本文共 20032 字，大约阅读时间需要 66 分钟。

一键部署脚本

# 0.基础优化#       - 开启防火墙#       - 关闭selinux#       - 创建www用户#       - 开启80 443 873 nfs端口- hosts: all  tasks:    - name: Start FireWall      service:        name: firewalld        state: started    - name: Stop SeLinux      selinux:        state: disabled    - name: Create www Group      group:        name: www        gid: 666        state: present    - name: Create www User      user:        name: www        uid: 666        group: www        shell: /sbin/nologin        create_home: false    - name: Open http Port      firewalld:        service: http        state: enabled        permanent: no    - name: Open https Port      firewalld:        service: https        state: enabled        permanent: no    - name: Open rsync Port      firewalld:        port: 873/tcp        state: enabled        permanent: no    - name: Open nfs Port      firewalld:        service: nfs        state: enabled        permanent: no# 0.1安装rsync- hosts: install_rsync  tasks:    - name: Install Rsync Server      yum:        name: rsync        state: present# 0.2配置rsync- hosts: backup  tasks:    - name: Configure Rsync Conf      copy:        src: /root/ansible/rsync/rsyncd.conf        dest: /etc/rsyncd.conf        owner: root        group: root        mode: 0644# 0.3创建备份目录    - name: Create Backup Dir      file:        path: /backup        owner: www        group: www        mode: 0755        state: directory# 0.4创建密码文件    - name: Create PASS File      copy:        content: zls:123        dest: /etc/rsync.pass        owner: root        group: root        mode: 0600# 0.5启动rsync服务    - name: Start Rsync Server      service:        name: rsyncd        state: started        enabled: true# 0.6安装nfs- hosts: install_nfs  tasks:    - name: Install NFS Server      yum:        name: nfs-utils        state: present# 0.7配置nfs配置文件- hosts: nfs  tasks:    - name: Configure NFS Conf      copy:        content: /web_data 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)        dest: /etc/exports        owner: root        group: root        mode: 0644# 0.8创建共享目录    - name: Create Share Dir      file:        path: /web_data        owner: www        group: www        mode: 0755        state: directory# 0.9启动NFS服务    - name: Start NFS Server      service:        name: nfs-server        state: started        enabled: true# 0.91推送备份脚本到nfs服务器    - name: Push NFS Backup Shell      copy:        src: /root/ansible/nfs/backup.sh        dest: /root/backup.sh        owner: root        group: root        mode: 0755# 0.99添加定时任务    - name: Create Crond      cron:        name: NFS Backup Rsync        job: '/bin/sh /root/backup.sh &>/dev/null'# 1.web01和web02安装nginx- hosts: web_group  tasks:    - name: Install Nginx Server      yum:        name: nginx        state: present# 2.web01和web02配置nginx    - name: Configure Nginx Conf      copy:        src: /root/ansible/nginx/nginx.conf        dest: /etc/nginx/nginx.conf        owner: root        group: root        mode: 0644# 3.web01和web02配置虚拟主机    - name: Configure Nginx Server      copy:        src: /root/ansible/nginx/www.zls.com.conf        dest: /etc/nginx/conf.d/www.zls.com.conf        owner: root        group: root        mode: 0644# 4.创建web01和web02的站点目录    - name: Create HTML Directory      file:        path: /code        owner: www        group: www        mode: 0755        state: directory# 5.web01和web02启动nginx    - name: Start Nginx Server      service:        name: nginx        state: started        enabled: true# 6.创建一个用户上传图片目录    - name: Create Upload Dir      file:        path: /opt/upload        owner: www        group: www        mode: 0755        state: directory# 7.挂载nfs共享目录    - name: Mount NFS Share Dir      mount:        path: /opt/upload        src: 172.16.1.31:/web_data        fstype: nfs        state: mounted# 8.创建默认页面- hosts: web01  tasks:    - name: Create web01 index.html      copy:        content: zls_web01_page        dest: /code/index.html        owner: www        group: www        mode: 0644- hosts: web02  tasks:    - name: Create web02 index.html      copy:        content: zls_web02_page        dest: /code/index.html        owner: www        group: www        mode: 0644

