角色功能說明:
- 該角色實現對客戶端主機的業務賬號web_pro部署以及tomcat項目的部署
角色部署:
- 創建目錄結構,創建軟連接,關聯默認變量文件
WorkDir=~/devops/ansible/os_init && cd ${WorkDir}
RoleName=web_pro
mkdir -pv roles/${RoleName}/{defaults,files,handlers,meta,tasks,templates,vars}
ln -s ${WorkDir}/defaults_var.yml roles/${RoleName}/defaults/main.yml
- 創建tomcat自動拉起腳本
cat>roles/${RoleName}/files/checktomcat.sh<<\EOF
#!/bin/bash
source /etc/profile
# 工作目錄
CPWD=$(dirname ${0})
# 配置表單
CHKLIST=${CPWD}/checktomcat.lst
# 超時對比文件
TIMESTANDARD=${CPWD}/checktomcat.tsd
# 自動拉起行爲日誌
CHECKLOG=${CPWD}/checktomcat_log.txt
# 腳本運行日誌
RUNLOG=${CPWD}/checktomcat_run_$(date +%F).log
echo "$(date +%F.%T) Check file ${CHKLIST}">>${RUNLOG}
# 處理過程:
while read line
do
if [ "${line:0:1}" == "#" -o "${line}" == "" ]
then
continue
# 如果配置表單爲註釋行或者空行,則忽略
fi
# 標誌性項目名:BIN目錄:統計進程數項目名:啓動命令:監控日誌:日誌超時時間
# 標誌性項目名 便於人工識別項目
# 統計進程數項目名 唯一定義該項目的進程 不能有歧義
VNAME=$(echo ${line}|awk -F ':' '{print $1}')
VWORKDIR=$(echo ${line}|awk -F ':' '{print $2}')
VPROC=$(echo ${line}|awk -F ':' '{print $3}')
VSTART=$(echo ${line}|awk -F ':' '{print $4}')
VLOG=$(echo ${line}|awk -F ':' '{print $5}')
VTIME=$(echo ${line}|awk -F ':' '{print $6}')
# 如果配置表單該行BIN目錄不存在,則打日誌並忽略該行處理
if [ -d "${VWORKDIR}" ]
then
cd "${VWORKDIR}"
else
echo "$(date +%F.%T) WARNNING ${VWORKDIR} is not exists, check ${VNAME} is skip...">>$CHECKLOG
continue
fi
# 當前該項目的進程數量
PROCCOUNTS=$(ps -ef|grep "${VPROC}"|grep java|grep -v "grep"|wc -l)
# 注意:${VPROC}必須能夠唯一標識該項目的進程
# 如果當前該項目的進程數量爲0,則拉起該項目
if [ "${PROCCOUNTS}" == "0" ]
then
echo ${VNAME} not running, restarted.>>${CHECKLOG}
echo "$(date +%F.%T) ${VNAME} not running">>${CHECKLOG}
echo "$(date +%F.%T) ${VSTART}">>${CHECKLOG}
${VSTART} &
continue
fi
# 日誌超時檢測
if [ "${VTIME}" != "0" ]
then
# 刷新對比文件的時間戳
touch -t $(date -d "-${VTIME} second" +"%Y%m%d%H%M.%S") ${TIMESTANDARD}
# 對比日誌是否比對比文件時間戳新
LOGFILECOUNTS=$(find ${VLOG} -newer ${TIMESTANDARD}|wc -l)
if [ "${LOGFILECOUNTS}" == "0" ]
then
echo "${VLOG} is not exists or is expired ${VTIME} second.">>${CHECKLOG}
echo "$(date +"%F.%T") ${VNAME} logfile is expired ${VTIME} second">>${CHECKLOG}
echo "$(date +"%F.%T") ${VSTART}">>${CHECKLOG}
touch ${VLOG}
for i in $(ps -ef|grep "${VPROC}"|grep java|grep -v "grep"|awk '{print $2}')
do
kill -9 ${i}
done
# 殺掉該項目的所有進程
${VSTART} &
continue
fi
fi
done<${CHKLIST}
cd ${CPWD}
EOF
- 創建項目部署腳本
cat >roles/${RoleName}/files/pro_deploy.sh<<\EOF
#!/bin/bash
source ~/.bash_profile
# JAVA環境目錄
JAVA_ENV=/usr/local/java
# TOMCAT模板目錄
TOMCAT_ENV=/usr/local/tomcat
# 實例目錄
IPWD=/web
# 工作目錄
CPWD=$(dirname ${0})
# 配置表單
CHKLIST=${CPWD}/checktomcat.lst
# 執行幫助
if [ "$#" -ne 6 ]
then
echo $"Usage: bash $(basename $0) -n PRO_NAME -j JAVA_VERSION -t TOMCAT_VERSION"
echo $"Example: bash $(basename $0) -n vincent_test -j java_1.6 -t tomcat6"
echo $"JAVA_VERSION can be java_1.6/java_1.7/java_1.8"
echo $"TOMCAT_VERSION can be tomcat6/tomcat7/tomcat8"
exit 1
fi
while [ "$#" -gt 0 ]
do
case "${1}" in
-n)
shift
typeset -l PRO_NAME="${1}"
shift
;;
-j)
shift
typeset -l JAVA_VERSION="${1}"
shift
;;
-t)
shift
typeset -l TOMCAT_VERSION="${1}"
shift
;;
esac
done
