国产在线精品一区二区不卡,国产精品久久久情品,午夜成人国产一区红桃影视

Ansible 自動(dòng)化運(yùn)維入門(mén)：批量部署 Web 服務(wù)器實(shí)戰(zhàn)

引言：為什么每個(gè)運(yùn)維都應(yīng)該掌握 Ansible

還記得那個(gè)凌晨3點(diǎn)被電話叫醒的夜晚嗎？生產(chǎn)環(huán)境的20臺(tái)服務(wù)器需要緊急更新配置，你不得不一臺(tái)一臺(tái)手動(dòng)SSH登錄，重復(fù)執(zhí)行相同的命令。兩個(gè)小時(shí)后，當(dāng)你拖著疲憊的身軀完成任務(wù)時(shí)，心里暗暗發(fā)誓："一定要找個(gè)自動(dòng)化工具！"

如果你有過(guò)類(lèi)似的經(jīng)歷，那么恭喜你，今天這篇文章將徹底改變你的運(yùn)維生涯。我將帶你從零開(kāi)始掌握Ansible，通過(guò)一個(gè)實(shí)際的Web服務(wù)器批量部署項(xiàng)目，讓你體驗(yàn)自動(dòng)化運(yùn)維的魅力。讀完這篇文章，你將能夠：

10分鐘內(nèi)完成50臺(tái)服務(wù)器的Nginx部署

一鍵實(shí)現(xiàn)應(yīng)用的滾動(dòng)更新和回滾

構(gòu)建可復(fù)用的自動(dòng)化部署流程

將重復(fù)性工作時(shí)間縮短90%以上

一、Ansible 是什么？它能解決什么問(wèn)題？

1.1 傳統(tǒng)運(yùn)維的痛點(diǎn)

在深入Ansible之前，讓我們先看看傳統(tǒng)運(yùn)維面臨的挑戰(zhàn)：

場(chǎng)景一：配置漂移問(wèn)題你管理著100臺(tái)服務(wù)器，理論上它們的配置應(yīng)該完全一致。但隨著時(shí)間推移，因?yàn)楦鞣N臨時(shí)修改、緊急補(bǔ)丁，服務(wù)器配置開(kāi)始出現(xiàn)差異。某天一個(gè)看似簡(jiǎn)單的更新，卻因?yàn)榕渲貌灰恢聦?dǎo)致部分服務(wù)器故障。

場(chǎng)景二：規(guī)模化挑戰(zhàn)公司業(yè)務(wù)快速增長(zhǎng)，服務(wù)器數(shù)量從10臺(tái)增長(zhǎng)到100臺(tái)。原本30分鐘能完成的部署任務(wù)，現(xiàn)在需要5個(gè)小時(shí)。而且隨著操作復(fù)雜度增加，人為錯(cuò)誤的概率也在上升。

場(chǎng)景三：知識(shí)傳承困難資深運(yùn)維離職了，留下的只有一堆零散的Shell腳本和簡(jiǎn)單的文檔。新人接手后發(fā)現(xiàn)，每個(gè)腳本的執(zhí)行順序、參數(shù)含義都需要猜測(cè)和試錯(cuò)。

1.2 Ansible 的優(yōu)勢(shì)

Ansible 是一個(gè)開(kāi)源的IT自動(dòng)化工具，它通過(guò)簡(jiǎn)單的YAML語(yǔ)法描述系統(tǒng)配置，實(shí)現(xiàn)：

無(wú)代理架構(gòu)（Agentless）：不需要在被管理節(jié)點(diǎn)安裝任何客戶(hù)端，通過(guò)SSH即可管理

聲明式配置：描述"想要達(dá)到的狀態(tài)"，而不是"如何達(dá)到"

冪等性保證：多次執(zhí)行產(chǎn)生相同結(jié)果，避免重復(fù)操作帶來(lái)的問(wèn)題

易學(xué)易用：YAML語(yǔ)法簡(jiǎn)單直觀，降低學(xué)習(xí)門(mén)檻

強(qiáng)大的模塊庫(kù)：3000+內(nèi)置模塊，覆蓋各種運(yùn)維場(chǎng)景

二、快速上手：15分鐘搭建 Ansible 環(huán)境

2.1 環(huán)境準(zhǔn)備

我們將搭建一個(gè)實(shí)驗(yàn)環(huán)境，包含1臺(tái)控制節(jié)點(diǎn)和3臺(tái)被管理節(jié)點(diǎn)：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# 控制節(jié)點(diǎn)（安裝Ansible的機(jī)器）
control-node:192.168.1.10


