2、配置rsync远程备份 "[rsync]"
(1)roles/rsync/tasks/main.yml
echo '
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
[data]
path = /data
' > /etc/rsyncd.conf
echo '
rsync_backup:1
' > /etc/rsync.passwd
chmod 600 /etc/rsync.passwd
mkdir /data
chown www.www /data
systemctl start rsyncd
systemctl enable rsyncd
- name: Modify rsync_server configure
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
notify: Restart rsyncd
- name: Create virtual user_password_file
template:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
mode: '600'
- name: Create backup_directory
file:
path: /data
state: directory
owner: www
group: www
- name: Start rsyncd server
systemd:
name: rsyncd
state: started
enabled: yes
(2)roles/rsync/handlers/main.yml
systemctl restart rsyncd
- name: Restart rsyncd
systemd:
name: rsyncd
state: restarted
(3)roles/rsync/templates/rsyncd.conf.j2
rsync_backup:1
(4)roles/rsync/templates/rsync.passwd.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
[data]
path = /data
3.配置nfs服务端 "[nfs]"
(1)roles/nfs/tasks/main.yml
echo '
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/kod 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zrlog 172.16.1.0/24(rw,sync,all_squash,anonuid=53,anongid=53)
' > /etc/exports
mkdir /data/{zh,zrlog,kod} -p
chown www.www -R /data
chown tomcat.tomcat -R /data/kod
systemctl start nfs
systemctl enable nfs
(2)roles/nfs/handlers/main.yml
systemctl restart nfs
- name: Restart nfs
systemd:
name: nfs
state: restarted
(3)roles/nfs/templates/exports.j2
/data/zh 172.16.1.0/24(rw,sync ,all_squash,anonuid=666,anongid=666)
/data/kod 172.16.1.0/24(rw,sync ,all_squash,anonuid=666,anongid=666)
/data/zrlog 172.16.1.0/24(rw,sync ,all_squash,anonuid=53,anongid=53)
4.布署lsync实时同步 "[nfs]"
(1) roles/lsync/tasks/main.yml
yum -y install lsyncd
echo '
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data",
target = "rsync_backup@172.16.1.41::data",
delete= true,
exclude = { ".*" },
delay = 1,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "/etc/rsync.pwd",
_extra = {"--bwlimit=200"}
}
}
' > /etc/lsyncd.conf
echo '1' > /etc/rsync.pwd
chmod 600 /etc/rsync.pwd
systemctl start lsyncd
systemctl enable lsyncd
- name: Install lsyncd
yum:
name: lsyncd
state: installed
- name: Modiry lsyncd configure
template:
src: lsyncd.conf.j2
dest: /etc/lsyncd.conf
notify: Restart lsyncd
- name: Create virtual_user_password_file
template:
src: rsync.pwd.j2
dest: /etc/rsync.pwd
mode: '600'
- name: Start lsyncd
systemd:
name: lsyncd
state: started
enabled: yes
(2)roles/lsync/handlers/main.yml
systemctl restart lsyncd
- name: Restart lsyncd
systemd:
name: lsyncd
state: restarted
(3)roles/lsymc/templates/lsyncd.conf.j2
settings {
logfile = "/var/log/lsyncd/lsyncd.log" ,
statusFile = "/var/log/lsyncd/lsyncd.status" ,
inotifyMode = "CloseWrite" ,
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data" ,
target = "rsync_backup@172.16.1.41::data" ,
delete= true ,
exclude = { ".*" },
delay = 1,
rsync = {
binary = "/usr/bin/rsync" ,
archive = true ,
compress = true ,
verbose = true ,
password_file = "/etc/rsync.pwd" ,
_extra = {"--bwlimit=200" }
}
}
(4)roles/lsync/templates/rsync.pwd.j2
1
5. 布署nginx web服务 "[web] and [nginx-proxy]"
(1) roles/nginx/tasks/main.yml
yum install nginx -y
sed -i '/user nginx/c user www ;' /etc/nginx/nginx.conf
systemctl start nginx
systemctl enable nginx
- name: Install nginx
yum:
name: nginx
state: installed
- name: Modify start_user
replace:
path: /etc/nginx/nginx.conf
regexp: '^user nginx'
replace: 'user www'
notify: Restart nginx
- name: Start nginx
systemd:
name: nginx
state: started
enabled: yes
(2) roles/nginx/handlers/main.yml
systemctl restart nginx
- name: Restart nginx
systemd:
name: nginx
state: restarted
6. 布署php服务 "[web]"
(1) roles/php/tasks/main.yml
yum -y install php72w \
php72w-cli \
php72w-fpm \
php72w-common \
