架构图:
部署:
环境:
LVS+keepalived 192.168.246.10 192.168.246.20
LNP 192.168.246.30 192.168.246.40
MySQL 192.168.246.50 192.168.246.70 192.168.246.80
zabbix 192.168.246.60
1.安装ansible
[root@localhost ~]# yum install epel-release.noarch -y
[root@localhost ~]# yum install -y ansible
2.配置免密登录
ssh-keygen
ssh-copy-id -i 192.168.246.10
ssh-copy-id -i 192.168.246.20
ssh-copy-id -i 192.168.246.30
ssh-copy-id -i 192.168.246.40
ssh-copy-id -i 192.168.246.50
ssh-copy-id -i 192.168.246.60
ssh-copy-id -i 192.168.246.70
ssh-copy-id -i 192.168.246.80
3.创建角色并编写主机清单文件
mkdir /etc/ansible/playbook
ansible-galaxy init /etc/ansible/roles/host
ansible-galaxy init /etc/ansible/roles/yum_repo
ansible-galaxy init /etc/ansible/roles/LVS
ansible-galaxy init /etc/ansible/roles/keepalived1
ansible-galaxy init /etc/ansible/roles/keepalived2
ansible-galaxy init /etc/ansible/roles/LNP
ansible-galaxy init /etc/ansible/roles/mariadb
ansible-galaxy init /etc/ansible/roles/zabbix-server
vim /etc/ansible/hosts
[all_ip]
192.168.246.10
192.168.246.20
192.168.246.30
192.168.246.40
192.168.246.50
192.168.246.60
[nginx]
192.168.246.10
192.168.246.20
[LNP]
192.168.246.30
192.168.246.40
[zabbix]
192.168.246.50
[mysql]
192.168.246.60
[nodes]
192.168.246.20
192.168.246.30
192.168.246.40
192.168.246.50
192.168.246.60
[keepalived1]
192.168.246.10
[keepalived2]
192.168.246.20
ansible -m ping all_ip
3.编写host角色
vim /etc/ansible/roles/host/template/hosts.j2
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
{% for host in groups.all %}
{ {hostvars[host].ansible_ens33.ipv4.address} } { {hostvars[host].ansible_name} }
{% endfor %}
vim /etc/ansible/role/host/tasks/main.yml
- name: copy hosts.j2 to group servers
template:
src: hosts.j2
dest: /etc/hosts
4.编写yum_repo角色
vim /etc/ansible/roles/yum_repo/tasks/main.yml
- name: Find files in yum.repo.d/*
find:
paths: /etc/yum.repo.d/
patterns: '*'
register: files_to_delete
- name: Remove original yum.repo.d/*
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ files_to_delete.files }}"
- name: Copy aliyun yum.repo to all nodes
copy:
src: yum.repo
dest: /etc/yum.repo.d/
cd /etc/ansible/role/yum_repo/files/
yum install -y wget
rm -f /etc/yum.repo.d/*
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
mv Centos-7.repo yum.repo
5.编写LVS角色
vim /etc/ansible/roles/LVS/tasks/main.yml
- name: Insatll net-tools httpd
yum:
name: "{{ item }}"
state: present
loop:
- httpd
- net-tools
- name: copy RS.sh to RS
copy:
src: RS.sh
dest: /root/
- name: Config RS
shell: sh /root/RS.sh
- name: Start httpd
service:
name: httpd
state: started
enabled: yes
vim /etc/ansible/roles/LVS/files/RS.sh
#!/bin/bash
vip="192.168.246.100"
mask="255.255.255.255"
ifconfig lo:0 $vip broadcast $vip netmask $mask up
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
systemctl start httpd
6.编写keppalived1角色
vim /etc/ansible/roles/keepalived1/tasks/main.yml
- name: Install Keepalived
yum:
name: keepalived
state: present
- name: move keepalived.conf
shell: "mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back"
- name: Copy Config Keepalived
copy:
src: keepalived.conf
dest: /etc/keepalived/
- name: Strat keepalived
service:
name: keepalived
state: started
enabled: yes
vim /etc/ansible/roles/keepalived1/files/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id node1 # 设置lvs的id,一个网络中应该唯一
}
vrrp_instance VI_1 {
state MASTER # 指定Keepalived的角色
interface ens33 # 网卡
virtual_router_id 10 # 虚拟路由器ID,主备需要一样
priority 100 # 优先级越大越优,backup路由器需要设置比这小!
