整体网站架构图
机器
master-61 跳板机堡垒机
lb-5 负载均衡,反向代理
lb-6 负载均衡 ,反向代理
web-7 nginx(wordpress)
web-8 nginx(wordpress)
db-51 maiadb
db-52 mysql
nfs-31 共享目录 lsyncd 实时备份
backup-41 备份机,对nfs的共享目录中的文件做一个备份
综合架构大作业
[root@master-61 /etc/ansible/roles/nginx_server]#tree /etc/ansible/
/etc/ansible/
├──
├── \\
├── all_server.yml
├── ansible.cfg
├── hosts
├── lsblk_server.yml
├── mariadb_server.yml
├── nfs_server.yml
├── nginx_server.yml
├── roles
│ ├── all_server
│ │ ├── files
│ │ │ └── yumrpm.repo
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ ├── lsblk_server
│ │ ├── files
│ │ │ ├── lsyncd.conf
│ │ │ └── rsync.pad
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ ├── mariadb_server
│ │ ├── files
│ │ │ └── yumrpm.repo
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ ├── nfs_server
│ │ ├── files
│ │ │ └── exports
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yml
│ ├── nginx_server
│ │ ├── files
│ │ │ ├── fastcgi_params
│ │ │ ├── latest-zh_CN.zip
│ │ │ ├── ssl_key
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ ├── wordpress.conf
│ │ │ └── yumrpm.repo
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yml
│ ├── rsync_server
│ │ ├── files
│ │ │ ├── rsyncd.conf
│ │ │ └── rsync.pwd
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ │ └── main.yml
│ ├── slb5_server
│ │ ├── files
│ │ │ ├── check_web.sh
│ │ │ ├── fastcgi_params
│ │ │ ├── keepalived.conf
│ │ │ ├── proxy_params.conf
│ │ │ ├── ssl_key
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ └── wordpress.conf
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ ├── slb6_server
│ │ ├── files
│ │ │ ├── check_vip.sh
│ │ │ ├── fastcgi_params
│ │ │ ├── keepalived.conf
│ │ │ ├── proxy_params.conf
│ │ │ ├── ssl_key
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ └── wordpress.conf
│ │ ├── handlers
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ └── vars
│ ├── sshd_server
│ │ ├── files
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ ├── templates
│ │ │ └── sshd_config.j2
│ │ └── vars
│ │ └── main.yml
│ └── web8_server
│ ├── files
│ │ └── wp-config.php
│ ├── handlers
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
├── rsync_server.yml
├── slb5_server.yml
├── slb6_server.yml
├── sshd_server.yml
└── web8_server.yml
64 directories, 59 files
1、自建yum仓库
只下载不安装
yum install nfs-utils --downloadonly --downloaddir=/yumrepo/local_yum_rpm/
[root@master-61 /my-playbook ]#mkdir /yumrpm
[root@master-61 /my-playbook ]#cd /yumrpm/
[root@master-61 /yumrepo ]#ls
[root@master-61 /yumrepo ]#ls
all-rpm.tgz
[root@master-61 /yumrepo ]#ll -h
total 84 M
-rw-r--r-- 1 root root 84 M Jun 14 13 :52 all-rpm.tgz
[root@master-61 /yumrepo ]#tar -zxf all-rpm.tgz
[root@master-61 /yumrepo ]#ll
total 85732
-rw-r--r-- 1 root root 87772321 Jun 14 13 :52 all-rpm.tgz
drwxr-xr-x 2 root root 12288 Jun 14 13 :38 local_yum_rpm
[root@master-61 /yumrpm ]#yum install nginx -y
[root@master-61 /yumrpm ]#cd /etc/nginx/conf.d/
[root@master-61 /etc/nginx/conf.d ]#ls
[root@master-61 /etc/nginx/conf.d ]#vim download.conf
