要求:
使用ansible部署以下任务:
(1) 在VS部署主/备模型的keepalived + nginx的负载均衡;
(2) 在RS主机上部署httpd + php + php-mysql;
(3) 在第五台主机上部署mariadb-server, 并且数据库拥有testdb库, 并运行testuser对其拥有所有权;
步骤:
-
各主机IP规划
主机A: IPADDR=10.1.52.11
主机B: IPADDR=10.1.52.22
主机C: IPADDR=10.1.52.2
主机D: IPADDR=10.1.52.3
主机E: IPADDR=10.1.52.4
其中主机A,B为keepalived+nginx的VS主机; 主机C,D部署httpd,php和php-mysql; 主机E部署mariadb-server.
2. 首先在A上安装ansible, 并编辑/etc/ansible/hosts文件, 添加如下内容
[lvssrv] 10.1.52.11 STATE='MASTER' WEIGHT='100' VRIP='123' # 提供lvs服务 10.1.52.22 STATE='BACKUP' WEIGHT='98' VRIP='122' # 提供lvs服务 [websrv] 10.1.52.2 #提供httpd服务 10.1.52.3 #提供httpd服务 [dbsrv] 10.1.52.4 #提供mysql服务
3. 在/etc/ansible/roles目录下创建各需要的目录
mkdir -pv /etc/ansible/roles/{nginx,keepalived,httpd,mysql}/{files,tasks,templates,vars,handlers,meta,defaults}
4. 为keepalived提供playbook的roles文件
(1) 创建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下内容
- name: install keepalived yum: name=keepalived state=latest - name: copy nofigy.sh copy: src=notify.sh dest=/etc/keepalived/notify - name: Virtual IP address shell: /usr/sbin/ip add add 10.1.52.123/16 dev eno16777736 - name: start keepalived service shell: /usr/bin/systemctl start keepalived - name: copy conf file template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf tags: instconf notify: reload keepalived service
(2) 提供templates的模板配置文件/etc/ansible/roles/keepalived/templates/keepalived.conf.j2, 内同如下, 其中参数部分, 在/etc/ansible/hosts文件中已经给出:
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_hostname }}
vrrp_mcast_group4 224.0.52.123
}
vrrp_script chk_down {
script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0"
interval 1
weight -5
}
vrrp_script chk_nginx {
script "killall -0 nginx && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eno16777736
virtual_router_id {{ VRIP }}
priority {{ WEIGHT }}
advert_int 1
authentication {
auth_type PASS
auth_pass 571f97b2
}
virtual_ipaddress {
10.1.52.123/16 dev eno16777736
}
track_script {
chk_down
chk_nginx
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
notify_fault "/etc/keepalived/notify.sh fault"
}
(3) 提供notify.sh脚本, 放置在/etc/ansible/roles/keepalived/files/目录下, 内容如下
#!/bin/bash
#
contact='root@localhost'
notify() {
mailsubject="$(hostname) to be $1, vip floating"
mailbody="$(date +'%F %T'):vrrp transition, $(hostname) changed to be $1"
echo "$mailbody" | mail -s "$mailsubject" $contact
}
case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo "Usage: $(basename $0) {maseter|backup|fault}"
exit 1
esac
(4) 提供handlers文件, 文件名为/etc/ansible/roles/keepalived/handlers/main.yml, 内容如下
- name: reload keepalived service shell: "/usr/bin/systemctl restart keepalived.service"
5. 为nginx提供playbook的roles文件
(1) 创建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下内容
- name: copy nginx package
copy: src=nginx-1.10.2-1.el7.ngx.x86_64.rpm dest=/tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm
- name: install nginx
shell: "/usr/bin/yum -y install /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm"
- name: delete nginx package
shell: "/usr/bin/rm -f /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm"
- name: copy conf file
copy: src={{ item.ngxconfj2 }} dest={{ item.ngxconf }}
with_items:
- { ngxconfj2: nginx.conf.j2, ngxconf: /etc/nginx/nginx.conf }
- { ngxconfj2: nginx.default.conf.j2, ngxconf: /etc/nginx/conf.d/default.conf }
