生产实践:服务迁移部署
我们在运维生产环境中,经常会遇到服务的迁移部署,在完成服务初始化之后及免密登录之后,我们就需要将程序和数据同步到新的机器上,以下是我们在生产中使用ansible playbook 编写的脚本,由于线上环境的复杂性,我们采用一对一进行新环境的部署工作,在实际使用 ansible playbook 的过程中,我们重点使用了 ansible 的变量https://www.cnblogs.com/wysxr/p/14629138.html希望能做到抛砖引玉的作用
1. 目录结构如下
[@bjyf_50_20 roles]# pwd
/search/ansible/roles
[@bjyf_50_20 roles]# tree
.
|-- adtech
| |-- files
| |-- handlers
| |-- tasks
| | |-- check.yml
| | |-- cron.yml
| | |-- group.yml
| | |-- hadoop_client.yml
| | |-- main.yml
| | |-- monitor.yml
| | |-- pkg_install.yml
| | |-- rsync_data.yml
| | |-- rsync_lib64.yml
| | |-- rsync_sysconf.yml
| | `-- user.yml
| |-- templates
| `-- vars
| `-- main.yml
`-- init
`-- tasks
|-- main.yml
`-- ssh_key.yml
8 directories, 14 files
[@bjyf_50_20 roles]#
2. task任务如下
2.1 环境检查
cat /search/ansible/roles/adtech/tasks/check.yml
---
- debug: msg="rsync {{ src_ip }}::root{{ item }}"
with_items: "{{ src_path }}"
- name: Get IP address
shell: hostname -I |awk '{print $1}'
register: remoteIP
- name: Whether in Caesar or not
shell: curl -s "http://caesar.adtech.sogou-inc.com/php/ip_search_exec.php?user_name=zhaoxiaole&search_ip={{ remoteIP.stdout }}"|grep -ow "{{ remoteIP.stdout }}"
register: caesar
failed_when: caesar.rc == 0
- name: check directory
shell: "rsync {{ src_ip }}::root{{ item }}"
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="check ok"
2.2 创建组
cat /search/ansible/roles/adtech/tasks/group.yml
---
- name: create op_biz group
group: name=op_biz system=yes state=present
- name: create hermes group
group: name=hermes system=yes state=present
2.3 创建用户
cat /search/ansible/roles/adtech/tasks/user.yml
---
- name: Create a username and password
user: name={{ item.name }} password={{ item.pass | password_hash('sha512') }} update_password=always group={{ item.group }} home={{ item.home }}
with_items:
- { name: 'op_biz', pass: 'op_biz2020', group: 'op_biz', home: '/search/odin' }
- { name: 'hermes', pass: 'hermes2020', group: 'hermes', home: '/home/hermes' }
- { name: 'adpc', pass: 'adpc2020', group: 'op_biz', home: '/home/adpc' }
- { name: 'adwl', pass: 'adwl2020', group: 'op_biz', home: '/home/adwl' }
- name: rsync passwd file
shell: rsync -aP {{ src_ip }}::root/etc/passwd /tmp
register: passDone
ignore_errors: True
- name: Check the user home directory
shell: awk 'BEGIN{FS=":"}/op_biz/{print $6}' /tmp/passwd
when: passDone.rc == 0
register: userHome
ignore_errors: True
#- name: print variable
# debug: msg="{{ userHome }}"
- name: usermod op_biz
shell: usermod -d {{ userHome.stdout }} op_biz
register: result
failed_when: result.rc != 0
ignore_errors: True
- debug: msg="useradd done"
2.4 监控脚本
cat /search/ansible/roles/adtech/tasks/monitor.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/opt/monitor/ /opt/monitor/"
- name: rsync monitor
shell: rsync -aP {{ src_ip }}::root/opt/monitor/ /opt/monitor/
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.5 cron任务
cat /search/ansible/roles/adtech/tasks/cron.yml
---
- name: Turn off the cron service
service: name=crond state=stopped
- debug: msg="rsync -aP {{ src_ip }}::root/var/spool/cron/ /var/spool/cron/"
- name: rsync cron
shell: rsync -aP {{ src_ip }}::root/var/spool/cron/ /var/spool/cron/
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.6 同步 hadoop 客户端
