ad-hoc实战

ad-hoc实战

要求:利用Ansible搭建一个简易的作业网站,web端文件上传目录共享至nfs端,nfs的数据同步至backup

环境准备

主机名 主机角色 外网IP 内网IP
m01 ansible管理端 10.0.0.61 172.16.1.61
backup ansible被管理端、rsync服务端、nfs服务端 10.0.0.41 172.16.1.41
nfs ansible被管理端、rsync客户端、nfs服务端 10.0.0.31 172.16.1.31
web03 ansible被管理端、部署提交作业代码,挂载上传目录即可 10.0.0.9 172.16.1.9

Ansible管理端环境准备

# 定义管理清单
[root@m01 ~]$ vim /etc/ansible/hosts
[zy_php]
web03 ansible_ssh_host=172.16.1.9
backup ansible_ssh_host=172.16.1.41
nfs ansible_ssh_host=172.16.1.31

# 下发私钥
[root@m01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31

Rsync服务部署

常规步骤

# 1.创建统一用户
groupadd www -g 666 
useradd www -u 666 -g 666 -s /sbin/nologin -M

# 2.安装rsync
yum install -y rsync

# 3.修改配置文件
[root@backup ~]$ vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#--------------------------------------------------------------
[zy_backup]
comment = welcome to oldboyedu backup!
path = /backup

# 4.创建备份目录
mkdir /backup

# 5.修改备份目录权限
chown www.www /backup

# 6.创建虚拟用户密码文件
echo 'rsync_backup:123' > /etc/rsync.passwd

# 7.修改密码文件权限为600
chmod 600 /etc/rsync.passwd

# 8.启动服务 
systemctl start rsyncd

# 9.加入开机自启 
systemctl enable rsyncd

Ansible步骤

# 1.创建统一用户
ansible backup -m group -a 'name=www gid=666 state=present' 
ansible backup -m user -a 'name=www uid=666 group=666 shell=/sbin/nologin create_home=no state=present'

# 2.安装rsync
ansible bakcup -m yum -a 'name=rsync state=present'

# 3.修改配置文件
ansible backup -m copy -a 'src=/root/rsync.mb dest=/etc/rsyncd.conf owner=root group=root mode=0644'

vim /root/rsync_mb
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#--------------------------------------------------------------
[zy_backup]
comment = welcome to oldboyedu backup!
path = /backup

# 4.创建备份目录并更改属组属主
ansible backup -m file -a 'path=/backup owner=www group=www mode=0755 state=directory'

# 5.创建密码文件并更改权限为600
ansible backup -m copy -a 'content="rsync_backup:123" dest=/etc/rsync.passwd owner=root group=root mode=0600'

# 6.启动服务并加入开机自启
ansible backup -m service -a 'name=rsyncd state=started enabled=yes'

NFS服务部署

常规步骤

# 1.创建统一用户
groupadd www -g 666 
useradd www -u 666 -g 666 -s /sbin/nologin -M

# 2.安装NFS服务
yum -y install nfs-utils rpcbind

# 3.编辑共享存储配置文件
vim /etc/exports
/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

# 4.创建共享目录
mkdir /data

# 5.修改共享目录属主属组
chown www.www /data

# 6.启动服务
systemctl start nfs-server

# 7.加入开机自启
systemctl enable nfs-server

Ansible步骤

# 1.创建统一用户
ansible nfs -m group -a 'name=www gid=666 state=present' 
ansible nfs -m user -a 'name=www uid=666 group=666 shell=/sbin/nologin create_home=no state=present'

# 2.安装nfs
ansible nfs -m yum -a 'name=nfs-utils state=present'
ansible nfs -m yum -a 'name=rpcbind state=present'

# 3.编辑共享存储配置文件
ansible nfs -m copy -a "content='/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports"

# 4.创建出共享目录并修改属主属组
ansible nfs -m file -a 'path=/data owner=www group=www mode=0755 state=directory'

# 5.启动服务并加入开机自启
ansible nfs -m service -a 'name=nfs-server state=started enabled=yes'

Http服务部署

常规步骤

# 1.创建统一用户
groupadd www -g 666 
useradd www -u 666 -g 666 -s /sbin/nologin -M

# 2.安装http服务
yum install -y httpd php

# 3.统一用户
vim /etc/httpd/conf/httpd.conf
1)修改前
User apache 
Group apache
2)修改后
User www 
Group www

# 4.进入站点目录部署代码
cd /var/www/html
rz

# 5.解压代码文件
unzip kaoshi.zip 

# 6.修改php代码,更改上传目录
vim /var/www/html/upload_file.php 
$wen="/var/www/html/pic";

# 7.上传图片至/var/www/html/pic文件中
cd /var/www/html/pic
rz

# 8.更改站点目录属主属组
chown www.www /var/www/html/

# 9.启动服务
systemctl start httpd

Ansible步骤

# 1.创建统一用户
ansible web03 -m group -a 'name=www gid=666 state=present' 
ansible web03 -m user -a 'name=www uid=666 group=666 shell=/sbin/nologin create_home=no state=present'

