准备部署机deploy
[root@rocky8 ansible]#yum -y install ansible
[root@rocky8 ansible]#mkdir /data/ansible -p
[root@rocky8 ansible]#cd /data/ansible/
[root@rocky8 ansible]#cp /etc/ansible/ansible.cfg .
[root@SH-TEST-01 ansible]#vim ansible.cfg
[defaults]
inventory = /data/ansible/inventory
roles_path = /data/ansible/roles
host_key_checking = False
remote_user = root
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
#脚本实现免密
[root@rocky8 ansible]#bash ssh.sh
[root@ansible ansible]#vim inventory
[wordpress]
10.0.0.202
10.0.0.203
[jpress]
10.0.0.155
[mysql]
10.0.0.154
10.0.0.155
10.0.0.157
[redis]
10.0.0.156
10.0.0.205
[all]
10.0.0.209
10.0.0.152
10.0.0.153
10.0.0.154
10.0.0.155
10.0.0.156
10.0.0.157
10.0.0.201
10.0.0.202
10.0.0.203
10.0.0.204
10.0.0.205
10.0.0.206
10.0.0.207
10.0.0.208
10.0.0.158
10.0.0.159
10.0.0.160
10.0.0.161
10.0.0.162
10.0.0.163
#批量修改主机名
[root@ansible ansible]#vim adhoc.sh
#!/bin/bash
#
#********************************************************************
#Author: shuhong
#QQ: 985347841
#Date: 2022-10-03
#FileName: adhoc.sh
#URL: hhhhh
#Description: The test script
#Copyright (C): 2022 All rights reserved
#********************************************************************
ansible 10.0.0.152 -m hostname -a 'name=LVS.sh'
ansible 10.0.0.153 -m hostname -a 'name=nginx2.sh'
ansible 10.0.0.204 -m hostname -a 'name=jpress1.sh'
ansible 10.0.0.207 -m hostname -a 'name=jpress2.sh'
ansible 10.0.0.208 -m hostname -a 'name=jpredis.sh'
ansible 10.0.0.157 -m hostname -a 'name=jpmysql.sh'
ansible 10.0.0.201 -m hostname -a 'name=nginx1.sh'
ansible 10.0.0.202 -m hostname -a 'name=wordpress1.sh'
ansible 10.0.0.203 -m hostname -a 'name=wordpress2.sh'
ansible 10.0.0.154 -m hostname -a 'name=wpmysqlmaster.sh'
ansible 10.0.0.159 -m hostname -a 'name=wpredis.sh'
ansible 10.0.0.206 -m hostname -a 'name=NFS.sh'
ansible 10.0.0.155 -m hostname -a 'name=wpmsyqlslave.sh'
ansible 10.0.0.156 -m hostname -a 'name=rsync.sh'
ansible 10.0.0.158 -m hostname -a 'name=openvpn.sh'
ansible 10.0.0.205 -m hostname -a 'name=jumpserver.sh'
ansible 10.0.0.160 -m hostname -a 'name=DNSmaster.sh'
ansible 10.0.0.161 -m hostname -a 'name=DNSslave.sh'
ansible 10.0.0.162 -m hostname -a 'name=ntpzabbix.sh'
ansible 10.0.0.163 -m hostname -a 'name=ansible.sh'
ansible 10.0.0.209 -m hostname -a 'name=nexus.sh'
[root@rocky8 ansible]#bash adhoc.sh
配置时间同步
[root@rocky8 ansible]#vim timesync.yaml
---
- name: timesync
hosts: all
tasks:
- name: block1
block:
- name: rocky
yum:
name: chrony
state: present
- name: file
copy:
content: "server 10.0.0.163 iburst"
dest: /etc/chrony.conf
- name: service
service:
name: chronyd
state: restarted
enabled: yes
when: "'RedHat' in ansible_os_family"
- name: block2
block:
- name: ubuntu
apt:
name: chrony
state: present
- name: file
copy:
content: "server 10.0.0.163 iburst"
dest: /etc/chrony/chrony.conf
- name: service
service:
name: chrony
state: restarted
enabled: yes
when: "'Debian' in ansible_os_family"
[root@rocky8 ansible]#ansible-playbook timesync.yaml
ansible部署wordpress
[root@rocky8 ansible]#mkdir roles
[root@rocky8 ansible]#ansible-galaxy init roles/wordpress
- Role roles/wordpress was created successfully
[root@ansible ansible]#ansible-playbook wordpress.yaml
[DEPRECATION WARNING]: "include" is deprecated, use include_tasks/import_tasks instead. This feature will be removed in version 2.16. Deprecation warnings
can be disabled by setting deprecation_warnings=False in ansible.cfg.
