ansible系列(34)--ansible实战之部署WEB集群架构(4)



1. 业务环境部署

  • wordpress-base:用于设置WEB集群的网络基础环境,包括所有节点网关指向出口路由器,添加DNS;
  • wordpress-web:用来增加nginx的虚拟主机节点,PHP-FPM连接redis,nfs挂载;
  • wordpress-proxy:用于添加nginx负载均衡的虚拟主机节点,LVS后端RS网络部署;
  • wordpress-mysql:用于创建wordpress的数据库和相关用户;

1.1 wordpress-base编写

  • 创建wordpress-base模块的目录结构:

    [root@xuzhichao cluster-roles]# mkdir wordpress-base/{tasks,meta,files,tamplates,handlers} -p
    
  • 编写主任务文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-base/tasks/main.yml 
    #1.把所有节点的网关指向192.168.20.17,增加DNS地址192.168.20.70
    - name: Modify Gateway And Dns
      lineinfile:
        path: /etc/sysconfig/network-scripts/ifcfg-eth1-static
        line: "GATEWAY=192.168.20.17\nDNS1=192.168.20.70"
    
    #2.重启网络
    - name: Restart Network
      systemd:
        name: network
        state: restarted
    
  • playbook文件修改如下:

    [root@xuzhichao cluster-roles]# cat wordpress_site.yml
    - hosts: all
      roles:
        - role: base-module
        - role: wordpress-base
      tags: base-module
    ......
    

1.2 wordpress-web编写

  • 创建wordpress-web的目录结构:

    [root@xuzhichao cluster-roles]# mkdir wordpress-web/{tasks,meta,files,templates,handlers} -p
    
  • nginx 虚拟主机任务文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-web/tasks/nginx_web_vhost.yml 
    - name: Copy Nginx Vhosts Configure File
      template:
        src: "wordpress.conf.j2"
        dest: "{{ nginx_install_directory }}/nginx/conf/conf.d/wordpress.conf"
      notify: Restart Nginx Server
    
    - name: Check Nginx Configure File 
      shell: "{{ nginx_install_directory }}/nginx/sbin/nginx -t"
      register: Check_Nginx_Status
      changed_when: 
          - Check_Nginx_Status.stdout.find('successful')
          - false
    
  • wordpress的代码部署如下:

    [root@xuzhichao cluster-roles]# cat wordpress-web/tasks/wordpress_code.yml 
    #1.拷贝解压wordpress代码
    - name: Unarchive Wordpress Code
      unarchive:
        src: wordpress-5.7.2-zh_CN.tar.gz
        dest: "{{ wordpress_unarchive_directory }}"
        owner: "{{ web_user }}"
        group: "{{ web_group }}"
        mode: "0755"
    
    #2.创建图片上传目录,默认wordpress没有创建
    - name: Create wp-content/uploads directory
      file: 
        path: "{{ wordpress_code_directory }}/wp-content/uploads"
        state: directory
        owner: "{{ web_user }}"
        group: "{{ web_group }}"
        mode: "0755"
      changed_when: false
    
    #3.挂载NFS
    - name: Mount NFS Point
      mount:
        src: "nfs01.xuzhichao.com:{{ nfs_share_path }}"
        path: "{{ wordpress_code_directory }}/wp-content/uploads"
        fstype: nfs
        opts: defaults
        state: mounted
    
  • php连接redis编译部署如下:

    [root@xuzhichao cluster-roles]# cat wordpress-web/tasks/php_connect_redis.yml 
    #1.安装php-pecl-redis软件包
    - name: Install php-pecl-redis
      yum:
        name: php-pecl-redis
        state: present
    
    #2.拷贝解压redis扩展包
    - name: Unarchive php-Redis
      unarchive:
        src: redis-4.2.0.tgz
        dest: /root
    
    #3.生成配置文件
    - name: phpize
      shell:
        cmd: "{{ PHP_install_directory }}/php/bin/phpize"
        chdir: "/root/redis-4.2.0"
      changed_when: false
    
    #4.configure预编译
    - name: Configure
      shell:
        cmd: "./configure --with-php-config={{ PHP_install_directory }}/php/bin/php-config"
        chdir: "/root/redis-4.2.0"
      changed_when: false
    
    #5.编译安装
    - name: Make And Make Install
      shell:
        cmd: make && make install
        chdir: "/root/redis-4.2.0"
      changed_when: false
    
  • 主任务文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-web/tasks/main.yml 
    - include: wordpress_code.yml
    - include: nginx_web_vhost.yml
    - include: php_connect_redis.yml
    
