前言:
藉助Ansible自動部署LNAMP,實現高可用nginx反代服務器,中部http+php提供web服務,後端鏈接同一臺mysql數據庫
實驗環境:
ansible主機:10.0.0.10/8
nginx(主):10.0.0.11/8
nginx(備):10.0.0.12/8
虛擬IP:10.0.0.111/32
http1:10.0.0.21/8
http2:10.0.0.22/8
mysql:10.0.0.30/8
編輯Ansible的hosts文件
####Nginx反代主機地址及變量設置 [agent_server] 10.0.0.11 STATE=MASTER PRIORITY=100 ip_addr=10.0.0.11 10.0.0.12 STATE=BACKUP PRIORITY=95 ip_addr=10.0.0.12 # 註釋: STATE爲keepalived的配置文件主備配置所需變量 # ip_addr: 爲nginx配置文件模板所需的變量 #http服務器組變量配置 [agent_server:vars] package=nginx,keepalived #package這個變量提供nginx反代服務器所需的安裝包 web_server1=10.0.0.21 #nginx 配置文件必須調用的後端服務器地址 web_server2=10.0.0.22 ###Web服務器地址及變量配置 [web_server] 10.0.0.21 10.0.0.22 #Web服務器地址及變量配置 [web_server:vars] package=httpd,php,php-mysql dbserver=10.0.0.30 #discuz配置文件所需調用的變量 ###數據庫主機配置 [db_server] 10.0.0.30 [dbserver:vars] package=mariadb-server
創建roles目錄
# cd /etc/ansible/roles/
# 創建目錄所需的角色目錄
# mkdir -pv nginx/{tasks,files,templates,handlers,mate,default,vars}
# mkdir -pv httpd/{tasks,files,templates,handlers,mate,default,vars}配置nginx角色
創建tasks任務文件
- name: install nginx & keepalived packages ##包安裝
yum: name={{ package }} state=present- name: nginx configuration ##複製nginx配置文件,複製模板至遠程主機;配置文件本地放置在template目錄
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: keepalived configuration ## keepalived配置文件,複製模板至遠程主機
template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
- name: nginx service start ##啓動nginx服務
service: name=nginx state=started
- name: keepalived service start
service: name=keepalived state=started
- name: copy nginx check script ## 複製nginx服務檢測腳本至遠程主機
copy: src=chk_nginx.sh dest=/etc/keepalived/
- name: change script mod ## 爲腳本文件賦權限
shell: chmod +x /etc/keepalived/chk_nginx.sh創建nginx配置文件模板:
複製nginx配置文件到template目錄中以.j2結尾
# cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2
# vim nginx.conf.j2
http {
...
upstream {{ ip_addr }} { #此處變量爲hosts中定義的nginx的IP地址
server {{ web_server1 }}:8080 weight=2 max_fails=3 fail_timeout=5; # web_server後端服務器
server {{ web_server2 }}:8080 weight=1 max_fails=3 fail_timeout=5; # 注意,使用非默認端口一定要指定端口
#此處upstream 定義的主機組的名字不是字符串,是因爲字符串的命令會導致discuz時無法加載圖片
#若你發現用反向代理訪問論壇無法顯示圖片時,那很可能就和此處的設定有關
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://{{ ip_addr }};
proxy_pass_header User-Agent;
proxy_set_header Host $Host;
# 需要注意的是:以上關於header的兩項配置是使用discuz所必須的,否則會出現驗證碼無法顯示等安全問題
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}nginx服務檢測腳本:
#!/bin/bash # declare -i i=1 until [ $i -eq 3 ]; do if curl http://127.0.0.1/ &> /dev/null; then exit 0 else systemctl restart nginx.service #自己在測試時最好先註銷,看停掉服務是否能夠實現地址漂移 sleep 2 let i++ [ $i -eq 3 ] && exit 2 fi done
創建keepalived的配置文件模板:
# cp /etc/keepalived/keepalived.conf nginx/templates/keepalived.conf.j2 # vim nginx/templates/keepalived.conf.j2
創建keepalived的配置文件模板
# vim keepalived.conf.j2
! Configuration File for keepalived
global_defs {