PLAY [wordpress] ********************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : create group nginx "www-data"] ************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : create user "www-data"] *******************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : install packages] *************************************************************************************************************************
ok: [10.0.0.203] => (item=php7.4-fpm)
ok: [10.0.0.202] => (item=php7.4-fpm)
ok: [10.0.0.203] => (item=php7.4-mysql)
ok: [10.0.0.202] => (item=php7.4-mysql)
ok: [10.0.0.203] => (item=php7.4-json)
ok: [10.0.0.202] => (item=php7.4-json)
ok: [10.0.0.203] => (item=php7.4-xml)
ok: [10.0.0.202] => (item=php7.4-xml)
ok: [10.0.0.203] => (item=php7.4-mbstring)
ok: [10.0.0.202] => (item=php7.4-mbstring)
ok: [10.0.0.203] => (item=php7.4-zip)
ok: [10.0.0.202] => (item=php7.4-zip)
ok: [10.0.0.203] => (item=php7.4-gd)
ok: [10.0.0.202] => (item=php7.4-gd)
ok: [10.0.0.203] => (item=php7.4-curl)
ok: [10.0.0.202] => (item=php7.4-curl)
ok: [10.0.0.203] => (item=php-redis)
ok: [10.0.0.202] => (item=php-redis)
TASK [wordpress : config php] *******************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : service] **********************************************************************************************************************************
changed: [10.0.0.202]
changed: [10.0.0.203]
TASK [wordpress : redhat 8] *********************************************************************************************************************************
skipping: [10.0.0.202]
skipping: [10.0.0.203]
TASK [wordpress : ubuntu 20.04] *****************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : unarchive] ********************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : install nginx] ****************************************************************************************************************************
changed: [10.0.0.203]
changed: [10.0.0.202]
TASK [wordpress : config dir] *******************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : run dir] **********************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : change owner group] ***********************************************************************************************************************
changed: [10.0.0.202]
changed: [10.0.0.203]
TASK [wordpress : conf file] ********************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : conf www] *********************************************************************************************************************************
changed: [10.0.0.202]
changed: [10.0.0.203]
TASK [wordpress : file] *************************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : shell] ************************************************************************************************************************************
changed: [10.0.0.202]
changed: [10.0.0.203]
TASK [wordpress : service] **********************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : daemon-reload] ****************************************************************************************************************************
changed: [10.0.0.202]
changed: [10.0.0.203]
TASK [wordpress : start service] ****************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : file] *************************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
TASK [wordpress : unarchive] ********************************************************************************************************************************
ok: [10.0.0.202]
ok: [10.0.0.203]
PLAY RECAP **************************************************************************************************************************************************
10.0.0.202 : ok=21 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
10.0.0.203 : ok=21 changed=6 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
[root@ansible ansible]#tree roles/wordpress/
roles/wordpress/
├── defaults
│ └── main.yml
├── files
│ ├── nginx-1.22.0.tar.gz
│ └── wordpress-6.0.1-zh_CN.zip
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ ├── config.yaml
│ ├── create_usergroup.yaml
│ ├── data.yaml
│ ├── install_nginx.yaml
│ ├── install_php.yaml
│ └── main.yml
├── templates
│ ├── nginx.conf.j2
│ ├── nginx.service.j2
│ ├── www.conf.j2
│ └── www.shuhong.com.conf.j2
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
[root@ansible ansible]#vim wordpress.yaml
---
- name: wordpress
hosts: wordpress
vars:
nginx_ver: "1.22.0"
nginx_user: "www-data"
nginx_uid: 33
nginx_group: "www-data"
nginx_gid: 33
tar_dir: "/usr/local/src"
install_dir: "/apps/nginx"
nginx_config_files: "conf.d/*.conf"
server_name: "www.shuhong.com"
data_dir: "/data"
roles:
- wordpress
安装mysql
