一、环境准备
| 主机 |
外网IP |
内网IP |
部署服务 |
| m01 |
10.0.0.61 |
172.16.1.61 |
ansible |
| lb01 |
10.0.0.4 |
172.16.1.4 |
nginx |
| web01 |
|
172.16.1.7 |
nginx+php+rpcbind |
| web02 |
|
172.16.1.8 |
nginx+php+rpcbind |
| db01 |
|
172.16.1.51 |
mariadb |
| nfs |
|
172.16.1.31 |
nfs+rpcbind+rsync+inotify+sersync |
| backup |
|
172.16.1.41 |
rsync |
二、安装Ansible
1.安装
[root@m01 ~]# yum install -y ansible
2.配置Ansible
[root@m01 ~]# vim /etc/ansible/ansible.cfg
host_key_checking = False
log_path = /var/log/ansible.log
3.配置主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
[slb]
lb01 ansible_ssh_pass='1'
[db_group]
db01 ansible_ssh_pass='1'
[nfs_server]
nfs ansible_ssh_pass='1'
[backup_server]
backup ansible_ssh_pass='1'
#配置hosts
[root@m01 ~]# vim /etc/hosts
172.16.1.4 lb01
172.16.1.7 web01
172.16.1.8 web02
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db01
4.测试连接
[root@m01 ~]# ansible all -m ping
5.准备存放文件的目录
[root@m01 ~]# mkdir conf
[root@m01 ~]# mkdir package
三、进行服务器优化
1.编写剧本
[root@m01 ~]# cat lnmp.yml
- hosts: all
tasks:
- name: Stop selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Install unzip
yum:
name: unzip
state: present
- name: Create www Group
group:
name: www
gid: 666
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
四、安装nginx
1.安装nginx的方式
#方式1:源码包安装
1.解压
unarchive
2.生成
shell
3.编译
shell
4.安装
shell
#方式2:官方源安装
1.推送yum源
copy
2.yum安装nginx
yum
#方式3:rpm包安装方式
1.推送rpm包
copy
2.安装本地rpm包
yum
2.nginx安装准备
1.准备nginx官方源
[root@m01 ~]# vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@m01 ~]# cp /etc/yum.repos.d/nginx.repo ./conf/
2.准备nginx配置文件
[root@m01 ~]# vim /etc/nginx/nginx.conf
user www;
http {
client_max_body_size 200m;
}
[root@m01 ~]# cp /etc/nginx/nginx.conf ./conf/
3.准备站点文件
[root@m01 ~]# cd package/
[root@m01 ~/package]# rz wordpress-5.0.3-zh_CN.tar.gz
4.准备站点的配置文件
[root@m01 ~]# vim conf/linux.wp.com.conf
server {
listen 80;
server_name linux.wp.com;
root /code/wordpress;
location / {
index index.php;
}
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
5.准备负载均衡的配置文件
[root@m01 ~]# vim conf/proxy.conf
upstream web {
server 172.16.1.7;
server 172.16.1.8;
}
server {
listen 80;
server_name linux.wp.com;
location / {
proxy_pass http://web;
include proxy_params;
}
}
6.准备负载均衡优化文件
[root@m01 ~]# vim conf/proxy_params
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
7.准备wordpress连接数据库配置
[root@m01 ~]# vim conf/wp-config.php
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'wp');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '172.16.1.51');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8mb4');
3.编写剧本
[root@m01 ~]# cat lnmp2.yml
- hosts: nginx_group
tasks:
- name: Copy nginx.repo
copy:
src: /root/conf/nginx.repo
dest: /etc/yum.repos.d/
- name: Install Nginx Server
yum:
name: nginx
state: present
- name: Config Nginx Server
copy:
src: /root/conf/nginx.conf
dest: /etc/nginx/
- hosts: slb
tasks:
- name: Config slb Server
copy:
src: /root/conf/proxy.conf
dest: /etc/nginx/conf.d
- name: Copy proxy_params
copy:
src: /root/conf/proxy_params
dest: /etc/nginx/
- name: Start slb Server
systemd:
name: nginx
state: started
- hosts: web_group
tasks:
- name: Config nginx Server
copy:
src: /root/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Mkdir Code
file:
path: /code
state: directory
- name: Config wordpress Code
unarchive:
src: /root/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress Connect Mysql
copy:
src: /root/conf/wp-config.php
dest: /code/wordpress/
- name: Grant Code Dir
file:
path: /code
owner: www
group: www
recurse: yes
- name: Start Web Nginx Server
systemd:
name: nginx
state: started
enabled: yes
五、安装php
1.php安装准备
1.上传安装包
[root@m01 ~]# cd package/
[root@m01 ~/package]# rz php.tar.gz
2.准备php配置
[root@m01 /tmp]# vim /etc/php.ini
upload_max_filesize = 200M
post_max_size = 200M
[root@m01 /tmp]# vim /etc/php-fpm.d/www.conf
user = www
group = www
[root@m01 ~]# cp /etc/php.ini ./conf/
[root@m01 ~]# cp /etc/php-fpm.d/www.conf ./conf/
2.编写剧本
[root@m01 ~]# cat lnmp3.yml
- hosts: web_group
tasks:
- name: Tar php.tar.gz
unarchive:
src: /root/package/php.tar.gz
dest: /tmp/
- name: Install PHP Server
shell: yum localinstall -y /tmp/*.rpm
- name: Config php Server
copy:
src: /root/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /root/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