[root@master-61 /etc/nginx/conf.d ]#cat download.conf
server {
listen 23456 ;
server_name localhost;
charset utf-8 ;
location / {
root /yumrpm/;
autoindex on ;
autoindex_localtime on ;
autoindex_exact_size off;
}
}
[root@master-61 /etc/nginx/conf.d ]#systemctl start nginx
[root@master-61 /etc/nginx/conf.d ]#systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@master-61 /etc/nginx/conf.d ]#yum install createrepo -y
[root@master-61 /yumrepo ]#createrepo /yumrpm/
Spawning worker 0 with 42 pkgs
Spawning worker 1 with 41 pkgs
Spawning worker 2 with 41 pkgs
Spawning worker 3 with 41 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@web-7 /etc/yum.repos.d ]#cat yumrpm.repo
[all-rpm ]
name=all repo
baseurl=http:
enabled=1
gpgcheck=0
[root@web-7 /etc/yum.repos.d ]#yum clean all
[root@web-7 /etc/yum.repos.d ]#yum makecache
2、免密登录(5、6、7、8、31、41、52)机器(bash脚本实现)
[root@master-61 /my-ssh]
echo "开始创建密钥对"
if [ -f /root/.ssh/id_rsa ]
then
echo "密钥对已存在,请检查"
else
ssh-keygen -f /root/.ssh/id_rsa -N '' > /tmp/xming_ssh.log 2>&1
fi
yum install sshpass -y
echo "发送公钥中...分发的机器列表为{5,6,7,8,31,41,52}"
for ip in {5,6,7,8,31,41,52}
do
sshpass -p '222222' ssh-copy-id root@172.16.1.${ip} -o StrictHostKeyChecking=no > /tmp/xming_ssh.log 2>&1
echo "正在验证免密结果"
echo "远程获取主机名:$(ssh root@172.16.1.${ip} hostname) "
done
for ip in {5,6,7,8,31,41,52}
do
echo "正修改允许公钥登录参数...当前操作的机器是172.16.1.${ip} "
ssh root@172.16.1.${ip} "sed -i '/PubkeyAuthentication/c PubkeyAuthentication yes' /etc/ssh/sshd_config"
echo "正修改禁止密码登录参数...当前操作的机器是172.16.1.${ip} "
ssh root@172.16.1.${ip} "sed -i '/PasswordAuthentication/c PasswordAuthentication no' /etc/ssh/sshd_config "
done
for ip in {5,6,7,8,31,41,52}
do
echo "正在修改监听地址...当前操作的机器是172.16.1.${ip} "
ssh root@172.16.1.${ip} "sed -i '/ListenAddress 0.0.0.0/c ListenAddress 172.16.1.${ip} ' /etc/ssh/sshd_config "
done
for ip in {5,6,7,8,31,41,52}
do
echo "当前正在检查的机器172.16.1.${ip} "
ssh root@172.16.1.${ip} "grep -E '^(PasswordAuthentication|PubkeyAuthentication|ListenAddress)' /etc/ssh/sshd_config"
done
echo '============批量修改目标机器sshd配置文件已完成==========='
[root@master-61 /my-ssh]
for ip in {5,6,7,8,31,41,52}
do
echo "正在重启sshd服务...当前机器是172.16.1.${ip} "
ssh root@172.16.1.${ip} "systemctl restart sshd"
done
[root@master-61 /my-ssh]
for ip in {5,6,7,8,31,41,52}
do
echo "正在重启sshd服务...当前机器是172.16.1.${ip} "
ssh root@172.16.1.${ip} "systemctl restart sshd"
done
3、ansible列表
[root@master-61 /etc/ansible/roles/nginx_server ]#tail -24 /etc/ansible/hosts
[all:vars ]
ansible_password=222222
[web ]
172.16 .1 .7
172.16 .1 .8
[nfs ]
172.16 .1 .31
[rsync ]
172.16 .1 .41
[db ]
172.16 .1 .52
[slb5 ]
172.16 .1 .5
[slb6 ]
172.16 .1 .6
4、一键ansible发送yum仓库+ntp时间同步
61 机器
[root@master-61 ~]
使用阿里云的时间同步服务器
server times.aliyun.com iburst prefer
server ntp.aliyun.com iburst
server cn.pool.ntp.org iburst
启动
systemctl start ntpd
[root@master-61 ~]
Created symlink from /etc/systemd/system /multi-user.target.wants/ntpd.service to /usr/lib/systemd/system /ntpd.service.