notification_email { # 收件人郵箱地址配置
[email protected]
[email protected]
[email protected]
}
# 發件人配置
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_nodename }} #ansible的facts變量,變量值爲主機名
}
## 定義nginx健康狀態檢測腳本
vrrp_script chk_nginx {
script "/etc/keepalived/chk_nginx.sh" #
interval 2 # 每兩秒執行一次腳本
priority -5 # 腳本返回失敗時,優先級減5,weight -5 也可實現地址漂移,但成功率不高
#腳本的作用是:當檢測nginx服務不在線時,將返回失敗的狀態給keepalived,然後keepalived自減權重,地址就會產生漂移
}
vrrp_instance VI_1 {
state {{ STATE }} # 主機初始狀態變量
interface eno16777736 # 提供服務的地址接口
virtual_router_id 51 # 路由ID,主備必須一致(0-255取值範圍
priority {{ PRIORITY }} # Hosts中事先定義了優先級變量
advert_int 1 # 心跳報文發送頻率(秒)
authentication {
auth_type PASS # 認證方式
auth_pass 9998 # 認證密碼 (建議使用隨即字符串)
}
virtual_ipaddress {
10.0.0.111/32 # 提供服務的IP地址,此地址在主備之間流動
}
}
track_script { # 調用上面定義的腳本
chk_nginx
}配置httpd角色
創建httpd的tasks任務文件
- name: install httpd & php php-mysql
yum: name={{ package }} state=present
- name: httpd configration
template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
- name: httpd service startd
service: name=httpd state=started
- name: copy Discuz to web server
copy: src=Discuz_X3.1_SC_UTF8.zip dest=/var/www/html/
- name: unzip Discuz
shell: "cd /var/www/html; unzip -oq Discuz_X3.1_SC_UTF8.zip; mv upload bbs" # 命名爲bbs較爲簡短
- name: configure Discuz
template: src=config_global_default.php.j2 dest=/var/www/html/bbs/config/config_global_default.php
- name: change Discuz files owner & mod
shell: "chown -R apache:apache /var/www/html/{bbs,utility}; chmod 755 -R /var/www/html/{bbs,utility}"提供httpd配置文件模板:
# cp /etc/httpd/conf/httpd.conf httpd/templates/httpd.conf.j2 Listen 8080
Discuz配置文件在壓縮包中提取,3.1版本配置文件路徑爲
upload/config/config_global_default.php
解壓之後修改配置
$_config['db'][1]['dbhost'] = '{{ db_server }}'; # mysql或mariadb數據庫主機(使用變量替換)
$_config['db'][1]['dbuser'] = 'discuz'; # mysql數據庫用戶名
$_config['db'][1]['dbpw'] = 'magedu'; # mysql數據庫密碼
$_config['db'][1]['dbcharset'] = 'utf8'; # 數據庫字符集
$_config['db'][1]['pconnect'] = 0; # 是否允許持久連接(0表示不啓用)
$_config['db'][1]['dbname'] = 'discuz'; # mysql數據名稱
$_config['db'][1]['tablepre'] = 'pre_';配置mariadb角色
創建tasks任務文件
roles]# mkdir -pv mariadb/{tasks,files,templates,handlers,mate,default,vars}
# vim mariadb/tasks/mail.yml
#!/bin/bash
#
mysql -e "create database discuz"
web_server="10.0.0.21 10.0.0.22"
for i in $web_server; do
mysql -e "grant all on discuz.* to discuz@$i identified by 'magedu'"
done
~提供mariadb配置文件模板
# cp /etc/my.cnf mariadb/templates/my.cnf.j2 [mysqld]datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock# Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links=0skip_name_resolve = ON # 取消主機名反解innodb_file_per_table = ON # 使用innodb引擎
創建playbook調用角色
nginx
- hosts: agent_server remote_user: root tasks: roles: - nginx
httpd
- hosts: web_server remote_user: root tasks: roles: - httpd
mariadb
- host: db_server remote_user: root tasks: roles: - mariadb
未完待續。。。。