标签:生产实践 rsync name src 部署 ip -- 迁移 yml
我们在运维生产环境中,经常会遇到服务的迁移部署,在完成服务初始化及免密登录之后,我们就需要将程序和数据同步到新的机器上,以下是我们在生产中使用ansible playbook 编写的脚本,由于线上环境的复杂性,我们采用一对一进行新环境的部署工作,在实际使用 ansible playbook 的过程中,我们重点使用了 ansible 的变量希望能做到抛砖引玉的作用
1. 目录结构如下
[@bjyf_50_20 roles]# pwd
/search/ansible/roles
[@bjyf_50_20 roles]# tree
.
|-- adtech
| |-- files
| |-- handlers
| |-- tasks
| | |-- check.yml
| | |-- cron.yml
| | |-- group.yml
| | |-- hadoop_client.yml
| | |-- main.yml
| | |-- monitor.yml
| | |-- pkg_install.yml
| | |-- rsync_data.yml
| | |-- rsync_lib64.yml
| | |-- rsync_sysconf.yml
| | `-- user.yml
| |-- templates
| `-- vars
| `-- main.yml
`-- init
`-- tasks
|-- main.yml
`-- ssh_key.yml
8 directories, 14 files
[@bjyf_50_20 roles]#
2. task任务如下
2.1 环境检查
cat /search/ansible/roles/adtech/tasks/check.yml
---
- debug: msg="rsync {{ src_ip }}::root{{ item }}"
with_items: "{{ src_path }}"
- name: Get IP address
shell: hostname -I |awk '{print $1}'
register: remoteIP
- name: Whether in Caesar or not
shell: curl -s "http://caesar.adtech.sogou-inc.com/php/ip_search_exec.php?user_name=zhaoxiaole&search_ip={{ remoteIP.stdout }}"|grep -ow "{{ remoteIP.stdout }}"
register: caesar
failed_when: caesar.rc == 0
- name: check directory
shell: "rsync {{ src_ip }}::root{{ item }}"
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="check ok"
2.2 创建组
cat /search/ansible/roles/adtech/tasks/group.yml
---
- name: create op_biz group
group: name=op_biz system=yes state=present
- name: create hermes group
group: name=hermes system=yes state=present
2.3 创建用户
cat /search/ansible/roles/adtech/tasks/user.yml
---
- name: Create a username and password
user: name={{ item.name }} password={{ item.pass | password_hash('sha512') }} update_password=always group={{ item.group }} home={{ item.home }}
with_items:
- { name: 'op_biz', pass: 'op_biz2020', group: 'op_biz', home: '/search/odin' }
- { name: 'hermes', pass: 'hermes2020', group: 'hermes', home: '/home/hermes' }
- { name: 'adpc', pass: 'adpc2020', group: 'op_biz', home: '/home/adpc' }
- { name: 'adwl', pass: 'adwl2020', group: 'op_biz', home: '/home/adwl' }
- name: rsync passwd file
shell: rsync -aP {{ src_ip }}::root/etc/passwd /tmp
register: passDone
ignore_errors: True
- name: Check the user home directory
shell: awk 'BEGIN{FS=":"}/op_biz/{print $6}' /tmp/passwd
when: passDone.rc == 0
register: userHome
ignore_errors: True
#- name: print variable
# debug: msg="{{ userHome }}"
- name: usermod op_biz
shell: usermod -d {{ userHome.stdout }} op_biz
register: result
failed_when: result.rc != 0
ignore_errors: True
- debug: msg="useradd done"
2.4 监控脚本
cat /search/ansible/roles/adtech/tasks/monitor.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/opt/monitor/ /opt/monitor/"
- name: rsync monitor
shell: rsync -aP {{ src_ip }}::root/opt/monitor/ /opt/monitor/
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.5 cron任务
cat /search/ansible/roles/adtech/tasks/cron.yml
---
- name: Turn off the cron service
service: name=crond state=stopped
- debug: msg="rsync -aP {{ src_ip }}::root/var/spool/cron/ /var/spool/cron/"
- name: rsync cron
shell: rsync -aP {{ src_ip }}::root/var/spool/cron/ /var/spool/cron/
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.6 同步 hadoop 客户端
