ansible配置IDC集群实验02

00：文章简介

本文根据上篇文章中模拟的架构，再次模拟了企业中使用ansible的playbook和roles编排并发布了wordpress和phpmyadmin的集群服务，其中涉及了MySQL+NFS+Redis+Nginx+php+lvs+keepalived+dns，并使用了https加密访问。

01：使用ansible编排base基本环境

实现：根据不同类型的主机，分配不同基础环境

例如：

1、只有web和proxy主机含有nginx源

2、只有web主机含有php源

3、其他主机只有base源

4、dns主机不需要创建www用户

5、dns、Ib、nfs不需要安装mariadb和MySQL-python

1.1：编写base的roles

[root@ansible ~]# cat ansible/roles/base/tasks/main.yml 
- name: Clear Old yum repo
  shell:
    cmd: 'gzip *.repo'
    chdir: /etc/yum.repos.d/

- name: Config Base yum repo
  yum_repository:
    name: Base
    description: Base yum repo
    baseurl: http://mirrors.linux98.com/centos/$releasever/base/
    enabled: yes
    gpgcheck: no

- name: Config Epel yum repo
  yum_repository:
    name: Epel
    description: Epel yum repo
    baseurl: http://mirrors.linux98.com/centos/$releasever/epel/
    enabled: yes
    gpgcheck: no


- name: Config Nginx yum repo
  yum_repository:
    name: Nginx
    description: Nginx yum repo
    baseurl: http://mirrors.linux98.com/centos/$releasever/nginx-stable/
    enabled: yes
    gpgcheck: no
  when: ( ansible_hostname is match ("web*") ) or ( ansible_hostname is match ("proxy*") )


- name: Config Php yum repo
  yum_repository:
    name: Php
    description: Php yum repo
    baseurl: http://mirrors.linux98.com/centos/$releasever/php/ 
    enabled: yes
    gpgcheck: no
  when: ( ansible_hostname is match ("web*") )

- name: Add Process Group
  group:
    name: www
    gid: 666
  when: ( ansible_hostname is not match ("dns*") )

- name: Add Process User
  user:
    name: www
    uid: 666
    group: www
    create_home: no
    shell: /sbin/nologin
  when: ( ansible_hostname is not match ("dns*") )

- name: Installed Base Software
  yum:
    name: "{{ item }}"
    state: present
  loop:
    - wget
    - httpd-tools
    - lrzsz
    - nfs-utils
    - bind-utils
    - net-tools
    - unzip
    - vim
    - gcc
    - git

- name: Installed Base Software other
  yum:
    name: "{{ item }}"
    state: present
  loop:
    - mariadb
    - MySQL-python
  when: ( ansible_hostname is not match ("dns*") ) or ( ansible_hostname is not match ("Ib*") ) or ( ansible_hostname is not match ("nfs*") )

1.2：运行效果

运行效果

base和epel 的yum源所有主机都有

nginx的yum源只有web和proxy节点有

php只有web节点有

除了dns节点都创建了www用户和组

02：使用ansible的roles编排底层环境（NFS-server、MYSQL、redis）

2.1：编写NFS-server的roles

2.1.1：创建目录

[root@ansible ansible]# mkdir roles/{nfs}/{tasks,handlers,templates,files,meta,vars} -p

2.1.2：先编写tasks

[root@ansible ansible]# cat roles/nfs/tasks/main.yml 
- name: Install NFS Server SoftWare
  yum:
    name: nfs-utils
    state: present

- name: Configure NFS Server
  template:
    src: exports.j2
    dest: /etc/exports
  notify: Restart NFS Server

- name: INIT NFS Server
  file:
    path: "{{ nfs_share_directory }}"
    state: directory
    owner: "{{ user }}"
    group: "{{ group }}"

- name: Started NFS Server
  systemd:
    name: nfs
    state: started
    enabled: yes

2.1.3：根据tasks编写handlers

[root@ansible ansible]# cat roles/nfs/handlers/main.yml 
- name: Restart NFS Server
  systemd:
    name: nfs
    state: restarted

2.1.4：根据tasks编写template

[root@ansible ansible]# cat roles/nfs/templates/exports.j2 
{{ nfs_share_directory }} {{ nfs_share_ip_pool }}(rw,sync,anonuid={{ user_id }},anonuid={{ group_id }})

2.1.5：添加整体环境变量

创建/root/ansible/group_vars/all 整体变量文件，并将nfs的tasks中的变量赋值

[root@ansible ansible]# cat group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

2.1.6：编写playbook指定nfsservers主机群组进行部署

[root@ansible ansible]# cat test.yml 
- name: Install NFS
  hosts: nfsservers
  roles:
    - nfs

2.1.7：使用redis01作为客户端测试

[root@redis01 ~]# showmount -e 10.10.100.31
Export list for 10.10.100.31:
/ansible_data 10.10.100.0/24

2.2：编写mysql的roles

2.2.1：创建目录

[root@ansible ansible]# mkdir roles/{nfs}/{tasks,handlers,templates,files,meta,vars} -p

2.2.2：编写tasks

[root@ansible ~]# cat ansible/roles/mysql/tasks/main.yml 
- name: Install Mariadb-Server SoftWare
  yum:
    name: mariadb-server
    state: present