[root@master-61 /etc/ansible]
roles/all_server/
├── files
│ └── yumrpm.repo
├── handlers
├── tasks
│ └── main.yml
├── templates
└── vars
5 directories, 2 files
1)files
[root@master-61 /etc/ansible/roles/all_server]
[all-rpm]
name=all repo
baseurl=http://10.0.0.61:23456
enabled=1
gpgcheck=0
时间同步61机器
server 172.16.1.61 iburst prefer
2)tasks
[root@master-61 /etc/ansible/roles/all_server ]
- name: 删除原来yum源
shell: "rm -rf /etc/yum.repos.d/* warn=false"
- name: 发送自建源
copy:
src: yumrpm.repo
dest: /etc/yum.repos.d/yumrpm.repo
- name: 清理缓存
shell: "yum clean all warn=false"
- name: 下载ntp时间同步服务
yum:
name: ntp
state: latest
- name: 发送配置文件
copy:
src: ntp.conf
dest: /etc/ntp.conf
- name: 启动ntpd服务
systemd:
name: ntpd
state: started
enabled: yes
3)role
[root@master-61 /etc/ansible] #cat all_server .yml
- hosts : all
roles :
- all_server
5、web集群剧本
[root@master-61 /etc/ansible/roles/nginx_server] #tree
.
├── files
│ ├── fastcgi_params
│ ├── latest-zh_CN .zip
│ ├── ssl_key
│ │ ├── server .crt
│ │ └── server .key
│ ├── wordpress .conf
│ └── yumrpm .repo
├── handlers
├── tasks
│ └── main .yml
├── templates
└── vars
└── main .yml
6 directories , 8 files
1)配置文件fire
1、nginx配置文件
server{
listen 80;
server_name wordpress.afeitt.cn;
root /code/wordpress;
index index.php index.html;
location ~* \.php$ {
root /code/wordpress;
fastcgi_index index.php;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name ;
include /etc/nginx/fastcgi_params;
}
}
2、参数文件
[root@master-61 /etc/ansible/roles/nginx_server]
fastcgi_param QUERY_STRING $query_string ;
fastcgi_param REQUEST_METHOD $request_method ;
fastcgi_param CONTENT_TYPE $content_type ;
fastcgi_param CONTENT_LENGTH $content_length ;
fastcgi_param SCRIPT_NAME $fastcgi_script_name ;
fastcgi_param REQUEST_URI $request_uri ;
fastcgi_param DOCUMENT_URI $document_uri ;
fastcgi_param DOCUMENT_ROOT $document_root ;
fastcgi_param SERVER_PROTOCOL $server_protocol ;
fastcgi_param REQUEST_SCHEME $scheme ;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version ;
fastcgi_param REMOTE_ADDR $remote_addr ;
fastcgi_param REMOTE_PORT $remote_port ;
fastcgi_param SERVER_ADDR $server_addr ;
fastcgi_param SERVER_PORT $server_port ;
fastcgi_param SERVER_NAME $server_name ;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTPS on;
2)任务文件(tasks)
[root@master-61 /etc/ansible/roles/nginx_server ]
- name: 1 创建组
group:
name: "{{ user_name}} "
gid: "{{ id }} "
- name: 2 创建用户
user:
name: "{{ user_name }} "
uid: "{{ id }} "
group: "{{ user_name }} "
create_home: no
shell: /sbin/nologin
- name: 3 下载nginx、php服务
yum:
name: "{{ item }} "
state: latest
loop: "{{ app_name }} "
- name: 4 修改php-fpm配置文件
shell: "sed -i '/^user/c user = www' /etc/php-fpm.d/www.conf warn=false"
- name: 5 修改php-fpm配置文件
shell: "sed -i '/^group/c group = www' /etc/php-fpm.d/www.conf warn=false"
- name: 6 启动服务,设置开机自启
systemd:
name: "{{ item }} "
state: started
enabled: yes
loop:
- nginx
- php-fpm
- name: 7 创建目录
file:
path: /code/
owner: www
group: www
state: directory
- name: 8 解压源码包
unarchive:
src: latest-zh_CN.zip
dest: /code/
