第1章 ansible安裝
1.1 創建密鑰對
ssh-keygen -t dsa -P
1.2 把生成的鎖頭髮送給想要控制的服務器
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.41
1.3 安裝epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install ansible
1.4 ansible的配置文件
/etc/ansible/ansible.cfg ansible主配置文件
Invertory: /etc/ansible/hosts ansible的hosts文件,放置管理主機的ip地址
第2章 一鍵部署期中架構
2.1 一鍵安裝rsync服務
cat /etc/ansible/ansible-playbook/rsync.yml
#install rsync_server
- hosts: 172.16.1.41 服務端配置
tasks:
- name: rsync_server
copy: src=/etc/ansible/rsync_conf/rsyncd.conf dest=/etc/
將rsync的配置文件從本地拷貝到rsync服務器
- name: create user
shell: useradd -s /sbin/nologin -M rsync 創建用於管理備份目錄的用戶
- name: create dir backyp
file: dest=/backup state=directory owner=rsync group=rsync
創建備份目錄並修改目錄的所有者和所屬組爲rsync
- name: create authentication
shell: echo "rsync_backup:123456" >/etc/rsync.password 創建認證文件
- name: to grant authorization
shell: chmod 600 /etc/rsync.password 修改認證文件的權限爲600
- name: start rsync
shell: /usr/bin/rsync –daemon 以daemon的方式啓動rsync服務
- hosts: 172.16.1.31 客戶端配置
tasks:
- name: create password file
shell: echo 123456 >/etc/rsync.password 創建存放密碼的文件
- name: shouquan
shell: chmod 600 /etc/rsync.password 修改密碼文件的權限爲600
- name: create data 創建測試目錄/data
file: dest=/data state=directory
2.1.1 rsync配置文件
[root@m01 rsync_conf]# cat rsyncd.conf
uid = rsync 指定用戶爲rsync
gid = rsync 指定所屬組爲rsync
use chroot = no
max connections = 200 指定最大連接數
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24 指定那些主機可以訪問
auth users = rsync_backup 用於認證的虛擬用戶
secrets file = /etc/rsync.password 用戶認證的虛擬用戶的密碼文件
[backup]
path = /backup/ 用於備份的目錄
2.2 一鍵安裝nfs服務
#install nfs_server
- hosts: 172.16.1.31 服務端配置
tasks:
- name: install nfs-utils rpcbind
yum: name=nfs-utils,rpcbind 安裝nfs和rpc
- name: copy configuration file
copy: src=/etc/ansible/nfs_conf/exports dest=/etc/exports
從本地將nfs的配置文件拷貝到nfs服務端
- name: create user_www
user: name=www createhome=no shell=/sbin/nologin uid=888 創建管理共享目錄的指定用戶www
- name: create dir data
file: dest=/data state=directory owner=www group=www 創建共享的目錄並修改所有者和所屬組爲www
- name: start rpc_server
shell: /etc/init.d/rpcbind start 啓動rpc服務
- name: start nfs_server
shell: /etc/init.d/nfs start 啓動nfs服務
- hosts: 172.16.1.41 客戶端配置
tasks:
- name: install nfs rpc
yum: name=nfs-utils,rpcbind 安裝nfs和rpc服務,不安裝不能掛載不能使用showmount
- name: create user_www
user: name=www createhome=no shell=/sbin/nologin uid=888 創建用戶,和服務端的用於一樣
- name: mount data_dir
mount: name=/mnt src=172.16.1.31:/data fstype=nfs state=mounted
將共享目錄/data掛載到客戶端的/mnt目錄中
2.2.1 nfs配置文件
[root@m01 nfs_conf]# cat exports
/data 172.16.1.0/24(rw,sync,anonuid=888,anongid=888)
2.3 一鍵安裝sersync服務
#sersync_server install
- hosts: 172.16.1.31 服務端配置
tasks:
- name: create /home/tools
file: dest=/home/tools state=directory 創建用於存放軟件的目錄
- name: download sersync
shell: cd /home/tools/ && wget https://raw.githubusercontent.com/orangle/sersync/master/release/sersync2.5.4_64bit_binary_stable_final.tar.gz 下載sersync軟件
- name: decompression sersync
shell: cd /home/tools/ && /bin/tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -C /usr/local/ 解壓下載好的軟件
- name: move sersync
shell: mv /usr/local/GNU-Linux-x86 /usr/local/sersync 修改GNU-Linux-x86目錄爲sersync目錄
- name: move confxml
shell: mv /usr/local/sersync/confxml.xml /usr/local/sersync/confxml.xml.bak
備份sersync的原配置文件
- name: copy confxml.xml
copy: src=/etc/ansible/sersync_conf/sersync/confxml.xml dest=/usr/local/sersync/ mode=755
拷貝本地已修改好的sersync的配置文件到sersync服務端
- name: start sersync
shell: /usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml 啓動sersync服務
#-r 啓動時先和遠端同步一下
#-d 以daemon的方式啓動sersync服務
#-o 指定sersync的配置文件
2.3.1 sersync主要配置文件如下
<localpath watch="/data/"> #監控目錄
<remote ip="172.16.1.41" name="backup"/> #備份服務器地址及備份目錄
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-artuz"/> #備份參數
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/> #備份用戶及密碼
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
2.4 一鍵安裝mysql服務
