项目四.高可用集群_ansible

设备准备 

安装wordpress 

[root@localhost ~]# nmcli c del "Wired connection 1"
[root@localhost ~]# nmcli c add type ethernet ifname ens224 con-name ens224 ipv4.method manual ipv4.addr 192.168.88.40/24 gw4 192.168.88.1 autoconnect true
[root@localhost ~]# nmcli c up ens224curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo##所有主机配置主机名，IP,关闭防火墙，selinux，配置hosts文件
[root@web2 ~]# tail -7f /etc/hosts
10.38.102.67 web1
10.38.102.68 web2
10.38.102.69 mysql
10.38.102.70 nfs
10.38.102.71 haproxy1
10.38.102.72 haproxy2
10.38.102.73 ansible
##部署ansible机器
[root@ansible ~]# mkdir ensible_soft
[root@ensible ~]# cd ansible_soft/
##上传离线包
[root@ensible ansible_soft]# ll
total 38712
-rw-r--r-- 1 root root 36705432 Jun  9 01:56 ansible-6.3.0-1.el8.noarch.rpm
-rw-r--r-- 1 root root  2928380 Jun  9 01:56 ansible-core-2.13.3-1.el8.x86_64.rpm
[root@ansible ensible_soft]# yum -y install createrepo
[root@ansible ensible_soft]# createrepo .
[root@ensible ansible_soft]# ll
total 38712
-rw-r--r-- 1 root root 36705432 Jun  9 01:56 ansible-6.3.0-1.el8.noarch.rpm
-rw-r--r-- 1 root root  2928380 Jun  9 01:56 ansible-core-2.13.3-1.el8.x86_64.rpm
drwxr-xr-x 2 root root     4096 Jun  9 01:58 repodata
[root@ansible ensible_soft]# vi /etc/yum.repos.d/ansible.repo
[root@ansible ensible_soft]# cat /etc/yum.repos.d/ansible.repo
[ansible]
name=ansible
baseurl=file:///root/ansible_soft
gpgcheck=0
[root@ansible ensible_soft]# yum makecache
[root@ansible ensible_soft]# yum -y install ansible
[root@ensible ~]# mkdir -p project04/files
[root@ensible ~]# cd project04/
[root@ensible project04]# vim ansible.cfg
[root@ensible project04]# cat ansible.cfg
[defaults]
inventory = inventory
host_key_checking = false
[root@ensible project04]# vim inventory
[root@ansible project04]# cat inventory
[webservers]
web1 ansible_host=10.38.102.67
web2 ansible_host=10.38.102.68[dbs]
mysql ansible_host=10.38.102.69[storages]
nfs ansible_host=10.38.102.70[lb]
haproxy1 ansible_host=10.38.102.71
haproxy2 ansible_host=10.38.102.72
##使用剧本安装服务【{{item}}依次执行loop中的服务】
[root@ansible project04]# vim 01-config-web1.yml
[root@ansible project04]# cat 01-config-web1.yml
---
- name: config web1hosts: web1tasks:- name: install pkgs   # 安装软件包yum:name:- nginx- mysql-server- php-mysqlnd- php-fpm- php-jsonstate: present- name: start service   # 循环启动多个服务service:name: "{{item}}"state: startedenabled: yesloop:- nginx- php-fpm- mysqld
[root@ansible project04]# ansible-playbook 01-config-web1.yml
##测试访问nginx;连接数据库
[root@web1 ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.41 Source distributionCopyright (c) 2000, 2025, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> exit
Bye
##手写网页；测试访问php
[root@web1 ~]# vi /usr/share/nginx/html/index.php
[root@web1 ~]# cat /usr/share/nginx/html/index.php
<?phpphpinfo();
?>[root@web1 ~]# curl 127.0.0.1
<a href="http://www.php.net/"><img border="0"[root@web1 ~]# rm -rf /usr/share/nginx/html/index.php[root@ansible project04]# vim files/config_mysql.sh
[root@ansible project04]# cat files/config_mysql.sh
#!/bin/bashmysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@localhost identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@localhost"
[root@ansible project04]# vim 02-config-mysql.yml
[root@ansible project04]# cat 02-config-mysql.yml
---
- name: config mysqlhosts: web1tasks:- name: create databasescript: files/config_mysql.sh
[root@ansible project04]# ansible-playbook 02-config-mysql.yml##验证
[root@web1 ~]# mysql -u wpuser01 -pwordpress
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.41 Source distributionCopyright (c) 2000, 2025, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| performance_schema |
| wordpress          |
+--------------------+
3 rows in set (0.01 sec)mysql> exit
Bye##上传安装包
[root@web1 ~]# ll
total 22988
-rw-r--r--  1 root root        0 Jun  9 02:18 1.txt
-rw-------. 1 root root     1206 Jun  6 08:48 anaconda-ks.cfg
-rw-r--r--  1 root root 23535225 Jun  9 02:44 wordpress-6.1.1-zh_CN.tar.gz
[root@web1 ~]# tar xf wordpress-6.1.1-zh_CN.tar.gz
[root@web1 ~]# cp -r wordpress/* /usr/share/nginx/html/
[root@web1 ~]# chown -R apache:apache /usr/share/nginx/html/