- name: 9 创建目录
shell: "chown -R www:www /code/wordpress/ warn=false"
- name: 10 创建文件
file:
path: /code/wordpress/wp-content/uploads
state: directory
- name: 11 清空虚拟机
shell: "rm -rf /etc/nginx/conf.d/* warn=false"
- name: 12 创建wordppress虚拟机
copy:
src: wordpress.conf
dest: /etc/nginx/conf.d/wordpress.conf
- name: 13 发送fastcgi_params 支持https请求
copy:
src: fastcgi_params
dest: /etc/nginx/fastcgi_params
- name: 14 重启nginx
shell: "systemctl restart nginx"
- name: 15 下载nfs
yum:
name: "{{ item }} "
state: latest
loop:
- nfs-utils
- rpcbind
- name: 16 挂载共享目录
mount:
src: 172.16 .1 .31 :/my-wordpress
path: /code/wordpress/wp-content/uploads
fstype: nfs
state: mounted
3)变量文件(vars)
[root@master-61 /etc/ansible]#cat roles/nginx_server/vars/main.yml
user_name: www
id: 666
app_name:
- nginx
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
- php71w-json
- php71w-pecl-apcu
- php71w-pecl-apcu-devel
4)角色文件
[root@master-61 /etc/ansible ]
- hosts: web
roles:
- nginx_server
5)执行命令
[root@master-61 /etc/ansible]
6、db集群剧本
[root@master-61 /etc/ansible/roles]
[root@master-61 /etc/ansible/roles]
mariadb_server/
├── files
├── handlers
├── tasks
├── templates
└── vars
[root@master-61 /etc/ansible]
roles/mariadb_server/
├── files
│ └── yumrpm.repo
├── handlers
├── tasks
│ └── main.yml
├── templates
└── vars
1)配置文件fire
2)任务文件(tasks)
[root@master-61 /etc/ansible/roles/mariadb_server ]
- name: 1 下载服务mariadb
yum:
name: "{{ item }} "
state: latest
loop:
- mariadb-server
- mariadb
- name: 2 启动服务设置开机自启
systemd:
name: mariadb
state: started
enabled: yes
- name: 3 修改密码授予远程访问
shell: "mysqladmin password '333333'"
- name: 4 创建非交互式远程连接用户
shell: mysql -uroot -p333333 -e "grant all privileges on *.* to afei@'%' identified by '333333';"
- name: 5 创建wordpress数据库
shell: mysql -uroot -p333333 -e "create database wordpress"
3)角色文件
[root@master-61 /etc/ansible ]
- hosts: db
roles:
- mariadb_server
4)执行命令
[root@master-61 /etc/ansible]
7、NFS剧本
[root@master-61 /etc/ansible/roles] #tree nfs_server /
nfs_server /
├── files
│ └── exports
├── handlers
├── tasks
│ └── main .yml
├── templates
└── vars
└── main .yml
5 directories , 3 files
1)任务剧本(tasks)
[root@master-61 /etc/ansible/roles/nfs_server ]
- name: 1 下载服务
yum:
name: "{{ item }} "
state: latest
loop:
- nfs-utils
- rpcbind
- name: 2 启动nfs服务
systemd:
name: "{{ item }} "
state: started
enabled: yes
loop:
- nfs
- rpcbind.socket
- name: 3 创建组
group:
name: "{{ user_name}} "
gid: "{{ id }} "
- name: 4 创建用户
user:
name: "{{ user_name }} "
uid: "{{ id }} "
group: "{{ user_name }} "
create_home: no
shell: /sbin/nologin
- name: 5 创建挂载目录
file:
path: /my-wordpress
owner: "{{ user_name}} "
group: "{{ user_name }} "
state: directory
- name: 6 发送配置文件
copy: src=exports dest=/etc/exports
- name: 7 更新配置文件
systemd:
name: nfs
state: reloaded
2)变量剧本(vars)
[root@master-61 /etc/ansible/roles/nfs_server]
user_name: www
id : 666
3)文件剧本(fires)
[root@master-61 /etc/ansible/roles/nfs_server]
/my-wordpress 172.16.1.0/24(rw,sync ,all_squash,anonuid=666,anongid=666)
8、lsblk剧本
[root@master-61 /etc/ansible/roles/lsblk_server] #tree
.
