ansible剧本安装

公司共有两个业务,网上图书馆和一个电商网站。

现要求运维设计一个安全架构,本着高可用、廉价的原则。

具体情况如下:

       网上图书馆是基于jsp开发;

       电商系统是基于php开发;

       两个网站都是使用的mysql数据库;

       要求你提供一个高可用且廉价的架构方案,部署分发业务到外网;

 请画出拓扑图及通过虚拟机搭建测试环境。

1.   服务器的配置以及信息

系统 配置 ip 模块名
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.5/192.168.179.5 lb01
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.6/192.168.179.6 lb02
CentOS release 6 64位 1核1G 50G 硬盘 172.16.1.7/192.168.179.7 web01
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.8/192.168.179.8 web02
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.9/192.168.179.9 web03
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.10/192.168.179.10 web04
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.31/192.168.179.31 NFS
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.41/192.168.179.41 Rsync
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.51/192.168.179.51 数据库
CentOS release 6.9 64位 1核1G 50G 硬盘 172.16.1.51/192.168.179.51 ansible

1. lb模块(2个项目共用)

1)  lb模块采用的负载均衡机制, 运用了vrrp(路由冗余协议), 保证一台宕机 不影响业务的运转, 基于并发量的考虑我们这边使用了(keepalived+nginx)这种架构, 当后面并发上来,可以考虑换成(Keepalived + LVS )架构, 或者商业硬件,比如F5,A10之类的。

2) 我们这里做了互为主备配置

lb的物理ip 虚拟ip
172.16.1.5/192.168.179.5(lb01) 网上图书馆 电商系统 192.168.179.3
172.16.1.6/192.168.179.6(lb02) 电商系统 网上图书馆 192.168.179.4

2. 网上图书馆业务处理模块

基于安全考虑nginx 反向代理tomcat, 把tomcat放在后面, 不直接对外开放, 一些需要用到的图片资源,文件资源, 用共享文件服务器(nfs),然后数据直接同步到备份服务器。数据直接写入主mysql,从从mysql里面读数据。我们这里直接就一台mysql, 没有做读写分离

主机名 安装的软件 ip
web01 tomcat+ jdk + nginx 172.16.1.7/192.168.179.7
web02 tomcat+ jdk + nginx 172.16.1.8/192.168.179.8
nfs01 nfs-utils rpcbind rsync  sersync 172.16.1.31/192.168.179.31
backup rsync 172.16.1.41/192.168.179.41
db mysql 172.16.1.51/192.168.179.51

3. 电商系统业务处理模块

一些需要用到的图片资源,文件资源, 用共享文件服务器(nfs), 然后数据直接同步到备份服务器。 数据直接写入主mysql,从从mysql里面读数据。我们这里直接就一台mysql,没有做读写分离

主机名 安装的软件 ip
web03  nginx+ php 172.16.1.7/192.168.179.7
web04  nginx+ php 172.16.1.8/192.168.179.8
nfs01 nfs-utils  rpcbind rsync  sersync 172.16.1.31/192.168.179.31
backup rsync 172.16.1.41/192.168.179.41
db mysql 172.16.1.51/192.168.179.51

2.   安装的软件信息

软件的名称 版本 备注
mysql 5.1.73-8 64位
nginx 1.10.2-1 64位
keepalived 1.2.13-5 64位
nfs-utils 1.2.3-78 64位
rpcbind 0.2.0-16 64位
php 5.3.3 64位
tomcat 7.0.90-1 64位
jdk 1.8.0_191 64位

3.   配置ansible服务器

1)   配置需要目录

[root@m01 ~]# mkdir -p /server/scripts

[root@m01 ~]# mkdir -p /server/tools

[root@m01 ~]# mkdir -p /application

2)   查看是否缺少什么软件,

rpm -qa|grep openssh      #缺少openssh-clients,所以没有ssh-copy-id

rpm -qa|grep ansible      #没安装

rpm -qa|grep vim          #没安装

3)   安装软件

[root@m01 ~]#yum install -y openssh* ansible vim

[root@m01 ~]#mkdir -pv /etc/ansible/roles/{mysql,keepalived,nginx,jsp,rsync,nfs }/{files,tasks,templates, }

