要求:
使用ansible部署以下任务:
(1) 在VS部署主/备模型的keepalived + nginx的负载均衡;
(2) 在RS主机上部署httpd + php + php-mysql;
(3) 在第五台主机上部署mariadb-server, 并且数据库拥有testdb库, 并运行testuser对其拥有所有权;
步骤:
-
各主机IP规划
主机A: IPADDR=10.1.52.11
主机B: IPADDR=10.1.52.22
主机C: IPADDR=10.1.52.2
主机D: IPADDR=10.1.52.3
主机E: IPADDR=10.1.52.4
其中主机A,B为keepalived+nginx的VS主机; 主机C,D部署httpd,php和php-mysql; 主机E部署mariadb-server.
2. 首先在A上安装ansible, 并编辑/etc/ansible/hosts文件, 添加如下内容
[lvssrv] 10.1.52.11 STATE='MASTER' WEIGHT='100' VRIP='123' # 提供lvs服务 10.1.52.22 STATE='BACKUP' WEIGHT='98' VRIP='122' # 提供lvs服务 [websrv] 10.1.52.2 #提供httpd服务 10.1.52.3 #提供httpd服务 [dbsrv] 10.1.52.4 #提供mysql服务
3. 在/etc/ansible/roles目录下创建各需要的目录
mkdir -pv /etc/ansible/roles/{nginx,keepalived,httpd,mysql}/{files,tasks,templates,vars,handlers,meta,defaults}
4. 为keepalived提供playbook的roles文件
(1) 创建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下内容
- name: install keepalived yum: name=keepalived state=latest - name: copy nofigy.sh copy: src=notify.sh dest=/etc/keepalived/notify - name: Virtual IP address shell: /usr/sbin/ip add add 10.1.52.123/16 dev eno16777736 - name: start keepalived service shell: /usr/bin/systemctl start keepalived - name: copy conf file template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf tags: instconf notify: reload keepalived service
(2) 提供templates的模板配置文件/etc/ansible/roles/keepalived/templates/keepalived.conf.j2, 内同如下, 其中参数部分, 在/etc/ansible/hosts文件中已经给出:
! Configuration File for keepalived global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ansible_hostname }} vrrp_mcast_group4 224.0.52.123 } vrrp_script chk_down { script "[[ -f /etc/keepalived/down ]] && exit 1 || exit 0" interval 1 weight -5 } vrrp_script chk_nginx { script "killall -0 nginx && exit 0 || exit 1" interval 1 weight -5 } vrrp_instance VI_1 { state {{ STATE }} interface eno16777736 virtual_router_id {{ VRIP }} priority {{ WEIGHT }} advert_int 1 authentication { auth_type PASS auth_pass 571f97b2 } virtual_ipaddress { 10.1.52.123/16 dev eno16777736 } track_script { chk_down chk_nginx } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" }
(3) 提供notify.sh脚本, 放置在/etc/ansible/roles/keepalived/files/目录下, 内容如下
#!/bin/bash # contact='root@localhost' notify() { mailsubject="$(hostname) to be $1, vip floating" mailbody="$(date +'%F %T'):vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {maseter|backup|fault}" exit 1 esac
(4) 提供handlers文件, 文件名为/etc/ansible/roles/keepalived/handlers/main.yml, 内容如下
- name: reload keepalived service shell: "/usr/bin/systemctl restart keepalived.service"
5. 为nginx提供playbook的roles文件
(1) 创建/etc/ansilbe/roles/keepalived/tasks/main.yml文件, 添加如下内容
- name: copy nginx package copy: src=nginx-1.10.2-1.el7.ngx.x86_64.rpm dest=/tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm - name: install nginx shell: "/usr/bin/yum -y install /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm" - name: delete nginx package shell: "/usr/bin/rm -f /tmp/nginx-1.10.2-1.el7.ngx.x86_64.rpm" - name: copy conf file copy: src={{ item.ngxconfj2 }} dest={{ item.ngxconf }} with_items: - { ngxconfj2: nginx.conf.j2, ngxconf: /etc/nginx/nginx.conf } - { ngxconfj2: nginx.default.conf.j2, ngxconf: /etc/nginx/conf.d/default.conf } - name: start nginx service shell: "/usr/bin/systemctl start nginx"
(2) 在/etc/ansible/roles/nginx/files/目录下放置nginx的rpm安装文件
示例用版本为: nginx-1.10.2-1.el7.ngx.x86_64.rpm
(3) 为nginx提供负载均衡的配置文件, 放置在/etc/ansible/roles/nginx/files/目录下, 文件名与修改的配置文件内容如下, 其他为默认:
(a) nginx.conf.j2