├── files
│ ├── lsyncd .conf
│ └── rsync .pad
├── handlers
├── tasks
│ └── main .yml
├── templates
└── vars
5 directories , 3 files
1)tasks
[root@master-61 /etc/ansible/roles/lsblk_server ]
- name: 1 下载lsyncd服务
yum: name=lsyncd state=latest
- name: 2 将在本地写好的配置文件密码文件发给31机器
copy:
src: "{{ item.src}} "
dest: /etc/
mode: "{{ item.mode }} "
loop:
- { src: lsyncd.conf ,mode: '644' }
- { src: rsync.pad ,mode: '600' }
- name: 3 启动lsyncd服务
systemd: name=lsyncd state=started
2)files
[root@master-61 /etc/ansible/roles/lsblk_server]
settings {
logfile ="/var/log/lsyncd/lsyncd.log" ,
statusFile ="/var/log/lsyncd/lsyncd.status" ,
inotifyMode = "CloseWrite" ,
maxProcesses = 8,
}
sync {
default.rsync,
source = "/my-wordpress" ,
target = "rsync_xming@172.16.1.41::tantan" ,
delete= true ,
exclude = {".*" },
delay=1,
rsync = {
binary = "/usr/bin/rsync" ,
archive = true ,
compress = true ,
verbose = true ,
password_file="/etc/rsync.pad" ,
_extra={"--bwlimit=200" }
}
}
[root@master-61 /etc/ansible/roles/lsblk_server]
111111
3)role
[root@master-61 /etc/ansible ]
- hosts: nfs
roles:
- lsblk_server
9、rstnc_server
[root@master-61 /etc/ansible/roles/slb5_server] #tree /etc /ansible /roles /rsync_server /
/etc /ansible /roles /rsync_server /
├── files
│ ├── rsyncd .conf
│ └── rsync .pwd
├── handlers
│ └── main .yml
├── tasks
│ └── main .yml
├── templates
└── vars
└── main .yml
5 directories , 5 files
1)tasks
[root@master-61 /etc/ansible/roles/rsync_server ]
- name: 1 下载rsyncd服务
yum: name=rsync state=latest
- name: 2 创建www组
group:
name: "{{ user_name }} "
gid: "{{ id }} "
- name: 3 创建www用户
user:
name: "{{ user_name }} "
uid: "{{ id }} "
group: "{{ id }} "
create_home: no
shell: /sbin/nologin
- name: 4 创建目录及授权
file:
path: "{{ item }} "
state: directory
owner: "{{ user_name }} "
group: "{{ user_name }} "
mode: "755"
loop:
- /tantan
- /momo
- name: 5 将本地写好的配置文件密码文件发给41机器
copy:
src: "{{ item.src }} "
dest: /etc/
mode: "{{ item.mode }} "
notify:
- restart-rsyncd.service
loop:
- { src: rsyncd.conf ,mode: '644' }
- { src: rsync.pwd ,mode: '600' }
- name: 6 启动服务
systemd:
name: rsyncd
state: started
enabled: yes
2)files
[root@master-61 /etc/ansible/roles/rsync_server]
uid = xming
gid = xming
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_xming
secrets file = /etc/rsync.pwd
log file = /var/log/rsyncd.log
[tantan]
comment = yuchaoit.cn about rsync
path = /tantan
[momo]
path = /momo
[root@master-61 /etc/ansible/roles/rsync_server]
rsync_xming:111111
3)vars
[root@master-61 /etc/ansible/roles/rsync_server]
user_name: 'xming'
