ansible管理部署keepalived实现Nginx调度器高可用
ansible管理部署keepalived实现Nginx调度器高可用keepalived主/备模式高可用{nginx(proxy)|lvs}
两台主机(主/备)高可用nginx(proxy)
两台主机:httpd + php-fpm + Discuz或 phpMyAdmin+php-mysql
一台主机:memcached用来缓存php的session;
一台主机:mysql-server或mariadb-server;
(一):172.16.75.2做ansible服务器(主控设备),其余皆为被管设备;
(二): 172.16.1.11主机做主nginx调度器并实现反代功能;
172.16.1.12主机做备nginx调度器
(三): 172.16.1.13和172.16.1.14主机做web服务器向外提供web服务;
(四): 172.16.1.15主机安装memcached
(六) :172.16.1.16主机安装mariadb-server包,提供数据库服务
大前提:实现主控设备172.16.75.2对被管设备的免密码登录:
]# ssh-keygen -t rsa -P ''
]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.11
]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.12
...
]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.16
以下操作均在主控设备172.16.75.2主机上完成:
安装ansible,keepalived,nginx,httpd,php-fpm
# yum install ansible keepalived nginx httpd php-fpm
1. 创建主机清单,定义主机分组
# vim /etc/ansible/hosts
172.16.1.11
172.16.1.12
172.16.1.13
172.16.1.14
172.16.1.15
172.16.1.16
2. 给调度器提供安装包和必要的配置文件并启动服务
1) vim /etc/ansible/hasrvs.yaml
- hosts: hasrvs
remote_user: root
tasks:
- name: install nginx package
yum : name=nginx state=present
- name: install keepalived package
yum : name=keepalived state=present
- name: provide nginx configure file
copy: src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf
- name: provide keepalived configure file
copy: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf
- name: start nginx service
service: name=nginx state=started enabled=true
- name: start keepalived service
service: name=keepalived state=started enabled=true
2) 给nginx提供配置文件,在http配置段中添加upstream和server上下文:
upstream websrvs {
server 172.16.1.13:80 weight=1;
server 172.16.1.14:80 weight=1;
}
server {
listen 80 default_server;
location / {
proxy_pass http://websrvs;
}
}
注意:在原有的nginx配置文件中,http配置段已存在server上下文,在这需要把原有的默认监听的服务禁用,
即# listen 80 default_server;
3) 给主nginx调度器提供keepalived配置文件:
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id drct1
vrrp_mcast_group4 224.0.100.18
}
vrrp_script check_httpd {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass axtyXIHt
}
virtual_ipaddress {
172.16.1.254/16
}
track_script {
check_httpd
}
}
4)运行hasrvs.yaml,先预运行,无错误在运行
]# ansible-playbook -Chasrvs.yaml
]# ansible-playbookhasrvs.yaml
5)给备nginx调度器提供keepalived配置文件:
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id drct2
vrrp_mcast_group4 224.0.100.18
}
vrrp_script check_httpd {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -20
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass axtyXIHt
}
virtual_ipaddress {
172.16.1.254/16
}
track_script {
check_httpd
}
}
6)给备nginx提供启动脚本:
]# vim /etc/ansible/backuphasrvs.yaml
- hosts: 172.16.1.12
remote_user: root
tasks:
- name: provide keepalived configure file
copy: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf
- name: start keepalived service
service: name=keepalived state=started enabled=true
7)运行backuphasrvs.yaml,先预运行,无错误在运行
]# ansible-playbook -C backuphasrvs.yaml
]# ansible-playbook backuphasrvs.yaml
3 给websrvs主机组提供配置文件,安装包并启动:
1) ]# vim /etc/ansible/websrvs.yaml
- hosts: websrvs
remote_user: root
tasks:
- name: install httpd package
yum : name=httpd state=present
- name: install php-fpm package
yum : name=php-fpm state=present
-name : install php-mysql
yum : name=php-mysql state=present
- name: provide httpd configure file
copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
- name: start httpd service
service: name=httpd state=started enabled=true
- name: start php-fpm service
