前面介绍了PlayBook怎么写服务部署,把服务部署上后,我们来用Ansible来部署项目,实现一套完整的LNMP架构。我们部署wordpress、wecenter、phpshe、phpmyadmin这四个项目。将其所有的剧本都写入lnmp.yml中,相关备份数据都放入root/ansible/lnmp中,最终实现一个剧本一条命令部署4个项目的效果,话不多说,直接开始!
1、准备工作
| 主机名称 | 主机IP(外网、内网) | 作用 |
| LB01 | 10.0.0.5、172.16.1.5 | 七层负载均衡、keepalived高可用 |
| LB02 | 10.0.0.6、172.16.1.6 | 七层负载均衡、keepalived高可用 |
| Web01 | 10.0.0.7、172.16.1.7 | Nginx、php服务、存放代码文件 |
| Web02 | 10.0.0.8、172.16.1.8 | Nginx、php服务、存放代码文件 |
| NFS | 10.0.0.31、172.16.1.31 | 存放静态资源 |
| MySQL | 10.0.0.51、172.16.1.51 | 存放动态数据 |
| Ansible | 10.0.0.61、172.16.1.61 | 使用Ansible作为控制机 |
2、写剧本
1、将目标主机添加至主机列表
1. [root@Ansible ~]# cat /etc/ansible/hosts 2. [lb_group] 3. lb01 ansible_ssh_host=10.0.0.5 4. lb02 ansible_ssh_host=10.0.0.6 5. 6. [web_group] 7. web01 ansible_ssh_host=10.0.0.7 8. web02 ansible_ssh_host=10.0.0.8 9. 10. [nfs_group] 11. nfs ansible_ssh_host=10.0.0.31 12. 13. [mysql_group] 14. mysql ansible_ssh_host=10.0.0.51 15. 16. [nginx_install_group:children] 17. lb_group 18. web_group
2、创建剧本存放目录并收集部署项目所需要的资源
我的思路是针对服务器的功能去进行项目资源的收集
1. [root@Ansible ~]# mkdir ansible/lnmp 2. 3. #1、在lb01上部署七层负载,我们需要nginx.conf(方便区分可以命名为nginx_lb01.conf)、nginx_7.conf(七层负载配置)、证书、keepalived.conf、proxy_params 4. 5. [root@LB01 conf.d]# scp /etc/nginx/nginx.conf /etc/nginx/conf.d/proxy_7.conf /etc/nginx/proxy_params /etc/nginx/ssl_key/ /etc/keepalived/keepalived.conf 10.0.0.61:/root/ansible/lnmp 6. 7. [root@Ansible lnmp]# mv keepalived.conf keepalived_lb01.conf 8. [root@Ansible lnmp]# mv nginx.conf nginx_lb01.conf 9. 10. #2、lb02与lb01所需文件大致相同,我们将keepalived.conf拷贝至管理机即可 11. [root@LB01 ~]# scp /etc/keepalived/keepalived.conf 10.0.0.51:/root/ansible/lnmp/keepalived_lb02.conf 12. 13. #3、web01与web02所需的文件一模一样,所以我们直接收集一个的即可 14. 收集nginx.conf,conf.d/下的配置文件,php71.tar.gz压缩包,php.ini配置文件,/etc/php-fpm.d/www.conf,代码文件 15. 16. #4、NFS需要收集/etc/exports配置文件 17. 18. #5、MySQL需要收集数据库信息、redis.conf
3、写剧本
同样按照服务器功能去进行项目部署,有相同需求的操作,可以将其主机放在一个组中一起操作
1. [root@Ansible lnmp]# cat lnmp.yml 2. - hosts: all 3. tasks: 4. - name: create group www 5. group: 6. name: www 7. gid: 666 8. - name: create user www 9. user: 10. name: www 11. uid: 666 12. group: www 13. shell: /sbin/nologin 14. create_home: false 15. - hosts: nginx_install_group 16. tasks: 17. - name: nginx.repo 18. copy: 19. src: nginx.repo 20. dest: /etc/yum.repos.d/nginx.repo 21. - name: install nginx 22. yum: 23. name: nginx 24. state: present 25. - name: delete default.conf 26. file: 27. name: /etc/nginx/conf.d/default.conf 28. state: absent 29. - name: start and enable nginx 30. systemd: 31. name: nginx 32. state: started 33. enabled: yes 34. 35. - hosts: keepalived_install_group 36. tasks: 37. - name: copy nginx_lb01.conf 38. copy: 39. src: nginx_lb01.conf 40. dest: /etc/nginx/nginx.conf 41. - name: copy proxy_7.conf 42. copy: 43. src: proxy_7.conf 44. dest: /etc/nginx/conf.d/proxy_7.conf 45. - name: copy ssl_key to lb01 lb02 46. copy: 47. src: ssl_key 48. dest: /etc/nginx/ 49. - name: copy proxy_params to lb01 lb02 50. copy: 51. src: proxy_params 52. dest: /etc/nginx/proxy_params 53. - name: restart nginx 54. systemd: 55. name: nginx 56. state: restarted 57. - name: install keepalived 58. yum: 59. name: keepalived 60. state: present 61. - name: start and enable keepalived 62. systemd: 63. name: keepalived 64. state: started 65. enabled: yes 66. 