anseble role
[root@ubuntu24 ansible]$ tree
.
├── ansible.cfg
├── dns_master.yaml
├── dns_slave.yaml
├── hosts
├── LVS.yaml
├── mysql-discuz.yaml
├── mysql-jpress.yaml
├── nginx_php.yaml
├── roles
│ ├── LVS
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ └── main.yaml
│ │ └── templates
│ ├── master_dns
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── restart.yaml
│ │ └── templates
│ │ └── db.linux-magedu.com.j2
│ ├── mysql-discuz
│ │ ├── files
│ │ │ └── discuzer.sql
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── mysql-jpress
│ │ ├── files
│ │ │ └── jpresser.sql
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── nginx
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ │ └── www.linux-magedu.com.j2
│ ├── php
│ │ ├── files
│ │ │ └── Discuz_X3.5_SC_UTF8_20240520.zip
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── user.yaml
│ │ └── templates
│ ├── slave_dns
│ │ ├── files
│ │ ├── tasks
│ │ │ ├── configure.yaml
│ │ │ ├── install.yaml
│ │ │ ├── main.yaml
│ │ │ └── restart.yaml
│ │ └── templates
│ │ └── db.linux-magedu.com.j2
│ └── tomcat
│ ├── files
│ │ ├── apache-tomcat-9.0.89.tar.gz
│ │ └── jpress-v5.1.0.war
│ ├── tasks
│ │ ├── configure.yaml
│ │ ├── install.yaml
│ │ ├── main.yaml
│ │ └── user.yaml
│ └── templates
│ └── tomcat.service.j2
└── test.yaml34 directories, 49 filesLVS
install.yaml
- name: install ipvsadmapt: name=ipvsadm state=presentconfigure.yaml
- name: ipv4.ip_forwardshell: echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf- name: Reload sysctl.confshell: sysctl -p- name: Create a clustershell: ipvsadm -A -t 10.0.0.6:80 ; ipvsadm -A -t 10.0.0.16:80- name: Add servershell: ipvsadm -a -t 10.0.0.6:80 -r 192.168.10.7:80 ; ipvsadm -a -t 10.0.0.16:80 -r 192.168.10.8:88master_dns
install.yaml
- name: bind9apt: name=bind9 state=presentconfigure.yaml
- name: configure on named.conf.default-zoneslineinfile:path: /etc/bind/named.conf.default-zonesline: |zone "linux-magedu.com" IN {type master;file "/etc/bind/db.linux-magedu.com";};- name: configure on db.linux-magedu.comtemplate: src=db.linux-magedu.com.j2 dest=/etc/bind/db.linux-magedu.comrestart.yaml
- name: restart serviceservice: name=named state=restarteddb.linux-magedu.com.j2
linux-magedu.com. 86400 IN SOA linux-magedu-dns. admin.linux-magedu.com. (143 3H 15M 1D 1W)
linux-magedu.com. 86400 IN NS dns1.linux-magedu.com.
linux-magedu.com. 86400 IN NS dns2.linux-magedu.com.dns1.linux-magedu.com. 86400 IN A 10.0.0.3
dns2.linux-magedu.com. 86400 IN A 10.0.0.13www.linux-magedu.com. 86400 IN A {{ targetIP }}slave_dns
install.yaml
- name: bind9apt: name=bind9 state=presentconfigure.yaml
- name: configure on named.conf.default-zoneslineinfile:path: /etc/bind/named.conf.default-zonesline: >zone "linux-magedu.com" IN {type slave;masters {10.0.0.3;};file "/etc/bind/slaves/db.linux-magedu.com";};- name: change apparmorlineinfile:path: /etc/apparmor.d/usr.sbin.namedinsertafter: " /var/cache/bind/ rw,$"line: >/etc/bind/slaves/** rwk,/etc/bind/slaves/ rwk,- name: restart apparmorservice: name=apparmor state=restarted- name: Create filefile: path=/etc/bind/slaves state=directory mode=777- name: configure on db.linux-magedu.comtemplate: src=db.linux-magedu.com.j2 dest=/etc/bind/slaves/db.linux-magedu.comrestart.yaml
- name: restart serviceservice: name=named state=restarteddb.linux-magedu.com.j2
linux-magedu.com. 86400 IN SOA linux-magedu-dns. admin.linux-magedu.com. (143 3H 15M 1D 1W)
linux-magedu.com. 86400 IN NS dns1.linux-magedu.com.
