Ansible implements keepalived)

Preface

Ansible is an extremely simple it automated O & M tool. It is developed based on Python and integrates the advantages of many O & M tools (puppet, cfengine, Chef, func, fabric, implements batch system configuration, batch program deployment, and batch running commands. Ansible works based on modules and does not have the ability to deploy them in batches. It is actually a module running by ansible. ansible only provides a framework. Ansible mainly undertakes the following tasks: configuration management, real-time service activation, application deployment, Process Orchestration, monitoring and alarms, and logging.

Basic architecture of ansible:

• Core Module: There are two modules in the module library. One is the core module and the other is the custom module ). The core modules are all built-in modules of ansible. The module resources are distributed to remote nodes to execute specific tasks or match a specific status;
• Custom modules: If ansible cannot meet your needs, add custom modules here;
• Plugins: assists the module in completing a function;
• Playbooks: defines a series of tasks to be executed on a remote host;
• Connectior plugins: ansible connects to the target machine based on SSH by default, but also supports different connection methods. In this case, you need to connect the plug-in to help us complete the connection;
• Host inventory: defines the host to be managed. In a small environment, you only need to write the Host IP address to the host file, however, in medium and large environments, we may need to use static inventory or dynamic host list to generate the target host we need to execute.

Lab Topology

The two nginx servers are used as the web proxy, and keepalived is configured as the master and slave servers. The backend servers are two Apache servers, one is Apache + PHP, and the other is Apache + MySQL.

Building ansible

[[Email protected] ~] # Systemctl stop firewalld. Service [[email protected] ~] # Systemctl disable firewalld. serive [[email protected] ~] # Vim/etc/SELinux/config... SELinux = disabled... [email protected] ~] # Init 6 [[email protected] ~] # Ntpdate ntp1.aliyun.com [[email protected] ~] # Yum-y install ansible [[email protected] ~] # Vim/etc/ansible/hosts... [hasrvs] 192.168.4.117 192.168.4.118 [websrvs] 192.168.4.119 192.168.4.120
[PHP]
192.168.4.119
[MySQL]
192.168.4.120 [[email protected] ~] # Vim/etc/hosts... 192.168.4.117 nginx1 192.168.4.118 nginx2 192.168.4.119 apache1 192.168.4.120 apache2 [[email protected] ~] # Ssh-keygen-t rsa-n'' # generate a key pair to enable SSH password-free login to generating public/private RSA key pair. enter file in which to save the key (/root /. SSH/id_rsa): Created directory '/root /. SSH '. your identification has been saved in/root /. SSH/id_rsa. your public key has been saved in/root /. SSH/id_rsa.pub [[email protected] ~] # Ssh-copy-ID-I. Ssh/id_rsa.pub [email protected] # copy the public key to each remote host [[email protected] ~] # Ssh-copy-ID-I. Ssh/id_rsa.pub [email protected] [[email protected] ~] # Ssh-copy-ID-I. Ssh/id_rsa.pub [email protected] [[email protected] ~] # Ssh-copy-ID-I. Ssh/id_rsa.pub [email protected]

Test connectivity

[[email protected] ~]# ansible all -m ping    192.168.4.117 | SUCCESS => {        "changed": false,         "ping": "pong"    }    192.168.4.118 | SUCCESS => {        "changed": false,         "ping": "pong"    }    192.168.4.120 | SUCCESS => {        "changed": false,         "ping": "pong"    }    192.168.4.119 | SUCCESS => {        "changed": false,         "ping": "pong"    }

Synchronization time, disable firewalld and SELinux

[[Email protected] ~] # Ansible all-M shell-A 'echo "TZ = 'Asia/Shanghai'; export TZ">/etc/profile '[[email protected] ~] # Ansible all-M Cron-a 'minute = */5 job = "/usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null" name = updatetime '# synchronize every 3 minutes [email protected] ~] # Ansible all-M shell-A 'systemctl stop firewalld. Service; systemctl disable firewalld. Service; setenfore 0'

