项目需求:
1. 172.25.250.101 主机上的 Web 服务要求提供 www.exam.com Web站点,该站点在任何路由可达 的主机上被访问,页面内容显示为 "Hello,Welcome to www.exam.com !",并提供 content.exam.com/yum/AppStream和content.exam.com/yum/BaseOS URL 作为网络仓库供所 有主机使用。
2. 172.25.250.102 主机提供基于Chronyd 的 NTP 服务将本主机作为时间服务器,对外提供 NTP 服 务,并设置本服务器为 3 层。
3. 172.25.250.103 主机提供的MySQL 数据库服务,要求使用需求1中提供的仓库进行安装,并将数据 库密码设定为 redhat。创建名称为 bbs 的数据库提供给论坛服务使用。
4. 172.25.250.104 主机提供 NFS 服务,该服务将导出本地的 /bbs 目录作为论坛数据目录,该导出指 定只能论坛所在主机使用,并且开机自动挂载。
5. 172.25.250.105 主机提供 DNS 服务,该服务需要提供对项目中所有主机名的正向和反向解析,并 要求所有服务器的 DNS 配置为该 DNS 服务器。
6. 172.25.250.106 主机提供基于 Discuz 的论坛服务,该论坛服务使用 172.25.250.103 主机提供的数 据库 bbs,使用 172.25.250.104 主机提供的 NFS 作为论坛数据目录,并开机挂载。并使用 172.25.250.101 主机提供的网络仓库,172.25.250.102 主机提供的 NTP 服务,172.25.250.105 主 机提供的 DNS 服务。
7. 所有服务器的防火墙服务和 SELinux 服务必须开启。
8. 所有服务器提供的网络服务必须在系统重启后仍然可以正常提供服务。
9. 根据所有服务的相关代码,编写一键部署shell脚本,最基础的功能为 通过执行该脚本实现所有上面 所有需求,要求脚本必须在 servera.exam.com 主机上运行,并支持多次运行。
主机环境描述
172.25.250.101-172.25.250.105 共 5 个 IP 地址由servera.exam.com服务器进行提供。 172.25.250.106 由 serverb.exam.com 服务器进行提供。
环境拓扑结构
以下是我的代码
servera:172.25.250.99
serverb: 172.25.250.100
已提前做好公钥互信
#!/bin/bash
##配置ip地址
hostnamectl set-hostname servera.exam.com
nmcli connection modify ens160 +ipv4.addresses 172.25.250.101/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.102/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.103/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.104/24
nmcli connection modify ens160 +ipv4.addresses 172.25.250.105/24
nmcli connection modify ens160 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160
##配置本地仓库
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=/mnt/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=/mnt/AppStream
gpgcheck=0
EOF
mount=`df -h | grep /dev/sr0 | awk '{print $6}'`
if [ "$mount" = "/mnt" ]; then
echo "mount ok"
elif [ -z "$mount" ]; then
mount /dev/sr0 /mnt
else
umount /dev/sr0
mount /dev/sr0 /mnt
fi
dnf repolist
## dns server
dnf install bind* -y
cat > /etc/named.conf <<EOF
options {
listen-on port 53 { 172.25.250.105; };
directory "/var/named";
};
zone "exam.com" IN {
type master;
file "named.exam";
};
EOF
cat > /var/named/named.exam <<EOF
\$TTL 1D
@ IN SOA @ admin.exam.com. (
0
1D
1D
2D
1D)
IN NS ns.exam.com.
IN MX 10 mail.exam.com.
ns IN A 172.25.250.99
content IN A 172.25.250.101
www IN A 172.25.250.101
ntp IN A 172.25.250.102
mysql IN A 172.25.250.103
dns IN A 172.25.250.105
nfs IN A 172.25.250.104
bbs IN A 172.25.250.106
EOF
systemctl enable named --now
fhq_dns=`firewall-cmd --list-services | grep -o dns`
if [ -z $fhq_dns ]; then
firewall-cmd --permanent --add-service=dns
firewall-cmd --reload
else
echo "fhq_dns ok"
fi
##httpd server
dnf install httpd -y
cat > /etc/httpd/conf.d/vhost.conf << EOF
<directory /www>
allowoverride none
require all granted
</directory>
<directory /www/yum>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</directory>
<virtualhost 172.25.250.101>
documentroot /www
servername www.exam.com
</virtualhost>
EOF
yum="/www/yum"
if [ -d $yum ]; then
echo "file ok"
else
mkdir /www/yum -p
fi
echo "Hello,Welcome to www.exam.com!" > /www/index.html
systemctl restart httpd
systemctl enable httpd
fhq_http=`firewall-cmd --list-services | grep -o http`
if [ -z $fhq_http ]; then
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
else
echo "fhq_http ok"
fi
chcon_http=`ls -Zl /www/index.html | awk '{print $5}' | awk -F: '{print $3}'`
if [ "$chcon_http" = "httpd_sys_content_t" ]; then
echo "chcon ok"
else
chcon -t httpd_sys_content_t /www/index.html
fi
mount=`df -h | grep /dev/sr0 | awk '{print $6}'`
if [ $mount = /www/yum ]; then
echo "mount ok"
elif [ -z $mount ]; then
mount /dev/sr0 /www/yum
else
umount /dev/sr0
mount /dev/sr0 /www/yum
fi
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
dnf install -y vim net-tools bash-com*
##ntp
