ansible系列(33)--ansible实战之部署WEB集群架构(3)
目录
1. 应用环境部署
1.1 nginx编译部署
-
首先创建
nginx的role目录结构:[root@xuzhichao cluster-roles]# mkdir nginx/{tasks,templates,handlers,files,meta} -p -
编写
nginx的task文件,编译安装过程如下:[root@xuzhichao cluster-roles]# cat nginx/tasks/install_source_nginx.yml #编译安装nginx # #1.创建nginx安装目录 - name: Create Nginx Install Path file: name: "{{ nginx_install_directory }}/nginx" <==yaml文件的变量一般都需要使用引号引起来 state: directory owner: "{{ web_user }}" group: "{{ web_group }}" mode: "0644" #2.拷贝并解压nginx源码文件到目标主机 - name: Unarchive Nginx Packages unarchive: src: "{{ nginx_filename_tar }}" dest: "/root" #3.安装nginx的依赖软件包 - name: Install Dependencies For Building Nginx yum: name: "{{ item }}" state: present loop: - pcre-devel - openssl-devel - zlib-devel - pcre - openssl - zlib - "@Development tools" <==注意安装包组的时候,需要使用双引号 #4.预编译nginx,指定安装目录和编译选项 - name: Configure Nginx shell: cmd: "./configure --prefix={{ nginx_install_directory }}/nginx --user={{ web_user }} --group={{ web_group }} {{ nginx_configure_options }}" chdir: "/root/{{ nginx_version }}" changed_when: false #5.编译nginx - name: Build Nginx shell: cmd: "make && make install" chdir: "/root/{{ nginx_version }}" changed_when: false -
编写启动
nginx的任务:[root@xuzhichao cluster-roles]# cat nginx/tasks/start_nginx.yml #1.拷贝nginx的systemd的unit文件 - name: Copy Nginx Unit File template: src: nginx.service.j2 dest: /usr/lib/systemd/system/nginx.service # notify: Reload Systemd #2.重新加载systemd,让新增的nginx的unit文件生效 - name: Reload Systemd systemd: daemon_reload: yes #3.拷贝nginx主配置文件 - name: Copy Nginx Main Configure File template: src: nginx.conf.j2 dest: "{{ nginx_install_directory }}/nginx/conf/nginx.conf" owner: "{{ web_user }}" group: "{{ web_group }}" notify: Restart Nginx #4.检查nginx的配置文件是否正确 - name: Check Nginx Configure File shell: "{{ nginx_install_directory }}/nginx/sbin/nginx -t" register: Check_Nginx_Status changed_when: - Check_Nginx_Status.stdout.find('successful') - false #5.创建nginx子配置文件目录 - name: Create Confihure Directory file: path: "{{ nginx_install_directory }}/nginx/conf/conf.d" state: directory #6.启动nginx服务 - name: Start Nginx systemd: name: nginx state: started -
task的main.yml文件如下:[root@xuzhichao cluster-roles]# cat nginx/tasks/main.yml - include: install_source_nginx.yml - include: start_nginx.yml -
handlers文件如下:[root@xuzhichao cluster-roles]# cat nginx/handlers/main.yml - name: Restart Nginx systemd: name: nginx state: restarted -
nginx的基础配置文件模板如下:[root@xuzhichao cluster-roles]# cat nginx/templates/nginx.conf.j2 user {{ web_user }}; worker_processes {{ ansible_processor_vcpus }}; events { worker_connections {{ worker_connections_num }}; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout {{ keepalive_timeout }}; gzip {{ gzip_contorl }}; include {{ nginx_install_directory }}/nginx/conf/conf.d/*.conf; } -
nginx的unit模板文件如下:[root@xuzhichao cluster-roles]# cat nginx/templates/nginx.service.j2 [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile={{ nginx_install_directory }}/nginx/logs/nginx.pid ExecStartPre=/usr/bin/rm -f {{ nginx_install_directory }}/nginx/logs/nginx.pid ExecStartPre={{ nginx_install_directory }}/nginx/sbin/nginx -t ExecStart={{ nginx_install_directory }}/nginx/sbin/nginx ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat {{ nginx_install_directory }}/nginx/logs/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat {{ nginx_install_directory }}/nginx/logs/nginx.pid)" [Install] WantedBy=multi-user.target -
变量文件如下:
[root@xuzhichao cluster-roles]# cat group_vars/all #创建基础环境变量 web_group: nginx web_gid: 887 web_user: nginx web_uid: 887 #nginx相关变量 nginx_install_directory: /soft nginx_filename_tar: nginx-1.20.1.tar.gz nginx_version: nginx-1.20.1 nginx_configure_options: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_dav_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-file-aio gzip_contorl: "on" <==此处的on要使用双引号,否则会被渲染为True keepalive_timeout: 65 worker_connections_num: 35566 -