[root@rocky8 ansible]#ansible-galaxy init roles/mysql
- Role roles/mysql was created successfully
[root@rocky8 ansible]#vim install_mysql.yaml
---
- name: install mysql
hosts: mysql
vars:
- mysql_user: "mysql"
- mysql_uid: "88"
- mysql_group: "mysql"
- mysql_gid: "88"
- install_files: "mysql-8.0.28-linux-glibc2.12-x86_64"
roles:
- mysql
[root@rocky8 ansible]#ansible-playbook install_mysql.yaml
[root@rocky8 ansible]#tree roles/mysql/
roles/mysql/
├── defaults
│ └── main.yml
├── files
│ ├── my.cnf.j2
│ └── mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ ├── config_mysql.yaml
│ ├── create_usergroup.yaml
│ ├── install_mysql.yaml
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml
#配置主从154/155
#154
[root@wpmysqlmaster data]#vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
log_bin=/data/mysqllog/bin.log
binlog_checksum=NONE
default_authentication_plugin=mysql_native_password
server-id=154
gtid_mode=ON
enforce_gtid_consistency=ON
plugin-load-add="semisync_master.so"
rpl_semi_sync_master_enabled=ON
rpl_semi_sync_master_timeout=3000
[client]
socket=/data/mysql/mysql.sock
[root@wpmysqlmaster data]#mkdir /data/mysqllog/
[root@wpmysqlmaster data]#touch mysqllog/bin.log
[root@wpmysqlmaster data]#chown mysql. mysqllog/ -R
[root@wpmysqlmaster data]#service mysqld restart
mysql> create user repluser@"10.0.0.%" identified by "123456";
Query OK, 0 rows affected (3.02 sec)
mysql> grant replication slave on *.* to repluser@"10.0.0.%";
Query OK, 0 rows affected (0.00 sec)
#155
[root@wpmsyqlslave ~]#vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
skip_name_resolve=1
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
server-id=155
log_bin=/data/mysqllog/bin.log
read-only
plugin-load-add="semisync_slave.so"
rpl_semi_sync_slave_enabled=ON
binlog_checksum=NONE
default_authentication_plugin=mysql_native_password
gtid_mode=ON
enforce_gtid_consistency=ON
[client]
socket=/data/mysql/mysql.sock
[root@wpmsyqlslave ~]#mkdir /data/mysqllog
[root@wpmsyqlslave ~]#touch /data/mysqllog/bin.log
[root@wpmsyqlslave ~]#chown -R mysql. /data/mysqllog/
[root@wpmsyqlslave ~]#service mysqld restart
Shutting down MySQL. [ OK ]
Starting MySQL. [ OK ]
mysql> CHANGE MASTER TO MASTER_HOST='10.0.0.154',
-> MASTER_USER='repluser',
-> MASTER_PASSWORD='123456',
-> MASTER_PORT=3306,
-> MASTER_AUTO_POSITION=1;
Query OK, 0 rows affected, 8 warnings (0.01 sec)
mysql> start slave;
#主节点创建wordpress账号
mysql> create user wordpress@"10.0.0.%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
mysql> create database wordpress;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on wordpress.* to wordpress@"10.0.0.%";
Query OK, 0 rows affected (0.01 sec)
#拷贝配置文件到另一台wordpress
[root@wordpress1 ~]#scp /data/wordpress/wp-config.php 10.0.0.203:/data/wordpress/
wp-config.php 100% 3281 1.2MB/s 00:00
[root@wordpress2 wordpress]#chown www-data. wp-config.php
#测试是否生效直接访问
配置nginx代理负载均衡
#脚本安装nginx
[root@nginx1 ~]#bash install_nginx.sh
1) 编译安装nginx
2) 在线升级
3) 退出
请按要求输入操作选项:1
nginx 编译安装成功 [ OK ]
nginx 安装完成 [ OK ]
#配置代理
[root@nginx1 ~]#cd /apps/nginx/conf/
[root@nginx1 conf]#mkdir conf.d
[root@nginx1 conf]#vim nginx.conf
include conf.d/*.conf;
[root@nginx1 conf]#vim conf.d/www.shuhong.com.conf
upstream websrvs {
hash $remote_addr consistent;
server 10.0.0.202:80 ;
server 10.0.0.203:80 ;
}
server {
listen 80;
server_name www.shuhong.com;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name www.shuhong.com;
ssl_certificate /apps/nginx/certs/www.shuhong.com.pem;
ssl_certificate_key /apps/nginx/certs/www.shuhong.com.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
location / {
proxy_pass http://websrvs;
proxy_set_header Host $http_host;
}
}
[root@nginx1 nginx]#mkdir certs
[root@nginx1 nginx]#cd certs/
[root@nginx1 certs]#pwd
/apps/nginx/certs
[root@nginx1 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 3650 -out ca.crt
Generating a RSA private key
.................................................................++++
....++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:shuhong.Ltd
Organizational Unit Name (eg, section) []:SHUHONG
Common Name (e.g. server FQDN or YOUR name) []:ca.shuhong.com
Email Address []:
[root@nginx1 certs]#openssl req -newkey rsa:4096 -nodes -sha256 -keyout www.shuhong.com.key -out www.shuhong.com.csr
Generating a RSA private key
.............++++
..............................................................................................................++++
writing new private key to 'www.shuhong.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BeiJing
Locality Name (eg, city) []:BeiJing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:shuhong.com
Organizational Unit Name (eg, section) []:shuhong.com
Common Name (e.g. server FQDN or YOUR name) []:www.shuhong.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@nginx1 certs]#openssl x509 -req -days 3650 -in www.shuhong.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out www.shuhong.com.crt