# 被管理節(jié)點(diǎn)（目標(biāo)服務(wù)器）
web-01:192.168.1.11
web-02:192.168.1.12
web-03:192.168.1.13

2.2 安裝 Ansible

在控制節(jié)點(diǎn)上執(zhí)行：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# CentOS/RHEL 系統(tǒng)
sudoyum install -y epel-release
sudoyum install -y ansible


# Ubuntu/Debian 系統(tǒng)
sudoapt update
sudoapt install -y ansible


# 使用 pip 安裝（推薦，獲取最新版本）
sudopip3 install ansible


# 驗(yàn)證安裝
ansible--version

2.3 配置 SSH 免密登錄

自動(dòng)化的前提是控制節(jié)點(diǎn)能夠無(wú)密碼訪問(wèn)被管理節(jié)點(diǎn)：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# 生成SSH密鑰對(duì)（如果還沒(méi)有）
ssh-keygen -t rsa -b2048


# 將公鑰復(fù)制到所有被管理節(jié)點(diǎn)
forip in192.168.1.11192.168.1.12192.168.1.13; do
 ssh-copy-id -i ~/.ssh/id_rsa.pub root@$ip
done


# 測(cè)試連接
sshroot@192.168.1.11'hostname'

2.4 創(chuàng)建 Inventory 文件

Inventory文件定義了Ansible要管理的主機(jī)清單：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# 創(chuàng)建 inventory.ini 文件
[webservers]
web-01 ansible_host=192.168.1.11
web-02 ansible_host=192.168.1.12
web-03 ansible_host=192.168.1.13


[webservers:vars]
ansible_user=root
ansible_python_interpreter=/usr/bin/python3


[all:vars]
ansible_connection=ssh

測(cè)試連接所有主機(jī)：

ounter(line
ansible -iinventory.iniall-m ping

如果看到所有主機(jī)返回 "pong"，恭喜你，環(huán)境搭建成功！

三、實(shí)戰(zhàn)項(xiàng)目：批量部署 Nginx Web 服務(wù)器

現(xiàn)在讓我們通過(guò)一個(gè)實(shí)際項(xiàng)目，深入理解Ansible的強(qiáng)大功能。我們將實(shí)現(xiàn)：

批量安裝Nginx

部署自定義配置

部署靜態(tài)網(wǎng)站

實(shí)現(xiàn)滾動(dòng)更新

3.1 項(xiàng)目結(jié)構(gòu)設(shè)計(jì)

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
nginx-deployment/
├── inventory.ini     # 主機(jī)清單
├── ansible.cfg      # Ansible配置文件
├── site.yml       # 主Playbook
├── roles/        # 角色目錄
│  └── nginx/
│    ├── tasks/   # 任務(wù)定義
│    │  └── main.yml
│    ├── templates/  # 模板文件
│    │  ├── nginx.conf.j2
│    │  └── index.html.j2
│    ├── handlers/  # 觸發(fā)器
│    │  └── main.yml
│    └──vars/    # 變量定義
│      └── main.yml
└── group_vars/     # 組變量
  └── webservers.yml

3.2 編寫(xiě) Playbook

創(chuàng)建主Playbooksite.yml：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
---
-name: Deploy Nginx Web Servers
 hosts: webservers
 become: yes
 gather_facts: yes


 vars:
 nginx_port:80
 nginx_worker_processes:"{{ ansible_processor_vcpus }}"
 nginx_worker_connections:1024
 website_title:"Ansible自動(dòng)化部署演示"


 tasks:
  -name: 更新系統(tǒng)包緩存
  apt:
   update_cache: yes
  when: ansible_os_family =="Debian"


  -name: 安裝Nginx
  package:
   name: nginx
   state: present


  -name: 創(chuàng)建網(wǎng)站目錄
  file:
   path: /var/www/html
   state: directory
   mode:'0755'


  -name: 部署Nginx配置文件
  template:
   src: nginx.conf.j2
   dest: /etc/nginx/nginx.conf
   backup: yes
  notify: restart nginx


  -name: 部署網(wǎng)站首頁(yè)
  template:
   src: index.html.j2
   dest: /var/www/html/index.html
   mode:'0644'