service: name=php-fpm state=started enabled=true
2) 编辑httpd的主配置文件
]# vim /etc/httpd/conf/httpd.conf(找到相应位置编辑即可)
DocumentRoot "/var/www/html"
Proxyrequestsoff
Proxypassmatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1
DirectoryIndex index.html index.php()
3) 运行websrvs.yaml,先预运行,无错误在运行
]#ansible-playbook -C websrvs.yaml
]#ansible-playbook websrvs.yaml
4.提供一个测试页面,无误后,提供论坛系统:
1)提供一个测试页面,为了加以区分,两台web服务器的测试页面略有区别:
172.16.1.13主机做web server 1, 172.16.1.14主机做web server 2
]# vim /var/www/html/index.php
Web Server 1
将该测试页面传送给172.16.1.13主机,这里就不再写剧本了:
]# ansible 172.16.1.13 -m copy -a "src=/var/www/html/index.phpdest=/var/www/html/index.php"
同理给172.16.1.14主机也提供这样一个页面:
]# vim /var/www/html/index.php
Web Server 1
]#ansible 172.16.1.14 -m copy -a "src=/var/www/html/index.phpdest=/var/www/html/index.php"
2) 在web端进行页面测试,先直接访问服务器172.16.1.13和172.16.1.14没有问题后,在访问172.16.1.254
在这我已测试两台web服务器没有问题,故直接测试nginx调度器组的虚拟接口172.16.1.254
http://s1.运维网.com/images/20180627/1530089777544521.png
http://s1.运维网.com/images/20180627/1530089801651311.png
注意:这里需要关闭防火墙,否则可能无法访问测试页面:
]# iptables -F
3)开始部署wordpress论坛系统:
声明:我在主控设备172.16.75.2上的/var/www/html目录下已经放置了安装包并已解压
可以使用ansible命令,也可以选择剧本:
法一: ansible命令:
]# ansible websrvs -m copy -a "src=/var/www/html/wordpress dest=/var/www/html/wordpress"
法二: 剧本:
]# vim /etc/ansible/websrvs2.yaml
- hosts: websrvs
remote_user: root
tasks:
- name: provide wordpress
copy: src=/var/www/html/wordpressdest=/var/www/html/wordpress
运行剧本:
]# ansible-playbook websrvs2.yaml
5给数据库服务器172.16.1.16安装mariadb-server,并给论坛创建一个名为wordpress的数据库,并授权用户
提供登录论坛的密码:
1)安装mariadb-server包,可使用剧本也可直接使用命令,自行选择
因为此处只有一个数据库服务器,所以选择命令直接安装,但如果服务器较多,建议使用剧本;
]# ansible 172.16.1.14 -m yum -a "name=mariadb state=present"(建议加'-C'选项预运行)
启动数据库服务:
]# ansible 172.16.1.14-m service -a "name=mariadb state=started"
创建数据库并授权用户:
此处我在172.16.1.16主机上直接操作:
]# mysql -p
Enter password:
......
MariaDB [(none)]> create database wordpress;
MariaDB [(none)]> grant all on *.* to 'ytc'@'172.16.%.%' identified by '123456';
MariaDB [(none)]> flush privileges;
2)给论坛提供相关配置文件:
]# cd /var/www/html/wordpress/
]# cp wp-config-sample.phpwp-config.php
]# vim wp-config.php
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'ytc');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '172.16.1.16');
3) 将配置文件部署在websrvs上:
]# vim /etc/ansible/websrvs3.yaml
- hosts: websrvs
remote_user: root
tasks:
- name: provide wordpress configure file
copy:src=/var/www/html/wordpress/wp-config.php
执行脚本:
]# ansible-playbook websrvs3.yaml
4)在web端登录wordpress论坛:
http://s1.运维网.com/images/20180627/1530093397201267.png
http://s1.运维网.com/images/20180627/1530093560416661.png
接下来就可以发布文章了。
注意:1)如果访问过程中出现“建立数据库连接时出错”字样时,可能时SELINUX的干扰将其关闭即可:
即:]# setenforce 0
2)登录论坛后,若出现.php系列的文件列表,而不是上图的登录界面,查看httpd的主配置文件
DirectoryIndex index.htmlindex.php()
加上index.php即可。
6 . 配置memcached服务器启动服务:
] # ansible memsrvs -m yum-a "name=memcached state=present"
] # ansible memsrvs -m service-a "name=memcached state=started"
需在websrvs上安装php-pecl-memcached包,提供web服务器和memcached服务器连接的接口
] # ansible websrvs -m yum-a "name=php-peclmemcached state=present"
编辑php-fpm的配置文件的最后两行:
]# vim /etc/php-fpm.d/www.conf
php_value = memcache
php_value = "tcp://172.16.1.14:11211?persistent=1&weight=1&timeout=1&retry_interval=15"
将更改后的文件发送给websrvs并重启php-fpm服务:
]# ansible websrvs -m copy -a "src= /etc/php-fpm.d/www.confdest= /etc/php-fpm.d/www.conf "
]# ansible websrvs -m service -a "name=php-fpm state=restarted"
这样利用ansible工具部署LNAMMP架构就完成了。
页:
[1]