enabled: yes
六、安装mariadb
1.编写剧本
[root@m01 ~]# cat lnmp4.yml
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Install MySQL-python
yum:
name: MySQL-python
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: 123456
priv: "wordpress.*:ALL"
state: present
七、NFS挂载
1.准备挂载目录
[root@m01 ~/package]# tar xf wordpress-5.0.3-zh_CN.tar.gz
[root@m01 ~/package]# mv wordpress/wp-content ./
2.服务端剧本
[root@m01 ~]# cat lnmp5.yml
- hosts: nfs_group
tasks:
- name: Install nfs Server
yum:
name: nfs-utils
state: present
- name: Install rpcbind Server
yum:
name: rpcbind
state: present
- hosts: nfs_server
tasks:
- name: Config nfs Server
copy:
content: /data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
dest: /etc/exports
- name: Mkdir data
file:
path: /data
state: directory
owner: www
group: www
- name: Start nfs Server
systemd:
name: nfs
state: started
3.客户端剧本
- hosts: nfs
tasks:
- name: Copy wp-content to NFS
copy:
src: /root/package/wp-content
dest: /data
owner: www
group: www
- hosts: web_group
tasks:
- name: Start rpcbind Server
systemd:
name: rpcbind
state: started
- name: Mount nfs
mount:
src: 172.16.1.31:/data/wp-content
path: /code/wordpress/wp-content/
fstype: nfs
opts: defaults
state: mounted
八、实时备份
1.准备环境
1.准备rsync配置文件
[root@m01 ~]# vim /etc/rsyncd.conf
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
#####################################
[backup]
comment = welcome to oldboyedu backup!
path = /backup
[root@m01 ~]# cp /etc/rsyncd.conf ./conf/
2.准备sersync包
[root@m01 ~/package]# rz sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@m01 ~/package]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@m01 ~/package]# mv GNU-Linux-x86 sersync
3.准备sersync配置
[root@m01 ~]# vim package/sersync/confxml.xml
<sersync>
<localpath watch="/data">
<remote ip="172.16.1.41" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-artuz"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.pass"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
4.准备启动sersync脚本
[root@m01 ~]# vim start_rsync.sh
#!/bin/bash
/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
2.服务端剧本
[root@m01 ~]# vim lnmp6.yml
- hosts: backup
tasks:
- name: Install rsync Server
yum:
name: rsync
state: present
- name: Config Rsync Server
copy:
src: /root/conf/rsyncd.conf
dest: /etc/
- name: Config rsync.passwd
copy:
content: rsync_backup:123456
dest: /etc/rsync.passwd
mode: 0600
- name: Mkdir backup Dir
file:
path: /backup
state: directory
owner: www
group: www
- name: Start rsync Server
systemd:
name: rsyncd
state: started
3.客户端脚本
- hosts: nfs
tasks:
- name: Install rsync Server
yum:
name: rsync
state: present
- name: Install Inotify-tools Server
yum:
name: inotify-tools
state: present
- name: Install sersync Server
copy:
src: /root/package/sersync
dest: /usr/local/
mode: 0755
- name: Config rsync.pass
copy:
content: 123456
dest: /etc/rsync.pass
mode: 0600
- name: Start sersync
script: /root/start_rsync.sh
九、完整的剧本
[root@m01 ~]# cat lnmp.yml
- hosts: all
tasks:
- name: Stop selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Install unzip
yum:
name: unzip
state: present
- name: Create www Group
group:
name: www
gid: 666
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
- hosts: nginx_group
tasks:
- name: Copy nginx.repo
copy:
src: /root/conf/nginx.repo
dest: /etc/yum.repos.d/
- name: Install Nginx Server
yum:
name: nginx
state: present
- name: Config Nginx Server
copy:
src: /root/conf/nginx.conf
dest: /etc/nginx/
- hosts: slb
tasks:
- name: Config slb Server
copy:
src: /root/conf/proxy.conf
dest: /etc/nginx/conf.d
- name: Copy proxy_params
copy:
src: /root/conf/proxy_params
dest: /etc/nginx/
- name: Start slb Server
systemd:
name: nginx
state: started
- hosts: web_group
tasks:
- name: Config nginx Server
copy:
src: /root/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Mkdir Code
file:
path: /code
state: directory
- name: Config wordpress Code
unarchive:
src: /root/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Grant Code Dir
file:
path: /code
owner: www
group: www
recurse: yes
- name: Start Web Nginx Server
systemd:
name: nginx
state: started
enabled: yes
- hosts: web_group
tasks:
- name: Tar php.tar.gz
unarchive:
src: /root/package/php.tar.gz
dest: /tmp/
- name: Install PHP Server
