关键词:
前言
Ansible是一款极其简单的IT自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。Ansible主要承担的工作包括:配置管理、服务即时开通、应用部署、流程编排、监控告警、日志记录等。
Ansible的基本架构:
- 核心模块(Core Module):在模块库(Module Library)中分为两块,一个是核心模块,另外一个就是自定义模块(Custom Modules)。核心模块中都是Ansible自带的模块,模块资源分发到远程节点使其执行特定任务或匹配一个特定的状态;
- 自定义模块(Custom Modules):如果Ansible满足不了你所需求的模块,则在此处添加自定义化的模块;
- 插件(Plugins):协助模块来完成某个功能;
- 剧本(Playbooks):定义需要给远程主机执行的一系列任务;
- 连接插件(Connectior Plugins):Ansible默认基于SSH连接到目标机器上执行操作的,但也支持不同的连接方法,此时需要连接插件来帮助我们完成连接;
- 主机清单(Host Inventory):定义需要管理的主机,小型环境中我们只需要在host文件中写入主机的IP地址即可,但到了中大型环境我们有可能需要使用静态inventory或者动态主机清单来生成我们所需要执行的目标主机。
实验拓扑图
两台Nginx作为Web Proxy,配置实现KeepAlived做主备;后端两台Apache,一台部署Apache+PHP,一台部署Apache+MySQL。
搭建Ansible
[[email protected] ~]# systemctl stop firewalld.service [[email protected] ~]# systemctl disable firewalld.serive [[email protected] ~]# vim /etc/selinux/config ... SELINUX=disabled ... [[email protected] ~]# init 6 [[email protected] ~]# ntpdate ntp1.aliyun.com [[email protected] ~]# yum -y install ansible [[email protected] ~]# vim /etc/ansible/hosts ... [hasrvs] 192.168.4.117 192.168.4.118 [websrvs] 192.168.4.119 192.168.4.120
[php]
192.168.4.119
[mysql]
192.168.4.120 [[email protected] ~]# vim /etc/hosts ... 192.168.4.117 nginx1 192.168.4.118 nginx2 192.168.4.119 apache1 192.168.4.120 apache2 [[email protected] ~]# ssh-keygen -t rsa -N ‘‘ #生成密钥对,实现ssh免密码登录 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory ‘/root/.ssh‘. Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub [[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected] #复制公钥到各远程主机 [[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected] [[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected] [[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
测试连通性
[[email protected] ~]# ansible all -m ping 192.168.4.117 | SUCCESS => "changed": false, "ping": "pong" 192.168.4.118 | SUCCESS => "changed": false, "ping": "pong" 192.168.4.120 | SUCCESS => "changed": false, "ping": "pong" 192.168.4.119 | SUCCESS => "changed": false, "ping": "pong"
同步时间,关闭firewalld及selinux
[[email protected] ~]# ansible all -m shell -a ‘echo "TZ=‘Asia/Shanghai‘; export TZ" >> /etc/profile‘ [[email protected] ~]# ansible all -m cron -a ‘minute=*/5 job="/usr/sbin/ntpdate ntp1.aliyun.com &> /dev/null" name=UpdateTime‘ #每隔3分钟同步一次时间 [[email protected] ~]# ansible all -m shell -a ‘systemctl stop firewalld.service; systemctl disable firewalld.service; setenfore 0‘
配置Apache服务的roles
[[email protected] ~]# mkdir -pv /etc/ansible/roles/apache/files,templates,tasks,handlers,vars,meta,default #创建相关目录 [[email protected] ~]# vim /etc/ansible/roles/apache/templates/vhost.conf.j2 #Apache主机模板 <virtualhost *:80> ServerName www.test.org DirectoryIndex index.html index.php DocumentRoot /var/www/html ProxyRequests off ProxyPassMatch ^/(.*.php)$ fcgi://192.168.4.119:9000/var/www/html/$1 ProxyPassMatch ^/(ping|status)$ fcgi://192.168.4.119:9000/$1 <Directory /> options FollowSymlinks Allowoverride None Require all granted </Directory> </virtualhost> [[email protected] ~]# vim /etc/ansible/roles/apache/templates/index.html #Apache主页 <h1> This is ansible_hostname </h1> [[email protected] ~]# vim /etc/ansible/roles/apache/files/index.php <?php phpinfo(); ?