ansible+packer+terraform在aws上布署web服务器
各工具所扮演的角色
ansible:
配合packer生成安装有apache的基础镜像
packer:
生成amazon AMI
terraform:
以packer生成的镜像为基础,布署web服务器
下面我要放各种配置文件上来了,先来个目录树,省的凌乱。。。
packer/ ├── bastion.json ├── playbook.yml └── roles└── httpd└── tasks└── main.yml
bastion.json(这个是packer要用到的文件)
[root@ip-172-31-42-166 packer]# cat bastion.json {"variables": {"aws_access_key": "","aws_secret_key": "","aws_region": "us-west-2"},"provisioners": [{"type": "ansible","playbook_file": "./playbook.yml","ansible_env_vars": ["ANSIBLE_HOST_KEY_CHECKING=False","ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s'","ANSIBLE_NOCOLOR=True"]}],"builders": [{"type": "amazon-ebs","access_key": "{{user `aws_access_key`}}","secret_key": "{{user `aws_secret_key`}}","region": "{{user `aws_region` }}","source_ami": "ami-0031f978","instance_type": "t2.micro","ssh_username": "root","ami_name": "packer-bastion {{timestamp | clean_ami_name}}"}] }
下面是ansible的playbook
[root@ip-172-31-42-166 packer]# cat playbook.yml --- - hosts: allremote_user: sysopbecome: yesvars:AWS_ACCESS_KEY_ID: '{{ AWS_ACCESS_KEY_ID }}'AWS_SECRET_ACCESS_KEY: '{{ AWS_SECRET_ACCESS_KEY }}'filename: '{{ filename }}'rolename: '{{ rolename }}'project: '{{ project }}'release: '{{ release }}'envname: '{{ envname }}'processList: '{{ processList}}'roles:- httpd [root@ip-172-31-42-166 packer]# ls bastion.json playbook.yml roles [root@ip-172-31-42-166 packer]# cat playbook.yml --- - hosts: allremote_user: sysopbecome: yesvars:AWS_ACCESS_KEY_ID: '{{ AWS_ACCESS_KEY_ID }}'AWS_SECRET_ACCESS_KEY: '{{ AWS_SECRET_ACCESS_KEY }}'filename: '{{ filename }}'rolename: '{{ rolename }}'project: '{{ project }}'release: '{{ release }}'envname: '{{ envname }}'processList: '{{ processList}}'roles:- httpd
下面是http的roles文件
[root@ip-172-31-42-166 packer]# cat roles/httpd/tasks/main.yml - name: install the latest version of Apacheyum:name: httpdstate: latest
好了配置文件就这么多。
生成amazon AMI
cd packer/ packer build bastion.json
来看看aws的控制台,ami已经生成了
下面基于terraform来启动web server
先把配置文件放上,注意看注释
[root@ip-172-31-42-166 data]# cat terraform_workspace/main.tf provider "aws" {region = "us-west-2" }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"] #在这里我们引用了下面创建的安全组,没有顺序关系,terraform会自动生成顺序和依赖,使用terraform graph可以查看。user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance" #在这个resource里我们新建了安全组,需要在上面引用,否则无效ingress {from_port = 80 #web线上服务器一般不开80端口,打开小于1024的端口要使用root权限,这是不安全的,一般都是前线的负载均衡器开80,然后映射到后面的高端口上。to_port = 80protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]} }
我们来访问一下试试:
curl http://<EC2_INSTANCE_PUBLIC_IP>:80 #成功了,显示了好大一堆,不放上来了
布署可配置的web服务器
什么是可配置的呢?我感脚就是引入变量。。。。。
所以上面的配置文件也可以写成这样式的:
[root@ip-172-31-42-166 terraform_workspace]# cat main.tf provider "aws" {region = "us-west-2" }variable "server_port" {description = "define a variable server_port"default = 80 }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]} }
当然这变量还可以是一个列表,像这样:
variable "list_example" {description = "An example of a list in Terraform"type = "list"default = [1, 2, 3] }
或者是一组映射,像这样:
variable "map_example" {description = "An example of a map in Terraform"type = "map"default = {key1 = "value1"key2 = "value2"key3 = "value3"} }
布署web服务器集群
在aws中,auto scaling group可以控制服务器的启停,实现集群操作
要创建asg的第一步就是创建启动配置,长这样的:
resource "aws_launch_configuration" "example" {image_id = "ami-9842dbe0"instance_type = "t2.micro"security_groups = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFlifecycle {create_before_destroy = true #在干掉一个机器之前,先启动一个机器 ,注意这里设置为true了,在安全组里也得设置成true,因为他们相互依赖的。} }
所以安全组长这样子:
resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]} lifecycle {create_before_destroy = true} }
好了,下面就可以写安全组的source了:
resource "aws_autoscaling_group" "example" {launch_configuration = "${aws_launch_configuration.example.id}" # The same availability zone as our instancesavailability_zones = ["${split(",", var.availability_zones)}"]min_size = 2max_size = 3tag {key = "Name"value = "terraform-asg-example"propagate_at_launch = true} }