- name: Configure Mariadb-Server Root User
  shell:
    cmd: mysqladmin -u root password "{{ mysql_root_pw }}"

- name: Started Mariadb-Server Service
  systemd:
    name: mariadb
    state: started
    enabled: yes

- name: Create App Grant User
  mysql_user:
    login_user: root
    login_password: "{{ mysql_root_pw }}"
    name: ansible_all
    password: linux98.com123
    update_password: on_create
    host: '%'
    priv: '*.*:ALL'
    state: present

2.2.3：根据tasks向group_vars/all中添加变量

[root@ansible ~]# cat ansible/group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123

2.2.4：编写playbook将mysqlserver部署mariadb-server服务

[root@ansible ~]# cat ansible/test.yml 
- name: Install Mariadb-Server
  hosts: mysqlservers
  roles:
    - mysql

2.2.5：测试root用户及其他用户是否能正常登录

[root@nfs ~]# mysql -uansible_all -plinux98.com123 -h 10.10.100.51 -P3306
MariaDB [(none)]> exit
Bye

2.3：编写redis的roles

2.3.1：编写tasks

#创建目录
[root@ansible roles]# mkdir -pv redis/{files,tasks,templates,handlers,meta}
[root@ansible ansible]# cat roles/redis/tasks/main.yml 
- name: Install Redis Server
  yum:
    name: redis
    state: present

- name: Configure Redis Server
  template:
    src: redis.conf.j2
    dest: /etc/redis.conf
    owner: 'redis'
    group: 'redis'
    mode: '0640'
  notify: Restart Redis Server

- name: Started Redis Server
  systemd:
    name: redis
    state: started
    enabled: yes

2.3.2：根据tasks编写handlers

[root@ansible ansible]# cat roles/redis/handlers/main.yml 
- name: Restart Redis Server
  systemd:
    name: redis
    state: restarted

2.3.3：根据tasks编写templates

[root@ansible ansible]# cat roles/redis/templates/redis.conf.j2 
bind 127.0.0.1 {{ ansible_default_ipv4.address }} 
protected-mode yes
port 6379
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
dir /var/lib/redis
slave-serve-stale-data yes
slave-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-disable-tcp-nodelay no
slave-priority 100
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
aof-rewrite-incremental-fsync yes

2.3.4：编写playbook

[root@ansible ansible]# cat test.yml 
- name: Install Redis-Server
  hosts: redisserver 
  roles:
    - redis

2.3.5：登录redis查看效果

[root@ansible ansible]# ssh root@10.10.100.41
[root@redis01 ~]# redis-cli 

03：编写中层服务的roles（nginx、php）

3.1：编写nignx的roles

3.1.1：创建目录

[root@ansible roles]# mkdir -pv nginx/{files,tasks,templates,handlers,meta}

3.1.2：编写tasks

[root@ansible ansible]# cat roles/nginx/tasks/main.yml 
- name: Installed Nginx SoftWare
  yum:
    name: nginx
    state: present

- name: Configure Nginx Server
  template:
    src: nginx.conf.j2
    dest: /etc/nginx/nginx.conf
  notify: Restart Nginx Server

- name: Started Nginx Server
  systemd:
    name: nginx
    state: started
    enabled: yes

3.1.3：根据tasks编写handlers

[root@ansible ansible]# cat roles/nginx/handlers/main.yml 
- name: Restart Nginx Server
  systemd:
    name: nginx
    state: restarted

3.1.4：根据tasks编写templates

[root@ansible ansible]# cat roles/nginx/templates/nginx.conf.j2 
user  {{ user }};
worker_processes  {{ ansible_processor_vcpus }};

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  25565;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  65;
    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

3.1.5：编写playbook进行测试

[root@ansible ansible]# cat test.yml 
- name: Install Nginx-server
  hosts: webservers
  roles:
    - nginx

3.1.6：客户端验证

[root@ansible ansible]# curl http://10.10.100.21
...
<title>Welcome to nginx!</title>
...

3.2：编写php的roles

3.2.1：创建目录

[root@ansible roles]# mkdir -pv php/{files,tasks,templates,handlers,meta}

3.2.2：编写tasks

[root@ansible ansible]# cat roles/php/tasks/main.yml
- name: Install PHP server
  yum:
    name: "{{ item }}"
    state: present
  loop:
    - php71w
    - php71w-cli
    - php71w-common
    - php71w-devel
    - php71w-embedded
    - php71w-gd
    - php71w-mcrypt
    - php71w-mbstring
    - php71w-pdo
    - php71w-xml
    - php71w-fpm
    - php71w-mysqlnd
    - php71w-opcache
    - php71w-pecl-memcached
    - php71w-pecl-redis
    - php71w-pecl-mongodb

- name: Configure PHP Server
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: "{{ item.mode }}"
  loop:
    - { src: "php.ini.j2", dest: "/etc/php.ini", mode: "0644" }
    - { src: "php-fpm.d.www.conf.j2", dest: "/etc/php-fpm.d/www.conf", mode: "0644" }
  notify: Restart PHP-FPM Server

- name: Started PHP Server
  systemd:
    name: php-fpm
    state: started
    enabled: yes

