标签:登录 id_rsa admin backup time user -o 客户端 ***
拓扑图
2.准备工作,在各个主机上调整好防火墙策略,以及setenforce参数,还有配置好各个主机的yum源
3.在ansible所在的主机上,做关于其他主机的免密码登录
此次命令在/root下执行,所以公钥默认保存在/root/.ssh/目录下 ssh-keygen -t rsa -P "" ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.150 ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.151 ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.152 ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.154 ssh-copy-id -i .ssh/id_rsa.pub root@172.16.0.155
4.实现nginx的负载均衡
(1.)编辑一个playbook,keepalive.yaml,内容如下
- hosts: keepalive 在/etc/ansible/hosts下定义的组 remote_user: root tasks: - name: install Keepalived yum: name=keepalived state=installed - name: install nginx yum: name=nginx state=installed - name: send keepalived.conf template: src=/etc/keepalived/keepalived.conf dest=/etc/keepalived/keepalived.conf /传输keepalived文件 - name: send nginx.conf template: src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf - name: start keepalived service: name=keepalived state=started - name: start nginx service: name=nginx state=started
PLAY [keepalive] ******************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************** ok: [172.16.0.150] ok: [172.16.0.152] TASK [install Keepalived] *********************************************************************************************************** changed: [172.16.0.152] changed: [172.16.0.150] TASK [install nginx] **************************************************************************************************************** changed: [172.16.0.150] changed: [172.16.0.152] TASK [send keepalived.conf] ********************************************************************************************************* changed: [172.16.0.150] changed: [172.16.0.152] TASK [send nginx.conf] ************************************************************************************************************** changed: [172.16.0.152] changed: [172.16.0.150] TASK [start keepalived] ************************************************************************************************************* changed: [172.16.0.152] changed: [172.16.0.150] TASK [start nginx] ****************************************************************************************************************** changed: [172.16.0.150] changed: [172.16.0.152] PLAY RECAP ************************************************************************************************************************** 172.16.0.150 : ok=7 changed=6 unreachable=0 failed=0 172.16.0.152 : ok=7 changed=6 unreachable=0 failed=0
5./etc/keepalived/keepalived.conf文件配置
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ route_id }} 变量区分设备的ID
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ states }} 变量初始状态
interface ens33
virtual_router_id 51
priority {{ pri }} 变量优先级
advert_int 1
authentication {
auth_type PASS
auth_pass MTUwPBjd
}
virtual_ipaddress {
172.16.0.254
}
}
6./etc/ansible/hosts文件内容如下
[keepalive] 172.16.0.150 states=MASTER route_id=nginx1 pri=100 给此主机定义的变量 172.16.0.152 states=BACKUP route_id=nginx2 pri=90 给此主机定义的变量
7./etc/nginx/nginx.conf配置如下(用于实现反代功能)
upstream wang {
server 172.16.0.151:80 weight=1;
server 172.16.0.154:80 weight=1;
}
server {
listen 80 default_server;
# listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://wang;8.查看后端主机是否配置完成
172.16.0.150
172.16.0.152
[root@bogon ~]# systemctl status keepalived ● keepalived.service - LVS and VRRP High Availability Monitor Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled) Active: active (running) since Fri 2018-06-22 15:10:51 CST; 19min ago Process: 12540 ExecStart=/usr/sbin/keepalived $KEEPALIVED_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 12541 (keepalived) CGroup: /system.slice/keepalived.service ├─12541 /usr/sbin/keepalived -D ├─12542 /usr/sbin/keepalived -D └─12543 /usr/sbin/keepalived -D Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering Kernel netlink reflector Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering Kernel netlink command channel Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Registering gratuitous ARP shared channel Jun 22 15:10:51 bogon Keepalived_vrrp[12543]: Opening file '/etc/keepalived/keepalived.conf'. Jun 22 15:10:52 bogon Keepalived_healthcheckers[12542]: Opening file '/etc/keepalived/keepalived.conf'. Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) removing protocol VIPs. Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) removing protocol iptable drop rule Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: Using LinkWatch kernel netlink reflector... Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP_Instance(VI_1) Entering BACKUP STATE Jun 22 15:10:52 bogon Keepalived_vrrp[12543]: VRRP sockpool: [ifindex(2), proto(112), unicast(0), fd(10,11)] [root@bogon ~]# ss -tnl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:111 *:* LISTEN 0 128 *:80 *:*