配置wordpress界面 

安装向导

 

 

 

数据库和web分开

创新数据库

• 保证数据安全性，web界面性能

[root@ansible project04]# cat files/config_mysql2.sh
#!/bin/bashmysql -e "create database wordpress character set utf8mb4"
mysql -e "create user wpuser01@'%' identified by 'wordpress'"
mysql -e "grant all privileges on wordpress.* to wpuser01@'%'"
[root@ansible project04]# vim 03-config-database.yml
[root@ansible project04]# cat 03-config-database.yml
---
- name: config databasehosts: dbstasks:- name: install mysql    # 安装数据库服务yum:name: mysql-serverstate: present- name: start service    # 启动数据库服务service:name: mysqldstate: startedenabled: yes- name: create databasescript: files/config_mysql.sh
[root@ansible project04]# ansible-playbook 03-config-database.yml##查看
[root@mysql ~]# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 8.0.41 Source distributionCopyright (c) 2000, 2025, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
| wordpress          |
+--------------------+
5 rows in set (0.01 sec)mysql> use mysql;mysql> select Host,User from user;
+-----------+------------------+
| Host      | User             |
+-----------+------------------+
| %         | wpuser01         |
| localhost | mysql.infoschema |
| localhost | mysql.session    |
| localhost | mysql.sys        |
| localhost | root             |
+-----------+------------------+
5 rows in set (0.00 sec)mysql> exit
Bye

数据库迁移

服务器通知迁移

查看文章

数据库配置

[root@web1 ~]# mysqldump wordpress > wordpress.sql
[root@web1 ~]# scp wordpress.sql mysql:/root/
[root@mysql ~]# ll
total 244
-rw-------. 1 root root   1203 Jun  6 08:57 anaconda-ks.cfg
-rw-r--r--  1 root root 245344 Jun  9 03:31 wordpress.sql
[root@mysql ~]# mysql wordpress < wordpress.sql
[root@web1 ~]# vim /usr/share/nginx/html/wp-config.php
##修改为；连接mysql主机的数据库
/** Database hostname */
define( 'DB_HOST', '10.38.102.69' );
##测试访问
mysql> use wordpress;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+-----------------------+
| Tables_in_wordpress   |
+-----------------------+
| wp_commentmeta        |
| wp_comments           |
| wp_links              |
| wp_options            |
| wp_postmeta           |
| wp_posts              |
| wp_term_relationships |
| wp_term_taxonomy      |
| wp_termmeta           |
| wp_terms              |
| wp_usermeta           |
| wp_users              |
+-----------------------+
12 rows in set (0.00 sec)

安装web2

[root@ansible project04]# vim 04-config-webservers.yml
[root@ansible project04]# cat 04-config-webservers.yml
---
- name: config webservershosts: webserver2tasks:- name: install pkgs    # 安装软件包yum:name:- nginx- php-mysqlnd- php-fpm- php-jsonstate: present- name: start service   # 循环启动多个服务service:name: "{{item}}"state: startedenabled: yesloop:- nginx- php-fpm
[root@ansible project04]#  ansible-playbook 04-config-webservers.yml
[root@ansible project04]# vim 05-fetch-web1.yml
[root@ansible project04]# cat 05-fetch-web1.yml
---
- name: copy webhosts: web1tasks:- name: compress html    # 压缩html目录到/root下archive:path: /usr/share/nginx/htmldest: /root/html.tar.gzformat: gz- name: download html    # 下载压缩文件fetch:src: /root/html.tar.gzdest: files/flat: yes
[root@ansible project04]# ansible-playbook 05-fetch-web1.yml
[root@ansible project04]# vim 06-deploy-web2.yml
[root@ansible project04]# cat 06-deploy-web2.yml
---
- name: deploy web2hosts: web2tasks:- name: unarchive to web    # 解压文件到指定位置unarchive:src: files/html.tar.gzdest: /usr/share/nginx/
[root@ansible project04]# ansible-playbook 06-deploy-web2.yml