  -name: 確保Nginx服務(wù)運(yùn)行
  service:
   name: nginx
   state: started
   enabled: yes


  -name: 等待端口就緒
  wait_for:
   port:"{{ nginx_port }}"
   host:"{{ ansible_default_ipv4.address }}"
   delay:5
   timeout:30


 handlers:
  -name: restart nginx
  service:
   name: nginx
   state: restarted

3.3 創(chuàng)建配置模板

創(chuàng)建templates/nginx.conf.j2：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
user www-data;
worker_processes {{ nginx_worker_processes }};
pid /run/nginx.pid;


events {
  worker_connections {{ nginx_worker_connections }};
  multi_accept on;
  use epoll;
}


http {
 # 基礎(chǔ)配置
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;


 # 日志配置
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;


 # Gzip壓縮
  gzip on;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_types text/plain text/css text/xml application/json application/javascript;


 # 虛擬主機(jī)配置
  server {
    listen {{ nginx_port }} default_server;
    listen [::]:{{ nginx_port }} default_server;


    root /var/www/html;
    index index.html index.htm;


    server_name {{ ansible_hostname }}.example.com;


    location / {
      try_files$uri$uri/ =404;
    }


   # 健康檢查端點(diǎn)
    location /health {
      access_log off;
     return200"healthy
";
      add_header Content-Type text/plain;
    }
  }
}

創(chuàng)建templates/index.html.j2：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line



 
 
 {{ website_title }}
 


 
    {{ website_title }}
   恭喜！您已成功使用 Ansible 部署了這個(gè)頁(yè)面
   
     服務(wù)器名稱(chēng):{{ ansible_hostname }}
     IP地址:{{ ansible_default_ipv4.address }}
     操作系統(tǒng):{{ ansible_distribution }} {{ ansible_distribution_version }}
     部署時(shí)間:{{ ansible_date_time.iso8601 }}

3.4 執(zhí)行部署

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# 語(yǔ)法檢查
ansible-playbook -iinventory.inisite.yml--syntax-check


# 模擬執(zhí)行（Dry Run）
ansible-playbook -iinventory.inisite.yml--check


# 正式部署
ansible-playbook -iinventory.inisite.yml


# 查看詳細(xì)輸出
ansible-playbook -iinventory.inisite.yml-vvv

四、進(jìn)階技巧：讓你的自動(dòng)化更強(qiáng)大

4.1 滾動(dòng)更新策略

在生產(chǎn)環(huán)境中，我們需要確保服務(wù)的持續(xù)可用性。Ansible支持滾動(dòng)更新：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
---
-name: 滾動(dòng)更新Web服務(wù)器
 hosts: webservers
 become: yes
 serial:1 # 每次更新1臺(tái)服務(wù)器
 max_fail_percentage:30 # 允許30%的失敗率


 pre_tasks:
  -name: 從負(fù)載均衡器移除
  uri:
   url:"http://lb.example.com/api/remove"
   method: POST
   body_format: json
   body:
    server:"{{ ansible_hostname }}"
  delegate_to: localhost


 tasks:
  -name: 更新應(yīng)用代碼
  git:
   repo:https://github.com/yourapp/webapp.git
   dest: /var/www/html
   version:"{{ app_version | default('master') }}"


  -name: 重啟服務(wù)
  service:
   name: nginx
   state: restarted


 post_tasks:
  -name: 健康檢查
  uri:
   url:"http://{{ ansible_default_ipv4.address }}/health"
   status_code:200
  retries:5
  delay:10


  -name: 重新加入負(fù)載均衡器
  uri:
   url:"http://lb.example.com/api/add"
   method: POST
   body_format: json
   body:
    server:"{{ ansible_hostname }}"
  delegate_to: localhost

4.2 使用 Ansible Vault 保護(hù)敏感信息

生產(chǎn)環(huán)境中，密碼和密鑰需要加密存儲(chǔ)：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# 創(chuàng)建加密文件
ansible-vault create secrets.yml


