期中架构项目实践
一、 项目背景
随着互联网的发展,互联网规模越来越大、服务的架构越来越复杂多样,对运维工程师的需求也是会越来越急迫,对正在从事或者即将从事运维行业的人们来说,是一个很好的消息。
自然而然地运维工程师需求量也会很大,而且是随着运维工作的积累,越来越值钱。一个优秀的运维工程师,有强烈的责任心和主动性,对自己的所负责工作有owner意识,并且能自我驱动不断学习与成长。
而且能够承担较大工作压力,有独立较强的分析解决问题的能力。在工作当中胆大心细,并且还要具备探索创新的精神。目前所有岗位要求,都要会精通shell/Python/Perl等至少其中1种语言,并且精通Linux命令。
所以说,这就是运维行业的优势,我们还等什么呢?
二、架构
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-E0JDUuSN-1622995291159)(C:\Users\17155\Desktop\下载图片\1622912294388.png)]](https://img-blog.csdnimg.cn/20210607000206677.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L21tOTcwOTE5,size_16,color_FFFFFF,t_70)
三、相关的实现工具
| 主机 | 内网IP | 外网IP | 项目与服务 |
|---|---|---|---|
| web01 | 172.16.1.7 | textpattern,decmsv6 | |
| web02 | 172.16.1.8 | ||
| web03 | 172.16.1.9 | ||
| backup | 172.16.1.41 | rsync备份服务器 | |
| nfs | 172.16.1.31 | nfs、sersync实时共享服务器 | |
| lb01 | 172.16.1.5 | 负载均衡,keepalived,cacahe缓存 | |
| lb02 | 172.16.1.6 | ||
| db01 | 172.16.1.51 | 数据库管理,redis | |
| prometheus | 172.16.1.71 | 192.168.15.71 | 普罗米修斯监控 |
| openvpn | 172.16.1.125 | OPENVPN内部共享数据 |
四、实现的效果
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-DqYiayQ3-1622995291164)(C:\Users\17155\Desktop\下载图片\1622912168950.png)]](https://img-blog.csdnimg.cn/20210607000221270.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L21tOTcwOTE5,size_16,color_FFFFFF,t_70)
五、优化内容
1、时间服务器
2、除了基础的备份还需要备份配置文件,脚本文件,定时任务等等。
3、数据库的读写分离,以及负载均衡调度。
4、授权目录或文件权最小化原则。
5、同步教据需要限速,提高用户体验。
6、加速缓存Php 、mysql ,减小后端压力。
7、防劫持使用https加密方式。
8、Nginz. 、php细部优化
9、nfs单台故障用ceph代替
10、横向扩展服务器
项目设计:
通过ansible一键部署DedeCMSV6、textpattern项目,首先我们都是通过openvpn实现内部机器共享上网,其中所用到的服务有基础的LNMP架构,随web服务端是数据增大,其web端承受的压力势必增加,抗容灾压力也大,所以我们做了一个负载均衡+keepalived的架构。
所有的数据都会放在数据库里,向后可以做数据库的主从复制。(MAH高可用)
一些重要数据我们需要保存,所以又增加了nfs共享数据,实现动静分离,数据共享,sersync+rsync实时备份实现了全网数据共享,然后通过prometheus监控数据与状态。
六、剧本编写
1.前言
# 1.免密
root@openvpn ~]# ssh-keygen
[root@openvpn ~]# cat ssh-jump.sh
#!/bin/
for i in 'web01' 'web02' 'web03' 'lb01' 'lb02' 'db01' 'nfs' 'backup' 'prometheus'
do
expect -c "
spawn ssh-copy-id -i root@$i
expect {
\"(yes/no)\" {send \"yes\r\";exp_continue}
\"password\" {send \"123\r\";exp_continue}
}
"
done
# 2.配置本地hosts
[root@m01 roles]# vim /etc/hosts
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db01
172.16.1.71 prometheus
[root@openvpn ~]# cat hosts.sh
#!/bin/
for i in 'web01' 'web02' 'web03' 'lb01' 'lb02' 'db01' 'nfs' 'backup' 'prometheus'
do
scp -r /etc/hosts root@$i:/etc/hosts
done
# 3.分别执行脚本
[root@openvpn ~]# ./hosts.sh
[root@openvpn ~]# ./ssh-jump.sh
2.配置主机清单
[root@openvpn ~]# cat /etc/ansible/hosts
[web_group]
web01
web02
web03
[nfs_group]
nfs
[slb]
lb01
lb02
[db]
db01
[backup_group]
backup
[prometheus_group]
prometheus ansible_ssh_pass='123'
[rmon_group:children]
web_group
slb
3.创建所有目录
