第1章 ansible安装
1.1 创建密钥对
ssh-keygen -t dsa -P
1.2 把生成的锁头发送给想要控制的服务器
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.41
1.3 安装epel源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install ansible
1.4 ansible的配置文件
/etc/ansible/ansible.cfg ansible主配置文件
Invertory: /etc/ansible/hosts ansible的hosts文件,放置管理主机的ip地址
第2章 一键部署期中架构
2.1 一键安装rsync服务
cat /etc/ansible/ansible-playbook/rsync.yml
#install rsync_server
- hosts: 172.16.1.41 服务端配置
tasks:
- name: rsync_server
copy: src=/etc/ansible/rsync_conf/rsyncd.conf dest=/etc/
将rsync的配置文件从本地拷贝到rsync服务器
- name: create user
shell: useradd -s /sbin/nologin -M rsync 创建用于管理备份目录的用户
- name: create dir backyp
file: dest=/backup state=directory owner=rsync group=rsync
创建备份目录并修改目录的所有者和所属组为rsync
- name: create authentication
shell: echo "rsync_backup:123456" >/etc/rsync.password 创建认证文件
- name: to grant authorization
shell: chmod 600 /etc/rsync.password 修改认证文件的权限为600
- name: start rsync
shell: /usr/bin/rsync –daemon 以daemon的方式启动rsync服务
- hosts: 172.16.1.31 客户端配置
tasks:
- name: create password file
shell: echo 123456 >/etc/rsync.password 创建存放密码的文件
- name: shouquan
shell: chmod 600 /etc/rsync.password 修改密码文件的权限为600
- name: create data 创建测试目录/data
file: dest=/data state=directory
2.1.1 rsync配置文件
[root@m01 rsync_conf]# cat rsyncd.conf
uid = rsync 指定用户为rsync
gid = rsync 指定所属组为rsync
use chroot = no
max connections = 200 指定最大连接数
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24 指定那些主机可以访问
auth users = rsync_backup 用于认证的虚拟用户
secrets file = /etc/rsync.password 用户认证的虚拟用户的密码文件
[backup]
path = /backup/ 用于备份的目录
2.2 一键安装nfs服务
#install nfs_server
- hosts: 172.16.1.31 服务端配置
tasks:
- name: install nfs-utils rpcbind
yum: name=nfs-utils,rpcbind 安装nfs和rpc
- name: copy configuration file
copy: src=/etc/ansible/nfs_conf/exports dest=/etc/exports
从本地将nfs的配置文件拷贝到nfs服务端
- name: create user_www
user: name=www createhome=no shell=/sbin/nologin uid=888 创建管理共享目录的指定用户www
- name: create dir data
file: dest=/data state=directory owner=www group=www 创建共享的目录并修改所有者和所属组为www
- name: start rpc_server
shell: /etc/init.d/rpcbind start 启动rpc服务
- name: start nfs_server
shell: /etc/init.d/nfs start 启动nfs服务
- hosts: 172.16.1.41 客户端配置
tasks:
- name: install nfs rpc
yum: name=nfs-utils,rpcbind 安装nfs和rpc服务,不安装不能挂载不能使用showmount
- name: create user_www
user: name=www createhome=no shell=/sbin/nologin uid=888 创建用户,和服务端的用于一样
- name: mount data_dir
mount: name=/mnt src=172.16.1.31:/data fstype=nfs state=mounted
将共享目录/data挂载到客户端的/mnt目录中
2.2.1 nfs配置文件
[root@m01 nfs_conf]# cat exports
/data 172.16.1.0/24(rw,sync,anonuid=888,anongid=888)
2.3 一键安装sersync服务
#sersync_server install
- hosts: 172.16.1.31 服务端配置
tasks:
- name: create /home/tools
file: dest=/home/tools state=directory 创建用于存放软件的目录
- name: download sersync
shell: cd /home/tools/ && wget https://raw.githubusercontent.com/orangle/sersync/master/release/sersync2.5.4_64bit_binary_stable_final.tar.gz 下载sersync软件
- name: decompression sersync
shell: cd /home/tools/ && /bin/tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz -C /usr/local/ 解压下载好的软件
- name: move sersync
shell: mv /usr/local/GNU-Linux-x86 /usr/local/sersync 修改GNU-Linux-x86目录为sersync目录
- name: move confxml
shell: mv /usr/local/sersync/confxml.xml /usr/local/sersync/confxml.xml.bak
备份sersync的原配置文件
- name: copy confxml.xml
copy: src=/etc/ansible/sersync_conf/sersync/confxml.xml dest=/usr/local/sersync/ mode=755
拷贝本地已修改好的sersync的配置文件到sersync服务端
- name: start sersync
shell: /usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml 启动sersync服务
#-r 启动时先和远端同步一下
#-d 以daemon的方式启动sersync服务
#-o 指定sersync的配置文件
2.3.1 sersync主要配置文件如下
<localpath watch="/data/"> #监控目录
<remote ip="172.16.1.41" name="backup"/> #备份服务器地址及备份目录
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-artuz"/> #备份参数
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/> #备份用户及密码
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
2.4 一键安装mysql服务
#mysql_server install
- hosts: 172.16.1.51
tasks:
- name: create useradd mysql 创建管理数据库的用户mysql
user: name=mysql createhome=no shell=/sbin/nologin
- name: create /home/tools
file: dest=/home/tools state=directory 创建存放软件的目录
- name: download mysql