linux-magedu.com. 86400 IN NS dns2.linux-magedu.com.dns1.linux-magedu.com. 86400 IN A 10.0.0.3
dns2.linux-magedu.com. 86400 IN A 10.0.0.13www.linux-magedu.com. 86400 IN A {{ targetIP }}nginx
user.yaml
- name: add-nginx-groupgroup: name=nginx gid=800 system=yes- name: add-nginx-useruser: name=nginx group=800 system=yes uid=800 create_home=noinstall.yaml
- name: install nginxapt: name=nginx state=presentconfigure.yaml
- name: add-configuretemplate: src=www.linux-magedu.com.j2 dest=/etc/nginx/sites-enabled/www.linux-magedu.com- name: Restart-serviceservice: name=nginx state=restartedwww.linux-magedu.com.j2
server{listen 80;server_name www.linux-magedu.com;root /var/www/html/www.linux-magedu.com;index index.html index.php;location ~ \.php$ {fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;include fastcgi.conf;}
}php
user.yaml
- name: add-php-useruser:name: www-datagroup: 33system: yesuid: 33create_home: yeshome: /var/wwwshell: /usr/sbin/nologininstall.yaml
- name: install-phpapt: name=php-fpm,php-mysqlnd,php-json,php-gd,php-xml,php-mbstring,php-zip state=presentconfigure.yaml
- name: Change-Configuration1shell: sed -i 's/listen = \/run\/php\/php8.3-fpm.sock/;listen = \/run\/php\/php8.3-fpm.sock/g' /etc/php/8.3/fpm/pool.d/www.conf- name: Change-Configuration2shell: sed -i '42i\ listen = 127.0.0.1:9000' /etc/php/8.3/fpm/pool.d/www.conf- name: Restart-serviceservice: name=php8.3-fpm state=restarted- name: create-directory1file: path=/var/www/html/www.linux-magedu.com state=directory owner=www-data group=www-data- name: copy-Discuzcopy: src=files/Discuz_X3.5_SC_UTF8_20240520.zip dest=/root/- name: create-directory2file: path=/root/discuz state=directory owner=www-data group=www-data- name: install unzipapt: name=unzip state=present- name: decompressing-filesunarchive: src=/root/Discuz_X3.5_SC_UTF8_20240520.zip dest=/root/discuz- name: copy-fileshell: cp -r /root/discuz/upload/* /var/www/html/www.linux-magedu.com- name: Switch-user-groupshell: chown -R www-data:www-data /var/www/html/www.linux-magedu.comtomcat
user.yaml
- name: add-group-tomcatgroup: name=tomcat system=yes- name: add-user-tomcatuser: name=tomcat group=999 system=yes shell=/usr/sbin/nologininstall.yaml
- name: install-javaapt: name=openjdk-11-jdk state=present- name: copy-tomcat.zipcopy: src=files/apache-tomcat-9.0.89.tar.gz dest=/root/apache-tomcat-9.0.89.tar.gz- name: unarchive-tomcat.zipshell: tar xf /root/apache-tomcat-9.0.89.tar.gz -C /usr/local/- name: create-linkfile: src=/usr/local/apache-tomcat-9.0.89 path=/usr/local/tomcat state=lin- name: environment-variableshell: ln -s /usr/local/tomcat/bin/* /usr/local/bin/- name: alter-filefile: path=/usr/local/tomcat/ state=directory recurse=yes owner=tomcat group=tomcat- name: service-scripttemplate: src=tomcat.service.j2 dest=/lib/systemd/system/tomcat.service- name: restart-serviceservice: name=tomcat.service state=startedconfigure.yaml