Signature ok
subject=C = CN, ST = BeiJing, L = BeiJing, O = shuhong.com, OU = shuhong.com, CN = www.shuhong.com
Getting CA Private Key
[root@nginx1 certs]#openssl x509 -in www.shuhong.com.crt -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
7a:2b:29:e2:81:80:6b:f3:b2:30:17:82:df:28:3e:88:68:59:bb:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CN, ST = BeiJing, L = BeiJing, O = shuhong.Ltd, OU = SHUHONG, CN = ca.shuhong.com
Validity
Not Before: Oct 6 02:09:45 2022 GMT
Not After : Oct 3 02:09:45 2032 GMT
Subject: C = CN, ST = BeiJing, L = BeiJing, O = shuhong.com, OU = shuhong.com, CN = www.shuhong.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (4096 bit)
Modulus:
00:bd:b9:e5:a7:21:fa:e5:22:c1:6b:7c:96:0c:90:
a2:3c:00:b4:c3:61:b0:e8:f3:83:41:49:6c:35:0f:
ba:b9:7c:82:a0:af:62:3d:5a:64:d4:8c:a1:db:5b:
2a:30:93:75:35:82:35:92:02:a0:73:51:6b:68:57:
80:3c:98:bf:64:65:63:54:cb:9d:91:8d:f0:05:14:
91:df:6b:3c:0b:ee:79:11:21:69:ad:b3:57:a8:bc:
ed:71:74:ed:06:95:a3:17:77:35:32:2c:d8:12:27:
2b:84:bf:c0:f2:03:52:f8:4d:10:ed:47:6d:d8:51:
d3:2b:2c:d2:e0:26:e6:2f:5f:51:d2:42:3c:b3:f6:
12:17:5c:37:cc:7e:a0:75:f0:46:55:81:ac:ac:e0:
93:25:29:fc:8f:bd:a7:63:b9:2b:75:17:e7:92:3f:
75:cd:4d:85:78:cb:27:b0:66:64:f0:e2:de:01:e9:
df:88:e0:53:3d:09:bc:2c:d3:f6:da:7a:76:42:71:
5d:9f:2e:8c:74:64:8a:03:8f:2c:9c:50:09:0a:ca:
7a:fe:32:46:57:86:bd:e9:7d:98:a9:21:b9:36:b1:
2b:9a:12:ec:ba:63:b4:f0:b1:e9:8e:18:ed:8c:e3:
6f:bb:df:38:bb:70:ab:77:c2:5b:c9:cf:ae:6f:aa:
a8:76:77:36:5f:16:34:da:e8:a9:06:4a:41:5f:3d:
79:7d:08:00:7e:0c:79:5b:a0:8c:09:85:5c:fb:79:
c8:67:b0:2e:8e:58:04:4c:d3:23:fb:99:ef:e3:0d:
38:47:1a:d1:73:03:14:a4:1b:1d:d5:98:56:46:ec:
54:07:e4:19:b9:df:3f:32:d6:09:a1:f8:da:3f:43:
b3:4f:c0:64:58:76:33:5c:f3:3a:8d:4b:c9:21:4a:
c7:32:be:78:d0:00:2f:0b:55:3f:d6:4f:e9:83:61:
aa:b3:ae:aa:21:dd:5f:24:6c:ce:79:89:b7:b3:38:
37:c1:d4:62:5d:6a:5e:23:ac:8c:ed:94:65:d4:c6:
74:88:2f:8d:ac:cf:b0:c7:a4:c6:aa:27:f8:12:0e:
60:57:af:2f:ed:77:64:02:45:ac:dd:1c:e4:70:a8:
46:5b:64:c5:30:bb:80:dd:58:1a:51:21:4e:5c:d3:
8e:8f:80:a3:10:ec:94:58:79:36:72:d2:39:f7:26:
25:c1:3f:c6:d9:bf:be:f6:4b:24:ff:12:3c:3a:b3:
60:69:eb:c0:03:fe:fb:7c:35:6b:66:9a:8c:ea:34:
ff:b5:98:2a:80:13:6d:c0:22:ab:69:86:46:de:51:
9b:73:4c:42:6a:a5:70:72:38:52:40:93:b0:32:d9:
58:1b:6b
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
1b:ee:da:b4:fe:c9:3c:de:f5:53:70:02:47:f8:4e:59:44:c1:
e2:92:63:d8:30:ed:39:8d:dc:48:fd:90:df:56:7c:07:1d:44:
fc:f2:71:5d:63:6d:8e:ac:5e:d5:17:9e:75:b4:c4:38:ef:8b:
15:1e:2f:2e:63:38:55:48:ad:c5:77:bc:61:2c:90:4d:77:88:
da:41:92:52:e8:c3:c1:7b:58:7c:77:4b:5a:38:1c:ca:ca:ef:
c7:1c:d2:e2:8c:dc:09:47:fd:b1:18:cb:52:2f:e2:37:f7:a2:
33:9f:e4:4d:28:8b:dc:e3:15:70:62:d7:61:ac:8c:0d:56:3e:
cf:f2:88:fb:23:bc:0d:0e:92:7f:1c:e2:b0:f3:d0:4e:d3:44:
0f:1e:4d:ad:13:f4:f0:89:ad:70:4a:a1:fd:b0:e3:7c:8f:5f:
cb:f8:39:fc:6a:11:b4:18:03:a5:b4:44:44:f6:82:70:f3:f8:
44:46:3f:c2:48:f5:62:a7:da:fd:09:ee:26:21:b8:0b:40:4c:
b8:8f:06:a0:fa:d3:1b:9a:66:81:2c:eb:93:6a:c0:fe:52:c7:
7d:16:53:69:0f:73:6a:97:ec:ac:63:c8:99:79:b4:22:aa:72:
c0:82:94:d5:4b:a4:51:58:e5:63:0c:18:e5:17:11:76:cd:85:
67:9a:2b:d4:07:39:c6:3c:c1:2e:7e:a1:92:30:bf:33:5e:ce:
d4:83:ef:42:36:ad:b1:03:74:82:26:6e:9d:bb:e3:47:92:35:
83:8d:e8:e1:19:76:7a:4e:11:ed:16:88:ab:67:c0:2d:40:a5:
5b:8a:98:50:1c:fd:eb:12:da:46:28:de:bb:f8:db:c7:7e:3c:
10:89:c3:ea:25:ac:c2:79:2f:2f:87:fd:c5:f0:50:cd:fe:b7:
59:b7:3f:28:4b:0a:de:ee:27:98:8c:03:b1:5f:fb:0a:c1:6b:
e9:92:48:f8:85:6f:08:c2:3c:2a:a9:ae:f2:28:80:d5:bd:af:
63:0b:a2:a7:2e:8e:cb:e6:5d:3d:7a:8d:2e:92:98:ac:9e:92:
ce:f4:65:64:84:58:0c:8f:74:39:de:ba:a4:bc:5d:b2:ab:3d:
13:a4:51:4d:08:db:ba:7f:f5:69:a7:3b:6e:46:43:90:f5:5b:
f5:f9:c9:e8:e2:c5:e3:da:0d:3e:73:b7:e9:ce:46:33:5f:a2:
21:88:35:c4:00:c3:c6:c7:b6:fe:54:5b:a1:fe:fe:ca:1e:8c:
ee:ae:21:1b:19:62:61:8a:4e:49:4f:c6:86:ea:06:99:5f:6d:
7a:79:e7:95:2d:86:47:bc:b1:0c:21:91:9a:4a:78:67:b3:f3:
af:5e:52:36:f1:17:f4:75
[root@nginx1 certs]#cat www.shuhong.com.crt ca.crt > www.shuhong.com.pem
[root@nginx1 certs]#nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
[root@nginx1 certs]#nginx -s reload
配置NFS共享服务器和rsync备份服务器
[root@NFS ~]#apt -y install nfs-kernel-server
[root@NFS ~]#mkdir /data/www -p
[root@NFS ~]#id www-data
用户id=33(www-data) 组id=33(www-data) 组=33(www-data)
[root@NFS ~]#vim /etc/exports
/data/www 10.0.0.0/24(rw,all_squash,anonuid=33,anongid=33)
[root@wordpress1 wp-content]#rsync uploads/ 10.0.0.206:/data/www -r
[root@NFS data]#chown -R www-data. www/
[root@wordpress1 wp-content]#
apt -y install nfs-kernel-server
[root@wordpress1 wp-content]#mount -a
[root@wordpress1 wp-content]#df -h
文件系统 容量 已用 可用 已用% 挂载点
udev 429M 0 429M 0% /dev
tmpfs 95M 1.1M 94M 2% /run