> [[email protected] ~]# vim /etc/ansible/roles/apache/tasks/main.yml #定义实现Apache的task - name: install apache yum: name=httpd state=latest - name: copy conf template: src=vhost.conf.j2 dest=/etc/httpd/conf.d/vhost.conf - name: copy index.html template: src=index.html dest=/var/www/html/index.html - name: copy index.php copy: src=index.php dest=/var/www/html/index.php - name: start httpd service: name=httpd state=started
配置php-fpm服务的roles
[[email protected] ~]# mkdir -pv /etc/ansible/roles/php-fpm/files,templates,tasks,handlers,vars,meta,default #创建相关目录 [[email protected] ~]# cp /etc/php-fpm.d/www.conf /etc/ansible/roles/php-fpm/templates/www.conf.j2 #直接复制事先准备的配置模板 [[email protected] ~]# vim /etc/ansible/roles/php-fpm/templates/www.conf.j2 #修改如下配置 listem = 0.0.0.0:9000 ;listen.allowed_clients = 127.0.0.1 pm.status_path = /status ping.path = /ping ping.response = pong [[email protected] ~]# vim /etc/ansible/roles/php-fpm/tasks/main.yml #定义实现php-fpm的task - name: install php yum: name= item state=latest with_items: - php-fpm - php-mysql - php-mbstring - php-mcrypt - name: copy config template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf - name: create directory file: path=/var/lib/php/session group=apache owner=apache state=directory - name: start php-fpm service: name=php-fpm state=started
配置MySQL服务的roles
[[email protected] ~]# mkdir -pv /etc/ansible/roles/mysql/files,templates,tasks,handlers,vars,meta,default #创建相关目录 [[email protected] ~]# cp /etc/my.cnf /etc/ansible/roles/mysql/templates/my.cnf.j2 #复制事先准备的模板 [[email protected] ~]# vim /etc/ansible/roles/mysql/templates/my.cnf.j2 #添加如下配置 skip-name-resolve=ON innodb-file-per-table=ON [[email protected] ~]# vim /etc/ansible/roles/mysql/tasks/main.yml #定义实现MySQL的task - name: install mysql yum: name=mariadb-server state=latest - name: copy config template: src=my.cnf.j2 dest=/etc/my.cnf - name: start mysql service: name=mariadb state=started
配置Nginx服务的roles
[[email protected] ~]# mkdir -pv /etc/ansible/roles/nginx/files,templates,tasks,handlers,vars,meta,default #创建相关目录 [[email protected] ~]# cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2 #复制事先准备的模板 [[email protected] ~]# vim /etc/ansible/roles/nginx/templates/nginx.conf.j2
#修改配置 http ... upstream websrvs server 192.168.4.119:80; server 192.168.4.120:80; server 127.0.0.1:80 backup; server listen 80; include /etc/nginx/default.d/*.conf; location / proxy_pass http://websrvs; proxy_set_header host $http_host; proxy_set_header X-Forward-For $remote_addr; ... ... [[email protected] ~]# vim /etc/ansible/roles/nginx/templates/localhost.conf.j2 #定义本地的Nginx服务 server listen 127.0.0.1:80; root /usr/share/nginx/html; index index.html; [[email protected] ~]# vim /etc/ansible/roles/nginx/templates/index.html <h1> Balance Server ansible_hostname </h1> [[email protected] ~]# vim /etc/ansible/roles/nginx/tasks/main.yml #定义实现Nginx的task - name: install nginx yum: name=nginx state=latest - name: copy nginx conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf - name: copy local conf template: src=localhost.conf.j2 dest=/etc/nginx/conf.d/localhost.conf - name: copy index template: src=index.html dest=/usr/share/nginx/html/index.html - name: start nginx service: name=nginx state=started