cat /search/ansible/roles/adtech/tasks/hadoop_client.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/opt/hadoop-client /opt/"
- name: rsync hadoop-client
shell: rsync -aP {{ src_ip }}::root/opt/hadoop-client /opt/
register: result
failed_when: result.rc != 0
- name: insert op_biz slave user
copy: content='slave,slave\n' dest=/search/odin/ugi_config
- name: insert root slave user
copy: content='slave,slave\n' dest=/root/ugi_config
- debug: msg="rsync done"
2.7 同步数据+程序
cat /search/ansible/roles/adtech/tasks/rsync_data.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root{{ item }} {{ item }}"
with_items: "{{ src_path }}"
- name: rsync dir
shell: rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --include='*/' --exclude='*'
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --exclude={{ ext_data }}"
with_items: "{{ src_path }}"
- name: rsync data
shell: rsync -aP {{ src_ip }}::root{{ item }} {{ item }} --exclude={{ ext_data }}
with_items: "{{ src_path }}"
register: result
failed_when: result.rc != 0
- debug: msg="rsync done"
2.8 拉取sysconf配置
cat /search/ansible/roles/adtech/tasks/rsync_sysconf.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/etc/sysctl.conf /etc/"
- name: rsync sysctl.conf
shell: rsync -aP {{ src_ip }}::root/etc/sysctl.conf /etc/
register: result
failed_when: result.rc != 0
- name: reload sysconf
shell: sysctl -p
register: result
failed_when: result.rc != 0
ignore_errors: True #忽略命令执行的错误
- debug: msg="rsync done"
2.9 拉取lib库文件
cat /search/ansible/roles/adtech/tasks/rsync_lib64.yml
---
- debug: msg="rsync -aP {{ src_ip }}::root/usr/lib64/{{ lib_file }} /usr/lib64/"
- name: Whether the biddingServer
shell: /usr/bin/ls /search/odin/bin/lead_server
register: isBidding
ignore_errors: True
#- name: print isBidding
# debug: msg="{{ isBidding }}"
- name: rsync /usr/lib64/{{ lib_file }}
shell: rsync -aP {{ src_ip }}::root/usr/lib64/{{ lib_file }} /usr/lib64/
when: isBidding.rc == 0
register: result
failed_when: result.rc != 0
ignore_errors: True
- debug: msg="rsync done"
3. 入口文件(按顺序执行)
cat /search/ansible/roles/adtech/tasks/main.yml
- include: check.yml
- include: group.yml
- include: user.yml
- include: monitor.yml
- include: cron.yml
- include: hadoop_client.yml
- include: rsync_data.yml
- include: rsync_sysconf.yml
- include: rsync_lib64.yml
4. 变量定义
cat /search/ansible/roles/adtech/vars/main.yml
src_path: ["/search/", "/home/"]
ext_data: "{'log/*','bak/*','*core*','update_data/index/*','update_data/data/*','debug/*','backup/*'}"
lib_file: "{'libcurl*','libhiredis*','libboost_regex*','libboost_thread*','libboost_date*','libboost_filesystem*'}"
pkg_name: ["jemalloc", "htop"]
5. play-book运行
5.1 引入roles
cat /search/ansible/deployment.yml
---
- hosts: "{{ server }}"
remote_user: root
roles:
- role: init # init是免密文件夹名
- role: adtech # adtech是tasks文件夹名
5. 2 一对一同步hosts
cat /etc/ansible/hosts
[bidding]
10.162.39.63 src_ip=10.134.57.126
10.162.42.59 src_ip=10.134.49.40
10.162.38.82 src_ip=10.134.49.41
10.162.39.84 src_ip=10.134.57.86
10.162.42.55 src_ip=10.134.57.34
10.162.42.54 src_ip=10.134.57.35
5.3 执行playbook
cd /search/ansible/roles
ansible-playbook deployment.yml -e 'server=bidding'
版权声明:本文为wysxr原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。