67. - hosts: lb01 68. tasks: 69. - name: copy keepalived_lb01.conf 70. copy: 71. src: keepalived_lb01.conf 72. dest: /etc/keepalived/keepalived.conf 73. 74. - hosts: lb02 75. tasks: 76. - name: copy keepalived_lb02.conf 77. copy: 78. src: keepalived_lb02.conf 79. dest: /etc/keepalived/keepalived.conf 80. 81. - hosts: keepalived_install_group 82. tasks: 83. - name: restart keepalived 84. systemd: 85. name: keepalived 86. state: restarted 87. 88. - hosts: web_group 89. tasks: 90. - name: copy nginx_web.conf to web_group 91. copy: 92. src: nginx_web.conf 93. dest: /etc/nginx/nginx.conf 94. - name: copy conf_web.d to web_group 95. copy: 96. src: conf_web.d/ 97. dest: /etc/nginx/conf.d 98. - name: restart nginx 99. systemd: 100. name: nginx 101. state: restarted 102. - name: tar xf php to web_group 103. unarchive: 104. src: php71.tar.gz 105. dest: /root 106. - name: localinstall rpm 107. yum: 108. name: 109. - /root/autoconf-2.69-11.el7.noarch.rpm 110. - /root/automake-1.13.4-3.el7.noarch.rpm 111. - /root/libevent-2.0.21-4.el7.x86_64.rpm 112. - /root/libjpeg-turbo-1.2.90-8.el7.x86_64.rpm 113. - /root/libmcrypt-2.5.8-13.el7.x86_64.rpm 114. - /root/libmemcached-1.0.16-5.el7.x86_64.rpm 115. - /root/libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm 116. - /root/libX11-1.6.7-3.el7_9.x86_64.rpm 117. - /root/libX11-common-1.6.7-3.el7_9.noarch.rpm 118. - /root/libXau-1.0.8-2.1.el7.x86_64.rpm 119. - /root/libxcb-1.13-1.el7.x86_64.rpm 120. - /root/libXpm-3.5.12-1.el7.x86_64.rpm 121. - /root/libxslt-1.1.28-6.el7.x86_64.rpm 122. - /root/mod_php71w-7.1.33-1.w7.x86_64.rpm 123. - /root/pcre-devel-8.32-17.el7.x86_64.rpm 124. - /root/perl-Data-Dumper-2.145-3.el7.x86_64.rpm 125. - /root/perl-Test-Harness-3.28-3.el7.noarch.rpm 126. - /root/perl-Thread-Queue-3.02-2.el7.noarch.rpm 127. - /root/php71w-cli-7.1.33-1.w7.x86_64.rpm 128. - /root/php71w-common-7.1.33-1.w7.x86_64.rpm 129. - /root/php71w-devel-7.1.33-1.w7.x86_64.rpm 130. - /root/php71w-embedded-7.1.33-1.w7.x86_64.rpm 131. - /root/php71w-fpm-7.1.33-1.w7.x86_64.rpm 132. - /root/php71w-gd-7.1.33-1.w7.x86_64.rpm 133. - /root/php71w-mbstring-7.1.33-1.w7.x86_64.rpm 134. - /root/php71w-mcrypt-7.1.33-1.w7.x86_64.rpm 135. - /root/php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm 136. - /root/php71w-opcache-7.1.33-1.w7.x86_64.rpm 137. - /root/php71w-pdo-7.1.33-1.w7.x86_64.rpm 138. - /root/php71w-pear-1.10.4-1.w7.noarch.rpm 139. - /root/php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm 140. - /root/php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm 141. - /root/php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm 142. - /root/php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm 143. - /root/php71w-process-7.1.33-1.w7.x86_64.rpm 144. - /root/php71w-xml-7.1.33-1.w7.x86_64.rpm 145. state: present 146. - name: copy php.ini to web_group 147. copy: 148. src: php.ini 149. dest: /etc/php.ini 150. - name: copy www.conf to web_group 151. copy: 152. src: www.conf 153. dest: /etc/php-fpm.d/www.conf 154. - name: start and enable php 155. systemd: 156. name: php-fpm 157. state: started 158. enabled: yes 159. - name: tar xf code.tar.gz 160. unarchive: 161. src: code.tar.gz 162. dest: / 163. creates: /code 164. - name: chown -R www.www code 165. file: 166. path: /code 167. owner: www 168. group: www 169. 