# 編輯加密文件
ansible-vault edit secrets.yml


# 在secrets.yml中添加：
db_password:"SuperSecret123!"
api_key:"sk-1234567890abcdef"


# 使用加密變量運(yùn)行playbook
ansible-playbook -i inventory.ini site.yml --ask-vault-pass

4.3 動(dòng)態(tài) Inventory

當(dāng)服務(wù)器數(shù)量眾多或經(jīng)常變化時(shí)，可以使用動(dòng)態(tài)Inventory：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
#!/usr/bin/env python3
# dynamic_inventory.py


importjson
importboto3


defget_inventory():
  ec2 = boto3.client('ec2', region_name='us-west-2')


  response = ec2.describe_instances(
    Filters=[
      {'Name':'tag:Environment','Values': ['production']},
      {'Name':'instance-state-name','Values': ['running']}
    ]
  )


  inventory = {
   'webservers': {
     'hosts': [],
     'vars': {
       'ansible_user':'ubuntu',
       'ansible_ssh_private_key_file':'~/.ssh/aws-key.pem'
      }
    }
  }


 forreservationinresponse['Reservations']:
   forinstanceinreservation['Instances']:
      inventory['webservers']['hosts'].append(instance['PublicIpAddress'])


 returninventory


if__name__ =='__main__':
 print(json.dumps(get_inventory()))

4.4 性能優(yōu)化技巧

當(dāng)管理大規(guī)模基礎(chǔ)設(shè)施時(shí)，性能優(yōu)化至關(guān)重要：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
# ansible.cfg
[defaults]
host_key_checking = False
gathering = smart
fact_caching = jsonfile
fact_caching_connection = /tmp/ansible_cache
fact_caching_timeout = 86400
pipelining = True
forks = 50


[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
control_path = /tmp/ansible-%%h-%%p-%%r

五、實(shí)戰(zhàn)案例：構(gòu)建完整的 CI/CD 流程

讓我們通過(guò)一個(gè)完整的案例，展示如何將Ansible集成到CI/CD流程中：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
---
# deploy_pipeline.yml
-name: 完整的部署流程
 hosts: webservers
 become: yes


 vars:
 app_name: mywebapp
 app_version:"{{ lookup('env', 'BUILD_NUMBER') | default('latest') }}"
 deploy_user: webapp
 deploy_dir: /opt/{{ app_name }}
 backup_dir: /opt/backups/{{ app_name }}


 tasks:
  -name: 創(chuàng)建部署用戶(hù)
  user:
   name:"{{ deploy_user }}"
   shell: /bin/bash
   groups: www-data
   append: yes


  -name: 創(chuàng)建必要的目錄
  file:
   path:"{{ item }}"
   state: directory
   owner:"{{ deploy_user }}"
   group:"{{ deploy_user }}"
   mode:'0755'
  loop:
    -"{{ deploy_dir }}"
    -"{{ backup_dir }}"
    - /var/log/{{ app_name }}


  -name: 備份當(dāng)前版本
  archive:
   path:"{{ deploy_dir }}"
   dest:"{{ backup_dir }}/backup-{{ ansible_date_time.epoch }}.tar.gz"
  when: deploy_dir is directory


  -name: 拉取最新代碼
  git:
   repo:"https://github.com/company/{{ app_name }}.git"
   dest:"{{ deploy_dir }}"
   version:"{{ app_version }}"
   force: yes
  become_user:"{{ deploy_user }}"


  -name: 安裝應(yīng)用依賴(lài)
  pip:
   requirements:"{{ deploy_dir }}/requirements.txt"
   virtualenv:"{{ deploy_dir }}/venv"
   virtualenv_python: python3
  become_user:"{{ deploy_user }}"


  -name: 運(yùn)行數(shù)據(jù)庫(kù)遷移
  command: |
    {{ deploy_dir }}/venv/bin/python manage.py migrate
  args:
   chdir:"{{ deploy_dir }}"
  become_user:"{{ deploy_user }}"
  run_once:true


  -name: 收集靜態(tài)文件
  command: |
    {{ deploy_dir }}/venv/bin/python manage.py collectstatic --noinput
  args:
   chdir:"{{ deploy_dir }}"
  become_user:"{{ deploy_user }}"


  -name: 配置Systemd服務(wù)
  template:
   src: app.service.j2
   dest: /etc/systemd/system/{{ app_name }}.service
  notify:
    - reload systemd
    - restart app


  -name: 配置Nginx反向代理
  template:
   src: nginx_app.conf.j2
   dest: /etc/nginx/sites-available/{{ app_name }}
  notify: reload nginx


  -name: 啟用站點(diǎn)
  file:
   src: /etc/nginx/sites-available/{{ app_name }}
   dest: /etc/nginx/sites-enabled/{{ app_name }}
   state: link
  notify: reload nginx