4)   创建密钥分发脚本

[root@m01 ~]# cd /server/scripts/

[root@m01 scripts]# vim fenfa.sh

#!/bin/bash

ipz=(5 6 7 8 9 10 31 41 51 61)

######################

#删除KEY文件            #

######################

rm -f /root/.ssh/id_dsa*

######################

#创建密钥对              #

######################

ssh-keygen -t dsa -f /root/.ssh/id_dsa -N “”

######################

#分发密钥对              #

######################

for ip in ${ipz[*]}         #${ipz[*]}显示ipz数组

do

sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub “-o StrictHostKeyChecking=no 172.16.1.$ip”

done

5)   创建检查是否可以进行基于密钥远程管理

[root@m01 scripts]# vim fenfa_check.sh

#!/bin/bash

ipz=(5 6 7 8 9 10 31 41 51 61)

######################

#请输入参数              #

######################         

if [ $# -ne 1 ];then

    echo “pls input one agrs”

    exit 1

fi

######################

#测试                    #

###################### 

for ip in ${ipz[*]}

do

echo ===== info 172.16.1.$ip=====

    ssh 172.16.1.$ip $1                                 ##$1 表示第一个参数

    echo “”

done

测试   

[root@m01 scripts]# sh fenfa_check.sh hostname

===== info 172.16.1.5=====

lb01

===== info 172.16.1.6=====

lb02

===== info 172.16.1.7=====

web01

===== info 172.16.1.8=====

web02

===== info 172.16.1.9=====

web03

===== info 172.16.1.10=====

web04

===== info 172.16.1.31=====

nfs01

===== info 172.16.1.41=====

backup

===== info 172.16.1.51=====

MySQL

===== info 172.16.1.61=====

m01                                                                                                                         

6)   其他客户端安装libselinux-python

[root@m01 scripts]# sh fenfa_check.sh “yum install -y libselinux-python”

[root@m01 scripts]# sh fenfa_check.sh “rpm -qa|grep libselinux-python”

===== info 172.16.1.5=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.6=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.7=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.8=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.9=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.10=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.31=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.41=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.51=====

libselinux-python-2.0.94-7.el6.x86_64

===== info 172.16.1.61=====

libselinux-python-2.0.94-7.el6.x86_64

7)编写ansible的hosts文件

[root@m01 ~]# vim /etc/ansible/hosts

[keepalived]

172.16.1.6

172.16.1.5

[php]

172.16.1.7

172.16.1.8

[jdk]

172.16.1.9

172.16.1.10

[nfs]

172.16.1.31

[rsync]

172.16.1.41

[mysql]

172.16.1.51

4.   安装mysql

1)   mysql剧本

– hosts: mysql

  tasks:

    – name: step01:mkdir server/tools

      file:

        name: /server/tools

        state: directory

    – name: step02:mkdir server/scripts

      file:

        name: /server/scripts

        state: directory

    – name: step03:install mysql

      yum: name=mysql-devel,mysql-server state=installed

    – name: step04:install  mysql-python

      yum: name=MySQL-python state=installed

    – name: step05:create mysql data

      file:

        path: /data/mysql

        state: directory

        owner: mysql

        group: mysql

    – name: step06:change mysql data

      lineinfile:

        dest: /etc/my.cnf

        regexp: ‘^datadir=’

        line: ‘datadir=/data/mysql’

    – name: step07:statr mysqld

      service: name=mysqld state=started enabled=yes

    – name: step08:change password

      mysql_user:

        user: ‘root’

        login_password: ”

        password: ‘123456a’

        update_password: ‘always’

    – name: step09:create dianshang db

      mysql_db:

        login_user: ‘root’

        login_password: ‘123456a’

        name: ‘dianshang’

        state: ‘present’

    – name: step10:create tushu db

      mysql_db:

        login_user: ‘root’

        login_password: ‘123456a’

        name: ‘tushu’

        state: ‘present’