组合在一起,上个完整的配置文件:
provider "aws" {region = "us-west-2" }variable "server_port" {description = "define a variable server_port"default = 80 }variable "availability_zones" {default = "us-west-2a,us-west-2b,us-west-2c"description = "List of availability zones, use AWS CLI to find your " }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}lifecycle {create_before_destroy = true} }resource "aws_launch_configuration" "example" {image_id = "ami-9842dbe0"instance_type = "t2.micro"security_groups = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFlifecycle {create_before_destroy = true} }resource "aws_autoscaling_group" "example" {launch_configuration = "${aws_launch_configuration.example.id}"#availability_zones = ["${data.aws_availability_zones.all.names}"]availability_zones = ["${split(",", var.availability_zones)}"]min_size = 2max_size = 3tag {key = "Name"value = "terraform-asg-example"propagate_at_launch = true} }
在aws控制台上可以看到,新启动了两台机器。
现在我们已经有多台webserver在工作了,我们加个负载均衡器上去玩一下麻:
布署负载均衡器
关于负载均衡器,使用aws_elb resource进行配置:
resource "aws_elb" "example" {name = "terraform-asg-example"availability_zones = ["${data.aws_availability_zones.all.names}"]security_groups = ["${aws_security_group.elb.id}"]listener {lb_port = 80lb_protocol = "http"instance_port = "${var.server_port}"instance_protocol = "http"}health_check {healthy_threshold = 2unhealthy_threshold = 2timeout = 3interval = 30target = "HTTP:${var.server_port}/"} }
还要配置相应的安全组:
resource "aws_security_group" "elb" {name = "terraform-example-elb"ingress {from_port = 80to_port = 80protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}egress {from_port = 0to_port = 0protocol = "-1"cidr_blocks = ["0.0.0.0/0"]} }
下面来个整体的配置文件吧,如果一个看着乱,可以拆分成多个:
provider "aws" {region = "us-west-2" }variable "server_port" {description = "define a variable server_port"default = 80 }variable "availability_zones" {default = "us-west-2a,us-west-2b,us-west-2c"description = "List of availability zones, use AWS CLI to find your " }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}lifecycle {create_before_destroy = true} }resource "aws_security_group" "elb" {name = "terraform-example-elb"ingress {from_port = 80to_port = 80protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}egress {from_port = 0to_port = 0protocol = "-1"cidr_blocks = ["0.0.0.0/0"]} }resource "aws_launch_configuration" "example" {image_id = "ami-9842dbe0"instance_type = "t2.micro"security_groups = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFlifecycle {create_before_destroy = true} }resource "aws_autoscaling_group" "example" {launch_configuration = "${aws_launch_configuration.example.id}"availability_zones = ["${split(",", var.availability_zones)}"]load_balancers = ["${aws_elb.example.name}"]health_check_type = "ELB"min_size = 2max_size = 3tag {key = "Name"value = "terraform-asg-example"propagate_at_launch = true} }resource "aws_elb" "example" {name = "terraform-asg-example"availability_zones = ["${split(",", var.availability_zones)}"]security_groups = ["${aws_security_group.elb.id}"]listener {lb_port = 80lb_protocol = "http"instance_port = "${var.server_port}"instance_protocol = "http"}health_check {healthy_threshold = 2unhealthy_threshold = 2timeout = 3interval = 30target = "HTTP:${var.server_port}/"} }output "elb_dns_name" {value = "${aws_elb.example.dns_name}" } [root@ip-172-31-42-166 terraform_workspace]# ls main.tf main.tf.bak terraform.tfstate terraform.tfstate.backup [root@ip-172-31-42-166 terraform_workspace]# cat main.tf provider "aws" {region = "us-west-2" }variable "server_port" {description = "define a variable server_port"default = 80 }variable "availability_zones" {default = "us-west-2a,us-west-2b,us-west-2c"description = "List of availability zones, use