(一).实现cobbler+pxe自动化装机
客户端pxe安装过程
注: pxe和cobbler自动化安装需要上述dhcp、tftp、httpd、服务的开启,所以安装上述服务为第一优先级.
CentOS 7自动化安装示例
第一、安装tftp服务
[root@servers ~]#yum install tftp tftp-server -y
[root@servers ~]#tftp 192.168.10.114
tftp> status
Connected to 192.168.10.114.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp>
[root@servers ~]#systemctl start tftp.service
第二、安装dhcp服务
[root@servers ~]#yum install dhcp -y
[root@servers ~]#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y
[root@servers ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.114;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.110 192.168.10.130;
filename "pxelinux.0";
next-server 192.168.10.114;
}
[root@servers ~]#systemctl start dhcpd
[root@servers ~]#systemctl enable dhcpd
第三、安装http服务并挂载yum仓库及kickstart文件
[root@servers ~]#yum install httpd -y
[root@servers ~]#mkdir /var/www/html/centos/7/x86_64 -pv
[root@servers ~]#mkdir /var/www/html/kickstarts
[root@servers ~]#mount -r /dev/cdrom /var/www/html/centos/7/x86_64/
[root@servers ~]#systemctl start httpd.service
[root@servers ~]#systemctl enable httpd.service
[root@servers ~]#ss -tnl
[root@servers ~]#cp centos7ks.cfg /var/www/html/kickstarts/
测试yum仓库挂载
测试kickstart文件
第四、安装系统引导文件
[root@servers ~]#yum install syslinux -y
[root@servers ~]#cd /usr/share/syslinux
[root@servers syslinux]#cp {chain.c32,mboot.c32,menu.c32,memdisk,pxelinux.0} /var/lib/tftpboot/
[root@servers syslinux]#cd /var/www/html/centos/7/x86_64/images/pxeboot/
[root@servers pxeboot]#cp {initrd.img,vmlinuz} /var/lib/tftpboot/
[root@servers pxeboot]#cd /var/lib/tftpboot/
[root@servers tftpboot]#mkdir pxelinux.cfg
[root@servers tftpboot]#ls
chain.c32 initrd.img mboot.c32 memdisk menu.c32 pxelinux.0 pxelinux.cfg vmlinuz
[root@servers tftpboot]#cd pxelinux.cfg/
[root@servers pxelinux.cfg]#vim default
default menu.c32
prompt 30
timeout 60
MENU TITLE CentOS 7 PXE Menu
LABEL linux
MENU LABEL Install Centos 7 x86_64 test
KERNEL vmlinuz
APPEND initrd=initrd.img inst.repo=http://192.168.10.114/centos/7/x86_64
LABEL linux
MENU LABEL Install Centos 7 x86_64 Auto_install
KERNEL vmlinuz
APPEND initrd=initrd.img ks=http://192.168.10.114/kickstarts inst.repo=http://192.168.10.114/centos/7/x86_64
第五、新建虚拟机测试
虚拟机测试
CentOS 6安装示例:
第一、安装所有依赖的服务并配置dhcp
[root@localhost ~]#yum install dhcp tftp tftp-server httpd syslinux -y
[root@localhost ~]#cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: overwrite `/etc/dhcp/dhcpd.conf'? y
[root@localhost ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.165;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.160 192.168.10.180;
filename "pxelinux.0";
next-server 192.168.10.165;
}
[root@localhost ~]#service dhcpd start
[root@localhost ~]#chkconfig dhcpd on
第二、配置tftp服务
[root@localhost ~]#vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@localhost ~]#service xinetd start
[root@localhost ~]#chkconfig xinetd on
第三、配置httpd服务
[root@localhost ~]#mkdir /var/www/html/centos6 -pv
mkdir: created directory `/var/www/html/centos6'
[root@localhost ~]#mkdir /var/www/html/kickstarts
[root@localhost ~]#service httpd start
[root@localhost ~]#chkconfig httpd on
第四、配置引导文件
[root@localhost ~]#mkdir /media/cdrom/ -pv
[root@localhost ~]#mount -r /dev/cdrom /media/cdrom/
[root@localhost cdrom]#cp isolinux/* /var/lib/tftpboot/
[root@localhost tftpboot]#cd /usr/share/syslinux/
[root@localhost syslinux]#cp pxelinux.0 /var/lib/tftpboot/
[root@localhost ~]#mkdir /var/lib/tftpboot/pxelinux.cfg
[root@localhost ~]#cp /media/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
[root@localhost ~]#chmod +w /var/lib/tftpboot/pxelinux.cfg/default
[root@localhost ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
#prompt 1
timeout 600
display boot.msg
menu background splash.jpg
menu title Welcome to CentOS 6.6!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000
label linux
menu label Install CentOS 6 testing
menu default
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.10.165/centos6
label auto linux
menu label ^Install Centos6 auto
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.10.165/centos6 ks=http://192.168.10.165/kickstarts
第五、制作yum仓以及kickstart文件
[root@localhost ~]#umount /dev/cdrom
[root@localhost ~]#mount /dev/cdrom /var/www/html/centos6/