配置KeepAlived服务的roles
[[email protected] keepalived]# mkdir -pv /etc/ansible/roles/keepalived/files,templates,tasks,handlers,vars,meta,default #创建相关目录 [[email protected] keepalived]# vim /etc/ansible/roles/keepalived/templates/keepalived.conf.j2 #KeepAlived配置文件 global_defs notification_email [email protected] notification_email_from [email protected] smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id ansible_nodename vrrp_skip_check_adv_addr vrrp_mcast_group4 224.0.0.10 vrrp_instance VIP_1 state keepalived_role interface eno16777736 virtual_router_id 1 priority keepalived_pri advert_int 1 authentication auth_type PASS auth_pass %&hhjj99 virtual_ipaddress 192.168.4.155/24 dev eno16777736 label eno16777736:0 [[email protected] keepalived]# vim /etc/ansible/hosts #添加变量 ... [hasrvs] 192.168.4.117 keepalived_role=MASTER keepalived_pri=100 192.168.4.118 keepalived_role=BACKUP keepalived_pri=99 ... [[email protected] keepalived]# vim /etc/ansible/roles/keepalived/tasks/main.yml #定义实现Keepalived的task - name: install keepalived yum: name=keepalived state=latest - name: copy config template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf - name: start keepalived service: name=keepalived state=started
配置Apache+PHP服务的playbook
[[email protected] keepalived]# mkdir /etc/ansible/playbooks #创建playbook存放目录 [[email protected] roles]# vim /etc/ansible/playbooks/ap1.yml 定义实现Apache+php-fpm的playbook - hosts: php remote_user: root roles: - apache - php-fpm [[email protected] roles]# ansible-playbook --syntax-check /etc/ansible/playbooks/ap1.yml #检查是否有语法错误 [[email protected] roles]# ansible-playbook /etc/ansible/playbooks/ap1.yml #执行
配置Apache+MySQL服务的playbook
[[email protected] ~]# vim /etc/ansible/playbooks/ap2.yml - hosts: mysql remote_user: root roles: - apache - mysql [[email protected] ~]# ansible-playbook --syntax-check /etc/ansibleplaybooks/ap2.yml [[email protected] ~]# ansible-playbook /etc/ansibleplaybooks/ap2.yml
配置Nginx+Keepalived服务的playbook
[[email protected] ~]# vim /etc/ansible/playbooks/ha.yml - hosts: hasrvs remote_user: root roles: - nginx - keepalived [[email protected] ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml [[email protected] ~]# ansible-playbook /etc/ansible/playbooks/ha.yml
客户端测试访问
[[email protected] ~]# vim /etc/hosts ... 192.168.4.155 www.test.org ... [[email protected] ~]# for i in 1..10;do curl http://www.test.org;done <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1> <h1> This is apache2 </h1> <h1> This is apache1 </h1>
小插曲:
[[email protected] ~]# ansible all -m ping --list-hosts
ERROR! Unexpected Exception, this is probably a bug: (cryptography 0.8.2 (/usr/lib64/python2.7/site-packages), Requirement.parse(‘cryptography>=1.1‘))