环境

1.创建免密连接vim  ssh.sh#!/bin/bashif [ ! -d "/root/.ssh" ];then        install=`yum install -y sshpass`        pass='0000'        ip='172.16.1.'        ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa        for i in   7 8 9 31 41 51 ;        do        sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip}${i}        donefish ssh.sh2.安装ansibleyum install -y ansible3.配置主机清单vim /etc/ansible/hosts[web_group]web01 ansible_ssh_host=10.0.0.7web02 ansible_ssh_host=10.0.0.8[nfs_group]nfs ansible_ssh_host=10.0.0.31[backup_group]backup ansible_ssh_host=10.0.0.41[db_group]db01 ansible_ssh_host=10.0.0.514.写剧本vim  /root/playbook/artist.yml# 基础优化- hosts: all  tasks:    - name: Start FireWall      service:        name: firewalld        state: started    - name: Stop SeLinux      selinux:        state: disabled    - name: Create www Group      group:        name: www        gid: 666        state: present    - name: Create www User      user:        name: www        uid: 666        group: www        shell: /sbin/nologin        create_home: false    - name: Open Port      firewalld:        service: "{{ item }}"        state: enabled        permanent: no      with_items:         - 'http'        - 'https'      when: ansible_fqdn is match 'web*'    - name: Open Port      firewalld:        service: "{{ item }}"        state: enabled        permanent: no      with_items:        - 'nfs'      when: ansible_fqdn == 'nfs'    - name: Open Port      firewalld:        port: "{{ item }}"        state: enabled        permanent: no      with_items:        - '873/tcp'      when: ansible_fqdn == 'backup' or ansible_fqdn == 'nfs'    - name: Open Port      firewalld:        port: "{{ item }}"        state: enabled        permanent: no      with_items:        - '3306/tcp'      when: ansible_fqdn == 'db01'# 备份服务器    - name: Install Rsync Server      script: /root/sh/rsync.sh      when: ansible_fqdn == 'backup'# 文件共享服务器    - name: Install Sersync Server      script: /root/sh/sersync.sh      when: ansible_fqdn == 'nfs'# 数据库服务器- hosts: db01  tasks:    - name: Install MariaDB Server      yum:        name:          - mariadb-server          - MySQL-python        state: present    - name: Start MariaDB Server      service:        name: mariadb        state: started        enabled: true    - name: Create WordPress User      mysql_user:        #login_user: 'root'        #login_password: '123'        #login_host: 'localhost'        name: php_user        password: '111'        host: '%'        priv: '*.*:ALL'        state: present    - name: Push SQL File to DB      copy:        src: /root/wp.sql        dest: /tmp/    - name: Import WordPress Data      mysql_db:        #login_user: 'root'        #login_password: '123'        #login_host: 'localhost'        state: import        name: all        target: /tmp/wp.sql# web服务器- hosts: web_group  tasks:    - name: Create Nginx Repo      yum_repository:        name: nginx-stable        description: nginx        baseurl: http://nginx.org/packages/centos/$releasever/$basearch/        gpgcheck: no        enabled: yes            - name: Install Nginx Server      yum:        name: nginx        state: present    - name: Create HTML Directory      file:        path: /code        owner: www        group: www        mode: 0755        state: directory    - name: Configure files      copy:        src: "{{ item.src }}"        dest: "{{ item.dest }}"      with_items:        - { src: "/root/conf/php.ini", dest: "/etc/" }        - { src: "/root/conf/www.conf", dest: "/etc/php-fpm.d/" }        - { src: "/root/conf/wp.conf", dest: "/etc/nginx/conf.d/" }    - name: Create Php      unarchive:        src: "{{ item.src }}"        dest: "{{ item.dest }}"      with_items:        - { src: "/root/php.tar.gz", dest: "/opt/" }        - { src: "/root/wp.tar.gz", dest: "/code" }    - name: Install Php      shell: yum localinstall -y /opt/*rpm    - name: Mount NFS Share Dir      mount:        path: /code/wordpress/wp-content/uploads/        src: 172.16.1.31:/code/wp        fstype: nfs        state: mounted    - name: Start Nginx Server      service:        name: "{{ item }}"        state: started        enabled: true      with_items:        - 'nginx'        - 'php-fpm'