    – name: step11:copy mysqlshow.sh

      copy:

        src: /etc/ansible/roles/mysql/files/mysqlshow.sh

        dest: /server/scripts

    – name: step12:sh mysqlshow.sh

      shell: sh /server/scripts/mysqlshow.sh

2)   创建mysqlshow.sh

#/bin/bash

user_dsl=”grant all on dianshang.* to dianshang@’172.16.1.0/255.255.255.0′ identified by ‘sung123′”

user_ds=”grant all on dianshang.* to dianshang@’localhost’ identified by ‘sung123′”

user_tsl=”grant all on tushu.* to tushu@’172.16.1.0/255.255.255.0′ identified by ‘sung123′”

user_ts=”grant all on tushu.* to tushu@’localhost’ identified by ‘sung123′”

mysql -uroot -p123456a -e “$user_ds”

mysql -uroot -p123456a -e “$user_ts”

mysql -uroot -p123456a -e “$user_dsl”

mysql -uroot -p123456a -e “$user_tsl”

5.   安装NFS

1)   NFS剧本

– hosts: nfs

  tasks:

    – name: step01:install nfs

      yum:

        name: nfs-utils,rpcbind

        state: installed

    – name: step02:mkdir data

      file:

        path: /data

        recurse: yes

        owner: nfsnobody

        group: nfsnobody

        state: directory

    – name: step03:mkdir data/jdk

      file:

        path: /data/jdk

        recurse: yes

        owner: nfsnobody

        group: nfsnobody

        state: directory

    – name: step04:mkdir data/php

      file:

        path: /data/php

        recurse: yes

        owner: nfsnobody

        group: nfsnobody

        state: directory

    – name: step05:echo exports

      shell: echo “/data  172.16.1.0/24(rw,sync)” > /etc/exports

    – name: step06:statr rpcbind

      service:

        name: rpcbind

        state: restarted

        enabled: yes

    – name: step07:statr nfs

      service:

        name: nfs

        state: restarted

        enabled: yes

– hosts: php

  tasks:

    – name: step08:install nfs

      yum:

        name: nfs-utils,rpcbind

        state: installed

    – name: step09:mkdir data/php

      file:

        path: /data/php

        recurse: yes

        state: directory

– hosts: jdk

  tasks:

    – name: step10:install nfs

      yum:

        name: nfs-utils,rpcbind

        state: installed

    – name: step11:mkdir data/jdk

      file:

        path: /data/jdk

        recurse: yes

        state: directory

– hosts: jdk,php

  tasks:

    – name: step12:statr rpcbind

      service:

        name: rpcbind

        state: restarted

        enabled: yes

    – name: step13:statr nfs

      service:

        name: nfs

        state: restarted

        enabled: yes

6.   安装sersync

1)   sersync安装剧本

– hosts: rsync

  tasks:

    – name: step01:install rsync

      yum:

        name: rsync

        state: installed

    – name: step02:copy rsync.conf

      copy:

        src: /etc/ansible/roles/rsync/templates/rsyncd.conf

        dest: /etc/

    – name: step03:create user rsync

      user:

        name: rsync

        createhome: no

        shell: /sbin/nologin

        state: present

    – name: step04:mkdir /backup

      file:

        path: /backup

        recurse: yes

        owner: rsync

        group: rsync

        state: directory

    – name: step05:copy rsync.password

      copy:

        src: /etc/ansible/roles/rsync/templates/rsync.password

        dest: /etc/

        mode: 600

    – name: step06:start rsync

      shell: rsync –daemon creates=/var/run/rsyncd.pid

– hosts: nfs,mysql

  tasks:

    – name: step07:mkdir server/tools

      file:

        name: /server/tools

        state: directory

    – name: step08:mkdir server/scripts

      file:

        name: /server/scripts

        state: directory

    – name: step09:install rsync unzip

      yum:

        name: rsync,unzip

        state: installed

    – name: step10:copy rsync.password

      copy:

        src: /etc/ansible/roles/rsync/templates/rsync_client.password

        dest: /etc/rsync.password

        mode: 600

    – name: step11:copy sersync.zip

      copy:

        src: /etc/ansible/roles/rsync/files/sersync_installdir_64bit.zip

        dest: /server/tools

    – name: step12:copy sersync.sh

      copy:

        src: /etc/ansible/roles/rsync/files/mzsersync.sh

        dest: /server/scripts/

    – name: step13:sh sersync.sh

      shell: sh /server/scripts/mzsersync.sh

    – name: step14:copy sersync.conf

      template:

        src: /etc/ansible/roles/rsync/templates/sersync.conf

        dest: /usr/local/sersync/conf/confxml.xml

    – name: step15:copy start sersync.sh

      copy:

        src: /etc/ansible/roles/rsync/files/start.sh

        dest: /server/scripts/start.sh

    – name: step09:statr sersync

      shell: sh /server/scripts/start.sh start

2)    sersync解压脚本

#!/bin/bash

if [ ! -f /usr/local/sersync ];

then

cd /server/tools/

unzip sersync_installdir_64bit.zip

cd sersync_installdir_64bit

mv sersync /usr/local/

fi

~             

3)   rsync.conf

uid = rsync

gid = rsync

use chroot = no

max connections = 200

timeout = 300

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsyncd.log

ignore errors

read only = false

list = false

hosts allow = 172.16.1.0/24

hosts deny = 0.0.0.0/32

auth users = rsync_backup

secrets file = /etc/rsync.password

[backup]

comment = “backup dir by oldboy”

path = /backup

4)   serync.conf

<?xml version=”1.0″ encoding=”ISO-8859-1″?>

<head version=”2.5″>

    <host hostip=”localhost” port=”8008″></host>

    <debug start=”false”/>

    <fileSystem xfs=”false”/>

    <filter start=”false”>

        <exclude expression=”(.*)\.svn”></exclude>

        <exclude expression=”(.*)\.gz”></exclude>

        <exclude expression=”^info/*”></exclude>

        <exclude expression=”^static/*”></exclude>

    </filter>

    <inotify>

        <delete start=”true”/>

        <createFolder start=”true”/>

        <createFile start=”false”/>

        <closeWrite start=”true”/>

        <moveFrom start=”true”/>

        <moveTo start=”true”/>

        <attrib start=”false”/>

        <modify start=”false”/>

    </inotify>

    <sersync>

        <localpath watch=”/data”>

            <remote ip=”172.16.1.41″ name=”backup”/>

            <!–<remote ip=”192.168.8.39″ name=”tongbu”/>–>

            <!–<remote ip=”192.168.8.40″ name=”tongbu”/>–>

        </localpath>

        <rsync>

            <commonParams params=”-az”/>

            <auth start=”true” users=”rsync_backup” passwordfile=”/etc/rsync.password”/>

            <userDefinedPort start=”false” port=”874″/><!– port=874 –>

            <timeout start=”false” time=”100″/><!– timeout=100 –>

            <ssh start=”false”/>

        </rsync>

        <failLog path=”/tmp/rsync_fail_log.sh” timeToExecute=”60″/><!–default every 60mins execute once–>

        <crontab start=”false” schedule=”600″><!–600mins–>

            <crontabfilter start=”false”>

                <exclude expression=”*.php”></exclude>

                <exclude expression=”info/*”></exclude>

            </crontabfilter>

        </crontab>

        <plugin start=”false” name=”command”/>

    </sersync>

    <plugin name=”command”>

        <param prefix=”/bin/sh” suffix=”” ignoreError=”true”/>  <!–prefix /opt/tongbu/mmm.sh suffix–>

        <filter start=”false”>

            <include expression=”(.*)\.php”/>

            <include expression=”(.*)\.sh”/>

        </filter>

    </plugin>

    <plugin name=”socket”>

        <localpath watch=”/opt/tongbu”>

            <deshost ip=”192.168.138.20″ port=”8009″/>

        </localpath>

    </plugin>

    <plugin name=”refreshCDN”>

        <localpath watch=”/data0/htdocs/cms.xoyo.com/site/”>

            <cdninfo domainname=”ccms.chinacache.com” port=”80″ username=”xxxx” passwd=”xxxx”/>

            <sendurl base=”http://pic.xoyo.com/cms”/>

            <regexurl regex=”false” match=”cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images”/>