sed -i 's!#allow 192.168.0.0/16!allow 172.25.250.0/24!g' /etc/chrony.conf
sed -i 's!#local stratum 10!local stratum 3!g' /etc/chrony.conf
sed -i 's!#logdir /var/log/chrony!log measurements statistics!g' /etc/chrony.conf
systemctl enable chronyd
fhq_ntp=`firewall-cmd --list-services | grep -o ntp`
if [ -z $fhq_ntp ]; then
firewall-cmd --permanent --add-service=ntp
firewall-cmd --reload
else
echo "fhq_ntp ok"
fi
systemctl restart chronyd
ssh root@172.25.250.100 << EOF
hostnamectl set-hostname serverb.exam.com
nmcli connection modify ens160 +ipv4.addresses 172.25.250.106/24
nmcli connection modify ens160 ipv4.dns 172.25.250.105 ipv4.method manual connection.autoconnect yes
nmcli connection up ens160
sed -i 's/pool pool.ntp.org iburst/server ntp.exam.com iburst/g' /etc/chrony.conf
systemctl restart chronyd
EOF
## database server
fhq_mysql=`firewall-cmd --list-services | grep -o mysql`
if [ -z $fhq_mysql ]; then
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
else
echo "fhq_mysql ok"
fi
dnf install mariadb* -y
systemctl enable mariadb --now
mysqladmin -u root password "redhat" &>/dev/null
if mysql -u root -predhat -e "USE bbs"; then
echo "database ok"
else
mysql -u root -predhat<<EOF
create database bbs;
grant all privileges on *.* to 'root'@'%' identified by 'redhat';
flush privileges;
EOF
fi
## nfs server
bbs='/bbs'
if [ -z $bbs ]; then
mkdir /bbs
else
echo "file ok"
fi
dnf install -y nfs-utils
chmod 777 /bbs/
cat > /etc/exports << EOF
/bbs 172.25.250.100(rw)
EOF
systemctl restart nfs-server
systemctl enable nfs-server
fhq_nfs=`firewall-cmd --list-services | grep -o nfs`
if [ -z $fhq_nfs ]; then
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
else
echo "fhq_nfs ok"
fi
fhq_mountd=`firewall-cmd --list-services | grep -o mountd`
if [ -z $fhq_mountd ]; then
firewall-cmd --permanent --add-service=mountd
firewall-cmd --reload
else
echo "fhq_mountd ok"
fi
fhq_rpc_bind=`firewall-cmd --list-services | grep -o rpc-bind`
if [ -z $fhq_rpc_bind ]; then
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
else
echo "fhq_rpc-bind ok"
fi
dnf install -y unzip
upload=`ls -l | grep upload | awk '{print $9}'`
if [ -z $upload ]; then
unzip /root/Discuz_X3.5_SC_UTF8_20230520.zip
cp -r /root/upload/ /bbs
else
echo "file ok"
fi
chmod 777 /bbs/* -R
## lt ######
ssh root@172.25.250.100 << 'ALLEOF'
cat > /etc/yum.repos.d/rpm.repo << EOF
[baseos]
name=baseos
baseurl=http://content.exam.com/yum/BaseOS
gpgcheck=0
[appstream]
name=appstream
baseurl=http://content.exam.com/yum/AppStream
gpgcheck=0
EOF
dnf install -y httpd php* vim net-tools bash-com*
fhq_http=`firewall-cmd --list-services | grep -o http`
if [ -z $fhq_http ]; then
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
else
echo "fhq_http ok"
fi
cat > /etc/httpd/conf.d/vhost.conf << EOF
<directory /www>
allowoverride none
require all granted
</directory>
<virtualhost 172.25.250.100:80>
documentroot /www
servername 172.25.250.100
</virtualhost>
EOF
if [ -d "/www" ]; then
echo "file ok"
else
mkdir -p /www/
fi
dnf install -y nfs-utils
systemctl start nfs-server
mount_nfs=`df -h | grep ntp.exam.com:/bbs | awk '{print $6}'`
if [ "$mount" = "/www" ]; then
echo "mount ok"
elif [ -z "$mount" ]; then
mount ntp.exam.com:/bbs /www/
else
umount ntp.exam.com:/bbs
mount ntp.exam.com:/bbs /www/
fi
fstab='nfs.exam.com:/bbs /www iso9660 defaults 0 0'
if grep -qF $fstab /etc/fstab; then
echo "fstab ok"
else
echo "$fstab" >> /etc/fstab
fi
systemctl enable httpd --now
systemctl enable php-fpm.service --now
setsebool -P httpd_use_nfs 1
setsebool -P httpd_can_network_connect_db on
ALLEOF
echo "##########################################################"
echo "第一次请访问:http://172.25.250.100"
echo "多次请访问:http://172.25.250.100/admin.php"
echo "##########################################################"
代码执行成功!