I. Description of the Environment
Server with Ansible installed: 192.168.13.45
Test environment server: 192.168.13.49
/home/app/api-tomcat/webapps/api.war a new version of the war package location for the test environment
Production Environment server: 192.168.13.51
/home/app/api-tomcat/webapps/api.war for production Environment War package location/HOME/APP/API-TOMCAT/WEBAPPS/API for production environment Project location/home/app/tomcat.bak/ api/webapps-timestamp for the old version WebApps backup location/home/app/newwar/api.war A temporary storage location for the new version of the war package obtained from the test environment/home/app/newwar/ Location of the API for temporary storage after decompression of the new version of the war package
All in app user execution
Ii. preparation of yml files for Ansible-playbook
1. Upgrade
all the note text at the beginning of the # is removed when used , because YML is not annotated
#生产环境主机的ip, this can also be a/etc/ansible/hosts defined group name- hosts: 192.168.13.51# variable, using variables in the Yml file allows the entire file to be upgraded on different hosts, A variable is used if a variable in a task must be preceded by a colon with a double quotation mark "" Because the Yml file automatically recognizes the contents of the curly braces after the colon as a list, such as the shell: "/bin/startup.sh" vars:# Test environment IP Address testip: 192.168.13.49# The location of the project in the test environment testhome: / home/app/api-tomcat/webapps# the name of the project War package in the test environment warname: api.war# the location of the project's Tomcat in the production environment oldhome: /home/app/api-tomcat# the location of the WebApps backup directory for the old version of the project in the production environment backupwebapps: /home/app/tomcat.bak# where the new version of the war package gets from the test environment newwar: /home/app/ newwar# new version of the war package the name of the directory zipname: api# the entire remote Automation operation of the account used, where the entire production environment from the test environment operation is performed by the app user remote_user: app# Concrete Operation tasks: - name: Production environment Delete/home/ App/newwar directory, ignore the error if the directory does not exist (the reason for deleting this directory is because you want to create a new directory, to ensure that the entire YML file can be executed more than once, ignore_errors to ignore the error return value) file: p ath= state=absent ignore_errors: yes - name: production environment Create/home/app/newwar directory, change permissions, (where Recurse is a recursive creation directory, state is a file type directory) file: path= recurse=yes mode=775 owner=app group=app state=directory - name: Copy the new version from the test environment 192.168.13.49/home/app/api-tomcat/webapps/ Api.war package to the/home/app/newwar directory of the production environment 192.168.13.51, the following operations are in the production environment shell: scp [email protected]:/ - name: to/home/app/ Newwar Recursive permissions (because the corrective action is performed as an app user, so be sure to ensure that permissions are the permissions of the app) file: dest= recurse=yes mode=775 owner=app group=app - name: Decompression/home/app/ Newwar/api.war package in/home/app/newwar/api directory shell: unzip -oq / -d / - name: Give again/Home/app/newwar recursive permissions (to ensure the new version of the app's permissions) file: dest= recurse=yes mode=775 owner=app group=app - name: Create a directory to back up older versions of WebApps/home/app/ Tomcat.bak/api and change the recursive permissions file: path=/ recurse=yes mode=775 owner=app group=app state=directory - name: Backup/home/app/api-tomcat/ WebApps to the directory/home/app/tomcat.bak/api/webapps-timestamp (this backup directory is used for rollback)       SHELL: CP -a /webapps //webapps-' date +%y%m%d%h%m ' - name: The kill process stops the service. Ignore the error return value (this way to ensure that the old version stops running, otherwise conflicts will occur) shell: ps -ef | grep | grep -v grep | xargs kill The ignore_errors: yes - name: kill process stops the service. Ignore the error return value (make sure the old version is no longer running