前言:
藉助Ansible自動部署LNAMP,實現高可用nginx反代服務器,中部http+php提供web服務,後端鏈接同一臺mysql數據庫
實驗環境:
ansible主機:10.0.0.10/8
nginx(主):10.0.0.11/8
nginx(備):10.0.0.12/8
虛擬IP:10.0.0.111/32
http1:10.0.0.21/8
http2:10.0.0.22/8
mysql:10.0.0.30/8
編輯Ansible的hosts文件
####Nginx反代主機地址及變量設置 [agent_server] 10.0.0.11 STATE=MASTER PRIORITY=100 ip_addr=10.0.0.11 10.0.0.12 STATE=BACKUP PRIORITY=95 ip_addr=10.0.0.12 # 註釋: STATE爲keepalived的配置文件主備配置所需變量 # ip_addr: 爲nginx配置文件模板所需的變量 #http服務器組變量配置 [agent_server:vars] package=nginx,keepalived #package這個變量提供nginx反代服務器所需的安裝包 web_server1=10.0.0.21 #nginx 配置文件必須調用的後端服務器地址 web_server2=10.0.0.22 ###Web服務器地址及變量配置 [web_server] 10.0.0.21 10.0.0.22 #Web服務器地址及變量配置 [web_server:vars] package=httpd,php,php-mysql dbserver=10.0.0.30 #discuz配置文件所需調用的變量 ###數據庫主機配置 [db_server] 10.0.0.30 [dbserver:vars] package=mariadb-server
創建roles目錄
# cd /etc/ansible/roles/ # 創建目錄所需的角色目錄 # mkdir -pv nginx/{tasks,files,templates,handlers,mate,default,vars} # mkdir -pv httpd/{tasks,files,templates,handlers,mate,default,vars}
配置nginx角色
創建tasks任務文件
- name: install nginx & keepalived packages ##包安裝 yum: name={{ package }} state=present- name: nginx configuration ##複製nginx配置文件,複製模板至遠程主機;配置文件本地放置在template目錄 template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf - name: keepalived configuration ## keepalived配置文件,複製模板至遠程主機 template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf - name: nginx service start ##啓動nginx服務 service: name=nginx state=started - name: keepalived service start service: name=keepalived state=started - name: copy nginx check script ## 複製nginx服務檢測腳本至遠程主機 copy: src=chk_nginx.sh dest=/etc/keepalived/ - name: change script mod ## 爲腳本文件賦權限 shell: chmod +x /etc/keepalived/chk_nginx.sh
創建nginx配置文件模板:
複製nginx配置文件到template目錄中以.j2結尾 # cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2 # vim nginx.conf.j2 http { ... upstream {{ ip_addr }} { #此處變量爲hosts中定義的nginx的IP地址 server {{ web_server1 }}:8080 weight=2 max_fails=3 fail_timeout=5; # web_server後端服務器 server {{ web_server2 }}:8080 weight=1 max_fails=3 fail_timeout=5; # 注意,使用非默認端口一定要指定端口 #此處upstream 定義的主機組的名字不是字符串,是因爲字符串的命令會導致discuz時無法加載圖片 #若你發現用反向代理訪問論壇無法顯示圖片時,那很可能就和此處的設定有關 } server { listen 80 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { proxy_pass http://{{ ip_addr }}; proxy_pass_header User-Agent; proxy_set_header Host $Host; # 需要注意的是:以上關於header的兩項配置是使用discuz所必須的,否則會出現驗證碼無法顯示等安全問題 } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } }
nginx服務檢測腳本:
#!/bin/bash # declare -i i=1 until [ $i -eq 3 ]; do if curl http://127.0.0.1/ &> /dev/null; then exit 0 else systemctl restart nginx.service #自己在測試時最好先註銷,看停掉服務是否能夠實現地址漂移 sleep 2 let i++ [ $i -eq 3 ] && exit 2 fi done
創建keepalived的配置文件模板:
# cp /etc/keepalived/keepalived.conf nginx/templates/keepalived.conf.j2 # vim nginx/templates/keepalived.conf.j2
創建keepalived的配置文件模板