#mysql_server install
- hosts: 172.16.1.51
tasks:
- name: create useradd mysql 創建管理數據庫的用戶mysql
user: name=mysql createhome=no shell=/sbin/nologin
- name: create /home/tools
file: dest=/home/tools state=directory 創建存放軟件的目錄
- name: download mysql
shell: cd /home/tools && wget https://downloads.mysql.com/archives/get/file/mysql-5.6.32-linux-glibc2.5-x86_64.tar.gz 下載mysql軟件
- name: decompression nginx
shell: cd /home/tools && tar -xf mysql-5.6.32-linux-glibc2.5-x86_64.tar.gz 解壓mysql軟件
- name: create application
file: dest=/application/ state=directory 創建application目錄
- name: move mysql
shell: cd /home/tools && mv mysql-5.6.32-linux-glibc2.5-x86_64 /application/mysql-5.6.32
移動mysql軟件到/application/目錄下
- name: Soft connection
file: src=/application/mysql-5.6.32/ dest=/application/mysql state=link 創建軟連接,方便管理
- name: copy conf
shell: cp /application/mysql/support-files/my-default.cnf /etc/my.cnf 複製mysql的主配置文件
- name: create /application/mysql/data
file: dest=/application/mysql/data state=directory owner=mysql group=mysql
創建mysql的數據目錄
- name: Initialization mysql 初始化mysql數據庫
shell: /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql
- name: copy start_file 複製mysql的啓動文件
shell: cd /application/mysql && cp support-files/mysql.server /etc/init.d/mysqld
- name: Add execute authority
shell: chmod +x /etc/init.d/mysqld 給啓動文件執行權限
- name: replace configure_file
shell: sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld 修改mysql原配置文件的路徑
- name: start mysql
shell: /etc/init.d/mysqld start 啓動mysql服務
- name: Set the MySQL password 爲mysql設置密碼
shell: /application/mysql/bin/mysqladmin -uroot password '123456’
- name: Creating WordPress databases and WordPress users
shell: /application/mysql/bin/mysql -uroot -p123456 -e "create database wordpress;grant all on wordpress.* to 'wordpress'@'localhost' identified by '123456';grant all on wordpress.* to 'wordpress'@'172.16.1.%' identified by '123456'"
創建wordpress數據庫和wordpress用戶
- name: set environment variable
shell: echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile 將mysql加入環境變量
- name: source /etc/profile
shell: source /etc/profile 使變量生效
2.5 一鍵安裝nginx服務
#nginx_server install
- hosts: 172.16.1.8
tasks:
- name: yum pcre-devel,pcre,openssl-devel,openssl 安裝nginx依賴包
yum: name=pcre-devel,pcre,openssl-devel,openssl
- name: create /home/tools/ 創建安裝目錄
file: dest=/home/tools/ state=directory
- name: create useradd ningx 創建運行nginx 的用戶
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz 下載nginx軟件
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz 解壓nginx軟件
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install #配置並安裝nginx
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link 創建軟連接,方便管理
- name: start nginx
shell: /application/nginx/sbin/nginx 啓動nginx服務
2.6 一鍵安裝php服務
#php_server install
- hosts: 172.16.1.8
tasks:
- name: yum rely on yum安裝php依賴包
yum: name=zlib-devel,libxml2-devel,libjpeg-devel,libjpeg-turbo-devel,freetype-devel,libpng-devel,gd-devel,libcurl-devel,libxslt-devel
- name: install libiconv 安裝php依賴包
shell: cd /home/tools && wget https://ftp.gnu.org/gnu/libiconv/libiconv-1.14.tar.gz
- name: decompression libiconv
shell: cd /home/tools && tar -xf libiconv-1.14.tar.gz
- name: To configure libiconv
shell: cd /home/tools/libiconv-1.14 && ./configure --prefix=/usr/local/libiconv && make && make install
- name: install epel source 安裝epel源
shell: wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
- name: yum libmcrypt-devel
yum: name=libmcrypt-devel,mhash,mcrypt
- name: download php-5.5.32 下載php軟件
shell: cd /home/tools/ && wget http://ftp.ntu.edu.tw/php/distributions/php-5.5.32.tar.gz
- name: install php
shell: cd /home/tools/ && tar -xf php-5.5.32.tar.gz 解壓php軟件
- name: Soft connection
shell: ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/
- name: create phar.phar
shell: touch /home/tools/php-5.5.32/ext/phar/phar.phar