- name: start nginx service
shell: "/usr/bin/systemctl start nginx"
(2) 在/etc/ansible/roles/nginx/files/目录下放置nginx的rpm安装文件
示例用版本为: nginx-1.10.2-1.el7.ngx.x86_64.rpm
(3) 为nginx提供负载均衡的配置文件, 放置在/etc/ansible/roles/nginx/files/目录下, 文件名与修改的配置文件内容如下, 其他为默认:
(a) nginx.conf.j2
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log main;
keepalive_timeout 65;
upstream websrvs {
server 10.1.52.2;
server 10.1.52.3;
}
include /etc/nginx/conf.d/*.conf;
}
(b) nginx.default.conf.j2
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
proxy_pass http://websrvs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
6. 为httpd, php, php-mysql提供playbook的roles文件
(1) 在/etc/ansible/roles/httpd/templates/index.html.j2文件, 内容如下
<h1> {{ ansible_hostname }} </h1>
(2) 创建/etc/ansilbe/roles/httpd/tasks/main.yml文件, 添加如下内容
- name: install httpd php and php-mysql
yum: name={{ item }} state=latest
with_items:
- httpd
- php
- php-mysql
- name: support index.html
template: src=index.html.j2 dest=/var/www/html/index.html
- name: copy set.sh
copy: src=set.sh dest=/root/set.sh
- name: add ip address
shell: bash /root/set.sh start
- name: start httpd service
shell: "/usr/bin/systemctl start httpd.service"
(3) 在/etc/ansible/roles/httpd/files/目录下, 创建set.sh文件, 内容如下:
#!/bin/bash # vip='10.1.52.123' vport='80' netmask='255.255.255.255' iface='lo:0' case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $iface $vip netmask $netmask broadcast $vip up route add -host $vip dev $iface ;; stop) ifconfig $iface down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce esac
7. 为httpd, php, php-mysql提供playbook的roles文件
(1) 在/etc/ansible/roles/mysql/tasks/index.html.j2文件, 内容如下
- name: isntall mariadb-server yum: name=mariadb-server state=latest - name: copy cnf file copy: src=my.cnf dest=/etc/my.cnf - name: copy sql script copy: src=grant_testuser.sql dest=/root/grant_testuser.sql - name: start mariadb service shell: /usr/bin/systemctl start mariadb.service - name: create database and grant user shell: "/usr/bin/mysql < /root/grant_testuser.sql"
(2) 在/etc/ansible/roles/mysql/files/目录下创建grant_testuser.sql文件, 内容如下
CREATE DATABASE testdb; GRANT ALL ON *.* TO 'testuser'@'localhost' IDENTIFIED BY 'testpass'; GRANT ALL ON *.* TO 'testuser'@'10.1.52.%' IDENTIFIED BY 'testpass'; GRANT ALL ON *.* TO 'testuser'@'127.0.0.1' IDENTIFIED BY 'testpass';
(3) 在/etc/ansible/roles/mysql/files/下创建my.cnf, 内容如下:
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid skip_name_resolve = ON innodb_file_per_table = ON !includedir /etc/my.cnf.d
8. 在/erc/ansible/目录下分别创建各程序的playbook的yml文件
(1) 创建keepalived.yml, 内容如下
- hosts: lvssrv remote_user: root roles: - keepalived
(2) 创建nginx.yml, 内容如下:
- hosts: lvssrv remote_user: root roles: - nginx
(3) 创建httpd.yml, 内容如下
- hosts: websrv remote_user: root roles: - httpd
(4) 创建mysql.yml, 内容如下
- hosts: dbsrv remote_user: root roles: - mysql
9. 分别运行各yml文件
ansible-playbook /etc/ansible/keepalived.yml ansible-playbook /etc/ansible/nginx.yml ansible-playbook /etc/ansible/httpd.yml ansible-playbook /etc/ansible/mysql.yml
10. 使用curl测试实验
[root@node1 ~]# (for i in {1..10}; do curl http://10.1.52.123 ; done;)
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
<h1> node3 </h1>
<h1> node2 </h1>
11. 经测试, 实验成功.
原创文章,作者:black_fish,如若转载,请注明出处:http://www.178linux.com/58045
