项目分享--NO.1

搭建高可用的web集群.部署网站

包含数据库,ceph/nfs,haproxy,keepalived,ansible部署

1,配置ansible管理环境

创建工作目录,编写ansible配置文件,和主机清单文件,yum配置文件

将yum文件到控制机上,然后用模块上传到被管理机器上

#vim 01-upload-repo.yml 
---
- name: config repos.dhosts: alltasks:- name: delete repos.dfile:path: /etc/yum.repos.dstate: absent- name: create repos.dfile:path: /etc/yum.repos.dstate: directorymode: '0755'- name: upload local88copy:src: files/local88.repodest: /etc/yum.repos.d/

配置web1服务:

# vim 02-config-web1.yml 
---
- name: config web1hosts: webserverstasks:- name: install pkgs   # 安装软件包yum:name:- nginx           - mysql-server  - php-mysqlnd      #数据库包- php-fpm          #解释器包- php-json          state: present- name: start service   # 循环启动多个服务service:name: "{{item}}"state: startedenabled: yesloop:- nginx- php-fpm- mysqld

编写php文件测试页面是否站起,测试完删除,不然影响后期操作

#vim /usr/share/nginx/html/index.php
<?phpphpinfo();
?>

安装Wordpress网站，需要数据库，创建数据库并授权

此方法可以安装多种网站如:discursion,zabbix等

1. 编写用于创建数据库和用户的脚本

vim files/config_mysql.sh
#!/bin/bash
mysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@localhost identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@localhost"
2. 通过ansible的script模块执行脚本
[root@pubserver project01]# vim 03-config-mysql.yml 
---
- name: config mysqlhosts: web1tasks:- name: create databasescript: files/config_mysql.sh
[root@pubserver project01]# ansible-playbook 03-config-mysql.yml
# 3. 测试账号，如果可以成功登陆mysql，则数据库和用户创建正确
[root@web1 ~]# mysql -uwpuser01 -pwordpress -hlocalhost wordpress

部署wordpress

在gitee拉取代码,搭建web,解压缩放在html下

cp -r wordpress/* /usr/share/nginx/html/

# 3. php程序是由php-fpm处理的，php-fpm以apache身份运行
[root@web1 ~]# ps aux | grep php-fpm
root        5655  0.0  0.4 395620 19056 ?        Ss   12:13   0:00 php-fpm: master process (/etc/php-fpm.conf)
apache      5670  0.0  0.3 412108 13812 ?        S    12:13   0:00 php-fpm: pool www
# 4. 为了让php-fpm程序能对html目录进行读写操作，需要为他授予权限
[root@web1 ~]# chown -R apache:apache /usr/share/nginx/html/

注意：注销登陆后，如果再次登陆，需访问http://192.168.88.11/wp-login.php

web与数据库服务分离

搭建数据库服务器:

# 2. 安装数据库服务，并创建数据库及用户
[root@pubserver project01]# vim files/config_mysql2.sh
#!/bin/bashmysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@'%' identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@'%'"
[root@pubserver project01]# vim 04-config-database.yml
---
- name: config databasehosts: dbstasks:- name: install mysql    # 安装数据库服务yum:name: mysql-serverstate: present- name: start service    # 启动数据库服务service:name: mysqldstate: startedenabled: yes- name: create databasescript: files/config_mysql2.sh

迁移数据库

首先发布停服更新通知

注意：默认的wordpress对中文标题支持有bug，需要修改源码修复bug。或者更改【固定链接】配置，如下：

# 1. 在源服务器上备份数据库中的数据。备份数据库wordpress中的数据到wordpress.sql文件
[root@web1 ~]# mysqldump wordpress > wordpress.sql
# 2. 将备份文件拷贝到新数据库服务器
[root@web1 ~]# scp wordpress.sql 192.168.88.21:/root/
# 3. 在新数据库服务器上，导入数据。将wordpress.sql中的数据导入到wordpress数据库中
[root@database ~]# mysql wordpress < wordpress.sql # 4. 修改php网站，将数据库服务器地址，指向新数据库服务器
[root@web1 ~]# vim /usr/share/nginx/html/wp-config.php 
...略...31 /** Database hostname */32 define( 'DB_HOST', '192.168.88.21' );
...略...
# 5. 停止web1上的数据库服务，wordpress网站仍然可以访问
[root@web1 ~]# systemctl stop mysqld
[root@web1 ~]# yum remove -y mysql-server
# 6. 停止database上的数据库服务，wordpress将不能访问

查询数据库中的内容

[root@database ~]# mysql   # 打开mysql命令行

mysql> show databases;     # 查看有哪些数据

mysql> use wordpress;      # 切换到wordpress数据库

mysql> show tables;        # 查看wordpress库中有哪些表

mysql> select * from wp_posts\G  # 查看wp_posts表中的内容

配置额外的web服务器

一台难以解决高并发,高可用.多台

# 2. 配置web服务器
[root@pubserver project01]# vim 05-config-webservers.yml 
---
- name: config webservershosts: webserverstasks:- name: install pkgs    # 安装软件包yum:name:- nginx- php-mysqlnd- php-fpm- php-jsonstate: present- name: start service   # 循环启动多个服务service:name: "{{item}}"state: startedenabled: yesloop:- nginx- php-fpm

将web1的html目录打包并下载:

---
- name: copy webhosts: web1tasks:- name: compress html    # 压缩html目录到/root下archive:path: /usr/share/nginx/htmldest: /root/html.tar.gzformat: gz- name: download html    # 下载压缩文件fetch:src: /root/html.tar.gzdest: files/flat: yes

