使用playbook实现一键部署负载均衡

环境

主机名	安装服务	wan	lan
lb01	nginx+keepalived（抢占式）	10.0.0.5(master)	172.16.1.5
lb02	nginx+keepalived（抢占式）	10.0.0.6(backup)	172.16.1.6
		10.0.0.3（虚拟ip）	---

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
	1.安装nginx
	2.拷贝nginx配置文件和 server
	3.写入include文件（proxy_params）
	4.安装keepalived
	5.优化keepalived（启动脚本）
	6.拷贝keepalived配置文件，配置master
	7.拷贝keepalived配置文件，配置backup
	8.启动nginx keepalived

主机清单

mkdir /root/ansible/lb -p && 
vim /root/ansible/lb/hosts

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root

负载均衡server

mkdir /root/ansible/lb/conf.d && 
vim /root/ansible/lb/conf.d/wp.zh.conf

upstream backend {
    server 10.0.0.7;
    server 10.0.0.8;
    server 10.0.0.9;
}
server {
	listen 80;
	server_name cs.wp.com cs.zh.com;

    location / {
        proxy_pass http://backend;    
        include proxy_params;
    }
}

nginx配置文件

vim /root/ansible/lb/nginx.conf 

user  www;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

编辑params

vim /root/ansible/lb/proxy_params

# 客户端的请求头部信息，带着域名来找我，我也带着域名去找下一级（代理机或者代理服务器）
proxy_set_header Host $host;
# 显示客户端的真实ip（和代理的所有IP）
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	
#nginx代理与后端服务器连接超时时间(代理连接超时)
proxy_connect_timeout 60s;
#nginx代理等待后端服务器的响应时间
proxy_read_timeout 60s;
	#后端服务器数据回传给nginx代理超时时间
proxy_send_timeout 60s;
	
#nignx会把后端返回的内容先放到缓冲区当中，然后再返回给客户端,边收边传, 不是全部接收完再传给客户端
proxy_buffering on;
#设置nginx代理保存用户头信息的缓冲区大小
proxy_buffer_size 4k;
#proxy_buffer_size 8k;
#proxy_buffers 缓冲区
proxy_buffers 8 4k;
#proxy_buffers 8 8k;
#使用http 1.1协议版本
proxy_http_version 1.1;

#错误页面重定向
proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404;

优化keepalived

vim /root/ansible/lb/keepalived.service 

[Unit]
Description=LVS and VRRP High Availability Monitor
After=syslog.target network-online.target

[Service]
Type=forking
PIDFile=/var/run/keepalived.pid
#KillMode=process
EnvironmentFile=-/etc/sysconfig/keepalived
ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

keepalived抢占式（master）配置文件

vim /root/ansible/lb/keepalived.master.conf
global_defs {                   #全局配置
    router_id lb01              #标识身份->名称（随意写）
}

vrrp_instance VI_1 {		  #标识身份->名称（随意）
    state MASTER                #标识角色状态（随意）
    interface eth0              #网卡绑定接口（错绑后修改后需要重启服务器生效）
    virtual_router_id 50        #虚拟路由id（1-254）,多个节点的设置必须一样（注释），不同高可用的keepaliced virtual_router_id不能相同
    priority 150                #优先级（主高备低）（修改后，重启服务器才能生效）
    advert_int 1                #监测间隔时间（不同的节点设置必须相同）（检测同一路由id的keepalived，检测nginx是否存活）
    authentication {            #认证（节点设置必须相同）
        auth_type PASS          #认证方式（相同节点的话，相同）
        auth_pass 1111          #认证密码
    }
    virtual_ipaddress {         
        10.0.0.3                #虚拟的VIP地址，（节点设置必须相同，最好是公网ip），可多设，每行一个，vip必须是公网ip，两个负载的eth0网卡也必须是公网ip
    }
}

keepalived抢占式（backup）配置文件

vim /root/ansible/lb/keepalived.backup.conf
global_defs {
    router_id lb02
}

vrrp_instance VI_1 {
    state BACKUP        
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {    
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        10.0.0.3
    }
}

yml

vim /root/ansible/lb/lb.yml

- hosts: all
  tasks:
    - name: jieya nginx_php.tar.gz
      unarchive:
        src: /root/nginx_php.tar.gz
        dest: /root

    - name: install nginx keepalived
      shell: "{{ item }}"
      with_items:
        - "yum localinstall -y /root/rpm/nginx*"
        - "yum install -y keepalived"
      when: ansible_hostname is match "lb*"
      
    - name: config nginx keepalived.server
      copy:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
      with_items:
        - { src: "/root/ansible/lb/nginx.conf",dest: "/etc/nginx/"}
        - { src: "/root/ansible/lb/conf.d/wp.zh.conf",dest: "/etc/nginx/conf.d/"}
        - { src: "/root/ansible/lb/proxy_params",dest: "/etc/nginx/"}
        - { src: "/root/ansible/lb/keepalived.service",dest: "/usr/lib/systemd/system/"}
        
    - name: config master   
      copy:
        src: "/root/ansible/lb/keepalived.master.conf"
        dest: "/etc/keepalived/keepalived.conf"
      when: ansible_hostname is match "lb01"
      
    - name: config backup   
      copy:
        src: "/root/ansible/lb/keepalived.backup.conf"
        dest: "/etc/keepalived/keepalived.conf"
      when: ansible_hostname is match "lb02"   
      
    - name: start nginx keepalived
      systemd:
        name: "{{ item }}"
        state: started
        enabled: yes
      with_items:
        - nginx
        - keepalived
        

执行

1.执行base.yml
[root@m01 ~]# ansible-playbook /root/ansible/base.yml -i /root/ansible/lb/hosts

2.执行lb.yml
[root@m01 ~]# ansible-playbook /root/ansible/lb/lb.yml -i /root/ansible/lb/hosts

问题描述：没有执行base.yml,没有创建www用户，导致nginx无法启动（nginx -sreload发现）