1.环境准备
总体架构介绍
序号 | 类型 | 名称 | 外网地址 | 内网地址 | 软件 |
02 | 负载均衡服务器 | lb01 | 10.0.0.5 | 192.168.88.5 | nginx keepalived |
03 | 负载均衡服务器 | lb02 | 10.0.0.6 | 192.168.88.6 | nginx keepalived |
04 | web服务器 | web01 | 10.0.0.7 | 192.168.88.7 | nginx |
05 | web服务器 | web02 | 10.0.0.8 | 192.168.88.8 | nginx |
06 | web服务器 | web03 | 10.0.0.9 | 192.168.88.9 | nginx |
07 | 数据库服务器 | db01 | 10.0.0.51 | 192.168.88.51 | mariadb mysql |
08 | 存储服务器 | nfs01 | 10.0.0.31 | 192.168.88.31 | nfs-utils rpcbind |
09 | 备份服务器 | backup | 10.0.0.41 | 192.168.88.41 | rsync |
10 | 批量管理服务器 | m01 | 10.0.0.61 | 192.168.88.61 | ansible |
11 | 跳板机服务器 | jumpserver | 10.0.0.71 | 192.168.88.71 | jumpserver |
12 | 监控服务器 | zabbix | 10.0.0.72 | 192.168.88.72 | zabbix |
13 | 缓存服务器 | redis |
2.ansible搭建
cat >01_ins_ansible.sh<<EOF
#!/bin/bash
cat >/etc/yum.repos.d/ansible.repo<<EOM
[ansible]
name=ansible
baseurl=https://mirror.tuna.tsinghua.edu.cn/epel/7/x86_64/
gpgcheck=0
enabled=1
EOM
yum clean all
yum repoinfo
yum -y install ansible
EOF
vim 02_config_ansible.sh
#!/bin/bash
ls /ansible
[ $? -eq 0 ] || mkdir /ansible
cat >/ansible/ansible.cfg<<EOF
[defaults]
host_key_checking = false
inventory = inventory
EOF
cat >/ansible/inventory<<EOF
[web]
192.168.88.7
192.168.88.8
192.168.88.9
[lb01]
192.168.88.5
[lb02]
192.168.88.6
[db]
192.168.88.51
[data]
192.168.88.31
[all:vars]
ansible_ssh_user=root #所有机器用户名都是root,密码是123
ansible_ssh_pass=123
EOF
1.测试ansible可以正常访问
ansible all -m ping
3.web服务(LNMP架构wordpress)
(一)安装linux操作系统(略)
(二)整体文件系统说明
1设置tab键
每次缩进2个空格,方便编写yaml文件,直接拷贝执行即可
cat >.vimrc<<EOF
autocmd FileType yaml setlocal ai ts=2 sw=2 et
EOF
2.一键安装web服务器nginx,php,部署3台web
cd /ansible
cat >03_install_nginx.yaml<<EOF
---
- name: install nginx
hosts: web
tasks:
- name: touch
copy:
content: |
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
dest: /etc/yum.repos.d/nginx.repo
- name: shell
shell:
cmd:
yum makecache
- name: install nginx
shell:
cmd: |
yum -y install nginx
yum remove -y epel-release.noarch
yum install -y epel-release
yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm
yum --enablerepo=remi-php74 install -y php php-cli php-common php-devel php-embedded php-gd php-mbstring php-pdo php-xml php-fpm php-mysqlnd php-opcache php-mcrypt php-pecl-memcached php-pecl-mongodb php-pecl-redis
- name: copy web/default.conf
copy:
src: web/default.conf
dest: /etc/nginx/conf.d/
- name: copy www.conf
copy:
src: files/www.conf
dest: /etc/php-fpm.d/www.conf
- name: start nginx service
service:
name: "{{item}}"
state: restarted
enabled: yes
loop: [nginx,php-fpm]
EOF
ansible-playbook 03_install_nginx.yaml 执行
3.一键安装代理服务器nginx,keepalived,部署2台lb01和lb02
cat >04_install_keepalived.yaml<<EOF
---
- name: install nginx
hosts: lb01,lb02
tasks:
- name: touch
copy:
content: |
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
dest: /etc/yum.repos.d/nginx.repo
- name: shell
shell: yum makecache
- name: install nginx
yum:
name: nginx,keepalived
state: present
- name: copy nginx.conf
copy:
src: files/nginx.conf
dest: /etc/nginx/
- name: copy default.conf
copy:
src: files/default.conf
dest: /etc/nginx/conf.d/
- name: config keepalived.conf
hosts: lb01
tasks:
- name: copy lb01 keepalived.conf
copy:
src: files/keepalived.conf #master配置文件
dest: /etc/keepalived/
- name: lb02
hosts: lb02
tasks:
- name: copy lb02 keepalived.conf
copy:
src: ./keepalived.conf #slave配置文件
dest: /etc/keepalived/
- name: start service
hosts: lb01,lb02
tasks:
- name: start nginx keepalived service
service:
name: "{{item}}"
state: restarted
enabled: yes