# 端口偏移
PORT_OFFSET=$(awk -F':' '{if($NF~/[0-9]+/) print $NF}' ${CHKLIST}|wc -l)
# 實例名稱
TOMCAT_NAME=${TOMCAT_VERSION}_$((8080+$PORT_OFFSET))_${PRO_NAME}
# 實例複製
cp -a ${TOMCAT_ENV}/${TOMCAT_VERSION}/ ${IPWD}/${TOMCAT_NAME}
# 配置文件修改
sed -i "s|#!/bin/sh|&\nsource ${JAVA_ENV}/${JAVA_VERSION}_env|g" ${IPWD}/${TOMCAT_NAME}/bin/catalina.sh
sed -i "s/tomcat/${TOMCAT_NAME}/g" ${IPWD}/${TOMCAT_NAME}/bin/cat.sh
sed -i "s/18080/$((18080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/8080/$((8080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/9443/$((9443+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s/28080/$((28080+$PORT_OFFSET))/g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s|/web/project/tomcat|/web/project/${TOMCAT_NAME}|g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
sed -i "s|/web/logs/access/tomcat|/web/logs/access/${TOMCAT_NAME}|g" ${IPWD}/${TOMCAT_NAME}/conf/server.xml
# 配置表單添加
echo "${PRO_NAME}:${IPWD}/${TOMCAT_NAME}/bin:${TOMCAT_NAME}:./startup.sh:CHECK_LOG:0:${PORT_OFFSET}">>${CHKLIST}
# 添加日誌日切任務
crontab -l>/tmp/web_pro_crontab.txt
echo "# ${TOMCAT_NAME} HOURLY LOG ARCHIVE" >>/tmp/web_pro_crontab.txt
echo "0 * * * * /bin/bash /web/${TOMCAT_NAME}/bin/cat.sh">>/tmp/web_pro_crontab.txt
cat /tmp/web_pro_crontab.txt |crontab
rm -rf /tmp/web_pro_crontab.txt
# 生成測試頁面:
mkdir -p /web/project/${TOMCAT_NAME}/ROOT
echo "$(hostname -i):${TOMCAT_NAME}">>/web/project/${TOMCAT_NAME}/ROOT/index.html
echo "curl http://$(hostname -i):$((8080+$PORT_OFFSET))/index.html"
EOF
- 創建tomcat版本升級腳本
cat >roles/${RoleName}/files/pro_update.sh<<\EOF
#!/bin/bash
source /etc/profile
TOMCAT_ENV=/usr/local/tomcat
IPWD=/web
for FULLPATH in $(find ${IPWD} -maxdepth 1 -type d -name "tomcat*_808*_*")
do
TOMCAT_NAME=$(basename ${FULLPATH})
TOMCAT_VERSION=$(echo ${TOMCAT_NAME}|awk -F'_' '{print $1}')
# 同步相應版本的tomcat的bin目錄、conf目錄和lib目錄,忽略文件catalina.sh、cat.sh和server.xml的同步
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/bin -type f ! -name "catalina.sh" -a ! -name "cat.sh" -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/bin \;
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/conf -type f ! -name "server.xml" -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/conf \;
find ${TOMCAT_ENV}/${TOMCAT_VERSION}/lib -type f -exec cp -av {} ${IPWD}/${TOMCAT_NAME}/lib \;
done
EOF
- 創建角色任務
cat >roles/${RoleName}/tasks/main.yml<<EOF
---
- name: "預先生成web_pro密碼密值"
shell:
python -c 'import crypt,getpass;pw="web_pro";print(crypt.crypt(pw))'
register: web_pro_pass
- name: "創建web_pro業務用戶"
user:
name: web_pro
createhome: yes
password: "{{ web_pro_pass.stdout }}"
update_password: on_create
- name: "分發ssh公鑰到web_pro用戶"
authorized_key:
user: web_pro
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
- name: "設置web_pro系統資源限制"
lineinfile:
path: /etc/security/limits.conf
line: "web_pro soft nproc 2047\nweb_pro hard nproc 16384\nweb_pro soft nofile 1024\nweb_pro hard nofile 65536\nweb_pro soft stack 10240\nweb_pro hard stack 32768\n"
- name: "創建業務根目錄"
file:
path: "/web/{{ item }}"
state: directory
recurse: yes