advert_int 1 # 检查间隔1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.100 # 定义虚拟IP地址,可以定义多个
}
}
# 定义虚拟主机,对外服务的IP和port
virtual_server 192.168.246.100 80 {
delay_loop 6 # 设置健康检查时间,单位是秒
lb_algo wrr # 负责调度算法
lb_kind DR # LVS负载均衡机制
persistence_timeout 0
protocol TCP
# 指定RS主机IP和port
real_server 192.168.246.30 80 {
weight 2
# 定义TCP健康检查
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.246.40 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
7.编写keppalived2角色
vim /etc/ansible/roles/keepalived2/tasks/main.yml
- name: Install Keepalived
yum:
name: keepalived
state: present
- name: move keepalived.conf
shell: "mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back"
- name: Copy Config Keepalived
copy:
src: keepalived.conf
dest: /etc/keepalived/
- name: Strat keepalived
service:
name: keepalived
state: started
enabled: yes
vim /etc/ansible/roles/keepalived2/files/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id node2 # 设置lvs的id,一个网络中应该唯一
}
vrrp_instance VI_1 {
state BACKUP # 指定Keepalived的角色
interface ens33 # 网卡
virtual_router_id 10 # 虚拟路由器ID,主备需要一样
priority 99 # 优先级越大越优,backup路由器需要设置比这小!
advert_int 1 # 检查间隔1s
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.246.100 # 定义虚拟IP地址,可以定义多个
}
}
# 定义虚拟主机,对外服务的IP和port
virtual_server 192.168.246.100 80 {
delay_loop 6 # 设置健康检查时间,单位是秒
lb_algo wrr # 负责调度算法
lb_kind DR # LVS负载均衡机制
persistence_timeout 0
protocol TCP
# 指定RS主机IP和port
real_server 192.168.246.30 80 {
weight 2
# 定义TCP健康检查
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.246.40 80 {
weight 1
TCP_CHECK {
connect_timeout 10
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
8.编写LNP角色
vim /etc/ansible/roles/LNP/tasks/main.yml
- name: Install nginx
yum:
name: "{{ item }}"
state: present
loop:
- epel-release
- nginx
- wget
- name: Config nginx Service
service:
name: nginx
state: started
enabled: yes
- name: create group www
group:
name: www
gid: 666
- name: create user www
user:
name: www
uid: 666
groups: 666
shell: /sbin/nologin
- name: change nginx_user to www
shell: "sed -i '/^user/c user www;' /etc/nginx/nginx.conf"
- name: Download php
shell: "rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm"
- name: Install php
shell: "yum -y install php71w-* --skip-broken php71w-mysqlnd"
- name: change php_user
shell: "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf"
- name: change php_group
shell: "sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf"
- name: Start php
service:
name: php-fpm
state: started
enabled: yes
- name: create typecho conf
copy:
src: typecho.conf
dest: /etc/nginx/conf.d/
- name: Restart nginx service
service:
name: nginx
state: restarted
- name: mkdir file typecho
file:
path: /typecho/
state: directory
- name: download typecho
shell: "wget http://typecho.org/downloads/1.1-17.10.30-release.tar.gz"
- name: tar typecho
shell: "tar xzvf 1.1-17.10.30-release.tar.gz -C /typecho"
- name: change typecho name
shell: "mv /typecho/build /typecho/typecho"
- name: copy config.inc.php to root directory
copy:
src: config.inc.php
dest: /typecho/typecho/
vim /etc/ansible/roles/LNP/files/typecho.conf
server {
listen 80;
server_name blog.iproute.cn;
root /typecho/typecho;
index index.php index.html;
location ~ .*\.php(\/.*)*$ {
root /typecho/typecho;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
vim /etc/ansible/roles/LNP/files/config.inc.php
<?php
/**
* Typecho Blog Platform
*
* @copyright Copyright (c) 2008 Typecho team (http://www.typecho.org)
* @license GNU General Public License 2.0
* @version $Id$
*/
/** 定义根目录 */
define('__TYPECHO_ROOT_DIR__', dirname(__FILE__));
/** 定义插件目录(相对路径) */
define('__TYPECHO_PLUGIN_DIR__', '/usr/plugins');
/** 定义模板目录(相对路径) */
define('__TYPECHO_THEME_DIR__', '/usr/themes');
/** 后台路径(相对路径) */
define('__TYPECHO_ADMIN_DIR__', '/admin/');
/** 设置包含路径 */
@set_include_path(get_include_path() . PATH_SEPARATOR .
