Ansible实战之Nginx高可用代理LNMP-wordpress
author:JevonWei
版权声明:原创作品
blog:http://119.23.52.191/
实验环境:前端使用Nginx做代理服务器,静态资源经由缓存服务器,连接后端web集群,动态资源直接连接后端集群,可由Nginx代理或Varnish实现动静分离,web服务端连接PHP服务,从而更好的提供动态资源,将动态资源数据保存在Mysql关系型数据库上,且Mysql数据库使用主从复制的技术。为验证整体架构的准确性,故将wordpress应用搭建在web服务端,来验证构架的有效性。为了防止单点故障,前端的Nginx代理还使用了keepqlive技术来实现高可用从而达到增加网络的安全性能的目的。
实验拓展:为了增加可用性,可将web集群分为动静两类web 集群组,从来实现动静分离的效果,Varnish集群来为静态资源提供缓存,从而使网络访问速度更快。前端代理也可使用HAProxy及LVS等技术来替代。后端Mysql数据库也可以增加数据备份的案例。
varnish的分离分离参考 http://www.cnblogs.com/JevonWei/p/7499417.html
网络拓扑图
主机环境
Ansible 172.16.252.82
Nginx_A 代理 172.16.252.207
Nginx_B 代理 172.16.252.103
Keepalived_A 172.16.252.207
Keepalived_B 172.16.252.103
Nginx+PHP_A 172.16.252.184
Nginx+PHP_B 172.16.252.67
Mysql_Master 172.16.252.184
Mysql_Slave 172.16.252.67
受添加限制
Nginx_A和Keepalived_A为Nginx1.danran.com上
Nginx_B和Keepalived_B为Nginx2.danran.com上
Nginx+PHP_A和Mysql_Mstart在web1.danran.com主机上
Nginx+PHP_B和Mysql_Slave在web2.danran.com主机上
实验准备
各节点需保持时间同步
确保主机名可以通信
节点间使用秘钥连接
时间同步
[root@ansible ~]# ntpdate 172.16.0.1
节点主机名通信
编辑/etc/hosts主机解析文件或使用DNS解析亦可
[root@ansible ~]# vim /etc/hosts
172.16.252.184 web1.danran.com
172.16.252.67 web2.danran.com
172.16.252.82 ansible.danran.com
172.16.252.103 nginx2.danran.com
172.16.252.82 Ansible.danran.com
[root@ansible ~]# scp /etc/hosts nginx1.danran.com:/etc/
[root@ansible ~]# scp /etc/hosts nginx2.danran.com:/etc/
[root@ansible ~]# scp /etc/hosts web1.danran.com:/etc/
[root@ansible ~]# scp /etc/hosts web2.danran.com:/etc/
节点秘钥连接
[root@ansible ~]# ssh-keygen -t rsa -P ""
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8e:bb:44:d7:25:df:1b:3e:9b:fa:22:15:b5:6b:e4:19 root@ansible
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| . .. . |
| . +..E |
| . S . .+o+ |
| . + ..=o |
| o . . .+ |
| . . . . + |
| o. ..++ |
+-----------------+
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@nginx1.danran.com
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@nginx2.danran.com
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@web1.danran.com
[root@ansible ~]# ssh-copy-id -i .ssh/id_rsa.pub root@web2.danran.com
Ansible配置文件
[root@ansible ~]# vim ansible.yml
- hosts: websrvs
remote_user: root
roles:
- nginx_web
- hosts: proxy
remote_user: root
roles:
- nginx_proxy
- hosts: keepalive
remote_user: root
roles:
- keepalive
- hosts: varnish
remote_user: root
roles:
- varnish
- hosts: php-fpm
remote_user: root
roles:
- php-fpm
- hosts: mysql
remote_user: root
roles:
- mariadb
- hosts: websrvs
remote_user: root
roles:
- wordpress
Ansible主机清单文件
[root@ansible ~]# vim /etc/ansible/hosts
[websrvs]
172.16.252.184
172.16.252.67
[proxy]
172.16.252.207
172.16.252.103
[keepalive]
172.16.252.207 start1=MASTER start2=BACKUP priority1=100 priority2=90
172.16.252.103 start1=BACKUP start2=MASTER priority1=90 priority2=100
[varnish]
172.16.252.207
172.16.252.103
[php-fpm]
172.16.252.184
172.16.252.67
[mysql]
172.16.252.184 serverid=1 log="log_bin = master-log"
172.16.252.67 serverid=2 log="relay-log = master-log"
定义角色
keepalive
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir keepalived/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim keepalive/tasks/main.yml
- name: install keepalived
yum: name=keepalived state=latest
- name: install conf
template: src=keepalived.j2 dest=/etc/keepalived/keepalived.conf
tags: conf
notify: restart keepalived
- name: start keepalived
service: name=keepalived state=started
[root@ansible roles]# vim keepalive/handlers/main.yml
- name: restart keepalived
service: name=keepalived state=restarted
[root@ansible roles]# vim keepalive/templates/keepalived.j2
global_defs {
notification_email {
jevon@danran.com
}
notification_email_from ka_admin@danran.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keepaliveA
vrrp_mcast_group4 224.103.5.5
