项目分享--NO.1

搭建高可用的web集群.部署网站

包含数据库,ceph/nfs,haproxy,keepalived,ansible部署

1,配置ansible管理环境

创建工作目录,编写ansible配置文件,和主机清单文件,yum配置文件

将yum文件到控制机上,然后用模块上传到被管理机器上

#vim 01-upload-repo.yml 
---
- name: config repos.d
  hosts: all
  tasks:
    - name: delete repos.d
      file:
        path: /etc/yum.repos.d
        state: absent
    - name: create repos.d
      file:
        path: /etc/yum.repos.d
        state: directory
        mode: '0755'
    - name: upload local88
      copy:
        src: files/local88.repo
        dest: /etc/yum.repos.d/

配置web1服务:

# vim 02-config-web1.yml 
---
- name: config web1
  hosts: webservers
  tasks:
    - name: install pkgs   # 安装软件包
      yum:
        name:
          - nginx           
          - mysql-server  
          - php-mysqlnd      #数据库包
          - php-fpm          #解释器包
          - php-json          
        state: present
    - name: start service   # 循环启动多个服务
      service:
        name: "{{item}}"
        state: started
        enabled: yes
      loop:
        - nginx
        - php-fpm
        - mysqld

编写php文件测试页面是否站起,测试完删除,不然影响后期操作

#vim /usr/share/nginx/html/index.php
<?php
    phpinfo();
?>

安装Wordpress网站，需要数据库，创建数据库并授权

此方法可以安装多种网站如:discursion,zabbix等

1. 编写用于创建数据库和用户的脚本

vim files/config_mysql.sh
#!/bin/bash
mysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@localhost identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@localhost"
2. 通过ansible的script模块执行脚本
[root@pubserver project01]# vim 03-config-mysql.yml 
---
- name: config mysql
  hosts: web1
  tasks:
    - name: create database
      script: files/config_mysql.sh
[root@pubserver project01]# ansible-playbook 03-config-mysql.yml
# 3. 测试账号，如果可以成功登陆mysql，则数据库和用户创建正确
[root@web1 ~]# mysql -uwpuser01 -pwordpress -hlocalhost wordpress

部署wordpress

在gitee拉取代码,搭建web,解压缩放在html下

cp -r wordpress/* /usr/share/nginx/html/

# 3. php程序是由php-fpm处理的，php-fpm以apache身份运行
[root@web1 ~]# ps aux | grep php-fpm
root        5655  0.0  0.4 395620 19056 ?        Ss   12:13   0:00 php-fpm: master process (/etc/php-fpm.conf)
apache      5670  0.0  0.3 412108 13812 ?        S    12:13   0:00 php-fpm: pool www
# 4. 为了让php-fpm程序能对html目录进行读写操作，需要为他授予权限
[root@web1 ~]# chown -R apache:apache /usr/share/nginx/html/

注意：注销登陆后，如果再次登陆，需访问http://192.168.88.11/wp-login.php

web与数据库服务分离

搭建数据库服务器:

# 2. 安装数据库服务，并创建数据库及用户
[root@pubserver project01]# vim files/config_mysql2.sh
#!/bin/bash
  
mysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@'%' identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@'%'"
[root@pubserver project01]# vim 04-config-database.yml
---
- name: config database
  hosts: dbs
  tasks:
    - name: install mysql    # 安装数据库服务
      yum:
        name: mysql-server
        state: present

    - name: start service    # 启动数据库服务
      service:
        name: mysqld
        state: started
        enabled: yes
    - name: create database
      script: files/config_mysql2.sh

迁移数据库

首先发布停服更新通知

注意：默认的wordpress对中文标题支持有bug，需要修改源码修复bug。或者更改【固定链接】配置，如下：

# 1. 在源服务器上备份数据库中的数据。备份数据库wordpress中的数据到wordpress.sql文件
[root@web1 ~]# mysqldump wordpress > wordpress.sql
# 2. 将备份文件拷贝到新数据库服务器
[root@web1 ~]# scp wordpress.sql 192.168.88.21:/root/
# 3. 在新数据库服务器上，导入数据。将wordpress.sql中的数据导入到wordpress数据库中
[root@database ~]# mysql wordpress < wordpress.sql 

# 4. 修改php网站，将数据库服务器地址，指向新数据库服务器
[root@web1 ~]# vim /usr/share/nginx/html/wp-config.php 
...略...
 31 /** Database hostname */
 32 define( 'DB_HOST', '192.168.88.21' );
...略...
# 5. 停止web1上的数据库服务，wordpress网站仍然可以访问
[root@web1 ~]# systemctl stop mysqld
[root@web1 ~]# yum remove -y mysql-server
# 6. 停止database上的数据库服务，wordpress将不能访问

查询数据库中的内容

[root@database ~]# mysql   # 打开mysql命令行

mysql> show databases;     # 查看有哪些数据

mysql> use wordpress;      # 切换到wordpress数据库

mysql> show tables;        # 查看wordpress库中有哪些表

mysql> select * from wp_posts\G  # 查看wp_posts表中的内容

配置额外的web服务器

一台难以解决高并发,高可用.多台

# 2. 配置web服务器
[root@pubserver project01]# vim 05-config-webservers.yml 
---
- name: config webservers
  hosts: webservers
  tasks:
    - name: install pkgs    # 安装软件包
      yum:
        name:
          - nginx
          - php-mysqlnd
          - php-fpm
          - php-json
        state: present
    - name: start service   # 循环启动多个服务
      service:
        name: "{{item}}"
        state: started
        enabled: yes
      loop:
        - nginx
        - php-fpm

将web1的html目录打包并下载:

---
- name: copy web
  hosts: web1
  tasks:
    - name: compress html    # 压缩html目录到/root下
      archive:
        path: /usr/share/nginx/html
        dest: /root/html.tar.gz
        format: gz
    - name: download html    # 下载压缩文件
      fetch:
        src: /root/html.tar.gz
        dest: files/
        flat: yes

释放html压缩包到其他web服务上

---
- name: deploy web2 and web3
  hosts: web2,web3
  tasks:
    - name: unarchive to web    # 解压文件到指定位置
      unarchive:
        src: files/html.tar.gz
        dest: /usr/share/nginx/

配置NFS服务器

---
- name: config nfs
  hosts: nfs
  tasks:
    - name: install nfs        # 安装nfs
      yum:
        name: nfs-utils
        state: present

    - name: mkdir /nfs_root    # 创建共享目录
      file:
        path: /nfs_root
        state: directory
        mode: "0755"
    - name: nfs share          # 修改配置文件
      lineinfile:
        path: /etc/exports
        line: '/nfs_root 192.168.88.0/24(rw)'

    - name: start service      # 循环启动服务
      service:
        name: "{{item}}"
        state: started
        enabled: yes
      loop:
        - rpcbind       # nfs服务依赖rpcbind服务
        - nfs-server

showmount -e  #查看共享输出

迁移文件至nfs共享:

下载web1的html目录

---

- name: copy web

  hosts: web1

  tasks:

    - name: compress html        # 压缩html目录到/root下

      archive:

        path: /usr/share/nginx/html

        dest: /root/html2.tar.gz

        format: gz


    - name: download html

      fetch:

        src: /root/html2.tar.gz  # 下载压缩文件

        dest: files/

        flat: yes

释放压缩包到nfs服务器

---
- name: deploy nfs
  hosts: nfs
  tasks:
    - name: unarchive to web     # 将控制端压缩文件解压到指定位置
      unarchive:
        src: files/html2.tar.gz
        dest: /nfs_root/

清除web服务器的html目录
---
- name: rm html
  hosts: webservers
  tasks:
    - name: rm html
      file:
        path: /usr/share/nginx/html
        state: absent
        
    - name: create html
      file:
        path: /usr/share/nginx/html
        state: directory
        owner: apache
        group: apache
        mode: "0755"

挂载到web服务器上面

---
- name: mount nfs
  hosts: webservers
  tasks:
    - name: install nfs
      yum:
        name: nfs-utils
        state: present
        