3.2.3：根据tasks编写handlers

[root@ansible ansible]# cat roles/php/handlers/main.yml 
- name: Restart PHP-FPM Server
  systemd:
    name: php-fpm
    state: restarted

3.2.4：根据tasks编写templates

[root@ansible ansible]# cat roles/php/templates/php.ini.j2 
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 16M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = redis
session.save_path = "tcp://{{ redis_server_ip }}:{{ redis_server_port }}"
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]
[openssl]

[root@ansible ansible]# cat roles/php/templates/php-fpm.d.www.conf.j2 
[www]
user = {{ user }}
group = {{ group }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

3.2.5：根据tasks给group_vars/all添加变量

[root@ansible ansible]# vim group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

3.2.6：使用playbook测试roles

[root@ansible ansible]# cat test.yml 
- name: Install Nginx-server
  hosts: webservers
  roles:
    - php

3.3：测试php-test的roles测试php是否正确安装

3.3.1：创建文件夹

[root@ansible roles]# mkdir -pv php-test/{files,tasks,templates,handlers,meta}

3.3.2：编写tasks

[root@ansible ansible]# cat roles/php-test/tasks/main.yml 
- name: Add Nginx Config
  template:
    src: php.conf.j2
    dest: /etc/nginx/conf.d/php.conf
  notify: Restart Nginx server 


- name: Add Test Code
  copy:
    src: info.php
    dest: /usr/share/nginx/html/info.php
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: '0755'

3.3.3：创建模板

[root@ansible ansible]# cat roles/php-test/templates/php.conf.j2 
server {
        listen 80;
        server_name php.linux98.com;
        root /usr/share/nginx/html/;
        index index.php index.html;
        
        location ~ \.php$ {
                fastcgi_pass    127.0.0.1:9000; 
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}

3.3.4：编写handlers

[root@ansible ansible]# cat roles/php-test/handlers/main.yml 
- name: Restart Nginx server
  systemd:
    name: nginx
    state: restarted

3.3.5：准备网页文件

[root@ansible ansible]# cat roles/php-test/files/info.php 
<?php
        phpinfo();
?>

3.3.6：使用playbook执行

[root@ansible ansible]# cat test.yml
- name: Install Nginx-server
  hosts: webservers
  roles:
    - php-test

3.3.7：使用浏览器测试

04：使用中层服务部署WordPress、PHPmyadmin

4.1：部署WordPress

4.1.1：创建目录

[root@ansible roles]# mkdir -pv wordpress-web/{files,tasks,templates,handlers,meta}
[root@ansible ansible]# tree roles/wordpress-web/
roles/wordpress-web/
├── files
│   ├── ansible_wordpress.sql
│   └── wordpress.tar.gz
├── handlers
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
└── templates
    └── example.linux98.com.conf.j2

4.1.2：编写tasks

[root@ansible ansible]# cat roles/wordpress-web/tasks/main.yml 
- name: Add Wordpress VHost Confgiure
  template:
    src: example.linux98.com.conf.j2
    dest: /etc/nginx/conf.d/example.linux98.com.conf
  notify: Restart Nginx Server

- name: Create Wordpress Site Directory
  file:
    path: "{{ wordpress_root_path }}"
    state: directory
    owner: "{{ user }}"
    group: "{{ group }}"

- name: Copy Wordpress Code
  unarchive:
    src: wordpress.tar.gz 
    dest: "{{ wordpress_root_path }}"
    owner: "{{ user }}"
    group: "{{ group }}"

- name: Copy App Databases
  copy:
    src: ansible_wordpress.sql
    dest: /tmp/

- name: Import App Databases
  mysql_db:
    login_host: "{{ dbserver_ipaddress }}"
    login_user: "{{ mysql_app_user }}" 
    login_password: "{{ mysql_app_pw }}"
    name: ansible_wordpress
    state: import
    target: /tmp/ansible_wordpress.sql

4.1.3：编写handlers

[root@ansible wordpress-web]# vim handlers/main.yml
- name: Restart Nginx Server
  systemd:
    name: nginx
    state: restarted

4.1.4：创建模板

[root@ansible wordpress-web]# cat templates/example.linux98.com.conf.j2 
server {
        listen {{ wordpress_listen_port }};
        server_name {{ wordpress_server_name }};
        root {{ wordpress_root_path }};

        location / {
                index index.php;
        }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param HTTPS {{ wordpress_fastcgi_https }};
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}

4.1.5：上传文件

文件地址：

wordpress.tar.gz https://gitee.com/lichunpeng12/ansible/raw/master/roles/wordpress-web/files/wordpress.tar.gz

ansible_wordpress.sql https://gitee.com/lichunpeng12/ansible/blob/master/roles/wordpress-web/files/ansible_wordpress.sql

[root@ansible wordpress-web]# tree
.
├── files
│   ├── ansible_wordpress.sql
│   └── wordpress.tar.gz
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
└── templates
    └── example.linux98.com.conf.j2

4.1.6：编写meta依赖

[root@ansible wordpress-web]# cat meta/main.yml 
dependencies:
  - { role: nginx }
  - { role: php }

4.1.7：增加全局变量

[root@ansible wordpress-web]# cat /root/ansible/group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress-web
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "off"  #这里只是部署后端web节点，如果开启fastcgi https，页面会不正常

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

4.1.8：编写playbook测试

[root@ansible wordpress-web]# cat /root/ansible/test.yml 
- name: Depoly Wordpress App
  hosts: webservers
  roles:
    - wordpress-web

4.1.9：测试效果

#此处应该是10.10.100.21、22、23

4.2：部署PHPmyadmin

4.2.1：创建目录

[root@ansible roles]# mkdir -pv phpmyadmin/{files,tasks,templates,handlers,meta}

4.2.2：编写tasks

[root@ansible ansible]# cat roles/phpmyadmin/tasks/main.yml 
- name: Create code directory
  file:
    path: "{{ phpmyadmin_root_path }}"
    state: directory
    owner: "{{ user }}"
    group: "{{ group }}"

- name: Copy phpmyadmin code
  unarchive:
    src: phpmyamdin.tar.gz 
    dest: "{{ phpmyadmin_root_path }}"
    owner: "{{ user }}"
    group: "{{ group }}"

- name: Configure phpmyadmin config
  template:
    src: config.inc.php.j2
    dest: "{{ phpmyadmin_root_path }}/config.inc.php"

- name: Configure Nginx Virtualhost
  template:
    src: phpmyadmin.linux98.com.conf.j2
    dest: /etc/nginx/conf.d/phpmyadmin.linux98.com.conf
  notify: Restart Nginx Server

4.2.3：编写handlers

[root@ansible ansible]# cat roles/phpmyadmin/handlers/main.yml 
- name: Restart Nginx Server
  systemd:
    name: nginx
    state: restarted

- name: Restart PHP-fpm Server
  systemd:
    name: php-fpm
    state: restarted

4.2.4：编写模板

[root@ansible ansible]# cat roles/phpmyadmin/templates/config.inc.php.j2 
<?php
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

$i = 0;

$i++;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['host'] = '{{ dbserver_ipaddress }}';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;

$cfg['UploadDir'] = '';

[root@ansible ansible]# cat roles/phpmyadmin/templates/phpmyadmin.linux98.com.conf.j2 
server {
        listen {{ phpmyadmin_listen_port }};
        server_name {{ phpmyadmin_server_name }};
        root {{ phpmyadmin_root_path }};

        location / {
                index index.php;
        }

        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param HTTPS {{ phpmyadmin_fastcgi_https }};
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }
}

4.2.5：上传phpmyadmin安装包

包链接：https://gitee.com/lichunpeng12/ansible/raw/master/roles/phpmyadmin/files/phpmyamdin.tar.gz

上传到roles/phpmyadmin/files/

上传完之后的样子

[root@ansible ansible]# tree roles/phpmyadmin
roles/phpmyadmin
├── files
│   └── phpmyamdin.tar.gz
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
└── templates
    ├── config.inc.php.j2
    └── phpmyadmin.linux98.com.conf.j2

4.2.6：配置全局环境变量

[root@ansible ansible]# cat group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress-web
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "off"  #这里只是部署后端web节点，如果开启fastcgi https，页面会不正常

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "off"


#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

4.2.7：测试直接访问web节点

测试访问时可以右键刷新，点**清空缓存并硬性重新加载**

下面的地址应该是10.10开头

05：配置Nginx的7层代理（WordPress、PHPmyadmin）

5.1：WordPress-proxy

5.1.1：创建目录

[root@ansible roles]# tree wordpress-proxy/
wordpress-proxy/
├── files
│   ├── 5681611_example.linux98.com.key
│   └── 5681611_example.linux98.com.pem
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
│   ├── example.linux98.com.conf.j2
│   └── proxy_params.j2
└── vars

5.1.2：编写tasks

[root@ansible roles]# cat wordpress-proxy/tasks/main.yml 
- name: Add Proxy Nginx Vhost 
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: "example.linux98.com.conf.j2", dest: "/etc/nginx/conf.d/proxy_example.linux98.com.conf" }
    - { src: "proxy_params.j2", dest: "/etc/nginx/proxy_params" }

- name: Add Proxy SSL Key Direction
  file:
    path: /etc/nginx/ssl_keys/
    state: directory

- name: Copy SSL Key
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: "5681611_example.linux98.com.key", dest: "/etc/nginx/ssl_keys/5681611_example.linux98.com.key" }
    - { src: "5681611_example.linux98.com.pem", dest: "/etc/nginx/ssl_keys/5681611_example.linux98.com.pem" }
  notify: Restart Nginx Server

5.1.3：编写handlers

[root@ansible wordpress-proxy]# cat handlers/main.yml 
- name: Restart Nginx Server
  systemd:
    name: nginx
    state: restarted

5.1.4：编写meta

[root@ansible wordpress-proxy]# cat meta/main.yml 
dependencies:
  - { role: nginx }

5.1.5：编写模板

[root@ansible wordpress-proxy]# cat templates/example.linux98.com.conf.j2 
upstream {{ wordpress_server_name }} {
{% for host in groups["webservers"]%}
        server {{ host }}:{{ wordpress_listen_port }};
{% endfor %}
}