/dev/mapper/ubuntu--vg-ubuntu--lv 98G 5.5G 87G 6% /
tmpfs 473M 0 473M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 473M 0 473M 0% /sys/fs/cgroup
/dev/sda2 1.5G 205M 1.2G 15% /boot
tmpfs 95M 0 95M 0% /run/user/0
10.0.0.206:/data/www 98G 5.2G 88G 6% /data/wordpress/wp-content/uploads
#配置rsync同步
[root@rsync ~]#yum -y install rsync-daemon.noarch
[root@rsync ~]#vi /etc/rsyncd.conf
uid = root
gid = root
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
[backup]
path = /data/backup/
comment = backup dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
[root@rsync ~]#mkdir -pv /data/backup
mkdir: created directory '/data/backup'
[root@rsync ~]#echo "rsyncuser:123456" > /etc/rsync.pas
[root@rsync ~]#chmod 600 /etc/rsync.pas
[root@rsync ~]#rsync --daemon
[root@rsync ~]#systemctl start rsyncd
#配置被同步端
[root@NFS ~]#wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@NFS ~]#tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@NFS ~]#cp -a GNU-Linux-x86 /usr/local/sersync
[root@NFS ~]#apt -y install rsync
[root@NFS ~]#cat /usr/local/sersync/confxml.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*)\.svn"></exclude>
<exclude expression="(.*)\.gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/data/www/">
<remote ip="10.0.0.156" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-artuz"/>
<auth start="true" users="rsyncuser" passwordfile="/etc/rsync.pas"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*)\.php"/>
<include expression="(.*)\.sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
root@NFS ~]#echo 123456 > /etc/rsync.pas
[root@NFS ~]#chmod 600 /etc/rsync.pas
[root@NFS ~]#sersync2 -dro /usr/local/sersync/confxml.xml
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d run as a daemon
option: -r rsync all the local files to the remote servers before the sersync work
option: -o config xml name: /usr/local/sersync/confxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost host port: 8008
will ignore the inotify createFile event
daemon start,sersync run behind the console
use rsync password-file :
user is rsyncuser
passwordfile is /etc/rsync.pas
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12 = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads)
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ,use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /data/www && rsync -artuz -R --delete ./ rsyncuser@10.0.0.156::backup --password-file=/etc/rsync.pas >/dev/null 2>&1
run the sersync:
watch path is: /data/www
[root@rsync ~]#ll /data/backup/
total 0
drwxr-xr-x 3 www-data tape 16 Oct 6 10:55 2022
[root@rsync ~]#tree /data/backup/
/data/backup/
└── 2022
└── 10
├── c9dc87a5412245e89732a6951177f20-150x150.jpg
├── c9dc87a5412245e89732a6951177f20-300x300.jpg
├── c9dc87a5412245e89732a6951177f20.jpg
├── IMG_4531-1-139x300.png
├── IMG_4531-1-150x150.png
├── IMG_4531-1-473x1024.png
├── IMG_4531-1-710x1536.png
├── IMG_4531-1-768x1662.png
├── IMG_4531-1-947x2048.png
└── IMG_4531-1.png
2 directories, 10 files
配置LVS
[root@LVS ~]#yum -y install ipvsadm.x86_64
#vip: 192.168.0.200
#dip: 10.0.0.152
[root@LVS network-scripts]#hostname -I
10.0.0.152 192.168.0.200
[root@LVS network-scripts]#ipvsadm -A -t 192.168.0.200:80 -s rr
[root@LVS network-scripts]#ipvsadm -a -t 192.168.0.200:80 -r 10.0.0.201:80 -m
[root@LVS network-scripts]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.200:80 rr
-> 10.0.0.201:80 Masq 1 3 0
[root@LVS network-scripts]#vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@LVS network-scripts]#sysctl -p
net.ipv4.ip_forward = 1
#修改201网关指向152
搭建java应用程序jpress
[root@jpress2 ~]#ls
apache-tomcat-9.0.65.tar.gz install_jdk_tomcat.sh jdk-8u341-linux-x64.tar.gz jpress-v5.0.2.war
[root@jpress2 ~]#bash install_jdk_tomcat.sh
1) 离线安装Oracle-JDK
2) 离线安装Tomcat
3) 退出
请按要求输入操作选项:1
离线安装Oracle-JDK
请输入JDK文件名称(例如:jdk-8u333-linux-x64.tar.gz):jdk-8u341-linux-x64.tar.gz
JDK 安装完成 [ OK ]
请按要求输入操作选项:
1) 离线安装Oracle-JDK
2) 离线安装Tomcat
3) 退出
请按要求输入操作选项:2
离线安装Tomcat
请输入Tomcat文件名称(例如:apache-tomcat-9.0.64.tar.gz):apache-tomcat-9.0.65.tar.gz
TOMCAT 安装完成 [ OK ]
[root@jpress2 ~]#mkdir /data/www/
[root@jpress2 ~]#cp jpress-v5.0.2.war /data/www/ROOT.war
[root@jpress2 ~]#vim /usr/local/tomcat/conf/server.xml
<Host name="jpress.shuhong.com" appBase="/data/www" unpackWARs="true" autoDeploy="true">
</Host>
[root@jpress2 data]#chown -R tomcat. www/
[root@jpress2 www]#systemctl restart tomcat.service
[root@jpress2 www]#ll
总用量 124852
drwxr-xr-x 3 tomcat tomcat 4096 10月 6 12:10 ./
drwxr-xr-x 4 root root 4096 10月 6 12:00 ../
drwxr-x--- 6 tomcat tomcat 4096 10月 6 12:10 ROOT/
-rw-r--r-- 1 tomcat tomcat 127835118 10月 6 12:03 ROOT.war
#登录157创建数据建库和账号(注意修改密码模式:default_authentication_plugin=mysql_native_password)
mysql> create database jpress;
Query OK, 1 row affected (0.17 sec)
mysql> create user jpress@'10.0.0.%' identified by '123456';