}
vrrp_instance VI_A {
state {{ start1 }}
interface {{ ansible_default_ipv4.alias }}
virtual_router_id 51
priority {{ priority1 }}
advert_int 1
authentication {
auth_type PASS
auth_pass qr8hQHuL
}
virtual_ipaddress {
172.16.252.100/32
}
}
vrrp_instance VI_B {
state {{ start2 }}
interface {{ ansible_default_ipv4.alias }}
virtual_router_id 52
priority {{ priority2 }}
advert_int 1
authentication {
auth_type PASS
auth_pass eHTQgK0n
}
virtual_ipaddress {
172.16.252.10/32
}
}
nginx_web
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir nginx_web/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim nginx_web/tasks/main.yml
- name: install nginx
yum: name=nginx state=latest
when: ansible_os_family == "RedHat"
- name: install conf
template: src=vhost1.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf
tags: conf
notify: restart nginx
- name: install site home directory
file: path={{ ngxroot }} state=directory
- name: install index page
copy: src=index.html dest={{ ngxroot }}/
- name: start nginx
service: name=nginx state=started
[root@ansible roles]# vim nginx_web/handlers/main.yml
- name: restart nginx
service: name=nginx state=restarted
[root@ansible roles]# vim nginx_web/vars/main.yml
ngxroot: /blog
[root@ansible roles]# vim nginx_web/templates/vhost1.conf.j2
server {
listen 8080;
root "/blog/wordpress";
index index.php index.html;
location ~ .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
nginx_proxy
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir nginx_proxy/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim nginx_proxy/tasks/main.yml
- name: install nginx
yum: name=nginx state=latest
when: ansible_os_family == "RedHat"
- name: install conf
template: src=proxy.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf
tags: conf
notify: restart nginx
- name: install nginx.conf
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
- name: start nginx
service: name=nginx state=started
[root@ansible roles]# vim nginx_proxy/handlers/main.yml
- name: restart nginx
service: name=nginx state=restarted
[root@ansible roles]# vim nginx_proxy/templates/proxy.conf.j2
upstream websrv {
server 172.16.252.207:6081;
server 172.16.252.103:6081;
}
server {
listen 80 default_server;
server_name www.jevon.com;
location / {
proxy_pass http://websrv/;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
}
}
[root@ansible roles]# vim nginx_proxy/files/nginx.conf \\取消nginx自带默认web主机,将新定义的web虚拟主机作为默认主机
server {
listen 80 ;
}
varnish
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir varnish/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim varnish/tasks/main.yml
- name: install varnish
yum: name=varnish state=latest
- name: install conf
copy: src=default.vcl dest=/etc/varnish/
tags: varconf
notify: restart varnish
- name: start varnish
service: name=varnish state=started
[root@ansible roles]# vim varnish/handlers/main.yml
- name: restart varnish
service: name=varnish state=restarted
[root@ansible roles]# vim varnish/files/default.vcl
vcl 4.0;
import directors;
backend web1 {
.host = "172.16.252.184";
.port = "8080";
}
backend web2 {
.host = "172.16.252.67";
.port = "8080";
}
sub vcl_init {
new websrv = directors.round_robin();
websrv.add_backend(web1);
websrv.add_backend(web2);
}
sub vcl_purge {
return (synth(200,"Pruge Fishished"));
}
acl purges {
"172.16.252.110";
"127.0.0.0"/8;
}
sub vcl_recv {
if (req.method == "PURGE") {
if (client.ip !~ purges) {
return(synth(403,"Purging not allowed for" + client.ip));
}
return(purge);
}
if (req.url ~ "(?i)\.(jpg|jpeg|png|gif)$") {
set req.backend_hint = websrv.backend();
}else {
set req.backend_hint = websrv.backend();
}
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + "," + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}
