_DIR }}" 23 | - "{{ DATA_DIR }}/log" 24 | 25 | - name: 创建日志文件 26 | file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 27 | with_items: 28 | - "{{ DATA_DIR }}/log/access.log" 29 | - "{{ DATA_DIR }}/log/error.log" 30 | - "{{ DATA_DIR }}/log/zabbix_access.log" 31 | 32 | #当前主机下没有nginx包 33 | - name: 下载nginx包 34 | get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 35 | 36 | #当前主机file目录下已有nginx包 37 | #- name: 拷贝现有nginx包到所有主机 38 | # copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 39 | - name: 解压nginx包 40 | unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} 41 | 42 | #复制nginx服务文件 43 | - name: 拷贝nginx服务文件 44 | template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root 45 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | #编译nginx 2 | - name: 编译nginx 3 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" 4 | 5 | #安装nginx 6 | - name: 安装nginx 7 | shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" 8 | 9 | - name: 拷贝nginx主配置文件 10 | template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} 11 | 12 | - name: 创建vhost配置文件目录 13 | file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes 14 | 15 | - name: 拷贝nginx vhost配置文件 16 | template: src=zabbix.conf dest={{ NGINX_DIR }}/conf/vhost/zabbix.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 17 | 18 | - name: 配置环境变量 19 | shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" 20 | 21 | - name: 开机启动nginx 22 | shell: "systemctl daemon-reload && systemctl enable nginx" 23 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用copy、install模块 2 | - include: copy.yml 3 | - include: install.yml 4 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/templates/nginx.conf: -------------------------------------------------------------------------------- 1 | user nobody nobody; 2 | worker_processes 1; 3 | error_log {{ DATA_DIR }}/log/error.log crit; 4 | pid /run/nginx.pid; 5 | 6 | worker_rlimit_nofile 51200; 7 | 8 | events { 9 | use epoll; 10 | worker_connections 1024; 11 | } 12 | 13 | http { 14 | include mime.types; 15 | 16 | default_type application/octet-stream; 17 | 18 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 19 | '$status $body_bytes_sent "$http_referer" ' 20 | '"$http_user_agent" "$http_x_forwarded_for"'; 21 | 22 | access_log {{ DATA_DIR }}/log/access.log main; 23 | 24 | sendfile on; 25 | server_tokens off; 26 | tcp_nopush on; 27 | 28 | keepalive_timeout 65; 29 | 30 | client_header_timeout 3m; 31 | client_body_timeout 3m; 32 | send_timeout 3m; 33 | 34 | client_max_body_size 10m; 35 | client_body_buffer_size 256k; 36 | connection_pool_size 256; 37 | client_header_buffer_size 1k; 38 | large_client_header_buffers 8 4k; 39 | request_pool_size 4k; 40 | output_buffers 4 32k; 41 | postpone_output 1460; 42 | 43 | client_body_temp_path {{ NGINX_DIR }}/client_body_temp; 44 | fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; 45 | fastcgi_intercept_errors on; 46 | tcp_nodelay on; 47 | 48 | proxy_connect_timeout 300s; 49 | proxy_read_timeout 300s; 50 | proxy_send_timeout 300s; 51 | proxy_buffer_size 64k; 52 | proxy_buffers 4 32k; 53 | proxy_busy_buffers_size 64k; 54 | proxy_temp_file_write_size 64k; 55 | proxy_ignore_client_abort on; 56 | proxy_temp_path {{ NGINX_DIR }}/proxy_temp; 57 | 58 | gzip on; 59 | gzip_min_length 1k; 60 | gzip_buffers 4 8k; 61 | gzip_comp_level 5; 62 | gzip_http_version 1.1; 63 | gzip_types text/plain application/x-javascript text/css text/htm 64 | application/xml; 65 | 66 | include vhost/*.conf; 67 | 68 | server 69 | { 70 | listen 80; 71 | server_name localhost; 72 | 73 | location / 74 | { 75 | root html; 76 | index index.html index.htm index.php; 77 | } 78 | 79 | error_page 500 502 503 504 /50x.html; 80 | location = /50x.html { 81 | root html; 82 | } 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/templates/nginx.