loop: [nginx,keepalived]
EOF
4.nfs服务端文件系统部署
cat >05_install_server_nfs-utils.yaml<<EOF
---
- name: install nfs01
hosts: data
tasks:
- name: install nfs-utils
yum:
name: nfs-utils,rpcbind
state: present
- name: copy /etc/exports
copy:
content: |
/data 192.168.88.0/24(rw,sync)
dest: /etc/exports
- name: mkdir /data
file:
path: /data
state: directory
owner: nfsnobody
group: nfsnobody
- name: html
copy:
src: web/wordpress-6.1.1-zh_CN.tar.gz
dest: /data
- name: tar -xf wordpress-6.1.1-zh_CN.tar.gz
shell:
cmd: |
tar -xf /data/wordpress-6.1.1-zh_CN.tar.gz -C /data
chmod -R 777 /data
- name: start rpcbind,nfs
service:
name: "{{item}}"
state: restarted
enabled: yes
loop: [rpcbind,nfs]
EOF
5.nfs客户端web文件系统部署
cat >06_clientweb_nfs-utils.yaml<<EOF
---
- name: install nfs-utils
hosts: web
tasks:
- name: install nfs-utils
yum:
name: nfs-utils
state: present
- name: copy /etc/
copy:
content: |
mount -t nfs 192.168.88.31:/data /mnt
dest: /etc/rc.d/nfs.local
- name: chmod a+x /etc/rc.d/nfs.local
shell:
cmd: |
chmod a+x /etc/rc.d/nfs.local
mount -t nfs 192.168.88.31:/data /mnt
EOF
6.mariadb数据库部署
cat >07-install_mariadb-server.yaml<<EOF
---
- name: install nfs-utils
hosts: db
tasks:
- name: install nfs-utils
yum:
name: mariadb-server,mariadb
state: present
- name: start mariadb
service:
name: mariadb
state: restarted
enabled: yes
- name: 修改passwd
shell:
cmd: |
mysqladmin -u root password '123456'
EOF
7.创建收钱数据库和用户
cat >08-config-mysql.yml<<EOF
---
- name: config mysql
hosts: db
tasks:
- name: create database
script: files/config_mysql.sh
EOF
7.files目录下文件
1.files/config_mysql.sh
cat files/config_mysql.sh<<EOF
mysql -u root -p123456 -e "create database wordpress character set utf8mb4"
mysql -u root -p123456 -e "create user wordpress@'%' identified by 'wordpress'"
mysql -u root -p123456 -e "grant all privileges on wordpress.* to wordpress@'%'"
EOF
2.files/default.conf
cat >default.conf<<EOF
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://webserver; #路由转发
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
EOF
3.files/keepalived.conf
cat >keepalived.conf<<EOF
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id lb01
vrrp_iptables
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_script chk_http_port { # 定义监视脚本
script "/etc/keepalived/check_lvs.sh"
interval 2 # 脚本每隔2秒运行一次
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.88.80/24
}
track_script { # 引用脚本
chk_http_port
}
}
EOF
4.files/check_lvs.sh
cat >files/check_lvs.sh<<EOF #检测keepalived主备切换
#!/bin/bash
ss -ntulp | grep :80 &> /dev/null && exit 0 || exit 1
EOF
chmod +x files/check_lvs.sh #记得加执行权限
5.files/www.conf
cat >files/www.conf<<EOF #源文件修改以下2行
...
user = nginx
group = nginx
...
EOF
8.web目录下文件
1.web/www.conf
cat >web/default.conf<<EOF
server {
listen 80;
server_name localhost;
#access_log /var/log/nginx/host.access.log main;
location / {
root /mnt/wordpress;
index index.php index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /mnt/wordpress;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /mnt/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
EOF
2.web/wordpress-6.1.1-zh_CN.tar.gz
下载网址
wordpress-6.1-zh_CN.zip - 坚果云 - 云盘|网盘|企业网盘|同步|备份|无限空间|免费网络硬盘|企业云盘 (jianguoyun.com)
9.注意事项
如果客户端是windows主机,则使用记事本程序打开C:\windows\System32\drivers\etc\hosts添加名称解析
当点击http://192.168.88.80页面中任意链接时,地址栏上的地址,都会变成192.168.88.7。通过以下方式修复它:
# 在nfs服务器上修改配置文件
[root@nfs01 ~]# vim /mnt/wordpress/wp-config.php
# define('DB_NAME', 'wordpress')它的上方添加以下两行:
define('WP_SITEURL', 'http://192.168.88.80');
define('WP_HOME', 'http://192.168.88.80');