owner: web_pro
group: web_pro
mode: 0750
with_items:
- profile
- project
- logs
- checkTOMCAT
- name: "同步自動拉起腳本"
copy:
src: checktomcat.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "創建表單文件"
copy:
content: "# TOMCAT_NAME:BIN_PATH:PROCESS_NAME:START_SCRIPT:CHECK_LOG:LOG_TIMEOUT:PORT_OFFSET\n"
dest: /web/checkTOMCAT/checktomcat.lst
owner: web_pro
group: web_pro
mode: 0644
force: no
- name: "設置自動拉起任務1"
cron:
user: web_pro
name: "Check TOMCAT Process1"
job: "/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務2"
cron:
user: web_pro
name: "Check TOMCAT Process2"
job: "sleep 10;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務3"
cron:
user: web_pro
name: "Check TOMCAT Process3"
job: "sleep 20;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務4"
cron:
user: web_pro
name: "Check TOMCAT Process4"
job: "sleep 30;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務5"
cron:
user: web_pro
name: "Check TOMCAT Process5"
job: "sleep 40;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務6"
cron:
user: web_pro
name: "Check TOMCAT Process6"
job: "sleep 50;/bin/bash /web/checkTOMCAT/checktomcat.sh> /dev/null 2>&1"
minute: "*/1"
- name: "設置自動拉起任務運行日誌清理"
cron:
user: web_pro
name: "Check TOMCAT Process Log clear"
job: '/usr/bin/find /web/checkTOMCAT/checktomcat_run_*.log -type f -mtime +10 -exec rm -rf {} \;'
minute: "0"
hour: "3"
- name: "同步項目部署腳本"
copy:
src: pro_deploy.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "同步項目升級腳本"
copy:
src: pro_update.sh
dest: /web/checkTOMCAT
owner: web_pro
group: web_pro
mode: 0644
- name: "部署項目並生成項目配置文件"
shell:
su - web_pro -c "/bin/bash /web/checkTOMCAT/pro_deploy.sh -n {{ sub_pro }} -j {{ java_version }} -t {{ tomcat_version }} && \
echo '{{ ansible_ssh_host }} {{ gitlib_url }} {{ project }} {{ sub_pro }} {{ java_version }} {{ tomcat_version }} 8080'>/web/checkTOMCAT/pro_mark"
args:
creates: /web/checkTOMCAT/pro_mark
warn: false
- name: "將項目配置文件拉取到服務端"
fetch:
src: /web/checkTOMCAT/pro_mark
dest: "{{pro_mark}}/pro_mark-{{ansible_ssh_host}}"
flat: yes
EOF
- 創建任務playbook並執行
cat >os-init-9-${RoleName}.yml<<EOF
---
- hosts: all
remote_user: sudoler
gather_facts: true
become: yes
become_user: root
become_method: su
roles:
- ${RoleName}
EOF
ansible-playbook -i inventory/hosts os-init-9-${RoleName}.yml
注意事項:
-
如果要進行java包的升級,則:
-
- 1,將高版本的包上傳到文件共享服務器
-
- 2,修改 defaults_var.yml 中相應信息
-
- 3,下載包到部署主機 ansible-playbook -i inventory/hosts os-init-1-*.yml
-
- 4,重新執行java角色,完成升級 ansible-playbook -i inventory/hosts os-init-7-*.yml
-
- 5,這個升級可以是降級
-
如果要進行tomcat包的升級,則:
-
- 1,將高版本的包上傳到文件共享服務器
-
- 2,修改 defaults_var.yml 中相應信息
-
- 3,下載包到部署主機 ansible-playbook -i inventory/hosts os-init-1-*.yml
-
- 4,重新執行tomcat角色,完成升級 ansible-playbook -i inventory/hosts os-init-8-*.yml
-
- 5,這個升級可以是降級
-
如果要進行項目升級,則:
-
- 1,如果java版本進行了升級,則重啓項目即可完成升級
-
- 2,如果tomcat版本進行了升級,則使用業務賬號 web_pro 執行升級腳本,並重啓項目即可:
-
su - web_pro
-
bash /web/checkTOMCAT/pro_update.sh
-
ps -ef|grep java|grep tomcat|awk '{print $2}'|xargs kill -9
-
如果要在一個主機上部署多個項目,則:
-
su - web_pro
-
bash /web/checkTOMCAT/pro_update.sh -n ... -j ... -t ...
[TOC]