ansible系列(34)--ansible实战之部署WEB集群架构(4)
1. 业务环境部署
- wordpress-base:用于设置WEB集群的网络基础环境,包括所有节点网关指向出口路由器,添加DNS;
- wordpress-web:用来增加nginx的虚拟主机节点,PHP-FPM连接redis,nfs挂载;
- wordpress-proxy:用于添加nginx负载均衡的虚拟主机节点,LVS后端RS网络部署;
- wordpress-mysql:用于创建wordpress的数据库和相关用户;
1.1 wordpress-base编写
-
创建wordpress-base模块的目录结构:
[root@xuzhichao cluster-roles]# mkdir wordpress-base/{tasks,meta,files,tamplates,handlers} -p
-
编写主任务文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-base/tasks/main.yml #1.把所有节点的网关指向192.168.20.17,增加DNS地址192.168.20.70 - name: Modify Gateway And Dns lineinfile: path: /etc/sysconfig/network-scripts/ifcfg-eth1-static line: "GATEWAY=192.168.20.17\nDNS1=192.168.20.70" #2.重启网络 - name: Restart Network systemd: name: network state: restarted
-
playbook文件修改如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module - role: wordpress-base tags: base-module ......
1.2 wordpress-web编写
-
创建wordpress-web的目录结构:
[root@xuzhichao cluster-roles]# mkdir wordpress-web/{tasks,meta,files,templates,handlers} -p
-
nginx 虚拟主机任务文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-web/tasks/nginx_web_vhost.yml - name: Copy Nginx Vhosts Configure File template: src: "wordpress.conf.j2" dest: "{{ nginx_install_directory }}/nginx/conf/conf.d/wordpress.conf" notify: Restart Nginx Server - name: Check Nginx Configure File shell: "{{ nginx_install_directory }}/nginx/sbin/nginx -t" register: Check_Nginx_Status changed_when: - Check_Nginx_Status.stdout.find('successful') - false
-
wordpress的代码部署如下:
[root@xuzhichao cluster-roles]# cat wordpress-web/tasks/wordpress_code.yml #1.拷贝解压wordpress代码 - name: Unarchive Wordpress Code unarchive: src: wordpress-5.7.2-zh_CN.tar.gz dest: "{{ wordpress_unarchive_directory }}" owner: "{{ web_user }}" group: "{{ web_group }}" mode: "0755" #2.创建图片上传目录,默认wordpress没有创建 - name: Create wp-content/uploads directory file: path: "{{ wordpress_code_directory }}/wp-content/uploads" state: directory owner: "{{ web_user }}" group: "{{ web_group }}" mode: "0755" changed_when: false #3.挂载NFS - name: Mount NFS Point mount: src: "nfs01.xuzhichao.com:{{ nfs_share_path }}" path: "{{ wordpress_code_directory }}/wp-content/uploads" fstype: nfs opts: defaults state: mounted
-
php连接redis编译部署如下:
[root@xuzhichao cluster-roles]# cat wordpress-web/tasks/php_connect_redis.yml #1.安装php-pecl-redis软件包 - name: Install php-pecl-redis yum: name: php-pecl-redis state: present #2.拷贝解压redis扩展包 - name: Unarchive php-Redis unarchive: src: redis-4.2.0.tgz dest: /root #3.生成配置文件 - name: phpize shell: cmd: "{{ PHP_install_directory }}/php/bin/phpize" chdir: "/root/redis-4.2.0" changed_when: false #4.configure预编译 - name: Configure shell: cmd: "./configure --with-php-config={{ PHP_install_directory }}/php/bin/php-config" chdir: "/root/redis-4.2.0" changed_when: false #5.编译安装 - name: Make And Make Install shell: cmd: make && make install chdir: "/root/redis-4.2.0" changed_when: false
-
主任务文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-web/tasks/main.yml - include: wordpress_code.yml - include: nginx_web_vhost.yml - include: php_connect_redis.yml
-
