00:文章简介
本文根据上篇文章中模拟的架构,再次模拟了企业中使用ansible的playbook和roles编排并发布了wordpress和phpmyadmin的集群服务,其中涉及了MySQL+NFS+Redis+Nginx+php+lvs+keepalived+dns,并使用了https加密访问。
01:使用ansible编排base基本环境
实现:根据不同类型的主机,分配不同基础环境
例如:
1、只有web和proxy主机含有nginx源
2、只有web主机含有php源
3、其他主机只有base源
4、dns主机不需要创建www用户
5、dns、Ib、nfs不需要安装mariadb和MySQL-python
1.1:编写base的roles
[root@ansible ~]# cat ansible/roles/base/tasks/main.yml
- name: Clear Old yum repo
shell:
cmd: 'gzip *.repo'
chdir: /etc/yum.repos.d/
- name: Config Base yum repo
yum_repository:
name: Base
description: Base yum repo
baseurl: http://mirrors.linux98.com/centos/$releasever/base/
enabled: yes
gpgcheck: no
- name: Config Epel yum repo
yum_repository:
name: Epel
description: Epel yum repo
baseurl: http://mirrors.linux98.com/centos/$releasever/epel/
enabled: yes
gpgcheck: no
- name: Config Nginx yum repo
yum_repository:
name: Nginx
description: Nginx yum repo
baseurl: http://mirrors.linux98.com/centos/$releasever/nginx-stable/
enabled: yes
gpgcheck: no
when: ( ansible_hostname is match ("web*") ) or ( ansible_hostname is match ("proxy*") )
- name: Config Php yum repo
yum_repository:
name: Php
description: Php yum repo
baseurl: http://mirrors.linux98.com/centos/$releasever/php/
enabled: yes
gpgcheck: no
when: ( ansible_hostname is match ("web*") )
- name: Add Process Group
group:
name: www
gid: 666
when: ( ansible_hostname is not match ("dns*") )
- name: Add Process User
user:
name: www
uid: 666
group: www
create_home: no
shell: /sbin/nologin
when: ( ansible_hostname is not match ("dns*") )
- name: Installed Base Software
yum:
name: "{{ item }}"
state: present
loop:
- wget
- httpd-tools
- lrzsz
- nfs-utils
- bind-utils
- net-tools
- unzip
- vim
- gcc
- git
- name: Installed Base Software other
yum:
name: "{{ item }}"
state: present
loop:
- mariadb
- MySQL-python
when: ( ansible_hostname is not match ("dns*") ) or ( ansible_hostname is not match ("Ib*") ) or ( ansible_hostname is not match ("nfs*") )
1.2:运行效果
运行效果
base和epel 的yum源所有主机都有
nginx的yum源只有web和proxy节点有
php只有web节点有
除了dns节点都创建了www用户和组
02:使用ansible的roles编排底层环境(NFS-server、MYSQL、redis)
2.1:编写NFS-server的roles
2.1.1:创建目录
[root@ansible ansible]# mkdir roles/{nfs}/{tasks,handlers,templates,files,meta,vars} -p
2.1.2:先编写tasks
[root@ansible ansible]# cat roles/nfs/tasks/main.yml
- name: Install NFS Server SoftWare
yum:
name: nfs-utils
state: present
- name: Configure NFS Server
template:
src: exports.j2
dest: /etc/exports
notify: Restart NFS Server
- name: INIT NFS Server
file:
path: "{{ nfs_share_directory }}"
state: directory
owner: "{{ user }}"
group: "{{ group }}"
- name: Started NFS Server
systemd:
name: nfs
state: started
enabled: yes
2.1.3:根据tasks编写handlers
[root@ansible ansible]# cat roles/nfs/handlers/main.yml
- name: Restart NFS Server
systemd:
name: nfs
state: restarted
2.1.4:根据tasks编写template
[root@ansible ansible]# cat roles/nfs/templates/exports.j2
{{ nfs_share_directory }} {{ nfs_share_ip_pool }}(rw,sync,anonuid={{ user_id }},anonuid={{ group_id }})
2.1.5:添加整体环境变量
创建/root/ansible/group_vars/all 整体变量文件,并将nfs的tasks中的变量赋值
[root@ansible ansible]# cat group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
2.1.6:编写playbook指定nfsservers主机群组进行部署
[root@ansible ansible]# cat test.yml
- name: Install NFS
hosts: nfsservers
roles:
- nfs
