前面介绍了PlayBook怎么写服务部署,把服务部署上后,我们来用Ansible来部署项目,实现一套完整的LNMP架构。我们部署wordpress、wecenter、phpshe、phpmyadmin这四个项目。将其所有的剧本都写入lnmp.yml中,相关备份数据都放入root/ansible/lnmp中,最终实现一个剧本一条命令部署4个项目的效果,话不多说,直接开始!
1、准备工作
| 主机名称 |
主机IP(外网、内网) |
作用 |
| LB01 |
10.0.0.5、172.16.1.5 |
七层负载均衡、keepalived高可用 |
| LB02 |
10.0.0.6、172.16.1.6 |
七层负载均衡、keepalived高可用 |
| Web01 |
10.0.0.7、172.16.1.7 |
Nginx、php服务、存放代码文件 |
| Web02 |
10.0.0.8、172.16.1.8 |
Nginx、php服务、存放代码文件 |
| NFS |
10.0.0.31、172.16.1.31 |
存放静态资源 |
| MySQL |
10.0.0.51、172.16.1.51 |
存放动态数据 |
| Ansible |
10.0.0.61、172.16.1.61 |
使用Ansible作为控制机 |
2、写剧本
1、将目标主机添加至主机列表
[root@Ansible ~]# cat /etc/ansible/hosts
[lb_group]
lb01 ansible_ssh_host=10.0.0.5
lb02 ansible_ssh_host=10.0.0.6
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[mysql_group]
mysql ansible_ssh_host=10.0.0.51
[nginx_install_group:children]
lb_group
web_group
2、创建剧本存放目录并收集部署项目所需要的资源
我的思路是针对服务器的功能去进行项目资源的收集
[root@Ansible ~]# mkdir ansible/lnmp
#1、在lb01上部署七层负载,我们需要nginx.conf(方便区分可以命名为nginx_lb01.conf)、nginx_7.conf(七层负载配置)、证书、keepalived.conf、proxy_params
[root@LB01 conf.d]# scp /etc/nginx/nginx.conf /etc/nginx/conf.d/proxy_7.conf /etc/nginx/proxy_params /etc/nginx/ssl_key/ /etc/keepalived/keepalived.conf 10.0.0.61:/root/ansible/lnmp
[root@Ansible lnmp]# mv keepalived.conf keepalived_lb01.conf
[root@Ansible lnmp]# mv nginx.conf nginx_lb01.conf
#2、lb02与lb01所需文件大致相同,我们将keepalived.conf拷贝至管理机即可
[root@LB01 ~]# scp /etc/keepalived/keepalived.conf 10.0.0.51:/root/ansible/lnmp/keepalived_lb02.conf
#3、web01与web02所需的文件一模一样,所以我们直接收集一个的即可
收集nginx.conf,conf.d/下的配置文件,php71.tar.gz压缩包,php.ini配置文件,/etc/php-fpm.d/www.conf,代码文件
#4、NFS需要收集/etc/exports配置文件
#5、MySQL需要收集数据库信息、redis.conf
3、写剧本
同样按照服务器功能去进行项目部署,有相同需求的操作,可以将其主机放在一个组中一起操作
[root@Ansible lnmp]# cat lnmp.yml
- hosts: all
tasks:
- name: create group www
group:
name: www
gid: 666
- name: create user www
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: false
- hosts: nginx_install_group
tasks:
- name: nginx.repo
copy:
src: nginx.repo
dest: /etc/yum.repos.d/nginx.repo
- name: install nginx
yum:
name: nginx
state: present
- name: delete default.conf
file:
name: /etc/nginx/conf.d/default.conf
state: absent
- name: start and enable nginx
systemd:
name: nginx
state: started
enabled: yes
- hosts: keepalived_install_group
tasks:
- name: copy nginx_lb01.conf
copy:
src: nginx_lb01.conf
dest: /etc/nginx/nginx.conf
- name: copy proxy_7.conf
copy:
src: proxy_7.conf
dest: /etc/nginx/conf.d/proxy_7.conf
- name: copy ssl_key to lb01 lb02
copy:
src: ssl_key
dest: /etc/nginx/
- name: copy proxy_params to lb01 lb02
copy:
src: proxy_params
dest: /etc/nginx/proxy_params
- name: restart nginx
systemd:
name: nginx
state: restarted
- name: install keepalived
yum:
name: keepalived
state: present
- name: start and enable keepalived
systemd:
name: keepalived
state: started
enabled: yes
- hosts: lb01
tasks:
- name: copy keepalived_lb01.conf
copy:
src: keepalived_lb01.conf
dest: /etc/keepalived/keepalived.conf
- hosts: lb02
tasks:
- name: copy keepalived_lb02.conf
copy:
src: keepalived_lb02.conf
dest: /etc/keepalived/keepalived.conf
- hosts: keepalived_install_group
tasks:
- name: restart keepalived
systemd:
name: keepalived
state: restarted
- hosts: web_group
tasks:
- name: copy nginx_web.conf to web_group
copy:
src: nginx_web.conf
dest: /etc/nginx/nginx.conf
- name: copy conf_web.d to web_group
copy:
src: conf_web.d/
dest: /etc/nginx/conf.d
- name: restart nginx
systemd:
name: nginx
state: restarted
- name: tar xf php to web_group
unarchive:
src: php71.tar.gz
dest: /root
- name: localinstall rpm
yum:
name:
- /root/autoconf-2.69-11.el7.noarch.rpm
- /root/automake-1.13.4-3.el7.noarch.rpm
- /root/libevent-2.0.21-4.el7.x86_64.rpm
- /root/libjpeg-turbo-1.2.90-8.el7.x86_64.rpm
- /root/libmcrypt-2.5.8-13.el7.x86_64.rpm
- /root/libmemcached-1.0.16-5.el7.x86_64.rpm
- /root/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm
- /root/libX11-1.6.7-3.el7_9.x86_64.rpm
- /root/libX11-common-1.6.7-3.el7_9.noarch.rpm
- /root/libXau-1.0.8-2.1.el7.x86_64.rpm
- /root/libxcb-1.13-1.el7.x86_64.rpm
- /root/libXpm-3.5.12-1.el7.x86_64.rpm
- /root/libxslt-1.1.28-6.el7.x86_64.rpm
- /root/mod_php71w-7.1.33-1.w7.x86_64.rpm
- /root/pcre-devel-8.32-17.el7.x86_64.rpm
- /root/perl-Data-Dumper-2.145-3.el7.x86_64.rpm
