本文基于《Python自动化运维 技术与最佳实践》第十三章内容“从零开始打造B/S自动化运维平台”。
参考链接为作者刘天斯个人博客:
https://blog.liuts.com/post/245/
https://blog.liuts.com/post/246/
https://github.com/yorkoliu/pyauto
平台简介:OMServer是本平台的名称。OMServer实现了一个集中式的Linux集群管理基础平台,提供了模块扩展的支持,可以随意添加集群操作任务模块,服务器端模块支持前端HTML表单参数动态定制,可灵活实现日常运维远程操作、文件分发等任务;在安全方面,采用加密(RC4算法)指令传输、操作日志记录、分离Web Server与主控设备等。在用户体验方面,采用前端异步请求,模拟Linux终端效果接收返回串。任何人都可以根据自身的业务特点对OMServer平台进行扩展,比如与现有资产平台进行对接,或整合到现有的运维平台中。
系统架构设计:OMServer平台采用三层设计模式,第一层为Web交互层,采用了Django+prototype.js+MySQL实现,服务器端采用了Nginx+uwsgi构建高效的Web服务;第二层为分布式计算层,采用rpyc分布式计算框架实现,作为第一层与第三层的数据交互及实现主控端物理分离,提高整体安全性,同时具备第三层的多机服务的能力;第三层为集群主控端服务层,支持Saltstack、Ansible、Func等平台。架构图:
主机 | ip | 操作系统 | 软件 | 备注 |
web | 172.27.9.17 | Centos7.3.1611 | Python2.7.5、Django1.4.9、uwsgi2.0.4、mysql5.7.22、rpyc3.2.3、nginx1.12.2、setuptools0.6c11 | 关闭防火墙和selinux |
server | 172.27.9.23 | Centos7.3.1611 | Python2.7.5、rpyc3.2.3、setuptools39.1.0、ansible2.3.1.0-1 | 关闭防火墙和selinux |
agent01 | 172.27.9.19 | Centos7.3.1611 | / | 被控主机 |
agent02 | 172.27.9.22 | Centos7.3.1611 | / | 被控主机 |
Web端搭建
安装包准备:
链接:https://pan.baidu.com/s/1Y6nYv3L9udEGsIsOma2Vzg 密码:048j
[[email protected] ~]# mkdir /home/apps
将apps.zip上传至/home/apps并解压
1.nginx部署
参考文档:http://blog.51cto.com/3241766/2094315
[[email protected] ~]# yum -y install gcc-c++ [[email protected] ~]# yum -y install pcre pcre-devel [[email protected] ~]# yum -y install zlib zlib-devel [[email protected] ~]# yum -y install wget [[email protected] ~]# wget -c https://nginx.org/download/nginx-1.12.2.tar.gz [[email protected] ~]# tar -zxvf nginx-1.12.2.tar.gz [[email protected] ~]# groupadd nginx [[email protected] ~]# useradd -g nginx -d /home/nginx nginx [[email protected] ~]# passwd nginx [[email protected] ~]# cd nginx-1.12.2 [[email protected] nginx-1.12.2]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx [[email protected] nginx-1.12.2]# make && make install [[email protected] nginx-1.12.2]# cd /usr/local/nginx/sbin/ [[email protected] sbin]# ln -s /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
2.mysql数据库安装
[[email protected] ~]# rpm -ivh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm [[email protected] ~]# yum -y install mysql-community-server [[email protected] ~]# systemctl start mysqld.service [[email protected] ~]# systemctl enable mysqld.service
修改密码:
[[email protected] ~]# cat /var/log/mysqld.log | grep password 2018-05-08T09:07:09.591079Z 1 [Note] A temporary password is generated for [email protected]: Ipuq?4#lWyo+ [[email protected] ~]# mysql -uroot -p Enter password:
输入密码"Ipuq?4#lWyo+",重置密码:
mysql> set password = password('Mysql123!');
创建数据库OMServer和omserver_user用户并授权:
mysql> create database OMServer character set utf8 collate utf8_bin; Query OK, 1 row affected (0.01 sec) mysql> grant all privileges on OMServer.* to [email protected]'%' identified by 'Omserver_user123!'; Query OK, 0 rows affected, 1 warning (0.00 sec)
导入表数据:
[[email protected] apps]# cd /home/apps/ [[email protected] apps]# cat OMServer.sql |mysql -uomserver_user -pOmserver_user123! -D OMServer mysql: [Warning] Using a password on the command line interface can be insecure.
