使用playbook实现一键部署keepalived+nginx+PHP+wordpress+mariadb

使用playbook实现一键部署keepalived+nginx+PHP+wordpress+mariadb

环境

主机名 安装服务 wan lan
lb01 nginx+keepalived(master) 10.0.0.5 172.16.1.5
lb02 nginx+keepalived(backup) 10.0.0.6 172.16.1.6
web01 nginx+WordPress+PHP 10.0.0.7 172.16.1.7
web02 nginx+WordPress+PHP 10.0.0.8 172.16.1.8
db01 mariadb 10.0.0.51 172.16.1.51
backup rsync(服务端) 10.0.0.41 172.16.1.41
nfs nfs+sersync+rsync 10.0.0.31 172.16.1.31

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户

    #部署rsync
    1.web backup nfs 安装rsync
    2.拷贝rsync配置文件
    3.创建服务端backup的备份目录
    4.copy密码文件
    5.把客户端密码加入环境全局变量文件
    6.启动rsync,并加入开机自启动
    
    #部署nfs
    1.安装nfs-utils
    2.拷贝nfs配置文件
    3.创建共享目录
    4.启动nfs服务端
    	1.在nfs服务端安装sersync
    	2.拷贝sersync配置文件到nfs服务端
    	3.nfs服务端配置rsync密码文件
    	4.启动sersync
	
	#部署负载均衡
	1.安装nginx
	2.拷贝nginx配置文件和 server
	3.写入include文件(proxy_params)
	4.安装keepalived
	5.优化keepalived(启动脚本)
	6.拷贝keepalived配置文件,配置master
	7.拷贝keepalived配置文件,配置backup
	8.启动nginx keepalived
	
	#部署web
	1.安装nginx PHP
	2.拷贝nginx配置文件
	3.拷贝nginx server
	4.拷贝PHP配置文件(www.conf)
	5.解压m01上的WordPress压缩包
	6.启动nginx PHP
	
	#部署数据库
	1.安装数据库
	2.启动数据库
	3.创建数据库用户
	4.创建数据库

推送公钥脚本

vim /root/jb.sh	    
#!/bin/bash 
pass=‘1‘
        ip=‘172.16.1.‘
        ip2=‘10.0.0.‘

        ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa

        for i in  5 6 7 8 9 31 41 51 52 53 54 61 71 81;
        do
        sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip}${i}
        
        sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip2}${i}
        
        done
	    chmod 600 /root/jb.sh

主机清单

[root@m01 ~]# vim /root/ansible/hosts 

[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

负载均衡

#server
mkdir /root/ansible/lb/conf.d -p && vim /root/ansible/lb/conf.d/wp.zh.conf

upstream backend {
    server 10.0.0.7;
    server 10.0.0.8;
    server 10.0.0.9;
}
server {
	listen 80;
	server_name cs.wp.com cs.zh.com;

    location / {
        proxy_pass http://backend;    
        include proxy_params;
    }
}
------------------------------------------------------------------------
#nginx配置文件
vim /root/ansible/lb/nginx.conf 

user  www;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
-----------------------------------------------------------------------------
#编辑params
vim /root/ansible/lb/proxy_params

# 客户端的请求头部信息,带着域名来找我,我也带着域名去找下一级(代理机或者代理服务器)
proxy_set_header Host $host;
# 显示客户端的真实ip(和代理的所有IP)
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
	#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
	
#nignx会把后端返回的内容先放到缓冲区当中,然后再返回给客户端,边收边传, 不是全部接收完再传给客户端
proxy_buffering on;
#设置nginx代理保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
#proxy_buffer_size 8k;
#proxy_buffers 缓冲区
proxy_buffers 8 4k;
#proxy_buffers 8 8k;
#使用http 1.1协议版本
proxy_http_version 1.1;

#错误页面重定向
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
--------------------------------------------------------------------------
#优化keepalived
vim /root/ansible/lb/keepalived.service 

[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target

[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
#KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
---------------------------------------------------------------------
#keepalived抢占式(master)配置文件
vim /root/ansible/lb/keepalived.master.conf
global_defs {                   #全局配置
    router_id lb01              #标识身份->名称(随意写)
}

vrrp_instance VI_1 {		  #标识身份->名称(随意)
    state MASTER                #标识角色状态(随意)
    interface eth0              #网卡绑定接口(错绑后修改后需要重启服务器生效)
    virtual_router_id 50        #虚拟路由id(1-254),多个节点的设置必须一样(注释),不同高可用的keepaliced virtual_router_id不能相同
    priority 150                #优先级(主高备低)(修改后,重启服务器才能生效)
    advert_int 1                #监测间隔时间(不同的节点设置必须相同)(检测同一路由id的keepalived,检测nginx是否存活)
    authentication {            #认证(节点设置必须相同)
        auth_type PASS          #认证方式(相同节点的话,相同)
        auth_pass 1111          #认证密码
    }
    virtual_ipaddress {         
        10.0.0.3                #虚拟的VIP地址,(节点设置必须相同,最好是公网ip),可多设,每行一个,vip必须是公网ip,两个负载的eth0网卡也必须是公网ip
    }
}
----------------------------------------------------------------------
#keepalived抢占式(backup)配置文件
vim /root/ansible/lb/keepalived.backup.conf
global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP        
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {    
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}