nginx虚拟主机模板文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-web/templates/wordpress.conf.j2 log_format access_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "X-Forwarded_For", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes":$body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"upstr_addr": "$upstream_addr",' '"upstr_host": "$upstream_http_host",' '"upstreamtime": "$upstream_response_time" }'; server { listen 80; server_name {{ wordpress_server_name }}; access_log {{ nginx_install_directory }}/nginx/logs/access_wordpress.log access_json; charset utf-8,gbk; #防盗链 valid_referers none blocked server_names *.b.com b.* ~\.baidu\. ~\.google\.; if ( $invalid_referer ) { return 403; } client_max_body_size 10m; location / { root {{ wordpress_code_directory }}; index index.html index.php; } location ~ \.php$ { root {{ wordpress_code_directory }}; #fastcgi反向代理 fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param HTTPS on; <==此指令加上会导致http向https跳转,此处不能加。 fastcgi_hide_header X-Powered-By; include fastcgi_params; } location ~ ^/(ping|pm_status)$ { access_log off; allow 192.168.20.0/24; allow 192.168.50.0/24; deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; } location = /nginx_status { access_log off; allow 192.168.20.0/24; allow 192.168.50.0/24; deny all; stub_status; } }
-
wordpress-web的依赖的role如下,表示需要先执行依赖的角色,才可以执行本角色:
[root@xuzhichao cluster-roles]# cat wordpress-web/meta/main.yml dependencies: - { role: nginx } - { role: php-fpm }
-
新增的变量文件如下:
[root@xuzhichao cluster-roles]# cat group_vars/all ...... #wordpress相关变量 wordpress_unarchive_directory: /data/nginx wordpress_code_directory: /data/nginx/wordpress wordpress_server_name: wordpress.xuzhichao.com
-
wordpress-web整体目录结构如下:
[root@xuzhichao cluster-roles]# tree wordpress-web/ wordpress-web/ ├── files │ ├── redis-4.2.0.tgz │ └── wordpress-5.7.2-zh_CN.tar.gz ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ ├── main.yml │ ├── nginx_web_vhost.yml │ ├── php_connect_redis.yml │ └── wordpress_code.yml └── templates └── wordpress.conf.j2 5 directories, 9 files
-
playbook文件修改如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module - role: wordpress-base tags: base-module - hosts: webservers roles: - role: wordpress-web tags: - wordpress-web - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: mariadb tags: mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs - hosts: lvs roles: - role: keepalived tags: keepalived - hosts: dns roles: - role: dns tags: dns
-
运行palybook文件:
[root@xuzhichao cluster-roles]# ansible-playbook -t wordpress-web wordpress_site.yml
-
检测web节点的虚拟主机配置文件如下:
[root@web01 ~]# cat /soft/nginx/conf/conf.d/wordpress.conf log_format access_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "X-Forwarded_For", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes":$body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"upstr_addr": "$upstream_addr",' '"upstr_host": "$upstream_http_host",' '"upstreamtime": "$upstream_response_time" }'; server { listen 80; server_name wordpress.xuzhichao.com; access_log /soft/nginx/logs/access_wordpress.log access_json; charset utf-8,gbk; #防盗链 valid_referers none blocked server_names *.b.com b.* ~\.baidu\. ~\.google\.; if ( $invalid_referer ) { return 403; } client_max_body_size 10m; location / { root /data/nginx/wordpress; index index.html index.php; } location ~ \.php$ { root /data/nginx/wordpress; #fastcgi反向代理 fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_hide_header X-Powered-By; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ ^/(ping|pm_status)$ { access_log off; allow 192.168.20.0/24; allow 192.168.50.0/24; deny all; fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; } location = /nginx_status { access_log off; allow 192.168.20.0/24; allow 192.168.50.0/24; deny all; stub_status; } }
-
查看web节点服务启动情况:
[root@web01 ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port ...... LISTEN 0 128 127.0.0.1:9000 *:* LISTEN 0 128 *:80 *:* [root@web01 ~]# df Filesystem 1K-blocks Used Available Use% Mounted on ...... nfs01.xuzhichao.com:/data/nfs 154057344 33664 154023680 1% /data/nginx/wordpress/wp-content/uploads