again) shell: ps -ef | grep | grep -v grep | Xargs kill ignore_errors: yes - name: Kill process again to stop the service. Ignore error return value shell: ps -ef | grep | grep -v grep | xargs kill ignore_ errors: yes - name: View the result of stopping the service, whether the process is still in shell: ps -ef | grep - name: Delete old version of/home/app/ Api-tomcat/webapps/api.war Bag file: path=/webapps/ state=absent ignore_errors: yes - name: Delete old versions of/ HOME/APP/API-TOMCAT/WEBAPPS/API Program Directory file: path=/webapps/ state= Absent ignore_errors: yes - name: Copy the new version directory/home/app/newwar/api to/home/ App/api-tomcat/webapps directory under shell: cp -a / /webapps/ - name: Copy new version of war package/home/app/newwar/api.war package to/home/app/api-tomcat/webapps directory shell: cp -a / /webapps/ - name: Start Service/home/app/api-tomcat/bin/startup.sh (source is to load the JDK environment variable, NOHUP is to ensure that yml run out of process still does not exit) shell: "source /etc/profile;nohup /bin/startup.sh &" - name: See if there is a service started in the process shell: ps -ef | grep
2. Rollback
#生产环境主机地址- hosts: 192.168.13.51# variable and upgrade the same vars: testIP: 192.168.13.49 testhome: /home/app/api-tomcat/webapps warname: api.war oldhome: /home/app/api-tomcat backupwebapps: /home/app/tomcat.bak newwar: /home/app/newwar zipname: api# remote operation is still using the app user remote_user: app# the following actions are tasks in the production environment: - name: kill process mode stop service. Ignore error return value shell: ps -ef | grep | grep -v grep | xargs kill ignore_errors: yes - name: kill process mode stop service. Ignore error return value shell: ps -ef | grep | grep -v grep | xargs kill ignore_errors: yes - name: The kill process again stops the service. Ignore error return value shell: ps -ef | grep | grep -v grep | xargs kill ignore_errors: yes - name: View the results of the stop service. Is the process still in shell: ps -ef | grep - name: Delete/home/app/api-tomcat/ WebApps Catalogue file: path=/webapps state=absent - name: Display the WebApps directory for the most recent backup in/home/app/tomcat.bak/api/, the directory name should be webapps-recent timestamp shell: ls -r / | head -1 - name: Copy the backup/home/app/tomcat.bak/api/webapps-latest timestamp to the project and rename it/home/app/api-tomcat/webapps shell: cp -a //$ (lS -R / | HEAD -1) /webapps - name: Start service/home/ app/api-tomcat/bin/startup.sh shell: "Source /etc/profile;nohup /bin/startup.sh & - name: Delete the backup file that you just rolled back shell: rm -rf //$ (ls -r / - name: See if there is a service started in the process shell: ps -ef | grep
Third, upgrade operation and precautions
1. Free key operation before upgrade
Ansible host 192.168.13.45
#在app用户下生成密钥ssh-keygen-t rsa# Send the public key to the test environment ssh-copy-id-i. ssh/id_rsa.pub [email protected] #发送公钥到生产环境ssh-copy-id-i. ssh/ id_rsa.pub [email protected]
Production Environment Host 192.168.13.51
#在app用户下生成密钥ssh-keygen-t rsa# Send the public key to the test environment ssh-copy-id-i. ssh/id_rsa.pub [Email protected]
For business security, ansible host and production environment host, test environment host is interoperable. The production environment host can connect to the test environment host, but the test environment host cannot connect to the production environment host, so here the test environment host does not need to send the key to the production environment host
2. Upgrade and Rollback
Upgrade
Ansible-playbook/home/app/api.yml-v
Rolling back
Ansible-playbook/home/app/api-rollback.yml-v
Ansible-playbook followed by the Yml file path written earlier,-V is to display detailed execution information
3. Attention
If you perform an upgrade and rollback of the yml file in Jenkins, be sure to send the public key of the Jenkins user to the production environment host and the test environment host, otherwise the permissions error will be reported
The host to be operated on must be filled into the/etc/ansible/hosts
Two yml files have been validated in a production environment
This article from "Letter Wind" blog, reproduced please contact the author!
Get a new version of the Java project in Tomcat from the test environment to the production environment using Ansible-playbook