shell: cd /home/tools && wget https://downloads.mysql.com/archives/get/file/mysql-5.6.32-linux-glibc2.5-x86_64.tar.gz 下载mysql软件
- name: decompression nginx
shell: cd /home/tools && tar -xf mysql-5.6.32-linux-glibc2.5-x86_64.tar.gz 解压mysql软件
- name: create application
file: dest=/application/ state=directory 创建application目录
- name: move mysql
shell: cd /home/tools && mv mysql-5.6.32-linux-glibc2.5-x86_64 /application/mysql-5.6.32
移动mysql软件到/application/目录下
- name: Soft connection
file: src=/application/mysql-5.6.32/ dest=/application/mysql state=link 创建软连接,方便管理
- name: copy conf
shell: cp /application/mysql/support-files/my-default.cnf /etc/my.cnf 复制mysql的主配置文件
- name: create /application/mysql/data
file: dest=/application/mysql/data state=directory owner=mysql group=mysql
创建mysql的数据目录
- name: Initialization mysql 初始化mysql数据库
shell: /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data --user=mysql
- name: copy start_file 复制mysql的启动文件
shell: cd /application/mysql && cp support-files/mysql.server /etc/init.d/mysqld
- name: Add execute authority
shell: chmod +x /etc/init.d/mysqld 给启动文件执行权限
- name: replace configure_file
shell: sed -i 's#/usr/local/mysql#/application/mysql#g' /application/mysql/bin/mysqld_safe /etc/init.d/mysqld 修改mysql原配置文件的路径
- name: start mysql
shell: /etc/init.d/mysqld start 启动mysql服务
- name: Set the MySQL password 为mysql设置密码
shell: /application/mysql/bin/mysqladmin -uroot password '123456’
- name: Creating WordPress databases and WordPress users
shell: /application/mysql/bin/mysql -uroot -p123456 -e "create database wordpress;grant all on wordpress.* to 'wordpress'@'localhost' identified by '123456';grant all on wordpress.* to 'wordpress'@'172.16.1.%' identified by '123456'"
创建wordpress数据库和wordpress用户
- name: set environment variable
shell: echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile 将mysql加入环境变量
- name: source /etc/profile
shell: source /etc/profile 使变量生效
2.5 一键安装nginx服务
#nginx_server install
- hosts: 172.16.1.8
tasks:
- name: yum pcre-devel,pcre,openssl-devel,openssl 安装nginx依赖包
yum: name=pcre-devel,pcre,openssl-devel,openssl
- name: create /home/tools/ 创建安装目录
file: dest=/home/tools/ state=directory
- name: create useradd ningx 创建运行nginx 的用户
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz 下载nginx软件
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz 解压nginx软件
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install #配置并安装nginx
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link 创建软连接,方便管理
- name: start nginx
shell: /application/nginx/sbin/nginx 启动nginx服务
2.6 一键安装php服务
#php_server install
- hosts: 172.16.1.8
tasks:
- name: yum rely on yum安装php依赖包
yum: name=zlib-devel,libxml2-devel,libjpeg-devel,libjpeg-turbo-devel,freetype-devel,libpng-devel,gd-devel,libcurl-devel,libxslt-devel
- name: install libiconv 安装php依赖包
shell: cd /home/tools && wget https://ftp.gnu.org/gnu/libiconv/libiconv-1.14.tar.gz
- name: decompression libiconv
shell: cd /home/tools && tar -xf libiconv-1.14.tar.gz
- name: To configure libiconv
shell: cd /home/tools/libiconv-1.14 && ./configure --prefix=/usr/local/libiconv && make && make install
- name: install epel source 安装epel源
shell: wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
- name: yum libmcrypt-devel
yum: name=libmcrypt-devel,mhash,mcrypt
- name: download php-5.5.32 下载php软件
shell: cd /home/tools/ && wget http://ftp.ntu.edu.tw/php/distributions/php-5.5.32.tar.gz
- name: install php
shell: cd /home/tools/ && tar -xf php-5.5.32.tar.gz 解压php软件
- name: Soft connection
shell: ln -s /application/mysql/lib/libmysqlclient.so.18 /usr/lib64/
- name: create phar.phar
shell: touch /home/tools/php-5.5.32/ext/phar/phar.phar
- name: get into php-5.5.32 && To configure #配置并安装php软件
shell: cd /home/tools/php-5.5.32 && ./configure --prefix=/application/php-5.5.32 --with-mysql=mysqlnd --with-pdo-mysql=mysqlnd --with-iconv-dir=/usr/local/libiconv --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --enable-mbregex --enable-fpm --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-soap --enable-short-tags --enable-static --with-xsl --with-fpm-user=nginx --with-fpm-group=nginx --enable-ftp --enable-opcache=no && make && make install
