实战目标:通过ansible部署
(1) 主/备模型的keepalived+nginx;
(2) httpd+php+php-mysql;
(3) mysql-server或mariadb-server;
拥有testdb库,并允许testuser对其拥有所有权限;
本实验基于centos7.2
拓扑图
1,先安装ansible服务端
yum install ansible
2,修改配置文件
vim /etc/ansible/hosts
[webs]
192.168.153.129 ansible_ssh_user='root' ansible_ssh_pass='root' statetype='MASTER' priority='100' # keepalived master
192.168.153.130 ansible_ssh_user='root' ansible_ssh_pass='root' statetype='BACKUP' priority='98' # keepalived backup
192.168.153.131 ansible_ssh_user='root' ansible_ssh_pass='root' # httpd master
192.168.153.132 ansible_ssh_user='root' ansible_ssh_pass='root' # httpd backup
192.168.153.133 ansible_ssh_user='root' ansible_ssh_pass='root' # mysql
2,创建角色及其目录
cd /etc/ansible/roles
mkdir keepalived-nginx
cd keepalived-nginx
mkdir tasks handlers templates files vars
3,创建主文件
vim /etc/ansible/roles/keepalived_nginx/keepalived.yaml
4,编写task文件
vim /etc/ansible/roles/keepalived_nginx/tasks/main.yml
- name: stop selinux firewall
shell: iptables -F;setenforce 0;yum install -y libselinux-python
- name: install keepalived-nginx
shell: yum install -y wget keepalived psmisc ; wget ftp://10.1.0.1/pub/Sources/7.x86_64/nginx/nginx-1.10.0-1.el7.ngx.x86_64.rpm ; yum install ./nginx-1.10.0-1.el7.ngx.x86_64.rpm -y
with_items: ansible_all_ipv4_addresses
when: ( item == "{{ keepalived_master }}" or item == "{{ keepalived_backup }}" ) and ansible_distribution_major_version == "7"
- name: copy keepalived config
template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
with_items: ansible_all_ipv4_addresses
when: item == "{{ keepalived_master }}" or item == "{{ keepalived_backup }}"
- name: copy nginx config
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
with_items: ansible_all_ipv4_addresses
when: item == "{{ keepalived_master }}" or item == "{{ keepalived_backup }}"
- name: start keepalived
shell: systemctl start keepalived nginx
with_items: ansible_all_ipv4_addresses
when: ( item == "{{ keepalived_master }}" or item == "{{ keepalived_backup }}" ) and ansible_distribution_major_version == "7"
- name: install mariadb
shell: yum install -y mariadb-server nfs-utils
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}" and ansible_distribution_major_version == "7"
- name: copy web_files
template: src=web.sh.j2 dest=/tmp/web.sh
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}"
- name: copy config
copy: src=my.cnf dest=/etc/my.cnf
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}"
- name: start mariadb
shell: systemctl start mariadb rpcbind ;bash /tmp/web.sh;systemctl start nfs
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}" and ansible_distribution_major_version == "7"
- name: cp database
template: src=mysql.j2 dest=/tmp/mysql
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}"
- name: creta database
shell: mysql < /tmp/mysql
with_items: ansible_all_ipv4_addresses
when: item == "{{ mysql }}"
- name: install httpd_php
shell: yum install -y php php-mysql php-mbstring php-gd php-mcrypt httpd nfs-utils
with_items: ansible_all_ipv4_addresses
when: item == "{{ php_master }}" or item == "{{ php_backup }}"
- name: mount webs
shell: mount -t nfs {{ mysql }}:/web/apps/dz /var/www/html
with_items: ansible_all_ipv4_addresses
when: item == "{{ php_master }}" or item == "{{ php_backup }}"
- name: start httpd
shell: systemctl start httpd
with_items: ansible_all_ipv4_addresses
when: ( item == "{{ php_master }}" or item == "{{ php_backup }}" ) and ansible_distribution_major_version == "7"
5,编写var变量
vim /etc/ansible/roles/keepalived_nginx/vars/main.yml
keepalived_master: 192.168.153.129
keepalived_backup: 192.168.153.130
php_master: 192.168.153.131
php_backup: 192.168.153.132
mysql: 192.168.153.133
virtual_ip: 192.168.153.100
vrrp_mcast: 224.0.41.41
iface: eno33554984
6,编写file文件
vim /etc/ansible/roles/keepalived_nginx/files/my.cnf
7,编写template文件
7.1
vim keepalived.conf.j2
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_mcast_group4 {{ vrrp_mcast }}
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_script chk_downfile {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_instance VI_1 {
state {{ statetype }}
interface {{ iface }}
virtual_router_id 41
priority {{ priority }}
advert_int 1
authentication {
auth_type PASS
auth_pass oiejn78c
}