Query OK, 0 rows affected (0.51 sec)
mysql> grant all on jpress.* to jpress@'10.0.0.%';
Query OK, 0 rows affected (0.03 sec)
配置jpress的redis存session
[root@jpredis ~]#apt -y install redis
[root@jpredis ~]#vim /etc/redis/redis.conf
[root@jpredis ~]#systemctl restart redis
[root@jpredis ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 511 0.0.0.0:6379 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 511 [::]:6379 [::]:*
LISTEN 0 128 [::]:22 [::]:*
#准备包
[root@jpress2 lib]#ll
总用量 11688
drwxr-x--- 2 tomcat tomcat 4096 10月 6 12:43 ./
drwxr-xr-x 9 tomcat tomcat 4096 10月 6 11:58 ../
-rw-r----- 1 tomcat tomcat 13197 7月 14 20:28 annotations-api.jar
-rw-r--r-- 1 root root 53259 8月 22 2020 asm-5.2.jar
-rw-r----- 1 tomcat tomcat 54047 7月 14 20:28 catalina-ant.jar
-rw-r----- 1 tomcat tomcat 123877 7月 14 20:28 catalina-ha.jar
-rw-r----- 1 tomcat tomcat 1725027 7月 14 20:28 catalina.jar
-rw-r----- 1 tomcat tomcat 62798 7月 14 20:28 catalina-ssi.jar
-rw-r----- 1 tomcat tomcat 78048 7月 14 20:28 catalina-storeconfig.jar
-rw-r----- 1 tomcat tomcat 337038 7月 14 20:28 catalina-tribes.jar
-rw-r----- 1 tomcat tomcat 3133846 7月 14 20:28 ecj-4.20.jar
-rw-r----- 1 tomcat tomcat 88938 7月 14 20:28 el-api.jar
-rw-r----- 1 tomcat tomcat 171510 7月 14 20:28 jasper-el.jar
-rw-r----- 1 tomcat tomcat 567260 7月 14 20:28 jasper.jar
-rw-r----- 1 tomcat tomcat 27125 7月 14 20:28 jaspic-api.jar
-rw-r--r-- 1 root root 586620 8月 22 2020 jedis-3.0.0.jar
-rw-r----- 1 tomcat tomcat 63545 7月 14 20:28 jsp-api.jar
-rw-r--r-- 1 root root 285211 8月 22 2020 kryo-3.0.3.jar
-rw-r--r-- 1 root root 126366 8月 22 2020 kryo-serializers-0.45.jar
-rw-r--r-- 1 root root 167294 8月 22 2020 memcached-session-manager-2.3.2.jar
-rw-r--r-- 1 root root 10967 6月 25 2021 memcached-session-manager-tc9-2.3.2.jar
-rw-r--r-- 1 root root 5923 8月 22 2020 minlog-1.3.1.jar
-rw-r--r-- 1 root root 38372 8月 22 2020 msm-kryo-serializer-2.3.2.jar
-rw-r--r-- 1 root root 55684 8月 22 2020 objenesis-2.6.jar
-rw-r--r-- 1 root root 72265 8月 22 2020 reflectasm-1.11.9.jar
-rw-r----- 1 tomcat tomcat 284303 7月 14 20:28 servlet-api.jar
-rw-r--r-- 1 root root 473774 8月 22 2020 spymemcached-2.12.3.jar
-rw-r----- 1 tomcat tomcat 11516 7月 14 20:28 tomcat-api.jar
-rw-r----- 1 tomcat tomcat 924799 7月 14 20:28 tomcat-coyote.jar
-rw-r----- 1 tomcat tomcat 342429 7月 14 20:28 tomcat-dbcp.jar
-rw-r----- 1 tomcat tomcat 69607 7月 14 20:28 tomcat-i18n-cs.jar
-rw-r----- 1 tomcat tomcat 77871 7月 14 20:28 tomcat-i18n-de.jar
-rw-r----- 1 tomcat tomcat 105207 7月 14 20:28 tomcat-i18n-es.jar
-rw-r----- 1 tomcat tomcat 167943 7月 14 20:28 tomcat-i18n-fr.jar
-rw-r----- 1 tomcat tomcat 190756 7月 14 20:28 tomcat-i18n-ja.jar
-rw-r----- 1 tomcat tomcat 191224 7月 14 20:28 tomcat-i18n-ko.jar
-rw-r----- 1 tomcat tomcat 52935 7月 14 20:28 tomcat-i18n-pt-BR.jar
-rw-r----- 1 tomcat tomcat 50259 7月 14 20:28 tomcat-i18n-ru.jar
-rw-r----- 1 tomcat tomcat 174375 7月 14 20:28 tomcat-i18n-zh-CN.jar
-rw-r----- 1 tomcat tomcat 149546 7月 14 20:28 tomcat-jdbc.jar
-rw-r----- 1 tomcat tomcat 37872 7月 14 20:28 tomcat-jni.jar
-rw-r----- 1 tomcat tomcat 215612 7月 14 20:28 tomcat-util.jar
-rw-r----- 1 tomcat tomcat 224215 7月 14 20:28 tomcat-util-scan.jar
-rw-r----- 1 tomcat tomcat 241607 7月 14 20:28 tomcat-websocket.jar
-rw-r----- 1 tomcat tomcat 39977 7月 14 20:28 websocket-api.jar
[root@jpress2 lib]#pwd
/usr/local/tomcat/lib
[root@jpress2 ~]#vim /usr/local/tomcat/conf/context.xml
<Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager"
memcachedNodes="redis://10.0.0.208"
sticky="false"
sessionBackupAsync="false"
lockingMode="uriPattern:/path1|/path2"
requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"
transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"/>
[root@jpress2 ~]#systemctl restart tomcat.service
[root@jpress2 ~]#systemctl status tomcat.service
● tomcat.service - Tomcat
Loaded: loaded (/lib/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-10-06 12:27:04 CST; 5s ago
Process: 73240 ExecStart=/usr/local/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 73254 (java)
Tasks: 29 (limit: 2236)
Memory: 85.8M
CGroup: /system.slice/tomcat.service
└─73254 /usr/local/jdk/bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKey>
10月 06 12:27:04 jpress2.sh systemd[1]: Starting Tomcat...
10月 06 12:27:04 jpress2.sh startup.sh[73240]: Tomcat started.
10月 06 12:27:04 jpress2.sh systemd[1]: Started Tomcat.
实现动静分离
[root@jpress2 ROOT]#rsync -rv /data/www 10.0.0.204:/data
[root@jpress1 data]#chown -R www-data. www/
[root@jpress1 data]#bash install_nginx.sh
1) 编译安装nginx
2) 在线升级
3) 退出
请按要求输入操作选项:1
编译安装nginx
请输入nginx版本(例如:nginx-1.22.0):nginx-1.22.0
开始下载 nginx 源码包 [ OK ]
--2022-10-06 15:10:12-- http://nginx.org/download/nginx-1.22.0.tar.gz
正在解析主机 nginx.org (nginx.org)... 3.125.197.172, 52.58.199.22, 2a05:d014:edb:5704::6, ...
