使用playbook实现一键部署keepalived+nginx+PHP+wordpress+mariadb
环境
| 主机名 |
安装服务 |
wan |
lan |
| lb01 |
nginx+keepalived(master) |
10.0.0.5 |
172.16.1.5 |
| lb02 |
nginx+keepalived(backup) |
10.0.0.6 |
172.16.1.6 |
| web01 |
nginx+WordPress+PHP |
10.0.0.7 |
172.16.1.7 |
| web02 |
nginx+WordPress+PHP |
10.0.0.8 |
172.16.1.8 |
| db01 |
mariadb |
10.0.0.51 |
172.16.1.51 |
| backup |
rsync(服务端) |
10.0.0.41 |
172.16.1.41 |
| nfs |
nfs+sersync+rsync |
10.0.0.31 |
172.16.1.31 |
流程分析
1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
#部署rsync
1.web backup nfs 安装rsync
2.拷贝rsync配置文件
3.创建服务端backup的备份目录
4.copy密码文件
5.把客户端密码加入环境全局变量文件
6.启动rsync,并加入开机自启动
#部署nfs
1.安装nfs-utils
2.拷贝nfs配置文件
3.创建共享目录
4.启动nfs服务端
1.在nfs服务端安装sersync
2.拷贝sersync配置文件到nfs服务端
3.nfs服务端配置rsync密码文件
4.启动sersync
#部署负载均衡
1.安装nginx
2.拷贝nginx配置文件和 server
3.写入include文件(proxy_params)
4.安装keepalived
5.优化keepalived(启动脚本)
6.拷贝keepalived配置文件,配置master
7.拷贝keepalived配置文件,配置backup
8.启动nginx keepalived
#部署web
1.安装nginx PHP
2.拷贝nginx配置文件
3.拷贝nginx server
4.拷贝PHP配置文件(www.conf)
5.解压m01上的WordPress压缩包
6.启动nginx PHP
#部署数据库
1.安装数据库
2.启动数据库
3.创建数据库用户
4.创建数据库
推送公钥脚本
vim /root/jb.sh
#!/bin/bash
pass='1'
ip='172.16.1.'
ip2='10.0.0.'
ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa
for i in 5 6 7 8 9 31 41 51 52 53 54 61 71 81;
do
sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip}${i}
sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip2}${i}
done
chmod 600 /root/jb.sh
主机清单
[root@m01 ~]# vim /root/ansible/hosts
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
负载均衡
#server
mkdir /root/ansible/lb/conf.d -p &&
vim /root/ansible/lb/conf.d/wp.zh.conf
upstream backend {
server 10.0.0.7;
server 10.0.0.8;
server 10.0.0.9;
}
server {
listen 80;
server_name cs.wp.com cs.zh.com;
location / {
proxy_pass http://backend;
include proxy_params;
}
}
------------------------------------------------------------------------
#nginx配置文件
vim /root/ansible/lb/nginx.conf
user www;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
-----------------------------------------------------------------------------
#编辑params
vim /root/ansible/lb/proxy_params
# 客户端的请求头部信息,带着域名来找我,我也带着域名去找下一级(代理机或者代理服务器)
proxy_set_header Host $host;
# 显示客户端的真实ip(和代理的所有IP)
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
#nignx会把后端返回的内容先放到缓冲区当中,然后再返回给客户端,边收边传, 不是全部接收完再传给客户端
proxy_buffering on;
#设置nginx代理保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
#proxy_buffer_size 8k;
#proxy_buffers 缓冲区
proxy_buffers 8 4k;
#proxy_buffers 8 8k;
#使用http 1.1协议版本
proxy_http_version 1.1;
#错误页面重定向
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
--------------------------------------------------------------------------
#优化keepalived
vim /root/ansible/lb/keepalived.service
[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target
[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
#KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
---------------------------------------------------------------------
#keepalived抢占式(master)配置文件
vim /root/ansible/lb/keepalived.master.conf
global_defs { #全局配置
router_id lb01 #标识身份->名称(随意写)
}
vrrp_instance VI_1 { #标识身份->名称(随意)
state MASTER #标识角色状态(随意)
interface eth0 #网卡绑定接口(错绑后修改后需要重启服务器生效)
virtual_router_id 50 #虚拟路由id(1-254),多个节点的设置必须一样(注释),不同高可用的keepaliced virtual_router_id不能相同
priority 150 #优先级(主高备低)(修改后,重启服务器才能生效)
advert_int 1 #监测间隔时间(不同的节点设置必须相同)(检测同一路由id的keepalived,检测nginx是否存活)
authentication { #认证(节点设置必须相同)
auth_type PASS #认证方式(相同节点的话,相同)
auth_pass 1111 #认证密码
}
virtual_ipaddress {
10.0.0.3 #虚拟的VIP地址,(节点设置必须相同,最好是公网ip),可多设,每行一个,vip必须是公网ip,两个负载的eth0网卡也必须是公网ip
}
}
----------------------------------------------------------------------
#keepalived抢占式(backup)配置文件
vim /root/ansible/lb/keepalived.backup.conf
global_defs {
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
web
# 上传做好的nginx_php(rpm)包
cd /root && rz
----------------------------------------------------------------------
# nginx配置文件
vim /root/ansible/nginx/nginx.conf
user www;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
----------------------------------------------------------------------
### nginx server
mkdir /root/ansible/nginx/conf.d/ -p &&
vim /root/ansible/nginx/conf.d/wp.conf
server {
listen 80;
server_name cs.wp.com;
root /code/wordpress;
index index.html index.php;
location ~ .php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
php
vim /root/ansible/nginx/www.conf
...