virtual_ipaddress {
{{ virtual_ip }}
}
track_script {
chk_nginx
chk_downfile
}
}
7.2
vim mysql.j2
create database testdb;
grant all on testdb.* to 'testuser'@'{{ php_master }}' identified by 'testpass';
grant all on testdb.* to 'testuser'@'{{ php_backup }}' identified by 'testpass';
flush privileges;
7.3
vim nginx.conf.j2
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
upstream webs {
server {{ php_master }}:80;
server {{ php_backup }}:80;
hash $remote_addr;
}
server {
listen 80;
proxy_pass webs;
}
}
7.4
vim web.sh.j2
#/bin/bash
id apache || useradd -r -u 48 apache &> /dev/null
yum install -y wget
wget ftp://10.1.0.1/pub/Sources/sources/php/Discuz_X3.2_SC_UTF8.zip
unzip -n Discuz_X3.2_SC_UTF8.zip &> /dev/null
mkdir /web/apps/dz/ -p
mv -f upload/* /web/apps/dz/ &> /dev/null
setfacl -R -m u:apache:rwx /web/apps/dz/
echo "/web/apps/dz/ {{ php_master }}(rw,sync) {{ php_backup }}(rw,sync)" > /etc/exports
8,测试
[root@localhost keepalived_nginx]# ansible-playbook keepalived.yaml
PLAY [webs] *******************************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.153.129]
ok: [192.168.153.130]
ok: [192.168.153.131]
ok: [192.168.153.132]
ok: [192.168.153.133]
TASK: [keepalived_nginx | stop selinux firewall] ******************************
changed: [192.168.153.129]
changed: [192.168.153.130]
changed: [192.168.153.131]
changed: [192.168.153.132]
changed: [192.168.153.133]
TASK: [keepalived_nginx | install keepalived-nginx] ***************************
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
changed: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
TASK: [keepalived_nginx | copy keepalived config] *****************************
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
changed: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
TASK: [keepalived_nginx | copy nginx config] **********************************
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
changed: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
TASK: [keepalived_nginx | start keepalived] ***********************************
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
changed: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
TASK: [keepalived_nginx | install mariadb] ************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | copy web_files] *************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | copy config] ****************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | start mariadb] **************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | cp database] ****************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | creta database] *************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
changed: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
TASK: [keepalived_nginx | install httpd_php] **********************************
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
changed: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
changed: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
TASK: [keepalived_nginx | mount webs] *****************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
changed: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
changed: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
TASK: [keepalived_nginx | start httpd] ****************************************
skipping: [192.168.153.129] => (item=192.168.153.129)
skipping: [192.168.153.129] => (item=10.1.249.63)
skipping: [192.168.153.130] => (item=192.168.153.130)
skipping: [192.168.153.130] => (item=10.1.249.36)
skipping: [192.168.153.133] => (item=192.168.153.133)
skipping: [192.168.153.133] => (item=10.1.249.46)
changed: [192.168.153.131] => (item=192.168.153.131)
skipping: [192.168.153.131] => (item=10.1.253.90)
changed: [192.168.153.132] => (item=192.168.153.132)
skipping: [192.168.153.132] => (item=10.1.252.176)
PLAY RECAP ********************************************************************
192.168.153.129 : ok=15 changed=5 unreachable=0 failed=0
192.168.153.130 : ok=15 changed=5 unreachable=0 failed=0
192.168.153.131 : ok=15 changed=4 unreachable=0 failed=0
192.168.153.132 : ok=15 changed=4 unreachable=0 failed=0
192.168.153.133 : ok=15 changed=7 unreachable=0 failed=0
9,访问移动ip 192.168.153.100