anseble role
bash
[root@ubuntu24 ansible]$ tree
.
├── ansible.cfg
├── dns_master.yaml
├── dns_slave.yaml
├── hosts
├── LVS.yaml
├── mysql-discuz.yaml
├── mysql-jpress.yaml
├── nginx_php.yaml
├── roles
│ ├── LVS
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ └── main.yaml
│ │ └── templates
│ ├── master_dns
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── restart.yaml
│ │ └── templates
│ │ └── db.linux-magedu.com.j2
│ ├── mysql-discuz
│ │ ├── files
│ │ │ └── discuzer.sql
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── mysql-jpress
│ │ ├── files
│ │ │ └── jpresser.sql
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── nginx
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ │ └── www.linux-magedu.com.j2
│ ├── php
│ │ ├── files
│ │ │ └── Discuz_X3.5_SC_UTF8_20240520.zip
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── slave_dns
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── restart.yaml
│ │ └── templates
│ │ └── db.linux-magedu.com.j2
│ └── tomcat
│ ├── files
│ │ ├── apache-tomcat-9.0.89.tar.gz
│ │ └── jpress-v5.1.0.war
│ ├── tasks
│ │ ├── configure.yaml
│ │ ├── install.yaml
│ │ ├── main.yaml
│ │ └── user.yaml
│ └── templates
│ └── tomcat.service.j2
└── test.yaml
34 directories, 49 filesLVS
install.yaml
bash
- name: install ipvsadm
apt: name=ipvsadm state=presentconfigure.yaml
bash
- name: ipv4.ip_forward
shell: echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
- name: Reload sysctl.conf
shell: sysctl -p
- name: Create a cluster
shell: ipvsadm -A -t 10.0.0.6:80 ; ipvsadm -A -t 10.0.0.16:80
- name: Add server
shell: ipvsadm -a -t 10.0.0.6:80 -r 192.168.10.7:80 ; ipvsadm -a -t 10.0.0.16:80 -r 192.168.10.8:88master_dns
install.yaml
bash
- name: bind9
apt: name=bind9 state=presentconfigure.yaml
bash
- name: configure on named.conf.default-zones
lineinfile:
path: /etc/bind/named.conf.default-zones
line: |
zone "linux-magedu.com" IN {
type master;
file "/etc/bind/db.linux-magedu.com";
};
- name: configure on db.linux-magedu.com
template: src=db.linux-magedu.com.j2 dest=/etc/bind/db.linux-magedu.comrestart.yaml
bash
- name: restart service
service: name=named state=restarteddb.linux-magedu.com.j2
bash
linux-magedu.com. 86400 IN SOA linux-magedu-dns. admin.linux-magedu.com. (143 3H 15M 1D 1W)
linux-magedu.com. 86400 IN NS dns1.linux-magedu.com.
linux-magedu.com. 86400 IN NS dns2.linux-magedu.com.
dns1.linux-magedu.com. 86400 IN A 10.0.0.3
dns2.linux-magedu.com. 86400 IN A 10.0.0.13
www.linux-magedu.com. 86400 IN A {{ targetIP }}slave_dns
install.yaml
bash
- name: bind9
apt: name=bind9 state=presentconfigure.yaml
bash
- name: configure on named.conf.default-zones
lineinfile:
path: /etc/bind/named.conf.default-zones
line: >
zone "linux-magedu.com" IN {
type slave;
masters {10.0.0.3;};
file "/etc/bind/slaves/db.linux-magedu.com";
};
- name: change apparmor
lineinfile:
path: /etc/apparmor.d/usr.sbin.named
insertafter: " /var/cache/bind/ rw,$"
line: >
/etc/bind/slaves/** rwk,
/etc/bind/slaves/ rwk,
- name: restart apparmor
service: name=apparmor state=restarted
- name: Create file
file: path=/etc/bind/slaves state=directory mode=777
- name: configure on db.linux-magedu.com
template: src=db.linux-magedu.com.j2 dest=/etc/bind/slaves/db.linux-magedu.comrestart.yaml
bash
- name: restart service
service: name=named state=restarteddb.linux-magedu.com.j2
bash
linux-magedu.com. 86400 IN SOA linux-magedu-dns. admin.linux-magedu.com. (143 3H 15M 1D 1W)
linux-magedu.com. 86400 IN NS dns1.linux-magedu.com.