[root@openvpn project]# mkdir /project/ #剧本存放的目录
[root@openvpn project]# mkdir /project/roles
[root@openvpn project]# touch /project/site.yml # lnmp目录
[root@openvpn project]# touch /project/rmon.yml # 监控目录
[root@openvpn project]# ll
total 4
drwxr-xr-x 15 root root 187 Jun 4 10:18 roles
-rw-r--r-- 1 root root 534 Jun 4 11:31 site.yml
-rw-r--r-- 1 root root 365 Jun 4 21:57 site.yml
[root@m01 roles]# ansible-galaxy init nginx # 依次创建以下目录
- Role nginx was created successfully
[root@m01 roles]# ll
drwxr-xr-x 10 root root 154 May 26 23:11 base
drwxr-xr-x 10 root root 154 Jun 2 18:08 blog
drwxr-xr-x 10 root root 154 Jun 3 20:45 database
drwxr-xr-x 10 root root 154 Jun 2 21:24 keepalived
drwxr-xr-x 10 root root 154 May 25 23:56 mariadb
drwxr-xr-x 10 root root 154 Jun 3 20:36 nfs
drwxr-xr-x 10 root root 154 May 27 00:21 nginx
drwxr-xr-x 10 root root 154 May 25 23:56 php
drwxr-xr-x 10 root root 154 Jun 4 09:14 prometheus
drwxr-xr-x 10 root root 154 Jun 4 21:13 prometheus-db
drwxr-xr-x 10 root root 154 Jun 4 17:39 prometheus-web
drwxr-xr-x 10 root root 154 May 29 15:53 rsync
drwxr-xr-x 10 root root 154 May 27 21:44 slb
drwxr-xr-x 10 root root 154 Jun 3 21:34 web-nfs
4.剧本依次编写
一、优化部分
# 剧本准备文件
[root@m01 files]# pwd
/project/roles/base/files
[root@m01 files]# ll
total 12
-rw-r--r-- 1 root root 2523 May 26 23:13 CentOS-Base.repo
-rw-r--r-- 1 root root 664 May 26 23:13 epel.repo
-rw-r--r-- 1 root root 473 May 26 23:13 sysctl.conf
[root@m01 files]# cat sysctl.conf # 内核优化
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000 65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
net.ipv4.ip_forward = 1
# 优化剧本编写
[root@openvpn tasks]# cat ../defaults/main.yml # 变量
USER_NAME: www
GROUP_NAME: www
UID: 666
GID: 666
[root@openvpn base]# cat tasks/main.yml
- name: stop selinux
selinux:
state: disabled
- name: stop firewalld
systemd:
name: firewalld
state: stopped
- name: config yum CentOS.repo
copy:
src: CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: config yum epel.repo
copy:
src: epel.repo
dest: /etc/yum.repos.d/
- name: config sysctl.conf
copy:
src: sysctl.conf
dest: /etc/
notify: restart_sysctl
- name: create www group
group:
name: "{{ USER_NAME }}"
gid: "{{ UID }}"
- name: create www user
user:
name: "{{ USER_NAME }}"
group: "{{ GROUP_NAME }}"
uid: "{{ UID}}"
- name: install ntpdate server
yum:
name: ntpdate
state: present
- name: ntpdate.aliyun.com
shell: "ntpdate ntp.aliyun.com"
二、web集群安装nginx和php
# web_group机器安装nginx准备文件
[root@m01 files]# pwd
/project/roles/nginx/files
[root@m01 files]# ll
total 8
-rw-r--r-- 1 root root 720 May 26 23:31 nginx.conf # 改成 user=www
-rw-r--r-- 1 root root 378 May 26 23:29 nginx.repo
# web_group机器安装nginx剧本编写
[root@openvpn nginx]# cat handlers/main.yml # 触发器配置文件