正在连接 nginx.org (nginx.org)|3.125.197.172|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度: 1073322 (1.0M) [application/octet-stream]
正在保存至: “nginx-1.22.0.tar.gz”
nginx-1.22.0.tar.gz 100%[=====================================>] 1.02M 869KB/s 用时 1.2s
2022-10-06 15:10:13 (869 KB/s) - 已保存 “nginx-1.22.0.tar.gz” [1073322/1073322])
开始安装 nginx [ OK ]
创建 nginx 用户 [ OK ]
开始安装 nginx 依赖包 [ OK ]
nginx 编译安装成功 [ OK ]
nginx 安装完成 [ OK ]
请按要求输入操作选项:3
退出
[root@jpress1 data]#vim /apps/nginx/conf/nginx.conf
include conf.d/*.conf;
[root@jpress1 data]#cd /apps/nginx/conf/
[root@jpress1 conf]#mkdir conf.d
[root@jpress1 conf]#vim conf.d/jpress.shuhong.com.conf
server{
listen 80;
server_name jpress.shuhong.com;
root /data/www/ROOT;
}
[root@nginx2 ~]#bash install_nginx.sh
1) 编译安装nginx
2) 在线升级
3) 退出
请按要求输入操作选项:1
编译安装nginx
请输入nginx版本(例如:nginx-1.22.0):nginx-1.22.0
nginx 编译安装成功 [ OK ]
nginx 安装完成 [ OK ]
请按要求输入操作选项:3
退出
[root@nginx2 conf]#vim nginx.conf
include conf.d/*.conf;
[root@nginx2 conf]#vim conf.d/jpress.shuhong.com.conf
[root@nginx2 conf]#vim conf.d/jpress.shuhong.com.conf
upstream static {
server 10.0.0.204:80;
}
upstream tomcat {
server 10.0.0.207:8080;
}
server {
listen 80;
server_name jpress.shuhong.com;
location / {
proxy_pass http://tomcat;
proxy_set_header Host $http_host;
}
location ~* .*\.(png|jpg|jpeg|gif)$ {
proxy_pass http://static;
proxy_set_header Host $http_host;
}
}
[root@nginx2 conf]#nginx -s reload
配置Jpress的lvs代理
#新增一个vip:192.168.0.201
[root@LVS sysconfig]#ip a add 192.168.0.201 dev eth1
[root@LVS sysconfig]#ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b2:6f:d6 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.152/24 brd 10.0.0.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb2:6fd6/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:b2:6f:e0 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 brd 192.168.0.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet 192.168.0.201/32 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feb2:6fe0/64 scope link
valid_lft forever preferred_lft forever
[root@LVS sysconfig]#ipvsadm -A -t 192.168.0.201:80 -s rr
[root@LVS sysconfig]#ipvsadm -a -t 192.168.0.201:80 -r 10.0.0.153:80 -m
[root@LVS sysconfig]#ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.200:80 rr
-> 10.0.0.201:80 Masq 1 0 0
TCP 192.168.0.201:80 rr
-> 10.0.0.153:80 Masq 1 0 0
#修改153的网关
openvpn搭建
[root@openvpn ~]#ls
anaconda-ks.cfg checkpsw.sh openvpn@.service openvpn.sh
[root@openvpn ~]#bash openvpn.sh
1) 部署环境及安装软件 5) 申请账号密码
2) 准备CA证书和服务器证书并启动服务 6) 删除用户名密码
3) 申请客户端证书 7) 退出
4) 注销客户客户端证书
请按要求输入操作选项:
#顺序:1,2,3,5
[root@openvpn ~]#tree /etc/openvpn/client/
/etc/openvpn/client/
└── shuhong
├── ca.crt
├── client.crt
├── client.key
├── client.ovpn
├── shuhong.zip
└── ta.key
[root@openvpn shuhong]#sz shuhong.zip
[root@openvpn shuhong]#pwd
/etc/openvpn/client/shuhong
配置jump跳板机
[root@jumpserver ~]#yum -y install docker
[root@jumpserver ~]#docker version
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Client: Podman Engine
Version: 4.1.1
API Version: 4.1.1
Go Version: go1.17.12
Built: Tue Aug 2 15:53:14 2022
OS/Arch: linux/amd64
[root@jumpserver ~]#mkdir -p /etc/mysql/mysql.conf.d/
[root@jumpserver ~]#mkdir -p /etc/mysql/conf.d/
[root@jumpserver ~]#vim /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8
[root@ubuntu2004 ~]#vim /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
[root@jumpserver ~]#docker run -d -p 3306:3306 --name mysql --restart always \
-e MYSQL_ROOT_PASSWORD=123456 \
-e MYSQL_DATABASE=jumpserver \
-e MYSQL_USER=jumpserver \
-e MYSQL_PASSWORD=123456 \
-v /data/mysql:/var/lib/mysql \
-v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
-v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf mysql:5.7.30
配置DNS
[root@DNSmaster ~]#bash install-dns.sh
[root@DNSmaster ~]#vim /etc/named.conf
// listen-on port 53 { localhost; };
// listen-on-v6 port 53 { ::1; };
[root@DNSmaster ~]#vim /etc/named.rfc1912.zones
zone "shuhong.com" IN {
type master;
file "shuhong.com.zone";
};
[root@DNSmaster named]#vim shuhong.com.zone
$TTL 1D
@ IN SOA master admin (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.160
www A 192.168.0.200
jpress A 192.168.0.201
[root@DNSmaster named]#rndc reload
server reload successful
[root@DNSslave ~]#bash install-dns.sh
[root@DNSslave slaves]#vim /etc/named.conf
// listen-on port 53 { localhost; };
// listen-on-v6 port 53 { ::1; };
[root@DNSslave slaves]#vim /etc/named.rfc1912.zones
zone "shuhong.com" IN {
type slave;
masters { 10.0.0.160; };
file "slaves/shuhong.com.slave";
};
[root@DNSslave slaves]#ll
total 4
-rw-r--r-- 1 named named 308 Oct 6 16:24 shuhong.com.slave
[root@DNSslave slaves]#systemctl restart named
配置zabbix
#ansible批量安装zabbix-agent2
[root@ansible ansible]#ansible-playbook install_zabbix_agent2.yaml
...