AWS CLI to find your " }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}lifecycle {create_before_destroy = true} }resource "aws_security_group" "elb" {name = "terraform-example-elb"ingress {from_port = 80to_port = 80protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}egress {from_port = 0to_port = 0protocol = "-1"cidr_blocks = ["0.0.0.0/0"]} }resource "aws_launch_configuration" "example" {image_id = "ami-9842dbe0"instance_type = "t2.micro"security_groups = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFlifecycle {create_before_destroy = true} }resource "aws_autoscaling_group" "example" {launch_configuration = "${aws_launch_configuration.example.id}"availability_zones = ["${split(",", var.availability_zones)}"]load_balancers = ["${aws_elb.example.name}"]health_check_type = "ELB"min_size = 2max_size = 3tag {key = "Name"value = "terraform-asg-example"propagate_at_launch = true} }resource "aws_elb" "example" {name = "terraform-asg-example"availability_zones = ["${split(",", var.availability_zones)}"]security_groups = ["${aws_security_group.elb.id}"]listener {lb_port = 80lb_protocol = "http"instance_port = "${var.server_port}"instance_protocol = "http"}health_check {healthy_threshold = 2unhealthy_threshold = 2timeout = 3interval = 30target = "HTTP:${var.server_port}/"} }output "elb_dns_name" {value = "${aws_elb.example.dns_name}" } [root@ip-172-31-42-166 terraform_workspace]# ls main.tf main.tf.bak terraform.tfstate terraform.tfstate.backup [root@ip-172-31-42-166 terraform_workspace]# cat main.tf provider "aws" {region = "us-west-2" }variable "server_port" {description = "define a variable server_port"default = 80 }variable "availability_zones" {default = "us-west-2a,us-west-2b,us-west-2c"description = "List of availability zones, use AWS CLI to find your " }resource "aws_instance" "example" {ami = "ami-9842dbe0"instance_type = "t2.micro"vpc_security_group_ids = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFtags {Name = "apache"} }resource "aws_security_group" "instance" {name = "terraform-example-instance"ingress {from_port = "${var.server_port}"to_port = "${var.server_port}"protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}lifecycle {create_before_destroy = true} }resource "aws_security_group" "elb" {name = "terraform-example-elb"ingress {from_port = 80to_port = 80protocol = "tcp"cidr_blocks = ["0.0.0.0/0"]}egress {from_port = 0to_port = 0protocol = "-1"cidr_blocks = ["0.0.0.0/0"]} }resource "aws_launch_configuration" "example" {image_id = "ami-9842dbe0"instance_type = "t2.micro"security_groups = ["${aws_security_group.instance.id}"]user_data = <<-EOF#!/bin/bash/etc/init.d/httpd startchkconfig httpd onEOFlifecycle {create_before_destroy = true} }resource "aws_autoscaling_group" "example" {launch_configuration = "${aws_launch_configuration.example.id}"availability_zones = ["${split(",", var.availability_zones)}"]load_balancers = ["${aws_elb.example.name}"]health_check_type = "ELB"min_size = 2max_size = 3tag {key = "Name"value = "terraform-asg-example"propagate_at_launch = true} }resource "aws_elb" "example" {name = "terraform-asg-example"availability_zones = ["${split(",", var.availability_zones)}"]security_groups = ["${aws_security_group.elb.id}"]listener {lb_port = 80lb_protocol = "http"instance_port = "${var.server_port}"instance_protocol = "http"}health_check {healthy_threshold = 2unhealthy_threshold = 2timeout = 3interval = 30target = "HTTP:${var.server_port}/"} }output "elb_dns_name" {value = "${aws_elb.example.dns_name}" }
注意:
配置完成的时候出了点问题,elb使用http方式检测webserver状态错误,但是tcp方式是可能,看下图;
它默认去找/index.html文件了,但是我装的apache路径默认不是这个,所以检测一定是失败的。
为了节省资源,我们可以把aws刚才创建的资源都干掉,只要留着配置文件随时可以烣复:
terraform destroy
that`all thank you~
转载于:https://www.cnblogs.com/hackcrack/p/8653302.html
ansible+packer+terraform在aws上布署web服务器相关推荐
- 在同一个机器上布署两个JBOSS,要修改那些端口?