php72w-devel \
php72w-embedded \
php72w-gd \
php72w-mbstring \
php72w-mysqlnd \
php72w-opcache \
php72w-pdo \
php72w-xml \
php72w-mysqlnd \
php72w-pecl-memcached \
php72w-pecl-mongodb \
php72w-pecl-redis \
php72w-pecl-zip \
php72w-bcmath
sed -i '/^user =/cuser = www' /etc/php-fpm.d/www.conf
sed -i '/^group =/cgroup = www' /etc/php-fpm.d/www.conf
systemctl start php-fpm
systemctl enable php-fpm
- name: Install php and depend
yum:
name: "{{ item }} "
state: installed
loop:
- php72w
- php72w-cli
- php72w-fpm
- php72w-common
- php72w-devel
- php72w-embedded
- php72w-gd
- php72w-mbstring
- php72w-mysqlnd
- php72w-opcache
- php72w-pdo
- php72w-xml
- php72w-mysqlnd
- php72w-pecl-memcached
- php72w-pecl-mongodb
- php72w-pecl-redis
- php72w-pecl-zip
- php72w-bcmath
- name: Modify www.conf
copy:
src: www.conf
dest: /etc/php-fpm.d/www.conf
notify: Restart php
- name: Modify php.ini
copy:
src: php.ini
dest: /etc/php.ini
notify: Restart php
- name: Start php
systemd:
name: php-fpm
state: started
enabled: yes
(2)roles/php/handlers/main.yml
systemctl restart php-fpm
- name: Restart php
systemd:
name: php-fpm
state: restarted
(3)roles/php/files/php.ini
...
..
.
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = redis
session.save_path = 'tcp://172.16.1.51:6379?weight=1&timeout=2.5'
.
..
...
(4)roles/php/files/www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
7.布署mariadb服务 "[mariadb]"
(1)roles/mariadb/tasks/main.yml
yum -y install mariadb mariadb-server
systemctl start mariadb
systemctl enable mariadb
create database zrlog;
create database zh;
grant all on zrlog.* to zrlog@'%' identified by '123456' ;
grant all on zh.* to zh@'%' identified by '123456' ;
flush privileges;
mysql < zrlog.sql
mysql < zh.sql
- name: Install maridb
yum:
name: "{{ item }} "
state: installed
loop:
- mariadb
- mariadb-server
- name: Start mariadb
systemd:
name: mariadb
state: started
enabled: yes
- name: Create new databases with names 'zrlog' and 'zh'
mysql_db:
name: "{{ item }} "
state: present
loop:
- zrlog
- zh
- name: Create remote user zh and zrlog
mysql_user:
name: "{{ item.name }} "
host: '%'
password: "123456"
priv: "{{ item.priv }} "
state: present
loop:
- { name: zh , priv: 'zh.*:ALL' }
- { name: zrlog , priv: 'zrlog.*:ALL' }
- name: Remote send database_data 'zh.sql and zrlog.sql'
copy:
src: "{{ item.src }} "
dest: "{{ item.dest }} "
loop:
- { src: zh.sql.j2 , dest: /tmp/zh.sql }
- { src: zrlog.sql.j2 , dest: /tmp/zrlog.sql }
- name: Restore database
mysql_db:
name: "{{ item.name }} "
state: import
target: "{{ item.target }} "
loop:
- { name: zh , target: /tmp/zh.sql }
- { name: zrlog , target: /tmp/zrlog.sql }
(2)roles/mariadb/files/
zh.sql.j2
zrlog.sql.j2
8.布署redis服务
(1)roles/redis/tasks/main.yml
`
yum -y install redis
`
sed -i '/bind 127.0.0.1/cbind 127.0.0.1 172.16.1.51' /etc/redis.conf
`
systemctl start redis
systemctl enable redis
- name: Install redis
yum:
name: redis
state: installed
- name: Configure redis
replace:
path: /etc/redis.conf
regexp: '^# bind 127.0.0.1$'
replace: 'bind 127.0.0.1 172.16.1.51'
notify: Restart redis
- name: Start redis
systemd:
name: redis
state: started
enabled: yes
(2)roles/redis/handlers/main.yml
systemctl restart redis
- name: Restart redis
systemd:
name: redis
state: restarted
9.布署keepalivd高可用服务 "[keepalivd]"
(1)roles/keepalivd/tasks/main.yml
yum -y install keepalived
mkdir /scripts
echo '
#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
systemctl stop keepalived
fi
' > /scripts/montoring_nginx.sh
chmod o+x /scripts/montoring_nginx.sh
echo '
global_defs {
router_id 10.0.0.5
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
' > /etc/keepalived/keepalived.conf
echo '
global_defs {
router_id 10.0.0.6
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
' > /etc/keepalived/keepalived.conf
systemctl start keepalived