2.1.7:使用redis01作为客户端测试
[root@redis01 ~]# showmount -e 10.10.100.31
Export list for 10.10.100.31:
/ansible_data 10.10.100.0/24
2.2:编写mysql的roles
2.2.1:创建目录
[root@ansible ansible]# mkdir roles/{nfs}/{tasks,handlers,templates,files,meta,vars} -p
2.2.2:编写tasks
[root@ansible ~]# cat ansible/roles/mysql/tasks/main.yml
- name: Install Mariadb-Server SoftWare
yum:
name: mariadb-server
state: present
- name: Configure Mariadb-Server Root User
shell:
cmd: mysqladmin -u root password "{{ mysql_root_pw }}"
- name: Started Mariadb-Server Service
systemd:
name: mariadb
state: started
enabled: yes
- name: Create App Grant User
mysql_user:
login_user: root
login_password: "{{ mysql_root_pw }}"
name: ansible_all
password: linux98.com123
update_password: on_create
host: '%'
priv: '*.*:ALL'
state: present
2.2.3:根据tasks向group_vars/all中添加变量
[root@ansible ~]# cat ansible/group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
2.2.4:编写playbook将mysqlserver部署mariadb-server服务
[root@ansible ~]# cat ansible/test.yml
- name: Install Mariadb-Server
hosts: mysqlservers
roles:
- mysql
2.2.5:测试root用户及其他用户是否能正常登录
[root@nfs ~]# mysql -uansible_all -plinux98.com123 -h 10.10.100.51 -P3306
MariaDB [(none)]> exit
Bye
2.3:编写redis的roles
2.3.1:编写tasks
#创建目录
[root@ansible roles]# mkdir -pv redis/{files,tasks,templates,handlers,meta}
[root@ansible ansible]# cat roles/redis/tasks/main.yml
- name: Install Redis Server
yum:
name: redis
state: present
- name: Configure Redis Server
template:
src: redis.conf.j2
dest: /etc/redis.conf
owner: 'redis'
group: 'redis'
mode: '0640'
notify: Restart Redis Server
- name: Started Redis Server
systemd:
name: redis
state: started
enabled: yes
2.3.2:根据tasks编写handlers
[root@ansible ansible]# cat roles/redis/handlers/main.yml
- name: Restart Redis Server
systemd:
name: redis
state: restarted
2.3.3:根据tasks编写templates
[root@ansible ansible]# cat roles/redis/templates/redis.conf.j2
bind 127.0.0.1 {{ ansible_default_ipv4.address }}
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes
2.3.4:编写playbook
[root@ansible ansible]# cat test.yml
- name: Install Redis-Server
hosts: redisserver
roles:
- redis
2.3.5:登录redis查看效果
[root@ansible ansible]# ssh root@10.10.100.41
[root@redis01 ~]# redis-cli
03:编写中层服务的roles(nginx、php)
3.1:编写nignx的roles
3.1.1:创建目录
[root@ansible roles]# mkdir -pv nginx/{files,tasks,templates,handlers,meta}
3.1.2:编写tasks
[root@ansible ansible]# cat roles/nginx/tasks/main.yml
- name: Installed Nginx SoftWare
yum:
name: nginx
state: present
- name: Configure Nginx Server
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx Server
- name: Started Nginx Server
systemd:
name: nginx
state: started
enabled: yes
3.1.3:根据tasks编写handlers
[root@ansible ansible]# cat roles/nginx/handlers/main.yml
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
3.1.4:根据tasks编写templates
[root@ansible ansible]# cat roles/nginx/templates/nginx.conf.j2
user {{ user }};
worker_processes {{ ansible_processor_vcpus }};
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 25565;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
3.1.5:编写playbook进行测试
[root@ansible ansible]# cat test.yml
- name: Install Nginx-server
hosts: webservers
roles:
- nginx
3.1.6:客户端验证
[root@ansible ansible]# curl http://10.10.100.21
...
<title>Welcome to nginx!</title>
...
3.2:编写php的roles
3.2.1:创建目录
[root@ansible roles]# mkdir -pv php/{files,tasks,templates,handlers,meta}
3.2.2:编写tasks
[root@ansible ansible]# cat roles/php/tasks/main.yml
- name: Install PHP server
yum:
name: "{{ item }}"
state: present
loop:
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
- name: Configure PHP Server
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
loop:
- { src: "php.ini.j2", dest: "/etc/php.ini", mode: "0644" }
- { src: "php-fpm.d.www.conf.j2", dest: "/etc/php-fpm.d/www.conf", mode: "0644" }
notify: Restart PHP-FPM Server
- name: Started PHP Server
systemd:
name: php-fpm
state: started
enabled: yes
3.2.3:根据tasks编写handlers
[root@ansible ansible]# cat roles/php/handlers/main.yml
- name: Restart PHP-FPM Server
systemd:
name: php-fpm
state: restarted
3.2.4:根据tasks编写templates
[root@ansible ansible]# cat roles/php/templates/php.ini.j2
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 16M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = redis
session.save_path = "tcp://{{ redis_server_ip }}:{{ redis_server_port }}"
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]
[openssl]
[root@ansible ansible]# cat roles/php/templates/php-fpm.d.www.conf.j2
[www]
user = {{ user }}
group = {{ group }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
3.2.5:根据tasks给group_vars/all添加变量
[root@ansible ansible]# vim group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
3.2.6:使用playbook测试roles
[root@ansible ansible]# cat test.yml
- name: Install Nginx-server
hosts: webservers
roles:
- php
3.3:测试php-test的roles测试php是否正确安装
3.3.1:创建文件夹
[root@ansible roles]# mkdir -pv php-test/{files,tasks,templates,handlers,meta}
3.3.2:编写tasks
[root@ansible ansible]# cat roles/php-test/tasks/main.yml
- name: Add Nginx Config
template:
src: php.conf.j2
dest: /etc/nginx/conf.d/php.conf
notify: Restart Nginx server
- name: Add Test Code
copy:
src: info.php
dest: /usr/share/nginx/html/info.php
owner: "{{ user }}"
group: "{{ group }}"
mode: '0755'
3.3.3:创建模板
[root@ansible ansible]# cat roles/php-test/templates/php.conf.j2
server {
listen 80;
server_name php.linux98.com;
root /usr/share/nginx/html/;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
3.3.4:编写handlers
[root@ansible ansible]# cat roles/php-test/handlers/main.yml
- name: Restart Nginx server
systemd:
name: nginx
state: restarted
3.3.5:准备网页文件
[root@ansible ansible]# cat roles/php-test/files/info.php
<?php
phpinfo();
?>
3.3.6:使用playbook执行
[root@ansible ansible]# cat test.yml
- name: Install Nginx-server
hosts: webservers
roles:
- php-test
3.3.7:使用浏览器测试
04:使用中层服务部署WordPress、PHPmyadmin
4.1:部署WordPress
4.1.1:创建目录
[root@ansible roles]# mkdir -pv wordpress-web/{files,tasks,templates,handlers,meta}
[root@ansible ansible]# tree roles/wordpress-web/
roles/wordpress-web/
├── files
│ ├── ansible_wordpress.sql
│ └── wordpress.tar.gz
├── handlers
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── example.linux98.com.conf.j2
4.1.2:编写tasks
[root@ansible ansible]# cat roles/wordpress-web/tasks/main.yml
- name: Add Wordpress VHost Confgiure
template:
src: example.linux98.com.conf.j2
dest: /etc/nginx/conf.d/example.linux98.com.conf
notify: Restart Nginx Server
- name: Create Wordpress Site Directory
file:
path: "{{ wordpress_root_path }}"
state: directory
owner: "{{ user }}"
group: "{{ group }}"
- name: Copy Wordpress Code
unarchive:
src: wordpress.tar.gz
dest: "{{ wordpress_root_path }}"
owner: "{{ user }}"
group: "{{ group }}"
- name: Copy App Databases
copy:
src: ansible_wordpress.sql
dest: /tmp/
- name: Import App Databases
mysql_db:
login_host: "{{ dbserver_ipaddress }}"
login_user: "{{ mysql_app_user }}"
login_password: "{{ mysql_app_pw }}"
name: ansible_wordpress
state: import
target: /tmp/ansible_wordpress.sql
4.1.3:编写handlers
[root@ansible wordpress-web]# vim handlers/main.yml
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
4.1.4:创建模板
[root@ansible wordpress-web]# cat templates/example.linux98.com.conf.j2
server {
listen {{ wordpress_listen_port }};
server_name {{ wordpress_server_name }};
root {{ wordpress_root_path }};
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS {{ wordpress_fastcgi_https }};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
4.1.5:上传文件
文件地址:
wordpress.tar.gz https://gitee.com/lichunpeng12/ansible/raw/master/roles/wordpress-web/files/wordpress.tar.gz
ansible_wordpress.sql https://gitee.com/lichunpeng12/ansible/blob/master/roles/wordpress-web/files/ansible_wordpress.sql
[root@ansible wordpress-web]# tree
.
