五月学习之Ansible delegate

1、Ansible delegate

1.1、什么是Task委派

简单来说，就是本来需要在当前被控制端主机执行的操作，被委派给其他主机执行

1.2、TASK委派场景实践

场景说明
1、为172.16.1.7服务器添加一条hosts记录：1.1.1.1 qingchen.com
2、同时要把这个hosts记录写一份至172.16.1.5节点
3、除此任务之外172.16.1.7的其他任务都不会委派给172.16.1.5执行

1、使用delegate_to关键字实现task委派
- hosts: 172.16.1.7
  tasks:
    - name: Add WebServers DNS
	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
	  - name: delegate_to Host 172.16.1.5
	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
	    delegate_to: 172.16.1.5
	  - name: Add WebServers DNS
	    shell: "echo 2.2.2.2 qingchen2.com >> /etc/hosts "
	  
2、如果该任务要对ansible控制节点执行怎么办？可以委派127.0.0.1或者使用local_action来实现
- hosts: 172.16.1.7
  tasks:
    - name: Add WebServers DNS
	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
	  - name: delegate_to Host 172.16.1.5
	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
	    delegate_to: 172.16.1.5
	  - name: Add WebServers DNS
	    shell: "echo 2.2.2.2 qingchen2.com >> /etc/hosts "
#	  - name: delegate_to Host 127.0.0.1
#	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
#	    deledate_to: 127.0.0.1
#	    delegate_facts: True #收集被委托机器的facts
    - name: local_action Host 127.0.0.1
	    shell: "echo 1.1.1.1 qingchen.com >> /etc/hosts "
	    connection: local

1.3、TASK委派场景实践2

#创建普通用户管理ansible
- hosts: webservers
  vars:
    - user_name: qingchen_demo
  tasks:
    - name: Create Manager qingchen_demo
	    user:
	      name: "{{ user_name }}"
    		generate_ssh_key: yes
    		ssh_key_bits: 2048
    		ssh_key_file: .ssh/id_rsa
    	register: user_message
    	deledate_to: localhost
    	run_once: true
    	  
    - name: 打印管理用户的key结果
    	debug:
    	  msg: "{{ user_message.ssh_public_key }}"
    		
    - name: 在被控端上创建用户
      user:
        name: "{{ user_name }}"
    - name: 在被控端上创建用户.ssh目录
      file:
        path: /home/{{ user_name }}/.ssh
   	    state: directory
   	    owner: "{{ user_name }}"
      	group: "{{ user_name }}"
   	    mode: "0700"
    - name: 将管理端{{ user_name }}用户的key存储到被控端
      copy:
        content: "{{ user_message.ssh_public_key }}"
        dest: /home/{{ user_name }}/.ssh/authorized_keys
   	    owner: "{{ user_name }}"
   	    group: "{{ user_name }}"
   	    mode: "0600"
    - name: 配置被控制端sudo提权，最后追加一行
      lineinfile:
        dest: /etc/sudoers
   	    line: "{{ user_name }} ALL=(ALL) NOPASSWD:ALL"

1.4、TASK委派场景实践3

1、首先搭建Haproxy + web_cluster集群环境
2、当web节点代码需要更新时，需要下线节点，这个时候需要将下线节点的任务委派给Haproxy
3、操作web_cluster集群，将新的代码替换上
4、当web节点代码更新成功后，需要上线节点，这个时候需要将上线节点的任务委派给Haproxy
5、然后依次循环，直到完成所有节点的代码更新与替换

1.4.1、ansible构建haproxy集群

1、配置Haproxy负载均衡
cat /etc/haproxy/haproxy.cfg
#Glocal settings
global
    log 127.0.0.1 local2
    chroot /var/lib/haproxy
    pidfile /var/run/haproxy.pid
	  maxconn 50
	  user haproxy
	  group haproxy
	  daemon
	  stats socket /var/lib/haproxy/stats level admin
#Defaults settings
defaults
	  mode http
    log  global
    option httplog
    option dontlognull
    option http-server-close
	  option forwardfor except 127.0.0.0/8
	  option redispatch
    retries 3
	  timeout http-request 10s
	  timeout queue 1m
	  timeout connect 10s
	  timeout client 1m
	  timeout server 1m
	  timeout http-keep-alive 10s
	  timeout check 10s
	  maxconn 3000
#Listen settings
listen haproxy-stats
	  bind *:9999
	  stats enable
#   stats fefresh 1s
    stats hide-version
    stats uri /haproxy?stats
    stats realm "HAProxy statistics"
    stats auth admin:123456
    stats admin if TRUE
#frontend proxys www_site
frontend www
    bind *:80
    mode http
    use_backend web_cluster
#Backend Servers
backend web_cluster
	balance roundrobin
	server 172.16.1.7 172.16.1.7:80 check port 80
	server 172.16.1.8 172.16.1.8:80 check port 80

2、web1节点配置如下
yum install -y nginx
echo "Web Page RS-Node1" > /usr/share/nginx/html/index.html
systemctl start nginx

3、web1节点配置如下
yum install -y nginx
echo "Web Page RS-Node2" > /usr/share/nginx/html/index.html
systemctl start nginx

1.4.2、Ansible清单配置

cat /etc/ansible/hosts
[lbservers]
172.16.1.5
[webservers]
172.16.1.7
172.16.1.8

1.4.3、Ansible委托配置

cat haproxy_deploy.yml 
- hosts: webservers
  serial: 1
  tasks:
    #下线节点
    - name: Stop Haproxy Webcluster Pool Node
      haproxy:
        socket: /var/lib/haproxy/stats
        backend: "web_cluster"
        state: disabled
        host: "{{ inventory_hostname }}" #获取当前操作节点主机名称
      delegate_to: "172.16.1.5" #下线节点任务委派给负载均衡节点
    #部署代码
    - name: Copy New Code Web Node Server
      copy:
        content: "App Deploy New-{{ ansible_eth1.ipv4.address.split('.')[-1]}}"
        dest: /usr/share/nginx/html/index.html
        mode: 644
      notify: Restart Nginx Server
    #上线节点
    - name: Start Haproxy Webcluster Pool Node
      haproxy:
        socket: /var/lib/haproxy/stats
        backend: "web_cluster"
        state: enabled
        host: "{{ inventory_hostname }}"
      delegate_to: "172.16.1.5"
  handlers:
    - name: Restart Nginx Server
      systemd:
        name: nginx
        state: reloaded

1.4.4、Ansible委托验证

for i in {1..100};do curl "http://10.0.0.5" && sleep 0.5 && echo ;done