查看导入:
使用SQLyog Community数据库连接工具查看:
3.MySQL-python库安装
MySQL-python是Python访问MySQL数据库的第三方模块库
setuptools模块安装:
[[email protected] apps]# tar -xvf setuptools-0.6c11.tar.gz [[email protected] apps]# cd setuptools-0.6c11 [[email protected] setuptools-0.6c11]# python setup.py build [[email protected] setuptools-0.6c11]# python setup.py install
MySQL-python模块安装:
[[email protected] apps]# cd MySQL-python-1.2.5 [[email protected] MySQL-python-1.2.5]# python setup.py install
4.rpyc模块安装
rpyc用于平台与主控端做数据通讯交互
[[email protected] apps]# cd rpyc-3.2.3 [[email protected] rpyc-3.2.3]# python setup.py install
5.uwsgi模块安装
uwsgi是一个快速的、纯C语言开发的、自维护、对开发者友好的WSGI服务器,旨在提供专业的Python web应用发布和开发。
[[email protected] apps]# cd uwsgi-2.0.4 [[email protected] uwsgi-2.0.4]# make
安装成功:
[[email protected] uwsgi-2.0.4]# view /etc/ld.so.conf include ld.so.conf.d/*.conf /usr/local/lib #新增行 [[email protected] uwsgi-2.0.4]# ldconfig #让动态链接库为系统所共享 [[email protected] uwsgi-2.0.4]# cp uwsgi /usr/local/bin/
6.安装Django
[[email protected] apps]# cd Django-1.4.9 [[email protected] Django-1.4.9]# python setup.py install
推荐两个比较好的Django入门博客:
http://www.cnblogs.com/qianyuliang/p/6814376.html
https://zhuanlan.zhihu.com/p/24831528
7.django-debug-toolbar安装
[[email protected] apps]# cd /home/apps/django-debug-toolbar-master/ [[email protected] django-debug-toolbar-master]# python setup.py install [[email protected] ~]# view /data/www/OMserverweb/settings.py
根据实际情况修改如下:
8.导入项目文件
导入项目文件至/data/www目录
链接:https://pan.baidu.com/s/1Z69_DOwR4R3y06Jcgn7jxA 密码:uhyl
[[email protected] ~]# mkdir -p /data/www [[email protected] ~]# cd /data/www
将OMserverweb.zip上传至/data/www并解压
9.修改数据库连接信息
[[email protected] OMserverweb]# view /data/www/OMserverweb/settings.py
10.修改主控端rpyc主机IP
[[email protected] OMserverweb]# view /data/www/OMserverweb/autoadmin/views.py
connect里的ip修改为172.27.9.23
11.修改Nginx配置
server { listen 80; server_name localhost; location / { include uwsgi_params; uwsgi_pass 127.0.0.1:9001; uwsgi_connect_timeout 30; uwsgi_param UWSGI_CHDIR /data/www/OMserverweb; uwsgi_param UWSGI_SCRIPT django_wsgi; } location ^~ /static { root /data/www/OMserverweb; } location ~* ^.+\.(mpg|avi|mp3|swf|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|txt|tar|mid|midi|wav|rtf|mpeg)$ { root /data/www/OMserverweb/static; } }
12.uwsgi配置
uwsgi.ini为新建文件,已经在OMserverweb安装包中:
[[email protected] OMserverweb]# more /data/www/OMserverweb/uwsgi.ini [uwsgi] chdir=/data/www/OMserverweb pythonpath=/data/www socket=127.0.0.1:9001 master=true workers=4 pidfile=/data/logs/uwsgi.pid vacuum=true thunder-lock=true enable-threads=true harakiri=30 post-buffering=4096 daemonize=/data/logs/django_uwsgi.log
13.启动web服务
[[email protected] OMserverweb]# uwsgi --ini /data/www/OMserverweb/uwsgi.ini [uWSGI] getting INI configuration from /data/www/OMserverweb/uwsgi.ini [[email protected] OMserverweb]# nginx
启动日志查看:
[[email protected] logs]# more /data/logs/django_uwsgi.log
nginx日志查看:
[[email protected] ~]# tail /usr/local/nginx/logs/access.log
浏览器直接输入IP地址:http://172.27.9.17/
Server端搭建
下载安装包:
链接:https://pan.baidu.com/s/11FGbZ1Q9oedrqdKnnHhCwQ 密码:yszq
[[email protected] ~]# mkdir /home/app-server/
将安装包app-server上传至/home/app-server
1.ansible部署
setuptools安装:
[[email protected] ~]# cd /home/app-server/ [[email protected] app-server]# yum -y install unzip [[email protected] app-server]# unzip setuptools-39.1.0.zip [[email protected] app-server]# cd setuptools-39.1.0 [[email protected] app-server]# python setup.py install
ansible安装(ansible必须使用2.3.1.0-1版本,否则会报错):
[[email protected] ~]# cd /home/app-server/ [[email protected] app-server]# tar -zxvf ansible-2.3.1.0-1.tar.gz [[email protected] app-server]# cd ansible-2.3.1.0-1 [[email protected] ansible-2.3.1.0-1]# python setup.py install
sshpass安装:
[[email protected] ansible-2.3.1.0-1]# cd .. [[email protected] app-server]# tar -zxvf sshpass.tar.gz [[email protected] app-server]# cd sshpass-1.06/ [[email protected] sshpass-1.06]# ./configure [[email protected] sshpass-1.06]# make && make install
2.ansible配置
添加主机IP
[[email protected] ~]# mkdir -p /etc/ansible [[email protected] ~]# cd /home/app-server/ansible-2.3.1.0-1/examples [[email protected] examples]# cp ansible.cfg hosts /etc/ansible [[email protected] examples]# view /etc/ansible/hosts [webservers] ## alpha.example.org ## beta.example.org ## 192.168.1.100 ## 192.168.1.110 172.27.9.17 172.27.9.19 172.27.9.22 172.27.9.23
3.连接测试
首先分别ssh连接websrvers组主机,此过程会生成秘钥信息,不然后面的ansible测试会报错:"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
[[email protected] ~]# ssh 172.27.9.17 The authenticity of host '172.27.9.17 (172.27.9.17)' can't be established. ECDSA key fingerprint is b2:dc:51:b1:a1:b6:e2:4a:c1:ab:f4:e3:15:48:4c:f6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.27.9.17' (ECDSA) to the list of known hosts. [email protected]'s password:
ansible进行ping测试
[[email protected] ~]# ansible 172.27.9.17 -m ping -k SSH password: 172.27.9.17 | SUCCESS => { "changed": false, "ping": "pong" }
4.配置Linux主机SSH无密码访问
为避免Ansible下发指令时输入目标主机密码,通过证书签名达到SSH无密码是一个好的方案。这里使用ssh-keygen生成一对秘钥,使用ssh-copy-id来下发生成的公钥。
创建秘钥:
分别同步公钥至目标主机:
[[email protected] ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected] /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
校验SSH无密码配置是否成功:
[[email protected] ~]# ssh 172.27.9.17 Last login: Wed May 9 17:50:17 2018 from 172.27.9.19
登陆成功,无需输入密码。
5.rpyc模块安装
[[email protected] app-server]# tar -zxvf rpyc-3.2.3.tar.gz [[email protected] rpyc-3.2.3]# python setup.py install
6.Server端配置
[[email protected] app-server]# mv OMServer /home [[email protected] app-server]# cd /home/OMServer/ [[email protected] OMServer]# view config.py
本文以ansible为例
7.修改数据库配置
使用SQLyog Community工具修改server_list表数据,新增被控主机17/19/22/23
8.启动server
[[email protected] OMServer]# python OMserver.py & [[email protected] OMServer]# netstat -an|grep 11511 tcp 0 0 0.0.0.0:11511 0.0.0.0:* LISTEN
11511端口处于监听状态
9.访问web页面
测试
新增模块(使用火狐浏览器)
‘提交’确定
编写后台任务模块,编号为1008
[[email protected] ~]# cd /home/OMServer/modules/ansible [[email protected] ansible]# view Mid_1008.py
# -*- coding: utf-8 -*- from Public_lib import * #查看系统版本模块# class Modulehandle(): def __init__(self,moduleid,hosts,sys_param_row): self.hosts = "" self.Runresult = "" self.moduleid = moduleid self.sys_param_array= sys_param_row self.hosts=target_host(hosts,"IP") def run(self): try: self.Runresult = Order_Run(host=self.hosts, module_name='shell', module_args="df -h") if len(self.Runresult["failed"]) == 0 and len(self.Runresult["success"]) == 0 and len(self.Runresult["unreachable"]) == 0: return "No hosts found,请确认主机已经添加ansible环境!" except Exception,e: return str(e) return self.Runresult
常见错误:
server进程异常,重启server端主进程:
[[email protected] OMServer]# python OMserver.py &
原因:server端开启了防火墙
[[email protected] OMServer]# systemctl stop firewalld.service [[email protected] OMServer]# systemctl disable firewalld.service
原因:web端uwsgi进程异常,重拉进程
[[email protected] OMserverweb]# ps -ef|grep uwsgi |awk '{print $2}'|xargs kill -9 [[email protected] OMserverweb]# uwsgi --ini uwsgi.ini
原因:web端settings.py中的SECRET_KEY与server端config.py中的SECRET_KEY不一致,改成一致即可。
总结:
1.该平台为我们进行自动化运维提供了一种思路。
OMServer平台的三层架构模式简明清晰,第一层是Django+uwsgi+Nginx+Mysql,第二层是rpyc分布式计算框架,第三层是Ansible、Saltstack、Func等自动化运维工具,三层都具有很强的代表性。
2.Django是用Python写的Web框架,功能强大、内容全面、安全性高、高效,对ORM支持完善,社区活跃,同时其灵活性低、可修改性差。
3.Ansible是一个部署一群远程主机的工具,具有部署简单、功能强大、配置简单、扩展性强、支持API及自定义模块,可通过Python轻松扩展的特点,被控主机无需部署客户端代理。ansible通过常用模块在命令行就可以针对主机清单来管理配置远程主机。
4.Web端搭建难点一是在对Django框架的理解,各模块做什么的,起什么作用,二是uwsgi和nginx的参数配置;Server端搭建相对容易,主要是后期平台扩展对Python和Ansible的掌握有一定要求。
原文地址:http://blog.51cto.com/3241766/2114863