- name: restart_nginx
systemd:
name: nginx
state: restarted
[root@openvpn nginx]# cat tasks/main.yml
- name: config nginx repo
copy:
src: nginx.repo
dest: /etc/yum.repos.d/
- name: install nginx mariadb
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: "mariadb-server" }
- { name: "nginx" }
- { name: "nfs-utils" }
- name: config nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/
notify: restart_nginx
- name: start nginx server
systemd:
name: nginx
state: started
enabled: yes
# web_group机器安装php准备文件
[root@m01 roles]# ll php/files/
total 19508
-rw-r--r-- 1 root root 62646 May 27 19:11 php.ini
#原配置
#session.save_handler = files
session.save_handler = redis
#;session.save_path = "/tmp"
session.save_path = "tcp://172.16.1.51:6379"
-rw-r--r-- 1 root root 19889622 Apr 1 19:48 php.tar.gz
-rw-r--r-- 1 root root 17962 May 27 19:11 www.conf
upload_max_filesize = 200M
post_max_size = 200M
# user=www group=www
# 注释以下两行
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
[root@openvpn php]# cat handlers/main.yml
- name: restart_php
systemd:
name: php-fpm
state: restarted
# web_group机器安装php剧本编写
[root@openvpn php]# cat handlers/main.yml
- name: restart_php
systemd:
name: php-fpm
state: restarted
[root@openvpn php]# cat tasks/main.yml
- name: unarchive php.tar.gz
unarchive:
src: php.tar.gz
dest: /tmp/
- name: install php server
shell: yum -y localinstall /tmp/*.rpm
- name: config php www.conf
copy:
src: www.conf
dest: /etc/php-fpm.d/
notify: restart_php
- name: config php php.ini
copy:
src: php.ini
dest: /etc/
notify: restart_php
- name: impower www /lib/php/session
shell: chown -R www.www /var/lib/php/session
- name: start php server
systemd:
name: php-fpm
state: started
enabled: yes
三、nfs共享服务器
# nfs剧本编写准备文件
[root@openvpn roles]# cd nfs/files/
[root@openvpn files]# ll
total 11804
# 安装的软件
-rw-r--r-- 1 root root 1779690 Jun 3 20:37 textpattern-4.8.7.tar.gz
-rw-r--r-- 1 root root 10291831 Jun 3 20:37 decmsv6-master.zip
# nfs创建挂载点
-rw-r--r-- 1 root root 213 Jun 3 20:37 exports
# nfs实时备份的backup
-rw-r--r-- 1 root root 4 Jun 3 20:37 rsync.passwd
-rwxr-xr-x 1 root root 79 Jun 3 20:37 rsync.sh
drwxr-xr-x 2 root root 41 Jun 3 20:37 sersync2
[root@m01 files]# cat exports
/data_wp 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data_mm 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data_conf 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
[root@m01 files]# cat rsync.sh
#! /bin/
/usr/local/sersync2/sersync2 -dro /usr/local/sersync2/confxml.xml
[root@m01 sersync2]# cat confxml.xml
...
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/data_wp">
<remote ip="172.16.1.41" name="data"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rsync_mm" passwordfile="/etc/rsync.passwd"/>
...
