ansible 實現keepalived基于nginx的高可用

timg

實驗環境
192.168.63.131 ansible服務器
192.168.63.137 keepalived 服務器基于nginx
192.168.63.140 keepalived 服務器基于nginx
192.168.63.134 HTTP服務器
192.168.63.135 HTTP服務器

1.安裝ansible，基于epel源
yum install ansible -y
2.配置主配置文件，在主配置文件中加入要遠程的ip
vim /etc/ansible/hosts
[keepalived]
192.168.63.137
192.168.63.140

[httpdserver]
192.168.63.134
192.168.63.135

[server]
192.168.63.134
192.168.63.135
192.168.63.137
192.168.63.140

3.基于ssh驗證
ssh-keygen 生成秘鑰文件
ssh-copy-id 192.168.63.131 拷貝到自己主機
拷貝到其他主機
scp -r /root/.ssh root@192.168.63.137:/root/.ssh/
scp -r /root/.ssh root@192.168.63.140:/root/.ssh/
scp -r /root/.ssh root@192.168.63.135:/root/.ssh/
scp -r /root/.ssh root@192.168.63.134:/root/.ssh/

4.測試ansible是否可以ping通其他主機
ansible 192.168.63.137 -m ping
ansible 192.168.63.134 -m ping
ansible 192.168.63.135 -m ping
ansible 192.168.63.140 -m ping
或
ansible server -m ping

5.創建一個ansible目錄用來組名存放ansible腳本
mkdir ansible

6.創建yml
[root@contes7 ansible]# vim keepalived.yml

—
– hosts: keepalived
remote_user: root

tasks:
– name: install
yum: name=keepalived
– name: install
yum: name=nginx
– name: install
yum: name=psmisc
– name: install
yum: name=mail*
– name: copy conf file
copy: src=/root/ansible/templates/keepalived.conf.bak.j2 dest=/etc/keepalived/keepalived.conf
– name: copy conf file
copy: src=/root/ansible/templates/notify.sh.j2 dest=/etc/keepalived/notify.sh
– name: copy conf file
copy: src=/root/ansible/templates/nginx.conf.bak.j2 dest=/etc/nginx/nginx.conf
– name: copy conf file
copy: src=/root/ansible/templates/www.conf.j2 dest=/etc/nginx/conf.d/www.conf
– name: shell
shell: chmod +x /etc/keepalived/notify.sh
– name: shell
shell: iptables -F
– name: start service
service: name=keepalived.service state=started enabled=yes
– name: start service
service: name=nginx state=started enabled=yes
– name: shell
shell: iptables -F

– hosts: 192.168.63.140
remote_user: root

tasks:
– name: copy conf file
copy: src=/root/ansible/templates/keepalived2.conf.bak.j2 dest=/etc/keepalived/keepalived.conf backup=yes

– hosts: httpdserver
remote_user: root

tasks:
– name: install package
yum: name=httpd
– name: copy
copy: src=/root/ansible/templates/index.html.j2 dest=/var/www/html/index.html
– name: shell
shell: iptables -F
– name: start service
service: name=httpd state=started enabled=yes

– hosts: 192.168.63.135
remote_user: root

tasks:
– name: copy
copy: src=/root/ansible/templates/index.html.j3 dest=/var/www/html/index.html
– name: shell
shell: iptables -F