#https
server {
        listen {{ wordpress_proxy_port }} ssl;
        server_name {{ wordpress_server_name }};
        ssl_certificate ssl_keys/5681611_example.linux98.com.pem;
        ssl_certificate_key ssl_keys/5681611_example.linux98.com.key;

        location / {
                proxy_pass http://{{ wordpress_server_name }};
                include proxy_params;
        }
}

#http-->https
server {
        listen 80;
        server_name {{ wordpress_server_name }};
        return 302 https://$server_name$request_uri;
}

[root@ansible wordpress-proxy]# cat templates/proxy_params.j2 
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header 18.224.38.3 $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 64k;
proxy_buffers 4 64k;

5.1.6：上传SSL证书

上传ssl证书

[root@ansible wordpress-proxy]# tree files/
files/
├── 5681611_example.linux98.com.key
└── 5681611_example.linux98.com.pem

5.1.7：配置全局变量

[root@ansible wordpress-proxy]# cat /root/ansible/group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

5.1.8：使用playbook执行

[root@ansible ansible]# cat test.yml 
- name: Depoly Wordpress App
  hosts: webservers
  roles:
    - wordpress-web
- name: Set Wordpress Proxy
  hosts: proxyservers
  roles:
    - wordpress-proxy

5.1.9：验证

下面的地址应该是10.10开头

5.2：PHPmyadmin-proxy

5.2.1：创建目录

[root@ansible ansible]# tree roles/phpmyadmin-proxy/
roles/phpmyadmin-proxy/
├── files
│   ├── 5755021_phpmyadmin.linux98.com.key
│   └── 5755021_phpmyadmin.linux98.com.pem
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
└── templates
    ├── phpmyadmin.linux98.com.conf.j2
    └── proxy_params.j2

5.2.2：编写tasks

[root@ansible ansible]# cat roles/phpmyadmin-proxy/tasks/main.yml 
- name: Add Proxy Nginx Vhost 
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: "phpmyadmin.linux98.com.conf.j2", dest: "/etc/nginx/conf.d/proxy_phpmyadmin.linux98.com.conf" }
    - { src: "proxy_params.j2", dest: "/etc/nginx/proxy_params" }

- name: Add Proxy SSL Key Direction
  file:
    path: /etc/nginx/ssl_keys/
    state: directory

- name: Copy SSL Key
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: "5755021_phpmyadmin.linux98.com.key", dest: "/etc/nginx/ssl_keys/5755021_phpmyadmin.linux98.com.key" }
    - { src: "5755021_phpmyadmin.linux98.com.pem", dest: "/etc/nginx/ssl_keys/5755021_phpmyadmin.linux98.com.pem" }
  notify: Restart Nginx Server

5.2.3：编写handlers

[root@ansible ansible]# cat roles/phpmyadmin-proxy/handlers/main.yml 
- name: Restart Nginx Server
  systemd:
    name: nginx
    state: restarted

5.2.4：编写meta

[root@ansible ansible]# cat roles/phpmyadmin-proxy/meta/main.yml 
dependencies:
  - { role: nginx }

5.2.5：编写模板

[root@ansible ansible]# cat roles/phpmyadmin-proxy/templates/phpmyadmin.linux98.com.conf.j2 
upstream {{ phpmyadmin_server_name }} {
{% for host in groups["webservers"]%}
        server {{ host }}:{{ phpmyadmin_listen_port }};
{% endfor %}
}

#https
server {
        listen {{ phpmyadmin_proxy_port }} ssl;
        server_name {{ phpmyadmin_server_name }};
        ssl_certificate ssl_keys/5755021_phpmyadmin.linux98.com.pem;
        ssl_certificate_key ssl_keys/5755021_phpmyadmin.linux98.com.key;

        location / {
                proxy_pass http://{{ phpmyadmin_server_name }};
                include proxy_params;
        }
}

#http-->https
server {
        listen 80;
        server_name {{ phpmyadmin_server_name }};
        return 302 https://$server_name$request_uri;
}

[root@ansible ansible]# cat roles/phpmyadmin-proxy/templates/proxy_params.j2 
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header 18.224.38.3 $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 64k;
proxy_buffers 4 64k;

5.2.6：上传SSL证书

[root@ansible ansible]# tree roles/phpmyadmin-proxy/files/
roles/phpmyadmin-proxy/files/
├── 5755021_phpmyadmin.linux98.com.key
└── 5755021_phpmyadmin.linux98.com.pem

5.2.7：配置全局变量

[root@ansible ansible]# cat group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

5.2.8：使用playbook执行

[root@ansible ansible]# vim test.yml
- name: Depoly PHPmyadmin App
  hosts: webservers
  roles:
    - phpmyadmin
- name: Set PHPmyadmin Proxy
  hosts: proxyservers
  roles:
    - phpmyadmin-proxy

5.2.9：验证

06：将wordpress中的图片资源迁移到NFS共享存储上

6.1：创建NFS-client的roles

6.1.1：创建文件夹

[root@ansible roles]# mkdir -pv nfs-client/{files,tasks,templates,handlers,meta}

6.1.2：编写tasks

[root@ansible ansible]# cat roles/nfs-client/tasks/main.yml 
- name: Create Wordpress Image Directory
  file:
    path: "{{ wordpress_root_path }}/wp-content/uploads/"
    state: directory
    mode: '0755'
    owner: "{{ user }}"
    group: "{{ group }}"