# 2.安装http服务
ansible web03 -m yum -a 'name=httpd state=present'
ansible web03 -m yum -a 'name=php state=present'

# 3.修改配置文件,统一用户
ansible web03 -m copy -a 'src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=0644'
vim /root/httpd.conf
ServerRoot "/etc/httpd"

Listen 80

Include conf.modules.d/*.conf

User www
Group www

ServerAdmin root@localhost

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None

    Require all granted
</Directory>


<Directory "/var/www/html">

    Options Indexes FollowSymLinks


    AllowOverride None

    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>

      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>

    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
 
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>

    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

IncludeOptional conf.d/*.conf

# 4.部署代码至站点目录
ansible web03 -m unarchive -a 'src=/root/kaoshi.zip dest=/var/www/html/'

# 5.在站点目录下创建用户上传目录
ansible web03 -m file -a 'path=/var/www/html/pic state=directory'

# 6.修改php代码,更改上传目录
ansible web03 -m copy -a 'src=/root/upload.conf dest=/var/www/html/upload_file.php owner=root group=root mode=0644'
vim /root/upload.conf
<?php

header("Content-type:text/html;charset=utf-8");

ini_set('date.timezone','Asia/Shanghai');


$wen=/var/www/html/pic;

$pre=preg_match("/^([0-9])+_/",$_FILES['file']["name"][0]);
$size =$_FILES['file']["size"][0];

if (!is_dir($wen.'/')) {

  mkdir($wen.'/', 0777);

}




// foreach($_FILES['file']['error'] as $k=>$v){

  if ($_FILES["file"]["error"][0] > 0 ) {
    echo "上传失败!请查看是否选择了需要上传的文件!";
    }else if($pre==0){
   
    echo "上传失败!文件名有误,请修改文件名为你的编号加下划线开头<br/>例如:33_蒋某某.docx";


  }else if ($size<10) {

    echo "上传失败!文件为空文件!";
  }else{
   
    $tmp_name = $_FILES["file"]["tmp_name"][0];
    $name =$_FILES["file"]["name"][0];

    if (file_exists($wen."/" . $name))
      {
      echo "上传失败,文件".$_FILES["file"]["name"][0] . " 已经存在 ";
      }
    else
      {
      move_uploaded_file($tmp_name,$wen."/".$name);
      echo "文件".$_FILES["file"]["name"][0]."上传成功";
      }
    
}

// }
?>


# 7.更改站点目录属主属组
ansible web03 -m file -a 'path=/var/www/html state=file owner=www group=www mode=0755 state=directory'

# 8.启动服务
ansible web03 -m service -a 'name=httpd state=started'

挂载web端上传目录至nfs共享目录,并利用backup备份

常规步骤

-web端操作
# 1.安装nfs
yum -y install nfs-utils

# 2.挂载上传目录至nfs共享目录
mount -t nfs 172.16.1.31:/data /var/www/html/pic

-nfs端操作
# 1.安装rsync
yum install -y rsync

# 1.创建密码文件
echo '123' > /etc/rsync.passwd

# 2.给密码文件授权
chmod 600 /etc/rsync.passwd

# 3.备份共享目录至backup端
rsync -avz --delete /data rsync_backup@172.16.1.41::zy_backup --password-file=/etc/rsync.passwd

Ansible步骤

-web端
# 1.安装nfs
ansible web03 -m yum -a 'name=nfs-utils state=present'

# 2.挂载上传目录至nfs共享目录
ansible web03 -m mount -a 'path=/var/www/html/pic src=172.16.1.31:/data fstype=nfs state=mounted'

-nfs端
# 1.安装rsync
ansible nfs -m yum -a 'name=rsync state=present'

# 1.创建密码文件,并指定权限
ansible nfs -m copy -a 'src=/root/mima dest=/etc/rsync.passwd mode=600'
vim /root/mima
123

# 2.备份共享目录至backup端
ansible nfs -m shell -a 'rsync -avz --delete /data rsync_backup@172.16.1.41::zy_backup --password-file=/etc/rsync.passwd'

ansible nfs -m cron -a 'name="共享目录备份" minute=*/1 job="/usr/bin/rsync -avz --delete /data rsync_backup@172.16.1.41::zy_backup --password-file=/etc/rsync.passwd &>/dev/null"'

整合Ansible脚本

Ansible管理端需要准备的环境

# 1.准备好rsync配置文件
vim /root/rsync_mb
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#--------------------------------------------------------------
[zy_backup]
comment = welcome to oldboyedu backup!
path = /backup

# 2.准备好web端http配置文件
vim /root/httpd.conf
ServerRoot "/etc/httpd"

Listen 80

Include conf.modules.d/*.conf

User www
Group www

ServerAdmin root@localhost

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/var/www/html"

<Directory "/var/www">
    AllowOverride None

    Require all granted
</Directory>


<Directory "/var/www/html">

    Options Indexes FollowSymLinks


    AllowOverride None

    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>

      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" combined
</IfModule>

<IfModule alias_module>

    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Require all granted
</Directory>