# nfs剧本编写
[root@openvpn nfs]# cat tasks/main.yml
- name: install nfs server
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: "nfs-utils" }
- { name: "rpcbind" }
- name: config nfs server
copy:
src: exports
dest: /etc/exports
- name: mkdir data_{wp,conf,mm}
file:
path: "{{ item }}"
state: directory
owner: www
group: www
recurse: yes
with_items:
- /data_wp
- /data_conf
- /data_mm
- name: tar xf decmsv6-master.zip && textpattern-4.8.7.tar.gz
unarchive:
src: "{{ item.dealing }}"
dest: /data_mm/
owner: www
group: www
with_items:
- { dealing: "decmsv6-master.zip" }
- { dealing: "textpattern-4.8.7.tar.gz" }
- name: start nfs server
systemd:
name: nfs
state: restarted
enabled: yes
- name: config nfs sesync2
copy:
src: sersync2
dest: /usr/local/
mode: 0755
- name: config nfs rsync.passwd
copy:
src: rsync.passwd
dest: /etc/
mode: 0600
- name: script nfs rsync.sh
script: rsync.sh
四、backup备份服务器
# backup剧本准备文件
[root@m01 roles]# ll rsync/files/
total 8
-rw-r--r-- 1 root root 390 May 29 15:55 rsyncd.conf # rsync的配置文件
-rw-r--r-- 1 root root 13 May 29 15:55 rsync.passwd # rsync的密码配置文件 rsync_mm:123 #rsync_mm虚拟用户 密码123
# backup剧本编写
[root@m01 handlers]# cat main.yml # 触发器配置
- name: restart_rsyncd
systemd:
name: rsyncd
state: restarted
[root@openvpn rsync]# cat tasks/main.yml
- name: yum install rsync
yum:
name: rsync
state: present
- name: config backup rsyncd.conf
copy:
src: rsyncd.conf
dest: /etc/
notify: restart_rsyncd
- name: config backup rsync.passwd
copy:
src: rsync.passwd
dest: /etc/
mode: 0600
- name: mkdir backup && data
file:
path: "{{ item }}"
state: directory
owner: www
group: www
recurse: yes
with_items:
- /backup
- /data
- name: start rsync server
systemd:
name: rsyncd
state: started
enabled: yes
五、db数据库
# 1.安装数据库和redis准备文件
[root@openvpn files]# ll
total 48
-rw-r----- 1 root root 46731 Jun 2 17:33 redis.conf (bind 172.16.1.51)
# 2.安装数据库和redis剧本编写
[root@openvpn mariadb]# cat tasks/main.yml
- name: install mariadb redis server
yum:
name: "{{ item.name }}"
state: present
with_items:
- { name: "mariadb-server" }
- { name: "MySQL-python" }
- { name: "redis" }
- name: config redis.conf
copy:
src: redis.conf
dest: /etc/
- name: start mariadb redis server
systemd:
name: "{{ item.start }}"
state: started
enabled: yes
with_items:
- { start: "mariadb" }
- { start: "redis" }
# 3.创建数据库和redis剧本编写
[root@openvpn tasks]# pwd
/project/roles/database/tasks
[root@openvpn roles]# cat database/tasks/main.yml
- name: create decmsv6 && textpattern
mysql_db:
name: "{{ item }}"
state: present
with_items:
- dedecmsv6
- textpattern
- name: create root user
mysql_user:
name: "root"
host: "172.16.1.%"
password: "123"
priv: "*.*:ALL"
state: present
- name: mysqladmin root password
shell: mysqladmin -uroot password '123'
- name: start mariadb server
systemd:
name: mariadb
state: restarted
六、web集群机器挂载
# web_grou准备文件
[root@openvpn files]# ll
total 8
-rw-r--r-- 1 root root 351 Jun 5 11:55 linux12.decmsv6.mm.conf
-rw-r--r-- 1 root root 359 Jun 5 11:55 linux12.textpattern.mm.conf
drwxr-xr-x 2 root root 42 Jun 5 11:08 ssl_key
[root@openvpn files]# cat linux12.decmsv6.mm.conf
server {
listen 80;
server_name linux12.decmsv6.mm;
root /mm/DedeCMSV6/src/;
location / {
index index.php index.html;
}
location ~* \.php$ {