Configure the roles of the Apache service

[[Email protected] ~] # Mkdir-PV/etc/ansible/roles/Apache/{files, templates, tasks, handlers, vars, Meta, default} # create related directories [[email protected] ~] # Vim/etc/ansible/roles/Apache/templates/vhost. conf. j2 # Apache host template <virtualhost *: 80> servername www.test.org directoryindex index.html index. PHP DocumentRoot/var/www/html proxyrequests off proxypassmatch ^ /(. *\. PHP) $ fcgi: // 192.168.4.119: 9000/var/www/html/$1 proxypassmatch ^/(Ping | status) $ fcgi: // 192.168.4.119: 9000/$1 <directory/> options followsymlinks AllowOverride none require all granted </ Directory> </virtualhost> [[email protected] ~] # Vim/etc/ansible/roles/Apache/templates/index.html # Apache homepage Configure the roles of the PHP-FPM Service
[[Email protected] ~] # Mkdir-PV/etc/ansible/roles/PHP-FPM/{files, templates, tasks, handlers, vars, Meta, default} # create related directories [[email protected] ~] # Cp/etc/php-fpm.d/www. conf/etc/ansible/roles/PHP-FPM/templates/www. conf. j2 # directly copy the pre-prepared configuration template [[email protected] ~] # Vim/etc/ansible/roles/PHP-FPM/templates/www. conf. j2 # modify the following configuration: listem = 0.0.0.0: 9000; listen. allowed_clients = 127.0.0.1 PM. status_path =/status Ping. path =/ping. response = Pong [[email protected] ~] # Vim/etc/ansible/roles/PHP-FPM/tasks/main. yml # define the task-Name: install PHP Yum: Name ={{ item} state = Latest with_items: -PHP-FPM-PHP-mysql-PHP-mbstring-PHP-mcrypt-Name: Copy config template: src = www. conf. j2 DEST =/etc/php-fpm.d/www. conf-Name: create directory file: Path =/var/lib/PHP/session Group = Apache owner = Apache state = directory-Name: Start PHP-FPM service: name = PHP-FPM state = started
Configure the MySQL service roles
[[Email protected] ~] # Mkdir-PV/etc/ansible/roles/MySQL/{files, templates, tasks, handlers, vars, Meta, default} # create related directories [[email protected] ~] # Cp/etc/My. CNF/etc/ansible/roles/MySQL/templates/My. CNF. J2 # copy the prepared template [email protected] ~] # Vim/etc/ansible/roles/MySQL/templates/My. CNF. j2 # Add the following configuration skip-name-resolve = on InnoDB-file-per-table = on [email protected] ~] # Vim/etc/ansible/roles/MySQL/tasks/main. yml # define the task-Name: Install MySQL Yum: Name = mariadb-server state = Latest-Name: Copy config template: src = My. CNF. j2 DEST =/etc/My. CNF-Name: Start MySQL service: Name = mariadb state = started
Configure the roles of the nginx Service
[[Email protected] ~] # Mkdir-PV/etc/ansible/roles/nginx/{files, templates, tasks, handlers, vars, Meta, default} # create related directories [[email protected] ~] # Cp/etc/nginx. CONF/etc/ansible/roles/nginx/templates/nginx. conf. J2 # copy the prepared template [[email protected] ~] # Vim/etc/ansible/roles/nginx/templates/nginx. conf. J2
# Modify the configuration HTTP {... upstream websrvs {server 192.168.4.119: 80; server 192.168.4.120: 80; server 127.0.0.1: 80 backup;} server {Listen 80; Include/etc/nginx/default. d /*. conf; Location/{proxy_pass http: // websrvs; proxy_set_header host $ http_host; proxy_set_header X-forward-for $ remote_addr ;}...}...} [[email protected] ~] # Vim/etc/ansible/roles/nginx/templates/localhost. conf. j2 # define the local nginx Service Server {Listen 127.0.0.1: 80; root/usr/share/nginx/html; index index.html;} [[email protected] ~] # Vim/etc/ansible/roles/nginx/templates/index.html Configure the roles of the keepalived Service
[[Email protected] keepalived] # mkdir-PV/etc/ansible/roles/keepalived/{files, templates, tasks, handlers, vars, Meta, default} # create the related directory [[email protected] keepalived] # Vim/etc/ansible/roles/keepalived/templates/keepalived. conf. j2 # keepalived configuration file global_defs {notification_email {[email protected]} Listen [email protected] smtp_server 127.0.0.1 Limit 30 router_id {region} route 224.0.0.10} vrrp_instance vip_1 {state} interface eno16777736 virtual_router_id 1 priority {region} advert_int 1 authentication {auth_type pass auth_pass % & hhjj99} virtual_ipaddress {192.168.4.155/24 Dev eno16777736 label eno167736: 0} [[email protected] keepalived] # Vim/etc/ansible/hosts # Add variable... [hasrvs] 192.168.4.117 keepalived_role = Master keepalived_pri = 100 192.168.4.118 keepalived_role = backup keepalived_pri = 99... [[email protected] keepalived] # Vim/etc/ansible/roles/keepalived/tasks/main. yml # define the task-Name: Install keepalived Yum: name = keepalived state = Latest-Name: Copy config template: src = keepalived. conf. j2 DEST =/etc/keepalived. conf-Name: Start keepalived service: Name = keepalived state = started
Configure the playbook of the Apache + PhP Service
[[Email protected] keepalived] # mkdir/etc/ansible/playbooks # create a playbook storage directory [[email protected] roles] # Vim/etc/ansible/playbooks/ap1.yml defines Apache + PHP-FPM playbook-hosts: PHP remote_user: Root roles: -Apache-PHP-FPM [[email protected] roles] # ansible-playbook -- syntax-check/etc/ansible/playbooks/ap1.yml # Check for syntax errors [[email protected] roles] # ansible-playbook/etc/ansible/playbooks/ap1.yml # Run
Configure the playbook of the Apache + MySQL Service
[[email protected] ~]# vim /etc/ansible/playbooks/ap2.yml    - hosts: mysql      remote_user: root      roles:      - apache      - mysql[[email protected] ~]# ansible-playbook --syntax-check /etc/ansibleplaybooks/ap2.yml[[email protected] ~]# ansible-playbook /etc/ansibleplaybooks/ap2.yml
Configure the playbook of the nginx + keepalived Service
[[email protected] ~]# vim /etc/ansible/playbooks/ha.yml    - hosts: hasrvs      remote_user: root      roles:      - nginx      - keepalived [[email protected] ~]# ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml [[email protected] ~]# ansible-playbook /etc/ansible/playbooks/ha.yml
Client Test Access
[[email protected] ~]# vim /etc/hosts    ...    192.168.4.155 www.test.org    ...[[email protected] ~]# for i in {1..10};do curl http://www.test.org;done    Episode:
[[Email protected] ~] # Ansible all-M ping -- list-hosts
Error! Unexpected exception, this is probably a bug: (cryptography 0.8.2 (/usr/lib64/python2.7/Site-packages), requirement. parse ('cryptography> = 100 '))
An error is reported when you run the ansible command. The Python cryptography version must be greater than or equal to 1.1.
Solution:
[[Email protected] ~] # Yum-y install Python-pip
[[Email protected] ~] # Pip install -- upgrade Cryptography
Ansible implements keepalived)