        </localpath>

    </plugin>

</head>

5)   serync启动脚本

#! /bin/bash   

#   

#sersyncd   

#   

. /etc/rc.d/init.d/functions

case “$1” in

       start)

       cd /usr/local/sersync/bin

       chmod +x sersync

       ./sersync -dro /usr/local/sersync/conf/confxml.xml

        if [ $? -eq 0 ]

                then

                echo -e “Staring sersyncd      [  OK  ]”  

                exit 0

        fi

        ;;

        stop)

        kill ‘ps aux | grep sersync | grep -v grep | awk ‘{print $2}”   

        if [ $? -eq 0 ]

               then

                echo -e “Stopping sersyncd     [  OK  ]”  

                exit 0

        fi

        ;;

       status)

        ps aux | grep sersync | grep -v grep

        ;;

esac

7.         安装图书馆模块和电商模块

1)图书馆模块

– hosts: jdk

  tasks:

    – name: step01:install java

      yum:

        name: java

        state: installed

    – name: step02:install tomcat

      yum:

        name: tomcat,tomcat-webapps,tomcat-admin-webapps

        state: installed

    – name: step04:mkdir drp/

      file:

        name: /usr/share/tomcat/webapps/drp

        state: directory

– hosts: 172.16.1.9

  tasks:

    – name: step01:copy test.html

      copy:

        src: /etc/ansible/roles/jsp/templates/index.html

        dest: /usr/share/tomcat/webapps/drp/index.html

– hosts: 172.16.1.10

  tasks:

    – name: step01:copy test.html

      copy:

        src: /etc/ansible/roles/jsp/templates/index2.html

        dest: /usr/share/tomcat/webapps/drp/index.html

– hosts: jdk

  tasks:

    – name: step01:start tomcat

      service: name=tomcat state=restarted enabled=yes

2)电商模块

– hosts: php

  tasks:

    – name: spet01:install epel

      yum:

        name: epel-release,php

        state: installed

    – name: spet02:install nginx

      yum:

        name: php,nginx,php-fpm

        state: installed

– hosts: 172.16.1.7

  tasks:

    – name: step01:copy test.html

      copy:

        src: /etc/ansible/roles/nginx/templates/index.html

        dest: /usr/share/nginx/html/sung.html

– hosts: 172.16.1.8

  tasks:

    – name: step01:copy test.html

      copy:

        src: /etc/ansible/roles/nginx/templates/index2.html

        dest: /usr/share/nginx/html/sung.html

– hosts: php

  tasks:

    – name: step01:start ngixn

      service: name=nginx state=restarted enabled=yes

8.         安装keepalived

1)    Keepalived剧本

– hosts: keepalived

  tasks:

    – name: step01:install keepalived nginx

      yum:

        name: keepalived,nginx

        state: installed

    – name: step02:copy nginx.conf(PHP)

      copy:

        src: /etc/ansible/roles/keepalived/templates/PHP.conf

        dest: /etc/nginx/conf.d/PHP.conf

    – name: step03:copy nginx.conf(JSP)

      copy:

        src: /etc/ansible/roles/keepalived/templates/JSP.conf

        dest: /etc/nginx/conf.d/JSP.conf

    – name: step04:rm keepalived.conf

      shell: rm -f /etc/keepalived/keepalived.conf

    – name: step06:copy cjeck_web.sh

      copy:

        src: /etc/ansible/roles/keepalived/files/check_web.sh

        dest: /server/scripts/check_web.sh

        mode: 0755

– hosts: 172.16.1.5

  tasks:

    – name: step04:copy (lb01)

      copy:

        src: /etc/ansible/roles/keepalived/templates/lb01.conf

        dest: /etc/keepalived/keepalived.conf

– hosts: 172.16.1.6

  tasks:

    – name: step05:copy (lb02)

      copy:

        src: /etc/ansible/roles/keepalived/templates/lb02.conf

        dest: /etc/keepalived/keepalived.conf

– hosts: keepalived

  tasks:

    – name: step06:statr keepalived

      service: name=keepalived state=restarted enabled=yes

    – name: step07:statr nginx

      service: name=nginx state=restarted enabled=yes

2)    lb0102.conf

Lb02

! Configuration File for keepalived

 global_defs {

       router_id lb02

       }

 vrrp_script check_web {

      #定义一个监控脚本,脚本必须有执行权限

      script “/server/scripts/check_web.sh”