__TYPECHO_ROOT_DIR__ . '/var' . PATH_SEPARATOR .
__TYPECHO_ROOT_DIR__ . __TYPECHO_PLUGIN_DIR__);
/** 载入API支持 */
require_once 'Typecho/Common.php';
/** 载入Response支持 */
require_once 'Typecho/Response.php';
/** 载入配置支持 */
require_once 'Typecho/Config.php';
/** 载入异常支持 */
require_once 'Typecho/Exception.php';
/** 载入插件支持 */
require_once 'Typecho/Plugin.php';
/** 载入国际化支持 */
require_once 'Typecho/I18n.php';
/** 载入数据库支持 */
require_once 'Typecho/Db.php';
/** 载入路由器支持 */
require_once 'Typecho/Router.php';
/** 程序初始化 */
Typecho_Common::init();
/** 定义数据库参数 */
$db = new Typecho_Db('Pdo_Mysql', 'blog_');
$db->addServer(array (
'host' => '192.168.246.60',
'user' => 'root',
'password' => '1',
'charset' => 'utf8',
'port' => '3306',
'database' => 'blog',
), Typecho_Db::READ | Typecho_Db::WRITE);
Typecho_Db::set($db);
9.编写mariadb角色
vim /etc/ansible/roles/mariadb/tasks/main.yml
- name: Install mariadb
yum:
name: mariadb-server
state: present
- name: Start mariadb
service:
name: mariadb
state: started
enabled: yes
- name: set mariadb password
shell: "mysqladmin password '1'"
- name: create databases blog
shell: "mysql -uroot -p1 -e 'create database blog;show databases;'"
10.编写zabbix-server角色
vim /etc/ansible/roles/zabbix/tasks/main.yml
- name: check zabbix-release-4.0-2.el7.noarch.rpm
shell: "rpm -q zabbix-release-4.0-2.el7.noarch"
register: check_zabbix
- name: Download zabbix package
shell: "rpm -Uvh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-2.el7.noarch.rpm"
when: not check_zabbix
- name: Install zabbix-server-mysql zabbix-web-mysql zabbix-agent mariadb
yum:
name: "{{ item }}"
state: present
loop:
- zabbix-server-mysql
- zabbix-web-mysql
- zabbix-agent
- mariadb-server
- name: Config mariadb service
service:
name: mariadb
state: started
enabled: yes
- name: set password for mariadb
shell: "mysqladmin password '1'"
- name: copy mariadb.sh to server
copy:
src: mariadb.sh
dest: /root/
- name: create zabbix for mariadb
shell: "sh /root/mariadb.sh"
- name: Configure the database for zabbix
shell: "sed -i '/^DBPassword/c DBPassword=1' /etc/zabbix/zabbix_server.conf"
- name: Configure PHP for the Zabbix frontend
shell: "sed -i '/^php_value date.timezone/c php_value date.timezone Europe/Riga' /etc/httpd/conf.d/zabbix.conf"
- name: Start zabbix-server zabbox-agent service
service:
name: "{{ item }}"
state: started
enabled: yes
loop:
- zabbix-server
- zabbix-agent
- httpd
vim /etc/ansible/roles/zabbix/files/mariadb.sh
#!/bin/bash
#创建数据库
a=`mysql -uroot -p1 -e "show databases;" | grep "zabbix"`
if [[ $a != "zabbix" ]];then
mysql -uroot -p1 -e "create database zabbix character set utf8 collate utf8_bin;"
fi
#创建用户
b=`mysql -uroot -p1 -e "select user,host from mysql.user;" | grep -o "zabbix"`
if [[ $b != "zabbix" ]];then
mysql -uroot -p1 -e "grant all on zabbix.* to zabbix@'192.168.246.%' identified by '1';"
fi
#倒数数据库
mysql -uroot -p1 -e "show tables from zabbix;" &> /dev/null
if ! [[ $? -eq 0 ]];then
zcat /usr/share/doc/zabbix-server-mysql*/create.sql.gz | mysql -uzabbix -p1
fi
10.编写汇总任务
vim /etc/ansible/playbook/site.yml
- name: Config hosts file
hosts: all_ip
tasks:
- name: copy hosts.j2 to group servers
template:
src: template/hosts.j2
dest: /etc/hosts
- name: Update all node yum.repo.file
hosts: all_ip
roles:
- yum_repo
- name: Config LVS service
hosts: LNMP
roles:
- LVS
- name: Config keepalived
hosts: keepalived1
roles:
- keepalived1
- name: Config keepalived
hosts: keepalived2
roles:
- keepalived2
- name: Install LNMP
hosts: LNMP
roles:
- LNMP
- name: Install mysql
hosts: mysql
roles:
- mariadb
- name: Install zabbix service
hosts: zabbix
roles:
- zabbix