##已安装过设备为绿色

 安装nfs

[root@ansible project04]# vim 07-config-nfs.yml
[root@ansible project04]# cat 07-config-nfs.yml
---
- name: config nfshosts: nfstasks:- name: install nfs        # 安装nfsyum:name: nfs-utilsstate: present- name: mkdir /nfs_root    # 创建共享目录file:path: /nfs_rootstate: directorymode: "0755"- name: nfs share          # 修改配置文件lineinfile:path: /etc/exportsline: '/nfs_root 10.38.102.0/24(rw)'- name: start service      # 循环启动服务service:name: "{{item}}"state: startedenabled: yesloop:- rpcbind       # nfs服务依赖rpcbind服务- nfs-server
[root@ansible project04]# ansible-playbook 07-config-nfs.yml
##查看共享输出
[root@nfs ~]# showmount -e
Export list for nfs:
/nfs_root 10.38.102.0/24[root@ansible project04]# vim 08-deploy-nfs.yml
[root@ansible project04]# cat 08-deploy-nfs.yml
---
- name: deploy nfshosts: nfstasks:- name: unarchive to web     # 将控制端压缩文件解压到指定位置unarchive:src: files/html.tar.gzdest: /nfs_root/
[root@ansible project04]# ansible-playbook 08-deploy-nfs.yml
[root@ansible project04]# vim 09-rm-html.yml
[root@ansible project04]# cat 09-rm-html.yml
---
- name: rm htmlhosts: webserverstasks:- name: rm htmlfile:path: /usr/share/nginx/htmlstate: absent- name: create htmlfile:path: /usr/share/nginx/htmlstate: directoryowner: apachegroup: apachemode: "0755"[root@ansible project04]# ansible-playbook 09-rm-html.yml
[root@ansible project04]# vim 10-mount-nfs.yml
[root@ansible project04]# cat 10-mount-nfs.yml
---
- name: mount nfshosts: webserverstasks:- name: install nfsyum:name: nfs-utilsstate: present- name: mount nfsmount:path: /usr/share/nginx/htmlsrc: 10.38.102.70:/nfs_root/htmlfstype: nfsstate: mounted
[root@ansible project04]# ansible-playbook 10-mount-nfs.yml
[root@ansible project04]# vim 11-install-lb.yml
[root@ansible project04]# cat 11-install-lb.yml
---
- name: install lbhosts: lbtasks:- name: install pkgyum:name: haproxy,keepalivedstate: present
[root@ansible project04]# ansible-playbook 11-install-lb.yml
[root@ansible project04]# vim 12-config-lb.yml
[root@ansible project04]# cat 12-config-lb.yml
---
- name: config haproxyhosts: lbtasks:- name: rm linesshell: sed -i '64,$d' /etc/haproxy/haproxy.cfg- name: add linesblockinfile:path: /etc/haproxy/haproxy.cfgblock: |listen wordpressbind 0.0.0.0:80balance roundrobinserver web1 10.38.102.67:80 check inter 2000 rise 2 fall 5server web2 10.38.102.68:80 check inter 2000 rise 2 fall 5listen monbind 0.0.0.0:1080stats refresh 30sstats uri /monstats auth admin:admin- name: start serviceservice:name: haproxystate: startedenabled: yes
[root@ansible project04]# ansible-playbook 12-config-lb.yml
[root@haproxy1 ~]# vim /etc/keepalived/keepalived.conf
[root@haproxy1 ~]# scp /etc/keepalived/keepalived.conf haproxy2:/etc/keepalived/
The authenticity of host 'haproxy2 (192.168.88.6)' can't be established.
ECDSA key fingerprint is SHA256:z64GJ+oU+/zmh53vY9CCgGocBoknzUwJmIuK5n7exZg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'haproxy2,192.168.88.6' (ECDSA) to the list of known hosts.
root@haproxy2's password:
keepalived.conf                                                                                                     100%  649   399.8KB/s   00:00
[root@haproxy1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 10.38.102.1smtp_connect_timeout 30router_id HAPROYX1vrrp_iptablesvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state MASTERinterface ens192virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.38.102.74}
}[root@haproxy2 ~]# vim /etc/keepalived/keepalived.conf
[root@haproxy2 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalivedglobal_defs {notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc}notification_email_from Alexandre.Cassen@firewall.locsmtp_server 10.38.102.1smtp_connect_timeout 30router_id HAPROYX2vrrp_iptablesvrrp_skip_check_adv_addrvrrp_strictvrrp_garp_interval 0vrrp_gna_interval 0
}vrrp_instance VI_1 {state BACKUPinterface ens192virtual_router_id 51priority 80advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.38.102.74}
}[root@haproxy1 ~]# systemctl enable keepalived.service --now
[root@haproxy2 ~]# systemctl enable keepalived.service --now[root@haproxy1 ~]# systemctl restart keepalived.service --now
[root@haproxy1 ~]# ip -br a
lo               UNKNOWN        127.0.0.1/8 ::1/128
ens192           UP             10.38.102.71/24 10.38.102.74/32
ens224           UP
##可以测试两个主机的IP漂移##改写本地域名
[root@nfs ~]# cat /nfs_root/html/wp-config.php
/** The name of the database for WordPress */
##在"DB_USER"上方添加两行
define('WP_SITEURL', 'http://www.moershi.com');
define('WP_HOME', 'http://www.moershi.com');
define( 'DB_NAME', 'wordpress' );

测试访问

【访问两个web的ip也会跳转】

域名[访问vip将跳转至域名]

报错

 

以上报错，请回快照，重装