Ansible in action

DevOps
ansible

Environment

os: centos7
ansible version: 2.5

install ansible:

1
sudo yum install ansible

inventory file:

/etc/ansible/hosts

1
2
3
4
5
[webserver]
192.168.8.215

[dbserver]
192.168.8.214

Or whereever your inventory file is and use -i to specific it.

Set login without password:

1
ssh-copy-id user@your-server-ip

Test ping ur host

1
ansible all -m ping

set user and root:

1
ansbile all -m ping -u bruce --sudo

using shell module:

1
ansible all -m shell -a 'echo $(hostname -i)'

Playbook:

playbook.yml content with:

1
2
3
4
5
6
7
8
---
- hosts: all
  remote_user: rootrl
  tasks:
   - name: test connection
     ping:
   - name: test a script
     script: ./script.sh

script.sh:

1
2
3
4
5
6
#!/usr/bin/env bash

cat <<TPL > hay.txt
hello
        this is text
TPL

before run:

1
2
3
4
5
# check syntax
ansible-playbook playbook.yml --syntax-check

# check host list
ansible-playbook playbook.yml --list-hosts

run:

1
ansible-playbook playbook.yml

run cat to proof stuff has changed:

1
ansible all -m shell -a "cat /home/rootrl/hay.txt"

Demo:

https://github.com/rootrl/Init-new-instance-with-ansible.git

git clone and run:

1
ansible-playbook -i hosts main.yml

Result:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
[rootrl@jdu4e00u53f7 Init-new-instance-with-ansible]$ ansible-playbook -i hosts main.yml

PLAY [webserver] *************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************
ok: [45.77.44.159]

TASK [test ping] *************************************************************************************************************************************
ok: [45.77.44.159]

TASK [install docker] ********************************************************************************************************************************

changed: [45.77.44.159]

TASK [test docker] ***********************************************************************************************************************************
changed: [45.77.44.159]

TASK [debug] *****************************************************************************************************************************************
ok: [45.77.44.159] => {
    "msg": [
        "",
        "Hello from Docker!",
        "This message shows that your installation appears to be working correctly.",
        "",
        "To generate this message, Docker took the following steps:",
        " 1. The Docker client contacted the Docker daemon.",
        " 2. The Docker daemon pulled the \"hello-world\" image from the Docker Hub.",
        "    (amd64)",
        " 3. The Docker daemon created a new container from that image which runs the",
        "    executable that produces the output you are currently reading.",
        " 4. The Docker daemon streamed that output to the Docker client, which sent it",
        "    to your terminal.",
        "",
        "To try something more ambitious, you can run an Ubuntu container with:",
        " $ docker run -it ubuntu bash",
        "",
        "Share images, automate workflows, and more with a free Docker ID:",
        " https://hub.docker.com/",
        "",
        "For more examples and ideas, visit:",
        " https://docs.docker.com/engine/userguide/"
    ]
}

TASK [install shadowsock] ****************************************************************************************************************************
changed: [45.77.44.159]

PLAY RECAP *******************************************************************************************************************************************
45.77.44.159               : ok=6    changed=3    unreachable=0    failed=0
Share Comments

Docker实践 - 超简单配置ftp服务

虚拟机/容器
docker, ftp, nginx

缘起

前几天双十一的时候在京东上买了一台云虚拟机,很便宜,2g内存的才121元一年。买的时候产品那边同事就打招呼叫我帮他配个ftp服务平时上传浏览原型图用。

今天闲来无事就捣鼓这些环境,Nginx这边我一开始就是用Docker跑的,但是刚开始没想到也可以把ftp服务扔到容器里。

刚开始我只是在Centos下正规的配置vsftpd服务,但是后来有个问题一直难以解决,就是ftp登陆上传的时候,新建的文件所在用户组和other都没有权限,配置了umask也无济于事,selinux也关闭了,想到我ftp用户目录和docker里跑的nginx都是一个目录,这种复杂的环境,想想就头疼,啥方法都用尽了,就是解决不了。

实践

后来突然想到,我ftp不也可以直接扔docker吗?只用映射个21端口,然后在宿主机配个volume卷。然后去docker hub搜ftp镜像,没想到真的有一大堆,选来选去选了bogem/ftp,只因为这个配置简单,该有的也有。

地址:https://hub.docker.com/r/bogem/ftp/

就像说明说的,启动服务特简单:

1
2
3
4
5
6
7
docker run -d -v <host folder>:/home/vsftpd \
                -p 20:20 -p 21:21 -p 47400-47470:47400-47470 \
                -e FTP_USER=<username> \
                -e FTP_PASS=<password> \
                -e PASV_ADDRESS=<ip address of your server> \
                --name ftp \
                --restart=always bogem/ftp

用的时候相应参数改下就可以了。

我nginx这边服务也特简单,因为只用跑静态服务(当然要配个php-fpm服务也超级简单)