5.前期准备# vim /root/sh/rsync.sh#!/bin/bashinstall=`yum install -y rsync`cat >/etc/rsyncd.conf<<'EOF'#!/bin/bashuid = rsyncgid = rsyncport = 873fake super = yesuse chroot = nomax connections = 200timeout = 600ignore errorsread only = falselist = falseauth users = kang_baksecrets file = /etc/rsync.passwdlog file = /var/log/rsyncd.log[backup]comment = welcome to oldboyedu backup!path = /backupEOFuseradd rsync -s /sbin/nologin -Mmkdir /backupchown rsync.rsync /backup/ -Recho 'kang_bak:123' > /etc/rsync.passwdchmod 600  /etc/rsync.passwdsystemctl start rsyncdsystemctl enable rsyncd# vim /root/sh/sersync.sh#!/bin/bashinstall=`yum install -y rsync nfs-utils inotify-tools`echo "/code/wp 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)" >> /etc/exportsecho "/code/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)" >> /etc/exportsgroupadd www -g 666useradd www -u 666 -g 666 -s /sbin/nologin -Mmkdir -p /code/{wp,zh}chown www.www /code/systemctl start rpcbind nfs-serversystemctl enable rpcbind nfs-serverdownload=`wget http://test.driverzeng.com/other/sersync2.5.4_64bit_binary_stable_final.tar.gz`tar xf sersync2.5.4_64bit_binary_stable_final.tar.gzmv GNU-Linux-x86 /usr/local/sersynccat >/usr/local/sersync/confxml.xml<<'EOF'
       
       
       
       
   	
    	
    	
    	
        
       
   	
    	
    	
    	
    	
    	
    	
    	
        
       
   	
    	
    	    
     	    
     	    
     	    
     	
    	
    	    
     	    
                 
     	    
     	    
     
     	    
     
     	    
     	
    	
    
    	
    
     	    
     		
      		
      	    
     	
    	
        
       
   	
    	
    	
    	    
     	    
     	
        
       
   	
    	    
     	
        
       
   	
    	    
     	    
     	    
     	
        
   EOFecho '123' > /etc/rsync.passwdchmod 600  /etc/rsync.passwd/usr/local/sersync/sersync2 -rdo /usr/local/sersync/confxml.xml# vim /root/conf/wp.conf server {        listen 80;        server_name wp.com;        root /code/wp;        index index.php index.html;        location ~ \.php$ {                root /code/wp;                         fastcgi_pass localhost:9000;                fastcgi_index index.php;                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;                include        fastcgi_params;        }}# 以及配置好的：1.wp压缩包2.php.ini3.www.conf4.php.tar.gz5.wp.sql

环境准备

需求分析

1.同一用户www2.db01 	安装数据库	启动+自启	#给root用户创建密码（db01完成）	#创建wordpress库（db01完成）	#创建数据库用户（db01完成）3.backup	安装rsync	传输rsync配置文件	创建备份目录	传输用户密码文件	启动rsync4.nfs01	安装rsync,nfs-utils	传输nfs配置文件	创建共享目录	安装sersync	改名	#需要优化	传输sersync配置文件	创建rsync客户端密码文件	启动nfs	启动Sersync	5.web01	安装nfs-utils	#需要优化	安装nginx,php	修改nginx和php默认用户	传输wordpress虚拟主机配置	创建部署wordpress	创建文件上传目录	挂载文件目录	启动nginx	启动php

主机清单

[root@m01 ~]# vim /etc/ansible/hosts[web_group]web01 ansible_ssh_host=10.0.0.7[backup_group]backup ansible_ssh_host=10.0.0.41[nfs_group]nfs01 ansible_ssh_host=10.0.0.31[db_group]db01 ansible_ssh_host=10.0.0.51

rsync配置文件

mkdir /root/rsync -pvim /root/rsync/rsyncd.confuid = www	gid = wwwport = 873							fake super = yes					 use chroot = no						max connections = 200timeout = 600ignore errorsread only = falselist = falselog file = /var/log/rsyncd.logauth users = rsync_subinsecrets file = /etc/rsync.passwd[wordpress_backup]					  comment = welcome to wordpress backup!path = /backup/wordpress

nginx配置文件

mkdir -p /root/nginxvim /root/nginx/wordpress.confserver {        listen 80;        server_name blog.subin.com;        root /code/wordpress;        index index.php index.html;        location ~ \.php$ {                fastcgi_pass localhost:9000;                fastcgi_index index.php;                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;                include fastcgi_params;        }}

nfs配置文件

mkdir /root/nfs -pvim /root/nfs/exports/wordpress_file_upload 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)---------------------------------------------------------------------------------------vim /root/nfs/confxml.xml
       