      #指定脚本间隔时间

      interval 2

      #脚本执行完成,让优先级值和权重值进行运算,从而实现主备切换

      weight 2

    }

 vrrp_instance gorup01 {

      state MASTER

      interface eth0

      virtual_router_id 51

      priority 150

      advert_int 1

      authentication {

          auth_type PASS

          auth_pass 1111

      }

      virtual_ipaddress {

            192.168.179.3/24 dev eth0 label eth0:1

      }

  track_script {

      check_web

    }

}

vrrp_instance gorup02 {

       state BACKUP

       interface eth0

       virtual_router_id 52

       priority 100

       advert_int 1

       authentication {

          auth_type PASS

          auth_pass 1111

        }

        virtual_ipaddress {

            192.168.179.4/24 dev eth0 label eth0:2

         }

 track_script {

     check_web

   }

}

Lb01

! Configuration File for keepalived

 global_defs {

       router_id lb01

       }

 vrrp_script check_web {

      #定义一个监控脚本,脚本必须有执行权限

      script “/server/scripts/check_web.sh”

      #指定脚本间隔时间

      interval 2

      #脚本执行完成,让优先级值和权重值进行运算,从而实现主备切换

      weight 2

    }

 vrrp_instance gorup01 {

      state BACKUP

      interface eth0

      virtual_router_id 51

      priority 100

      advert_int 1

      authentication {

          auth_type PASS

          auth_pass 1111

      }

      virtual_ipaddress {

            192.168.179.3/24 dev eth0 label eth0:1

      }

  track_script {

      check_web

    }

}

vrrp_instance gorup02 {

       state MASTER

       interface eth0

       virtual_router_id 52

       priority 150

       advert_int 1

       authentication {

          auth_type PASS

          auth_pass 1111

        }

        virtual_ipaddress {

            192.168.179.4/24 dev eth0 label eth0:2

         }

 track_script {

     check_web

   }

}

3)PHP.conf

upstream PHP{

#集群有几台服务器即可配置几台,weight表示权重,权重越大被访问到的几率越大

#这里添加的是上面启动好的两台Nginx服务器

   server 192.168.179.8:80 weight=1;

   server 192.168.179.7:80 weight=1;

}

#nginx基本配置

server{

   listen 80;    #端口号

   server_name 192.168.179.4; #服务名

   location /{

   #将访问请求转向至服务器集群,mycluster和上面upstream mycluster 对应

   proxy_pass http://PHP;

   # 真实的客户端IP

   proxy_set_header   X-Real-IP        $remote_addr;

   # 请求头中Host信息

   proxy_set_header   Host             $host;

   # 代理路由信息,此处取IP有安全隐患

   proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

   # 真实的用户访问协议

   proxy_set_header   X-Forwarded-Proto $scheme;

   }

}

4)JSP.conf

upstream JSP {

#集群有几台服务器即可配置几台,weight表示权重,权重越大被访问到的几率越大

#这里添加的是上面启动好的两台Tomcat服务器

   server 192.168.179.9:8080 weight=1;

   server 192.168.179.10:8080 weight=1;

}

#nginx基本配置

server{

   listen 8088;    #端口号

   server_name 192.168.179.3; #服务名

   location /{

   #将访问请求转向至服务器集群,mycluster和上面upstream mycluster 对应

   proxy_pass http:// JSP;

   # 真实的客户端IP

   proxy_set_header   X-Real-IP        $remote_addr;

   # 请求头中Host信息

   proxy_set_header   Host             $host;

   # 代理路由信息,此处取IP有安全隐患

   proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

   # 真实的用户访问协议

   proxy_set_header   X-Forwarded-Proto $scheme;

   }

}

5)    check_web

#!/bin/bash

web_info=$(ps -ef|grep [n]ginx|wc -l)

if [ $web_info -lt 2 ]

then

   /etc/init.d/keepalived stop

fi

6) 测试

1)    测试网页

2)      测试存储和备份

3)      关闭lb01

因为博客排版问题,剧本格式显示不对,附带剧本压缩包