...
vim /root/ansible/nginx/php.ini
...
...
数据库
1.备份web01上的数据库
mysqldump -uroot -p'1' -A wp > wp.sql
2.将web01上备份的数据库拷贝至db01服务器上
scp wp.sql root@172.16.1.51:/tmp
nfs
#nfs配置文件
vim /root/ansible/nfs/exports
/wordpress_backup 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
------------------------------------------------------------------------
#sersync配置文件
[root@nfs ~]# vim /root/ansible/nfs/sersync.conf
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*).svn"></exclude>
<exclude expression="(.*).gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
<!-- inotify监控的事件,true为监控,false为不监控 -->
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<!-- 监控的目录和rsync服务器的IP地址,rsync的模块名称 -->
<localpath watch="/data">
<remote ip="172.16.1.41" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<!--rsync推送的选项-->
<commonParams params="-az"/>
<!--是否开启认证,认证模块的用户名,用于认证的本地密码配置文件-->
<auth start="true" users="backup" passwordfile="/etc/rsync.passwd"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*).php"/>
<include expression="(.*).sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
rsync
#rsync配置文件
vim /root/ansible/rsync/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[backup]
comment = welcome to oldboyedu backup!
path = /backup
---------------------------------------------------------------------------
yml
vim /root/ansible/djj.yml
---
#基础优化
- hosts: all
tasks:
- name: Start FireWall
service:
name: firewalld
state: started
enabled: yes
- name: Stop SeLinux
selinux:
state: disabled
- name: open ports
firewalld:
port: '{{ item.port }}'
state: enabled
permanent: no
with_items:
- { port: "22/tcp" }
- { port: "23/tcp" }
- { port: "80/tcp" }
- { port: "443/tcp" }
- { port: "873/tcp" }
- { port: "3306/tcp" }
- { port: "9000/tcp" }
- { port: "6379/tcp" }
- { port: "8080/tcp" }
- name: open nfs
firewalld:
service: nfs
state: enabled
permanent: no
when: ansible_hostname is match "nfs*"
- name: Create www Group
group:
name: www
gid: 666
state: present
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
#部署负载均衡
- name: jieya nginx_php.tar.gz
unarchive:
src: /root/nginx_php.tar.gz
dest: /root
- name: install nginx keepalived
shell: "{{ item }}"
with_items:
- "yum localinstall -y /root/rpm/nginx*"
- "yum install -y keepalived"
when: ansible_hostname is match "lb*"
- name: config nginx keepalived.server
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/root/ansible/lb/nginx.conf",dest: "/etc/nginx/"}
- { src: "/root/ansible/lb/conf.d/wp.zh.conf",dest: "/etc/nginx/conf.d/"}
- { src: "/root/ansible/lb/proxy_params",dest: "/etc/nginx/"}
- { src: "/root/ansible/lb/keepalived.service",dest: "/usr/lib/systemd/system/"}
when: ansible_hostname is match "lb*"
- name: config master
copy:
src: "/root/ansible/lb/keepalived.master.conf"
dest: "/etc/keepalived/keepalived.conf"
when: ansible_hostname is match "lb01"
- name: config backup
copy:
src: "/root/ansible/lb/keepalived.backup.conf"
dest: "/etc/keepalived/keepalived.conf"
when: ansible_hostname is match "lb02"
- name: start nginx keepalived
systemd:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- nginx
- keepalived
when: ansible_hostname is match "lb*"
#部署数据库
- name: install mariadb MySQL-python
yum:
name: "{{ item }}"
state: present
with_items:
- 'mariadb-server'
- 'MySQL-python'
when: ansible_fqdn is match 'db*'
- name: start mariadb
systemd:
name: mariadb
state: started
enabled: yes
when: ansible_fqdn is match 'db*'
- name: grant mysql user
mysql_user:
#login_host: "localhost"
#login_user: "root"
#login_password: "123"
login_port: "3306"
name: "ty"
password: "123"
host: "%"
priv: "*.*:ALL,GRANT"
state: "present"
when: ansible_fqdn is match 'db*'
- name: create a database
mysql_db:
#login_host: "127.0.0.1"
#login_user: "root"
#login_password: "123"
login_port: "3306"
name: "wp"
encoding: "utf8"
state: "present"
when: ansible_fqdn is match 'db*'
#部署nginx+PHP+WordPress
- name: install nginx php
shell: "{{ item }}"
with_items:
- "yum remove -y php-common.x86_64"
- "yum localinstall -y /root/rpm/*rpm"
when: ansible_hostname is match "web*"
ignore_errors: yes
- name: Nginx php Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