fastcgi_pass localhost:9000;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@openvpn files]# cat linux12.textpattern.mm.conf
server {
listen 88;
server_name linux12.textpattern.mm;
root /mm/textpattern-4.8.7/;
location / {
index index.php index.html;
}
location ~* \.php$ {
fastcgi_pass localhost:9000;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# web_group挂载剧本编写
[root@openvpn roles]# cat blog/handlers/main.yml #触发器
- name: restart_lnmp_nginx
systemd:
name: nginx
state: restarted
[root@openvpn blog]# cat tasks/main.yml
- name: mkdir mm
file:
path: /mm
state: directory
owner: www
group: www
- name: mount nfs data_mm
mount:
src: 172.16.1.31:/data_mm
path: /mm/
fstype: nfs
opts: defaults
state: mounted
- name: mount nfs data_conf
mount:
src: 172.16.1.31:/data_conf
path: /etc/nginx/conf.d/
fstype: nfs
opts: defaults
state: mounted
- name: config linux12.decmsv6.mm.conf && linux12.textpattern.mm.conf
copy:
src: "{{ item }}"
dest: /etc/nginx/conf.d/
with_items:
- linux12.decmsv6.mm.conf
- linux12.textpattern.mm.conf
- name: config ssl_key nginx
copy:
src: ssl_key
dest: /etc/nginx/
notify: restart_lnmp_nginx
- name: mount nfs data_wp
mount:
src: 172.16.1.31:/data_wp
path: /mm/textpattern-4.8.7/images/
fstype: nfs
opts: defaults
state: mounted
- name: restart nginx php-fpm
systemd:
name: "{{ item.name }}"
state: restarted
with_items:
- { name: "nginx" }
- { name: "php-fpm" }
七、挂载textpattern缺失文件
# 准备textpattern缺失文件
[root@openvpn ~]# cat /project/roles/web-nfs/files/config.php
<?php
$txpcfg['db'] = 'textpattern';
$txpcfg['user'] = 'root';
$txpcfg['pass'] = '123';
$txpcfg['host'] = '172.16.1.51';
$txpcfg['table_prefix'] = '';
$txpcfg['txpath'] = '/mm/textpattern-4.8.7/textpattern';
$txpcfg['dbcharset'] = 'utf8mb4';
// For more customization options, please consult config-dist.php file.
# 挂载textpattern缺失剧本编写
[root@openvpn ~]# cat /project/roles/web-nfs/tasks/main.yml
- name: config config.php
copy:
src: config.php
dest: /data_mm/textpattern-4.8.7/textpattern
owner: www
group: www
八、负载均衡文件
# slb负载均衡准备文件
[root@openvpn files]# ll
total 12
-rw-r--r-- 1 root root 333 May 27 21:45 proxy_params
drwxr-xr-x 2 root root 42 Jun 5 11:34 ssl_key
-rw-r--r-- 1 root root 243 Jun 3 21:02 upstream.decmsv6.conf
-rw-r--r-- 1 root root 250 Jun 3 21:05 upstream.textpattern.conf
[root@openvpn files]# cat proxy_params #优化文件
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 20s;
proxy_read_timeout 20s;
proxy_send_timeout 20s;
proxy_buffering on;
proxy_buffer_size 20k;
proxy_buffers 8 8k;
proxy_next_upstream http_500 http_502 http_503 http_504;
[root@openvpn files]# cat upstream.decmsv6.conf
upstream decmsv6 {
server 172.16.1.7:80;
server 172.16.1.8:80;
server 172.16.1.9:80;
}
server {
listen 80;
server_name linux12.decmsv6.mm;
rewrite (.*) https://$server_name$1;
}
server {
listen 443 ssl;
server_name linux12.decmsv6.mm;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://decmsv6;
include proxy_params;
}
}
[root@openvpn files]# cat upstream.textpattern.conf
upstream textpattern {
server 172.16.1.7:88;
server 172.16.1.8:88;
server 172.16.1.9:88;
}
server {
listen 80;
server_name linux12.textpattern.mm;
rewrite (.*) https://$server_name$1;
}
server {
listen 443 ssl;