├── files
│ ├── ansible_wordpress.sql
│ └── wordpress.tar.gz
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── example.linux98.com.conf.j2
4.1.6:编写meta依赖
[root@ansible wordpress-web]# cat meta/main.yml
dependencies:
- { role: nginx }
- { role: php }
4.1.7:增加全局变量
[root@ansible wordpress-web]# cat /root/ansible/group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress-web
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "off" #这里只是部署后端web节点,如果开启fastcgi https,页面会不正常
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
4.1.8:编写playbook测试
[root@ansible wordpress-web]# cat /root/ansible/test.yml
- name: Depoly Wordpress App
hosts: webservers
roles:
- wordpress-web
4.1.9:测试效果
#此处应该是10.10.100.21、22、23
4.2:部署PHPmyadmin
4.2.1:创建目录
[root@ansible roles]# mkdir -pv phpmyadmin/{files,tasks,templates,handlers,meta}
4.2.2:编写tasks
[root@ansible ansible]# cat roles/phpmyadmin/tasks/main.yml
- name: Create code directory
file:
path: "{{ phpmyadmin_root_path }}"
state: directory
owner: "{{ user }}"
group: "{{ group }}"
- name: Copy phpmyadmin code
unarchive:
src: phpmyamdin.tar.gz
dest: "{{ phpmyadmin_root_path }}"
owner: "{{ user }}"
group: "{{ group }}"
- name: Configure phpmyadmin config
template:
src: config.inc.php.j2
dest: "{{ phpmyadmin_root_path }}/config.inc.php"
- name: Configure Nginx Virtualhost
template:
src: phpmyadmin.linux98.com.conf.j2
dest: /etc/nginx/conf.d/phpmyadmin.linux98.com.conf
notify: Restart Nginx Server
4.2.3:编写handlers
[root@ansible ansible]# cat roles/phpmyadmin/handlers/main.yml
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
- name: Restart PHP-fpm Server
systemd:
name: php-fpm
state: restarted
4.2.4:编写模板
[root@ansible ansible]# cat roles/phpmyadmin/templates/config.inc.php.j2
<?php
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
$i = 0;
$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = '{{ dbserver_ipaddress }}';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['UploadDir'] = '';
[root@ansible ansible]# cat roles/phpmyadmin/templates/phpmyadmin.linux98.com.conf.j2
server {
listen {{ phpmyadmin_listen_port }};
server_name {{ phpmyadmin_server_name }};
root {{ phpmyadmin_root_path }};
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param HTTPS {{ phpmyadmin_fastcgi_https }};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
4.2.5:上传phpmyadmin安装包
包链接:https://gitee.com/lichunpeng12/ansible/raw/master/roles/phpmyadmin/files/phpmyamdin.tar.gz
上传到roles/phpmyadmin/files/
上传完之后的样子
[root@ansible ansible]# tree roles/phpmyadmin
roles/phpmyadmin
├── files
│ └── phpmyamdin.tar.gz
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
├── config.inc.php.j2
└── phpmyadmin.linux98.com.conf.j2
4.2.6:配置全局环境变量
[root@ansible ansible]# cat group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress-web
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "off" #这里只是部署后端web节点,如果开启fastcgi https,页面会不正常
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "off"
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
4.2.7:测试直接访问web节点
测试访问时可以右键刷新,点**清空缓存并硬性重新加载**
下面的地址应该是10.10开头
05:配置Nginx的7层代理(WordPress、PHPmyadmin)
5.1:WordPress-proxy
5.1.1:创建目录
[root@ansible roles]# tree wordpress-proxy/
wordpress-proxy/
├── files
│ ├── 5681611_example.linux98.com.key
│ └── 5681611_example.linux98.com.pem
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
│ ├── example.linux98.com.conf.j2
│ └── proxy_params.j2
└── vars
5.1.2:编写tasks
[root@ansible roles]# cat wordpress-proxy/tasks/main.yml
- name: Add Proxy Nginx Vhost