7. 創建模板文件
vim ansible/templates/keepalived.conf.bak.j2
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group 224.0.98.98
}

vrrp_script ngxhealth { #定義獨立的腳本,名字自己定義
#killall -0 nginx 命令是檢查nginx服務是否正常
script “killall -0 nginx && exit 0 || exit 1” #指明要配置腳本了，script可以是放置在系統中的腳本文件路徑，也可以是一條命令
interval 1 #一秒鐘檢測一次
weight -5 #如果nginx故障權重減5，要確定減完以后低于備用節點
fall 2
rise 1
}

vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.63.98/24
}

track_script {
ngxhealth #在vrrp_instance VI_1中調用ngxhealth腳本
}

track_interface {
ens33 #跟蹤ens33接口
}

notify_master “/etc/keepalived/notify.sh master” # 當前節點成為主節點時觸發的腳本
notify_backup “/etc/keepalived/notify.sh backup” # 當前節點轉為備節點時觸發的腳本
notify_fault “/etc/keepalived/notify.sh fault” # 當前節點轉為失敗狀時觸發的腳本
}

vrrp_instance VI_2 { #唯一標識,如果有vrrp，兩個標識不一樣，可以自己指定
state BACKUP #優先級最高的為MASTER，其他級別為BACKUP
interface ens33 #在哪個接口工作
virtual_router_id 77 #id是0-255主機的十進制數字都可以，id和自己的主服務器一樣
priority 98 #優先級，數字越大，優先級就越高
advert_int 1 #自己的心跳信息，通過組播每隔多長時間通告一次
authentication { #為了安全需要驗證
auth_type PASS #PASS是密碼驗證，默認是8位
auth_pass pvfe4HZi #密碼8位，可以通過“openssl rand -base64 8” 命令生成隨機的8位字串
}
virtual_ipaddress { #設置虛擬ip地址
192.168.63.100/24 #虛擬的ip，不是真實的
}

track_script {
ngxhealth #在vrrp_instance VI_1中調用ngxhealth腳本
}

vim ansible/templates/keepalived2.conf.bak.j2
! Configuration File for keepalived

vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.63.98/24
}

track_interface {
ens33 #跟蹤ens33接口
}

track_script {
ngxhealth #在vrrp_instance VI_1中調用ngxhealth腳本
}

vrrp_instance VI_2 { #唯一標識,如果有vrrp，兩個標識不一樣，可以自己指定
state MASTER #優先級最高的為MASTER，其他級別為BACKUP
interface ens33 #在哪個接口工作
virtual_router_id 77 #id是0-255主機的十進制數字都可以，id和自己的主服務器一樣
priority 100 #優先級，數字越大，優先級就越高
advert_int 1 #自己的心跳信息，通過組播每隔多長時間通告一次
authentication { #為了安全需要驗證
auth_type PASS #PASS是密碼驗證，默認是8位
auth_pass pvfe4HZi #密碼8位，可以通過“openssl rand -base64 8” 命令生成隨機的8位字串
}
virtual_ipaddress { #設置虛擬ip地址
192.168.63.100/24 #虛擬的ip，不是真實的
}

track_script {
ngxhealth #在vrrp_instance VI_1中調用ngxhealth腳本
}

vim ansible/templates/index.html.j2
RS1
vim ansible/templates/index.html.j3
RS2

vim ansible/templates/nginx.conf.bak.j2
include /etc/nginx/conf.d/*.conf;

server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;

vim ansible/templates/www.conf.j2
upstream websrvs {
server 192.168.63.134:80; #http服務器的ip地址
server 192.168.63.135:80; #http服務器的ip地址

}

server {
listen 80 default_server; #默認訪問這個網站
server_name nginx2.zhouyfei.com; #定義域名
root /user/share/nginx/html; #網站所在的目錄
location / { #轉換網站所在的目錄
proxy_pass http://websrvs; #定義websrvs組名
}
}

vim ansible/templates/notify.sh.j2
#!/bin/bash
#通知腳本
#
contact=’root@localhost’

notify() {
local mailsubject=”$(hostname) to be $1, vip floating”
local mailbody=”$(date +’%F %T’): vrrp transition, $(hostname) changed to be $1″
echo “$mailbody” | mail -s “$mailsubject” $contact
}

case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo “Usage: $(basename $0) {master|backup|fault}”
exit 1
;;
esac

本文來自投稿，不代表Linux運維部落立場，如若轉載，請注明出處：http://www.www58058.com/103046