ansible管理实现LNAMMP架构

ansible管理实现LNAMMP架构(一)


     keepalived主/备模式高可用{nginx(proxy)|lvs}

            两台主机(主/备)高可用nginx(proxy)

            两台主机:httpd + php-fpm + Discuz或 phpMyAdmin+php-mysql

            一台主机:memcached用来缓存php的session;
            一台主机:mysql-server或mariadb-server;


    (一):172.16.75.2做ansible服务器(主控设备),其余皆为被管设备;

    (二): 172.16.1.11主机做主nginx调度器并实现反代功能;

                   172.16.1.12主机做备nginx调度器

    (三): 172.16.1.13和172.16.1.14主机做web服务器向外提供web服务;

    (四): 172.16.1.15主机安装memcached

       (六) :  172.16.1.16主机安装mariadb-server包,提供数据库服务


     大前提:实现主控设备172.16.75.2对被管设备的免密码登录:

                   ]# ssh-keygen -t rsa -P ''

                   ]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.11
                   ]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.12

                       ...

                   ]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.1.16

 

     以下操作均在主控设备172.16.75.2主机上完成:

       安装ansible,keepalived,nginx,httpd,php-fpm

              # yum install ansible keepalived nginx httpd php-fpm

       1.     创建主机清单,定义主机分组

               # vim /etc/ansible/hosts

                  [hasrvs]
                  172.16.1.11
                  172.16.1.12

                  [websrvs]
                  172.16.1.13
                  172.16.1.14

                  [memsrvs]
                  172.16.1.15

                  [mysqlsrvs]

                  172.16.1.16   

     

      2.      给调度器提供安装包和必要的配置文件并启动服务

         1)      vim /etc/ansible/hasrvs.yaml

                 - hosts: hasrvs
                   remote_user: root
                   tasks:
                   - name: install nginx package
                    yum : name=nginx state=present
                   - name: install keepalived package
                    yum : name=keepalived state=present
                   - name: provide nginx configure file
                   copy: src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf
                   - name: provide keepalived configure file
                   copy: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf
                   - name: start nginx service
                   service: name=nginx state=started enabled=true
                  - name: start keepalived service
                   service: name=keepalived state=started enabled=true        

       

         2)     给nginx提供配置文件,在http配置段中添加upstream和server上下文:

                   upstream websrvs {
                         server 172.16.1.13:80 weight=1;
                         server 172.16.1.14:80 weight=1;
                    }

                   server {
                         listen 80 default_server;
                         location / {
                                 proxy_pass http://websrvs;
                         }
                    }

                 注意:在原有的nginx配置文件中,http配置段已存在server上下文,在这需要把原有的默认监听的服务禁用

                           即  # listen       80 default_server;

          3) 给主nginx调度器提供keepalived配置文件

                   vim /etc/keepalived/keepalived.conf

                    ! Configuration File for keepalived
                   

                   global_defs {
                           notification_email {
                                     root@localhost
                           }
                          notification_email_from keepalived@localhost
                          smtp_server 127.0.0.1
                          smtp_connect_timeout 30
                          router_id drct1
                         vrrp_mcast_group4 224.0.100.18
                    }
                  vrrp_script check_httpd {
                          script "killall -0 nginx && exit 0 || exit 1"
                           interval 1
                           weight -20
                   }
                  vrrp_instance VI_1 {
                          state MASTER
                          interface ens33
                          virtual_router_id 51
                          priority 100
                         advert_int 1
                         authentication {
                               auth_type PASS
                               auth_pass axtyXIHt
                          }
                        virtual_ipaddress {
                               172.16.1.254/16
                         }
                        track_script {
                               check_httpd
                        }
                   }

           4)运行hasrvs.yaml,先预运行,无错误在运行

                 ]# ansible-playbook -C  hasrvs.yaml

                 ]# ansible-playbook  hasrvs.yaml

        