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "example.linux98.com.conf.j2", dest: "/etc/nginx/conf.d/proxy_example.linux98.com.conf" }
- { src: "proxy_params.j2", dest: "/etc/nginx/proxy_params" }
- name: Add Proxy SSL Key Direction
file:
path: /etc/nginx/ssl_keys/
state: directory
- name: Copy SSL Key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "5681611_example.linux98.com.key", dest: "/etc/nginx/ssl_keys/5681611_example.linux98.com.key" }
- { src: "5681611_example.linux98.com.pem", dest: "/etc/nginx/ssl_keys/5681611_example.linux98.com.pem" }
notify: Restart Nginx Server
5.1.3:编写handlers
[root@ansible wordpress-proxy]# cat handlers/main.yml
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
5.1.4:编写meta
[root@ansible wordpress-proxy]# cat meta/main.yml
dependencies:
- { role: nginx }
5.1.5:编写模板
[root@ansible wordpress-proxy]# cat templates/example.linux98.com.conf.j2
upstream {{ wordpress_server_name }} {
{% for host in groups["webservers"]%}
server {{ host }}:{{ wordpress_listen_port }};
{% endfor %}
}
#https
server {
listen {{ wordpress_proxy_port }} ssl;
server_name {{ wordpress_server_name }};
ssl_certificate ssl_keys/5681611_example.linux98.com.pem;
ssl_certificate_key ssl_keys/5681611_example.linux98.com.key;
location / {
proxy_pass http://{{ wordpress_server_name }};
include proxy_params;
}
}
#http-->https
server {
listen 80;
server_name {{ wordpress_server_name }};
return 302 https://$server_name$request_uri;
}
[root@ansible wordpress-proxy]# cat templates/proxy_params.j2
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header 44.220.184.63 $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
5.1.6:上传SSL证书
上传ssl证书
[root@ansible wordpress-proxy]# tree files/
files/
├── 5681611_example.linux98.com.key
└── 5681611_example.linux98.com.pem
5.1.7:配置全局变量
[root@ansible wordpress-proxy]# cat /root/ansible/group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
5.1.8:使用playbook执行
[root@ansible ansible]# cat test.yml
- name: Depoly Wordpress App
hosts: webservers
roles:
- wordpress-web
- name: Set Wordpress Proxy
hosts: proxyservers
roles:
- wordpress-proxy
5.1.9:验证
下面的地址应该是10.10开头
5.2:PHPmyadmin-proxy
5.2.1:创建目录
[root@ansible ansible]# tree roles/phpmyadmin-proxy/
roles/phpmyadmin-proxy/
├── files
│ ├── 5755021_phpmyadmin.linux98.com.key
│ └── 5755021_phpmyadmin.linux98.com.pem
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
├── phpmyadmin.linux98.com.conf.j2
└── proxy_params.j2
5.2.2:编写tasks
[root@ansible ansible]# cat roles/phpmyadmin-proxy/tasks/main.yml
- name: Add Proxy Nginx Vhost
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "phpmyadmin.linux98.com.conf.j2", dest: "/etc/nginx/conf.d/proxy_phpmyadmin.linux98.com.conf" }
- { src: "proxy_params.j2", dest: "/etc/nginx/proxy_params" }
- name: Add Proxy SSL Key Direction
file:
path: /etc/nginx/ssl_keys/
state: directory
- name: Copy SSL Key
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "5755021_phpmyadmin.linux98.com.key", dest: "/etc/nginx/ssl_keys/5755021_phpmyadmin.linux98.com.key" }
- { src: "5755021_phpmyadmin.linux98.com.pem", dest: "/etc/nginx/ssl_keys/5755021_phpmyadmin.linux98.com.pem" }
notify: Restart Nginx Server
5.2.3:编写handlers
[root@ansible ansible]# cat roles/phpmyadmin-proxy/handlers/main.yml
- name: Restart Nginx Server
systemd:
name: nginx
state: restarted
5.2.4:编写meta
[root@ansible ansible]# cat roles/phpmyadmin-proxy/meta/main.yml
dependencies:
- { role: nginx }
5.2.5:编写模板
[root@ansible ansible]# cat roles/phpmyadmin-proxy/templates/phpmyadmin.linux98.com.conf.j2
upstream {{ phpmyadmin_server_name }} {
{% for host in groups["webservers"]%}
