lb-nginx

使用roles部署负载均衡的nginx

环境

外网IP	内网IP	主机名
10.0.0.5	172.16.1.5	lb01 （负载均衡）
10.0.0.6	172.16.1.6	lb02
10.0.0.7	172.16.1.7	web01(服务器)
10.0.0.8	172.16.1.8	web02
10.0.0.9	172.16.1.9	web03
10.0.0.31	172.16.1.31	nfs （共享存储）
10.0.0.41	172.16.1.41	backup
10.0.0.51	172.16.1.51	db01 （数据库）
10.0.0.52	172.16.1.52	db02
10.0.0.53	172.16.1.53	db03（代理机）
10.0.0.54	172.16.1.54	db04（代理机）
10.0.0.61	172.16.1.61	m01 （跳板机）
10.0.0.71	172.16.1.71	zabbix

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
	1.安装nginx
	2.拷贝nginx配置文件
	3.拷贝nginx虚拟主机配置及include文件
	4.启动nginx

推送公钥

1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81

ansible优化

1.下载
[root@m01 ~]#  yum install -y ansible
2.优化
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False

配置主机清单

[root@m01 ~]# vim /root/ansible/hosts 
#[]标签名任意，但是最好不要用特殊符号（- | &）和大写字母，中文（不能是nginx）
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

nginx配置文件

user  {{ ww_w }};
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

nginx server

upstream {{ansible_fqdn}} {
{% for n in range(10) %}
        server 172.16.1.{{ n }}:{{ 80 }};
{% endfor %}
}
server {
	listen 80;
	server_name {{wp_com}} {{zh_com}};

    location / {
        proxy_pass http://{{ansible_fqdn}};    
        include proxy_params;
    }
}
----------------------------------------------------------------------------
#编辑params

# 客户端的请求头部信息，带着域名来找我，我也带着域名去找下一级（代理机或者代理服务器）
proxy_set_header Host $host;
# 显示客户端的真实ip（和代理的所有IP）
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
	#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
	
#nignx会把后端返回的内容先放到缓冲区当中，然后再返回给客户端,边收边传, 不是全部接收完再传给客户端
proxy_buffering on;
#设置nginx代理保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
#proxy_buffer_size 8k;
#proxy_buffers 缓冲区
proxy_buffers 8 4k;
#proxy_buffers 8 8k;
#使用http 1.1协议版本
proxy_http_version 1.1;

#错误页面重定向
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;

keepalived启动脚本

#优化keepalived
keepalived.service 

[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target

[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
#KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

keepalived配置文件之jinjia模板

global_defs {
    router_id {{ ansible_fqdn }}
}

{% if ansible_fqdn == "lb01" %}
vrrp_script check {
    script "check_nginx_php.sh"
    interval 5
}
{% endif %}

vrrp_instance VI_1 {
{% if ansible_fqdn == "lb01" %}
    state MASTER
    priority 150
{% else %}
    state BACKUP
    priority 100
{% endif %}

    interface eth0
    virtual_router_id 50
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {         
        "{{ vi_ip }}"
    }
}

创建角色

[root@m01 roles]# ansible-galaxy init nginx_lb

编辑tasks目录

1.安装负载均衡的nginx
[root@m01 nginx_lb]# vim tasks/install.yml 
- name: check {{ nginx_packages_name }}
  shell: "ls /tmp/nginx-1.18.0"
  ignore_errors: yes
  register: check_nginx_packages

- name: jieya {{ nginx_packages_name }}
  unarchive:
    src: "{{ nginx_packages_name }}"
    dest: "{{nginx_packages_pos}}"
  when: check_nginx_packages != 0

- name: check nginx
  shell: "rpm -q nginx"
  ignore_errors: yes
  register: check_nginx

- name: Install Nginx Server
  yum:
    name:
      - "/tmp/nginx-1.18.0/nginx-1.18.0-1.el7.ngx.x86_64.rpm"
  when: check_nginx.rc != 0
2.拷贝nginx主配置文件和server
[root@m01 nginx_lb]# vim tasks/copy.yml 
- name: copy nginx.conf server
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: "nginx.conf.j2",dest: "/etc/nginx/nginx.conf" }
    - { src: "nginx.server.j2",dest: "/etc/nginx/conf.d/server.conf" }

- name: copy proxy_params
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: "proxy_params",dest: "/etc/nginx/" }
  notify:
    - "reload nginx"
3.启动nginx
[root@m01 nginx_lb]# vim tasks/start.yml 
- name: start nginx
  service:
    name: nginx
    state: started
4.include
[root@m01 nginx_lb]# vim tasks/main.yml 
- include: install.yml
- include: copy.yml
- include: start.yml
5.编辑files目录
[root@m01 nginx_lb]# vim files/keepalived.service 
[root@m01 nginx_lb]# vim files/proxy_params
[root@m01 nginx_lb]# rz		nginx-1.18.0.tar.gz
6.编辑template目录
[root@m01 nginx_lb]# vim templates/nginx.conf.j2 
[root@m01 nginx_lb]# vim templates/nginx.server.j2
7.编辑handlers
[root@m01 nginx_lb]# vim handlers/main.yml 
- name: reload nginx
  service:
    name: nginx
    state: reloaded
8.变量
[root@m01 nginx_lb]# vim vars/main.yml 
#统一ww_w用户
ww_w: www
#使用变量定义域名
yuming_com: "cs.wp.com cs.zh.com"
#nginx包名
nginx_packages_name: "nginx-1.18.0.tar.gz"
#nginx压缩包解压到目标机的位置
nginx_packages_pos: "/tmp"

编辑入口文件

[root@m01 roles]# vim site.yml 
- hosts: all
  roles:
    #- { role: base }
    #- { role: rsync_client,when: ansible_fqdn is match 'web*' }
    #- { role: rsync_client,when: ansible_fqdn is match 'nfs*' }
    #- { role: rsync_server,when: ansible_fqdn is match 'backup*' }
    #- { role: nfs_server,when: ansible_fqdn is match 'nfs*' }
    #- { role: nfs_client,when: ansible_fqdn is match 'web*' }
    #- { role: mount_server,when: ansible_fqdn is match 'nfs*' }
    #- { role: mount_client,when: ansible_fqdn is match 'web*' }
    #- { role: sersync,when: ansible_fqdn is match 'web*' }
    #- { role: nginx_web,when: ansible_fqdn is match 'web*' }
    - { role: nginx_lb,when: ansible_fqdn is match 'lb*' }

执行

[root@m01 roles]# ansible-playbook site.yml