运行ansible命令时报错,python的cryptography版本必须>=1.1。
解决办法:
[[email protected] ~]# yum -y install python-pip
[[email protected] ~]# pip install --upgrade cryptography
rabbitmq集群架构之使用haproxy实现高可用负载均衡(代码片段)
...Federation)在我们开发中最直接的模式就是主备模式:主要实现RabbitMQ的高可用集群,一般在并发和数据量不高的情况下,这种模型非常的好用且简单,主备模式也称为Warren模式也就是一主一备,对于集群来说至少有两台服务器,... 查看详情
5keepalived高可用ipvs(主备模式)
keepalived最初是为了ipvs设计的,实现HA功能。是工作在linux上,实现vrrp协议的软件。vrrp:VirtualRouterRedundancyProtocol,虚拟路由冗余协议,解决局域网中配置静态网关出现单点失效现象的路由协议ipvs实际上是一系列规则,配置即可... 查看详情
lvs-dr+keepalive做高可用,实现负载均衡(主备模式)
LVS: LVS是LinuxVirtualServer的简写,意即Linux虚拟服务器,是一个虚拟的服务器集群系统。 LVS集群采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行... 查看详情
基于keepalived实现多种模式的高可用集群网站架构
一、实现主从服务器高可用技术。 大概网络拓扑图: 650)this.width=650;"src="https://s4.51cto.com/oss/201711/07/e3819115371e778e4aae13b66c4fa310.png"title="1.png"alt="e3819115371e778e4aae13b66c4fa310.png"/ 查看详情
rabbitmq系统学习集群架构(代码片段)
RabbitMQ集群架构模式主备模式实现RabbitMQ的高可用集群,一般在并发和数据量不高的情况下,这种模型非常的好用且简单。主备模式也称为Warren模式HaProxy配置listenrabbitmq_clusterbind0.0.0.0:5672#配置TCP模式modetcp#简单的轮询balanceroundrobin... 查看详情
centos7搭建双网卡bond1(主备模式)实例(代码片段)
...team,此处只记录centos7中双网卡主备搭建过程。应用情景:实现网络的高可用,防止一条网线或交换机故障影响该物理机进行数据交互此次环境是由于在上线业务之前是没有做Team的,现在由于要撤掉交换机过程期间需要将网线连... 查看详情
高并发/高可用/哨兵机制/集群模式/高可用与主备切换/主从复制/断点续传
...佬文章目录高并发/高可用/哨兵机制/集群模式/高可用与主备切换/主从复制/断点续传高并发高可用哨兵机制Redis哨兵主备切换的数据丢失问题异步复制导致的数据丢失集群模式集群协议集中式gossip协议Rediscluster的高可用与主备切... 查看详情
高并发/高可用/哨兵机制/集群模式/高可用与主备切换/主从复制/断点续传
...佬文章目录高并发/高可用/哨兵机制/集群模式/高可用与主备切换/主从复制/断点续传高并发高可用哨兵机制Redis哨兵主备切换的数据丢失问题异步复制导致的数据丢失集群模式集群协议集中式gossip协议Rediscluster的高可用与主备切... 查看详情
秒杀购物商城业务服务「分布式架构服务」盘点中间件服务的高可用模式及集群技术的方案分析
...物商城业务服务-分布式架构介绍基于MySQL数据库集群技术实现服务的高可用基于Tomcat的集群负载机制实现Tomcat服务器的高可用基于Nginx负载均衡机制实现负载均衡(介绍和配置)基于Redis缓存服务实现数据缓存控制相关介绍和技... 查看详情
关于mq的几件小事如何保证消息队列的高可用
1.RabbitMQ的高可用RabbitMQ基于主从模式实现高可用。RabbitMQ有三种模式:单机模式,普通集群模式,镜像集群模式。(1)单机模式:单机模式就是demo级别的,生产中不会有人使用。(2)普通集群模式普通集群模式就是在多台机器... 查看详情
centos7搭建双网卡bond1(主备模式)实例(代码片段)
...此处只记录centos7中双网卡主备搭建过程。应用情景:实现网络的高可用,防止一条网线或交换机故障影响该物理机进行数据交互此次环境是由于在上线业务之前是没有做Team的,现在由于要撤掉交换机过程期间需要将... 查看详情
面向业务的立体化高可用架构设计
面向业务的立体化高可用架构设计摘要:为了实现阿里九游游戏接入系统的业务高可用,技术人员跳出传统的面向系统的高可用的思路,转而从业务的角度来整体考虑高可用,最终实现了一套立体化的高可用架构,本文逐一展示... 查看详情
lvs+keepalied高可用架构
&n 查看详情
实战:keepalived高可用lvs-主备模式
关于LVS基础不多介绍直接操练起来。1.环境准备首先准备4台机器(VM,Vbox...) node1 -->Director1192.168.137.31vip=192.168.137.10 node2 -->Director2192.168.137.32vip=192.168.137.10 node3 --> RServer1192.168.137.33 node4 --&g 查看详情
redissentinel哨兵模式
参考技术ARedis集群可以在一组redis节点之间实现高可用性和sharding。在集群中会有1个master和多个slave节点。当master节点失效时,应选举出一个slave节点作为新的master。然而Redis本身(包括它的很多客户端)没有实现自动故障发现并进... 查看详情
云计算的高可用性
...更高的可用性时,可以利用阿里云的多可用区搭建自己的主备服务或者双活服务。对于面向金融领域的两地三中心的解决方案,您也可以通过多地域和多可用区搭建出更高的可用性服务。其中包 查看详情
lvs-利用ldirectord实现rs的高可用(代码片段)
利用ldirectord实现RS的高可用性---实验:搭建Ldirectord,实现RealServer的高可用性LVS高可用性---RS的高可用1Director不可用,整个系统将不可用;SPoFSinglePointofFailure单点失败解决方案:高可用keepalived(实现相对容易的,轻量级的解决方... 查看详情
lvs+keepalived高可用负载均衡模式分析(代码片段)
...机热备》这篇文章中,我写了利用keepalived这个开源软件实现高可用的功能,以及keepalived高可用所使用的协议——利用vrrp协议,在高可用网络组内广播自己的优先级,优先级最高的就能抢占vip资源,充当MASTER主机,提供服务。在... 查看详情