Use Ansible to quickly deploy a mainstream web architecture

Topology:

650) this.width=650; "src=" https://s5.51cto.com/wyfs02/M00/8D/6D/wKioL1icKkeBk9nMAADZROqP5lk658.jpg "title=" b.jpg "alt=" Wkiol1ickkebk9nmaadzroqp5lk658.jpg "/>

Topology Description:

1. Two servers configured Keepalived+nginx to do the load Balance of the dual master model, with the host name LB1 and LB2

2. Two servers configure lamp to handle dynamic resource requests with host name LAMP1 and LAMP2

3. Two servers configured varnish as a static resource cache server with host name Varnish1 and VARNISH2

4. Two servers configured Nginx to handle static resource requests

5. Additional server installation ansible, using Ansible to manage all servers in bulk

Key technical points:

1. keepalived configured the mail alarm script, when the status of the node changes, will send an alarm message (the script in the mailbox to be modified)

2. Load balance part using Nginx for static and dynamic separation

3. When scheduling dynamic resource traffic, in order to bind session sessions, using the Ip_hash algorithm, if the use of sticky-mode scheduling, you need to adjust the cache rules, otherwise access to static resources because of the cookie information, resources can not be slowed

4. When scheduling static resource traffic, the Ip_hash algorithm is used to improve the cache hit ratio. You might consider using the Consistent_hash algorithm (consistent hashing). However, after testing, Nginx can not realize the health condition monitoring and failover of the back-end server when using the Consistent_hash algorithm. Therefore, if you need to use the Consistent_hash algorithm, it is recommended to use Tengine

5. For the Static resource Caching section, a multi-level cache is used. On the front-end lb, Nginx is configured with Proxy_cache for storing a small number of hot spot data, and the backend varnish to store the data that is often accessed. The cache time on the front-end lb is very short due to testing

6. All Web services are split once a day Access_log

7. Add a custom Hearder to the response message to show which server the resource was obtained from, making it easier to debug later

Further improvements can be found in the following areas:

1. Caching policies in the experiment configuration can be further modified and optimized

2. The Varnish log service is not yet configured

3. You can use Tengine instead of Nginx, using the Consistent_hash algorithm to increase the cache hit rate while the distributed cache storage location

4. about the security implications of Ansible:

Because of the use of the key mode of communication, once Ansible server is illegally logged on, other managed nodes also have the risk of being tampered with. Therefore, consider creating a dedicated ansible user for SSH communication with other managed nodes using keys, and other users need to use Ansible to manage the server, sudo to ansible user to execute ansible command, This will have a corresponding record in the log.

Lab Environment:

all server SSH port number: 2222

ansibleserver communication mode with managed node: SSH communication using key mode, remote_user as root

All servers use hosts to resolve host names, so the hosts of all servers need to be consistent

Ansible_server Centos7.2

192.168.1.200

LB1 Centos 7.2

192.168.1.202

LLB2 Centos 7.2

192.168.1.203

VARNISH1 Centos 7.2

192.168.1.208

VARNISH2 Centos 7.2

192.168.1.209

LAMP1 Centos 6.5

192.168.1.101

LAMP2 Centos 6.5

192.168.1.102

Static_server1 Centos 7.2

192.168.1.205

Static_server2 Centos 7.2

192.168.1.206

Final effect:

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M01/8D/6D/wKioL1icKnuj4tcBAAGNb-UWFYg034.jpg "title=" b.jpg "alt=" Wkiol1icknuj4tcbaagnb-uwfyg034.jpg "/>

650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M02/8D/6D/wKioL1icKqyTF1PVAAF2HAKO6uc458.jpg "title=" b.jpg "alt=" Wkiol1ickqytf1pvaaf2hako6uc458.jpg "/>

All the configuration files required for the ansible, including all the roles required in the experiment, are two compressed sub-volumes. Interested can download the test

Use Ansible to quickly deploy a mainstream web architecture