           5)  给备nginx调度器提供keepalived配置文件:

                    vim /etc/keepalived/keepalived.conf

                    ! Configuration File for keepalived
                   

                   global_defs {
                           notification_email {
                                     root@localhost
                           }
                          notification_email_from keepalived@localhost
                          smtp_server 127.0.0.1
                          smtp_connect_timeout 30
                          router_id drct2
                         vrrp_mcast_group4 224.0.100.18
                    }
                  vrrp_script check_httpd {
                          script "killall -0 nginx && exit 0 || exit 1"
                           interval 1
                           weight -20
                   }
                  vrrp_instance VI_1 {
                          state BACKUP
                          interface ens33
                          virtual_router_id 51
                          priority 90
                         advert_int 1
                         authentication {
                               auth_type PASS
                               auth_pass axtyXIHt
                          }
                        virtual_ipaddress {
                               172.16.1.254/16
                         }
                        track_script {
                               check_httpd
                        }
                   }

       

         6)给备nginx提供启动脚本:

                  ]# vim /etc/ansible/backuphasrvs.yaml

                       - hosts: 172.16.1.12
                         remote_user: root
                         tasks:
                         - name: provide keepalived configure file
                           copy: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf
                         - name: start keepalived service
                           service: name=keepalived state=started enabled=true

        7)  运行backuphasrvs.yaml,先预运行,无错误在运行

                 ]#   ansible-playbook -C backuphasrvs.yaml 

                 ]#   ansible-playbook backuphasrvs.yaml 


  

     3   给websrvs主机组提供配置文件,安装包并启动:

          1)     ]# vim /etc/ansible/websrvs.yaml

                     - hosts: websrvs
                       remote_user: root
                       tasks:
                      - name: install httpd package
                         yum : name=httpd state=present

                      - name: install php-fpm package
                        yum : name=php-fpm state=present
                      -name : install php-mysql
                        yum : name=php-mysql state=present
                      - name: provide httpd configure file
                         copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
                     - name: start httpd service
                         service: name=httpd state=started enabled=true

                     - name: start php-fpm service
                         service: name=php-fpm state=started enabled=true


         2)     编辑httpd的主配置文件

                    ]# vim /etc/httpd/conf/httpd.conf(找到相应位置编辑即可)

                        DocumentRoot "/var/www/html"
                        Proxyrequests  off
                        Proxypassmatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1


                        <IfModule dir_module>
                                DirectoryIndex index.html index.php()
                        </IfModule>

         3)      运行websrvs.yaml,先预运行,无错误在运行

                    ]#  ansible-playbook -C websrvs.yaml

                    ]#  ansible-playbook websrvs.yaml

       

     4.提供一个测试页面,无误后,提供论坛系统:

         1)  提供一个测试页面,为了加以区分,两台web服务器的测试页面略有区别:

                   172.16.1.13主机做web server 1, 172.16.1.14主机做web server 2

                   ]# vim /var/www/html/index.php

                        Web Server 1

                        <?php

                                 phpinfo();

                         ?>

                  将该测试页面传送给172.16.1.13主机,这里就不再写剧本了:

                  ]# ansible 172.16.1.13 -m copy -a "src=/var/www/html/index.php  dest=/var/www/html/index.php"

   

                 同理给172.16.1.14主机也提供这样一个页面:

                   ]# vim /var/www/html/index.php

                       Web Server 1

                       <?php

                                phpinfo();

                        ?>

                  ]#  ansible 172.16.1.14 -m copy -a "src=/var/www/html/index.php  dest=/var/www/html/index.php"


         2)   在web端进行页面测试,先直接访问服务器172.16.1.13和172.16.1.14没有问题后,在访问172.16.1.254

                  在这我已测试两台web服务器没有问题,故直接测试nginx调度器组的虚拟接口172.16.1.254

                    QQ截图20180627165403.png

     

                    QQ截图20180627165210.png

            注意:这里需要关闭防火墙,否则可能无法访问测试页面:

                       ]# iptables -F


         3)  开始部署wordpress论坛系统:

               声明:我在主控设备172.16.75.2上的/var/www/html目录下已经放置了安装包并已解压

               可以使用ansible命令,也可以选择剧本:

               法一: ansible命令:

                           ]# ansible websrvs -m copy -a "src=/var/www/html/wordpress dest=/var/www/html/wordpress"

               法二: 剧本:  

                          ]# vim /etc/ansible/websrvs2.yaml

                               - hosts: websrvs
                                 remote_user: root
                                 tasks:

                                 - name: provide wordpress
                                 copy: src=/var/www/html/wordpress  dest=/var/www/html/wordpress

                          运行剧本:

                          ]# ansible-playbook websrvs2.yaml

    

       5  给数据库服务器172.16.1.16安装mariadb-server,并给论坛创建一个名为wordpress的数据库,并授权用户

           提供登录论坛的密码:

       

          1)安装mariadb-server包,可使用剧本也可直接使用命令,自行选择

                因为此处只有一个数据库服务器,所以选择命令直接安装,但如果服务器较多,建议使用剧本;

                ]# ansible 172.16.1.14 -m yum -a "name=mariadb state=present"(建议加'-C'选项预运行)

                启动数据库服务:

                ]# ansible 172.16.1.14  -m service -a "name=mariadb state=started"

                创建数据库并授权用户:

                此处我在172.16.1.16主机上直接操作:

                ]# mysql -p

                    Enter password: 

                    ......

                    MariaDB [(none)]> create database wordpress;

                    MariaDB [(none)]> grant all on *.* to 'ytc'@'172.16.%.%' identified by '123456';

                    MariaDB [(none)]> flush privileges;

          

          2)给论坛提供相关配置文件:

                  ]# cd /var/www/html/wordpress/

                  ]# cp wp-config-sample.php  wp-config.php

                  ]# vim wp-config.php

                       /** WordPress数据库的名称 */
                       define('DB_NAME', 'wordpress');

                      /** MySQL数据库用户名 */
                      define('DB_USER', 'ytc');

                     /** MySQL数据库密码 */
                    define('DB_PASSWORD', '123456');

                    /** MySQL主机 */
                    define('DB_HOST', '172.16.1.16');

                 

           3) 将配置文件部署在websrvs上:

                    ]# vim /etc/ansible/websrvs3.yaml

                         - hosts: websrvs
                           remote_user: root
                           tasks:
                           - name: provide wordpress configure file
                              copy:  src=/var/www/html/wordpress/wp-config.php

                   执行脚本:
                    ]# ansible-playbook websrvs3.yaml

          4)  在web端登录wordpress论坛:

                    QQ截图20180626204250.png

                   

                   QQ截图20180627175817.png

                       接下来就可以发布文章了。

                      

                    注意:1)如果访问过程中出现“建立数据库连接时出错”字样时,可能时SELINUX的干扰将其关闭即可:

                                 即:]# setenforce 0

                              2)登录论坛后,若出现.php系列的文件列表,而不是上图的登录界面,查看httpd的主配置文件

                                  <IfModule dir_module>
                                     DirectoryIndex index.html  index.php
()
                                     </IfModule>

                                  加上index.php即可。


      6 . 配置memcached服务器启动服务:

                ] # ansible memsrvs -m yum  -a "name=memcached state=present"

                ] # ansible memsrvs -m service  -a "name=memcached state=started"

            需在websrvs上安装php-pecl-memcached包,提供web服务器和memcached服务器连接的接口

                ] # ansible websrvs -m yum  -a "name=php-peclmemcached state=present"

            编辑php-fpm的配置文件的最后两行:

                ]# vim /etc/php-fpm.d/www.conf

                     php_value[session.save_handler] = memcache
                     php_value[session.save_path] = "tcp://172.16.1.14:11211?persistent=1&weight=1&timeout=1&retry_interval=15"

             将更改后的文件发送给websrvs并重启php-fpm服务:

               ]# ansible websrvs -m copy -a "src= /etc/php-fpm.d/www.conf  dest= /etc/php-fpm.d/www.conf "

               ]# ansible websrvs -m service -a "name=php-fpm state=restarted"

       

             这样利用ansible工具部署LNAMMP架构就完成了。

相关文章
相关标签/搜索