  -name: 運(yùn)行冒煙測(cè)試
  uri:
   url:"http://localhost/api/health"
   status_code:200
  retries:5
  delay:10


 handlers:
  -name: reload systemd
  systemd:
   daemon_reload: yes


  -name: restart app
  systemd:
   name:"{{ app_name }}"
   state: restarted
   enabled: yes


  -name: reload nginx
  service:
   name: nginx
   state: reloaded

六、監(jiān)控與日志：確保自動(dòng)化的可觀測(cè)性

自動(dòng)化不是"一勞永逸"，我們需要持續(xù)監(jiān)控：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
---
# monitoring.yml
-name: 配置監(jiān)控和日志收集
 hosts: webservers
 become: yes


 tasks:
  -name: 安裝監(jiān)控代理
  package:
   name:
     - prometheus-node-exporter
     - filebeat
   state: present


  -name: 配置Prometheus Node Exporter
  lineinfile:
   path: /etc/default/prometheus-node-exporter
   regexp:'^ARGS='
   line:'ARGS="--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/)"'
  notify: restart node-exporter


  -name: 配置Filebeat
  template:
   src: filebeat.yml.j2
   dest: /etc/filebeat/filebeat.yml
   mode:'0600'
  notify: restart filebeat


  -name: 配置自定義指標(biāo)收集腳本
  copy:
   content: |
     #!/bin/bash
     # 收集應(yīng)用自定義指標(biāo)
    echo"app_requests_total $(curl -s localhost/metrics | grep requests_total | awk '{print$2}')"
    echo"app_errors_total $(grep ERROR /var/log/{{ app_name }}/app.log | wc -l)"
    echo"app_response_time_seconds $(tail -n 100 /var/log/nginx/access.log | awk '{sum+=$10} END {print sum/NR}')"
   dest: /usr/local/bin/collect_metrics.sh
   mode:'0755'


  -name: 添加指標(biāo)收集定時(shí)任務(wù)
  cron:
   name:"收集應(yīng)用指標(biāo)"
   minute:"*/5"
   job:"/usr/local/bin/collect_metrics.sh > /var/lib/node_exporter/textfile_collector/app_metrics.prom"


 handlers:
  -name: restart node-exporter
  service:
   name: prometheus-node-exporter
   state: restarted


  -name: restart filebeat
  service:
   name: filebeat
   state: restarted

七、故障恢復(fù)：當(dāng)事情出錯(cuò)時(shí)

即使是最完善的自動(dòng)化，也可能出現(xiàn)問(wèn)題。讓我們準(zhǔn)備一個(gè)快速回滾方案：

ounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(lineounter(line
---
# rollback.yml
-name: 緊急回滾程序
 hosts: webservers
 become: yes
 serial:1


 vars_prompt:
  -name: confirm_rollback
  prompt:"確認(rèn)要回滾到上一個(gè)版本嗎？(yes/no)"
  private: no


 tasks:
  -name: 驗(yàn)證確認(rèn)
  fail:
   msg:"回滾操作已取消"
  when: confirm_rollback !="yes"


  -name: 查找最新的備份
  find:
   paths:"{{ backup_dir }}"
   patterns:"backup-*.tar.gz"
  register: backup_files


  -name: 確保有可用備份
  fail:
   msg:"沒(méi)有找到可用的備份文件"
  when: backup_files.files | length ==0


  -name: 獲取最新備份
  set_fact:
   latest_backup:"{{ (backup_files.files | sort(attribute='mtime') | last).path }}"


  -name: 停止應(yīng)用服務(wù)
  systemd:
   name:"{{ app_name }}"
   state: stopped


  -name: 清理當(dāng)前版本
  file:
   path:"{{ deploy_dir }}"
   state: absent


  -name: 恢復(fù)備份
  unarchive:
   src:"{{ latest_backup }}"
   dest: /opt/
   remote_src: yes


  -name: 啟動(dòng)應(yīng)用服務(wù)
  systemd:
   name:"{{ app_name }}"
   state: started


  -name: 驗(yàn)證服務(wù)狀態(tài)
  uri:
   url:"http://localhost/api/health"
   status_code:200
  retries:3
  delay:5


  -name: 發(fā)送回滾通知
  mail:
   to: ops-team@example.com
   subject:"緊急回滾完成 - {{ ansible_hostname }}"
   body:"服務(wù)器 {{ ansible_hostname }} 已成功回滾到備份版本：{{ latest_backup }}"
  delegate_to: localhost

