綜合練習day1

圖片

創建一個目錄,寫一個docker-compose

1 | mkdir host
2 | cat docker-compose.yml

內容如下

version: '3.8'
services:
  h1:
    build: .
    image: centos7-sshd
    container_name: h1
    privileged: true
    command: /usr/sbin/init
    hostname: h1
    networks:
      xiuyun_net:

  tomcat1:
    build: .
    image: centos7-sshd
    container_name: tomcat1
    privileged: true
    hostname: tomcat1
    command: /usr/sbin/init
    networks:
      xiuyun_net:

  tomcat2:
    build: .
    image: centos7-sshd
    container_name: tomcat2
    hostname: tomcat2
    privileged: true
    command: /usr/sbin/init
    networks:
      xiuyun_net:

  mysql-master:
    build: .
    image: centos7-sshd
    container_name: mysql-master
    hostname: mysql-master
    privileged: true
    command: /usr/sbin/init
    networks:
      xiuyun_net:
  mysql-slave:
    build: .
    image: centos7-sshd
    container_name: mysql-slave
    hostname: mysql-slave
    privileged: true
    command: /usr/sbin/init
    networks:
      xiuyun_net:
  ansible:
    build: .
    image: centos7-sshd
    container_name: ansible
    hostname: ansible
    privileged: true
    command: /usr/sbin/init
    networks:
      xiuyun_net:

networks:
  xiuyun_net:

Dockerfile

1 | cat Dockerfile

FROM centos:7
RUN yum install -y \
    vim bash-com* openssh-clients openssh-server iproute cronie;\
    yum group install -y "Development Tools";yum clean all;\
    localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 && \
    ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ENV LANG=zh_CN.UTF-8

執行完上面的步驟，執行如下命令

1 | docker-compose up -d  #  啟動行程
2 | docker-compose ps     

結果如下圖

實施步驟

1.安裝ansible

1 | docker-compose exec ansible bash      #   進入ansible機器
2 | curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 下載epel源
3 | yum -y install ansible     #  安裝ansible

與其他管理節點建立信任關系

不檢查其他主機的公鑰
在ansible主機上修改檔案 vi /etc/ansible/ansible.cfg中設定如下選項

繼續在ansible主機上執行如下命令，創建自己的密鑰對

1 | ssh-keygen -N '' -f ~/.ssh/id_rsa

建立hosts資產清單檔案

IP 資訊可以通過在 宿主機 上執行如下命令獲取

創建一個檔案hosts

1 | vim hosts

給管理的機器設定 root 密碼

由于這里是使用容器作為虛擬機的，所以默認情況下，root 用戶沒有密碼，需要我們手動設定，
在宿主機上執行如下命令設定密碼

1 | docker-compose exec 服務名稱 bash -c 'echo 密碼 | passwd root --stdin'

1 | docker-compose exec h1  bash -c 'echo 1 | passwd root --stdin'
2 | docker-compose exec tomcat1 bash -c 'echo 1 | passwd root --stdin'
3 | docker-compose exec tomcat2  bash -c 'echo 1 | passwd root --stdin'
4 | docker-compose exec mysql-master  bash -c 'echo 1 | passwd root --stdin'
5 | docker-compose exec mysql-slave bash -c 'echo 1| passwd root --stdin'

傳輸公鑰

1 | mkdir playbook     #  創建目錄
2 | cd playbook        
3 | cat send-pubkey.yml

內容如下

---
- hosts: all
 gather_facts: no
  remote_user: root   
  vars_files:
    - foo.yml    
  tasks:
  - name: Set authorized key taken from file
    authorized_key:    
      user: root            
      state: present
      key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"  
...

1 | vim foo.yml
ansible_ssh_pass: 1

執行playbook

ansible-playbook -i hosts send-pubkey.yml

結果圖

給另外一臺機器安裝nginx（在ansible機器上執行操作）

1 | mkdir nginx     #  創建目錄
2 | vim nginx.repo  

內容如下

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

3 | cat nginx/install-nginx.yml

內容如下

---
- hosts: nginx
  gather_facts: no
  tasks:
    - name: copy nginx 倉庫檔案
      copy:
       src: ./nginx.repo
       dest: /etc/yum.repos.d/nginx.repo
    
    - name: instll nginx
      yum:
        name: nginx
        state: present

    - name:  start nginx
      systemd:
         name: nginx
         state: started

執行playbook

1 |  ansible-playbook -i hosts nginx/install-nginx.yml 

結果圖如下