在同一个机器上布署两个JBOSS,要修改那些端口? 当jboss和oracle在同一机器上时,通常oracle占用8080端口, 这时只需要去修改\deploy\jbossweb-tomcat50.s ...
- ubuntu的web服务器_如何在Ubuntu上安装OpenLiteSpeed Web服务器?
ubuntu的web服务器 Want to install OpenLiteSpeed Webserver on Ubuntu? Today we're going to do just that. ...
- Unity使用UnityWebRequest实现本地日志上传到web服务器
一.前言 Unity项目开发中,遇到bug的时候,我们一般是通过日志来定位问题,所以写日志到本地文件,或者把日志文件上传到web服务器这样的功能就很必要了.下面就介绍下如何实现日志写入本地文件和上传本 ...
- http文件上传到web服务器,上传到ftp服务器
前期准备: ftp:服务器的配置.(为ftp上传使用). 注意: 1.要是你测试用,ftp就在你自己开发的机器上配置,一定别忘了要先创建用户.且该用户一定要有可读写的权限!要不然会出现ftp 530错 ...
- debian apache_如何在Debian 10上安装Apache Web服务器
debian apache 介绍 (Introduction) The Apache HTTP server is the most widely-used web server in the wor ...
- 摄像头网页服务器,js调用本地摄像头拍照并上传到web服务器
[实例简介] js调用本地摄像头拍照并上传到web服务器.后台使用java实现图片的接收和存储,上传的图片默认保存到项目下的images文件夹中. [实例截图] [核心代码] MyCamera └── ...
- GIT 在服务器上布署 本地布署
GIT 在Linux & windows安装部署 1) 安装git一.Linux部署 git [root@bjoss03 ~]# yum install git 2) ...
- 如何保护Ubuntu 16.04上的NGINX Web服务器
什么是 Let's Encrypt Let's Encrypt 是互联网安全研究组织 (ISRG) 提供的免费证书认证机构.它提供了一种轻松自动的方式来获取免费的 SSL/TLS 证书 - 这是在 W ...
- CentOS上如何把Web服务器从Apache换到nginx
码农日记原创,转载请注明出处并给出原文链接! http://www.androiddev.net/webserver-apache-to-nginx/ 我的网站在阿里云服务器上, 1G内存的配置,但用 ...
最新文章
- Python 2 和 3 的区别及兼容技巧
- 腾讯员工干满15年可选择“提前退休”!
- VS 2012 如何发布 ASP.NET 网站到本地IIS
- 00截断上传绕过_关于上传中的00截断分析
- QML中导入JavaScript资源
- myeclipse maven 创建 web项目
- Angular应用的部署方式
- MFC的模块状态:从AfxGetApp()和AFX_MANAGE_STATE()看MFC的模块状态
- stat在python中_stat模块接口
- 中国喷漆室保护膜市场趋势报告、技术动态创新及市场预测
- dirty_ratio与dirty_background_ratio参数区别--系统优化必选
- Java调用db2cmd命令导出数据
- linux centos下安装R语言,Centos6下安装R语言教程
- webstrom使用es6语法报错
- mcgs rtu方式通讯两台施耐德ATV312变频器示例 ,通讯实现触摸屏控制监控变频器,中间不需要plc
- IMX6ULL 学习bug记载
- DECOUPLED WEIGHT DECAY REGULARIZATION
- pikachu XXE (XML外部实体注入)(皮卡丘漏洞平台通关系列)
- PV、UV、VV、IP是什么意思?
- php 百度转高德经纬度,PHP腾讯地图经纬度转百度地图经纬度
热门文章
- php判断是字符串类型,php使用strpos判断字符串中数字类型子字符串出错的解决方法 原创...
- html中鼠标移走的伪元素,a标签的伪元素的应用——link,hover,visited,active
- python工作目录,如何使用python 3获取当前工作目录?
- 单细胞----关于Seurat的一些知识
- 3Y叔的clusterProfiler-book阅读Chapter 3 Universal enrichment analysis
- 极简主义shiny app
- RabbitMQ教程_5 整合SpringBoot
- mac bash file密码_Mac系统 | 入门级程序员的开始:Hello word!
- cemtos7重置mysql root,Centos7重置MySQL8.0 root密码
- git pull命令报错