PLAY RECAP **************************************************************************************************************************************************
10.0.0.152 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.153 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.154 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.155 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.156 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.157 : ok=7 changed=1 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.158 : ok=7 changed=6 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
10.0.0.159 : ok=7 changed=6 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
10.0.0.160 : ok=7 changed=6 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
10.0.0.161 : ok=7 changed=4 unreachable=0 failed=0 skipped=4 rescued=0 ignored=1
10.0.0.162 : ok=7 changed=6 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
10.0.0.163 : ok=7 changed=6 unreachable=0 failed=0 skipped=4 rescued=0 ignored=0
10.0.0.201 : ok=8 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.202 : ok=8 changed=5 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.203 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.204 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.205 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.206 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.207 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
10.0.0.208 : ok=8 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0
#安装zabbix客户端
注意初始用户名Admin,初始密码zabbix
安装jumpzerver
[root@jumpserver ~]#apt -y install docker.io
[root@jumpserver ~]#docker version
Client:
Version: 20.10.12
API version: 1.41
Go version: go1.16.2
Git commit: 20.10.12-0ubuntu2~20.04.1
Built: Wed Apr 6 02:14:38 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.12
API version: 1.41 (minimum version 1.12)
Go version: go1.16.2
Git commit: 20.10.12-0ubuntu2~20.04.1
Built: Thu Feb 10 15:03:35 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.9-0ubuntu1~20.04.4
GitCommit:
runc:
Version: 1.1.0-0ubuntu1~20.04.1
GitCommit:
docker-init:
Version: 0.19.0
GitCommit:
[root@jumpserver ~]#mkdir -p /etc/mysql/mysql.conf.d/
[root@jumpserver ~]#mkdir -p /etc/mysql/conf.d/
[root@jumpserver ~]#vim /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
datadir= /var/lib/mysql
symbolic-links=0
character-set-server=utf8
[root@jumpserver ~]#vim /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
[root@jumpserver ~]#docker run -d -p 3306:3306 --name mysql --restart always \
> -e MYSQL_ROOT_PASSWORD=123456 \
> -e MYSQL_DATABASE=jumpserver \
> -e MYSQL_USER=jumpserver \
> -e MYSQL_PASSWORD=123456 \
> -v /data/mysql:/var/lib/mysql \
> -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
> -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf mysql:5.7.30
[root@jumpserver ~]#docker run -d -p 6379:6379 --name redis --restart always redis:6.2.7
[root@jumpserver ~]#vim key.sh
#!/bin/bash
#
#********************************************************************
#Author: shuhong
#QQ: 985347841
#Date: 2022-10-06
#FileName: key.sh
#URL: hhhhh
#Description: The test script
#Copyright (C): 2022 All rights reserved
#********************************************************************
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50
;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo SECRET_KEY=$SECRET_KEY;
else
echo SECRET_KEY=$SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16
;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
else
echo BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN;
fi
[root@jumpserver ~]#bash key.sh
SECRET_KEY=k8S1MabGJdsz3spyeoFb2QSksqNX5rHK9w9THxHTcb2uNOe84K
BOOTSTRAP_TOKEN=YA0E7cPoXMajl7Qq
[root@jumpserver ~]#sudo tee /etc/docker/daemon.json <<-'EOF'
> {
> "registry-mirrors": ["https://sj00svk9.mirror.aliyuncs.com"]
> }
> EOF
{
"registry-mirrors": ["https://sj00svk9.mirror.aliyuncs.com"]
}
[root@jumpserver ~]#systemctl daemon-reload
[root@jumpserver ~]#systemctl restart docker
docker run --name jms_all -d \
--restart always \
-v /opt/jumpserver/core/data:/opt/jumpserver/data \
-v /opt/jumpserver/koko/data:/opt/koko/data \
-v /opt/jumpserver/lion/data:/opt/lion/data \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=5IdhwdlRz8Ugmp4USRl3Vo0ZTMywRO62j4uLChjaCumao4jV6U \
-e BOOTSTRAP_TOKEN=JgPfxtc8Cn71pyA1 \
-e LOG_LEVEL=ERROR \
-e DB_HOST=10.0.0.205 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=123456 \
-e DB_NAME=jumpserver \
-e REDIS_HOST=10.0.0.205 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD='' \
--privileged=true \
jumpserver/jms_all:v2.25.5
配置nexus仓库
[root@nexus ~]#ls
apache-tomcat-9.0.65.tar.gz install_jdk_tomcat.sh install_nexus.sh jdk-8u341-linux-x64.tar.gz nexus-3.41.1-01-unix.tar.gz snap
[root@nexus ~]#bash install_jdk_tomcat.sh
....
[root@nexus ~]#bash install_nexus.sh
1) 在线线安装Nexus
2) 离线安装Nexus
3) 退出
请按要求输入操作选项:2
离线安装Nexus
请输入文件名称(例如:nexus-3.41.1-01-unix.tar):nexus-3.41.1-01-unix.tar.gz
Created symlink /etc/systemd/system/multi-user.target.wants/nexus.service → /lib/systemd/system/nexus.service.
nexus 安装成功 [ OK ]
-------------------------------------------------------------------
访问链接: http://10.0.0.209:8081/
用户和密码: admin/64d080f6-1b16-423e-b6d9-f70a5a8be561