- name: Soft connection php5.5.32 创建软连接,方便管理
file: src=/application/php-5.5.32 dest=/application/php state=link
- name: copy php.ini-production 复制php配置文件
shell: cp /home/tools/php-5.5.32/php.ini-production /application/php/lib/php.ini
- name: copy php-fpm.conf.default to php-fpm.conf 复制php配置文件
shell: cp /application/php/etc/php-fpm.conf.default /application/php/etc/php-fpm.conf
- name: copy init.d/php-fpm to php-fpm 复制php启动文件
shell: cp /home/tools/php-5.5.32/sapi/fpm/init.d/php-fpm /etc/init.d/php-fpm
- name: Add execute authority
shell: chmod +x /etc/init.d/php-fpm 给启动文件执行权限
- name: start php-fpm
shell: /etc/init.d/php-fpm start 启动php服务
2.7 一键安装lb负载均衡
#lb_server install
- hosts: 172.16.1.5
tasks:
- name: yum pcre-devel,pcre,openssl,openssl-devel
yum: name=pcre-devel,pcre,openssl,openssl-devel
- name: create /home/tools/
file: dest=/home/tools/ state=directory
- name: create useradd ningx
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link
- name: move nginx_conf
shell: mv /application/nginx/conf/nginx.conf /application/nginx/conf/nginx.conf.bak
- name: copy nginx_conf
shell: cp /etc/ansible/lb_conf/nginx.conf /application/nginx/conf/
- name: start nginx
shell: /application/nginx/sbin/nginx
#lb_server install
- hosts: 172.16.1.6
tasks:
- name: yum pcre-devel,pcre,openssl,openssl-devel
yum: name=pcre-devel,pcre,openssl,openssl-devel
- name: create /home/tools/
file: dest=/home/tools/ state=directory
- name: create useradd ningx
user: name=nginx createhome=no shell=/sbin/nologin
- name: download nginx
shell: cd /home/tools/ && wget http://nginx.org/download/nginx-1.10.3.tar.gz
- name: decompression nginx
shell: cd /home/tools/ && tar -xf nginx-1.10.3.tar.gz
- name: To configure nginx
shell: cd /home/tools/nginx-1.10.3 && ./configure --user=nginx --group=nginx --prefix=/application/nginx-1.10.3/ --with-http_stub_status_module --with-http_ssl_module && make && make install
- name: Soft connection
file: src=/application/nginx-1.10.3/ dest=/application/nginx state=link
- name: move nginx_conf
shell: mv /application/nginx/conf/nginx.conf /application/nginx/conf/nginx.conf.bak
- name: copy nginx_conf
shell: cp /etc/ansible/lb_conf/nginx.conf /application/nginx/conf/
- name: start nginx
shell: /application/nginx/sbin/nginx
2.7.1 lb配置文件
cat /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream www_server_pools {
server 10.0.0.8:80 weight=1;
server 10.0.0.7:80 weight=1;
server 10.0.0.9:80 weight=1;
}
server {
listen 80;
server_name www.tiandi.com;
location / {
proxy_pass http://www_server_pools;
}
}
}
2.8 一键安装keepalived高可用
- hosts: 172.16.1.5
tasks:
- name: yum keepalived
yum: name=keepalived
- name: copy conf_keepalived
copy: src=/etc/ansible/keepalived_conf/keepalived.conf dest=/etc/keepalived/
- name: start keepalived
shell: /etc/init.d/keepalived start
- hosts: 172.16.1.6
tasks:
- name: yum keepalived
yum: name=keepalived
- name: copy conf_keepalived
copy: src=/etc/ansible/keepalived_bak_conf/keepalived.conf dest=/etc/keepalived/
- name: start keepalived
shell: /etc/init.d/keepalived start
2.8.1 主keepalived配置文件
cat /etc/ansible/keepalived_conf/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 55
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.88/24 dev eth0 label eth0:1
}
}
2.8.2 备keepalived配置文件
cat /etc/ansible/ keepalived_bak_conf /keepalived.conf
! Configuration: command not found
bal_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lb02
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.88/24 dev eth0 label eth0:1
}
}
2.9 一键安装pptp_vpn服务
#pptp_vpn_server install
- hosts: 172.16.1.62
tasks:
- name: Set kernel forwarding
shell: sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf
- name: Configuration effective
shell: sysctl -p
- name: install epel_source
shell: wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
- name: Install PPTP
shell: yum -y install pptpd
- name: Modify configuration file
shell: sed -i '$a localip 10.0.0.62\nremoteip 172.16.1.100-200' /etc/pptpd.conf
- name: start pptp
shell: /etc/init.d/pptpd start
- name: Add user
shell: echo -e 'test * 123456 *' >>/etc/ppp/chap-secrets