准備:
五台服務器:一台管理服務器m01:172.16.1.61、兩台應用服務器web01:172.16.1.7、web02:172.16.1.8、一台存儲服務器nfs:172.16.1.31、一台備份服務器rsync:172.16.1.41
實現:通過m01管理機,實現nfs服務器共享目錄/data給兩台web服務器
實現nfs服務器/data目錄實時同步到rsync服務器/backup
實現兩台web服務器,nfs服務器重要文件可以定時備份到rsync服務器
開始實戰:
一、部署管理機m01環境:
1.下載軟件
vim /server/scripts/benjibushu.sh
#!/bin/sh
#安裝必要軟件到本機
yum install oppenssh oppenssl -y
systemctl restart sshd
systemctl enable sshd
yum install epel-release -y
yum install exportfs -y
yum install libselinux-python -y
2.備份ansible配置文件
cp /etc/ansible/hosts{,.ori}
3.編輯主機列表模塊
cat >/etc/ansible/hosts<<EOF
#1代表服務端,2代表客戶端
[oldboy]
172.16.1.7
172.16.1.8
172.16.1.31
172.16.1.41
[rsync1]
172.16.1.41
[rsync2]
172.16.1.7
172.16.1.8
172.16.1.31
[nfs1]
172.16.1.31
[nfs2]
172.16.1.7
172.16.1.8
[sersync]
172.16.1.31
EOF
4.編輯腳本,生成並分發密鑰
vim /server/scripts/fenfa.sh
#/bin/sh
yum install sshpass -y
#創建密鑰
ssh-keygen -f ~/.ssh/id_rsa -P '' -q
#for循環,發送公鑰給四台服務器
for ip in 7 8 31 41
do
sshpass -p123456 ssh-copy id -i ~/.ssh/id_rsa.pub "-o StricHostKeyChecking=no" 172.16.1.$ip
done
5.編輯ansible配置文件,取消71行注釋 (免密連接,已經發送公鑰,此處也可省略)
6.執行/server/scripts/fenfa.sh發送公鑰
sh /server/scripts/fenfa.sh
7.測試遠程連接
ansible oldboy -m command -a "ifconfig"
8.可以相對優化一下ssh,此處先省略
二、編寫nfs共享目錄的服務端nfs1.sh
cd /server/scripts
切換到/server/scripts目錄,下邊全部在這個目錄下執行,也就不在寫全路徑。。。
vim nfs1.sh
#!/bin/sh
yum install nfs-utils rpcbind -y &&\
systemctl start rpcbind.service &&\
systemctl enable rpcbind.service &&\
#先啟動rpcbind服務,再啟動nfs服務,相信不用注釋,讀者也明白吧
systemctl start nfs &&\
systemctl enable nfs &&\
#添加共享目錄/data,這里不指定創建虛擬用戶,使用默認的nfsnobodu用戶
cat >/etc/exportfs<<EOF
/data 172.16.1.0/24(rw,sync,all_squash)
EOF
mkdir -p /data &&\
chown -R nfsnobody.nfsnobody /data &&\
exportfs -r
編寫nfs客戶端腳本
vim nfs2.sh
#!/bin/sh
yum install nfs-utils rpcbind -y &&\
systemctl start rpcbind.service &&\
systemctl enable rpcbind.service &&
systemctl start nfs &&\
systemctl enable nfs &&\
mount -t nfs 172.16.1.31:/data /mnt
#在此沒有添加開機自動掛載,需要者把改在命令寫在fstab即可。。。
三、編寫rsync服務端
vim rsync1.sh
yum install rsync -y &&\
cp /etc/rsyncd.conf{,.ori} &&\
cat >/etc/rsyncd.conf<<EOF
uid = rsync
gid = rsync
use chroot = no
fask super =yes
max connections = 200
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/lock/rsyncd.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow =172.16.1.0/24
auth users =rsync_backup
secrets file = /etc/rsync.password
[backup]
comment = welcome to oldboy backup!
path = /backup/
EOF
useradd -M -s /usr/bin/nologin rsync &&\
mkdir -p /backup &&\
chown -R rsync.rsync /backup/ &&\
echo "rsync_backup:123456" >/etc/rsync.password &&\
chown 600 /etc/rsync.password
systemctl start rsyncd &&\
systemctl enable rsyncd
編寫rsync客戶端
vim rsync2.sh
#!/bin/sh
yum install rsync -y
echo "123456" >/etc/rsync.password &&\
chmod 600 /etc/rsync.password &&
systemctl rsetart rsyncd &&\
systemctl enable rsyncd &&\
echo "exportfs RSYNC_PASSWORD=123456" >>/etc/bashrc &&\
exportfs -r
四、編輯sersync實現實時同步
vim sersync.sh
#!/bin/sh
echo "exportfs RSYNC_PASSWORD=123456" >>/etc/bashrc &&\
source /etc/bashrc &&\
yum install inotify-tools -y &&\
touch monitor,sh &&\
cat >/server/scripts/monitor.sh<<EOF
#!/bin/sh/
/usr/bin/inotifywait -mrq --format '%w%f' -e close_write,delete /data|while read line
do
cd /data && rsync -az --delete ./ rsync-backup@172.16.1.41:;backup
done
EOF
五、我是個粗人,現在把所有推送執行命令腳本放在一個腳本里
vim one.ok.sh
#!/bin/sh
ansible rsync1 -m script -a "/server/scripts/rsync1.sh"
ansible rsync2 -m script -a "/server/scripts/rsync2.sh"
ansible nfs1 -m script -a "/server/scripts/nfs1.sh"
ansible nfs2 -m script -a "/servet/scripts/nfs2.sh"
ansible sersync -m "/server/scripts/sersync.sh"
sh one.ok.sh
執行這個腳本,即可一鍵完成部署四台服務器基礎配置,前提是前邊測試免密遠程管理成功,純手擼代碼,沒用腳,倘若哪里執行失敗,請仔細核對,若果發現我的腳本有命令出錯的地方,希望可以得到讀者的反饋,第一時間改正,以免影響更多的讀者。