       
       
       
   	
    	
    	
    	
        
       
       
   	
    	
    	
    	
    	
    	
    	
    	
        
   	 
       
   	
    	    
     	
    	    
    	
    	    
     	    
     	    
     
     	    
     
     	    
     	
    	
    
    	
    
     	    
     		
      		
      	    
     	
    	
        
       
   	
    	
    	
    	    
     	    
     	
        
       
   	
    	    
     	
        
       
   	
    	    
     	    
     	    
     	
        
   

变量文件

vim /root/group_vars/allgroupname: wwwgroupgid: 666username: wwwuseruid: 666create_home: falselogin_shell: /sbin/nologinsources_dirname: /root/sources/--------------------------------------------------------------------------vim /root/group_vars/db_groupdb_yum_name: mariadb-serverdb_server_name: mariadb--------------------------------------------------------------------------vim /root/group_vars/backup_grouprsync_yum_name: rsyncrsync_service_name: rsyncdrsync_conf_src: /root/rsync/rsyncd.confrsync_conf_dest: /etc/rsyncd.confrsync_user_pass: rsync_subin:passwordrsync_user_pass_dest: /etc/rsync.passwdrsync_backup_dirname: /backup/wordpress--------------------------------------------------------------------------vim /root/group_vars/nfs_grouprsync_yum_name: rsyncrsync_pass: passwordrsync_pass_dest: /etc/rsync.passwordnfs_yum_name: nfs-utilsnfs_service_name: nfs-servernfs_exports_src: /root/nfs/exports nfs_exports_dest: /etc/exportsnfs_share_dirname: /wordpress_file_uploadsersync_tar_name: sersync2.5.4_64bit_binary_stable_final.tar.gzsersync_unarchive_dest: /usr/localsersync_delete_shell: rm -rf /usr/local/sersyncsersync_rename_shell: mv /usr/local/GNU-Linux-x86 /usr/local/sersyncsersync_conf_src: /root/nfs/confxml.xmlsersync_conf_dest: /usr/local/sersync/confxml.xmlsersync_shell: /usr/local/sersync/sersync2 -dro--------------------------------------------------------------------------vim /root/group_vars/web_groupnfs_yum_name: nfs-utilsnginx_php_tar_name: nginx_php.tar.gznginx_php_dest: /rootnginx_php_shell: cd /root/nginx_php && rpm -Uvh *.rpmupdate_nginxuser_shell: sed -i '/^user/c user www;' /etc/nginx/nginx.conf update_phpuser_shell: sed -i '/^user/c user = www' /etc/php-fpm.d/www.confupdate_phpgroup_shell: sed -i '/^group/c group = www' /etc/php-fpm.d/www.confnginx_server_conf_src: /root/nginx/wordpress.confnginx_server_conf_dest: /etc/nginx/conf.d/wordpress.confnginx_code_name: /codewordpress_tar_name: wordpress-5.4-zh_CN.tar.gzwordpress_dest: /codenginx_mount_path: /code/wordpress/wp-content/uploadsnginx_mount_src: 172.16.1.31:/wordpress_file_uploadnginx_server_name: nginxphp_server_name: php-fpm