170. - hosts: nfs_group 171. tasks: 172. - name: Install nfs-utils 173. yum: 174. name: nfs-utils 175. state: present 176. - name: Scp NFS server exports 177. copy: 178. src: exports 179. dest: /etc/exports 180. owner: root 181. group: root 182. mode: 0644 183. - name: Create data Directory 184. file: 185. path: /data 186. state: directory 187. owner: www 188. group: www 189. mode: 0755 190. recurse: yes 191. - name: Create data Directory 192. file: 193. path: /data/wordpress 194. state: directory 195. owner: www 196. group: www 197. mode: 0755 198. recurse: yes 199. - name: Create data Directory 200. file: 201. path: /data/wecenter 202. state: directory 203. owner: www 204. group: www 205. mode: 0755 206. recurse: yes 207. - name: Create data Directory 208. file: 209. path: /data/phpshe 210. state: directory 211. owner: www 212. group: www 213. mode: 0755 214. recurse: yes 215. - name: Start NFS server 216. systemd: 217. name: nfs-server 218. state: started 219. enabled: yes 220. 221. - hosts: web_group 222. tasks: 223. - name: Install nfs-utils 224. yum: 225. name: nfs-utils 226. state: present 227. - name: Mount wordpress_NFS Server 228. mount: 229. path: /code/wordpress/wp-admin/images 230. src: 10.0.0.31:/data/wordpress 231. fstype: nfs 232. opts: defaults 233. state: mounted 234. - name: Mount wecenter_NFS Server 235. mount: 236. path: /code/wecenter/uploads/ 237. src: 10.0.0.31:/data/wecenter 238. fstype: nfs 239. opts: defaults 240. state: mounted 241. - name: Mount phpshe_NFS Server 242. mount: 243. path: /code/phpshe/data 244. src: 10.0.0.31:/data/phpshe 245. fstype: nfs 246. opts: defaults 247. state: mounted 248. 249. - hosts: mysql_group 250. tasks: 251. - name: Install mariadb mysql-python redis 252. yum: 253. name: 254. - mariadb-server 255. - MySQL-python 256. - redis 257. state: present 258. - name: Start httpd Server 259. systemd: 260. name: mariadb 261. state: started 262. enabled: yes 263. - name: Copy all.sql to Mysql 264. copy: 265. src: all.sql 266. dest: /root/all.sql 267. - name: import all.sql 268. mysql_db: 269. login_host: localhost 270. login_port: 3306 271. login_user: root 272. name: all 273. state: import 274. target: /root/all.sql 275. - name: Restart MariaDB Server 276. systemd: 277. name: mariadb 278. state: restarted 279. - name: copy redis.conf to mysql 280. copy: 281. src: redis.conf 282. dest: /etc/redis.conf 283. - name: start and redis 284. systemd: 285. name: redis 286. state: started 287. enabled: yes
3、剧本语法检查并执行
将除了Ansible外的其他主机都恢复镜像,做好ssh免密钥
1. [root@Ansible ~]# ssh-keygen 2. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.4 3. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.5 4. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.6 5. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.7 6. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.8 7. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.31 8. [root@Ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.0.0.51
检查并执行
1. [root@Ansible ~]# ansible-playbook -- ansible/lnmp/lnmp.yml 2. 3. [root@Ansible ~]# ansible-playbook ansible/lnmp/lnmp.yml
4、测试项目部署是否正常
windows进行hosts解析10.0.0.5,浏览器分别访问blog.koten.com;zh.koten.com;phpshe.koten.com;phpmyadmin.koten.com查看是否正常运行,查看phpmyadmin是否有会话保持,刷新phpmyadmin查看负载均衡。
注意:七层负载如果加证书的话,无法通过四层负载去访问到浏览器,因为Nginx在返回的时候七层需要先通过四层再返回给浏览器,带证书的请求无法转发给不带证书的请求,导致我们接收不到访问信息,但是看四层日志状态码是200;所以我们要么就是不用四层负载,要么取消七层负载的证书,但是用LVS可以解决这个问题,因为LVS是七层负载是直接返回给浏览器,不经过四层负载。
我是koten,10年运维经验,持续分享运维干货,感谢大家的阅读和关注!