id : '2222'
4)role
[root@master-61 /etc/ansible ]
- hosts: rsync
roles:
- rsync_server
10、web7发送数据库文件到web8
[root@master-61 /etc/ansible/roles] #tree web_server /
web_server /
├── files
│ └── wp-config .php
├── handlers
├── tasks
│ └── main .yml
├── templates
└── vars
5 directories , 2 files
1)tasks
[root@master-61 /etc/ansible/roles/web_server ]
- name: 发送数据库文件到8
copy:
src: wp-config.php
dest: /code/wordpress/wp-config.php
- name: 7 创建目录
shell: "chown -R www:www /code/wordpress/"
2)fires
[root@master-61 /etc/ansible]
3)role
[root@master-61 /etc/ansible ]
- hosts: web
roles:
- web_server
11、负载均衡slb5
[root@master-61 /etc/ansible]
roles/slb5_server/
├── files
│ ├── check_web.sh
│ ├── fastcgi_params
│ ├── keepalived.conf
│ ├── proxy_params.conf
│ ├── ssl_key
│ │ ├── server.crt
│ │ └── server.key
│ └── wordpress.conf
├── handlers
├── tasks
│ └── main.yml
├── templates
└── vars
6 directories, 8 files
1.创建证书实现https
1 、安装openssl
yum install openssl openssl-devel -y
2 、创建目录
mkdir /etc/ansible/roles/nginx_server/files/ssl_key
3 、进入目录
cd /etc/ansible/roles/nginx_server/files/ssl_key
4 、输入密码,闯进啊私钥文件
[root@master-61 /etc/ansible/roles/nginx_server/files/ssl_key]#openssl genrsa -idea -out server.key 2048
Generating RSA private key , 2048 bit long modulus
..........+++
..................+++
e is 65537 (0 x10001)
Enter pass phrase for server.key :afei11
Verifying - Enter pass phrase for server.key :afei11
5 、填写证书文件
[root@master-61 /etc/ansible/roles/nginx_server/files/ssl_key]#openssl req -days 36500 -x509 -sha256 -nodes -newkey rsa:2048 -keyout server.key -out server.crt
Generating a 2048 bit RSA private key
.....................+++
........+++
writing new private key to
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter
-----
Country Name (2 letter code) [XX]:Cn
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:BJ
Organization Name (eg, company) [Default Company Ltd]:afeitt.cn
Organizational Unit Name (eg, section) []:afeitt.cn
Common Name (eg, your name or your server
Email Address []:1398787859 @qq.com
[root@master-61 /etc/ansible/roles/nginx_server/files/ssl_key]#ls
server.crt server.key
1)files
1、脑裂脚本
[root@master-61 /etc/ansible/roles/slb5_server]
NGINX_STATUS=$(ps -ef|grep ngin[x]|wc -l)
if [ ${NGINX_STATUS} == 0 ]
then
systemctl restart nginx
if [ $? == 1 ]
then
systemctl stop keepalived
fi
fi
2、参数文件
[root@master-61 /etc/ansible/roles/slb5_server]
fastcgi_param QUERY_STRING $query_string ;
fastcgi_param REQUEST_METHOD $request_method ;
fastcgi_param CONTENT_TYPE $content_type ;