playbook入口文件如下:[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx tags: nginx - hosts: lbservers roles: - role: nginx tags: nginx -
运行
playbook文件:[root@xuzhichao cluster-roles]# ansible-playbook -t nginx wordpress_site.yml -
nginx整体目录结构如下:[root@xuzhichao cluster-roles]# tree nginx/ nginx/ ├── files │ └── nginx-1.20.1.tar.gz ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_source_nginx.yml │ ├── main.yml │ └── start_nginx.yml └── templates ├── nginx.conf.j2 └── nginx.service.j2 5 directories, 7 files -
在被控端查看部署情况:
[root@web01 ~]# /soft/nginx/sbin/nginx -V nginx version: nginx/1.20.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/soft/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_dav_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-file-aio [root@web01 ~]# cat /soft/nginx/conf/nginx.conf user nginx; worker_processes 1; events { worker_connections 35566; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; } [root@web01 ~]# cat /usr/lib/systemd/system/nginx.service [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/soft/nginx/logs/nginx.pid ExecStartPre=/usr/bin/rm -f /soft/nginx/logs/nginx.pid ExecStartPre=/soft/nginx/sbin/nginx -t ExecStart=/soft/nginx/sbin/nginx ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /soft/nginx/logs/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /soft/nginx/logs/nginx.pid)" [Install] WantedBy=multi-user.target -
遗留问题:
nginx的预编译和编译环节无法实现幂等性,每次执行都会重新编译一次。
1.2 PHP编译部署
-
创建php-fpm目录结构:
[root@xuzhichao cluster-roles]# mkdir php-fpm/{tasks,handlers,templates,files,meta} -p -
编写php编译安装task:
[root@xuzhichao cluster-roles]# cat php-fpm/tasks/install_source_php.yml #编译安装PHP # #1.创建PHP安装目录 - name: Create PHP Install Path file: name: "{{ PHP_install_directory }}/php" state: directory #2.拷贝解压PHP安装包 - name: Unarchive PHP Packages unarchive: src: "{{ PHP_tar_packages }}" dest: /root #3.安装PHP的依赖包 - name: Install Dependencies For Building PHP yum: name: "{{ item }}" state: present loop: - libxml2 - libxml2-devel - openssl - openssl-devel - curl - curl-devel - libpng - libpng-devel - freetype - freetype-devel - libmcrypt-devel - libzip-devel - pcre - pcre-devel - bzip2-devel - libicu-devel - gcc - gcc-c++ - autoconf - libjpeg - libjpeg-devel - zlib - zlib-devel - glibc - glibc-devel - glib2 - glib2-devel - ncurses - ncurses-devel - krb5-devel - libidn - libidn-devel - openldap - openldap-devel - nss_ldap - jemalloc-devel - cmake - boost-devel - bison - automake - libevent - libevent-devel - gd - gd-devel - libtool* - mcrypt - mhash - libxslt - libxslt-devel - readline - readline-devel - gmp - gmp-devel - libcurl - libcurl-devel - openjpeg-devel #4.预编译安装PHP,指定安装目录和编译选项 - name: Configure PHP shell: cmd: "./configure --prefix={{ nginx_install_directory }}/php --with-fpm-user={{ web_user }} --with-fpm-group={{ web_group }} {{ PHP_configure_options }}" chdir: "/root/{{ PHP_version }}" changed_when: false when: php_path is exists #5.编译安装 - name: Build PHP shell: cmd: "make && make install" chdir: "/root/{{ PHP_version }}" changed_when: false when: php_path is exists -
编写php的启动任务:
[root@xuzhichao cluster-roles]# cat php-fpm/tasks/start_php-fpm.yml #1.拷贝nginx的systemd的unit文件 - name: Copy PHP-FPM Unit File template: src: php-fpm.service.j2 dest: /usr/lib/systemd/system/php-fpm.service #2.重新加载systemd,让新增的nginx的unit文件生效 - name: Reload Systemd systemd: daemon_reload: yes #3.创建PHP的日志目录 - name: Create Log Path file: path: "{{ PHP_install_directory }}/php/log" state: directory #4.拷贝PHP相关配置文件 - name: Copy PHP and PHP-FPM Configure File template: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - { src: "php.ini.j2", dest: "{{ PHP_install_directory }}/php/etc/php.ini" } - { src: "www.conf.j2", dest: "{{ PHP_install_directory }}/php/etc/php-fpm.d/www.conf" } - { src: "php-fpm.conf.j2", dest: "{{ PHP_install_directory }}/php/etc/php-fpm.conf" } #5.检查PHP配置文件 - name: Check PHP Configure File shell: "{{ PHP_install_directory }}/php/sbin/php-fpm -t" register: Check_PHP_Status changed_when: - Check_PHP_Status.stdout.find('successful') - false notify: Restart PHP-FPM #6.启动PHP-FPM - name: Start PHP-FPM systemd: name: php-fpm state: started -