- name: Configure Permanent Storage
  mount:
    backup: yes
    path: "{{ wordpress_root_path }}/wp-content/uploads/"
    src: "{{ nfs_server_ip }}:{{ nfs_share_directory }}"
    fstype: nfs
    state: mounted

6.1.3：配置全局环境变量

[root@ansible ansible]# cat group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

6.1.4：使用web访问wordpress并上传一张图片

未配置nfs时：图片只存在一个主机上，只有多次刷新才能访问到图片

6.1.5：使用playbook将web节点全部挂载nfs

[root@ansible ansible]# cat nfs-client.yml 
- name: Configure Webserver NFS-Client
  hosts: webservers
  roles:
    - nfs-client

6.1.6：再次上传图片并刷新测试

多次刷新后图片依然可以访问，证明wordpress静态资源使用NFS共享配置成功

07：配置LVS+Keepalived四层代理

7.1：编写RS节点的roles

7.1.1：创建文件夹

[root@ansible roles]# tree lvs-RS/
lvs-RS/
├── files
├── tasks
│   └── main.yml
└── templates
    └── rs_install.sh.j2

7.1.2：编写tasks

[root@ansible roles]# cat lvs-RS/tasks/main.yml 
- name: Config RS Scripts
  template:
    src: rs_install.sh.j2
    dest: /tmp/rs_install.sh

- name: Bash RS Scripts
  shell:
    cmd: 'sh /tmp/rs_install.sh'

7.1.3：编写模板脚本

[root@ansible roles]# cat lvs-RS/templates/rs_install.sh.j2 
VIP={{ lvs_vip_address }}
DEV=lo:0

cat  >/etc/sysconfig/network-scripts/ifcfg-${DEV}  <<-EOF
DEVICE=lo:0
IPADDR=${VIP}
#NETMASK=255.0.0.0
PREFIX=32
ONBOOT=yes
NAME=loopback
EOF

systemctl restart network

#配置ARP，不对外宣告本机VIP地址
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore

echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce

7.2：编排keepalived的roles

7.2.1：创建文件夹

[root@ansible tasks]# tree /root/ansible/roles/lvs/
/root/ansible/roles/lvs/
├── files
├── handlers
├── meta
├── tasks
│   └── main.yml
├── templates
└── vars

7.2.2：编写tasks

[root@ansible roles]# cat lvs/tasks/main.yml 
- name: Enable Kernel Forward
  shell:
    cmd: 'echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf && sysctl -p'

- name: Install Keepalived SoftWare
  yum:
    name: 
      - keepalived
      - ipvsadm
    state: present

- name: Configure Keeplaived config
  template:
    src: keepalived.conf.j2
    dest: /etc/keepalived/keepalived.conf
  notify: Restart Keepalived Service

- name: Configure Keepalived Service
  systemd:
    name: keepalived
    state: started
    enabled: yes

7.2.3：编写handlers

[root@ansible roles]# cat lvs/handlers/main.yml 
- name: Restart Keepalived Service
  systemd:
    name: keepalived
    state: restarted

7.2.4：编写templates文件

[root@ansible roles]# cat lvs/templates/keepalived.conf.j2 
global_defs {
    router_id {{ ansible_hostname }}
}

vrrp_instance VI_1 {

{% if ansible_hostname == "Ib01" %}
    state MASTER
    priority 200
{% elif ansible_hostname == "Ib02" %}
    state BACKUP
    priority 150
{% endif %}

    interface eth0
    virtual_router_id 50
    advert_int 3
    authentication {
        auth_type PASS
        auth_pass 1111
 }
    virtual_ipaddress {
        {{ lvs_vip_address }}
    }
}

# 配置集群地址访问的IP+Port
virtual_server {{ lvs_vip_address }} {{ lvs_cluster_port }} {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    perssisstence_timeout 5
    protocol TCP

{% for realserver_ip in groups["proxyservers"] %}
    real_server {{ realserver_ip }} {{ realserver_port }} {
        weight 1
        TCP_CHECK {
            connect_port {{ realserver_port }}
            connect_timeout 3
            nb_get_retry 2
            delay_beefore_retry 3
        }
    }
{% endfor %}
}

virtual_server {{ lvs_vip_address }} {{ lvs_cluster_https_port }} {
    delay_loop 6
    lb_algo wlc
    lb_kind DR
    perssisstence_timeout 5
    protocol TCP

{% for realserver_ip in groups["proxyservers"] %}
    real_server {{ realserver_ip }} {{ realserver_https_port }} {
        weight 1
        TCP_CHECK {
            connect_port {{ realserver_port }}
            connect_timeout 3
            nb_get_retry 2
            delay_beefore_retry 3
        }
    }
{% endfor %}
}

7.2.5：添加全局环境变量

[root@ansible ansible]# cat group_vars/all 
#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

#Ibserver
lvs_vip_address: 10.10.100.100
lvs_cluster_port: 80
realserver_port: 80
realserver_https_port: 443
lvs_cluster_https_port: 443