server {{ host }}:{{ phpmyadmin_listen_port }};
{% endfor %}
}
#https
server {
listen {{ phpmyadmin_proxy_port }} ssl;
server_name {{ phpmyadmin_server_name }};
ssl_certificate ssl_keys/5755021_phpmyadmin.linux98.com.pem;
ssl_certificate_key ssl_keys/5755021_phpmyadmin.linux98.com.key;
location / {
proxy_pass http://{{ phpmyadmin_server_name }};
include proxy_params;
}
}
#http-->https
server {
listen 80;
server_name {{ phpmyadmin_server_name }};
return 302 https://$server_name$request_uri;
}
[root@ansible ansible]# cat roles/phpmyadmin-proxy/templates/proxy_params.j2
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header 44.220.184.63 $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 64k;
proxy_buffers 4 64k;
5.2.6:上传SSL证书
[root@ansible ansible]# tree roles/phpmyadmin-proxy/files/
roles/phpmyadmin-proxy/files/
├── 5755021_phpmyadmin.linux98.com.key
└── 5755021_phpmyadmin.linux98.com.pem
5.2.7:配置全局变量
[root@ansible ansible]# cat group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
5.2.8:使用playbook执行
[root@ansible ansible]# vim test.yml
- name: Depoly PHPmyadmin App
hosts: webservers
roles:
- phpmyadmin
- name: Set PHPmyadmin Proxy
hosts: proxyservers
roles:
- phpmyadmin-proxy
5.2.9:验证
06:将wordpress中的图片资源迁移到NFS共享存储上
6.1:创建NFS-client的roles
6.1.1:创建文件夹
[root@ansible roles]# mkdir -pv nfs-client/{files,tasks,templates,handlers,meta}
6.1.2:编写tasks
[root@ansible ansible]# cat roles/nfs-client/tasks/main.yml
- name: Create Wordpress Image Directory
file:
path: "{{ wordpress_root_path }}/wp-content/uploads/"
state: directory
mode: '0755'
owner: "{{ user }}"
group: "{{ group }}"
- name: Configure Permanent Storage
mount:
backup: yes
path: "{{ wordpress_root_path }}/wp-content/uploads/"
src: "{{ nfs_server_ip }}:{{ nfs_share_directory }}"
fstype: nfs
state: mounted
6.1.3:配置全局环境变量
[root@ansible ansible]# cat group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
6.1.4:使用web访问wordpress并上传一张图片
未配置nfs时:图片只存在一个主机上,只有多次刷新才能访问到图片
6.1.5:使用playbook将web节点全部挂载nfs
[root@ansible ansible]# cat nfs-client.yml
- name: Configure Webserver NFS-Client
hosts: webservers
roles:
- nfs-client
6.1.6:再次上传图片并刷新测试
多次刷新后图片依然可以访问,证明wordpress静态资源使用NFS共享配置成功
07:配置LVS+Keepalived四层代理
7.1:编写RS节点的roles
7.1.1:创建文件夹
[root@ansible roles]# tree lvs-RS/
lvs-RS/
├── files
├── tasks
│ └── main.yml
└── templates
└── rs_install.sh.j2
7.1.2:编写tasks
[root@ansible roles]# cat lvs-RS/tasks/main.yml
- name: Config RS Scripts
template:
src: rs_install.sh.j2
dest: /tmp/rs_install.sh
- name: Bash RS Scripts
shell:
cmd: 'sh /tmp/rs_install.sh'
7.1.3:编写模板脚本
[root@ansible roles]# cat lvs-RS/templates/rs_install.sh.j2
VIP={{ lvs_vip_address }}
DEV=lo:0
cat >/etc/sysconfig/network-scripts/ifcfg-${DEV} <<-EOF
DEVICE=lo:0
IPADDR=${VIP}
#NETMASK=255.0.0.0
PREFIX=32
ONBOOT=yes
NAME=loopback
EOF
systemctl restart network
#配置ARP,不对外宣告本机VIP地址
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
7.2:编排keepalived的roles
7.2.1:创建文件夹
[root@ansible tasks]# tree /root/ansible/roles/lvs/
/root/ansible/roles/lvs/
├── files
├── handlers
├── meta
├── tasks
│ └── main.yml
├── templates
└── vars
7.2.2:编写tasks
[root@ansible roles]# cat lvs/tasks/main.yml
- name: Enable Kernel Forward
shell:
cmd: 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p'
- name: Install Keepalived SoftWare
yum:
name:
- keepalived
- ipvsadm
state: present
- name: Configure Keeplaived config
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: Restart Keepalived Service
- name: Configure Keepalived Service
systemd:
name: keepalived
state: started
enabled: yes
7.2.3:编写handlers