1
docker run -d --name ftp-server -v {跟ftp一个目录}:/usr/share/nginx/html:ro -p 81:80 nginx

这样整个服务就都启动啦,ftp可以正常上传,然后通过81端口可以访问静态页面。是不是超级简单。。以后啥服务都基本可以扔在docker跑了。

Share Comments

搭建Ngrok内网穿透服务器

其他
ngrok, 内网穿透

简介

Ngrok是实现内网穿透的,简单讲就是可以在外网访问你的Localhost环境。

安装

Ngrok需要Go环境支持,请确保安装了Go环境。

安装Go

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 下载包:
wget https://storage.googleapis.com/golang/go1.9.1.linux-amd64.tar.gz
# 解压到/usr/local/go
sduo tar -C /usr/local -xzf go1.9.1.linux-amd64.tar.gz

# 配置环境变量 /etc/profile所有用户生效 $HOME/.profile当前用户
vim /etc/profile

# 末尾加上以下内容
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin

# 针对所有用户的需要重启电脑才可以生效;针对当前用户使用source命令
source ~/.profile

# 检测 
go version

###安装Ngrok

1
2
3
4
5
cd /usr/local/src
git clone https://github.com/inconshreveable/ngrok.git
export GOPATH=/usr/local/src/ngrok/
export NGROK_DOMAIN="youdomain.cn"
cd ngrok

生成证书 (必须)

1
2
3
4
5
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000

复制证书到指定位置

1
2
3
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key

如果是国内服务器修改以下配置

1
2
vim src/ngrok/log/logger.go
log "github.com/keepeye/log4go"

编译服务器,这里也同时编译了一个 linux 下的客户端。64位系统使用 amd64,如果是32位,需要修改成 amd386。

1
2
3
4
5
# 如果有权限错误看提示修改权限
cd /usr/local/go/src
GOOS=linux GOARCH=amd64 ./make.bash
cd /usr/local/src/ngrok/
GOOS=linux GOARCH=amd64 make release-server release-client

以上如果有$GOROOT_BOOTSTRAP错误
Copy一份源码

1
2
sudo cp -r /usr/local/go /usr/local/go-copy
export GOROOT_BOOTSTRAP=/usr/local/go-copy

服务器端使用

进入服务端目录,服务端程序文件名为 ngrokd,并执行相应命令

1
2
3
# 端口随你自己定义
cd /usr/local/src/ngrok/bin
./ngrokd -domain="$NGROK_DOMAIN" -httpAddr=":8085"

返回一下结果,说明成功:

1
2
3
4
5
[08:09:41 UTC 2016/12/19] [INFO] (ngrok/log.(*PrefixLogger).Info:83) [registry] [tun] No affinity cache specified
[08:09:41 UTC 2016/12/19] [INFO] (ngrok/log.Info:112) Listening for public http connections on [::]:80
[08:09:41 UTC 2016/12/19] [INFO] (ngrok/log.Info:112) Listening for public https connections on [::]:443
[08:09:41 UTC 2016/12/19] [INFO] (ngrok/log.Info:112) Listening for control and proxy connections on [::]:4443
[08:09:41 UTC 2016/12/19] [INFO] (ngrok/log.(*PrefixLogger).Info:83) [metrics] Reporting every 30 seconds

客户端使用

把刚刚从 VPS 服务器上生成的客户端服务器下载到本机,可以通过 scp 命令

1
2
3
mkdir -p /usr/local/ngrok/bin

sudo scp username@servername:/usr/local/src/ngrok/bin/ngrok /usr/local/ngrok/bin/ngrok(本地目录)

在/usr/local/ngirok/bin下新建ngrok.cfg文件

1
2
server_addr: "yourdomain.cn:4443"
trust_host_root_certs: false

运行客户端

1
2
3
./ngrok -config=./ngrok.cfg -subdomain=test 8080
# -subdomain参数指的是域名,例如这里是test.ngrok.uprogrammer.cn
# 后面的80是指本机端口,这里是指把本机的8080端口开放穿透

返回以下结果说明成功:

1
2
3
4
5
6
7
unnel Status                 online                                                                                                        
Version                       1.7/1.7                                                                                                       
Forwarding                    http://test.ngrok.uprogrammer.cn -> 127.0.0.1:8080                                                            
Forwarding                    https://test.ngrok.uprogrammer.cn -> 127.0.0.1:8080                                                           
Web Interface                 127.0.0.1:4040                                                                                                
# Conn                        0                                                                                                             
Avg Conn Time                 0.00ms

接下来通过test.yourdomain.cn就可以访问你本地8080端口的服务了。

可能问题

1,注意检查相应服务器端口是否经过防火墙允许转发了
2,我这边ngrok是装在我vagrant虚拟机里面,然后我们开发环境是内网另一台服务器上,所以我这边要用到一层反向代理。

总结

这篇文章基本参考的:[http://linfuyan.com/ubuntu-ngrok][1]
已通过实践验证,证明是可行的。

Share Comments