#dns
dns_master_ip: 10.10.100.91
dns_slave_ip: 10.10.100.92

7.2.6：编写playbook进行测试

[root@ansible ansible]# cat lvs.yml 
- name: Install Base
  hosts:
    - Ibservers
  roles:
    - base

- name: Install Keepalived and lvs
  hosts: Ibservers
  roles:
    - lvs

- name: Install RS Server
  hosts: proxyservers
  roles:
    - lvs-RS

7.2.7：route节点配置DNAT

[root@route ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            172.20.254.192       tcp dpt:443 to:10.10.100.100:443
DNAT       tcp  --  0.0.0.0/0            172.20.254.192       tcp dpt:80 to:10.10.100.100:80

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  10.10.100.0/24      0.0.0.0/0            to:172.20.254.192
[root@route ~]# iptables -t nat -I PREROUTING -p tcp --dport 80 -d 172.20.254.192 -j DNAT --to 10.10.100.100:80
[root@route ~]# iptables -t nat -I PREROUTING -p tcp --dport 443 -d 172.20.254.192 -j DNAT --to 10.10.100.100:443
[root@route ~]# sysctl -p
net.ipv4.ip_forward = 1

7.2.8：使用client进行测试

08：配置DNS并使用全局DNS

8.1：编写DNS（bind）的roles

8.1.1：创建文件夹

[root@ansible ansible]# tree roles/dns/
roles/dns/
├── files
├── handlers
│   └── main.yml
├── meta
├── tasks
│   └── main.yml
├── templates
│   ├── linux98.com.zone.j2
│   ├── named.conf.j2
│   └── named.linux98.zones.j2
└── vars

8.1.2：编写tasks

[root@ansible ansible]# cat roles/dns/tasks/main.yml 
- name: Install bind software
  yum:
    name: bind
    state: present

- name: Config
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "named"
    mode: "0640"
  loop:
    - { src: "named.conf.j2", dest: "/etc/named.conf" }
    - { src: "linux98.com.zone.j2", dest: "/var/named/linux98.com.zone" }
    - { src: "named.linux98.zones.j2", dest: "/etc/named.linux98.zones" }
  notify: Restart named service

- name: systemd
  systemd:
    name: named
    state: started
    enabled: yes

8.1.3：编写handlers

[root@ansible ansible]# cat roles/dns/handlers/main.yml 
- name: Restart named service
  systemd:
    name: named
    state: restarted

8.1.4：编写templates

[root@ansible ansible]# cat roles/dns/templates/linux98.com.zone.j2 
$TTL 600
linux98.com. IN SOA ns.linux98.com. qq.linux98.com. (
    2021051909
    10800
    900
    604800
    86400
)


linux98.com. IN NS ns1.linux98.com.

ns1.linux98.com. IN A {{ dns_master_ip }}

{% for host in groups.all %}
{{ hostvars[host].ansible_hostname }}.linux98.com. IN A {{ hostvars[host].ansible_default_ipv4.address }}
{% endfor %}

mirrors.linux98.com. IN A 172.20.254.191
example.linux98.com. IN A 172.20.254.192
phpmyadmin.linux98.com. IN A 172.20.254.192

[root@ansible ansible]# cat roles/dns/templates/named.conf.j2 
options {
  listen-on port 53 { localhost; }; 
  directory "/var/named";
  dump-file "/var/named/data/cache_dump.db"; 
  statistics-file "/var/named/data/named_stats.txt"; 
  memstatistics-file "/var/named/data/named_mem_stats.txt"; 
  recursing-file "/var/named/data/named.recursing"; 
  secroots-file "/var/named/data/named.secroots"; 
  allow-query { any; };

{% if ansible_hostname == "dns-master" %}
  allow-transfer { {{ dns_slave_ip }};};   
  also-notify { {{ dns_slave_ip }};}; 
{% elif ansible_hostname == "dns-slave" %}
  masterfile-format text;
{% endif %}

  recursion yes;
  dnssec-enable yes; 
  dnssec-validation yes;
  
  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.root.key";
  managed-keys-directory "/var/named/dynamic";
  pid-file "/run/named/named.pid";
  session-keyfile "/run/named/session.key";
};


logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
            };
};

zone "." IN {
    type hint;
    file "named.ca"; 
};

include "/etc/named.rfc1912.zones"; 
include "/etc/named.root.key";
include "/etc/named.linux98.zones";

[root@ansible ansible]# cat roles/dns/templates/named.linux98.zones.j2 
{% if ansible_hostname == "dns-master" %}
zone "linux98.com" IN {
    type master;
    file "linux98.com.zone";
    notify yes;
};
{% elif ansible_hostname == "dns-slave" %}
zone "linux98.com" IN {
    type slave;
    file "slaves/linux98.com.zone";
    masters { {{ dns_master_ip }};};
};
{% endif %}

8.1.5：添加全局环境变量

#all
user: www
group: www
user_id: 666
group_id: 666


#NFS
nfs_share_directory: /ansible_data
nfs_share_ip_pool: 10.10.100.0/24
nfs_server_ip: 10.10.100.31

#mysql
mysql_root_pw: linux98.com@123
mysql_app_user: ansible_all
mysql_app_pw: linux98.com@123

