ansible一键部署高可用集群项目实战最细教程

服务架构图

环境配置

IP规划和配置

• 负载均衡节点

  • nginx1：192.168.146.100

    • 先查看本机网卡：

    nmcli connection show
    

    • 可以看到我的虚拟机上网卡连接名是ens33

  

  • 根据连接名修改网卡IP

  nmcli connection modify ens33 ipv4.address 192.168.146.100/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
  

  • 修改网卡后记得重启该网卡，让配置生效

  nmcli connection down ens33
  nmcli connection up ens33
  

  • nginx2：192.168.146.101

    • 修改网卡IP，按理说虚拟机环境下一张网卡的网卡连接名都是一样的，如果不放心可以重复上述步骤查看，再修改网卡

    nmcli connection modify ens33 ipv4.address 192.168.146.101/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

    • 重启网卡，操作跟上面的相同，下面就不再显示了

• web服务器

  • apache1：192.168.146.102

    nmcli connection modify ens33 ipv4.address 192.168.146.102/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

  • apache2：192.168.146.103

    nmcli connection modify ens33 ipv4.address 192.168.146.103/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

• NAS存储节点：

  • NFS服务器：192.168.146.104

    nmcli connection modify ens33 ipv4.address 192.168.146.104/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

• MySQL主从集群

  • master：192.168.146.105

    nmcli connection modify ens33 ipv4.address 192.168.146.105/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

  • slave：192.168.146.106

    nmcli connection modify ens33 ipv4.address 192.168.146.106/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
    

• Prometheus-server节点

  • prometheus：192.168.146.107

  nmcli connection modify ens33 ipv4.address 192.168.146.107/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
  

• rsync-server节点

  • rsyncd：192.168.146.108

  nmcli connection modify ens33 ipv4.address 192.168.146.108/24 ipv4.gateway 192.168.146.2 ipv4.dns 114.114.114.114 ipv4.method manual
  

ssh免密登录

用一台管理节点，对上面配置的所有服务器节点配置成可以ssh免密登录，为了后续在管理节点上ansible一键搭建整个架构

• 在管理节点上，生成密钥对

  ssh-keygen
  

  • 出现提示信息一路敲击回车就好
    

• 检查一下是否成功生成RSA密钥对
  

• 将公钥id_rsa.pub发送至各个服务器，以下命令在每个服务器包括管理节点都执行一遍，IP换成对应的即可

  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.134    
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.100  
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.101  
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.102  
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.103  
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.104  
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.105
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.106
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.107
  ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.146.108
  

  • 出现以下信息即完成传输
    

  • 可以在其他服务器上检查一下是否存在authorized_keys文件，存在该文件就说明公钥从管理节点接收成功了
    

• 在管理节点上，可以验证一下是否可以成功ssh免密登录到其他节点

  [root@server1 ~]# ssh [email protected]
  Last login: Sat Apr  9 10:39:32 2022 from 192.168.146.1    
  
  # 查看当前IP，发现已经成功登录到apache2节点上了
  [root@server1 ~]# ip a | grep -v 'LOOPBACK' |awk '/^[0-9]/{print $2;getline;getline;if ($0~/inet/){print $2}}'
  ens33:
  192.168.146.101/24
  

开始搭建

管理节点

准备工作

• 以下所有命令均在管理节点上使用ansible工具配置即可

• 使用yum安装ansible工具

  # 安装epel扩展源
  yum install epel-release.noarch -y
  # 安装ansible
  yum install -y ansible
  

• 编写ansible主机清单/etc/ansible/hosts文件，在文件末尾添加如下内容：

  [all_ip]
  192.168.146.134 hostname=manager
  192.168.146.100 hostname=nginx1
  192.168.146.101 hostname=nginx2
  192.168.146.102 hostname=apache1
  192.168.146.103 hostname=apache2
  192.168.146.104 hostname=nas rsync_server=192.168.146.108
  192.168.146.105 hostname=master
  192.168.146.106 hostname=slave
  192.168.146.107 hostname=prometheus
  192.168.146.108 hostname=rsyncd
  
  [balancers]
  nginx1 mb=MASTER priority=100
  nginx2 mb=BACKUP priority=98
  
  [web]
  apache1
  apache2
  
  [mysql]
  master master=true
  slave slave=true
  
  [mysql:vars]
  master_ip=192.168.146.105
  slave_ip=192.168.146.106
  
  [nfs]
  nas
  
  [nfs:vars]
  rsync_server=192.168.146.108
  
  [rsync]
  rsyncd
  
  [prometheus]
  prometheus
  
  [alertmanagers]
  prometheus
  
  [node-exporter]
  192.168.146.100
  192.168.146.101
  192.168.146.102
  192.168.146.103
  192.168.146.104
  192.168.146.105
  192.168.146.106
  192.168.146.108
  

  • 检查连通性，所有服务器均响应pong才表示管理节点与所有服务器连通无误

• 为所有服务器设置主机名，顺便把selinux和防火墙关了，这里为了偷懒选择直接关掉防火墙和selinux（当然也可以为每类的角色做特定的放行策略和设置对应的安全上下文，更符合生产环境配置）

  [root@server1 ansible]# vim prepare_work.yml 
  
  - name: prepare work
    hosts: all_ip
    tasks:
  
      - name: set hostname
        shell: hostnamectl set-hostname {
       {
        hostname }}
  
      - name: stop firewalld
        service: