ansible實踐

1. 拓撲圖
   

   
   

2.準備工做，在各個主機上調整好防火牆策略，以及setenforce參數，還有配置好各個主機的yum源

3.在ansible所在的主機上，作關於其餘主機的免密碼登陸

這次命令在/root下執行，因此公鑰默認保存在/root/.ssh/目錄下
ssh-keygen -t rsa -P ""
ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.150
ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.151
ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.152
ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.154
ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.155

4.實現nginx的負載均衡

    （1.）編輯一個playbook，keepalive.yaml,內容以下

- hosts: keepalive   在/etc/ansible/hosts下定義的組
  remote_user: root
  tasks:
  - name: install Keepalived
    yum: name=keepalived state=installed
  - name: install nginx
    yum: name=nginx state=installed
  - name: send keepalived.conf
    template: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf  /傳輸keepalived文件
  - name: send nginx.conf
    template: src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf
  - name: start keepalived
    service: name=keepalived state=started
  - name: start nginx
    service: name=nginx state=started

PLAY [keepalive] ********************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [172.16.0.150]
ok: [172.16.0.152]

TASK [install Keepalived] ***********************************************************************************************************
changed: [172.16.0.152]
changed: [172.16.0.150]

TASK [install nginx] ****************************************************************************************************************
changed: [172.16.0.150]
changed: [172.16.0.152]

TASK [send keepalived.conf] *********************************************************************************************************
changed: [172.16.0.150]
changed: [172.16.0.152]

TASK [send nginx.conf] **************************************************************************************************************
changed: [172.16.0.152]
changed: [172.16.0.150]

TASK [start keepalived] *************************************************************************************************************
changed: [172.16.0.152]
changed: [172.16.0.150]

TASK [start nginx] ******************************************************************************************************************
changed: [172.16.0.150]
changed: [172.16.0.152]

PLAY RECAP **************************************************************************************************************************
172.16.0.150               : ok=7    changed=6    unreachable=0    failed=0   
172.16.0.152               : ok=7    changed=6    unreachable=0    failed=0

5./etc/keepalived/keepalived.conf文件配置

global_defs {
   notification_email {
  root@localhost
}
   notification_email_from keepalived@localhost
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id {{ route_id }}   變量區分設備的ID
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}

vrrp_instance VI_1 {
    state {{ states }}    變量初始狀態
    interface ens33
    virtual_router_id 51
    priority {{ pri }}  變量優先級
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass MTUwPBjd
    }
    virtual_ipaddress {
        172.16.0.254
    }
}
6./etc/ansible/hosts文件內容以下

[keepalive]
172.16.0.150 states=MASTER route_id=nginx1 pri=100  給此主機定義的變量
172.16.0.152 states=BACKUP route_id=nginx2 pri=90   給此主機定義的變量

7./etc/nginx/nginx.conf配置以下（用於實現反代功能）

upstream wang {
  server 172.16.0.151:80 weight=1;
  server 172.16.0.154:80 weight=1;
}
    server {
        listen       80 default_server;
#        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
    proxy_pass http://wang;

8.查看後端主機是否配置完成

172.16.0.150

172.16.0.152

[root@bogon ~]# systemctl status keepalived
● keepalived.service - LVS and VRRP High Availability Monitor
   Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
   Active: active (running) since Fri 2018-06-22 15:10:51 CST; 19min ago
  Process: 12540 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 12541 (keepalived)
   CGroup: /system.slice/keepalived.service
           ├─12541 /usr/sbin/keepalived -D
           ├─12542 /usr/sbin/keepalived -D
           └─12543 /usr/sbin/keepalived -D

Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering Kernel netlink reflector
Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering Kernel netlink command channel
Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering gratuitous ARP shared channel
Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 22 15:10:52 bogon Keepalived_healthcheckers[12542]: Opening file '/etc/keepalived/keepalived.conf'.
Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) removing protocol VIPs.
Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) removing protocol iptable drop rule
Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: Using LinkWatch kernel netlink reflector...
Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) Entering BACKUP STATE
Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)]
[root@bogon ~]# ss -tnl
State       Recv-Q Send-Q                     Local Address:Port                                    Peer Address:Port              
LISTEN      0      128                                    *:111                                                *:*                  
LISTEN      0      128                                    *:80                                                 *:*