#php
redis_server_ip: 10.10.100.41
redis_server_port: 6379

#wordpress-proxy
wordpress_server_name: example.linux98.com
wordpress_listen_port: 80
wordpress_proxy_port: 443

#wordpress
wordpress_root_path: /ansible_wordpress
dbserver_ipaddress: 10.10.100.51
wordpress_fastcgi_https: "on"

#phpmyadmin
phpmyadmin_root_path: /ansible_phpmyadmin
phpmyadmin_server_name: phpmyadmin.linux98.com
phpmyadmin_listen_port: 80
phpmyadmin_fastcgi_https: "on"

#phpmyadmin-proxy
phpmyadmin_proxy_port: 443

#Ibserver
lvs_vip_address: 10.10.100.100
lvs_cluster_port: 80
realserver_port: 80
realserver_https_port: 443
lvs_cluster_https_port: 443

#dns
dns_master_ip: 10.10.100.91
dns_slave_ip: 10.10.100.92

8.1.6：编写playbook进行测试

[root@ansible ansible]# cat dns.yml 
- name: Get facts
  hosts: all

- name: Install Base and dns software
  hosts: dnsservers
  roles:
    - base
    - dns

8.2：编写dns-client的roles

8.2.1：创建文件夹

[root@ansible ansible]# tree roles/dns-client/
roles/dns-client/
├── handlers
│   └── main.yml
└── tasks
    └── main.yml

8.2.2：编写tasks

[root@ansible ansible]# cat roles/dns-client/tasks/main.yml 
- name: Notes old Network DNS Config
  lineinfile:
    backup: yes
    path: /etc/sysconfig/network-scripts/ifcfg-eth0
    state: absent
    regexp: '^DNS' 

- name: Add New Network DNS Config
  lineinfile:
    backup: yes
    path: /etc/sysconfig/network-scripts/ifcfg-eth0
    state: present
    line: "{{ item }}"
  loop:
    - 'DNS1={{ dns_master_ip }}'
    - 'DNS2={{ dns_slave_ip }}'
  notify: Restart Network Service

8.2.3：编写handlers

[root@ansible ansible]# cat roles/dns-client/handlers/main.yml 
- name: Restart Network Service
  systemd:
    name: network
    state: restarted

8.2.4：编写playbook进行测试

[root@ansible ansible]# cat dns-client.yml 
- name: Config Host DNS
  hosts:
    - webservers
  roles:
    - dns-client

8.2.5：查看测试结果

[root@ansible ansible]# ansible webservers -m shell -a 'cat /etc/sysconfig/network-scripts/ifcfg-eth0 | grep DNS'
10.10.100.22 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92
10.10.100.21 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92
10.10.100.23 | CHANGED | rc=0 >>
DNS1=10.10.100.91
DNS2=10.10.100.92

09：初始化全部主机测试各个roles

9.1：还原主机快照

9.1.1：在VMware vCenter上还原节点快照（重装系统）

将hosts清单内的主机全部还原快照（还原前保留一下快照，可以先关机再对快照进行操作）

9.1.2：使用ansible确认所有主机已经在线并检查时间是否同步

[root@ansible ansible]# ansible all -m shell -a 'date'
10.10.100.22 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.6 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.23 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.5 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.21 | CHANGED | rc=0 >>
Sun Jun 13 17:45:24 CST 2021
10.10.100.11 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.13 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.31 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.12 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.41 | CHANGED | rc=0 >>
Sun Jun 13 17:45:25 CST 2021
10.10.100.51 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.91 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.92 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021
10.10.100.93 | CHANGED | rc=0 >>
Sun Jun 13 17:45:26 CST 2021

9.2：使用playbook编排roles执行顺序

需要注意的地方：如果一起部署wordpress和phpmyadin，需要将phpmyadmin的roles里meta文件修改名称。

[root@ansible ansible]# cat wordpress-cluster.yml 
- name: Get facts
  hosts: all

- name: Install Base Software
  hosts: all
  roles:
    - base

- name: Install DNS Server
  hosts:
    - dnsservers
    

- name: Configure Servers DNS Config
  hosts:
    - Ibservers
    - proxyservers
    - webservers
    - nfsservers
    - redisserver
    - mysqlservers
  roles:
    - dns-client

- name: Configure NFS Servers
  hosts: nfsservers
  roles:
    - nfs

- name: Configure Mysql Servers
  hosts: mysqlservers
  roles: 
    - mysql

- name: Configure Redis Servers
  hosts: redisserver
  roles:
    - redis

- name: Configure WordPress Web and NFS Share Client
  hosts: webservers
  roles:
    - wordpress-web
    - nfs-client

- name: Configure WordPress Proxy and lvs-RS
  hosts: proxyservers
  roles:
    - wordpress-proxy
    - lvs-RS

- name: Configure LVS Server
  hosts: Ibservers
  roles:
    - lvs

9.3：客户端测试

在测试机上设置host劫持 172.20.254.192 example.linux98.com phpmyadmin.linux98.com

9.3.1：测试wordpress

访问 example.linux98.com/wp-amdin 在后台上传一个图片，多次刷新测试共享存储

9.3.2：测试phpmyadmin

访问phpmyadmin.linux98.com 登录并多次刷新查看地址