9.后端服务器配置
(1)同样写一个playbook文件/etc/ansible/apache.yaml
- hosts: apache remote_user: root tasks: - name: install httpd yum: name=httpd state=installed - name: install php-fpm yum: name=php-fpm state=installed - name: install mariadb yum: name=mariadb-server state=installed - name: sent httpd.conf copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf - name: sent php-fpm.conf copy: src=/etc/php-fpm.d/www.conf dest=/etc/php-fpm.d/www.conf - name: start php-fpm service: name=php-fpm state=started - name: start httpd service: name=httpd state=started - name: start mariadb service: name=mariadb state=started
(2)ansible 测试
[root@bogon ansible]# ansible-playbook -C apache.yaml PLAY [apache] ********************************************************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************************************************************ ok: [172.16.0.151] ok: [172.16.0.154] TASK [install httpd] ************************************************************************************************************************************************************************** changed: [172.16.0.154] changed: [172.16.0.151] TASK [install php-fpm] ************************************************************************************************************************************************************************ changed: [172.16.0.151] changed: [172.16.0.154] TASK [install mariadb] ************************************************************************************************************************************************************************ changed: [172.16.0.151] changed: [172.16.0.154] TASK [sent httpd.conf] ************************************************************************************************************************************************************************ changed: [172.16.0.151] changed: [172.16.0.154] TASK [sent php-fpm.conf] ********************************************************************************************************************************************************************** changed: [172.16.0.151] changed: [172.16.0.154] PLAY RECAP ************************************************************************************************************************************************************************************ 172.16.0.151 : ok=6 changed=5 unreachable=0 failed=0 172.16.0.154 : ok=6 changed=5 unreachable=0 failed=0
(3)/etc/php-fpm.d/www.conf 文件配置修改最后两行,实现会话保存到远程主机的memcached中
php_value[session.save_handler] = memcache php_value[session.save_path] = "tcp://172.16.72.6:11211?persistent=1&weight=1&timeout=1&retry_interval=15"
(4)/etc/httpd/conf/httpd.conf文件配置与php-fpm做连接
Proxyrequests Off Proxypassmatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1
(5)传输web测试文件做一个index.php页面发送过去
{{ host }} 是变量
<?php
phpinfo();
?>
[root@bogon ~]# ansible apache -m template -C -a "src=/root/index.php dest=/var/www/html/"
(6)关于host变量声明/etc/ansible/hosts
[apache] 172.16.0.151 host=172.16.0.151.ansible 172.16.0.154 host=172.16.0.154.ansible
(7)web端测试
(8)代理服务器测试
10.安装memcached
[root@bogon ~]# ansible memcache -m yum -C -a "name=memcached state=installed"
172.16.0.155 | SUCCESS => {
"changed": true,
"changes": {
"installed": [
"memcached"
]
},
"results": []
} 在php-fpm主机上安装php-pecl-memcache
[root@bogon ~]# ansible apache -m yum -C -a "name=php-pecl-memcache state=installed"
给web主机传输会话测试文件
新建php页面setsess.php,为客户端设置启用session:
<?php
session_start();
if (!isset($_SESSION['www.qhdlink.com'])) {
$_SESSION['www.qhdlink.com'] = time();
}
print $_SESSION['www.qhdlink.com'];
print "<br><br>";
print "Session ID: " . session_id();
?>
新建php页面showsess.php,获取当前用户的会话ID:
<?php
session_start();
$memcache_obj = new Memcache;
$memcache_obj->connect('172.16.72.6', 11211);
$mysess=session_id();
var_dump($memcache_obj->get($mysess));
$memcache_obj->close();
?>查看会话网页:
(11)对web服务器实现phpmyadmin
在web服务器目录下设置phpmyadmin,并在对应web服务器设置数据库账户密码实现登录
标签:登录 id_rsa admin backup time user -o 客户端 ***
原文地址:http://blog.51cto.com/wangchaode/2131838