<IfModule mime_module>
 
    TypesConfig /etc/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
</IfModule>

AddDefaultCharset UTF-8

<IfModule mime_magic_module>

    MIMEMagicFile conf/magic
</IfModule>

EnableSendfile on

IncludeOptional conf.d/*.conf

# 3.准备好站点配置文件
vim /root/upload.conf
<?php

header("Content-type:text/html;charset=utf-8");

ini_set('date.timezone','Asia/Shanghai');


$wen=/var/www/html/pic;

$pre=preg_match("/^([0-9])+_/",$_FILES['file']["name"][0]);
$size =$_FILES['file']["size"][0];

if (!is_dir($wen.'/')) {

  mkdir($wen.'/', 0777);

}




// foreach($_FILES['file']['error'] as $k=>$v){

  if ($_FILES["file"]["error"][0] > 0 ) {
    echo "上传失败!请查看是否选择了需要上传的文件!";
    }else if($pre==0){
   
    echo "上传失败!文件名有误,请修改文件名为你的编号加下划线开头<br/>例如:33_蒋某某.docx";


  }else if ($size<10) {

    echo "上传失败!文件为空文件!";
  }else{
   
    $tmp_name = $_FILES["file"]["tmp_name"][0];
    $name =$_FILES["file"]["name"][0];

    if (file_exists($wen."/" . $name))
      {
      echo "上传失败,文件".$_FILES["file"]["name"][0] . " 已经存在 ";
      }
    else
      {
      move_uploaded_file($tmp_name,$wen."/".$name);
      echo "文件".$_FILES["file"]["name"][0]."上传成功";
      }
    
}

// }
?>

# 4.在本地准备rsync客户端密码文件
vim /root/mima
123

脚本整合

[root@m01 ~]$ cat sb.sh
# 1.所有机器上创建统一用户
ansible zy_php -m group -a 'name=www gid=666 state=present' 
ansible zy_php -m user -a 'name=www uid=666 group=666 shell=/sbin/nologin create_home=no state=present'

# 2.所有机器安装对应服务
ansible bakcup -m yum -a 'name=rsync state=present'
ansible nfs -m yum -a 'name=nfs-utils state=present'
ansible nfs -m yum -a 'name=rpcbind state=present'
ansible nfs -m yum -a 'name=rsync state=present'
ansible web03 -m yum -a 'name=httpd state=present'
ansible web03 -m yum -a 'name=php state=present'
ansible web03 -m yum -a 'name=nfs-utils state=present'

# 3.准备所有服务需要的文件
## rsync
ansible backup -m copy -a 'src=/root/rsync_mb dest=/etc/rsyncd.conf owner=root group=root mode=0644'
## nfs
ansible nfs -m copy -a "content='/data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)' dest=/etc/exports"
## httpd
ansible web03 -m copy -a 'src=/root/httpd.conf dest=/etc/httpd/conf/httpd.conf owner=root group=root mode=0644'
## php代码
nsible web03 -m copy -a 'src=/root/upload.conf dest=/var/www/html/upload_file.php owner=root group=root mode=0644'
## rsync客户端密码文件
ansible nfs -m copy -a 'src=/root/mima dest=/etc/rsync.passwd mode=600'

# 4.backup端:
## 创建备份目录并更改属组属主
ansible backup -m file -a 'path=/backup owner=www group=www mode=0755 state=directory'
## 创建密码文件并更改权限为600
ansible backup -m copy -a 'content="rsync_backup:123" dest=/etc/rsync.passwd owner=root group=root mode=0600'
## 启动服务并加入开机自启
ansible backup -m service -a 'name=rsyncd state=started enabled=yes'

# 5.nfs端:
## 创建出共享目录并修改属主属组
ansible nfs -m file -a 'path=/data owner=www group=www mode=0755 state=directory'
## 启动服务并加入开机自启
ansible nfs -m service -a 'name=nfs-server state=reloaded enabled=yes'

# 6.web端:
## 部署代码至站点目录
ansible web03 -m unarchive -a 'src=/root/kaoshi.zip dest=/var/www/html/'
## 在站点目录下创建用户上传目录
ansible web03 -m file -a 'path=/var/www/html/pic state=directory'
## 更改站点目录属主属组
ansible web03 -m file -a 'path=/var/www/html state=file owner=www group=www mode=0755 state=directory'
## 启动服务
ansible web03 -m service -a 'name=httpd state=started'

# 7.做共享和备份
## 挂载上传目录至nfs共享目录
ansible web03 -m mount -a 'path=/var/www/html/pic src=172.16.1.31:/data fstype=nfs state=mounted'
## 备份共享目录至backup端
ansible nfs -m shell -a 'rsync -avz --delete /data rsync_backup@172.16.1.41::zy_backup --password-file=/etc/rsync.passwd'
posted @ 2021-08-16 22:05  AnOldSong  阅读(63)  评论(0编辑  收藏  举报