web

# 上传做好的nginx_php(rpm)包
cd /root && rz
----------------------------------------------------------------------
# nginx配置文件
vim /root/ansible/nginx/nginx.conf 

user  www;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}
----------------------------------------------------------------------
### nginx server

mkdir /root/ansible/nginx/conf.d/ -p && vim /root/ansible/nginx/conf.d/wp.conf

server {
	listen 80;
	server_name cs.wp.com;
	root /code;
	index index.html index.php;
 
	location ~ \.php$ {
		fastcgi_pass   127.0.0.1:9000;
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		}
}

php

vim /root/ansible/nginx/www.conf
...
...

vim /root/ansible/nginx/php.ini
...
...

数据库

1.备份web01上的数据库
mysqldump -uroot -p‘1‘ -A wp > wp.sql

2.将web01上备份的数据库拷贝至db01服务器上
scp wp.sql  root@172.16.1.51:/tmp

nfs

#nfs配置文件
vim /root/ansible/nfs/exports
/wordpress_backup 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
------------------------------------------------------------------------

#sersync配置文件
[root@nfs ~]# vim /root/ansible/nfs/sersync.conf

<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
    <host hostip="localhost" port="8008"></host>
    <debug start="false"/>
    <fileSystem xfs="false"/>
    <filter start="false">
	<exclude expression="(.*)\.svn"></exclude>
	<exclude expression="(.*)\.gz"></exclude>
	<exclude expression="^info/*"></exclude>
	<exclude expression="^static/*"></exclude>
    </filter>
    <inotify>
	<!-- inotify监控的事件,true为监控,false为不监控 -->
	<delete start="true"/>
	<createFolder start="true"/>
	<createFile start="true"/>
	<closeWrite start="true"/>
	<moveFrom start="true"/>
	<moveTo start="true"/>
	<attrib start="true"/>
	<modify start="true"/>
    </inotify>

    <sersync>
	<!-- 监控的目录和rsync服务器的IP地址,rsync的模块名称 -->
	<localpath watch="/data">
	    <remote ip="172.16.1.41" name="backup"/>
	    <!--<remote ip="192.168.8.39" name="tongbu"/>-->
	    <!--<remote ip="192.168.8.40" name="tongbu"/>-->
	</localpath>
	<rsync>
	    <!--rsync推送的选项-->
	    <commonParams params="-az"/>
	    <!--是否开启认证,认证模块的用户名,用于认证的本地密码配置文件-->
	    <auth start="true" users="backup" passwordfile="/etc/rsync.passwd"/>
	    <userDefinedPort start="false" port="874"/><!-- port=874 -->
	    <timeout start="false" time="100"/><!-- timeout=100 -->
	    <ssh start="false"/>
	</rsync>
	<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
	<crontab start="false" schedule="600"><!--600mins-->
	    <crontabfilter start="false">
		<exclude expression="*.php"></exclude>
		<exclude expression="info/*"></exclude>
	    </crontabfilter>
	</crontab>
	<plugin start="false" name="command"/>
    </sersync>

    <plugin name="command">
	<param prefix="/bin/sh" suffix="" ignoreError="true"/>	<!--prefix /opt/tongbu/mmm.sh suffix-->
	<filter start="false">
	    <include expression="(.*)\.php"/>
	    <include expression="(.*)\.sh"/>
	</filter>
    </plugin>

    <plugin name="socket">
	<localpath watch="/opt/tongbu">
	    <deshost ip="192.168.138.20" port="8009"/>
	</localpath>
    </plugin>
    <plugin name="refreshCDN">
	<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
	    <cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
	    <sendurl base="http://pic.xoyo.com/cms"/>
	    <regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
	</localpath>
    </plugin>
</head>

rsync

#rsync配置文件
vim /root/ansible/rsync/rsyncd.conf 

uid = www	
gid = www			
port = 873			
fake super = yes	 
use chroot = no		 	
max connections = 200	
timeout = 600			
ignore errors			
read only = false		
list = false	

auth users = backup			 
secrets file = /etc/rsync.passwd	  
log file = /var/log/rsyncd.log		  						 
[backup]								
comment = welcome to oldboyedu backup!	   
path = /backup
---------------------------------------------------------------------------

yml

vim /root/ansible/djj.yml

---
#基础优化
- hosts: all 
  tasks: 
    - name: Start FireWall 
      service: 
        name: firewalld 
        state: started
        enabled: yes
 
    - name: Stop SeLinux 
      selinux: 
        state: disabled 

    - name: open ports
      firewalld: 
        port: ‘{{ item.port }}‘
        state: enabled
        permanent: no
      with_items:
        - { port: "80/tcp" }
        - { port: "443/tcp" }
        - { port: "873/tcp" }