server_name linux12.textpattern.mm;
ssl_certificate /etc/nginx/ssl_key/server.crt;
ssl_certificate_key /etc/nginx/ssl_key/server.key;
location / {
proxy_pass http://textpattern;
include proxy_params;
}
}
# slb负载均衡剧本编写
[root@openvpn files]# cat ../handlers/main.yml # 触发器配置文件
- name: restart_slb
systemd:
name: nginx
state: restarted
[root@openvpn files]# cat ../meta/main.yml # 依赖
dependencies:
- { role: nginx }
[root@openvpn files]# cat ../handlers/main.yml
- name: restart_slb
systemd:
name: nginx
state: restarted
[root@openvpn files]# cat ../meta/main.yml
dependencies:
- { role: nginx }
[root@openvpn files]# cat .. tasks/main.yml
- name: config slb server
copy:
src: "{{ item }}"
dest: /etc/nginx/conf.d
with_items:
- upstream.textpattern.conf
- upstream.decmsv6.conf
notify: restart_slb
- name: copy proxy_params
copy:
src: proxy_params
dest: /etc/nginx/
- name: copy default.conf nginx
shell: /usr/bin/mv /etc/nginx/conf.d/default.conf /tmp/
- name: start web nginx server
systemd:
name: nginx
state: restarted
enabled: yes
九、keepalived高可用
# keepalived准备文件
[root@openvpn templates]# ll
total 8
-rw-r--r-- 1 root root 255 Jun 2 21:16 check_web.sh.j2
-rw-r--r-- 1 root root 522 Jun 2 23:12 keepalived.j2
[root@openvpn templates]# cat check_web.sh.j2 # keepalived脚本切换文件
#!/bin/sh
nginxpid=$(ps -ef | grep [n]ginx | wc -l)
if [ $nginxpid -eq 0 ];then
systemctl restart nginx &>/dev/null
sleep 3
nginxpid=$(ps -ef | grep [n]ginx | wc -l)
if [ $nginxpid -eq 0 ];then
systemctl stop keepalived
fi
fi
[root@openvpn templates]# cat keepalived.j2 # keepalived配置文件
global_defs {
router_id {{ ansible_fqdn }}
}
vrrp_script check_web {
script "{{ CHECK_WEB }}"
interval 5
}
vrrp_instance VI_1 {
{% if ansible_fqdn == "lb01" %}
state BACKUP
priority 100
nopreempt
{% else %}
state BACKUP
priority 90
nopreempt
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{{ VIP }}
}
track_script {
check_web
}
}
# keepalived剧本编写
[root@openvpn keepalived]# cat defaults/main.yml #变量
CHECK_WEB: /root/check_web.sh
VIP: 192.168.15.102
[root@openvpn keepalived]# cat handlers/main.yml #触发器
- name: restart_keepalived
systemd:
name: keepalived
state: restarted
[root@openvpn keepalived]# cat tasks/main.yml
- name: Install keepalived Server
yum:
name: keepalived
state: present
- name: Config keepalived Server
template:
src: keepalived.j2
dest: /etc/keepalived/keepalived.conf
notify: restart_keepalived
- name: Config check_web.sh.j2
template:
src: check_web.sh.j2
dest: "{{ CHECK_WEB }}"
mode: 0755
notify: restart_keepalived
- name: Start keepalived Server
systemd:
name: keepalived
state: started
enabled: yes
十、prometheus监控web
# prometheus监控web端
[root@openvpn files]# ll
total 4
-rwxr-xr-x 1 root root 788 Jun 4 21:59 node.sh
[root@openvpn files]# cat node.sh
echo "1.下载"
cd /opt/ &&\
wget https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-amd64.tar.gz &&\
echo "2.解压"
tar xf /opt/node_exporter-1.1.2.linux-amd64.tar.gz -C /usr/local/ &&\
echo "3. 建立超链接"
ln -s /usr/local/node_exporter-1.1.2.linux-amd64/ /usr/local/node_exporter &&\
echo "4.创建systemd服务"
cat > /etc/systemd/system/node_exporter.service <<EOF
[Unit]
Description=This is prometheus node exporter
After=node_exporter.service
[Service]
Type=simple
ExecStart=/usr/local/node_exporter/node_exporter