释放html压缩包到其他web服务上

---
- name: deploy web2 and web3hosts: web2,web3tasks:- name: unarchive to web    # 解压文件到指定位置unarchive:src: files/html.tar.gzdest: /usr/share/nginx/

配置NFS服务器

---
- name: config nfshosts: nfstasks:- name: install nfs        # 安装nfsyum:name: nfs-utilsstate: present- name: mkdir /nfs_root    # 创建共享目录file:path: /nfs_rootstate: directorymode: "0755"- name: nfs share          # 修改配置文件lineinfile:path: /etc/exportsline: '/nfs_root 192.168.88.0/24(rw)'- name: start service      # 循环启动服务service:name: "{{item}}"state: startedenabled: yesloop:- rpcbind       # nfs服务依赖rpcbind服务- nfs-server

showmount -e  #查看共享输出

迁移文件至nfs共享:

下载web1的html目录

---- name: copy webhosts: web1tasks:- name: compress html        # 压缩html目录到/root下archive:path: /usr/share/nginx/htmldest: /root/html2.tar.gzformat: gz- name: download htmlfetch:src: /root/html2.tar.gz  # 下载压缩文件dest: files/flat: yes

释放压缩包到nfs服务器

---
- name: deploy nfshosts: nfstasks:- name: unarchive to web     # 将控制端压缩文件解压到指定位置unarchive:src: files/html2.tar.gzdest: /nfs_root/

清除web服务器的html目录
---
- name: rm htmlhosts: webserverstasks:- name: rm htmlfile:path: /usr/share/nginx/htmlstate: absent- name: create htmlfile:path: /usr/share/nginx/htmlstate: directoryowner: apachegroup: apachemode: "0755"

挂载到web服务器上面

---
- name: mount nfshosts: webserverstasks:- name: install nfsyum:name: nfs-utilsstate: present- name: mount nfsmount:path: /usr/share/nginx/htmlsrc: 192.168.88.31:/nfs_root/htmlfstype: nfsstate: mounted

配置代理服务器

[webservers]
web1 ansible_host=192.168.88.11
web2 ansible_host=192.168.88.12
web3 ansible_host=192.168.88.13[dbs]
database ansible_host=192.168.88.21[storages]
nfs ansible_host=192.168.88.31[lb]
haproxy1 ansible_host=192.168.88.5
haproxy2 ansible_host=192.168.88.6[all:vars]
ansible_ssh_user=root
ansible_ssh_pass=a

配置高可用、负载均衡功能

# 1. 配置yum[root@pubserver project01]# ansible-playbook 01-upload-repo.yml # 2. 配置调度服务器[root@pubserver project01]# vim 13-install-lb.yml ---- name: install lbhosts: lbtasks:- name: install pkgyum:name: haproxy,keepalivedstate: present[root@pubserver project01]# ansible-playbook 13-install-lb.yml # 3. 修改配置文件并启动服务
[root@pubserver project01]# vim 14-config-lb.yml
---
- name: config haproxyhosts: lbtasks:- name: rm linesshell: sed -i '64,$d' /etc/haproxy/haproxy.cfg- name: add linesblockinfile:path: /etc/haproxy/haproxy.cfgblock: |listen wordpressbind 0.0.0.0:80balance roundrobinserver web1 192.168.88.11:80 check inter 2000 rise 2 fall 5server web2 192.168.88.12:80 check inter 2000 rise 2 fall 5server web3 192.168.88.13:80 check inter 2000 rise 2 fall 5listen monbind 0.0.0.0:1080stats refresh 30sstats uri /mon            stats auth admin:admin- name: start serviceservice:name: haproxystate: startedenabled: yes
[root@pubserver project01]# ansible-playbook 14-config-lb.yml
# 4. haproxy1配置keepalived，实现高可用集群
[root@haproxy1 ~]# vim /etc/keepalived/keepalived.conf 
...略...12    router_id haproxy1   # 为本机取一个唯一的id13    vrrp_iptables        # 自动开启iptables放行规则
...略...20 vrrp_instance VI_1 {21     state MASTER        # 主服务器状态是MASTER22     interface eth023     virtual_router_id 5124     priority 10025     advert_int 126     authentication {27         auth_type PASS28         auth_pass 111129     }30     virtual_ipaddress {31         192.168.88.80       # vip地址32     }33 }
# 以下全部删除# 5. haproxy2配置keepalived
[root@haproxy1 ~]# scp /etc/keepalived/keepalived.conf 192.168.88.6:/etc/keepalived/
[root@haproxy2 ~]# vim /etc/keepalived/keepalived.conf 
...略...12    router_id haproxy2   # 为本机取一个唯一的id13    vrrp_iptables        # 自动开启iptables放行规则
...略...20 vrrp_instance VI_1 {21     state BACKUP        # 备份服务器状态是BACKUP22     interface eth023     virtual_router_id 5124     priority 80         # 备份服务器优先级低于主服务器25     advert_int 126     authentication {27         auth_type PASS28         auth_pass 111129     }30     virtual_ipaddress {31         192.168.88.8032     }33 }# 6. 启动服务
[root@haproxy1 ~]# systemctl enable keepalived.service --now
[root@haproxy2 ~]# systemctl enable keepalived.service --now# 7. 验证。haproxy1上出现VIP。客户端访问http://192.168.88.80即可
[root@haproxy1 ~]# ip a s | grep 192inet 192.168.88.5/24 brd 192.168.88.255 scope global noprefixroute eth0inet 192.168.88.80/32 scope global eth0