编写php任务的main.yml文件:
[root@xuzhichao cluster-roles]# cat php-fpm/tasks/main.yml - include: install_source_php.yml - include: start_php-fpm.yml -
php的systemd unit模板文件如下:
[root@xuzhichao cluster-roles]# cat php-fpm/templates/php-fpm.service.j2 [Unit] Description=The PHP FastCGI Process Manager After=syslog.target network.target [Service] Type=forking PIDFile={{ PHP_install_directory }}/php/var/run/php-fpm.pid #EnvironmentFile=/etc/sysconfig/php-fpm ExecStart={{ PHP_install_directory }}/php/sbin/php-fpm ExecReload=/bin/kill -USR2 $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target -
php-fpm的配置模板文件如下:
[root@xuzhichao cluster-roles]# cat php-fpm/templates/php-fpm.conf.j2 [global] pid = run/php-fpm.pid include={{ PHP_install_directory }}/php/etc/php-fpm.d/*.conf [root@xuzhichao cluster-roles]# cat php-fpm/templates/www.conf.j2 [www] user = {{ web_user }} group = {{ web_group }} listen = {{ php_fpm_listen_address }}:{{ php_fpm_listen_port }} listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = {{ pm_max_children_num }} pm.start_servers = 10 pm.min_spare_servers = 10 pm.max_spare_servers = 20 pm.max_requests = 50000 pm.status_path = /pm_status ping.path = /ping ping.response = pong access.log = log/$pool.access.log slowlog = log/$pool.log.slow [root@xuzhichao cluster-roles]# cat php-fpm/templates/php.ini.j2 [PHP] engine = On short_open_tag = Off precision = 14 output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = -1 disable_functions = disable_classes = zend.enable_gc = On expose_php = On max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On html_errors = On variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 8M auto_prepend_file = auto_append_file = default_mimetype = "text/html" default_charset = "UTF-8" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 extension={{ PHP_install_directory }}/php/lib/php/extensions/no-debug-non-zts-20180731/redis.so [CLI Server] cli_server.color = On [Date] [filter] [iconv] [imap] [intl] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.default_socket= [Phar] [mail function] SMTP = localhost smtp_port = 25 mail.add_x_header = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.default_port = 3306 mysqli.default_socket = mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = redis session.save_path = "tcp://192.168.20.61:6379" session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.cookie_samesite = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.sid_length = 26 session.trans_sid_tags = "a=href,area=href,frame=src,form=" session.sid_bits_per_character = 5 [Assertion] zend.assertions = -1 [COM] [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [dba] [opcache] [curl] [openssl] -
变量文件如下:
[root@xuzhichao cluster-roles]# cat group_vars/all #创建基础环境变量 web_group: nginx web_gid: 887 web_user: nginx web_uid: 887 #nginx相关变量 nginx_install_directory: /soft nginx_filename_tar: nginx-1.20.1.tar.gz nginx_version: nginx-1.20.1 nginx_configure_options: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_dav_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-file-aio gzip_contorl: "on" keepalive_timeout: 65 worker_connections_num: 35566 nginx_path: /soft/nginx/sbin/nginx #PHP相关变量 PHP_install_directory: /soft PHP_tar_packages: php-7.3.16.tar.xz PHP_version: php-7.3.16 PHP_configure_options: --enable-fpm --with-pear --with-mysqli=mysqlnd --with-openssl --with-pdo-mysql=mysqlnd --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-curl --with-freetype-dir --with-iconv --disable-debug --with-mhash --with-xmlrpc --with-xsl --enable-soap --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-sysvsem --enable-sysvshm --enable-syssvmsg php_fpm_listen_address: 127.0.0.1 php_fpm_listen_port: 9000 pm_max_children_num: 50 php_path: /soft/php/sbin/php-fpm -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx -
php-fpm的整体目录结构:
[root@xuzhichao cluster-roles]# tree php-fpm/ php-fpm/ ├── files │ └── php-7.3.16.tar.xz ├── handlers │ └── main.yml ├── meta ├── tasks │ ├── install_source_php.yml │ ├── main.yml │ └── start_php-fpm.yml └── templates ├── php-fpm.conf.j2 ├── php-fpm.service.j2 ├── php.ini.j2 └── www.conf.j2 5 directories, 9 files -
测试运行playbook文件:
[root@xuzhichao cluster-roles]# ansible-playbook -t php-fpm wordpress_site.yml -
在被控主机上检查运行情况:
[root@web02 ~]# cat /soft/php/etc/php-fpm.d/www.conf [www] user = nginx group = nginx listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 pm = dynamic pm.max_children = 50 pm.start_servers = 10 pm.min_spare_servers = 10 pm.max_spare_servers = 20 pm.max_requests = 50000 pm.status_path = /pm_status ping.path = /ping ping.response = pong access.log = log/$pool.access.log slowlog = log/$pool.log.slow [root@web02 ~]# cat /usr/lib/systemd/system/php-fpm.service [Unit] Description=The PHP FastCGI Process Manager After=syslog.target network.target [Service] Type=forking PIDFile=/soft/php/var/run/php-fpm.pid #EnvironmentFile=/etc/sysconfig/php-fpm ExecStart=/soft/php/sbin/php-fpm ExecReload=/bin/kill -USR2 $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target [root@web02 ~]# systemctl status php-fpm ● php-fpm.service - The PHP FastCGI Process Manager Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2021-08-10 10:48:59 CST; 1 day 11h ago Process: 108232 ExecStart=/soft/php/sbin/php-fpm (code=exited, status=0/SUCCESS) Main PID: 108233 (php-fpm) CGroup: /system.slice/php-fpm.service ├─108233 php-fpm: master process (/soft/php/etc/php-fpm.conf) ├─108234 php-fpm: pool www ├─108235 php-fpm: pool www ├─108236 php-fpm: pool www ├─108237 php-fpm: pool www ├─108238 php-fpm: pool www ├─108239 php-fpm: pool www ├─108240 php-fpm: pool www ├─108241 php-fpm: pool www ├─108242 php-fpm: pool www └─108243 php-fpm: pool www Aug 10 10:48:59 web02 systemd[1]: Starting The PHP FastCGI Process Manager... Aug 10 10:48:59 web02 systemd[1]: Started The PHP FastCGI Process Manager.
1.3 mariadb二级制部署
-
建立mariadb相关目录结构:
[root@xuzhichao cluster-roles]# mkdir mariadb/{tasks,handlers,templates,files,meta} -p -
编写mariadb的安装任务:
[root@xuzhichao cluster-roles]# cat mariadb/tasks/main.yml #二进制安装mariadb数据库 # #1.创建mysql账号 - name: Create Mysql Group group: name: "{{ mysql_group }}" state: present - name: Create Mysql User user: name: "{{ mysql_user }}" group: "{{ mysql_group }}" shell: /sbin/nologin create_home: no state: present #2.创建mysql相关工作目录 - name: Create Mysql Work Directory file: path: "{{ item }}" state: directory owner: "{{ mysql_user }}" group: "{{ mysql_group }}" loop: - /var/lib/mysql/ - "{{ mysql_data_directory }}" #3.拷贝解压mariadb数据包 - name: Unarchive Mariadb Package unarchive: src: "{{ mysql_tar_ball }}" dest: "/usr/local/src/" - name: Create Mariadb Link File file: src: "/usr/local/src/{{ mysql_version }}" dest: "{{ mysql_link_file_path }}" state: link #4.创建数据库文件: - name: Init Mysql Database shell: cmd: "{{ mysql_link_file_path }}/scripts/mysql_install_db --user={{ mysql_user }} --datadir={{ mysql_data_directory }} --basedir={{ mysql_base_directory }}" changed_when: false #5.创建mariadb的服务启动文件 - name: Copy Mariadb Service File template: src: mysqld.j2 dest: /etc/init.d/mysqld mode: "0755" #6.拷贝mariadb配置文件 - name: Copy Mariadb Configure File template: src: my.cnf.j2 dest: /etc/my.cnf notify: Restart Mariadb Server #7.启动mariadb - name: Start Mariadb Server systemd: name: mysqld state: started enabled: yes #8.设备数据库root密码 #- name: Create Mysql.sock Link File # file: # src: /var/lib/mysql/mysql.sock # dest: /tmp/mysql.sock # state: link #- name: Grant Database User # mysql_user: # name: root # password: 123456 # update_password: on_create # host: '%' # priv: '*.*:ALL' # state: present -
编写handlers文件:
[root@xuzhichao cluster-roles]# cat mariadb/handlers/main.yml - name: Restart Mariadb Server systemd: name: mysqld state: retarted -
