Ansible Automatic Deployment Lnamp

Objective:

Automatically deploy Lnamp with Ansible for highly available nginx reverse server, central http+php provides Web services, backend links to the same MySQL database

Lab Environment:

Ansible Host: 10.0.0.10/8

Nginx (main): 10.0.0.11/8

Nginx (prepared): 10.0.0.12/8

Virtual IP:10.0.0.111/32

Http1:10.0.0.21/8

Http2:10.0.0.22/8

Mysql:10.0.0.30/8

Edit the Hosts file for Ansible

# # # #Nginx反代主机地址及变量设置 [agent_server]10.0.0.11 state=master priority=100 ip_addr=10.0.0.1110.0.0.12 state=backup priority=95 ip_addr=10.0.0.12# Note: Configuration file for state keepalived configuration required variable # IP_ADDR: Variables required for Nginx profile template #http server group variable configuration [agent_ server:vars]package=nginx,keepalived #package这个变量提供nginx反代服务器所需的安装包web_server1 =10.0.0.21 #nginx The configuration file must be called back-end server address web_server2=10.0.0.22## #Web服务器地址及变量配置 [web_server]10.0.0.2110.0.0.22#web server address and variable configuration [web_server: vars]package=httpd,php,php-mysqldbserver=10.0.0.30 #discuz配置文件所需调用的变量 # # #数据库主机配置 [db_server]10.0.0.30[dbserver: Vars]package=mariadb-server

Create a roles Directory

# cd/etc/ansible/roles/# The role directory required to create the directory # MKDIR-PV nginx/{tasks,files,templates,handlers,mate,default,vars}# MKDIR-PV Httpd/{tasks,files,templates,handlers,mate,default,vars}

Configuring Nginx Roles

Create the Tasks task file

- name: install nginx & keepalived packages # #包安装   yum:  name={{ package }} state=present- name: nginx configuration # #复制nginx配置文件, Copy the template to the remote host; the configuration file is placed locally in the template directory   template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf-  name: keepalived configuration ## keepalived configuration file, copy the template to the remote host   template:  src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf- name: nginx service  start # #启动nginx服务   service: name=nginx state=started- name:  Keepalived service start  service: name=keepalived state=started- name:  copy nginx check script ##  copy nginx service detection script to remote host   copy: src=chk_ nginx.sh dest=/etc/keepalived/- name: change script mod  ##  assigning permissions to a script file   shell: chmod +x /etc/keepalived/chk_nginx.sh 

To create an Nginx profile template:

Copy the Nginx configuration file to the template directory with the. J2 End # cp /etc/nginx/nginx.conf /etc/ansible/roles/nginx/templates/ Nginx.conf.j2# vim nginx.conf.j2http {...    upstream {{ ip_addr  }} {   #此处变量为hosts中定义的nginx的IP地址         server  {{ web_server1 }}:8080 weight=2 max_fails=3 fail_timeout=5; # web_ Server back-end servers         server {{ web_server2 }}:8080  weight=1 max_fails=3 fail_timeout=5;  #  Note that the port must be specified using a non-default port           #此处upstream   The name of the host group defined is not a string, because the command of the string causes the Discuz to load when the picture is not loaded           #若你发现用反向代理访问论坛无法显示图片时, it's probably about the setting here}    server {         listen       80 default_server;         listen       [::]:80 default_server;         server_name  _;        root          /usr/share/nginx/html;         # Load configuration files for the default server  block.        include /etc/nginx/default.d/*.conf;         location / {                 proxy_pass http://{{ ip_addr }};                 proxy_pass_header  user-agent;                 proxy_set_header host  $Host,                 #  Note that: The above two configuration of the header is necessary to use discuz, otherwise there will be no verification code display security issues         }         error_page 404 /404.html;             location = /40x.html {         }        error_page 500 502 503  504 /50x.html;            location =  /50x.html {        }    }}

Nginx Service Detection script:

#!/bin/bash#declare-i I=1until [$i-eq 3]; Doif Curl HTTP://127.0.0.1/&>/dev/null; Then exit 0else systemctl Restart Nginx.service #自己在测试时最好先注销 to see if the stop service is able to implement address drift sleep 2 let i+ + [$i-eq 3] && exit 2fidone

To create a profile template for keepalived:

