ansible 实现keepalived基于nginx的高可用

实验环境
192.168.63.131 ansible服务器
192.168.63.137 keepalived 服务器基于nginx
192.168.63.140 keepalived 服务器基于nginx
192.168.63.134 HTTP服务器
192.168.63.135 HTTP服务器

1.安装ansible，基于epel源
yum install ansible -y
2.配置主配置文件，在主配置文件中加入要远程的ip
vim /etc/ansible/hosts
[keepalived]
192.168.63.137
192.168.63.140

[httpdserver]
192.168.63.134
192.168.63.135

[server]
192.168.63.134
192.168.63.135
192.168.63.137
192.168.63.140

3.基于ssh验证
ssh-keygen 生成秘钥文件
ssh-copy-id 192.168.63.131 拷贝到自己主机
拷贝到其他主机
scp -r /root/.ssh root@192.168.63.137:/root/.ssh/
scp -r /root/.ssh root@192.168.63.140:/root/.ssh/
scp -r /root/.ssh root@192.168.63.135:/root/.ssh/
scp -r /root/.ssh root@192.168.63.134:/root/.ssh/

4.测试ansible是否可以ping通其他主机
ansible 192.168.63.137 -m ping
ansible 192.168.63.134 -m ping
ansible 192.168.63.135 -m ping
ansible 192.168.63.140 -m ping
或
ansible server -m ping

5.创建一个ansible目录用来组名存放ansible脚本
mkdir ansible

6.创建yml
[root@contes7 ansible]# vim keepalived.yml

—
– hosts: keepalived
remote_user: root

tasks:
– name: install
yum: name=keepalived
– name: install
yum: name=nginx
– name: install
yum: name=psmisc
– name: install
yum: name=mail*
– name: copy conf file
copy: src=/root/ansible/templates/keepalived.conf.bak.j2 dest=/etc/keepalived/keepalived.conf
– name: copy conf file
copy: src=/root/ansible/templates/notify.sh.j2 dest=/etc/keepalived/notify.sh
– name: copy conf file
copy: src=/root/ansible/templates/nginx.conf.bak.j2 dest=/etc/nginx/nginx.conf
– name: copy conf file
copy: src=/root/ansible/templates/www.conf.j2 dest=/etc/nginx/conf.d/www.conf
– name: shell
shell: chmod +x /etc/keepalived/notify.sh
– name: shell
shell: iptables -F
– name: start service
service: name=keepalived.service state=started enabled=yes
– name: start service
service: name=nginx state=started enabled=yes
– name: shell
shell: iptables -F

– hosts: 192.168.63.140
remote_user: root

tasks:
– name: copy conf file
copy: src=/root/ansible/templates/keepalived2.conf.bak.j2 dest=/etc/keepalived/keepalived.conf backup=yes

– hosts: httpdserver
remote_user: root

tasks:
– name: install package
yum: name=httpd
– name: copy
copy: src=/root/ansible/templates/index.html.j2 dest=/var/www/html/index.html
– name: shell
shell: iptables -F
– name: start service
service: name=httpd state=started enabled=yes

– hosts: 192.168.63.135
remote_user: root

tasks:
– name: copy
copy: src=/root/ansible/templates/index.html.j3 dest=/var/www/html/index.html
– name: shell
shell: iptables -F

7. 创建模板文件
vim ansible/templates/keepalived.conf.bak.j2
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group 224.0.98.98
}

vrrp_script ngxhealth { #定义独立的脚本,名字自己定义
#killall -0 nginx 命令是检查nginx服务是否正常
script “killall -0 nginx && exit 0 || exit 1” #指明要配置脚本了，script可以是放置在系统中的脚本文件路径，也可以是一条命令
interval 1 #一秒钟检测一次
weight -5 #如果nginx故障权重减5，要确定减完以后低于备用节点
fall 2
rise 1
}

vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.63.98/24
}

track_script {
ngxhealth #在vrrp_instance VI_1中调用ngxhealth脚本
}

track_interface {
ens33 #跟踪ens33接口
}

notify_master “/etc/keepalived/notify.sh master” # 当前节点成为主节点时触发的脚本
notify_backup “/etc/keepalived/notify.sh backup” # 当前节点转为备节点时触发的脚本
notify_fault “/etc/keepalived/notify.sh fault” # 当前节点转为失败状时触发的脚本
}