[root@ansible roles]# cat lvs/handlers/main.yml
- name: Restart Keepalived Service
systemd:
name: keepalived
state: restarted
7.2.4:编写templates文件
[root@ansible roles]# cat lvs/templates/keepalived.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
vrrp_instance VI_1 {
{% if ansible_hostname == "Ib01" %}
state MASTER
priority 200
{% elif ansible_hostname == "Ib02" %}
state BACKUP
priority 150
{% endif %}
interface eth0
virtual_router_id 50
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{{ lvs_vip_address }}
}
}
# 配置集群地址访问的IP+Port
virtual_server {{ lvs_vip_address }} {{ lvs_cluster_port }} {
delay_loop 6
lb_algo wlc
lb_kind DR
perssisstence_timeout 5
protocol TCP
{% for realserver_ip in groups["proxyservers"] %}
real_server {{ realserver_ip }} {{ realserver_port }} {
weight 1
TCP_CHECK {
connect_port {{ realserver_port }}
connect_timeout 3
nb_get_retry 2
delay_beefore_retry 3
}
}
{% endfor %}
}
virtual_server {{ lvs_vip_address }} {{ lvs_cluster_https_port }} {
delay_loop 6
lb_algo wlc
lb_kind DR
perssisstence_timeout 5
protocol TCP
{% for realserver_ip in groups["proxyservers"] %}
real_server {{ realserver_ip }} {{ realserver_https_port }} {
weight 1
TCP_CHECK {
connect_port {{ realserver_port }}
connect_timeout 3
nb_get_retry 2
delay_beefore_retry 3
}
}
{% endfor %}
}
7.2.5:添加全局环境变量
[root@ansible ansible]# cat group_vars/all
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
#Ibserver
lvs_vip_address: 10.10.100.100
lvs_cluster_port: 80
realserver_port: 80
realserver_https_port: 443
lvs_cluster_https_port: 443
#dns
dns_master_ip: 10.10.100.91
dns_slave_ip: 10.10.100.92
7.2.6:编写playbook进行测试
[root@ansible ansible]# cat lvs.yml
- name: Install Base
hosts:
- Ibservers
roles:
- base
- name: Install Keepalived and lvs
hosts: Ibservers
roles:
- lvs
- name: Install RS Server
hosts: proxyservers
roles:
- lvs-RS
7.2.7:route节点配置DNAT
[root@route ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 172.20.254.192 tcp dpt:443 to:10.10.100.100:443
DNAT tcp -- 0.0.0.0/0 172.20.254.192 tcp dpt:80 to:10.10.100.100:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.10.100.0/24 0.0.0.0/0 to:172.20.254.192
[root@route ~]# iptables -t nat -I PREROUTING -p tcp --dport 80 -d 172.20.254.192 -j DNAT --to 10.10.100.100:80
[root@route ~]# iptables -t nat -I PREROUTING -p tcp --dport 443 -d 172.20.254.192 -j DNAT --to 10.10.100.100:443
[root@route ~]# sysctl -p
net.ipv4.ip_forward = 1
7.2.8:使用client进行测试
08:配置DNS并使用全局DNS
8.1:编写DNS(bind)的roles
8.1.1:创建文件夹
[root@ansible ansible]# tree roles/dns/
roles/dns/
├── files
├── handlers
│ └── main.yml
├── meta
├── tasks
│ └── main.yml
├── templates
│ ├── linux98.com.zone.j2
│ ├── named.conf.j2
│ └── named.linux98.zones.j2
└── vars
8.1.2:编写tasks
[root@ansible ansible]# cat roles/dns/tasks/main.yml
- name: Install bind software
yum:
name: bind
state: present
- name: Config
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "root"
group: "named"
mode: "0640"
loop:
- { src: "named.conf.j2", dest: "/etc/named.conf" }
- { src: "linux98.com.zone.j2", dest: "/var/named/linux98.com.zone" }
- { src: "named.linux98.zones.j2", dest: "/etc/named.linux98.zones" }
notify: Restart named service
- name: systemd
systemd:
name: named
state: started
enabled: yes
8.1.3:编写handlers
[root@ansible ansible]# cat roles/dns/handlers/main.yml
- name: Restart named service
systemd:
name: named
state: restarted
8.1.4:编写templates
[root@ansible ansible]# cat roles/dns/templates/linux98.com.zone.j2
$TTL 600
linux98.com. IN SOA ns.linux98.com. qq.linux98.com. (
2021051909
10800
900
604800
86400
)
linux98.com. IN NS ns1.linux98.com.