systemctl enable keepalived
- name: Install keepalived
yum:
name: keepalived
state: installed
- name: Create scripts directory
file:
path: /scripts
state: directory
- name: Remote pull script file
copy:
src: montoring_nginx.sh
dest: /scripts/montoring_nginx.sh
mode: 777
- name: Edit keepalived configure
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: Restart keepalived
- name: Start keepalived
systemd:
name: keepalived
state: started
enabled: yes
(2)roles/keepalived/handlers/main.yml
systemctl restart keepalived
- name: Restart keepalived
systemd:
name: keepalived
state: restarted
(3)roles/keepalived/files/montoring_nginx.sh
#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
systemctl stop keepalived
fi
(4)roles/keepalived/templates/keepalived.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
{% if ansible_hostname == "nginx_proxy1" %}
priority 100
{% elif ansible_hostname == "nginx_proxy2" %}
priority 90
{% endif %}
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
10.布署tomcat服务 "[tomcat]"
(1) roles/tomcat/tasks/main.yml
yum -y install tomcat
sed -i '/^<Context>/c<Context allowLinking="true">' /etc/tomcat/context.xml
systemctl start tomcat
systemctl enable tomcat
- name: Install tomcat
yum:
name: tomcat
state: installed
- name: Modify tomcat configure on context.xml
replace
path: /etc/tomcat/context.xml
regexp: '/^<Context>'
replace: '/<Context allowLinking="true">'
notify: Restart tomcat
- name: Start tomcat
systemd:
name: tomcat
state: started
enabled: yes
(2)roles/tomcat/tasks/main.yml
systemctl restart tomcat
- name: Restart tomcat
systemd:
name: tomcat
state: restarted
11.配置chronyd时间同步服务
(1)服务端,手动配置
`
sed -i '/^#allow 192/aallow 172.16.1.0/24' /etc/chrony.conf
`
systemctl start chronyd
systemctl enable chronyd
(2)客户端批量执行,roles/chrony/tasks/main.yml
`
sed -i '/server [0-3]./s/^/&#/g' /etc/chrony.conf
sed -i '/#server 3./aserver 172.16.1.41 iburst' /etc/chrony.conf
`
systemctl start chronyd
systemctl enable chronyd
- name: Edit chrony_server configure
copy:
src: chrony.conf
dest: /etc/chrony.conf
notify: Restart chronyd
- name: Start chrony
systemd:
name: chronyd
state: started
enabled: yes
(3)客户端批量执行,roles/chrony/hanlers/main.yml
systemctl restart chronyd
- name: Restart chronyd
systemd:
name: chronyd
state: restarted
(3)客户端批量执行,roles/chrony/files/
chrony.conf
12.布署kodcloud 服务 "[web]"
(1)roles/kodcloud/tasks/main.yml
`
echo '
server {
listen 80;
server_name kod.imscz.com;
root /code/kod;
location / {
index index.php index.html;
}
location ~ .*\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#fastcgi_param HTTPS on;
}
}
' > /etc/nginx/conf.d/kod.imscz.com.conf
`
mkdir /code/kod -p
`
cd /code/kod
sz...略
tar -xzvf kod.tar.gz
chown www.www -R /code/kod
`
systemctl restart nginx
- name: Create kod virtual hosts
copy:
src: kod.imscz.com.conf
dest: /etc/nginx/conf.d/kod.imscz.com.conf
- name: Create site directory
file:
path: /code/kod
state: directory
recurse: yes
owner: www
group: www
- name: Upload kod source_code
unarchive:
src: kod.tar.gz
dest: /code/kod
owner: www
group: www
- name: Create nfs_mount_directory
file:
path: /mnt/kod
state: directory
owner: www
group: www
recurse: yes
- name: Mount nfs_share_directory to local_mount_directory
mount:
src: 172.16 .1 .31 :/data/kod
path: /mnt/kod
fstype: nfs
state: mounted
- name: Restart nginx
systemd:
name: nginx
state: restarted
(2)roles/kodcloud/files/
kod.imscz.com.conf
kod.tar.gz
13.部署WeCenter服务 "[web]"
(1)roles/WeCenter/tasks/main.yml
echo '
server {
listen 80;
server_name zh.imscz.com;
root /code/zh;
client_max_body_size 20M;
location / {
index index.php index.html;
}
location ~ .*\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#fastcgi_param HTTPS on;
}
}
' > /etc/nginx/conf.d/zh.imscz.com.conf
mkdir /code/zh -p
cd /code/zh
sz...略
tar -xzvf zh.tar.gz