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=The nginx HTTP and reverse proxy server 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=forking 7 | PIDFile=/run/nginx.pid 8 | # Nginx will fail to start if /run/nginx.pid already exists but has the wrong 9 | # SELinux context. This might happen when running `nginx -t` from the cmdline. 10 | # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 11 | ExecStartPre=/usr/bin/rm -f /run/nginx.pid 12 | ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t 13 | ExecStart={{ NGINX_DIR }}/sbin/nginx 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | KillSignal=SIGQUIT 16 | TimeoutStopSec=5 17 | KillMode=process 18 | PrivateTmp=true 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/templates/zabbix.conf: -------------------------------------------------------------------------------- 1 | server 2 | { 3 | listen 80; 4 | server_name {{ DOMAIN }}; 5 | rewrite ^(.*)$ https://$host$1 permanent; 6 | } 7 | 8 | server 9 | { 10 | listen 443 ssl http2; 11 | server_name {{ DOMAIN }}; 12 | #ssl on; #nginx1.15.0以上版本可以去掉ssl on 13 | ssl_certificate {{ CERT_DIR }}/lzxlinux.crt; 14 | ssl_certificate_key {{ CERT_DIR }}/lzxlinux.key; 15 | #DHE密钥交换,本地生成 16 | #ssl_dhparam /etc/ssl/certs/dhparam.pem; 17 | #强制https 18 | add_header X-Frame-Options deny; 19 | add_header X-Content-Type-Options nosniff; 20 | # 分配10MB的共享内存缓存,不同工作进程共享TLS会话信息 21 | ssl_session_cache shared:SSL:10m; 22 | # 设置会话缓存过期时间 23 | ssl_session_timeout 10m; 24 | #指定TLS协议的版本,不安全的SSL2和SSL3要废弃掉 25 | ssl_protocols TLSv1.1 TLSv1.2; 26 | #由服务器选择适配算法 27 | ssl_prefer_server_ciphers on; 28 | ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; 29 | 30 | # valid表示缓存5分钟,resolver_timeout表示网络超时时间 31 | resolver 8.8.8.8 8.8.4.4 223.5.5.5 valid=300s; 32 | resolver_timeout 10s; 33 | 34 | location / { 35 | 36 | proxy_pass http://{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:{{ HTTPD_PORT }}; 37 | proxy_redirect off; 38 | proxy_set_header Host $host; 39 | proxy_set_header X-Real-IP $remote_addr; 40 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 41 | } 42 | 43 | access_log {{ DATA_DIR }}/log/zabbix_access.log; 44 | } 45 | -------------------------------------------------------------------------------- /zabbix/roles/nginx_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义nginx安装中的变量 2 | NGINX_VER: 1.15.0 3 | DOWNLOAD_URL: http://nginx.org/download/nginx-{{ NGINX_VER }}.tar.gz 4 | NGINX_USER: nginx 5 | NGINX_PORT: 80 6 | HTTPD_PORT: 8081 7 | SOURCE_DIR: /software 8 | NGINX_DIR: /usr/local/nginx 9 | DATA_DIR: /data/nginx 10 | CERT_DIR: /home/keys 11 | DOMAIN: zabbix.lzxlinux.com 12 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/tasks/config.yml: -------------------------------------------------------------------------------- 1 | - name: 安装RPM包 2 | yum: 3 | name: "{{ RPM_URL }}" 4 | state: present 5 | 6 | - name: 安装软件 7 | yum: 8 | name: 9 | - zabbix-agent 10 | - zabbix-get 11 | - zabbix-server-mysql 12 | - zabbix-web 13 | - zabbix-web-mysql 14 | - zabbix-java-gateway 15 | state: latest 16 | 17 | - name: 拷贝zabbix数据库配置脚本 18 | template: src=mysql_config.sh