- /root/perl-Test-Harness-3.28-3.el7.noarch.rpm
- /root/perl-Thread-Queue-3.02-2.el7.noarch.rpm
- /root/php71w-cli-7.1.33-1.w7.x86_64.rpm
- /root/php71w-common-7.1.33-1.w7.x86_64.rpm
- /root/php71w-devel-7.1.33-1.w7.x86_64.rpm
- /root/php71w-embedded-7.1.33-1.w7.x86_64.rpm
- /root/php71w-fpm-7.1.33-1.w7.x86_64.rpm
- /root/php71w-gd-7.1.33-1.w7.x86_64.rpm
- /root/php71w-mbstring-7.1.33-1.w7.x86_64.rpm
- /root/php71w-mcrypt-7.1.33-1.w7.x86_64.rpm
- /root/php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm
- /root/php71w-opcache-7.1.33-1.w7.x86_64.rpm
- /root/php71w-pdo-7.1.33-1.w7.x86_64.rpm
- /root/php71w-pear-1.10.4-1.w7.noarch.rpm
- /root/php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm
- /root/php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm
- /root/php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm
- /root/php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm
- /root/php71w-process-7.1.33-1.w7.x86_64.rpm
- /root/php71w-xml-7.1.33-1.w7.x86_64.rpm
state: present
- name: copy php.ini to web_group
copy:
src: php.ini
dest: /etc/php.ini
- name: copy www.conf to web_group
copy:
src: www.conf
dest: /etc/php-fpm.d/www.conf
- name: start and enable php
systemd:
name: php-fpm
state: started
enabled: yes
- name: tar xf code.tar.gz
unarchive:
src: code.tar.gz
dest: /
creates: /code
- name: chown -R www.www code
file:
path: /code
owner: www
group: www
- hosts: nfs_group
tasks:
- name: Install nfs-utils
yum:
name: nfs-utils
state: present
- name: Scp NFS server exports
copy:
src: exports
dest: /etc/exports
owner: root
group: root
mode: 0644
- name: Create data Directory
file:
path: /data
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Create data Directory
file:
path: /data/wordpress
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Create data Directory
file:
path: /data/wecenter
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Create data Directory
file:
path: /data/phpshe
state: directory
owner: www
group: www
mode: 0755
recurse: yes
- name: Start NFS server
systemd:
name: nfs-server
state: started
enabled: yes
- hosts: web_group
tasks:
- name: Install nfs-utils
yum:
name: nfs-utils
state: present
- name: Mount wordpress_NFS Server
mount:
path: /code/wordpress/wp-admin/images
src: 10.0.0.31:/data/wordpress
fstype: nfs
opts: defaults
state: mounted
- name: Mount wecenter_NFS Server
mount:
path: /code/wecenter/uploads/
src: 10.0.0.31:/data/wecenter
fstype: nfs
opts: defaults
state: mounted
- name: Mount phpshe_NFS Server
mount:
path: /code/phpshe/data
src: 10.0.0.31:/data/phpshe
fstype: nfs
opts: defaults
state: mounted
- hosts: mysql_group
tasks:
- name: Install mariadb mysql-python redis
yum:
name:
- mariadb-server
- MySQL-python
- redis
state: present
- name: Start httpd Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Copy all.sql to Mysql
copy:
src: all.sql
dest: /root/all.sql
- name: import all.sql
mysql_db:
login_host: localhost
login_port: 3306
login_user: root
name: all
state: import
target: /root/all.sql
- name: Restart MariaDB Server
systemd:
name: mariadb
state: restarted
- name: copy redis.conf to mysql
copy:
src: redis.conf
dest: /etc/redis.conf
- name: start and redis
systemd:
name: redis
state: started
enabled: yes
3、剧本语法检查并执行
将除了Ansible外的其他主机都恢复镜像,做好ssh免密钥
[root@Ansible ~]# ssh-keygen
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.4
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.5
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.6
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.7
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.8
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.31
[root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.51
检查并执行
[root@Ansible ~]# ansible-playbook -- ansible/lnmp/lnmp.yml
[root@Ansible ~]# ansible-playbook ansible/lnmp/lnmp.yml
4、测试项目部署是否正常
windows进行hosts解析10.0.0.5,浏览器分别访问blog.koten.com;zh.koten.com;phpshe.koten.com;phpmyadmin.koten.com查看是否正常运行,查看phpmyadmin是否有会话保持,刷新phpmyadmin查看负载均衡。
注意:七层负载如果加证书的话,无法通过四层负载去访问到浏览器,因为Nginx在返回的时候七层需要先通过四层再返回给浏览器,带证书的请求无法转发给不带证书的请求,导致我们接收不到访问信息,但是看四层日志状态码是200;所以我们要么就是不用四层负载,要么取消七层负载的证书,但是用LVS可以解决这个问题,因为LVS是七层负载是直接返回给浏览器,不经过四层负载。
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!