shell: yum localinstall -y /tmp/*.rpm
- name: Config php Server
copy:
src: /root/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /root/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
enabled: yes
- hosts: db01
tasks:
- name: Install Mariadb Server
yum:
name: mariadb-server
state: present
- name: Install MySQL-python
yum:
name: MySQL-python
state: present
- name: Start Mariadb Server
systemd:
name: mariadb
state: started
enabled: yes
- name: Create wordpress Database
mysql_db:
name: wordpress
state: present
- name: Create wordpress Database User
mysql_user:
name: "wp"
host: "172.16.1.%"
password: '123456'
priv: "wordpress.*:ALL"
state: present
- hosts: nfs_group
tasks:
- name: Install nfs Server
yum:
name: nfs-utils
state: present
- name: Install rpcbind Server
yum:
name: rpcbind
state: present
- hosts: nfs_server
tasks:
- name: Config nfs Server
copy:
content: /data/wp-content 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
dest: /etc/exports
- name: Mkdir data
file:
path: /data
state: directory
owner: www
group: www
- name: Start nfs Server
systemd:
name: nfs
state: started
- hosts: nfs
tasks:
- name: Copy wp-content to NFS
copy:
src: /root/package/wp-content
dest: /data
owner: www
group: www
- hosts: web_group
tasks:
- name: Start rpcbind Server
systemd:
name: rpcbind
state: started
- name: Mount nfs
mount:
src: 172.16.1.31:/data/wp-content
path: /code/wordpress/wp-content/
fstype: nfs
opts: defaults
state: mounted
- hosts: backup
tasks:
- name: Install rsync Server
yum:
name: rsync
state: present
- name: Config Rsync Server
copy:
src: /root/conf/rsyncd.conf
dest: /etc/
- name: Config rsync.passwd
copy:
content: rsync_backup:123456
dest: /etc/rsync.passwd
mode: 0600
- name: Mkdir backup Dir
file:
path: /backup
state: directory
owner: www
group: www
- name: Start rsync Server
systemd:
name: rsyncd
state: started
- hosts: nfs
tasks:
- name: Install rsync Server
yum:
name: rsync
state: present
- name: Install Inotify-tools Server
yum:
name: inotify-tools
state: present
- name: Install sersync Server
copy:
src: /root/package/sersync
dest: /usr/local/
mode: 0755
- name: Config rsync.pass
copy:
content: 123456
dest: /etc/rsync.pass
mode: 0600
- name: Start sersync
script: /root/start_rsync.sh
十、扩展web服务器
1.将新机器添加到ansible主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_pass='1'
web02 ansible_ssh_pass='1'
web03 ansible_ssh_pass='1' #新添加的主机
[root@m01 ~]# vim /etc/hosts
172.16.1.9 web03
2.编写剧本
[root@m01 ~]# vim add_web.yml
- hosts: web03
tasks:
- name: Stop selinux
selinux:
state: disabled
- name: Stop Firewalld
systemd:
name: firewalld
state: stopped
enabled: no
- name: Install unzip
yum:
name: unzip
state: present
- name: Create www Group
group:
name: www
gid: 666
- name: Create www User
user:
name: www
uid: 666
group: www
shell: /sbin/nologin
create_home: no
- name: Copy nginx.repo
copy:
src: /root/conf/nginx.repo
dest: /etc/yum.repos.d/
- name: Install Nginx Server
yum:
name: nginx
state: present
- name: Config Nginx Server
copy:
src: /root/conf/nginx.conf
dest: /etc/nginx/
- name: Tar php.tar.gz
unarchive:
src: /root/package/php.tar.gz
dest: /tmp/
- name: Install PHP Server
shell: yum localinstall -y /tmp/*.rpm
- name: Config php Server
copy:
src: /root/conf/php.ini
dest: /etc/
- name: Config php Server
copy:
src: /root/conf/www.conf
dest: /etc/php-fpm.d/
- name: Start php Server
systemd:
name: php-fpm
state: started
enabled: yes
- name: Config nginx Server
copy:
src: /root/conf/linux.wp.com.conf
dest: /etc/nginx/conf.d/
- name: Mkdir Code
file:
path: /code
state: directory
- name: Config wordpress Code
unarchive:
src: /root/package/wordpress-5.0.3-zh_CN.tar.gz
dest: /code/
- name: Config wordpress Connect Mysql
copy:
src: /root/conf/wp-config.php
dest: /code/wordpress/
- name: Grant Code Dir
file:
path: /code
owner: www
group: www
recurse: yes
- name: Start Web Nginx Server
systemd:
name: nginx
state: started
enabled: yes
- name: Install nfs Server
yum:
name: nfs-utils
state: present
- name: Install rpcbind Server
yum:
name: rpcbind
state: present
- name: Start rpcbind Server
systemd:
name: rpcbind
state: started
- name: Mount nfs
mount:
src: 172.16.1.31:/data/wp-content
path: /code/wordpress/wp-content/
fstype: nfs
opts: defaults
state: mounted