cat /search/ansible/roles/adtech/tasks/hadoop_client.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/opt/hadoop-client /opt/"
- name: rsync hadoop-client
shell: rsync -aP {{ src_ip }}::root/opt/hadoop-client /opt/
register: result
failed_when: result.rc != 0
- name: insert op_biz slave user
copy: content='slave,slave\n' dest=/search/odin/ugi_config
- name: insert root slave user
copy: content='slave,slave\n' dest=/root/ugi_config
- debug: msg="rsync done"
2.7 同步数据+程序
cat /search/ansible/roles/adtech/tasks/rsync_data.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root{{ item }} {{ item }}"
with_items: "{{ src_path }}"
- name: rsync dir
shell: rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --include='*/' --exclude='*'
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --exclude={{ ext_data }}"
with_items: "{{ src_path }}"
- name: rsync data
shell: rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --exclude={{ ext_data }}
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.8 拉取sysconf配置
cat /search/ansible/roles/adtech/tasks/rsync_sysconf.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/etc/sysctl.conf /etc/"
- name: rsync sysctl.conf
shell: rsync -aP {{ src_ip }}::root/etc/sysctl.conf /etc/
register: result
failed_when: result.rc != 0
- name: reload sysconf
shell: sysctl -p
register: result
failed_when: result.rc != 0
ignore_errors: True #忽略命令执行的错误
- debug: msg="rsync done"
2.9 拉取lib库文件
cat /search/ansible/roles/adtech/tasks/rsync_lib64.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/usr/lib64/{{ lib_file }} /usr/lib64/"
- name: Whether the biddingServer
shell: /usr/bin/ls /search/odin/bin/lead_server
register: isBidding
ignore_errors: True
#- name: print isBidding
# debug: msg="{{ isBidding }}"
- name: rsync /usr/lib64/{{ lib_file }}
shell: rsync -aP {{ src_ip }}::root/usr/lib64/{{ lib_file }} /usr/lib64/
when: isBidding.rc == 0
register: result
failed_when: result.rc != 0
ignore_errors: True
- debug: msg="rsync done"
3. 入口文件(按顺序执行)
cat /search/ansible/roles/adtech/tasks/main.yml
- include: check.yml
- include: group.yml
- include: user.yml
- include: monitor.yml
- include: cron.yml
- include: hadoop_client.yml
- include: rsync_data.yml
- include: rsync_sysconf.yml
- include: rsync_lib64.yml
4. 变量定义
cat /search/ansible/roles/adtech/vars/main.yml
src_path: ["/search/", "/home/"]
ext_data: "{'log/*','bak/*','*core*','update_data/index/*','update_data/data/*','debug/*','backup/*'}"
lib_file: "{'libcurl*','libhiredis*','libboost_regex*','libboost_thread*','libboost_date*','libboost_filesystem*'}"
pkg_name: ["jemalloc", "htop"]
5. play-book运行
5.1 引入roles
cat /search/ansible/deployment.yml
---
- hosts: "{{ server }}"
remote_user: root
roles:
- role: init # init是免密文件夹名
- role: adtech # adtech是tasks文件夹名
5. 2 一对一同步hosts
cat /etc/ansible/hosts
[bidding]
10.162.39.63 src_ip=10.134.57.126
10.162.42.59 src_ip=10.134.49.40
10.162.38.82 src_ip=10.134.49.41
10.162.39.84 src_ip=10.134.57.86
10.162.42.55 src_ip=10.134.57.34
10.162.42.54 src_ip=10.134.57.35
5.3 执行playbook
cd /search/ansible/roles
ansible-playbook deployment.yml -e 'server=bidding'
标签:生产实践,rsync,name,src,部署,ip,--,迁移,yml 来源: https://www.cnblogs.com/wysxr/p/14629192.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。