sub vcl_backend_response {
unset beresp.http.X-Powered-By;
if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g|swf|ico|txt|eot|svg|woff)") {
unset beresp.http.cookie;
set beresp.http.cache-control = "public, max-age=3600";
}
if ( beresp.status != 200 && beresp.status != 404 ) {
set beresp.uncacheable = true;
set beresp.ttl = 120s;
return (deliver);
}
set beresp.ttl = 1h;
set beresp.grace = 30s;
return (deliver);
}
sub vcl_deliver {
if (obj.hits>0) {
set resp.http.X-Cache = "Hit Via " + server.ip;
} else {
set resp.http.X-Cache = "Miss from " + server.ip;
}
}
php-fpm
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir php-fpm/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim php-fpm/tasks/main.yml
- name: install {{ item }} package
yum: name={{ item }} state=latest
with_items:
- php-fpm
- php-mysql
- name: start php-fpm
service: name=php-fpm state=started enabled=yes
mariadb
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir mariadb/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim mariadb/tasks/main.yml
- name: install mariadb
yum: name=mariadb-server state=latest
- name: install conf
template: src=server.j2 dest=/etc/my.cnf.d/server.cnf
tags: conf
notify: restart mariadb
- name: start mariadb
service: name=mariadb state=started enabled=yes
- name: command master
shell: /usr/bin/mysql -e "GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'repluser'@'172.16.%.%' IDENTIFIED BY 'replpass';"
shell: /usr/bin/mysql -e "flush privileges;"
when: ansible_hostname == "web1"
- name: command slave
shell: /usr/bin/mysql -e "CHANGE MASTER TO MASTER_HOST='172.16.252.184', MASTER_USER='repluser', MASTER_PASSWORD='replpass', MASTER_LOG_FILE='master-log.000003', MASTER_LOG_POS=245;"
shell: /usr/bin/mysql -e "start slave;"
when: ansible_hostname == "web2"
- name: wordpress command
shell: /usr/bin/mysql -e "create database blog;"
shell: /usr/bin/mysql -e "grant all on blog.* to 'blog'@'localhost' identified by 'blog';"
[root@ansible roles]# vim mariadb/handlers/main.yml
- name: restart mariadb
service: name=mariadb state=restarted
[root@ansible roles]# vim mariadb/templates/server.j2
[mysqld]
server-id = {{ serverid }}
{{ log }}
innodb_file_per_table = ON
skip_name_resolve = ON
wordpress
[root@ansible ~]# cd /etc/ansible/roles/
[root@ansible ~]# mkdir wordpress/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible roles]# vim wordpress/tasks/main.yml
- name: install unzip
yum: name=unzip state=latest
- name: copy file
copy: src=wordpress-4.8.1-zh_CN.zip dest=/blog
- name: command unzip
command: /usr/bin/unzip -o /blog/wordpress-4.8.1-zh_CN.zip -d /blog
- name: copy conf
copy: src=wp-config.php dest=/blog/wordpress/
- name: mv conf
command: mv /blog/wordpress/wp-config-sample.php /blog/wordpress/wp-config.php
command: sed -ri 's/database_name_here/blog/' /blog/wordpress/wp-config.php
command: sed -ri 's/username_here/blog/' /blog/wordpress/wp-config.php
command: sed -ri 's/password_here/blog/' /blog/wordpress/wp-config.php
[root@ansible roles]# ls wordpress/files/
wordpress-4.8.1-zh_CN.zip
运行yml样本
[root@ansible ~]# ansible-playbook ansible.yml
.....
.....
PLAY RECAP *********************************************************************
172.16.252.103 : ok=15 changed=4 unreachable=0 failed=0
172.16.252.184 : ok=20 changed=3 unreachable=0 failed=0
172.16.252.207 : ok=14 changed=2 unreachable=0 failed=0
172.16.252.67 : ok=20 changed=3 unreachable=0 failed=0
访问测试
Ansible实战之Nginx高可用代理LNMP-wordpress的更多相关文章
- Ansible实战之Nginx代理Tomcat主机架构
author:JevonWei 版权声明:原创作品 实验架构:一台nginx主机为后端两台tomcat主机的代理,并使用Ansible主机配置 实验环境 Nginx 172.16.252.82 Tom ...
- 001/Nginx高可用模式下的负载均衡与动静分离(笔记)
Nginx高可用模式下的负载均衡与动静分离 Nginx(engine x)是一个高性能的HTTP和反向代理服务器,具有内存少,并发能力强特点. 1.处理静态文件.索引文件以及自动索引:打开文件描述符缓 ...