ExecReload=/bin/kill -HUP
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
echo "5.启动node_exporter服务"
systemctl daemon-reload &&\
systemctl enable --now node_exporter.service
# prometheus监控web端剧本编写
[root@openvpn files]# cat ../tasks/main.yml
- name: script node.sh
script: node.sh
十一、prometheus监控db
# prometheus监控db准备文件
[root@openvpn files]# ll
total 6964
-rw-r--r-- 1 root root 7121565 Jun 2 09:09 mysqld_exporter-0.12.1.linux-amd64.tar.gz
-rwxr-xr-x 1 root root 234 Jun 4 19:36 mysqld_exporter.sh
-rwxr-xr-x 1 root root 515 Jun 4 19:53 mysqld_systemd.sh
[root@openvpn files]# cat mysqld_exporter.sh
echo "1. 建立超链接"
ln -s /usr/local/mysqld_exporter-0.12.1.linux-amd64/ /usr/local/mysqld_exporter &&\
echo "2.编辑my.cnf"
cat >> /usr/local/mysqld_exporter/.my.cnf <<EOF
[client]
host=172.16.1.51
user=root
password=123
EOF
[root@openvpn files]# cat mysqld_systemd.sh
echo "1.创建systemdqldmysqld_exporter.service务"
cat >> /usr/lib/systemd/system/mysqld_exporter.service <<EOF
[Unit]
Description=Prometheus
[Service]
Environment=DATA_SOURCE_NAME=root:123@(172.16.1.51:3306)/
ExecStart=/usr/local/mysqld_exporter/mysqld_exporter --config.my-cnf=/usr/local/mysqld_exporter/.my.cnf --web.listen-address=:9104
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
echo "2.启动node_exporter服务"
systemctl daemon-reload &&\
systemctl enable --now mysqld_exporter.service
# prometheus监控db剧本编写
[root@openvpn files]# cat ../tasks/main.yml
- name: unarchive mysqld_exporter-0.12.1.linux-amd64.tar.gz
unarchive:
src: mysqld_exporter-0.12.1.linux-amd64.tar.gz
dest: /usr/local/
- name: script mysqld_exporter.sh
script: mysqld_exporter.sh
notify: restart_mysqld_exporter.service
- name: script mysqld_systemd.sh
script: mysqld_systemd.sh
notify: restart_mysqld_exporter.service
[root@openvpn files]# cat ../handlers/main.yml
- name: restart_mysqld_exporter.service
systemd:
name: mysqld_exporter.service
state: restarted
十二、prometheus监控
# prometheus监控准备文件
[root@openvpn files]# ll
total 52480
-rw-r--r-- 1 root root 53727312 Jun 4 09:42 grafana-7.3.6-1.x86_64.rpm
-rw-r--r-- 1 root root 69491886 May 18 22:32 prometheus-2.27.1.linux-amd64.tar.gz
-rwxr-xr-x 1 root root 908 Jun 4 19:28 prometheus.sh
-rw-r--r-- 1 root root 1168 Jun 4 19:57 prometheus.yml
[root@openvpn files]# cat prometheus.sh
#echo "1.下载"
#cd /opt/ &&\
#wget https://github.com/prometheus/prometheus/releases/download/v2.27.1/prometheus-2.27.1.linux-amd64.tar.gz &&\
#echo "2.解压"
# tar -xf /opt/prometheus-2.27.1.linux-amd64.tar.gz -C /usr/local/ &&\
echo "3. 建立超链接"
ln -s /usr/local/prometheus-2.27.1.linux-amd64 /usr/local/prometheus &&\
echo "4.创建环境变量"
echo "export PATH=$PATH:/usr/local/prometheus/" >> /etc/profile.d/prometheus.sh &&\
echo "5.加载环境变量"
source /etc/profile &&\
echo "6.创建promethets的systemd启动文件"
cat >>/usr/lib/systemd/system/prometheus.service <<EOF
[Unit]
Description=https://prometheus.io
[Service]
Restart=on-failure
ExecStart=/usr/local/prometheus/prometheus --config.file=/usr/local/prometheus/prometheus.yml
[Install]
WantedBy=multi-user.target
EOF
echo "7.启动promethets"
systemctl daemon-reload &&\
systemctl enable --now prometheus.service
-rw-r--r-- 1 root root 1168 Jun 4 19:57 prometheus.yml
[root@openvpn files]# cat prometheus.yml
...