[root@localhost ~]#vim centos6-ks.cfg
#platform=x86, AMD64, 或 Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
url --url = "http://192.168.10.165/centos6"
lang en_US.UTF-8
keyboard us
# Root password
rootpw 123456
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
key --skip
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part swap --fstype="swap" --size=1024
part / --fstype="ext4" --grow --size=1
%packages
@base
@compat-libraries
@core
@debugging
@development
@server-policy
@workstation-policy
python-dmidecode
sgpio
device-mapper-persistent-data
systemtap-client
%end
[root@localhost ~]#cp centos6-ks.cfg /var/www/html/kickstarts/
第六、测试
centos6
kickstart
测试结果
(二). cobbler自动化装机
第一、安装程序以及依赖服务
[root@centos7 ~]#yum install cobbler dhcp tftp tftp-server httpd -y
第二、配置相关服务并启动
[root@centos7 ~]#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@centos7 ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.202;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.200 192.168.10.220;
filename "pxelinux.0";
next-server 192.168.10.202;
}
[root@centos7 ~]#systemctl start dhcpd.service
[root@centos7 ~]#systemctl enable dhcpd.service
[root@centos7 ~]#systemctl start tftp.service
[root@centos7 ~]#systemctl start rsyncd.service
[root@centos7 ~]#systemctl start httpd.service
[root@centos7 ~]#systemctl start cobblerd.service
[root@centos7 ~]#useradd test
[root@centos7 ~]#echo "test" |passwd --stdin test
更改用户 test 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@centos7 ~]#tail -1 /etc/shadow
test:$6$OxdeCuVy$KS8m04x7P03RioHn2np/16eno73r8o0YsfZaR.NqLVAHqFxF1IBSJVmtEHJ22jT0OUsYaQHFTioR.bE2D.rzg1:17925:0:99999:7:::
[root@centos7 ~]#cd /usr/share/syslinux
[root@centos7 syslinux]#cp {menu.c32,pxelinux.0} /var/lib/cobbler/loaders/
[root@centos7 syslinux]#vim /etc/cobbler/settings
server: 192.168.10.202
next_server: 192.168.10.202
default_password_crypted: "$6$OxdeCuVy$KS8m04x7P03RioHn2np/16eno73r8o0YsfZaR.NqLVAHqFxF1IBSJVmtEHJ22jT0OUsYaQHFTioR.bE2D.rzg1"
[root@centos7 syslinux]#cobbler sync
[root@centos7 syslinux]#systemctl restart cobblerd.service
第三、创建yum仓并导入cobbler
[root@centos7 syslinux]#mkdir /media/cdrom
[root@centos7 syslinux]#mount -r /dev/cdrom /media/cdrom/
[root@centos7 syslinux]#ls /media/cdrom/
CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7
EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL
[root@centos7 syslinux]#cobbler import --name='Centos7_test' --path=/media/cdrom
-----------
*** TASK COMPLETE ***
[root@centos7 ~]#cobbler distro list
Centos7_test-x86_64
[root@centos7 ~]#cobbler profile list
Centos7_test-x86_64
[root@centos7 ~]#cobbler sync
[root@centos7 ~]#systemctl restart cobblerd
第四、测试(内存需要大于2G)
测试
(三)、 Ansible实现主备模式的高可用
什么是ansible?
Ansible是一款极其简单的IT自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。Ansible主要承担的工作包括:配置管理、服务即时开通、应用部署、流程编排、监控告警、日志记录等。
ansible架构
-
核心模块(Core Module):在模块库(Module Library)中分为两块,一个是核心模块,另外一个就是自定义模块(Custom Modules)。核心模块中都是Ansible自带的模块,模块资源分发到远程节点使其执行特定任务或匹配一个特定的状态;
-
自定义模块(Custom Modules):如果Ansible满足不了你所需求的模块,则在此处添加自定义化的模块;
-
插件(Plugins):协助模块来完成某个功能;
-
剧本(Playbooks):定义需要给远程主机执行的一系列任务;
-
连接插件(Connectior Plugins):Ansible默认基于SSH连接到目标机器上执行操作的,但也支持不同的连接方法,此时需要连接插件来帮助我们完成连接;
-
主机清单(Host Inventory):定义需要管理的主机,小型环境中我们只需要在host文件中写入主机的IP地址即可,但到了中大型环境我们有可能需要使用静态inventory或者动态主机清单来生成我们所需要执行的目标主机。
硬件配置搭配:
两台Nginx作为Web Proxy,配置实现KeepAlived做主备;后端两台Apache,一台部署Apache+PHP,一台部署Apache+MySQL。
架构搭配
搭建ansible
[root@ansible ~]#ntpdate ntp.aliyun.com
[root@ansible ~]#yum install ansible -y
[root@ansible ~]#vim /etc/ansible/hosts
[hasrvs]
192.168.10.211
192.168.10.212
[websrvs]
192.168.10.213
192.168.10.214
[php]
192.168.10.213
[mysql]
192.168.10.214
[root@ansible ~]#vim /etc/hosts
192.168.10.211 nginx1
192.168.10.212 nginx2
192.168.10.213 apachephp
192.168.10.214 apachemysql
[root@ansible ~]#ssh-keygen -t rsa -N ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:t813Xo9WaT13elqopDZ7Hauxbi114Q/ivVISq7+P0rE root@ansible
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| . . |
| S . o. +|
| . += =**|
| .+=@+BO|
| =oE*B==|
| .oOOB=+o|
+----[SHA256]-----+
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.211
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.212
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.213
