使用roles部署负载均衡的nginx
环境
外网IP |
内网IP |
主机名 |
10.0.0.5 |
172.16.1.5 |
lb01 (负载均衡) |
10.0.0.6 |
172.16.1.6 |
lb02 |
10.0.0.7 |
172.16.1.7 |
web01(服务器) |
10.0.0.8 |
172.16.1.8 |
web02 |
10.0.0.9 |
172.16.1.9 |
web03 |
10.0.0.31 |
172.16.1.31 |
nfs (共享存储) |
10.0.0.41 |
172.16.1.41 |
backup |
10.0.0.51 |
172.16.1.51 |
db01 (数据库) |
10.0.0.52 |
172.16.1.52 |
db02 |
10.0.0.53 |
172.16.1.53 |
db03(代理机) |
10.0.0.54 |
172.16.1.54 |
db04(代理机) |
10.0.0.61 |
172.16.1.61 |
m01 (跳板机) |
10.0.0.71 |
172.16.1.71 |
zabbix |
流程分析
1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
1.安装nginx
2.拷贝nginx配置文件
3.拷贝nginx虚拟主机配置及include文件
4.启动nginx
推送公钥
1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
ansible优化
1.下载
[root@m01 ~]# yum install -y ansible
2.优化
[root@m01 ~]# vim /etc/ansible/ansible.cfg #改为
host_key_checking = False
配置主机清单
[root@m01 ~]# vim /root/ansible/hosts
#[]标签名任意,但是最好不要用特殊符号(- | &)和大写字母,中文(不能是nginx)
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
nginx配置文件
user {{ ww_w }};
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
nginx server
upstream {{ansible_fqdn}} {
{% for n in range(10) %}
server 172.16.1.{{ n }}:{{ 80 }};
{% endfor %}
}
server {
listen 80;
server_name {{wp_com}} {{zh_com}};
location / {
proxy_pass http://{{ansible_fqdn}};
include proxy_params;
}
}
----------------------------------------------------------------------------
#编辑params
# 客户端的请求头部信息,带着域名来找我,我也带着域名去找下一级(代理机或者代理服务器)
proxy_set_header Host $host;
# 显示客户端的真实ip(和代理的所有IP)
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
#nignx会把后端返回的内容先放到缓冲区当中,然后再返回给客户端,边收边传, 不是全部接收完再传给客户端
proxy_buffering on;
#设置nginx代理保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
#proxy_buffer_size 8k;
#proxy_buffers 缓冲区
proxy_buffers 8 4k;
#proxy_buffers 8 8k;
#使用http 1.1协议版本
proxy_http_version 1.1;
#错误页面重定向
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;
keepalived启动脚本
#优化keepalived
keepalived.service
[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target
[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
#KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
keepalived配置文件之jinjia模板
global_defs {
router_id {{ ansible_fqdn }}
}
{% if ansible_fqdn == "lb01" %}
vrrp_script check {
script "check_nginx_php.sh"
interval 5
}
{% endif %}
vrrp_instance VI_1 {
{% if ansible_fqdn == "lb01" %}
state MASTER
priority 150
{% else %}
state BACKUP
priority 100
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
"{{ vi_ip }}"
}
}
创建角色
[root@m01 roles]# ansible-galaxy init nginx_lb
编辑tasks目录
1.安装负载均衡的nginx
[root@m01 nginx_lb]# vim tasks/install.yml
- name: check {{ nginx_packages_name }}
shell: "ls /tmp/nginx-1.18.0"
ignore_errors: yes
register: check_nginx_packages
- name: jieya {{ nginx_packages_name }}
unarchive:
src: "{{ nginx_packages_name }}"
dest: "{{nginx_packages_pos}}"
when: check_nginx_packages != 0
- name: check nginx
shell: "rpm -q nginx"
ignore_errors: yes
register: check_nginx
- name: Install Nginx Server
yum:
name:
- "/tmp/nginx-1.18.0/nginx-1.18.0-1.el7.ngx.x86_64.rpm"
when: check_nginx.rc != 0
2.拷贝nginx主配置文件和server
[root@m01 nginx_lb]# vim tasks/copy.yml
- name: copy nginx.conf server
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "nginx.conf.j2",dest: "/etc/nginx/nginx.conf" }
- { src: "nginx.server.j2",dest: "/etc/nginx/conf.d/server.conf" }
- name: copy proxy_params
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "proxy_params",dest: "/etc/nginx/" }
notify:
- "reload nginx"
3.启动nginx
[root@m01 nginx_lb]# vim tasks/start.yml
- name: start nginx
service:
name: nginx
state: started
4.include
[root@m01 nginx_lb]# vim tasks/main.yml
- include: install.yml
- include: copy.yml
- include: start.yml
5.编辑files目录
[root@m01 nginx_lb]# vim files/keepalived.service
[root@m01 nginx_lb]# vim files/proxy_params
[root@m01 nginx_lb]# rz nginx-1.18.0.tar.gz
6.编辑template目录
[root@m01 nginx_lb]# vim templates/nginx.conf.j2
[root@m01 nginx_lb]# vim templates/nginx.server.j2
7.编辑handlers
[root@m01 nginx_lb]# vim handlers/main.yml
- name: reload nginx
service:
name: nginx
state: reloaded
8.变量
[root@m01 nginx_lb]# vim vars/main.yml
#统一ww_w用户
ww_w: www
#使用变量定义域名
yuming_com: "cs.wp.com cs.zh.com"
#nginx包名
nginx_packages_name: "nginx-1.18.0.tar.gz"
#nginx压缩包解压到目标机的位置
nginx_packages_pos: "/tmp"
编辑入口文件
[root@m01 roles]# vim site.yml
- hosts: all
roles:
#- { role: base }
#- { role: rsync_client,when: ansible_fqdn is match 'web*' }
#- { role: rsync_client,when: ansible_fqdn is match 'nfs*' }
#- { role: rsync_server,when: ansible_fqdn is match 'backup*' }
#- { role: nfs_server,when: ansible_fqdn is match 'nfs*' }
#- { role: nfs_client,when: ansible_fqdn is match 'web*' }
#- { role: mount_server,when: ansible_fqdn is match 'nfs*' }
#- { role: mount_client,when: ansible_fqdn is match 'web*' }
#- { role: sersync,when: ansible_fqdn is match 'web*' }
#- { role: nginx_web,when: ansible_fqdn is match 'web*' }
- { role: nginx_lb,when: ansible_fqdn is match 'lb*' }
执行
[root@m01 roles]# ansible-playbook site.yml