http { include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log main; keepalive_timeout 65; upstream websrvs { server 10.1.52.2; server 10.1.52.3; } include /etc/nginx/conf.d/*.conf; }
(b) nginx.default.conf.j2
server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; proxy_pass http://websrvs; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
6. 为httpd, php, php-mysql提供playbook的roles文件
(1) 在/etc/ansible/roles/httpd/templates/index.html.j2文件, 内容如下
<h1> {{ ansible_hostname }} </h1>
(2) 创建/etc/ansilbe/roles/httpd/tasks/main.yml文件, 添加如下内容
- name: install httpd php and php-mysql yum: name={{ item }} state=latest with_items: - httpd - php - php-mysql - name: support index.html template: src=index.html.j2 dest=/var/www/html/index.html - name: copy set.sh copy: src=set.sh dest=/root/set.sh - name: add ip address shell: bash /root/set.sh start - name: start httpd service shell: "/usr/bin/systemctl start httpd.service"
(3) 在/etc/ansible/roles/httpd/files/目录下, 创建set.sh文件, 内容如下:
#!/bin/bash # vip='10.1.52.123' vport='80' netmask='255.255.255.255' iface='lo:0' case $1 in start) echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 1 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce echo 2 > /proc/sys/net/ipv4/conf/lo/arp_announce ifconfig $iface $vip netmask $netmask broadcast $vip up route add -host $vip dev $iface ;; stop) ifconfig $iface down echo 0 > /proc/sys/net/ipv4/conf/all/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/lo/arp_ignore echo 0 > /proc/sys/net/ipv4/conf/all/arp_announce echo 0 > /proc/sys/net/ipv4/conf/lo/arp_announce esac
7. 为httpd, php, php-mysql提供playbook的roles文件
(1) 在/etc/ansible/roles/mysql/tasks/index.html.j2文件, 内容如下
- name: isntall mariadb-server yum: name=mariadb-server state=latest - name: copy cnf file copy: src=my.cnf dest=/etc/my.cnf - name: copy sql script copy: src=grant_testuser.sql dest=/root/grant_testuser.sql - name: start mariadb service shell: /usr/bin/systemctl start mariadb.service - name: create database and grant user shell: "/usr/bin/mysql < /root/grant_testuser.sql"
(2) 在/etc/ansible/roles/mysql/files/目录下创建grant_testuser.sql文件, 内容如下
CREATE DATABASE testdb; GRANT ALL ON *.* TO 'testuser'@'localhost' IDENTIFIED BY 'testpass'; GRANT ALL ON *.* TO 'testuser'@'10.1.52.%' IDENTIFIED BY 'testpass'; GRANT ALL ON *.* TO 'testuser'@'127.0.0.1' IDENTIFIED BY 'testpass';
(3) 在/etc/ansible/roles/mysql/files/下创建my.cnf, 内容如下:
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock symbolic-links=0 [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid skip_name_resolve = ON innodb_file_per_table = ON !includedir /etc/my.cnf.d
8. 在/erc/ansible/目录下分别创建各程序的playbook的yml文件
(1) 创建keepalived.yml, 内容如下
- hosts: lvssrv remote_user: root roles: - keepalived
(2) 创建nginx.yml, 内容如下:
- hosts: lvssrv remote_user: root roles: - nginx
(3) 创建httpd.yml, 内容如下
- hosts: websrv remote_user: root roles: - httpd
(4) 创建mysql.yml, 内容如下
- hosts: dbsrv remote_user: root roles: - mysql
9. 分别运行各yml文件
ansible-playbook /etc/ansible/keepalived.yml ansible-playbook /etc/ansible/nginx.yml ansible-playbook /etc/ansible/httpd.yml ansible-playbook /etc/ansible/mysql.yml
10. 使用curl测试实验
[root@node1 ~]# (for i in {1..10}; do curl http://10.1.52.123 ; done;) <h1> node3 </h1> <h1> node2 </h1> <h1> node3 </h1> <h1> node2 </h1> <h1> node3 </h1> <h1> node2 </h1> <h1> node3 </h1> <h1> node2 </h1> <h1> node3 </h1> <h1> node2 </h1>
11. 经测试, 实验成功.
原创文章,作者:black_fish,如若转载,请注明出处:http://www.178linux.com/58045