1.3 wordpress-mysql编写
注意:数据库建议使用新的数据库部署,若使用之前的数据库会存在问题,因为之前的数据库存储了wordpress的会话信息,对新的站点会造成影响。
-
创建wordpress-mysql目录结构:
[root@xuzhichao cluster-roles]# mkdir wordpress-mysql/{tasks,handlers,meta,files,templates} -p
-
主任务文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-mysql/tasks/main.yml #1.创建数据库wordpress - name: Create Wordpress Database mysql_db: login_host: "localhost" login_user: "root" login_password: "123456" #login_password: "123456" login_port: "3306" name: "{{ wordpress_mysql_database }}" state: present #2.授权远程连接的数据库 - name: Grant Wordpress Database User mysql_user: login_host: "localhost" login_user: "root" login_password: "123456" #login_port: "3306" name: "{{ wordpress_mysql_user }}" password: "{{ wordpress_mysql_password }}" host: "{{ wordpress_mysql_host }}" priv: "{{ wordpress_mysql_user }}.*:ALL" state: present
-
依赖文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-mysql/meta/main.yml dependencies: - { role: mariadb }
-
变量文件如下:
[root@xuzhichao cluster-roles]# vim group_vars/all #wordpress相关变量 wordpress_unarchive_directory: /data/nginx wordpress_code_directory: /data/nginx/wordpress wordpress_server_name: wordpress.xuzhichao.com wordpress_mysql_database: wordpress wordpress_mysql_user: wordpress wordpress_mysql_password: 123456 wordpress_mysql_host: 192.168.20.%
-
playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module - role: wordpress-base tags: base-module - hosts: webservers roles: - role: wordpress-web tags: - wordpress-web - hosts: lbservers roles: - role: nginx tags: nginx - hosts: mysql roles: - role: wordpress-mysql tags: wordpress-mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs - hosts: lvs roles: - role: keepalived tags: keepalived - hosts: dns roles: - role: dns tags: dns
-
运行playbook:
[root@xuzhichao cluster-roles]# ansible-playbook -t wordpress-mysql wordpress_site.yml
-
查看mysql是否成功创建:
[root@web02 ~]# mysql -uwordpress -p123456 -h192.168.20.50 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 36 Server version: 10.5.2-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | test | | wordpress | +--------------------+ 3 rows in set (0.00 sec)
1.4 wordpress-proxy编写
-
创建wordpress-proxy的目录结构:
[root@xuzhichao cluster-roles]# mkdir wordpress-proxy/{tasks,templates,files,meta,handlers} -p
-
主任务文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-proxy/tasks/main.yml #创建证书存放目录 - name: Create Cert directory file: path: "{{ nginx_install_directory }}/nginx/certs" state: directory #拷贝证书文件 - name: Copy SSL Cer File copy: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - { src: "xuzhichao.key", dest: "{{ nginx_install_directory }}/nginx/certs/xuzhichao.key" } - { src: "xuzhichao.crt", dest: "{{ nginx_install_directory }}/nginx/certs/xuzhichao.crt" } #拷贝虚拟主机配置文件 - name: Copy Nginx-LB Vhosts Configure template: src: "{{ item.src }}" dest: "{{ item.dest }}" loop: - { src: "wordpress.conf.j2", dest: "{{ nginx_install_directory }}/nginx/conf/conf.d/wordpress.conf" } - { src: "proxy_params.j2", dest: "{{ nginx_install_directory }}/nginx/conf/proxy_params" } notify: Restart Nginx Server #检查nginx配置文件 - name: Check Nginx Configure File shell: "{{ nginx_install_directory }}/nginx/sbin/nginx -t" register: Check_Nginx_Status changed_when: - Check_Nginx_Status.stdout.find('successful') - false #LVS的DR模型设置虚IP,一致arp - name: LVS DR RS Scripts script: ../files/lvs_rs.sh start
-
handlers文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-proxy/handlers/main.yml - name: Restart Nginx Server systemd: name: nginx state: reloaded
-