- name: get into php-5.5.32 && To configure #配置並安裝php軟件
shell: cd /home/tools/php-5.5.32 && ./configure --prefix=/application/php-5.5.32 --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir=/usr/local/libiconv --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-soap --enable-short-tags --enable-static --with-xsl --with-fpm-user=nginx --with-fpm-group=nginx --enable-ftp --enable-opcache=no && make && make install
- name: Soft connection php5.5.32 創建軟連接,方便管理
file: src=/application/php-5.5.32 dest=/application/php state=link
- name: copy php.ini-production 複製php配置文件
shell: cp /home/tools/php-5.5.32/php.ini-production /application/php/lib/php.ini
- name: copy php-fpm.conf.default to php-fpm.conf 複製php配置文件
shell: cp /application/php/etc/php-fpm.conf.default /application/php/etc/php-fpm.conf
- name: copy init.d/php-fpm to php-fpm 複製php啓動文件
shell: cp /home/tools/php-5.5.32/sapi/fpm/init.d/php-fpm /etc/init.d/php-fpm
- name: Add execute authority
shell: chmod +x /etc/init.d/php-fpm 給啓動文件執行權限
- name: start php-fpm
shell: /etc/init.d/php-fpm start 啓動php服務
2.7 一鍵安裝lb負載均衡
#lb_server install
- hosts: 172.16.1.5
tasks:
- name: yum pcre-devel,pcre,openssl,openssl-devel
yum: name=pcre-devel,pcre,openssl,openssl-devel
- name: create /home/tools/
file: dest=/home/tools/ state=directory
- name: create useradd ningx
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link
- name: move nginx_conf
shell: mv /application/nginx/conf/nginx.conf /application/nginx/conf/nginx.conf.bak
- name: copy nginx_conf
shell: cp /etc/ansible/lb_conf/nginx.conf /application/nginx/conf/
- name: start nginx
shell: /application/nginx/sbin/nginx
#lb_server install
- hosts: 172.16.1.6
tasks:
- name: yum pcre-devel,pcre,openssl,openssl-devel
yum: name=pcre-devel,pcre,openssl,openssl-devel
- name: create /home/tools/
file: dest=/home/tools/ state=directory
- name: create useradd ningx
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link
- name: move nginx_conf
shell: mv /application/nginx/conf/nginx.conf /application/nginx/conf/nginx.conf.bak
- name: copy nginx_conf
shell: cp /etc/ansible/lb_conf/nginx.conf /application/nginx/conf/
- name: start nginx
shell: /application/nginx/sbin/nginx
2.7.1 lb配置文件
cat /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
server 10.0.0.8:80 weight=1;
server 10.0.0.7:80 weight=1;
server 10.0.0.9:80 weight=1;
}
server {
listen 80;
server_name www.tiandi.com;
location / {
proxy_pass http://www_server_pools;
}
}
}
2.8 一鍵安裝keepalived高可用
- hosts: 172.16.1.5
tasks:
- name: yum keepalived
yum: name=keepalived
- name: copy conf_keepalived
copy: src=/etc/ansible/keepalived_conf/keepalived.conf dest=/etc/keepalived/
- name: start keepalived
shell: /etc/init.d/keepalived start
- hosts: 172.16.1.6
tasks:
- name: yum keepalived
yum: name=keepalived
- name: copy conf_keepalived
copy: src=/etc/ansible/keepalived_bak_conf/keepalived.conf dest=/etc/keepalived/
- name: start keepalived
shell: /etc/init.d/keepalived start
2.8.1 主keepalived配置文件
cat /etc/ansible/keepalived_conf/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.88/24 dev eth0 label eth0:1
}
}
2.8.2 備keepalived配置文件
cat /etc/ansible/ keepalived_bak_conf /keepalived.conf
! Configuration: command not found
bal_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.88/24 dev eth0 label eth0:1
}
}
2.9 一鍵安裝pptp_vpn服務
#pptp_vpn_server install
- hosts: 172.16.1.62
tasks:
- name: Set kernel forwarding
shell: sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
- name: Configuration effective
shell: sysctl -p
- name: install epel_source
shell: wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
- name: Install PPTP
shell: yum -y install pptpd
- name: Modify configuration file
shell: sed -i '$a localip 10.0.0.62\nremoteip 172.16.1.100-200' /etc/pptpd.conf
- name: start pptp
shell: /etc/init.d/pptpd start
- name: Add user
shell: echo -e 'test * 123456 *' >>/etc/ppp/chap-secrets