解除网站被拦截的方法网站 选项卡 图标
前面介绍了PlayBook怎么写服务部署,把服务部署上后,我们来用Ansible来部署项目,实现一套完整的LNMP架构。我们部署wordpress、wecenter、phpshe、phpmyadmin这四个项目。将其所有的剧本都写入lnmp.yml中,相关备份数据都放入root/ansible/lnmp中,最终实现一个剧本一条命令部署4个项目的效果,话不多说,直接开始!
1、准备工作
| 主机名称 | 主机IP(外网、内网) | 作用 |
| LB01 | 10.0.0.5、172.16.1.5 | 七层负载均衡、keepalived高可用 |
| LB02 | 10.0.0.6、172.16.1.6 | 七层负载均衡、keepalived高可用 |
| Web01 | 10.0.0.7、172.16.1.7 | Nginx、php服务、存放代码文件 |
| Web02 | 10.0.0.8、172.16.1.8 | Nginx、php服务、存放代码文件 |
| NFS | 10.0.0.31、172.16.1.31 | 存放静态资源 |
| MySQL | 10.0.0.51、172.16.1.51 | 存放动态数据 |
| Ansible | 10.0.0.61、172.16.1.61 | 使用Ansible作为控制机 |
2、写剧本
1、将目标主机添加至主机列表
[root@Ansible ~]# cat /etc/ansible/hosts
[lb_group]
lb01 ansible_ssh_host=10.0.0.5
lb02 ansible_ssh_host=10.0.0.6[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8[nfs_group]
nfs ansible_ssh_host=10.0.0.31[mysql_group]
mysql ansible_ssh_host=10.0.0.51[nginx_install_group:children]
lb_group
web_group2、创建剧本存放目录并收集部署项目所需要的资源
我的思路是针对服务器的功能去进行项目资源的收集
[root@Ansible ~]# mkdir ansible/lnmp#1、在lb01上部署七层负载,我们需要nginx.conf(方便区分可以命名为nginx_lb01.conf)、nginx_7.conf(七层负载配置)、证书、keepalived.conf、proxy_params[root@LB01 conf.d]# scp /etc/nginx/nginx.conf /etc/nginx/conf.d/proxy_7.conf /etc/nginx/proxy_params /etc/nginx/ssl_key/ /etc/keepalived/keepalived.conf 10.0.0.61:/root/ansible/lnmp[root@Ansible lnmp]# mv keepalived.conf keepalived_lb01.conf
[root@Ansible lnmp]# mv nginx.conf nginx_lb01.conf#2、lb02与lb01所需文件大致相同,我们将keepalived.conf拷贝至管理机即可
[root@LB01 ~]# scp /etc/keepalived/keepalived.conf 10.0.0.51:/root/ansible/lnmp/keepalived_lb02.conf#3、web01与web02所需的文件一模一样,所以我们直接收集一个的即可
收集nginx.conf,conf.d/下的配置文件,php71.tar.gz压缩包,php.ini配置文件,/etc/php-fpm.d/www.conf,代码文件#4、NFS需要收集/etc/exports配置文件#5、MySQL需要收集数据库信息、redis.conf
3、写剧本
同样按照服务器功能去进行项目部署,有相同需求的操作,可以将其主机放在一个组中一起操作
[root@Ansible lnmp]# cat lnmp.yml
- hosts: all tasks: - name: create group wwwgroup: name: wwwgid: 666- name: create user wwwuser:name: wwwuid: 666group: wwwshell: /sbin/nologincreate_home: false
- hosts: nginx_install_grouptasks:- name: nginx.repocopy:src: nginx.repodest: /etc/yum.repos.d/nginx.repo- name: install nginxyum:name: nginxstate: present- name: delete default.conffile:name: /etc/nginx/conf.d/default.confstate: absent- name: start and enable nginxsystemd:name: nginxstate: startedenabled: yes- hosts: keepalived_install_grouptasks: - name: copy nginx_lb01.confcopy:src: nginx_lb01.confdest: /etc/nginx/nginx.conf- name: copy proxy_7.confcopy:src: proxy_7.confdest: /etc/nginx/conf.d/proxy_7.conf- name: copy ssl_key to lb01 lb02copy:src: ssl_keydest: /etc/nginx/- name: copy proxy_params to lb01 lb02copy:src: proxy_paramsdest: /etc/nginx/proxy_params- name: restart nginxsystemd:name: nginxstate: restarted- name: install keepalivedyum:name: keepalived state: present- name: start and enable keepalivedsystemd:name: keepalivedstate: startedenabled: yes- hosts: lb01tasks: - name: copy keepalived_lb01.confcopy:src: keepalived_lb01.confdest: /etc/keepalived/keepalived.conf- hosts: lb02tasks:- name: copy keepalived_lb02.confcopy: src: keepalived_lb02.confdest: /etc/keepalived/keepalived.conf - hosts: keepalived_install_grouptasks:- name: restart keepalivedsystemd:name: keepalivedstate: restarted- hosts: web_grouptasks:- name: copy nginx_web.conf to web_groupcopy: src: nginx_web.confdest: /etc/nginx/nginx.conf- name: copy conf_web.d to web_groupcopy:src: conf_web.d/dest: /etc/nginx/conf.d- name: restart nginxsystemd:name: nginxstate: restarted- name: tar xf php to web_groupunarchive:src: php71.tar.gzdest: /root- name: localinstall rpmyum:name: - /root/autoconf-2.69-11.el7.noarch.rpm- /root/automake-1.13.4-3.el7.noarch.rpm- /root/libevent-2.0.21-4.el7.x86_64.rpm- /root/libjpeg-turbo-1.2.90-8.el7.x86_64.rpm- /root/libmcrypt-2.5.8-13.el7.x86_64.rpm- /root/libmemcached-1.0.16-5.el7.x86_64.rpm- /root/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm- /root/libX11-1.6.7-3.el7_9.x86_64.rpm- /root/libX11-common-1.6.7-3.el7_9.noarch.rpm- /root/libXau-1.0.8-2.1.el7.x86_64.rpm- /root/libxcb-1.13-1.el7.x86_64.rpm- /root/libXpm-3.5.12-1.el7.x86_64.rpm- /root/libxslt-1.1.28-6.el7.x86_64.rpm- /root/mod_php71w-7.1.33-1.w7.x86_64.rpm- /root/pcre-devel-8.32-17.el7.x86_64