  • nginx虚拟主机模板文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-web/templates/wordpress.conf.j2 
    log_format access_json '{ "@timestamp": "$time_iso8601", '  
    '"remote_addr": "X-Forwarded_For", '  
    '"referer": "$http_referer", '  
    '"request": "$request", '  
    '"status": $status, '  
    '"bytes":$body_bytes_sent, '  
    '"agent": "$http_user_agent", '  
    '"x_forwarded": "$http_x_forwarded_for", '  
    '"upstr_addr": "$upstream_addr",'  
    '"upstr_host": "$upstream_http_host",'  
    '"upstreamtime": "$upstream_response_time" }'; 
    
    server {
    	listen 80;
    	server_name {{ wordpress_server_name }};
    	access_log {{ nginx_install_directory }}/nginx/logs/access_wordpress.log access_json;
    	charset utf-8,gbk;
    	
    	#防盗链
    	valid_referers none blocked server_names *.b.com  b.*  ~\.baidu\.  ~\.google\.;
    	
    	if ( $invalid_referer ) {
    		return 403;	
    	}
    
    	client_max_body_size 10m;
    
    	location / {
    		root {{ wordpress_code_directory }};
    		index index.html index.php;
    	}
    
    	location ~ \.php$ {
    		root {{ wordpress_code_directory }};
    
    		#fastcgi反向代理
    		fastcgi_pass 127.0.0.1:9000;
    		fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    		#fastcgi_param HTTPS on;  <==此指令加上会导致http向https跳转,此处不能加。
    		fastcgi_hide_header X-Powered-By;
    		include fastcgi_params;
    	}
    
    	location ~ ^/(ping|pm_status)$ {
    		access_log off;
    		allow 192.168.20.0/24;
    		allow 192.168.50.0/24;
    		deny all;
    		fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
    		include fastcgi_params;
    	}
    
    	location = /nginx_status {
    		access_log off;
    		allow 192.168.20.0/24;
    		allow 192.168.50.0/24;
    		deny all;
    		stub_status;
    	}
    }
    
  • wordpress-web的依赖的role如下,表示需要先执行依赖的角色,才可以执行本角色:

    [root@xuzhichao cluster-roles]# cat wordpress-web/meta/main.yml 
    dependencies:
      - { role: nginx }
      - { role: php-fpm }
    
  • 新增的变量文件如下:

    [root@xuzhichao cluster-roles]# cat group_vars/all
    ......
    #wordpress相关变量
    wordpress_unarchive_directory: /data/nginx
    wordpress_code_directory: /data/nginx/wordpress
    wordpress_server_name: wordpress.xuzhichao.com
    
  • wordpress-web整体目录结构如下:

    [root@xuzhichao cluster-roles]# tree wordpress-web/
    wordpress-web/
    ├── files
    │   ├── redis-4.2.0.tgz
    │   └── wordpress-5.7.2-zh_CN.tar.gz
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── tasks
    │   ├── main.yml
    │   ├── nginx_web_vhost.yml
    │   ├── php_connect_redis.yml
    │   └── wordpress_code.yml
    └── templates
        └── wordpress.conf.j2
    
    5 directories, 9 files
    
  • playbook文件修改如下:

    [root@xuzhichao cluster-roles]# cat wordpress_site.yml 
    - hosts: all
      roles:
        - role: base-module
        - role: wordpress-base
      tags: base-module
    
    - hosts: webservers
      roles:
        - role: wordpress-web
      tags: 
        - wordpress-web
    
    - hosts: lbservers
      roles:
        - role: nginx
      tags: nginx
    
    - hosts: mysql
      roles: 
        - role: mariadb
      tags: mysql
    
    - hosts: redis
      roles:
        - role: redis
      tags: redis
    
    - hosts: nfs
      roles:
        - role: nfs
      tags: nfs
    
    - hosts: lvs
      roles:
        - role: keepalived
      tags: keepalived
    
    - hosts: dns
      roles:
        - role: dns
      tags: dns
    
  • 运行palybook文件:

    [root@xuzhichao cluster-roles]# ansible-playbook  -t wordpress-web wordpress_site.yml
    
  • 检测web节点的虚拟主机配置文件如下:

    [root@web01 ~]# cat /soft/nginx/conf/conf.d/wordpress.conf
    log_format access_json '{ "@timestamp": "$time_iso8601", '  
    '"remote_addr": "X-Forwarded_For", '  
    '"referer": "$http_referer", '  
    '"request": "$request", '  
    '"status": $status, '  
    '"bytes":$body_bytes_sent, '  
    '"agent": "$http_user_agent", '  
    '"x_forwarded": "$http_x_forwarded_for", '  
    '"upstr_addr": "$upstream_addr",'  
    '"upstr_host": "$upstream_http_host",'  
    '"upstreamtime": "$upstream_response_time" }'; 
    
    server {
    	listen 80;
    	server_name wordpress.xuzhichao.com;
    	access_log /soft/nginx/logs/access_wordpress.log access_json;
    	charset utf-8,gbk;
    	
    	#防盗链
    	valid_referers none blocked server_names *.b.com  b.*  ~\.baidu\.  ~\.google\.;
    	
    	if ( $invalid_referer ) {
    		return 403;	
    	}
    
    	client_max_body_size 10m;
    
    	location / {
    		root /data/nginx/wordpress;
    		index index.html index.php;
    	}
    
    	location ~ \.php$ {
    		root /data/nginx/wordpress;
    
    		#fastcgi反向代理
    		fastcgi_pass 127.0.0.1:9000;
    		fastcgi_index index.php;
    		fastcgi_hide_header X-Powered-By;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    		include fastcgi_params;
    	}
    
    	location ~ ^/(ping|pm_status)$ {
    		access_log off;
    		allow 192.168.20.0/24;
    		allow 192.168.50.0/24;
    		deny all;
    		fastcgi_pass 127.0.0.1:9000;
            fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
    		include fastcgi_params;
    	}
    
    	location = /nginx_status {
    		access_log off;
    		allow 192.168.20.0/24;
    		allow 192.168.50.0/24;
    		deny all;
    		stub_status;
    	}
    }
    
  • 查看web节点服务启动情况:

    [root@web01 ~]# ss -ntl
    State      Recv-Q Send-Q                                 Local Address:Port                 Peer Address:Port             ......
    LISTEN     0      128                                        127.0.0.1:9000                   *:*                  
    LISTEN     0      128                                                *:80                     *:*                  
    
    [root@web01 ~]# df
    Filesystem                    1K-blocks    Used Available Use% Mounted on
    ......
    nfs01.xuzhichao.com:/data/nfs 154057344   33664 154023680   1% /data/nginx/wordpress/wp-content/uploads
    

1.3 wordpress-mysql编写

注意:数据库建议使用新的数据库部署,若使用之前的数据库会存在问题,因为之前的数据库存储了wordpress的会话信息,对新的站点会造成影响。

  • 创建wordpress-mysql目录结构:

    [root@xuzhichao cluster-roles]# mkdir wordpress-mysql/{tasks,handlers,meta,files,templates} -p
    
  • 主任务文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-mysql/tasks/main.yml 
    #1.创建数据库wordpress
    - name: Create Wordpress Database
      mysql_db:
        login_host: "localhost"
        login_user: "root"
        login_password: "123456"
        #login_password: "123456"
        login_port: "3306"
        name: "{{ wordpress_mysql_database }}"
        state: present
    
    #2.授权远程连接的数据库
    - name: Grant Wordpress Database User
      mysql_user:
        login_host: "localhost"
        login_user: "root"
        login_password: "123456"
        #login_port: "3306"
        name: "{{ wordpress_mysql_user }}"
        password: "{{ wordpress_mysql_password }}"
        host: "{{ wordpress_mysql_host }}"
        priv: "{{ wordpress_mysql_user }}.*:ALL"
        state: present
    
  • 依赖文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-mysql/meta/main.yml 
    dependencies:
      - { role: mariadb }
    
  • 变量文件如下:

    [root@xuzhichao cluster-roles]# vim group_vars/all
    #wordpress相关变量
    wordpress_unarchive_directory: /data/nginx
    wordpress_code_directory: /data/nginx/wordpress
    wordpress_server_name: wordpress.xuzhichao.com
    
    wordpress_mysql_database: wordpress
    wordpress_mysql_user: wordpress
    wordpress_mysql_password: 123456
    wordpress_mysql_host: 192.168.20.% 
    
  • playbook文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress_site.yml 
    - hosts: all
      roles:
        - role: base-module
        - role: wordpress-base
      tags: base-module
    
    - hosts: webservers
      roles:
        - role: wordpress-web
      tags: 
        - wordpress-web
    
    - hosts: lbservers
      roles:
        - role: nginx
      tags: nginx
    
    - hosts: mysql
      roles: 
        - role: wordpress-mysql
      tags: wordpress-mysql
    