總結(jié)：從手動(dòng)到自動(dòng)的蛻變

通過(guò)這篇文章，我們一起經(jīng)歷了從傳統(tǒng)手動(dòng)運(yùn)維到Ansible自動(dòng)化的完整旅程。讓我們回顧一下關(guān)鍵收獲：

效率提升：原本需要數(shù)小時(shí)的部署任務(wù)，現(xiàn)在只需要幾分鐘

一致性保證：通過(guò)代碼化的配置管理，消除了環(huán)境差異

可追溯性：每次變更都有記錄，便于審計(jì)和問(wèn)題排查

知識(shí)沉淀：運(yùn)維經(jīng)驗(yàn)轉(zhuǎn)化為可復(fù)用的Playbook

降低風(fēng)險(xiǎn)：自動(dòng)化減少人為錯(cuò)誤，回滾機(jī)制保障業(yè)務(wù)連續(xù)性

但這僅僅是開(kāi)始。Ansible的生態(tài)系統(tǒng)遠(yuǎn)比我們今天探索的要豐富：

Ansible Tower/AWX 提供企業(yè)級(jí)的管理界面

Ansible Galaxy 社區(qū)分享了數(shù)千個(gè)現(xiàn)成的角色

與Kubernetes、Docker、云平臺(tái)的深度集成

網(wǎng)絡(luò)設(shè)備、數(shù)據(jù)庫(kù)、中間件的自動(dòng)化配置

下一步行動(dòng)建議

立即實(shí)踐：選擇一個(gè)簡(jiǎn)單的重復(fù)性任務(wù)，嘗試用Ansible自動(dòng)化

逐步推廣：從開(kāi)發(fā)環(huán)境開(kāi)始，逐步擴(kuò)展到生產(chǎn)環(huán)境

持續(xù)學(xué)習(xí)：關(guān)注Ansible官方文檔和社區(qū)最佳實(shí)踐

分享交流：將你的自動(dòng)化經(jīng)驗(yàn)分享給團(tuán)隊(duì)，共同成長(zhǎng)

記住，自動(dòng)化不是目的，而是讓我們能夠?qū)Ｗ⒂诟袃r(jià)值工作的手段。當(dāng)你不再被重復(fù)性任務(wù)束縛，你就有更多時(shí)間去思考架構(gòu)優(yōu)化、性能調(diào)優(yōu)、安全加固這些真正體現(xiàn)運(yùn)維價(jià)值的工作。

如果這篇文章對(duì)你有幫助，歡迎關(guān)注我的技術(shù)博客，我會(huì)持續(xù)分享更多運(yùn)維實(shí)戰(zhàn)經(jīng)驗(yàn)。下一篇，我們將探討"Kubernetes + Ansible：打造云原生時(shí)代的自動(dòng)化運(yùn)維體系"，敬請(qǐng)期待！

互動(dòng)話題：你在實(shí)施自動(dòng)化運(yùn)維過(guò)程中遇到過(guò)哪些挑戰(zhàn)？歡迎在評(píng)論區(qū)分享你的經(jīng)驗(yàn)和困惑，讓我們一起探討解決方案。

聲明：本文內(nèi)容及配圖由入駐作者撰寫(xiě)或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人，不代表電子發(fā)燒友網(wǎng)立場(chǎng)。文章及其配圖僅供工程師學(xué)習(xí)之用，如有內(nèi)容侵權(quán)或者其他違規(guī)問(wèn)題，請(qǐng)聯(lián)系本站處理。舉報(bào)投訴

Web

Web

+關(guān)注

關(guān)注
2

文章
1304

瀏覽量
74457
服務(wù)器

服務(wù)器

+關(guān)注

關(guān)注
14

文章
10251

瀏覽量
91480
開(kāi)源

開(kāi)源

+關(guān)注

關(guān)注
3

文章
4203

瀏覽量
46126

原文標(biāo)題：Ansible 自動(dòng)化運(yùn)維入門(mén)：批量部署 Web 服務(wù)器實(shí)戰(zhàn)

文章出處：【微信號(hào)：magedu-Linux，微信公眾號(hào)：馬哥Linux運(yùn)維】歡迎添加關(guān)注！文章轉(zhuǎn)載請(qǐng)注明出處。

搜索歷史

使用Ansible批量部署Web服務(wù)器實(shí)戰(zhàn)

{{ website_title }}

評(píng)論