编写变量文件:
[root@xuzhichao cluster-roles]# cat group_vars/all ...... #Mysql相关变量 mysql_user: mysql mysql_group: mysql mysql_base_directory: /usr/local/mysql mysql_data_directory: /data/mysql mysql_tar_ball: mariadb-10.5.2-linux-x86_64.tar.gz mysql_version: mariadb-10.5.2-linux-x86_64 mysql_link_file_path: /usr/local/mysql mysqld_file: /etc/init.d/mysqld -
mariadb的配置文件如下:
[root@xuzhichao cluster-roles]# cat mariadb/templates/my.cnf.j2 [mysqld] datadir={{ mysql_data_directory }} user={{ mysql_user }} innodb_file_per_table=on skip_name_resolve=on max_connections=10000 socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [client] port=3306 socket=/var/lib/mysql/mysql.sock [mysqld_safe] log-error=/var/log/mariadb/mariadb.log pid-file=/var/run/mariadb/mariadb.pid #log-error=/var/log/mysqld.log #pid-file=/var/lib/mysql/mysql.sock # # include all files from the config directory # !includedir /etc/my.cnf.d -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql -
运行palybook:
[root@xuzhichao cluster-roles]# ansible-playbook -t mysql wordpress_site.yml -
遗留问题:没有为初始的root用户创建密码。
1.4 redis部署
-
建立redis的相关目录结构:
[root@xuzhichao cluster-roles]# mkdir redis/{tasks,handlers,meta,files,templates} -p -
编写redis的任务文件:
[root@xuzhichao cluster-roles]# cat redis/tasks/main.yml - name: Install Redis yum: name: redis state: present - name: Copy Configure File template: src: redis.conf.j2 dest: /etc/redis.conf owner: "redis" group: "root" mode: "0644" notify: Restart Redis - name: Start Redis systemd: name: redis state: started enabled: yes -
编写handlers文件:
[root@xuzhichao cluster-roles]# cat redis/handlers/main.yml - name: Restart Redis systemd: name: redis state: restarted -
模板文件如下:
[root@xuzhichao cluster-roles]# cat redis/templates/redis.conf.j2 ...... bind 127.0.0.1 {{ ansible_eth1.ipv4.address }} ...... -
redis的目录机构如下:
[root@xuzhichao cluster-roles]# tree redis/ redis/ ├── files ├── handlers │ └── main.yml ├── meta ├── tasks │ └── main.yml └── templates └── redis.conf.j2 -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql - hosts: redis roles: - role: redis tags: redis -
运行palybook文件:
[root@xuzhichao cluster-roles]# ansible-playbook -t redis wordpress_site.yml
1.5 NFS部署
-
创建nfs的相关目录结构:
[root@xuzhichao cluster-roles]# mkdir nfs/{tasks,handlers,templates,meta,files} -p -
编写nfs的任务文件:
[root@xuzhichao cluster-roles]# cat nfs/tasks/main.yml - name: Install NFS Server yum: name: nfs-utils state: present - name: Configure NFS Server template: src: exports.j2 dest: /etc/exports notify: Restrat NFS Service - name: Init NFS Server file: path: "{{ nfs_share_path }}" state: directory owner: "{{ web_user }}" group: "{{ web_group }}" mode: "0644" - name: Start NFS service systemd: name: nfs state: started enabled: yes -
编写handlers文件:
[root@xuzhichao cluster-roles]# cat nfs/handlers/main.yml - name: Restrat NFS Service systemd: name: nfs state: restarted -
模板文件如下:
[root@xuzhichao cluster-roles]# cat nfs/templates/exports.j2 {{ nfs_share_path }} {{ nfs_share_iprange }}(rw,all_squash,anonuid={{ web_uid }},anongid={{ web_gid }}) -
nfs相关变量文件如下:
#NFS相关变量 nfs_share_path: /data/nfs nfs_share_iprange: 192.168.20.0/24 -
nfs的目录结构如下:
[root@xuzhichao cluster-roles]# tree nfs/ nfs/ ├── files ├── handlers │ └── main.yml ├── meta ├── tasks │ └── main.yml └── templates └── exports.j2 5 directories, 3 files -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml o - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs -
运行playbook,查看nfs启动情况:
[root@xuzhichao cluster-roles]# ansible-playbook -t nfs wordpress_site.yml [root@nfs01 ~]# cat /etc/exports /data/nfs 192.168.20.0/24(rw,all_squash,anonuid=887,anongid=887) [root@xuzhichao cluster-roles]# showmount -e 192.168.20.30 Export list for 192.168.20.30: /data/nfs 192.168.20.0/24
1.6 keepalived+LVS部署
-
创建keepalived相关工作目录:
[root@xuzhichao cluster-roles]# mkdir keepalived/{tasks,handlers,files,meta,templates} -p -
编写keepalived的主任务文件:
[root@xuzhichao cluster-roles]# cat keepalived/tasks/main.yml - name: Install Keepalived yum: name: keepalived state: present - name: Copy Notify Script template: src: notify.sh.j2 dest: /etc/keepalived/notify.sh mode: "0755" - name: Copy Configure File template: src: keepalived.conf.j2 dest: /etc/keepalived/keepalived.conf notify: Restart Keepalived - name: Start Keepalived systemd: name: keepalived state: started enabled: yes -
编写keepalived的handlers文件:
[root@xuzhichao cluster-roles]# cat keepalived/handlers/main.yml - name: Restart Keepalived systemd: name: keepalived state: restarted -
查看keepalived的配置模板文件:
[root@xuzhichao cluster-roles]# cat keepalived/templates/keepalived.conf.j2 global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ ansible_hostname }} script_user root enable_script_security } vrrp_instance VI_1 { {% if ansible_hostname == "lvs01" %} <==根据主机名判断MASTER和SLAVE情况 state MASTER priority 120 {% elif ansible_hostname == "lvs02" %} state SLAVE priority 100 {% endif %} interface {{ vrrp_interface }} virtual_router_id {{ virtual_router_id1 }} advert_int 3 authentication { auth_type PASS auth_pass {{ auth_pass }} } virtual_ipaddress { {{ virtual_ipaddress1 }} dev {{ vrrp_interface }} } track_interface { {{ vrrp_interface }} } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { {% if ansible_hostname == "lvs02" %} state MASTER priority 120 {% elif ansible_hostname == "lvs01" %} state SLAVE priority 100 {% endif %} interface {{ vrrp_interface }} virtual_router_id {{ virtual_router_id2 }} advert_int 3 authentication { auth_type PASS auth_pass {{ auth_pass }} } virtual_ipaddress { {{ virtual_ipaddress2 }} dev {{ vrrp_interface }} } track_interface { {{ vrrp_interface }} } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } {% for vip in vips %} <==使用多重循环生成lvs的相关配置 {% for port in track_ports %} virtual_server {{ vip }} {{ port }} { delay_loop 6 lb_algo {{ lb_algo }} lb_kind {{ lb_kind }} protocol {{ protocol }} sorry_server 192.168.20.24 {{ port }} {% for rip in groups["lbservers"] %} <==根据hosts文件中lbservers组成员自动生成后端主机 real_server {{ rip }} {{ port }} { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } {% endfor %} } {% endfor %} {% endfor %} -
查看keepalived的脚本通知模板文件:
[root@xuzhichao cluster-roles]# cat keepalived/templates/notify.sh.j2 #!/bin/bash contact='root@localhost' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac -
查看相关变量的定义:
[root@xuzhichao cluster-roles]# cat group_vars/all ...... #keepalived相关变量 vrrp_interface: eth1 virtual_router_id1: 51 auth_pass: 1111 virtual_ipaddress1: 192.168.20.200/24 virtual_router_id2: 52 virtual_ipaddress2: 192.168.20.201/24 vips: - 192.168.20.200 - 192.168.20.201 track_ports: - 443 - 80 lb_algo: rr lb_kind: DR -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs - hosts: lvs roles: - role: keepalived tags: keepalived -
执行playbook文件:
[root@xuzhichao cluster-roles]# ansible-playbook -t keepalived wordpress_site.yml -
在lvs01主机上查看生成的配置文件:
[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs01 script_user root enable_script_security } vrrp_instance VI_1 { state MASTER priority 120 interface eth1 virtual_router_id 51 advert_int 3 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.20.200/24 dev eth1 } track_interface { eth1 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state SLAVE priority 100 interface eth1 virtual_router_id 52 advert_int 3 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.20.201/24 dev eth1 } track_interface { eth1 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } virtual_server 192.168.20.200 443 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 443 real_server 192.168.20.19 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.200 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 80 real_server 192.168.20.19 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.201 443 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 443 real_server 192.168.20.19 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.201 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 80 real_server 192.168.20.19 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } [root@lvs01 ~]# cat /etc/keepalived/notify.sh #!/bin/bash contact='root@localhost' notify() { local mailsubject="$(hostname) to be $1, vip floating" local mailbody="$(date +'%F %T'): vrrp transition, $(hostname) changed to be $1" echo "$mailbody" | mail -s "$mailsubject" $contact } case $1 in master) notify master ;; backup) notify backup ;; fault) notify fault ;; *) echo "Usage: $(basename $0) {master|backup|fault}" exit 1 ;; esac -