    - name: open nfs 
      firewalld:
        service: nfs
        state: enabled
        permanent: no
      when: ansible_hostname is match "nfs*"

    - name: Create www Group
      group:
        name: www
        gid: 666
        state: present

    - name: Create www User
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nologin
        create_home: false
        
#部署负载均衡
    - name: jieya nginx_php.tar.gz
      unarchive:
        src: /root/nginx_php.tar.gz
        dest: /root

    - name: install nginx keepalived
      shell: "{{ item }}"
      with_items:
        - "yum localinstall -y /root/rpm/nginx*"
        - "yum install -y keepalived"
      when: ansible_hostname is match "lb*"
      
    - name: config nginx keepalived.server
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      with_items:
        - { src: "/root/ansible/lb/nginx.conf",dest: "/etc/nginx/"}
        - { src: "/root/ansible/lb/conf.d/wp.zh.conf",dest: "/etc/nginx/conf.d/"}
        - { src: "/root/ansible/lb/proxy_params",dest: "/etc/nginx/"}
        - { src: "/root/ansible/lb/keepalived.service",dest: "/usr/lib/systemd/system/"}
      when: ansible_hostname is match "lb*"
        
    - name: config master   
      copy:
        src: "/root/ansible/lb/keepalived.master.conf"
        dest: "/etc/keepalived/keepalived.conf"
      when: ansible_hostname is match "lb01"
      
    - name: config backup   
      copy:
        src: "/root/ansible/lb/keepalived.backup.conf"
        dest: "/etc/keepalived/keepalived.conf"
      when: ansible_hostname is match "lb02"   
      
    - name: start nginx keepalived
      systemd:
        name: "{{ item }}"
        state: started
        enabled: yes
      with_items:
        - nginx
        - keepalived
      when: ansible_hostname is match "lb*"
      
#部署数据库
    - name: install mariadb MySQL-python
      yum:
        name:  "{{ item }}"
        state: present
      with_items:
        - ‘mariadb-server‘
        - ‘MySQL-python‘
      when: ansible_fqdn is match ‘db*‘
        
    - name: start mariadb
      systemd:
        name: mariadb
        state: started
        enabled: yes
      when: ansible_fqdn is match ‘db*‘

    - name: grant mysql user
      mysql_user:
        #login_host: "localhost"
        #login_user: "root"
        #login_password: "123"
        login_port: "3306"
        name: "ty"
        password: "123"
        host: "%"
        priv: "*.*:ALL,GRANT"
        state: "present"
      when: ansible_fqdn is match ‘db*‘

    - name: create a database
      mysql_db:
        #login_host: "127.0.0.1"
        #login_user: "root"
        #login_password: "123"
        login_port: "3306"
        name: "wp"
        encoding: "utf8"
        state: "present"   
      when: ansible_fqdn is match ‘db*‘
      
#部署nginx+PHP+WordPress
    - name: install nginx php
      shell: "{{ item }}"
      with_items:
        - "yum remove -y php-common.x86_64"
        - "yum localinstall -y /root/rpm/*rpm"
      when: ansible_hostname is match "web*"
      ignore_errors: yes

    - name: Nginx php Conf
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: root
        group: root
        mode: 0644
      with_items:
        - { src: "/root/ansible/nginx/nginx.conf",dest: "/etc/nginx/nginx.conf" }
        - { src: "/root/ansible/nginx/conf.d/wp.conf",dest: "/etc/nginx/conf.d/wp.conf" }
        - { src: "/root/ansible/nginx/php.ini",dest: "/etc" }
        - { src: "/root/ansible/nginx/www.conf",dest: "/etc/php-fpm.d/"}
      when: ansible_hostname is match "web*" 

    - name: Create HTML Directory
      file:
        path: /code/wordpress
        owner: www
        group: www
        mode: 0755
        state: directory
        recurse: yes
      when: ansible_hostname is match "web*" 

    - name: Start Nginx Server
      service:
        name: nginx
        state: started
        enabled: true
      ignore_errors: yes  

    - name: Start php Server
      service:
        name: php-fpm
        state: started
        enabled: true
      when: ansible_hostname is match "web*"  

    - name: yum WordPress
      get_url:
        url: http://test.driverzeng.com/Nginx_Code/wordpress-5.0.3-zh_CN.tar.gz
        dest: /root
      when: ansible_hostname is match "web*"  
        
    - name: jieya WordPress
      unarchive:
        src: "/root/wordpress-5.0.3-zh_CN.tar.gz"
        dest: /code
        owner: www
        group: www
      when: ansible_hostname is match "web*"  
      
#部署rsync

执行

0.托送公钥

1.执行base.yml
[root@m01 ~]# ansible-playbook ansible/base.yml 

2.执行rsync.yml
[root@m01 ~]# ansible-playbook ansible/djj.yml

使用playbook实现一键部署keepalived+nginx+PHP+wordpress+mariadb

上一篇:linux--mysql5.7安装


下一篇:Tools - curl