chown www.www -R /code/zh
mkdir /mnt/zh
mount -t nfs 172.16.1.31:/data/zh /mnt/zh
systemctl restart nginx
- name: Create WeCenter virtual host
copy:
src: zh.imscz.com.conf
dest: /etc/nginx/conf.d/zh.imscz.com.conf
- name: Create zh site_directory
file:
path: /code/zh
state: directory
owner: www
group: www
recurse: yes
- name: Uplod zh_source_code
unarchive:
src: zh.tar.gz
dest: /code/zh
owner: www
group: www
- name: Create zh_mount_directory
file:
path: /mnt/zh
state: directory
owner: www
group: www
recurse: yes
- name: Remote mount nfs_share_directory to zh_mount_directory
mount:
src: 172.16 .1 .31 :/data/zh
path: /mnt/zh
fstype: nfs
state: mounted
- name: Restart nginx
systemd:
name: nginx
state: retarted
(2)roles/WeCenter/files/
zh.imscz.com.conf
zh.tar.gz
14.部署zrlog服务 "[web]"
(1)roles/zrlog/tasks/main.yml
cd /usr/share/tomcat/webapps
sz...略
tar -xzvf zrlog.tar.gz
chown tomcat.tomcat . -R
systemctl restart tomcat
- name: Upload zrlog_source to tomcat
unarchive:
src: zrlog.tar.gz
dest: /usr/share/tomcat/webapps
owner: tomcat
group: tomcat
- name: Create zrlog_mount_directory
file:
path: /mnt/zrlog
state: directory
owner: tomcat
group: tomcat
recurse: yes
- name: Mount nfs_share_directory to zrlog_mount_directory
mount:
src: 172.16 .1 .31 :/data/zrlog
path: /mnt/zrlog
fstype: nfs
state: mounted
- name: Restart tomcat
systemd:
name: tomcat
state: restarted
15.配置nginx-proxy负载均衡 "[nginx-proxy]"
(1)roles/nginx-proxy/tasks/main.yml
`
echo '
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
' > /etc/nginx/proxy_params
`
mkdir /etc/nginx/ssl_key
cd /etc/nginx/ssl_key/
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=IMSCZ"
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
`
echo '
upstream http_kod {
server 172.16.1.7:80;
}
server {
listen 443 ssl;
server_name kod.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_kod;
include proxy_params;
}
}
server {
listen 80;
server_name kod.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/kod.imscz.com
`
echo '
upstream http_zh {
server 172.16.1.7:80;
}
server {
listen 443 ssl;
server_name zh.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_zh;
include proxy_params;
}
}
server {
listen 80;
server_name zh.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zh.imscz.com
`
echo '
upstream http_zrlog {
server 172.16.1.7:8080;
}
server {
listen 443 ssl;
server_name zrlog.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_zrlog;
include proxy_params;
}
}
server {
listen 80;
server_name zrlog.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zrlog.imscz.com
- name: Create require_head proxy_params file
copy:
src: proxy_params
dest: /etc/nginx/proxy_params
- name: Create ssl_key directory
file:
path: /etc/nginx/ssl_key
state: directory
- name: Remote send server.crt of ssl_key
copy:
src: server.crt
dest: /etc/nginx/ssl_key/server.crt
- name: Remote send server.key of ssl_key
copy:
src: server.key
dest: /etc/nginx/ssl_key/server.key
- name: Create lb virtual_hosts of ( kod zh zrlog )
copy:
src: "{{ item.src }} "
dest: "{{ item.dest }} "
loop:
- { src: kod.oldxu.com.conf , dest: /etc/nginx/conf.d/kod.cldxu.com.conf }
- { src: zh.oldxu.com.conf , dest: /etc/nginx/conf.d/zh.cldxu.com.conf }
- { src: zrlog.oldxu.com.conf , dest: /etc/nginx/conf.d/zrlog.cldxu.com.conf }
- name: Restart nginx
systemd:
name: nginx
state: restarted
(2)roles/nginx-proxy/files/
proxy_params
server.crt
server.key
zh.oldxu.com.conf
kod.oldxu.com.conf
zrlog.oldxu.com.conf
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Java 中堆内存和栈内存上的数据分布和特点
· 开发中对象命名的一点思考
· .NET Core内存结构体系(Windows环境)底层原理浅谈
· C# 深度学习:对抗生成网络(GAN)训练头像生成模型
· .NET 适配 HarmonyOS 进展
· 如何给本地部署的DeepSeek投喂数据,让他更懂你
· 超详细,DeepSeek 接入PyCharm实现AI编程!(支持本地部署DeepSeek及官方Dee
· 用 DeepSeek 给对象做个网站,她一定感动坏了
· .NET 8.0 + Linux 香橙派,实现高效的 IoT 数据采集与控制解决方案
· .NET中 泛型 + 依赖注入 的实现与应用