nginx负载均衡虚拟主机文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-proxy/templates/wordpress.conf.j2 upstream webservers { {% for host in groups["webservers"] %} server {{ host }}:80 weight=1 fail_timeout=5s max_fails=3; {% endfor %} } log_format access_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "X-Forwarded_For", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes":$body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"upstr_addr": "$upstream_addr",' '"upstr_host": "$upstream_http_host",' '"upstreamtime": "$upstream_response_time" }'; server { listen 443 ssl; listen 80; server_name {{ wordpress_server_name }}; access_log {{ nginx_install_directory }}/nginx/logs/access_wordpress.log access_json; ssl_certificate {{ nginx_install_directory }}/nginx/certs/xuzhichao.crt; ssl_certificate_key {{ nginx_install_directory }}/nginx/certs/xuzhichao.key; ssl_session_cache shared:ssl_cache:30m; ssl_session_timeout 10m; valid_referers none blocked server_names *.b.com b.* ~\.baidu\. ~\.google\.; if ( $invalid_referer ) { return 403; } location / { if ( $scheme = http ) { rewrite /(.*) https://{{ wordpress_server_name }}/$1 permanent; } proxy_pass http://webservers; include proxy_params; } } [root@xuzhichao cluster-roles]# cat wordpress-proxy/templates/proxy_params.j2 proxy_set_header host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 30; proxy_send_timeout 60; proxy_read_timeout 60; proxy_buffering on; proxy_buffer_size 64k; proxy_buffers 4 64k;
-
lvs的rs脚本文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-proxy/files/lvs_rs.sh #!/usr/bin/bash VIP1=192.168.20.200 VIP2=192.168.20.201 DEV1=lo:0 DEV2=lo:1 case $1 in start) echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce cat >/etc/sysconfig/network-scripts/ifcfg-${DEV1} <<-EOF DEVICE=${DEV1} IPADDR=${VIP1} NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback1 EOF cat >/etc/sysconfig/network-scripts/ifcfg-${DEV2} <<-EOF DEVICE=${DEV2} IPADDR=${VIP2} NETMASK=255.255.255.255 ONBOOT=yes NAME=loopback2 EOF ifup ${DEV1} # 启动网卡 ifup ${DEV2} systemctl start nginx ;; stop) echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/default/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce echo "0" >/proc/sys/net/ipv4/conf/default/arp_announce echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce ifdown ${DEV1} # 停止网卡 ifdown ${DEV2} rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV1} rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV2} systemctl stop nginx ;; *) echo "Usage: sh $0 { start | stop }" esac
-
meta依赖文件如下:
[root@xuzhichao cluster-roles]# cat wordpress-proxy/meta/main.yml dependencies: - { role: nginx }
-
wordpress-proxy整体目录结构如下:
[root@xuzhichao cluster-roles]# tree wordpress-proxy/ wordpress-proxy/ ├── files │ ├── lvs_rs.sh │ ├── xuzhichao.crt │ └── xuzhichao.key ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml └── templates ├── proxy_params.j2 └── wordpress.conf.j2
-
变量文件如下:
[root@xuzhichao cluster-roles]# cat group_vars/all #创建基础环境变量 web_group: nginx web_gid: 887 web_user: nginx web_uid: 887 #nginx相关变量 nginx_install_directory: /soft nginx_filename_tar: nginx-1.20.1.tar.gz nginx_version: nginx-1.20.1 nginx_configure_options: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_dav_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-file-aio gzip_contorl: "on" keepalive_timeout: 65 worker_connections_num: 35566 nginx_path: /soft/nginx/sbin/nginx #PHP相关变量 PHP_install_directory: /soft PHP_tar_packages: php-7.3.16.tar.xz PHP_version: php-7.3.16 PHP_configure_options: --enable-fpm --with-pear --with-mysqli=mysqlnd --with-openssl --with-pdo-mysql=mysqlnd --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-curl --with-freetype-dir --with-iconv --disable-debug --with-mhash --with-xmlrpc --with-xsl --enable-soap --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-sysvsem --enable-sysvshm --enable-syssvmsg php_fpm_listen_address: 127.0.0.1 php_fpm_listen_port: 9000 pm_max_children_num: 50 php_path: /soft/php/sbin/php-fpm #Mysql相关变量 mysql_user: mysql mysql_group: mysql mysql_base_directory: /usr/local/mysql mysql_data_directory: /data/mysql mysql_tar_ball: mariadb-10.5.2-linux-x86_64.tar.gz mysql_version: mariadb-10.5.2-linux-x86_64 mysql_link_file_path: /usr/local/mysql mysqld_file: /etc/init.d/mysqld #NFS相关变量 nfs_share_path: /data/nfs nfs_share_iprange: 192.168.20.0/24 #keepalived相关变量 vrrp_interface: eth1 virtual_router_id1: 51 auth_pass: 1111 virtual_ipaddress1: 192.168.20.200/24 virtual_router_id2: 52 virtual_ipaddress2: 192.168.20.201/24 vips: - 192.168.20.200 - 192.168.20.201 track_ports: - 443 - 80 lb_algo: rr lb_kind: DR protocol: TCP #wordpress相关变量 wordpress_unarchive_directory: /data/nginx wordpress_code_directory: /data/nginx/wordpress wordpress_server_name: wordpress.xuzhichao.com wordpress_mysql_database: wordpress wordpress_mysql_user: worpdress wordpress_mysql_password: 123456 wordpress_mysql_host: 192.168.20.%
-
最终playbook文件如下:
[root@xuzhichao cluster-roles]# cat wordpress_site.yml - hosts: all roles: - role: base-module - role: wordpress-base tags: base-module - hosts: webservers roles: - role: wordpress-web tags: - wordpress-web - hosts: lbservers roles: - role: wordpress-proxy tags: wordpress-proxy - hosts: mysql roles: - role: wordpress-mysql tags: wordpress-mysql - hosts: redis roles: - role: redis tags: redis - hosts: nfs roles: - role: nfs tags: nfs - hosts: lvs roles: - role: keepalived tags: keepalived - hosts: dns roles: - role: dns tags: dns
-
运行palybook:
[root@xuzhichao cluster-roles]# ansible-playbook -t wordpress-proxy wordpress_site.yml
-
查看nginx负载均衡的状态:
#nginx虚拟主机配置文件: [root@lb01 ~]# cat /soft/nginx/conf/conf.d/wordpress.conf upstream webservers { server 192.168.20.22:80 weight=1 fail_timeout=5s max_fails=3; server 192.168.20.23:80 weight=1 fail_timeout=5s max_fails=3; } log_format access_json '{ "@timestamp": "$time_iso8601", ' '"remote_addr": "X-Forwarded_For", ' '"referer": "$http_referer", ' '"request": "$request", ' '"status": $status, ' '"bytes":$body_bytes_sent, ' '"agent": "$http_user_agent", ' '"x_forwarded": "$http_x_forwarded_for", ' '"upstr_addr": "$upstream_addr",' '"upstr_host": "$upstream_http_host",' '"upstreamtime": "$upstream_response_time" }'; server { listen 443 ssl; listen 80; server_name wordpress.xuzhichao.com; access_log /soft/nginx/logs/access_wordpress.log access_json; ssl_certificate /soft/nginx/certs/xuzhichao.crt; ssl_certificate_key /soft/nginx/certs/xuzhichao.key; ssl_session_cache shared:ssl_cache:30m; ssl_session_timeout 10m; valid_referers none blocked server_names *.b.com b.* ~\.baidu\. ~\.google\.; if ( $invalid_referer ) { return 403; } location / { if ( $scheme = http ) { rewrite /(.*) https://wordpress.xuzhichao.com/$1 permanent; } proxy_pass http://webservers; include proxy_params; } } #虚IP情况: [root@lb01 ~]# ip add show lo 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet 192.168.20.200/32 brd 192.168.20.200 scope global lo:0 valid_lft forever preferred_lft forever inet 192.168.20.201/32 brd 192.168.20.201 scope global lo:1 valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever #服务监听情况: [root@lb01 ~]# ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:443 *:* LISTEN 0 128 *:80 *:*