剧本

vim /root/wordpress.yml---- hosts: all  tasks:    - name: 同一用户组www      group:        name: "{{ groupname }}"        gid: "{{ groupgid }}"    - name: 同一用户www      user:        name: "{{ username }}"        group: "{{ groupname }}"        uid: "{{ useruid }}"        create_home: "{{ create_home }}"        shell: "{{ login_shell }}"  - hosts: db_group  tasks:    - name: 安装数据库      yum:        name: "{{ db_yum_name }}"        state: present    - name: 数据库启动+自启      service:        name: "{{ db_server_name }}"        state: started        enabled: yes     - hosts: backup_group  tasks:     - name: 安装rsync服务        yum:        name: "{{ rsync_yum_name }}"        state: present    - name: 推送rsync配置文件      copy:         src: "{{ rsync_conf_src }}"        dest: "{{ rsync_conf_dest }}"        owner: root        group: root        mode: 0644    - name: 创建密码文件并且授权      copy:        content: "{{ rsync_user_pass }}"        dest: "{{ rsync_user_pass_dest }}"        owner: root        group: root        mode: 0600    - name: 创建backup目录      file:        path: "{{ rsync_backup_dirname }}"        state: directory        mode: 0755        owner: "{{ username }}"        group: "{{ groupname }}"        recurse: yes    - name: 启动rsync服务      service:        name: "{{ rsync_service_name }}"        state: started        enabled: yes- hosts: nfs_group  tasks:    - name: nfs安装rsync      yum:        name: "{{ rsync_yum_name }}"        state: present    - name: nfs安装nfs-utils      yum:        name: "{{ nfs_yum_name }}"        state: present        - name: 推送nfs配置文件      copy:        src: "{{ nfs_exports_src }}"        dest: "{{ nfs_exports_dest }}"        owner: root        group: root        mode: 0644    - name: 创建nfs共享目录      file:        path: "{{ nfs_share_dirname }}"        owner: "{{ username }}"        group: "{{ groupname }}"        mode: 0755        recurse: yes       - name: 解压sersync包      unarchive:        src: "{{ sources_dirname }}{{ sersync_tar_name }}"        dest: "{{ sersync_unarchive_dest }}"    - name: 删除原有目录      shell: "{{ sersync_delete_shell }}"        - name: sersync改名      shell: "{{ sersync_rename_shell }}"    - name: 传输sersync配置文件      copy:        src: "{{ sersync_conf_src }}"        dest: "{{ sersync_conf_dest }}"        owner: root        group: root        mode: 0755        backup: yes    - name: 创建rsync客户端密码文件      copy:        content: "{{ rsync_pass }}"        dest: "{{ rsync_pass_dest }}"        owner: root        group: root        mode: 0600      - name: 启动nfs-server      service:        name: "{{ nfs_service_name }}"        state: started        enabled: yes    - name: 启动Sersync      shell: "{{ sersync_shell }} {{ sersync_conf_dest }}"- hosts: web_group  tasks:    - name: nfs安装nfs-utils      yum:        name: "{{ nfs_yum_name }}"        state: present      - name: 解压nginx,php包      unarchive:        src: "{{ sources_dirname }}{{ nginx_php_tar_name }}"        dest: "{{ nginx_php_dest }}"    - name: 安装nginx,php      shell: "{{ nginx_php_shell }}"    - name: 修改nginx和php默认用户      shell: "{{ update_nginxuser_shell }} && {{ update_phpuser_shell }} && {{ update_phpgroup_shell }}"    - name: 推送nginx配置文件      copy:        src: "{{ nginx_server_conf_src }}"        dest: "{{ nginx_server_conf_dest }}"        owner: root        group: root        mode: 0644    - name: 创建wordpress站点目录      file:        path: "{{ nginx_code_name }}"        state: directory        owner: "{{ username }}"        group: "{{ groupname }}"        mode: 0755        recurse: yes      - name: 部署wordpress      unarchive:        src: "{{ sources_dirname }}{{ wordpress_tar_name }}"        dest: "{{ wordpress_dest }}"         owner: "{{ username }}"        group: "{{ groupname }}"        mode: 0755    - name: 创建文件上传目录      file:        path: "{{ nginx_mount_path }}"        state: directory        owner: "{{ username }}"        group: "{{ groupname }}"        mode: 0755        recurse: yes     - name: 挂载文件目录      mount:        path: "{{ nginx_mount_path }}"        src: "{{ nginx_mount_src }}"        fstype: nfs        opts: defaults        state: mounted    - name: 启动nginx      service:        name: "{{ nginx_server_name }}"        state: started        enabled: yes    - name: 启动php      service:        name: "{{ php_server_name }}"        state: started        enabled: yes

db01配置数据库

#给root用户创建密码[root@db01 ~]# mysqladmin -uroot password 1#连接数据库[root@db01 ~]# mysql -uroot -p1#创建wordpress的库MariaDB [(none)]> create database wordpress;#创建一个共同数据库用户MariaDB [(none)]> grant all on *.* to php_subin@'%' identified by '111';

转载地址：http://oqlfz.baihongyu.com/