ns1.linux98.com. IN A {{ dns_master_ip }}
{% for host in groups.all %}
{{ hostvars[host].ansible_hostname }}.linux98.com. IN A {{ hostvars[host].ansible_default_ipv4.address }}
{% endfor %}
mirrors.linux98.com. IN A 172.20.254.191
example.linux98.com. IN A 172.20.254.192
phpmyadmin.linux98.com. IN A 172.20.254.192
[root@ansible ansible]# cat roles/dns/templates/named.conf.j2
options {
listen-on port 53 { localhost; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
{% if ansible_hostname == "dns-master" %}
allow-transfer { {{ dns_slave_ip }};};
also-notify { {{ dns_slave_ip }};};
{% elif ansible_hostname == "dns-slave" %}
masterfile-format text;
{% endif %}
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.linux98.zones";
[root@ansible ansible]# cat roles/dns/templates/named.linux98.zones.j2
{% if ansible_hostname == "dns-master" %}
zone "linux98.com" IN {
type master;
file "linux98.com.zone";
notify yes;
};
{% elif ansible_hostname == "dns-slave" %}
zone "linux98.com" IN {
type slave;
file "slaves/linux98.com.zone";
masters { {{ dns_master_ip }};};
};
{% endif %}
8.1.5:添加全局环境变量
#all
user: www
group: www
user_id: 666
group_id: 666
#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31
#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123
#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379
#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443
#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"
#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"
#phpmyadmin-proxy
phpmyadmin_proxy_port: 443
#Ibserver
lvs_vip_address: 10.10.100.100
lvs_cluster_port: 80
realserver_port: 80
realserver_https_port: 443
lvs_cluster_https_port: 443
#dns
dns_master_ip: 10.10.100.91
dns_slave_ip: 10.10.100.92
8.1.6:编写playbook进行测试
[root@ansible ansible]# cat dns.yml
- name: Get facts
hosts: all
- name: Install Base and dns software
hosts: dnsservers
roles:
- base
- dns
8.2:编写dns-client的roles
8.2.1:创建文件夹
[root@ansible ansible]# tree roles/dns-client/
roles/dns-client/
├── handlers
│ └── main.yml
└── tasks
└── main.yml
8.2.2:编写tasks
[root@ansible ansible]# cat roles/dns-client/tasks/main.yml
- name: Notes old Network DNS Config
lineinfile:
backup: yes
path: /etc/sysconfig/network-scripts/ifcfg-eth0
state: absent
regexp: '^DNS'
- name: Add New Network DNS Config
lineinfile:
backup: yes
path: /etc/sysconfig/network-scripts/ifcfg-eth0
state: present
line: "{{ item }}"
loop:
- 'DNS1={{ dns_master_ip }}'
- 'DNS2={{ dns_slave_ip }}'
notify: Restart Network Service
8.2.3:编写handlers
[root@ansible ansible]# cat roles/dns-client/handlers/main.yml
- name: Restart Network Service
systemd:
name: network
state: restarted
8.2.4:编写playbook进行测试
[root@ansible ansible]# cat dns-client.yml
- name: Config Host DNS
hosts:
- webservers
roles:
- dns-client
8.2.5:查看测试结果
[root@ansible ansible]# ansible webservers -m shell -a 'cat /etc/sysconfig/network-scripts/ifcfg-eth0 | grep DNS'
10.10.100.22 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92
10.10.100.21 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92
10.10.100.23 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92
09:初始化全部主机测试各个roles
9.1:还原主机快照
9.1.1:在VMware vCenter上还原节点快照(重装系统)
将hosts清单内的主机全部还原快照(还原前保留一下快照,可以先关机再对快照进行操作)
9.1.2:使用ansible确认所有主机已经在线并检查时间是否同步
[root@ansible ansible]# ansible all -m shell -a 'date'
10.10.100.22 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.6 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.23 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.5 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.21 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.11 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.13 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.31 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.12 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.41 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.51 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.91 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.92 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.93 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
9.2:使用playbook编排roles执行顺序
需要注意的地方:如果一起部署wordpress和phpmyadin,需要将phpmyadmin的roles里meta文件修改名称。
[root@ansible ansible]# cat wordpress-cluster.yml
- name: Get facts
hosts: all
- name: Install Base Software
hosts: all
roles:
- base
- name: Install DNS Server
hosts:
- dnsservers
- name: Configure Servers DNS Config
hosts:
- Ibservers
- proxyservers
- webservers
- nfsservers
- redisserver
- mysqlservers
roles:
- dns-client
- name: Configure NFS Servers
hosts: nfsservers
roles:
- nfs
- name: Configure Mysql Servers
hosts: mysqlservers
roles:
- mysql
- name: Configure Redis Servers
hosts: redisserver
roles:
- redis
- name: Configure WordPress Web and NFS Share Client
hosts: webservers
roles:
- wordpress-web
- nfs-client
- name: Configure WordPress Proxy and lvs-RS
hosts: proxyservers
roles:
- wordpress-proxy
- lvs-RS
- name: Configure LVS Server
hosts: Ibservers
roles:
- lvs
9.3:客户端测试
在测试机上设置host劫持 172.20.254.192 example.linux98.com phpmyadmin.linux98.com
9.3.1:测试wordpress
访问 example.linux98.com/wp-amdin
在后台上传一个图片,多次刷新测试共享存储
9.3.2:测试phpmyadmin
访问phpmyadmin.linux98.com
登录并多次刷新查看地址
评论区