9.後端服務器配置

    （1）一樣寫一個playbook文件/etc/ansible/apache.yaml

- hosts: apache
  remote_user: root
  tasks:
  - name: install httpd
    yum: name=httpd state=installed
  - name: install php-fpm
    yum: name=php-fpm state=installed
  - name: install mariadb
    yum: name=mariadb-server state=installed
  - name: sent httpd.conf
    copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf
  - name: sent php-fpm.conf
    copy: src=/etc/php-fpm.d/www.conf dest=/etc/php-fpm.d/www.conf
  - name: start php-fpm
    service: name=php-fpm state=started
  - name: start httpd
    service: name=httpd state=started
  - name: start mariadb
    service: name=mariadb state=started

    （2）ansible 測試

[root@bogon ansible]# ansible-playbook -C apache.yaml 

PLAY [apache] *********************************************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************************************
ok: [172.16.0.151]
ok: [172.16.0.154]

TASK [install httpd] **************************************************************************************************************************************************************************
changed: [172.16.0.154]
changed: [172.16.0.151]

TASK [install php-fpm] ************************************************************************************************************************************************************************
changed: [172.16.0.151]
changed: [172.16.0.154]

TASK [install mariadb] ************************************************************************************************************************************************************************
changed: [172.16.0.151]
changed: [172.16.0.154]

TASK [sent httpd.conf] ************************************************************************************************************************************************************************
changed: [172.16.0.151]
changed: [172.16.0.154]

TASK [sent php-fpm.conf] **********************************************************************************************************************************************************************
changed: [172.16.0.151]
changed: [172.16.0.154]

PLAY RECAP ************************************************************************************************************************************************************************************
172.16.0.151               : ok=6    changed=5    unreachable=0    failed=0   
172.16.0.154               : ok=6    changed=5    unreachable=0    failed=0

    （3）/etc/php-fpm.d/www.conf  文件配置修改最後兩行，實現會話保存到遠程主機的memcached中

php_value[session.save_handler] = memcache   
php_value[session.save_path] = "tcp://172.16.72.6:11211?persistent=1&weight=1&timeout=1&retry_interval=15"

    （4）/etc/httpd/conf/httpd.conf文件配置與php-fpm作鏈接

Proxyrequests Off
Proxypassmatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1

    （5）傳輸web測試文件作一個index.php頁面發送過去

{{ host }}  是變量
<?php
  phpinfo();
?>

[root@bogon ~]# ansible apache -m template -C -a "src=/root/index.php dest=/var/www/html/"


    （6）關於host變量聲明/etc/ansible/hosts

[apache]
172.16.0.151 host=172.16.0.151.ansible
172.16.0.154 host=172.16.0.154.ansible

   （7）web端測試

    （8）代理服務器測試

  10.安裝memcached

[root@bogon ~]# ansible memcache -m yum -C -a "name=memcached state=installed"
172.16.0.155 | SUCCESS => {
    "changed": true, 
    "changes": {
        "installed": [
            "memcached"
        ]
    }, 
    "results": []
}

    在php-fpm主機上安裝php-pecl-memcache

[root@bogon ~]# ansible apache -m yum -C -a "name=php-pecl-memcache state=installed"
給web主機傳輸會話測試文件
新建php頁面setsess.php，爲客戶端設置啓用session：
<?php
session_start();
if (!isset($_SESSION['www.qhdlink.com'])) {
  $_SESSION['www.qhdlink.com'] = time();
}
print $_SESSION['www.qhdlink.com'];
print "<br><br>";
print "Session ID: " . session_id();
?>

新建php頁面showsess.php，獲取當前用戶的會話ID：
<?php
session_start();
$memcache_obj = new Memcache;
$memcache_obj->connect('172.16.72.6', 11211);
$mysess=session_id();
var_dump($memcache_obj->get($mysess));
$memcache_obj->close();
?>

查看會話網頁：

    （11）對web服務器實現phpmyadmin

在web服務器目錄下設置phpmyadmin，並在對應web服務器設置數據庫帳戶密碼實現登陸