使用Ansible自动化部署Lvs+keepalived

博客参考https://www.cnblogs.com/zhaoya2019/archive/2020/03/31/12609142.html

ansible-playbook入口文件

根据主机功能分配3个角色,目录结构如下

nfs角色文件

[root@zqf ~]# cat /etc/ansible/roles/nfs/files/exports 
/data 192.168.1.0/24(rw,sync)
[root@zqf ~]# cat /etc/ansible/roles/nfs/handlers/main.yaml 
- name: reload nfs
  service: name=nfs state=reloaded
[root@zqf ~]# cat /etc/ansible/roles/nfs/tasks/main.yaml 
- name: yum install nfs services
  yum: name=nfs-utils state=installed
- name: yum install rpcbind 
  yum: name=rpcbind state=installed
- name: create share directory
  file: path={{ share_path }} owner=nfsnobody group=nfsnobody state=directory recurse=yes
  notify: reload nfs
- name: nfs configure
  copy: src=exports dest=/etc/
  notify: reload nfs
- name: start nfs service
  service: name=nfs state=started enabled=yes
- name: start rpcbind
  service: name=rpcbind state=started enabled=yes
[root@zqf ~]# cat /etc/ansible/roles/nfs/vars/main.yaml 
share_path: /data

Web功能文件

[root@zqf ~]# cat /etc/ansible/roles/web/files/ifcfg-lo\:0 
DEVICE=lo:0
IPADDR=192.168.1.200
NETMASK=255.255.255.255
NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@zqf ~]# cat /etc/ansible/roles/web/files/index.html 
this is web1
[root@zqf ~]# cat /etc/ansible/roles/web/files/sysctl.conf 
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.lo.arp_announce = 2

[root@zqf ~]# cat /etc/ansible/roles/web/handlers/main.yaml 
- name: reload httpd
  service: name=httpd state=reloaded
- name: restart network
  service: name=network state=reloaded
[root@zqf ~]# cat /etc/ansible/roles/web/tasks/main.yaml 
- name: install httpd
  yum: name=httpd state=installed
- name: write the index
  copy: src=index.html dest=/var/www/html
  notify: reload httpd
- name: start httpd
  service: name=httpd state=started enabled=yes
- name: yum install nfs services
  yum: name=nfs-utils state=installed
- name: yum install rpcbind 
  yum: name=rpcbind state=installed
- name: start nfs service
  service: name=nfs state=started enabled=yes
- name: start rpcbind
  service: name=rpcbind state=started enabled=yes
- name: create mount directory
  file: path=/var/www/html/nfs state=directory
- name: mount nfs
  mount: src=192.168.1.135:{{ share_path }} path=/var/www/html/nfs fstype=nfs state=mounted
  notify: reload httpd
- name: stop NetworkManager
  service: name=NetworkManager state=stopped 
- name: bind loopback
  copy: src=ifcfg-lo:0 dest=/etc/sysconfig/network-scripts/
- name: start network
  shell: systemctl restart network
- name: trun off arp
  copy: src=sysctl.conf dest=/etc/sysctl.conf
- name: load sysctl configuration
  shell: sysctl -p
- name: install network-tools
  yum: name=net-tools state=installed
- name: add route record
  shell: route add -host 192.168.1.200 dev lo:0
- name: route add local
  shell: echo "route add -host 192.168.1.200 dev lo:0" >> /etc/rc.local
  [root@zqf ~]# cat /etc/ansible/roles/web/vars/main.yaml 
share_path: /data

LVS功能文件

[root@zqf ~]# cat /etc/ansible/roles/lvs/files/epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
[root@zqf ~]# cat /etc/ansible/roles/lvs/files/ifcfg-ens33\:0 
TYPE="Ethernet"
DEVICE="ens33:0"
ONBOOT="yes"
IPADDR=192.168.1.200
NETMASK=255.255.255.0
[root@zqf ~]# cat /etc/ansible/roles/lvs/files/sysctl.conf1 
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.ens33.send_redirects = 0
[root@zqf ~]# cat /etc/ansible/roles/lvs/handlers/main.yaml 
- name: reload keepalived
  shell: systemctl restart keepalived
[root@zqf ~]# cat /etc/ansible/roles/lvs/tasks/main.yaml 
- name: stop NetwormManager
  service: name=NetworkManager state=stopped
- name: bind vip
  copy: src=ifcfg-ens33:0 dest=/etc/sysconfig/network-scripts/
- name: sysctl
  copy: src=sysctl.conf1 dest=/etc/sysctl.conf
- name: sysctl -p
  shell: sysctl -p
- name: epel 
  copy: src=epel.repo dest=/etc/yum.repos.d/
- name: install ipvsadm
  yum: name=ipvsadm state=installed
- name: load to kernel
  shell: modprobe ip_vs
- name: ipvsadm configure
  shell: ipvsadm -A -t {{ vip }}:80 -s rr
- name: ipvsadm list2 
  shell: ipvsadm -a -t {{ vip }}:80 -r {{ rs1 }}:80 -g;
- name: ipvsadm list3       
  shell: ipvsadm -a -t {{ vip }}:80 -r {{ rs2 }}:80 -g;
- name: restart this net
  shell: systemctl restart network
- name: install keepalived
  yum: name=keepalived state=installed
- name: configure keepalived
  template: src=keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
  notify: reload keepalived 
- name: start keepalived
  service: name=keepalived state=started enabled=yes
[root@zqf ~]# cat /etc/ansible/roles/lvs/templates/keepalived.conf.j2 
! Configuration File for keepalived

global_defs {
   router_id R1   #命名主机名(同一个组里机器名称不能一致)
}

vrrp_instance VI_1 {
        {% if ds_master == ansible_hostname%}
    state MASTER
        priority 80
        {% elif ds_slave == ansible_hostname%}
        state BACKUP
      priority 47
        {% endif %}   #设置主/从并配置优先级
    interface ens33
    virtual_router_id 66  #组号,如果是一组就是相同的ID号,一个主里面只能由一个主服务器和多个从服务器
    advert_int 1   #心跳检测时间,检测对方存货
    authentication {     #存活验证密码
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.200    #集群VIP地址
    }
}

virtual_server 192.168.1.200 80 {   #设置集群地址以及端口号
    delay_loop 2   #健康检查间隔
    lb_algo rr #当前使用轮询调度算法
    lb_kind DR   #LVS工作方式
    protocol TCP   #使用的协议

   real_server 192.168.1.131 80 {  #真实服务器Ip信息以及使用端口
        weight 1    #权重
        TCP_CHECK {     #状态检查方式
            connect_port 80   
            connect_timeout 3 #连接超时(秒)
            nb_get_retry 3    #重试次数
            dealy_before_retry 4 #重试间隔(秒)
            }
   }
   real_server 192.168.1.132 80 {
        weight 1     
        TCP_CHECK {     
          connect_port 80   
          connect_timeout 3  
          nb_get_retry 3      
          dealy_before_retry 4  
      }
   }
}
[root@zqf ~]# cat /etc/ansible/roles/lvs/vars/main.yaml 
vip: 192.168.1.200
rs1: 192.168.1.131
rs2: 192.168.1.132 
ds_master: ds1
ds_slave: ds2

执行结果


结果测试

vip在ds1上


ds2

访问VIP

查看共享存储是否成功

断开web2服务,业务并没有停止

关掉ds1主负载均衡器 vip飘到了ds2备上

posted @ 2020-09-01 23:19  梦想如花般盛开  阅读(747)  评论(0)    收藏  举报