fastcgi_param CONTENT_LENGTH $content_length ;
fastcgi_param SCRIPT_NAME $fastcgi_script_name ;
fastcgi_param REQUEST_URI $request_uri ;
fastcgi_param DOCUMENT_URI $document_uri ;
fastcgi_param DOCUMENT_ROOT $document_root ;
fastcgi_param SERVER_PROTOCOL $server_protocol ;
fastcgi_param REQUEST_SCHEME $scheme ;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version ;
fastcgi_param REMOTE_ADDR $remote_addr ;
fastcgi_param REMOTE_PORT $remote_port ;
fastcgi_param SERVER_ADDR $server_addr ;
fastcgi_param SERVER_PORT $server_port ;
fastcgi_param SERVER_NAME $server_name ;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTPS on;
3、keepalived配置文件
[root@ master-61 / etc/ ansible/ roles/ slb5_server]#cat files/ keepalived.conf
global_defs {
router_id lb-5
}
vrrp_script check_web {
script "/etc/keepalived/check_web.sh"
interval 5
}
vrrp_instance VIP_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0 .0 .3
}
track_script {
check_web
}
}
4、代理文件
[root@master-61 /etc/ansible/roles/slb5_server]
upstream web-pools{
server 172.16 .1.7 :80 weight=4 ;
server 172.16 .1.8 :80 weight=1 ;
}
server{
listen 80 ;
server_name wordpress.afeitt.cn;
rewrite ^(.*) https:// $server_name$1 redirect;
}
server {
listen 443 ssl;
server_name wordpress.afeitt.cn;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http:// web-pools;
include /etc/nginx/proxy_params.conf;
}
}
5、反向代理参数文件
[root@master-61 /etc/ansible/roles/slb5_server]
proxy_set_header Host $http_host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
2)tasks
[root@master-61 /etc/ansible/roles/slb5_server ]
- name: 1 下载keepalived
yum:
name: "{{ item }} "
state: latest
loop:
- nginx
- keepalived
- name: 2 发送脑裂脚本
copy:
src: check_web.sh
dest: /etc/keepalived/
- name: 3 修改权限
shell: "chmod +x /etc/keepalived/check_web.sh warn=false"
- name: 4 发送配置文件
copy:
src: keepalived.conf
dest: /etc/keepalived/keepalived.conf
- name: 5 启动服务
systemd:
name: "{{ item }} "
state: started
enabled: yes
loop:
- keepalived
- nginx
- name: 6 发送公私钥
copy:
src: ssl_key
dest: /etc/nginx/
- name: 7 清空虚拟机
shell: "rm -rf /etc/nginx/conf.d/* warn=false"
- name: 8 发送反向代理文件
copy:
src: wordpress.conf
dest: /etc/nginx/conf.d/wordpress.conf
- name: 9 发送fastcgi_params,支持https
copy:
src: fastcgi_params
dest: /etc/nginx/
- name: 10 发送fastcgi_params,支持https
copy:
src: proxy_params.conf
dest: /etc/nginx/
- name: 11 重启nginx
shell: "systemctl restart nginx"
3)roles
[root@master-61 /etc/ansible ]
- hosts: slb5
roles:
- slb5_server
12、负载均衡slb6
[root@master-61 /etc/ansible/roles/slb6_server] #tree
.