vrrp_instance VI_2 { #唯一标识,如果有vrrp，两个标识不一样，可以自己指定
state BACKUP #优先级最高的为MASTER，其他级别为BACKUP
interface ens33 #在哪个接口工作
virtual_router_id 77 #id是0-255主机的十进制数字都可以，id和自己的主服务器一样
priority 98 #优先级，数字越大，优先级就越高
advert_int 1 #自己的心跳信息，通过组播每隔多长时间通告一次
authentication { #为了安全需要验证
auth_type PASS #PASS是密码验证，默认是8位
auth_pass pvfe4HZi #密码8位，可以通过“openssl rand -base64 8” 命令生成随机的8位字串
}
virtual_ipaddress { #设置虚拟ip地址
192.168.63.100/24 #虚拟的ip，不是真实的
}

track_script {
ngxhealth #在vrrp_instance VI_1中调用ngxhealth脚本
}

notify_master “/etc/keepalived/notify.sh master” # 当前节点成为主节点时触发的脚本
notify_backup “/etc/keepalived/notify.sh backup” # 当前节点转为备节点时触发的脚本
notify_fault “/etc/keepalived/notify.sh fault” # 当前节点转为失败状时触发的脚本
}

vim ansible/templates/keepalived2.conf.bak.j2
! Configuration File for keepalived

global_defs {
notification_email {
root@localhost
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group 224.0.98.98
}

vrrp_script ngxhealth { #定义独立的脚本,名字自己定义
#killall -0 nginx 命令是检查nginx服务是否正常
script “killall -0 nginx && exit 0 || exit 1” #指明要配置脚本了，script可以是放置在系统中的脚本文件路径，也可以是一条命令
interval 1 #一秒钟检测一次
weight -5 #如果nginx故障权重减5，要确定减完以后低于备用节点
fall 2
rise 1
}

vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 66
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass 12345678
}
virtual_ipaddress {
192.168.63.98/24
}

track_interface {
ens33 #跟踪ens33接口
}

track_script {
ngxhealth #在vrrp_instance VI_1中调用ngxhealth脚本
}

notify_master “/etc/keepalived/notify.sh master” # 当前节点成为主节点时触发的脚本
notify_backup “/etc/keepalived/notify.sh backup” # 当前节点转为备节点时触发的脚本
notify_fault “/etc/keepalived/notify.sh fault” # 当前节点转为失败状时触发的脚本
}

vrrp_instance VI_2 { #唯一标识,如果有vrrp，两个标识不一样，可以自己指定
state MASTER #优先级最高的为MASTER，其他级别为BACKUP
interface ens33 #在哪个接口工作
virtual_router_id 77 #id是0-255主机的十进制数字都可以，id和自己的主服务器一样
priority 100 #优先级，数字越大，优先级就越高
advert_int 1 #自己的心跳信息，通过组播每隔多长时间通告一次
authentication { #为了安全需要验证
auth_type PASS #PASS是密码验证，默认是8位
auth_pass pvfe4HZi #密码8位，可以通过“openssl rand -base64 8” 命令生成随机的8位字串
}
virtual_ipaddress { #设置虚拟ip地址
192.168.63.100/24 #虚拟的ip，不是真实的
}

track_script {
ngxhealth #在vrrp_instance VI_1中调用ngxhealth脚本
}

notify_master “/etc/keepalived/notify.sh master” # 当前节点成为主节点时触发的脚本
notify_backup “/etc/keepalived/notify.sh backup” # 当前节点转为备节点时触发的脚本
notify_fault “/etc/keepalived/notify.sh fault” # 当前节点转为失败状时触发的脚本
}

vim ansible/templates/index.html.j2
RS1
vim ansible/templates/index.html.j3
RS2

vim ansible/templates/nginx.conf.bak.j2
include /etc/nginx/conf.d/*.conf;

server {
listen 80;
server_name localhost;
root /usr/share/nginx/html;

vim ansible/templates/www.conf.j2
upstream websrvs {
server 192.168.63.134:80; #http服务器的ip地址
server 192.168.63.135:80; #http服务器的ip地址

}

server {
listen 80 default_server; #默认访问这个网站
server_name nginx2.zhouyfei.com; #定义域名
root /user/share/nginx/html; #网站所在的目录
location / { #转换网站所在的目录
proxy_pass http://websrvs; #定义websrvs组名
}
}

vim ansible/templates/notify.sh.j2
#!/bin/bash
#通知脚本
#
contact=’root@localhost’

notify() {
local mailsubject=”$(hostname) to be $1, vip floating”
local mailbody=”$(date +’%F %T’): vrrp transition, $(hostname) changed to be $1″
echo “$mailbody” | mail -s “$mailsubject” $contact
}

case $1 in
master)
notify master
;;
backup)
notify backup
;;
fault)
notify fault
;;
*)
echo “Usage: $(basename $0) {master|backup|fault}”
exit 1
;;
esac