linux-magedu.com. 86400 IN NS dns2.linux-magedu.com.
dns1.linux-magedu.com. 86400 IN A 10.0.0.3
dns2.linux-magedu.com. 86400 IN A 10.0.0.13
www.linux-magedu.com. 86400 IN A {{ targetIP }}nginx
user.yaml
bash
- name: add-nginx-group
group: name=nginx gid=800 system=yes
- name: add-nginx-user
user: name=nginx group=800 system=yes uid=800 create_home=noinstall.yaml
bash
- name: install nginx
apt: name=nginx state=presentconfigure.yaml
bash
- name: add-configure
template: src=www.linux-magedu.com.j2 dest=/etc/nginx/sites-enabled/www.linux-magedu.com
- name: Restart-service
service: name=nginx state=restarted<www.linux-magedu.com.j2>
bash
server{
listen 80;
server_name www.linux-magedu.com;
root /var/www/html/www.linux-magedu.com;
index index.html index.php;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}php
user.yaml
bash
- name: add-php-user
user:
name: www-data
group: 33
system: yes
uid: 33
create_home: yes
home: /var/www
shell: /usr/sbin/nologininstall.yaml
bash
- name: install-php
apt: name=php-fpm,php-mysqlnd,php-json,php-gd,php-xml,php-mbstring,php-zip state=presentconfigure.yaml
bash
- name: Change-Configuration1
shell: sed -i 's/listen = \/run\/php\/php8.3-fpm.sock/;listen = \/run\/php\/php8.3-fpm.sock/g' /etc/php/8.3/fpm/pool.d/www.conf
- name: Change-Configuration2
shell: sed -i '42i\ listen = 127.0.0.1:9000' /etc/php/8.3/fpm/pool.d/www.conf
- name: Restart-service
service: name=php8.3-fpm state=restarted
- name: create-directory1
file: path=/var/www/html/www.linux-magedu.com state=directory owner=www-data group=www-data
- name: copy-Discuz
copy: src=files/Discuz_X3.5_SC_UTF8_20240520.zip dest=/root/
- name: create-directory2
file: path=/root/discuz state=directory owner=www-data group=www-data
- name: install unzip
apt: name=unzip state=present
- name: decompressing-files
unarchive: src=/root/Discuz_X3.5_SC_UTF8_20240520.zip dest=/root/discuz
- name: copy-file
shell: cp -r /root/discuz/upload/* /var/www/html/www.linux-magedu.com
- name: Switch-user-group
shell: chown -R www-data:www-data /var/www/html/www.linux-magedu.comtomcat
user.yaml
bash
- name: add-group-tomcat
group: name=tomcat system=yes
- name: add-user-tomcat
user: name=tomcat group=999 system=yes shell=/usr/sbin/nologininstall.yaml
bash
- name: install-java
apt: name=openjdk-11-jdk state=present
- name: copy-tomcat.zip
copy: src=files/apache-tomcat-9.0.89.tar.gz dest=/root/apache-tomcat-9.0.89.tar.gz
- name: unarchive-tomcat.zip
shell: tar xf /root/apache-tomcat-9.0.89.tar.gz -C /usr/local/
- name: create-link
file: src=/usr/local/apache-tomcat-9.0.89 path=/usr/local/tomcat state=lin
- name: environment-variable
shell: ln -s /usr/local/tomcat/bin/* /usr/local/bin/
- name: alter-file
file: path=/usr/local/tomcat/ state=directory recurse=yes owner=tomcat group=tomcat
- name: service-script
template: src=tomcat.service.j2 dest=/lib/systemd/system/tomcat.service
- name: restart-service
service: name=tomcat.service state=startedconfigure.yaml
bash
- name: create-directory
file: path=/data/ state=directory owner=tomcat group=tomcat recurse=yes
- name: copy-jpress.war