- name: create-directoryfile: path=/data/ state=directory owner=tomcat group=tomcat recurse=yes- name: copy-jpress.warcopy: src=files/jpress-v5.1.0.war dest=/data/jpress.war- name: change-configurelineinfile:path: /usr/local/tomcat/conf/server.xmlinsertafter: ".*</Host>.*"line: |<Host name="jpress.linux-magedu.com" appBase="/data/" unpackWARs="true" autoDeploy="true"></Host>- name: restart-tomcat-serviceservice: name=tomcat.service state=restarted- name: chang-iptableshell: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080tomcat.service.j2
[Unit]
Description=Tomcat
After=syslog.target network.target[Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64/
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
PrivateTmp=true
User=tomcat
Group=tomcat[Install]
WantedBy=multi-user.targetmysql-discuz
user.yaml
- name: add-mysql-groupgroup: name=mysql gid=306 system=yes- name: add-mysql-useruser: name=mysql group=306 system=yes uid=306 create_home=noinstall.yaml
- name: install-mysqlapt: name=mysql-server state=present update_cache=yes- name: Change-Configuration-mysql-1lineinfile: path=/etc/mysql/mysql.conf.d/mysqld.cnf backrefs=yes regexp='^(bind-address.*)$' line='#\1'- name: Change-Configuration-mysql-2lineinfile:path: /etc/mysql/mysql.conf.d/mysqld.cnfline: |skip-name-resolvedefault-authentication-plugin=mysql_native_passwordconfigure.yaml
- name: restart-serviceservice: name=mysql.service state=restarted- name: copy-mysql-filecopy: src=files/discuzer.sql dest=/root/discuzer.sql- name: mysql-client-initshell: mysql < /root/discuzer.sql- name: create-directory-backupfile: path=/backup/ state=directory- name: Generate database backupcron:name: Database Backup Cronminute: 0hour: 5job: "backup_date=$(date +%Y%m%d%H%m%S) && mysqldump discuz > /backup/backup_${backup_date}.sql"discuzer.sql
create database if not exists discuz;
create user 'discuzer'@'10.0.0.%' identified by '123456';
grant all on discuz.* to 'discuzer'@'10.0.0.%';
flush privileges;mysql-jpress
user.yaml
- name: add-mysql-groupgroup: name=mysql gid=306 system=yes- name: add-mysql-useruser: name=mysql group=306 system=yes uid=306 create_home=noinstall.yaml
- name: install-mysqlapt: name=mysql-server state=present update_cache=yes- name: Change-Configuration-mysql-1lineinfile: path=/etc/mysql/mysql.conf.d/mysqld.cnf backrefs=yes regexp='^(bind-address.*)$' line='#\1'- name: Change-Configuration-mysql-2lineinfile:path: /etc/mysql/mysql.conf.d/mysqld.cnfline: |skip-name-resolvedefault-authentication-plugin=mysql_native_passwordconfigure.yaml
- name: restart-serviceservice: name=mysql.service state=restarted- name: copy-mysql-filecopy: src=files/jpresser.sql dest=/root/jpresser.sql- name: mysql-client-initshell: mysql < /root/jpresser.sql- name: create-directory-backupfile: path=/backup/ state=directory- name: Generate database backupcron:name: Database Backup Cronminute: 0hour: 5job: "backup_date=$(date +%Y%m%d%H%m%S) && mysqldump jpress > /backup/backup_${backup_date}.sql"jpresser.sql
create database if not exists jpress;
create user 'jpresser'@'10.0.0.%' identified by '123456';
grant all on jpress.* to 'jpresser'@'10.0.0.%';
flush privileges;网络安全风险评估概述)