# vim keepalived.conf.j2 ! Configuration File for keepalived global_defs { notification_email { # 收件人郵箱地址配置 [email protected] [email protected] [email protected] } # 發件人配置 notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ansible_nodename }} #ansible的facts變量,變量值爲主機名 } ## 定義nginx健康狀態檢測腳本 vrrp_script chk_nginx { script "/etc/keepalived/chk_nginx.sh" # interval 2 # 每兩秒執行一次腳本 priority -5 # 腳本返回失敗時,優先級減5,weight -5 也可實現地址漂移,但成功率不高 #腳本的作用是:當檢測nginx服務不在線時,將返回失敗的狀態給keepalived,然後keepalived自減權重,地址就會產生漂移 } vrrp_instance VI_1 { state {{ STATE }} # 主機初始狀態變量 interface eno16777736 # 提供服務的地址接口 virtual_router_id 51 # 路由ID,主備必須一致(0-255取值範圍 priority {{ PRIORITY }} # Hosts中事先定義了優先級變量 advert_int 1 # 心跳報文發送頻率(秒) authentication { auth_type PASS # 認證方式 auth_pass 9998 # 認證密碼 (建議使用隨即字符串) } virtual_ipaddress { 10.0.0.111/32 # 提供服務的IP地址,此地址在主備之間流動 } } track_script { # 調用上面定義的腳本 chk_nginx }
配置httpd角色
創建httpd的tasks任務文件
- name: install httpd & php php-mysql yum: name={{ package }} state=present - name: httpd configration template: src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf - name: httpd service startd service: name=httpd state=started - name: copy Discuz to web server copy: src=Discuz_X3.1_SC_UTF8.zip dest=/var/www/html/ - name: unzip Discuz shell: "cd /var/www/html; unzip -oq Discuz_X3.1_SC_UTF8.zip; mv upload bbs" # 命名爲bbs較爲簡短 - name: configure Discuz template: src=config_global_default.php.j2 dest=/var/www/html/bbs/config/config_global_default.php - name: change Discuz files owner & mod shell: "chown -R apache:apache /var/www/html/{bbs,utility}; chmod 755 -R /var/www/html/{bbs,utility}"
提供httpd配置文件模板:
# cp /etc/httpd/conf/httpd.conf httpd/templates/httpd.conf.j2 Listen 8080
Discuz配置文件在壓縮包中提取,3.1版本配置文件路徑爲
upload/config/config_global_default.php
解壓之後修改配置
$_config['db'][1]['dbhost'] = '{{ db_server }}'; # mysql或mariadb數據庫主機(使用變量替換) $_config['db'][1]['dbuser'] = 'discuz'; # mysql數據庫用戶名 $_config['db'][1]['dbpw'] = 'magedu'; # mysql數據庫密碼 $_config['db'][1]['dbcharset'] = 'utf8'; # 數據庫字符集 $_config['db'][1]['pconnect'] = 0; # 是否允許持久連接(0表示不啓用) $_config['db'][1]['dbname'] = 'discuz'; # mysql數據名稱 $_config['db'][1]['tablepre'] = 'pre_';
配置mariadb角色
創建tasks任務文件
roles]# mkdir -pv mariadb/{tasks,files,templates,handlers,mate,default,vars} # vim mariadb/tasks/mail.yml #!/bin/bash # mysql -e "create database discuz" web_server="10.0.0.21 10.0.0.22" for i in $web_server; do mysql -e "grant all on discuz.* to discuz@$i identified by 'magedu'" done ~
提供mariadb配置文件模板
# cp /etc/my.cnf mariadb/templates/my.cnf.j2 [mysqld]datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock# Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links=0skip_name_resolve = ON # 取消主機名反解innodb_file_per_table = ON # 使用innodb引擎
創建playbook調用角色
nginx
- hosts: agent_server remote_user: root tasks: roles: - nginx
httpd
- hosts: web_server remote_user: root tasks: roles: - httpd
mariadb
- host: db_server remote_user: root tasks: roles: - mariadb
未完待續。。。。