static_configs:
- targets: ['172.16.1.71:9090']
- job_name: 'linux12 web'
static_configs:
- targets: ['172.16.1.7:9100']
- targets: ['172.16.1.8:9100']
- targets: ['172.16.1.9:9100']
- job_name: 'linux12 slb'
static_configs:
- targets: ['172.16.1.5:9100']
- targets: ['172.16.1.6:9100']
- job_name: 'linux12 db'
static_configs:
- targets: ['172.16.1.51:9104']
# prometheus监控剧文件
[root@openvpn prometheus]# cat tasks/main.yml
- name: unarchive prometheus-2.27.1.linux-amd64.tar.gz
unarchive:
src: prometheus-2.27.1.linux-amd64.tar.gz
dest: /usr/local/
- name: script prometheus.sh
script: prometheus.sh
- name: config grafana-7.3.6-1.x86_64.rpm
copy:
src: grafana-7.3.6-1.x86_64.rpm
dest: /opt/
- name: install grafana-7.3.6-1.x86_64.rpm
shell: yum install -y /opt/grafana-7.3.6-1.x86_64.rpm
- name: config prometheus.yml
copy:
src: prometheus.yml
dest: /usr/local/prometheus/
- name: start grafana-server.service && prometheus.service
systemd:
name: "{{ item.name }}"
state: restarted
with_items:
- { name: "grafana-server.service" }
- { name: "prometheus.service" }
十三.剧本执行
[root@openvpn project]# cat site.yml
- hosts: all
roles:
- role: base
- hosts: web_group
roles:
- role: nginx
- role: php
- hosts: nfs_group
roles:
- role: nfs
- hosts: backup_group
roles:
- role: rsync
- hosts: db
roles:
- role: mariadb
- role: database
- hosts: web_group
roles:
- role: blog
- hosts: slb
roles:
- role: slb
- role: keepalived
[root@openvpn project]# cat rmon.yml
- hosts: nfs_group
roles:
- role: web-nfs
- hosts: rmon_group
roles:
- role: prometheus-web
- hosts: db
roles:
- role: prometheus-db
- hosts: prometheus
roles:
- role: prometheus
[root@m01 project]# ansible-playbook --syntax-check site.yml #检查lnmp剧本
[root@m01 project]# ansible-playbook --syntax-check rmon.yml #检查监控剧本
playbook: site.yml
[root@m01 project]# ansible-playbook site.yml # 一键执行剧本
[root@m01 project]# ansible-playbook rmon.yml # 一键执行剧本
十四、补充
如果数据库报错 这样执在数据库上执行以下步骤
[root@db01 local]# cd mysqld_exporter
[root@db01 mysqld_exporter]#
[root@db01 mysqld_exporter]# ll
total 14484
-rw-r--r-- 1 3434 3434 11325 Jul 29 2019 LICENSE
-rwxr-xr-x 1 3434 3434 14813452 Jul 29 2019 mysqld_exporter
-rw-r--r-- 1 3434 3434 65 Jul 29 2019 NOTICE
[root@db01 mysqld_exporter]# cat .my.cnf
[client]
host=172.16.1.51
user=root
password=123
[root@db01 mysqld_exporter]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| dedecmsv6 |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> select Host,User from user;
+------------+------+
| Host | User |
+------------+------+
| 127.0.0.1 | root |
| 172.16.1.% | root |
| ::1 | root |
| db01 | |
| db01 | root |
| localhost | |
| localhost | root |
+------------+------+
7 rows in set (0.02 sec)
MariaDB [mysql]> grant all on *.* to root@'172.16.1.%' identified by '123';
Query OK, 0 rows affected (0.02 sec)
MariaDB [mysql]> delete from user where Host <> "172.16.1.%";
Query OK, 6 rows affected (0.00 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> select Host,User from user;
+------------+------+
| Host | User |
+------------+------+
| 172.16.1.% | root |
+------------+------+
1 row in set (0.00 sec)
MariaDB [mysql]> Ctrl-C -- exit!
Aborted
[root@db01 mysqld_exporter]# systemctl restart mariadb.service mysqld_exporter.service
93
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