在lvs02主机上查看生成的配置文件:
[root@lvs02 ~]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { root@localhost } notification_email_from keepalived@localhost smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id lvs02 script_user root enable_script_security } vrrp_instance VI_1 { state SLAVE priority 100 interface eth1 virtual_router_id 51 advert_int 3 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.20.200/24 dev eth1 } track_interface { eth1 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } vrrp_instance VI_2 { state MASTER priority 120 interface eth1 virtual_router_id 52 advert_int 3 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.20.201/24 dev eth1 } track_interface { eth1 } notify_master "/etc/keepalived/notify.sh master" notify_backup "/etc/keepalived/notify.sh backup" notify_fault "/etc/keepalived/notify.sh fault" } virtual_server 192.168.20.200 443 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 443 real_server 192.168.20.19 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.200 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 80 real_server 192.168.20.19 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.201 443 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 443 real_server 192.168.20.19 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 443 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 192.168.20.201 80 { delay_loop 6 lb_algo rr lb_kind DR protocol TCP sorry_server 192.168.20.24 80 real_server 192.168.20.19 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.20.20 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } -
查看lvs01节点虚ip地址的情况及lvs的运行状态:(因为后端两个lb节点暂时没有虚拟主机,没有监听80和443端口,因此lvs探测失败,没有显示后端主机)
[root@lvs01 ~]# ip add show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:21:84:93 brd ff:ff:ff:ff:ff:ff inet 192.168.20.31/24 brd 192.168.20.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 192.168.20.200/24 scope global secondary eth1 [root@lvs01 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.20.200:80 rr -> 192.168.20.24:80 Route 1 0 0 TCP 192.168.20.200:443 rr -> 192.168.20.24:443 Route 1 0 0 TCP 192.168.20.201:80 rr -> 192.168.20.24:80 Route 1 0 0 TCP 192.168.20.201:443 rr -> 192.168.20.24:443 Route 1 0 0 -
查看lvs02节点虚ip地址的情况及lvs的运行状态:
[root@lvs02 ~]# ip add show eth1 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:e4:cf:0d brd ff:ff:ff:ff:ff:ff inet 192.168.20.32/24 brd 192.168.20.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet 192.168.20.201/24 scope global secondary eth1 [root@lvs02 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.20.200:80 rr -> 192.168.20.24:80 Route 1 0 0 TCP 192.168.20.200:443 rr -> 192.168.20.24:443 Route 1 0 0 TCP 192.168.20.201:80 rr -> 192.168.20.24:80 Route 1 0 0 TCP 192.168.20.201:443 rr -> 192.168.20.24:443 Route 1 0 0
1.7 dns部署
-
创建dns相关工作目录:
[root@xuzhichao cluster-roles]# mkdir dns/{tasks,templates,files,handlers,meta} -p -
编写dns的主任务文件:
[root@xuzhichao cluster-roles]# cat dns/tasks/main.yml - name: Install Dns Server yum: name: bind state: present - name: Copy Configure File And Zone File template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" group: "named" mode: "0640" loop: - { src: "named.conf.j2", dest: "/etc/named.conf" } - { src: "xuzhichao.com.zone.j2", dest: "/var/named/xuzhichao.com.zone" } - { src: "named.xuzhichao.com.zone.j2", dest: "/etc/named.xuzhichao.com.zone" } - { src: "20.168.192.in-addr.arpa.zone.j2", dest: "/var/named/20.168.192.in-addr.arpa.zone" } notify: Restart Dns Server - name: Start Dns Server systemd: name: named state: started enabled: yes -