.rpm- /root/perl-Data-Dumper-2.145-3.el7.x86_64.rpm- /root/perl-Test-Harness-3.28-3.el7.noarch.rpm- /root/perl-Thread-Queue-3.02-2.el7.noarch.rpm- /root/php71w-cli-7.1.33-1.w7.x86_64.rpm- /root/php71w-common-7.1.33-1.w7.x86_64.rpm- /root/php71w-devel-7.1.33-1.w7.x86_64.rpm- /root/php71w-embedded-7.1.33-1.w7.x86_64.rpm- /root/php71w-fpm-7.1.33-1.w7.x86_64.rpm- /root/php71w-gd-7.1.33-1.w7.x86_64.rpm- /root/php71w-mbstring-7.1.33-1.w7.x86_64.rpm- /root/php71w-mcrypt-7.1.33-1.w7.x86_64.rpm- /root/php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm- /root/php71w-opcache-7.1.33-1.w7.x86_64.rpm- /root/php71w-pdo-7.1.33-1.w7.x86_64.rpm- /root/php71w-pear-1.10.4-1.w7.noarch.rpm- /root/php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm- /root/php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm- /root/php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm- /root/php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm- /root/php71w-process-7.1.33-1.w7.x86_64.rpm- /root/php71w-xml-7.1.33-1.w7.x86_64.rpmstate: present- name: copy php.ini to web_group copy: src: php.inidest: /etc/php.ini- name: copy www.conf to web_groupcopy:src: www.confdest: /etc/php-fpm.d/www.conf- name: start and enable phpsystemd:name: php-fpmstate: startedenabled: yes- name: tar xf code.tar.gzunarchive:src: code.tar.gzdest: /creates: /code- name: chown -R www.www codefile:path: /codeowner: wwwgroup: www- hosts: nfs_grouptasks:- name: Install nfs-utilsyum:name: nfs-utilsstate: present- name: Scp NFS server exportscopy: src: exportsdest: /etc/exportsowner: rootgroup: rootmode: 0644- name: Create data Directoryfile:path: /datastate: directoryowner: wwwgroup: wwwmode: 0755recurse: yes- name: Create data Directoryfile:path: /data/wordpressstate: directoryowner: wwwgroup: wwwmode: 0755recurse: yes- name: Create data Directoryfile:path: /data/wecenterstate: directoryowner: wwwgroup: wwwmode: 0755recurse: yes- name: Create data Directoryfile:path: /data/phpshestate: directoryowner: wwwgroup: wwwmode: 0755recurse: yes- name: Start NFS serversystemd:name: nfs-serverstate: startedenabled: yes- hosts: web_grouptasks:- name: Install nfs-utilsyum:name: nfs-utilsstate: present- name: Mount wordpress_NFS Servermount:path: /code/wordpress/wp-admin/imagessrc: 10.0.0.31:/data/wordpressfstype: nfsopts: defaultsstate: mounted- name: Mount wecenter_NFS Servermount:path: /code/wecenter/uploads/src: 10.0.0.31:/data/wecenterfstype: nfsopts: defaultsstate: mounted- name: Mount phpshe_NFS Servermount:path: /code/phpshe/datasrc: 10.0.0.31:/data/phpshefstype: nfsopts: defaultsstate: mounted- hosts: mysql_grouptasks:- name: Install mariadb mysql-python redisyum:name: - mariadb-server- MySQL-python - redisstate: present- name: Start httpd Serversystemd:name: mariadbstate: startedenabled: yes- name: Copy all.sql to Mysqlcopy:src: all.sqldest: /root/all.sql- name: import all.sqlmysql_db:login_host: localhostlogin_port: 3306login_user: rootname: allstate: importtarget: /root/all.sql- name: Restart MariaDB Serversystemd:name: mariadbstate: restarted- name: copy redis.conf to mysqlcopy: src: redis.confdest: /etc/redis.conf- name: start and redissystemd:name: redisstate: startedenabled: yes3、剧本语法检查并执行
将除了Ansible外的其他主机都恢复镜像,做好ssh免密钥
[root@Ansible ~]# ssh-keygen
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.4
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.5
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.6
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.7
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.8
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.31
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.51检查并执行
[root@Ansible ~]# ansible-playbook -- ansible/lnmp/lnmp.yml[root@Ansible ~]# ansible-playbook ansible/lnmp/lnmp.yml
4、测试项目部署是否正常
windows进行hosts解析10.0.0.5,浏览器分别访问blog.koten.com;zh.koten.com;phpshe.koten.com;phpmyadmin.koten.com查看是否正常运行,查看phpmyadmin是否有会话保持,刷新phpmyadmin查看负载均衡。
注意:七层负载如果加证书的话,无法通过四层负载去访问到浏览器,因为Nginx在返回的时候七层需要先通过四层再返回给浏览器,带证书的请求无法转发给不带证书的请求,导致我们接收不到访问信息,但是看四层日志状态码是200;所以我们要么就是不用四层负载,要么取消七层负载的证书,但是用LVS可以解决这个问题,因为LVS是七层负载是直接返回给浏览器,不经过四层负载。
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!