    - hosts: redis
      roles:
        - role: redis
      tags: redis
    
    - hosts: nfs
      roles:
        - role: nfs
      tags: nfs
    
    - hosts: lvs
      roles:
        - role: keepalived
      tags: keepalived
    
    - hosts: dns
      roles:
        - role: dns
      tags: dns
    
  • 运行playbook:

    [root@xuzhichao cluster-roles]# ansible-playbook -t wordpress-mysql wordpress_site.yml
    
  • 查看mysql是否成功创建:

    [root@web02 ~]# mysql -uwordpress -p123456 -h192.168.20.50
    Welcome to the MariaDB monitor.  Commands end with ; or \g.
    Your MariaDB connection id is 36
    Server version: 10.5.2-MariaDB MariaDB Server
    
    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    MariaDB [(none)]> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | test               |
    | wordpress          |
    +--------------------+
    3 rows in set (0.00 sec)
    

1.4 wordpress-proxy编写

  • 创建wordpress-proxy的目录结构:

    [root@xuzhichao cluster-roles]# mkdir wordpress-proxy/{tasks,templates,files,meta,handlers} -p
    
  • 主任务文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-proxy/tasks/main.yml 
    #创建证书存放目录
    - name: Create Cert directory
      file:
        path: "{{ nginx_install_directory }}/nginx/certs"
        state: directory
    
    #拷贝证书文件
    - name: Copy SSL Cer File
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      loop:
        - { src: "xuzhichao.key", dest: "{{ nginx_install_directory }}/nginx/certs/xuzhichao.key" }
        - { src: "xuzhichao.crt", dest: "{{ nginx_install_directory }}/nginx/certs/xuzhichao.crt" }
    
    #拷贝虚拟主机配置文件
    - name: Copy Nginx-LB Vhosts Configure
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      loop:
        - { src: "wordpress.conf.j2", dest: "{{ nginx_install_directory }}/nginx/conf/conf.d/wordpress.conf" }
        - { src: "proxy_params.j2", dest: "{{ nginx_install_directory }}/nginx/conf/proxy_params" }
      notify: Restart Nginx Server
    
    #检查nginx配置文件
    - name: Check Nginx Configure File 
      shell: "{{ nginx_install_directory }}/nginx/sbin/nginx -t"
      register: Check_Nginx_Status
      changed_when: 
        - Check_Nginx_Status.stdout.find('successful')
        - false
    
    #LVS的DR模型设置虚IP,一致arp
    - name: LVS DR RS Scripts
      script: ../files/lvs_rs.sh start
    
  • handlers文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-proxy/handlers/main.yml 
    - name: Restart Nginx Server
      systemd:
        name: nginx
        state: reloaded
    
  • nginx负载均衡虚拟主机文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-proxy/templates/wordpress.conf.j2 
    upstream  webservers {
    {% for host in groups["webservers"] %}
    	server {{ host }}:80 weight=1 fail_timeout=5s max_fails=3;
    {% endfor %}
    }
    
    log_format access_json '{ "@timestamp": "$time_iso8601", '  
    '"remote_addr": "X-Forwarded_For", '  
    '"referer": "$http_referer", '  
    '"request": "$request", '  
    '"status": $status, '  
    '"bytes":$body_bytes_sent, '  
    '"agent": "$http_user_agent", '  
    '"x_forwarded": "$http_x_forwarded_for", '  
    '"upstr_addr": "$upstream_addr",'  
    '"upstr_host": "$upstream_http_host",'  
    '"upstreamtime": "$upstream_response_time" }'; 
    
    server {
    	listen 443 ssl;
    	listen 80;
    	server_name {{ wordpress_server_name }};
    	access_log {{ nginx_install_directory }}/nginx/logs/access_wordpress.log access_json;
    
    	ssl_certificate {{ nginx_install_directory }}/nginx/certs/xuzhichao.crt;
    	ssl_certificate_key {{ nginx_install_directory }}/nginx/certs/xuzhichao.key;
    	ssl_session_cache shared:ssl_cache:30m;
    	ssl_session_timeout 10m;
    
    	valid_referers none blocked server_names *.b.com  b.*  ~\.baidu\.  ~\.google\.;
    
    	if ( $invalid_referer ) {
    		return 403;	
    	}
    
    	location / {
    		
    		if ( $scheme = http ) {
    			rewrite /(.*) https://{{ wordpress_server_name }}/$1 permanent;
    		}
    		
    		proxy_pass http://webservers;
    		include proxy_params;
    	}
    }
    
    
    [root@xuzhichao cluster-roles]# cat wordpress-proxy/templates/proxy_params.j2 
    proxy_set_header host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    
    proxy_connect_timeout 30;
    proxy_send_timeout 60;
    proxy_read_timeout 60;										        
    
    proxy_buffering on;
    proxy_buffer_size 64k;
    proxy_buffers 4 64k;
    
