Ansible 中小企业高可用负载均衡部署方案
一、前言ansible作为一款灵活、高效、功能丰富的自动化部署工具在企业运维管理中备受推崇。经过测试,我来使用ansible部署小型企业服务框架,实现高可用、负载均衡的目标。如有错误敬请赐教。
目标环境拓扑:
http://note.youdao.com/yws/res/1136/F3C8432D52BD4830A6F0788073A9A634
环境介绍:
前端代理层由两台nginx实现,并安装keepalived实现地址滑动达成高可用。 web层由两套Apache+PHP+WordPress 构建应用环境。数据层由一台mariadb组成,篇幅限制这里并没有做数据库主从复制、读写分离(实际环境数据库一定要实现这两项功能)。
IP一览:
二、环境准备:
2.1 管理端安装ansible,配置ssh秘钥使主机间实现基于密钥的认证,测试是否可以互相连接!
ssh-keygen-t rsa#三次回车,中途的问题是问秘钥存放位置(默认/root/.ssh),是否加密秘钥。实验方便这里不加密。ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.71 #将公钥发送给目标主机ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.72ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.73ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.61ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.62
2.2 编辑ansible的hosts文件,定义所有的主机
vim /etc/ansible/hosts
192.168.23.61
192.168.23.62
192.168.23.71 state=MASTER priority=100
192.168.23.72 state=BACKUP priotity=90
192.168.23.73
2.3 为所有主机同步时间
ansible all -a 'ntpdate cn.pool.ntp.org'
2.4 创建ansible相关角色的目录
mkdir -pv /etc/ansible/roles/{mysql,web,nginx}/{files,tasks,templates,vars,handlers,meta}
三、配置web的playbook:
3.1 创建tasks文件
vim /etc/ansible/roles/web/tasks/main.yml- name: install web pakgsyum: name={{ item }}with_items:- httpd- php- php-mysql- name: configwebcopy: src=httpd.conf dest=/etc/httpd/conf/httpd.confnotify: restart the service # 注意这里要与handlers里定义的name相同- name: copy wordpresssynchronize: src=wordpress dest=/var/www/html/wordpress/- name: restart the serviceservice: name=httpd state=started
3.2 创建handles
vim /etc/ansible/roles/web/handlers/main.yml- name: restart the service#就这service: name=httpd state=restarted
3.3 添加要复制过去的配置文件
放在/etc/ansible/roles/web/files/下 ① WordPress目录 ② httpd.conf #从别的地方考过来
3.4 修改WordPress连接数据库的配置文件
cd wordpresscp wp-config-sample.phpwp-config.phpvim wp-config.php
/** WordPress数据库的名称 */
define('DB_NAME', 'wp');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'lovelinux');
/** MySQL主机 */
define('DB_HOST', '192.168.23.73');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
3.5 添加web主剧本
vim /etc/ansible/web.yml- hosts: webremote_user: rootroles:- web
3.6 测试,没问题的话就下一步
(-C, –check 指定该参数后,执行playbook文件不会真正去执行,而是模拟执行一遍,然后输出本次执行会对远程主机造成的修改)
ansible-playbook -C /etc/ansible/web.yml
http://note.youdao.com/yws/res/1130/857CE14CE3C546239CDB0DDE74437005
四、配置代理层:
4.1 添加task任务
vim /etc/ansible/roles/nginx/tasks/main.yml- name: install packageyum: name={{ item }}with_items:- nginx- keepalived- name: config keepalivedtemplate: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.confnotify: restart keepalived- name: config nginxtemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.confnotify: restart nginx- name: start serviceservice: name={{ item }} state=started enabled=yeswith_items:- keepalived- nginx
4.2 添加handlers
vim /etc/ansible/roles/nginx/handlers/main.yml- name: restart keepalivedservice: name=keepalived state=restarted- name: restart nginxservice: name=nginx state=restarted
4.3 准备template文件
①keepalived.conf.j2②nginx.conf.j2
4.4 修改keepalived模板文件keepalived.conf.j2
global_defs { notification_email { acassen@firewall.loc } notification_email_from Alexandre.Cassen@firewall.loc smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ansible_hostname}} #自带变量,通过ansible 主机IP -m setup 查询 vrrp_mcast_group4 224.0.0.43}vrrp_instance VI_1 { state {{ state }} #已通过hosts文件定义变量 interface ens33 #网卡名 virtual_router_id 51 priority {{ priority }} advert_int 1 authentication { auth_type PASS auth_pass lovelinux #设置密码 } virtual_ipaddress { 192.168.23.88 #虚拟IP }}
4.5 修改nginx模板文件nginx.conf.j2(定义在http段)
events {worker_connections1024;## Default: 1024}http{upstream servers2.mydomain.com { server 192.168.23.61; server 192.168.23.62; ip_hash;}server{ listen 80; server_name www.mydomain.com; root /usr/share/nginx/html; location / { proxy_pass http://servers2.mydomain.com; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}}
4.6 添加nginx主剧本
vim /etc/ansible/nginx.yml- hosts: nginxremote_user: rootroles:- nginx
4.7 测试,没问题的话就下一步
ansible-playbook -C /etc/ansible/nginx.yml
http://note.youdao.com/yws/res/1131/A88E01E0D4DE4185B9222E32459A7F22
五、配置mariadb:
5.1 配置mariadb的任务清单
vim /etc/ansible/roles/mysql/tasks/main.yml
roles/mysql/tasks/main.yml- name: install mariadbyum: name=mariadb-server- name: copy sql filecopy: src=mysql.sql dest=/tmp/mysql.sql- name: start mysql serviceservice: name=mariadb state=started- name: config mysqlshell: "mysql < /tmp/mysql.sql"
5.2 设置files文件
vim /etc/ansible/roles/mysql/files/mysql.sqlCREATE DATABASE wp;GRANT ALL ON wp.* TO 'wpuser'@'%' IDENTIFIED BY 'lovelinux';
5.3 添加mysql主剧本
vim /etc/ansible/mysql.yml- hosts: mysqlremote_user: rootroles:- mysql
5.4 测试,没问题的话就下一步
ansible-playbook -C /etc/ansible/mysql.yml
http://note.youdao.com/yws/res/1129/3BDE11066D3040C4B002130ED5F4C3E3
六、开始表演(执行剧本):
6.1 目录结构
http://note.youdao.com/yws/res/1132/12DC422A182E4C6AAC805770433C53D1
6.2 分别执行
ansible-playbookweb.yml
http://note.youdao.com/yws/res/1133/BBFC0EB0BF3B498DA5786F526794B27D
ansible-playbooknginx.yml
http://note.youdao.com/yws/res/1135/F1855DB5B20B432C943982D7966B95A4
ansible-playbookmysql.yml
http://note.youdao.com/yws/res/1134/9D25D4644C5D4991B078DB72048EC757
6.3 访问页面
http://192.168.23.88/wordpress
七、项目总结:
7.1 在定义web的playbook时复制wordpress时开始用的是copy模块执行总是不成功,报错,google找到用synchronize模块要比copy模块高效安全的多,synchronize采用rsync复制文件,所以系统必须安装rsync 包否则无法使用这个模块。
使用该模块的优点有
① 增量复制(只复制与目标主机有差异的文件) ② 复制时采用压缩,对复制大文件支持优秀(用copy复制大文件会出错)
学习了
页:
[1]