├── files
│ ├── check_vip .sh
│ ├── fastcgi_params
│ ├── keepalived .conf
│ ├── proxy_params .conf
│ ├── ssl_key
│ │ ├── server .crt
│ │ └── server .key
│ └── wordpress .conf
├── handlers
├── tasks
│ └── main .yml
├── templates
└── vars
6 directories , 8 files
1)files
1、脑裂脚本
[root@master-61 /etc/ansible/roles/slb6_server]
MASTER_VIP=$(ssh 10.0.0.5 ip a|grep 10.0.0.11|wc -l)
MY_VIP=$(ip a|grep 10.0.0.11|wc -l)
if [ ${MASTER_VIP} == 1 -a ${MY_VIP} == 1 ]
then
systemctl stop keepalived
fi
2、参数文件
[root@master-61 /etc/ansible/roles/slb5_server]
fastcgi_param QUERY_STRING $query_string ;
fastcgi_param REQUEST_METHOD $request_method ;
fastcgi_param CONTENT_TYPE $content_type ;
fastcgi_param CONTENT_LENGTH $content_length ;
fastcgi_param SCRIPT_NAME $fastcgi_script_name ;
fastcgi_param REQUEST_URI $request_uri ;
fastcgi_param DOCUMENT_URI $document_uri ;
fastcgi_param DOCUMENT_ROOT $document_root ;
fastcgi_param SERVER_PROTOCOL $server_protocol ;
fastcgi_param REQUEST_SCHEME $scheme ;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version ;
fastcgi_param REMOTE_ADDR $remote_addr ;
fastcgi_param REMOTE_PORT $remote_port ;
fastcgi_param SERVER_ADDR $server_addr ;
fastcgi_param SERVER_PORT $server_port ;
fastcgi_param SERVER_NAME $server_name ;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param HTTPS on;
3、keepalived配置文件
[root@master-61 /etc/ansible/roles/slb6_server]
global_defs {
script_user root
enable_script_security
router_id lb-6
}
vrrp_script check_vip {
script "/etc/keepalived/check_vip.sh"
interval 5
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0 .0 .11
}
track_script {
check_vip
}
}
4、代理文件
[root@master-61 /etc/ansible/roles/slb5_server]
upstream web-pools{
server 172.16 .1.7 :80 weight=4 ;
server 172.16 .1.8 :80 weight=1 ;
}
server{
listen 80 ;
server_name wordpress.afeitt.cn;
rewrite ^(.*) https:// $server_name$1 redirect;
}
server {
listen 443 ssl;
server_name wordpress.afeitt.cn;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http:// web-pools;
include /etc/nginx/proxy_params.conf;
}
}
5、反向代理参数文件
[root@master-61 /etc/ansible/roles/slb5_server]
proxy_set_header Host $http_host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
2)tasts
[root@master-61 /etc/ansible/roles/slb6_server ]
- name: 1 下载keepalived
yum:
name: "{{ item }} "
state: latest
loop:
- nginx
- keepalived
- name: 2 发送脑裂脚本
copy:
src: check_vip.sh
dest: /etc/keepalived/
- name: 3 修改权限
shell: "chmod +x /etc/keepalived/check_web.sh warn=false"
- name: 4 发送配置文件
copy:
src: keepalived.conf
dest: /etc/keepalived/keepalived.conf
- name: 5 启动服务
systemd:
name: "{{ item }} "
state: started
enabled: yes
loop:
- keepalived
- nginx
- name: 6 发送公私钥
copy:
src: ssl_key
dest: /etc/nginx/
- name: 7 清空虚拟机
shell: "rm -rf /etc/nginx/conf.d/* warn=false"
- name: 8 发送反向代理文件
copy:
src: wordpress.conf
dest: /etc/nginx/conf.d/wordpress.conf
- name: 9 发送fastcgi_params,支持https
copy:
src: fastcgi_params
dest: /etc/nginx/
- name: 10 发送fastcgi_params,支持https
copy:
src: proxy_params.conf
dest: /etc/nginx/
- name: 11 重启nginx
shell: "systemctl restart nginx"
3)roles
[root@master-61 /etc/ansible ]
- hosts: slb6
roles:
- slb6_server
执行顺序
ansible-playbook all_server.yml
ansible-playbook rsync_server.yml
ansible-playbook nfs_server.yml
ansible-playbook lsblk_server.yml
ansible-playbook nginx_server.yml
ansible-playbook mariadb_server.yml
ansible-playbook web_server.yml
ansible-playbook slb5_server.yml
ansible-playbook slb6_server.yml
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?