  • lvs的rs脚本文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-proxy/files/lvs_rs.sh 
    #!/usr/bin/bash
    
    VIP1=192.168.20.200
    VIP2=192.168.20.201
    DEV1=lo:0
    DEV2=lo:1
    
    case $1 in
        start)
    	echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
    	echo "1" >/proc/sys/net/ipv4/conf/default/arp_ignore
    	echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
    
    	echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
    	echo "2" >/proc/sys/net/ipv4/conf/default/arp_announce
    	echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
    
    	cat  >/etc/sysconfig/network-scripts/ifcfg-${DEV1} <<-EOF
    	DEVICE=${DEV1}
    	IPADDR=${VIP1}
    	NETMASK=255.255.255.255
    	ONBOOT=yes
    	NAME=loopback1
    	EOF
    	
    	cat  >/etc/sysconfig/network-scripts/ifcfg-${DEV2} <<-EOF
    	DEVICE=${DEV2}
    	IPADDR=${VIP2}
    	NETMASK=255.255.255.255
    	ONBOOT=yes
    	NAME=loopback2
    	EOF
    	ifup ${DEV1}	# 启动网卡
    	ifup ${DEV2}
    	systemctl start nginx
        ;;
        stop)
        	echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
        	echo "0" >/proc/sys/net/ipv4/conf/default/arp_ignore
        	echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
        
            echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
        	echo "0" >/proc/sys/net/ipv4/conf/default/arp_announce
            echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
    
        	ifdown ${DEV1}  # 停止网卡
        	ifdown ${DEV2}
        	rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV1}
        	rm -f /etc/sysconfig/network-scripts/ifcfg-${DEV2}
        	systemctl stop nginx
            ;;
        *)
            echo "Usage: sh $0 { start | stop }"
    esac
    
  • meta依赖文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress-proxy/meta/main.yml 
    dependencies:
      - { role: nginx }
    
  • wordpress-proxy整体目录结构如下:

    [root@xuzhichao cluster-roles]# tree wordpress-proxy/
    wordpress-proxy/
    ├── files
    │   ├── lvs_rs.sh
    │   ├── xuzhichao.crt
    │   └── xuzhichao.key
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── tasks
    │   └── main.yml
    └── templates
        ├── proxy_params.j2
        └── wordpress.conf.j2
    
  • 变量文件如下:

    [root@xuzhichao cluster-roles]# cat group_vars/all 
    #创建基础环境变量
    web_group: nginx
    web_gid: 887
    web_user: nginx
    web_uid: 887
    
    
    #nginx相关变量
    nginx_install_directory: /soft
    nginx_filename_tar: nginx-1.20.1.tar.gz
    nginx_version: nginx-1.20.1
    nginx_configure_options: --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_dav_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module --with-file-aio
    gzip_contorl: "on"
    keepalive_timeout: 65
    worker_connections_num: 35566
    nginx_path: /soft/nginx/sbin/nginx
    
    #PHP相关变量
    PHP_install_directory: /soft
    PHP_tar_packages: php-7.3.16.tar.xz
    PHP_version: php-7.3.16
    
    PHP_configure_options: --enable-fpm --with-pear --with-mysqli=mysqlnd --with-openssl --with-pdo-mysql=mysqlnd --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --with-curl --with-freetype-dir --with-iconv --disable-debug --with-mhash --with-xmlrpc --with-xsl  --enable-soap --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-sysvsem --enable-sysvshm --enable-syssvmsg
    
    php_fpm_listen_address: 127.0.0.1
    php_fpm_listen_port: 9000
    pm_max_children_num: 50
    php_path: /soft/php/sbin/php-fpm
    
    #Mysql相关变量
    mysql_user: mysql
    mysql_group: mysql
    mysql_base_directory: /usr/local/mysql
    mysql_data_directory: /data/mysql
    mysql_tar_ball: mariadb-10.5.2-linux-x86_64.tar.gz
    mysql_version: mariadb-10.5.2-linux-x86_64
    mysql_link_file_path: /usr/local/mysql
    mysqld_file: /etc/init.d/mysqld
    