dest={{ SOURCE_DIR }} owner=root group=root 19 | 20 | - name: 创建zabbix库、授权、导入数据 21 | shell: "bash {{ SOURCE_DIR }}/mysql_config.sh" 22 | 23 | - name: 修改httpd配置_1 24 | lineinfile: 25 | dest: /etc/httpd/conf/httpd.conf 26 | regexp: "Listen 80" 27 | insertafter: "#Listen 12.34.56.78:80" 28 | line: "Listen {{ HTTPD_PORT }}" 29 | 30 | - name: 修改httpd配置_2 31 | lineinfile: 32 | dest: /etc/httpd/conf/httpd.conf 33 | insertafter: "Include conf.modules.d/*.conf" 34 | line: "Include conf.d/*.conf" 35 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/tasks/install.yml: -------------------------------------------------------------------------------- 1 | - name: 拷贝zabbix配置文件 2 | template: src=zabbix.conf dest=/etc/httpd/conf.d/ owner=root group=root 3 | 4 | - name: 启动httpd 5 | service: 6 | name: httpd 7 | state: started 8 | enabled: yes 9 | 10 | - name: 修改zabbix_server配置_1 11 | lineinfile: 12 | dest: /etc/zabbix/zabbix_server.conf 13 | insertafter: "# DBHost=localhost" 14 | line: "DBHost=Hostname={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" 15 | 16 | - name: 修改zabbix_server配置_2 17 | lineinfile: 18 | dest: /etc/zabbix/zabbix_server.conf 19 | insertafter: "# DBPassword=" 20 | line: "DBPassword={{ MYSQL_PASSWD }}" 21 | 22 | #监控jvm/tomcat性能 23 | - name: 修改zabbix_server配置_3 24 | lineinfile: 25 | dest: /etc/zabbix/zabbix_server.conf 26 | insertafter: "# JavaGateway=" 27 | line: "JavaGateway=Hostname={{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" 28 | 29 | - name: 修改zabbix_server配置_4 30 | lineinfile: 31 | dest: /etc/zabbix/zabbix_server.conf 32 | insertafter: "# JavaGatewayPort=10052" 33 | line: "JavaGatewayPort=10052" 34 | 35 | - name: 修改zabbix_server配置_5 36 | lineinfile: 37 | dest: /etc/zabbix/zabbix_server.conf 38 | insertafter: "# StartJavaPollers=0" 39 | line: "StartJavaPollers=5" 40 | 41 | - name: 修改zabbix_server配置_6 42 | lineinfile: 43 | dest: /etc/zabbix/zabbix_server.conf 44 | insertafter: "# CacheSize=8M" 45 | line: "CacheSize=1G" 46 | 47 | - name: 修改zabbix_server配置_7 48 | lineinfile: 49 | dest: /etc/zabbix/zabbix_server.conf 50 | insertafter: "# HistoryCacheSize=16M" 51 | line: "HistoryCacheSize=256M" 52 | 53 | - name: 修改zabbix_server配置_8 54 | lineinfile: 55 | dest: /etc/zabbix/zabbix_server.conf 56 | insertafter: "# HistoryIndexCacheSize=4M" 57 | line: "HistoryIndexCacheSize=256M" 58 | 59 | - name: 修改zabbix_server配置_9 60 | lineinfile: 61 | dest: /etc/zabbix/zabbix_server.conf 62 | insertafter: "# TrendCacheSize=4M" 63 | line: "TrendCacheSize=256M" 64 | 65 | - name: 修改zabbix_server配置_10 66 | lineinfile: 67 | dest: /etc/zabbix/zabbix_server.conf 68 | insertafter: "# ValueCacheSize=8M" 69 | line: "ValueCacheSize=512M" 70 | 71 | - name: 修改zabbix_server配置_11 72 | lineinfile: 73 | dest: /etc/zabbix/zabbix_server.conf 74 | regexp: "Timeout=4" 75 | insertbefore: "### Option: TrapperTimeout" 76 | line: "Timeout=30" 77 | 78 | - name: 启动nginx 79 | service: 80 | name: nginx 81 | state: started 82 | 83 | - name: 启动zabbix-server并开机启动 84 | service: 85 | name: zabbix-server 86 | state: started 87 | enabled: yes 88 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/tasks/main.yml: -------------------------------------------------------------------------------- 1 | #引用prepare、config、install模块 2 | - include: prepare.yml 3 | - include: config.yml 4 | - include: install.yml 5 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | - name: 安装RPM包 2 | yum: 3 | name: https://mirror.webtatic.com/yum/el7/webtatic-release.rpm 4 | state: present 5 | 6 | - name: 安装软件 7 | yum: 8 | name: 9 | - httpd 10 | - php72w 11 | - php72w-cli 12 | - php72w-common 13 | - php72w-devel 14 | - php72w-embedded 15 | - php72w-fpm 16 | - php72w-gd 17 | - php72w-mbstring 18 | - php72w-mysqlnd 19 | - php72w-opcache 20 | - php72w-pdo 21 | - php72w-xml 22 | - php72w-bcmath 23 | - php72w-ctype 24 | - libjpeg* 25 | - php72w-xmlreader 26 | - php72w-xmlwriter 27 | - php72w-session 28 | - php72w-gettext 29 | - php72w-ldap 30 | state: latest 31 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/templates/mysql_config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #该脚本用于zabbix数据库配置 3 | 4 | passwd={{ MYSQL_PASSWD }} 5 | n=`grep "{{ BASE_DIR }}/bin" /etc/profile |wc -l` 6 | 7 | if [ $n -eq 0 ] 8 | then 9 | echo "export PATH=$PATH:{{ BASE_DIR }}/bin" >> /etc/profile 10 | source /etc/profile 11 | else 12 | source /etc/profile 13 | fi 14 | 15 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "create database zabbix character set utf8;" 16 | 17 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "grant all on zabbix.* to 'zabbix'@'%' identified by '$passwd';" 18 | 19 | {{ BASE_DIR }}/bin/mysql -uroot -p$passwd -e "FLUSH PRIVILEGES;" 20 | 21 | cd `find / -name zabbix-server-mysql*` && gzip -d create.sql.gz 22 | 23 | {{ BASE_DIR }}/bin/mysql -uroot -S {{ BASE_DIR }}/tmp/mysql.sock -p{{ MYSQL_PASSWD }} zabbix < create.sql 24 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/templates/zabbix.conf: -------------------------------------------------------------------------------- 1 | 2 | DocumentRoot "/usr/share/zabbix" 3 | ServerName {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} 4 | 5 | 6 | Options FollowSymLinks 7 | AllowOverride all 8 | Require all granted 9 | 10 | 11 | php_value max_execution_time 600 12 | php_value memory_limit 256M 13 | php_value post_max_size 16M 14 | php_value upload_max_filesize 32M 15 | php_value max_input_time 600 16 | php_value max_input_vars 10000 17 | php_value always_populate_raw_post_data -1 18 | php_value date.timezone Asia/Shanghai 19 | 20 | 21 | 22 | 23 | 24 | Require all denied 25 | 26 | 27 | 28 | Require all denied 29 | 30 | 31 | 32 | Require all denied 33 | 34 | 35 | 36 | Require all denied 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /zabbix/roles/server_install/vars/main.yml: -------------------------------------------------------------------------------- 1 | #定义zabbix安装中的变量 2 | ZABBIX_VER: 3.4 3 | RPM_URL: https://repo.zabbix.com/zabbix/{{ ZABBIX_VER }}/rhel/7/x86_64/zabbix-release-{{ ZABBIX_VER }}-2.el7.noarch.rpm 4 | 5 | SOURCE_DIR: /software 6 | HTTPD_PORT: 8081 7 | BASE_DIR: /usr/local/mysql 8 | MYSQL_PASSWD: 123456789 9 | DOMAIN: zabbix.lzxlinux.com 10 | -------------------------------------------------------------------------------- /zabbix/zabbix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Tobewont/ansible-playbook/0d3939987f9bb0686176fcb05977488be8714342/zabbix/zabbix.png -------------------------------------------------------------------------------- /zabbix/zabbix.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: zbxserver 3 | remote_user: root 4 | gather_facts: True 5 | 6 | roles: 7 | - mysql_install 8 | - nginx_install 9 | - server_install 10 | 11 | - hosts: zbxagent 12 | remote_user: root 13 | gather_facts: True 14 | 15 | roles: 16 | - agent_install 17 | --------------------------------------------------------------------------------