with_items:
- { src: "/root/ansible/nginx/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/root/ansible/nginx/conf.d/wp.conf",dest: "/etc/nginx/conf.d/wp.conf" }
- { src: "/root/ansible/nginx/php.ini",dest: "/etc" }
- { src: "/root/ansible/nginx/www.conf",dest: "/etc/php-fpm.d/"}
when: ansible_hostname is match "web*"
- name: Create HTML Directory
file:
path: /code/wordpress
owner: www
group: www
mode: 0755
state: directory
recurse: yes
when: ansible_hostname is match "web*"
- name: Start Nginx Server
service:
name: nginx
state: started
enabled: true
ignore_errors: yes
- name: Start php Server
service:
name: php-fpm
state: started
enabled: true
when: ansible_hostname is match "web*"
- name: yum WordPress
get_url:
url: http://test.driverzeng.com/Nginx_Code/wordpress-5.0.3-zh_CN.tar.gz
dest: /root
when: ansible_hostname is match "web*"
- name: jieya WordPress
unarchive:
src: "/root/wordpress-5.0.3-zh_CN.tar.gz"
dest: /code
owner: www
group: www
when: ansible_hostname is match "web*"
#部署rsync
- name: Install Rsync nfs Server
yum:
name: "{{ item }}"
state: present
with_items:
- "rsync"
- "nfs"
- name: selicent pass
copy:
content: "export RSYNC_PASSWORD=123"
dest: /etc/profile.d/rsync.pass
owner: root
group: root
mode: 0600
when: ansible_hostname is match "web*"
- name: sourse
shell: "source /etc/profile.d/rsync.pass"
when: ansible_hostname is match "web*"
- name: selicent pass
copy:
content: "export RSYNC_PASSWORD=123"
dest: /etc/profile.d/rsync.pass
owner: root
group: root
mode: 0600
with_items:
- { content: "export RSYNC_PASSWORD=123",dest: "/etc/profile.d/rsync.pass" }
- { content: "/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
",dest: "/etc/exports" }
when: ansible_hostname is match "nfs*"
- name: sourse
shell: "source /etc/profile.d/rsync.pass"
when: ansible_hostname is match "nfs*"
- name: Configure Rsync Conf
copy:
src: /root/ansible/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
owner: root
group: root
mode: 0644
when: ansible_hostname is match "backup*"
- name: Create Backup Dir
file:
path: /backup
recurse: yes
owner: www
group: www
mode: 0755
state: directory
when: ansible_hostname is match "backup*"
- name: Create PASS File
copy:
content: backup:123
dest: /etc/rsync.passwd
owner: root
group: root
mode: 0600
when: ansible_hostname is match "backup*"
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: true
ignore_errors: yes
#部署nfs
- name: Create data Directory
file:
path: "{{ item }}"
state: directory
owner: www
group: www
mode: 0755
recurse: yes
with_items:
- "/data"
- "/data/wordpress"
- "/data/WeCenter"
when: ansible_fqdn is match 'nfs*'
- name: get_url sersync
get_url:
url: "http://test.driverzeng.com/other/sersync2.5.4_64bit_binary_stable_final.tar.gz"
dest: /root
when: ansible_fqdn is match 'nfs*'
- name: jieya sersync
unarchive:
src: /root/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /root
copy: no
when: ansible_fqdn is match 'nfs*'
- name: gaiming
shell: "mv /root/GNU-Linux-x86 /usr/local/sersync"
when: ansible_fqdn is match 'nfs*'
ignore_errors: yes
- name: copy sersync.conf
copy:
src: /root/ansible/nfs/sersync.conf
dest: /usr/local/sersync/confxml.xml
backup: yes
when: ansible_fqdn is match 'nfs*'
- name: Start NFS Server
systemd:
name: nfs-server
state: started
enabled: yes
when: ansible_fqdn is match 'nfs*'
- name: Start NFS Server
systemd:
name: nfs-server
state: started
enabled: yes
when: ansible_fqdn is match 'web*'
- name: content NFS Server
copy:
content: "123
"
dest: /etc/rsync.passwd
owner: root
group: root
mode: 0600
when: ansible_fqdn is match 'nfs*'
- name: start sersync
shell: /usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml
when: ansible_fqdn is match 'nfs*'
- name: Mount NFS Server
mount:
path: /opt
src: 172.16.1.31:/data
fstype: nfs
opts: defaults
state: mounted
when: ansible_fqdn is match 'web*'
执行
0.托送公钥
1.执行base.yml
[root@m01 ~]# ansible-playbook ansible/base.yml
2.执行rsync.yml
[root@m01 ~]# ansible-playbook ansible/djj.yml
3.域名解析,浏览器访问
4.web01注册成功之后,把注册内容拷贝到别的web
scp -p /code/wordpress/wp-config.php 10.0.0.8:/code/wordpress/wp-config.php