copy: src=files/jpress-v5.1.0.war dest=/data/jpress.war
- name: change-configure
lineinfile:
path: /usr/local/tomcat/conf/server.xml
insertafter: ".*</Host>.*"
line: |
<Host name="jpress.linux-magedu.com" appBase="/data/" unpackWARs="true" autoDeploy="true">
</Host>
- name: restart-tomcat-service
service: name=tomcat.service state=restarted
- name: chang-iptable
shell: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080tomcat.service.j2
bash
[Unit]
Description=Tomcat
After=syslog.target network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
PrivateTmp=true
User=tomcat
Group=tomcat
[Install]
WantedBy=multi-user.targetmysql-discuz
user.yaml
bash
- name: add-mysql-group
group: name=mysql gid=306 system=yes
- name: add-mysql-user
user: name=mysql group=306 system=yes uid=306 create_home=noinstall.yaml
bash
- name: install-mysql
apt: name=mysql-server state=present update_cache=yes
- name: Change-Configuration-mysql-1
lineinfile: path=/etc/mysql/mysql.conf.d/mysqld.cnf backrefs=yes regexp='^(bind-address.*)$' line='#\1'
- name: Change-Configuration-mysql-2
lineinfile:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
line: |
skip-name-resolve
default-authentication-plugin=mysql_native_passwordconfigure.yaml
bash
- name: restart-service
service: name=mysql.service state=restarted
- name: copy-mysql-file
copy: src=files/discuzer.sql dest=/root/discuzer.sql
- name: mysql-client-init
shell: mysql < /root/discuzer.sql
- name: create-directory-backup
file: path=/backup/ state=directory
- name: Generate database backup
cron:
name: Database Backup Cron
minute: 0
hour: 5
job: "backup_date=$(date +%Y%m%d%H%m%S) && mysqldump discuz > /backup/backup_${backup_date}.sql"discuzer.sql
bash
create database if not exists discuz;
create user 'discuzer'@'10.0.0.%' identified by '123456';
grant all on discuz.* to 'discuzer'@'10.0.0.%';
flush privileges;mysql-jpress
user.yaml
bash
- name: add-mysql-group
group: name=mysql gid=306 system=yes
- name: add-mysql-user
user: name=mysql group=306 system=yes uid=306 create_home=noinstall.yaml
bash
- name: install-mysql
apt: name=mysql-server state=present update_cache=yes
- name: Change-Configuration-mysql-1
lineinfile: path=/etc/mysql/mysql.conf.d/mysqld.cnf backrefs=yes regexp='^(bind-address.*)$' line='#\1'
- name: Change-Configuration-mysql-2
lineinfile:
path: /etc/mysql/mysql.conf.d/mysqld.cnf
line: |
skip-name-resolve
default-authentication-plugin=mysql_native_passwordconfigure.yaml
bash
- name: restart-service
service: name=mysql.service state=restarted
- name: copy-mysql-file
copy: src=files/jpresser.sql dest=/root/jpresser.sql
- name: mysql-client-init
shell: mysql < /root/jpresser.sql
- name: create-directory-backup
file: path=/backup/ state=directory
- name: Generate database backup
cron:
name: Database Backup Cron
minute: 0
hour: 5
job: "backup_date=$(date +%Y%m%d%H%m%S) && mysqldump jpress > /backup/backup_${backup_date}.sql"jpresser.sql
bash
create database if not exists jpress;
create user 'jpresser'@'10.0.0.%' identified by '123456';
grant all on jpress.* to 'jpresser'@'10.0.0.%';
flush privileges;