    - name: mount nfs
      mount:
        path: /usr/share/nginx/html
        src: 192.168.88.31:/nfs_root/html
        fstype: nfs
        state: mounted

配置代理服务器

[webservers]
web1 ansible_host=192.168.88.11
web2 ansible_host=192.168.88.12
web3 ansible_host=192.168.88.13


[dbs]
database ansible_host=192.168.88.21


[storages]
nfs ansible_host=192.168.88.31

[lb]
haproxy1 ansible_host=192.168.88.5
haproxy2 ansible_host=192.168.88.6

[all:vars]
ansible_ssh_user=root
ansible_ssh_pass=a

配置高可用、负载均衡功能

# 1. 配置yum

[root@pubserver project01]# ansible-playbook 01-upload-repo.yml 


# 2. 配置调度服务器

[root@pubserver project01]# vim 13-install-lb.yml 

---

- name: install lb

  hosts: lb

  tasks:

    - name: install pkg

      yum:

        name: haproxy,keepalived

        state: present


[root@pubserver project01]# ansible-playbook 13-install-lb.yml 

# 3. 修改配置文件并启动服务
[root@pubserver project01]# vim 14-config-lb.yml
---
- name: config haproxy
  hosts: lb
  tasks:
    - name: rm lines
      shell: sed -i '64,$d' /etc/haproxy/haproxy.cfg

    - name: add lines
      blockinfile:
        path: /etc/haproxy/haproxy.cfg
        block: |
          listen wordpress
              bind 0.0.0.0:80
              balance roundrobin
              server web1 192.168.88.11:80 check inter 2000 rise 2 fall 5
              server web2 192.168.88.12:80 check inter 2000 rise 2 fall 5
              server web3 192.168.88.13:80 check inter 2000 rise 2 fall 5
          listen mon
            bind 0.0.0.0:1080
            stats refresh 30s
            stats uri /mon            stats auth admin:admin

    - name: start service
      service:
        name: haproxy
        state: started
        enabled: yes
[root@pubserver project01]# ansible-playbook 14-config-lb.yml
# 4. haproxy1配置keepalived，实现高可用集群
[root@haproxy1 ~]# vim /etc/keepalived/keepalived.conf 
...略...
 12    router_id haproxy1   # 为本机取一个唯一的id
 13    vrrp_iptables        # 自动开启iptables放行规则
...略...
 20 vrrp_instance VI_1 {
 21     state MASTER        # 主服务器状态是MASTER
 22     interface eth0
 23     virtual_router_id 51
 24     priority 100
 25     advert_int 1
 26     authentication {
 27         auth_type PASS
 28         auth_pass 1111
 29     }
 30     virtual_ipaddress {
 31         192.168.88.80       # vip地址
 32     }
 33 }
# 以下全部删除

# 5. haproxy2配置keepalived
[root@haproxy1 ~]# scp /etc/keepalived/keepalived.conf 192.168.88.6:/etc/keepalived/
[root@haproxy2 ~]# vim /etc/keepalived/keepalived.conf 
...略...
 12    router_id haproxy2   # 为本机取一个唯一的id
 13    vrrp_iptables        # 自动开启iptables放行规则
...略...
 20 vrrp_instance VI_1 {
 21     state BACKUP        # 备份服务器状态是BACKUP
 22     interface eth0
 23     virtual_router_id 51
 24     priority 80         # 备份服务器优先级低于主服务器
 25     advert_int 1
 26     authentication {
 27         auth_type PASS
 28         auth_pass 1111
 29     }
 30     virtual_ipaddress {
 31         192.168.88.80
 32     }

 33 }

# 6. 启动服务
[root@haproxy1 ~]# systemctl enable keepalived.service --now
[root@haproxy2 ~]# systemctl enable keepalived.service --now

# 7. 验证。haproxy1上出现VIP。客户端访问http://192.168.88.80即可
[root@haproxy1 ~]# ip a s | grep 192
    inet 192.168.88.5/24 brd 192.168.88.255 scope global noprefixroute eth0
    inet 192.168.88.80/32 scope global eth0