主机分配
haproxy+keepalived
172.25.33.1
172.25.33.4
httpd
172.25.33.2
172.25.33.3
主机组文件
[devops@server1 ansible]$ cat inventory
[webserver]
server2 http_ip=172.25.33.2
server3 http_ip=172.25.33.3
[lb]
server1 STATE=MASTER RVID=33 PRI=100
server4 STATE=BACKUP RVID=33 PRI=100
ansible配置文件
[devops@server1 ansible]$ cat ansible.cfg
[defaults]
inventory = /home/devops/ansible/inventory
roles path = ./roles
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
创建roles目录,进入该目录
ansible-galaxy init apache
ansible-galaxy init haproxy
ansible-galaxy init keepalived
编写每个目录的下的文件
Apache
httpd.conf可以不修改
cat roles/apache/handlers/main.yml
---
- name: restart httpd
service:
name: httpd
state: restarted
cat roles/apache/tasks/main.yml
---
- name: install httpd
yum:
name: httpd
state: present
- name: copy index.html
copy:
content: "{{ ansible_facts['hostname'] }}"
dest: /var/www/html/index.html
- name: configure file
template:
src: httpd.conf.j2
dest: /etc/httpd/conf/httpd.conf
owner: root
group: root
mode: 644
notify: restart httpd
- name: start httpd and firewalld
service:
name: "{{ item }}"
state: started
loop:
- firewalld
- httpd
- name: configure firewalld
firewalld:
service: http
permanent: yes
immediate: yes
state: enabled
haproxy
[devops@server1 ansible]$ cat roles/haproxy/tasks/main.yml
---
- name: install haproxy
yum:
name: haproxy
state: present
- name: start haproxy
service:
name: haproxy
state: started
- name: configure haproxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
notify: restart haproxy
[devops@server1 ansible]$ cat roles/haproxy/handlers/main.yml
---
- name: restart haproxy
service:
name: haproxy
state: restarted
[devops@server1 ansible]$ cat roles/haproxy/templates/haproxy.cfg.j2
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
stats uri /status
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#---------------------------------------------------------------------
backend app
balance roundrobin
server server1 172.25.33.2:80 check
server server2 172.25.33.3:80 check
keepalived
[devops@server1 ansible]$ cat roles/keepalived/tasks/main.yml
---
- name: install keepalived
yum:
name: keepalived
state: present
- name: start keepalived
service:
name: keepalived
state: started
- name: configure keepalived
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: restart keepalived
[devops@server1 ansible]$ cat roles/keepalived/handlers/main.yml
---
- name: restart keepalived
service:
name: keepalived
state: restarted
[devops@server1 ansible]$ cat roles/keepalived/templates/keepalived.conf.j2
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ RVID }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.33.100
}
}
编写主文件
[devops@server1 ansible]$ cat playbook.yaml
---
- hosts: all
tasks:
- import_role:
name: apache
when: ansible_hostname in groups['webserver']
- import_role:
name: haproxy
when: ansible_hostname in groups['lb']
- import_role:
name: keepalived
when: ansible_hostname in groups['lb']
执行结果
此时关闭keepalived主节点,VIP漂移,访问依然正常