# cp/etc/keepalived/keepalived.conf nginx/templates/keepalived.conf.j2# Vim nginx/templates/keepalived.conf.j2

Create a profile template for keepalived

# vim keepalived.conf.j2 ! configuration file for keepalivedglobal_defs  {   notification_email { #  Recipient email address configuration      [email  protected]     [email protected]     [email  protected]   }   #  Sender Configuration    notification_email_from [ email protected]   smtp_server 127.0.0.1   smtp_connect_timeout  30   router_id {{ ansible_nodename }}  #ansible的facts变量, the variable value is host name}##  Define NGINX Health State detection script vrrp_script chk_nginx {        script  "/ Etc/keepalived/chk_nginx.sh " #        interval 2 #   Execution of scripts every two seconds         priority -5 #  script return failure, priority minus 5, weight -5  can also achieve address drift, but the success rateNot high          #脚本的作用是: When the detection Nginx service is not online, will return the failed state to keepalived, and then keepalived the self-decrement weight, The address will generate drift}vrrp_instance vi_1 {    state {{ state }}       #  host initial state variables     interface eno16777736  #  The address interface     virtual_router_id 51   #  routing ID of the service is provided, and the master must be consistent (0-255 value range   Pre-defined priority variables in    priority {{ priority }} # hosts      advert_int 1           #  Heartbeat Message Sending frequency (SEC)      authentication {        auth_type pass   #  Certification Method         auth_pass 9998  #  Authentication password   (the recommended use of the string)     }    virtual_ipaddress {         10.0.0.111/32 #  provides the IP address of the service, which flows between the primary and standby     }}track_script { #   Invoke the script defined above         chk_nginx}

Configuring the HTTPD role

Create the Tasks task file for httpd

- name: install httpd & php php-mysql  yum: name={{  Package }} state=present- name: httpd configration  template: src= httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf- name: httpd service startd   Service: name=httpd state=started- name: copy discuz to web server   copy: src=discuz_x3.1_sc_utf8.zip dest=/var/www/html/- name: unzip discuz   shell:  "CD /VAR/WWW/HTML; UNZIP -OQ DISCUZ_X3.1_SC_UTF8.ZIP; MV  upload bbs " #  named BBS more brief- name: configure discuz  template:  src=config_global_default.php.j2 dest=/var/www/html/bbs/config/config_global_default.php- name : change discuz files owner & mod  shell:  "Chown -R  apache:apache /var/www/htmL/{bbs,utility}; chmod 755 -r /var/www/html/{bbs,utility} " 

Provide the httpd profile template:

# cp/etc/httpd/conf/httpd.conf Httpd/templates/httpd.conf.j2listen 8080

The Discuz configuration file is extracted in the compressed package, and the 3.1 version of the configuration file path is

upload/config/config_global_default.php

Modify configuration after decompression

$_config[' db '][1][' Dbhost ']       =   ' {{ db_server } ';  # mysql or MARIADB database host (using variable substitution) $_config[' db '][1][' Dbuser ']        =  ' discuz ';  # mysql database user name $_config[' db '][1][' DBPW ']                =  ' magedu ';  #  mysql Database Password $_config[' db '][1][' Dbcharset ']          =   ' UTF8 '; #  database character set $_config[' db '][1][' pconnect ']            = 0; #  whether to allow persistent connections (0 means not enabled) $_config[' db '][1][' dbname ']              =  ' discuz ';  # mysql data name $_config[' DB '][1][ ' Tablepre ']           =  ' pre_ '; 

Configuring the MARIADB Role

Create the Tasks task file

roles]# MKDIR-PV mariadb/{tasks,files,templates,handlers,mate,default,vars}# Vim Mariadb/tasks/mail.yml#!/bin/bash #mysql-E "CREATE Database Discuz" web_server= "10.0.0.21 10.0.0.22" for I in $web _server; Do MYSQL-E "Grant all on discuz.* to [e-mail protected] $i identified by ' magedu '" done~

Provide a MARIADB profile template

# cp/etc/my.cnf mariadb/templates/my.cnf.j2[mysqld]datadir=/var/lib/mysqlsocket=/var/lib/mysql/mysql.sock# Disabling symbolic-links is recommended to prevent assorted security riskssymbolic-links=0skip_name_resolve = on # cancel hostname reverse Solution innodb_file_per_table = on # using InnoDB engine

Create Playbook Call role

Nginx

-Hosts:agent_server remote_user:root tasks:roles:-Nginx

httpd

-Hosts:web_server remote_user:root tasks:roles:-httpd

Mariadb

-Host:db_server remote_user:root tasks:roles:-mariadb

Not to be continued ....

Ansible Automatic Deployment Lnamp