编写dns的handlers文件:
[root@xuzhichao cluster-roles]# cat dns/handlers/main.yml - name: Restart Dns Server systemd: name: named state: restarted -
dns的配置相关的模板文件如下:
[root@xuzhichao cluster-roles]# cat dns/templates/named.conf.j2 options { listen-on port 53 { localhost; }; listen-on-v6 port 53 { localhost; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { any; }; recursion yes; allow-recursion { 192.168.20.0/24; 192.168.50.0/24; }; allow-transfer {192.168.20.71;}; also-notify {192.168.20.71;}; bindkeys-file "/etc/named.root.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.xuzhichao.com.zone"; include "/etc/named.root.key"; [root@xuzhichao cluster-roles]# cat dns/templates/named.xuzhichao.com.zone.j2 zone "xuzhichao.com" IN { type master; file "xuzhichao.com.zone"; notify yes; }; zone "20.168.192.in-addr.arpa" IN { type master; file "20.168.192.in-addr.arpa.zone"; notify yes; }; [root@xuzhichao cluster-roles]# cat dns/templates/xuzhichao.com.zone.j2 $TTL 86400 xuzhichao.com. IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. ( 2021071603 10800 900 604800 86400 ) xuzhichao.com. IN NS ns1.xuzhichao.com. xuzhichao.com. IN NS ns2.xuzhichao.com. ns1 IN A 192.168.20.70 ns2 IN A 192.168.20.71 ;业务域 xuzhichao.com. IN MX 10 mx1.xuzhichao.com. mx1 IN A 192.168.20.11 wordpress.xuzhichao.com. IN A 192.168.50.200 wordpress.xuzhichao.com. IN A 192.168.50.201 web.xuzhichao.com. IN CNAME wordpress.xuzhichao.com. ;主机域 nginx02.xuzhichao.com. IN A 192.168.20.22 ngxin03.xuzhichao.com. IN A 192.168.20.23 nginx-lb01.xuzhichao.com. IN A 192.168.20.19 nginx-lb02.xuzhichao.com. IN A 192.168.20.20 apache01.xuzhichao.com. IN A 192.168.20.21 lvs01.xuzhichao.com. IN A 192.168.20.31 lvs02.xuzhichao.com. IN A 192.168.20.32 mysql01.xuzhichao.com. IN A 192.168.20.50 redis01.xuzhichao.com. IN A 192.168.20.61 nfs01.xuzhichao.com. IN A 192.168.20.30 dns01.xuzhichao.com. IN A 192.168.20.70 dns02.xuzhichao.com. IN A 192.168.20.71 [root@xuzhichao cluster-roles]# cat dns/templates/20.168.192.in-addr.arpa.zone.j2 $TTL 86400 @ IN SOA ns1.xuzhichao.com. mail.xuzhichao.com. ( 2021071602 10800 900 604800 86400 ) @ IN NS ns1.xuzhichao.com. @ IN NS ns2.xuzhichao.com. 70 IN PTR ns1.xuzhichao.com. 71 IN PTR ns2.xuzhichao.com. ;@ IN MX 10 mx1.xuzhichao.com. ;11 IN PTR mx1.xuzhichao.com. ;mx1.xuzhichao.com. IN A 192.168.20.11 ;主机域 22 IN PTR nginx02.xuzhichao.com. 23 IN PTR ngxin03.xuzhichao.com. 19 IN PTR nginx-lb01.xuzhichao.com. 20 IN PTR nginx-lb02.xuzhichao.com. 21 IN PTR apache01.xuzhichao.com. 31 IN PTR lvs01.xuzhichao.com. 32 IN PTR lvs02.xuzhichao.com. 50 IN PTR mysql01.xuzhichao.com. 61 IN PTR redis01.xuzhichao.com. 30 IN PTR nfs01.xuzhichao.com. 70 IN PTR dns01.xuzhichao.com. 71 IN PTR dns02.xuzhichao.com. -
dns的整体目录结构如下:
[root@xuzhichao cluster-roles]# tree dns/ dns/ ├── files ├── handlers │ └── main.yml ├── meta ├── tasks │ └── main.yml └── templates ├── 20.168.192.in-addr.arpa.zone.j2 ├── named.conf.j2 ├── named.xuzhichao.com.zone.j2 └── xuzhichao.com.zone.j2 5 directories, 6 files -
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module tags: base-module - hosts: webservers roles: - role: nginx - role: php-fpm tags: - nginx - php-fpm - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs - hosts: lvs roles: - role: keepalived tags: keepalived - hosts: dns roles: - role: dns tags: dns -
运行playbook文件:
[root@xuzhichao cluster-roles]# ansible-playbook -t dns wordpress_site.yml -
测试dns是否可以正常查询,并且对两个外网地址进行轮询:
[root@xuzhichao ~]# dig wordpress.xuzhichao.com @192.168.20.70 +short 192.168.50.200 192.168.50.201 [root@xuzhichao ~]# dig wordpress.xuzhichao.com @192.168.20.70 +short 192.168.50.201 192.168.50.200 [root@xuzhichao ~]# dig wordpress.xuzhichao.com @192.168.20.70 +short 192.168.50.200 192.168.50.201