    #NFS相关变量
    nfs_share_path: /data/nfs
    nfs_share_iprange: 192.168.20.0/24
    
    #keepalived相关变量
    vrrp_interface: eth1
    virtual_router_id1: 51
    auth_pass: 1111
    virtual_ipaddress1: 192.168.20.200/24
    virtual_router_id2: 52
    virtual_ipaddress2: 192.168.20.201/24
    vips:
      - 192.168.20.200
      - 192.168.20.201
    track_ports:
      - 443
      - 80
    lb_algo: rr
    lb_kind: DR
    protocol: TCP
    
    #wordpress相关变量
    wordpress_unarchive_directory: /data/nginx
    wordpress_code_directory: /data/nginx/wordpress
    wordpress_server_name: wordpress.xuzhichao.com
    
    wordpress_mysql_database: wordpress
    wordpress_mysql_user: worpdress
    wordpress_mysql_password: 123456
    wordpress_mysql_host: 192.168.20.%
    
  • 最终playbook文件如下:

    [root@xuzhichao cluster-roles]# cat wordpress_site.yml 
    - hosts: all
      roles:
        - role: base-module
        - role: wordpress-base
      tags: base-module
    
    - hosts: webservers
      roles:
        - role: wordpress-web
      tags: 
        - wordpress-web
    
    - hosts: lbservers
      roles:
        - role: wordpress-proxy
      tags: wordpress-proxy
    
    - hosts: mysql
      roles: 
        - role: wordpress-mysql
      tags: wordpress-mysql
    
    - hosts: redis
      roles:
        - role: redis
      tags: redis
    
    - hosts: nfs
      roles:
        - role: nfs
      tags: nfs
    
    - hosts: lvs
      roles:
        - role: keepalived
      tags: keepalived
    
    - hosts: dns
      roles:
        - role: dns
      tags: dns
    
  • 运行palybook:

    [root@xuzhichao cluster-roles]# ansible-playbook -t wordpress-proxy wordpress_site.yml
    
  • 查看nginx负载均衡的状态:

    #nginx虚拟主机配置文件:
    [root@lb01 ~]# cat /soft/nginx/conf/conf.d/wordpress.conf 
    upstream  webservers {
    	server 192.168.20.22:80 weight=1 fail_timeout=5s max_fails=3;
    	server 192.168.20.23:80 weight=1 fail_timeout=5s max_fails=3;
    }
    
    log_format access_json '{ "@timestamp": "$time_iso8601", '  
    '"remote_addr": "X-Forwarded_For", '  
    '"referer": "$http_referer", '  
    '"request": "$request", '  
    '"status": $status, '  
    '"bytes":$body_bytes_sent, '  
    '"agent": "$http_user_agent", '  
    '"x_forwarded": "$http_x_forwarded_for", '  
    '"upstr_addr": "$upstream_addr",'  
    '"upstr_host": "$upstream_http_host",'  
    '"upstreamtime": "$upstream_response_time" }'; 
    
    server {
    	listen 443 ssl;
    	listen 80;
    	server_name wordpress.xuzhichao.com;
    	access_log /soft/nginx/logs/access_wordpress.log access_json;
    
    	ssl_certificate /soft/nginx/certs/xuzhichao.crt;
    	ssl_certificate_key /soft/nginx/certs/xuzhichao.key;
    	ssl_session_cache shared:ssl_cache:30m;
    	ssl_session_timeout 10m;
    
    	valid_referers none blocked server_names *.b.com  b.*  ~\.baidu\.  ~\.google\.;
    
    	if ( $invalid_referer ) {
    		return 403;	
    	}
    
    	location / {
    		
    		if ( $scheme = http ) {
    			rewrite /(.*) https://wordpress.xuzhichao.com/$1 permanent;
    		}
    		
    		proxy_pass http://webservers;
    		include proxy_params;
    	}
    }
    
    #虚IP情况:
    [root@lb01 ~]# ip add show lo
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
        inet 192.168.20.200/32 brd 192.168.20.200 scope global lo:0
           valid_lft forever preferred_lft forever
        inet 192.168.20.201/32 brd 192.168.20.201 scope global lo:1
           valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    
    #服务监听情况:
    [root@lb01 ~]# ss -ntl
    State      Recv-Q Send-Q                                 Local Address:Port                 Peer Address:Port             
    LISTEN     0      128                                                *:443                       *:*                  
    LISTEN     0      128                                                *:80                        *:*
    
posted @ 2021-08-18 18:21  向往自由的独行者  阅读(212)  评论(0编辑  收藏  举报