- 面试中的nginx高可用高并发!
本文转自:91博客:原文地址:http://www.9191boke.com/439923471.html 面试题: nginx高可用?nginx 是如何实现并发的?为什么nginx不使用多线程?ng ...
- keepalived对nginx高可用演练脚本
keepalived对nginx高可用演练脚本 参考文章:http://deidara.blog.51cto.com/400447/302402/ .安装nginx.keepalived.epel-r ...
- Keepalived保证Nginx高可用配置
Keepalived保证Nginx高可用配置部署环境 keepalived-1.2.18 nginx-1.6.2 VM虚拟机redhat6.5-x64:192.168.1.201.192.168.1. ...
- keepalived安装配置实战心得(实现高可用保证网络服务不间断)
keepalived安装配置实战心得(实现高可用保证网络服务不间断) 一.准备2台虚拟机 安装的系统是:centos-release-7-1.1503.el7.centos.2.8.x86_6 ...
- linux中keepalived实现nginx高可用配置
linux中keepalived实现nginx高可用配置 安装keepalived 运行如下命令即可 tar -zxvf keepalived-2.0.8.tar.gz -C /usr/src cd ...
- 配置keepalived支持nginx高可用
实验环境 序号 主机名 IP地址 1 nginx1 192.168.204.11 2 nginx2 192.168.204.12 安装nginx 安装nginx yum install -y epel ...
- Nginx(四):Keepalived+Nginx 高可用集群
Keepalived+Nginx 高可用集群 (主从模式) 集群架构图 安装keepalived [root@localhost ~]# yum install -y keepalived 查看状态 ...
随机推荐
- slenium的xpath几种定位方式
练习地址,以下面地址为例: http://www.w3school.com.cn/example/xmle/books.xml 1. 查找book对象 //book #所有的数 //book[1] ...
- IIS6.0开启gzip压缩
双击IIS服务器,右键点击网站,点击属性,然后点击服务,我们看到HTTP压缩,然后在压缩应用程序文件,压缩静态文件中打钩,然后点击确定,第一步就完成了 然后我们右键点击web服务扩展,点击添加一个 ...
- 小弟在研究CUDA时出现一个问题,求解
这是<GPU高性能编程CUDA中文实战>中的例子,第七章,热传导模拟,但是出现下面的问题,求牛人解读.小弟跪谢... 主要问题就是关键字变白. 但是添加需要的头文件后一些系统自带的关键字也 ...
- C# 运用作用域
前面已经展示了一些在方法内部创建变量的例子.变量从定义了它的语句开始存在,同一个方法内的后续语句可以使用该变量.换言之,变量只能在创建了之后才能使用.方法执行完毕后,变量也会彻底消失. 假如一个变量能 ...
- C#进阶之全面解析Lambda表达式
引言 在实际的项目中遇到一个问题,我们经常在网上搜索复制粘贴,其中有些代码看着非常的简洁,比如Lambda表达式,但是一直没有去深入了解它的由来,以及具体的使用方法,所以在使用的时候比较模糊,其次,编 ...
- 在mac下使用python抓取数据
2015已经过去,这是2016的第一篇博文! 祝大家新年快乐! 但是我还有好多期末考试! 还没开始复习,唉,一把辛酸泪! 最近看了一遍彦祖的文章叫做 iOS程序员如何使用Python写网路爬虫 所以自 ...
- 【dp】奶牛家谱 Cow Pedigrees
令人窒息的奶牛题 题目描述 农民约翰准备购买一群新奶牛. 在这个新的奶牛群中, 每一个母亲奶牛都生两个小奶牛.这些奶牛间的关系可以用二叉树来表示.这些二叉树总共有N个节点(3 <= N < ...
- formpanel布局的学习
FormPanel有两种布局:form和column,form是纵向布局,column为横向布局.默认为后者.使用layout属性定义布局类型.对于一个复杂的布局表单,最重要的是正确分割,分割结果直接 ...
- C盘扩容 更改C盘大小
最近对xamarin有点兴趣,虽然网上的评论嘘声一片, 对于只想试一试的心态来说,对于网上所说的什么开发后的程序卡顿,可以用的三方库很少等, 我只想说,你们说的我不信,我要试一试看 我本来已经安装了v ...
- 用Python学分析 - 单因素方差分析
单因素方差分析(One-Way Analysis of Variance) 判断控制变量是否对观测变量产生了显著影响 分析步骤 1. 建立检验假设 - H0:不同因子水平间的均值无差异 - H1:不同 ...