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub root@192.168.10.214
ansible测试是否能送通
[root@ansible ~]#ansible all -m ping
192.168.10.211 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.213 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.212 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.214 | SUCCESS => {
"changed": false,
"ping": "pong"
}
所有服务器同步时间关闭selinux以及firewall防止出现问题
[root@ansible ~]#ansible all -m shell -a 'systemctl stop firewalld; systemctl disable firewalld; setenforce 0'
[root@ansible ~]#ansible all -m shell -a 'echo "TZ='Asia/Shanghai'; export TZ" >> /etc/profile'
[root@ansible ~]#ansible all -m cron -a 'minute=*/5 job="/usr/sbin/ntpdate ntp.aliyun.com &> /dev/null" name=UpdateTime'
配置roles--apache
[root@ansible ~]#mkdir /etc/ansible/roles/apache/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#vim /etc/ansible/roles/apache/templates/vhost.conf.j2
<Virtualhost *:80>
ServerName www.ilinux.io
DirectoryIndex index.html index.php
DocumentRoot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.10.213:9000/var/www/html/$1
ProxyPassMatch ^/(ping|status)$ fcgi://192.168.10.213:9000/$1
<Directory />
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</Virtualhost>
[root@ansible ~]#vim /etc/ansible/roles/apache/templates/index.html
<h1> test html page {{ ansible_hostname }} </h1>
[root@ansible ~]#vim /etc/ansible/roles/apache/files/index.php
<?php
phpinfo();
?>
[root@ansible ~]#vim /etc/ansible/roles/apache/tasks/main.yml
- name: install apache
shell: yum install httpd -y
- name: copy configfile
template: src=vhost.conf.j2 dest=/etc/httpd/conf.d/vhost.conf
- name: copy index.html
template: src=index.html dest=/var/www/html/index.html
- name: copy index.php
copy: src=index.php dest=/var/www/html/index.php
- name: start httpd
service: name=httpd state=started
配置roles---php服务
[root@ansible ~]#mkdir /etc/ansible/roles/php-fpm/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp root@192.168.10.215:/etc/php-fpm.d/www.conf ./
[root@ansible ~]#cp www.conf /etc/ansible/roles/php-fpm/templates/www.conf.j2
[root@ansible ~]#vim /etc/ansible/roles/php-fpm/templates/www.conf.j2
........................
listen = 0.0.0.0:9000
listen.allowed_clients = 127.0.0.1
pm.status_path = /status
ping.path = /ping
ping.response = pong
.........................
[root@ansible ~]#vim /etc/ansible/roles/php-fpm/tasks/main.yml
- name: install php
yum: name={{ item }} state=latest
with_items:
- php-fpm
- php-mysql
- php-mbstring
- php-mcrypt
- name: copy configfile
template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf
- name: create directory
file: path=/var/lib/php/session group=apache owner=apache state=directory
- name: start php-fpm
service: name=php-fpm state=started
配置roles---mysql服务
[root@ansible ~]#mkdir /etc/ansible/roles/mysql/{file,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp root@192.168.10.215:/etc/my.cnf.d/server.cnf ./
[root@ansible ~]#cp server.cnf my.cnf
[root@ansible ~]#cp my.cnf /etc/ansible/roles/mysql/templates/my.cnf.j2
[root@ansible ~]#vim /etc/ansible/roles/mysql/templates/my.cnf.j2
[mysqld]
skip-name-resolve=on
innodb-file-per-table=on
[root@ansible ~]#vim /etc/ansible/roles/mysql/tasks/main.yml
- name: install mysql
yum: name=mariadb-server state=latest
- name: copy configfile
template: src=my.cnf.j2 dest=/etc/my.cnf
- name: start mysql
service: name=mariadb state=started
配置roles---nginx服务
[root@ansible ~]#mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp root@192.168.10.215:/etc/nginx/nginx.conf ./
[root@ansible ~]#cp nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/nginx.conf.j2
http {
upstream websrvs {
server 192.168.10.213:80;
server 192.168.10.214:80;
server 127.0.0.1:80 backup;
}
server {
listen 80;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://websrvs;
proxy_set_header host $http_host;
proxy_set_header X-Forward-For $remote_addr;
}
}
}
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/localnginx.conf.j2
server {
listen 127.0.0.1:80;
root /usr/share/nginx/html;
index index.html;
}
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/index.html
<h1> test page nginx HA server {{ ansible_hostname }} </h1>
[root@ansible ~]#vim /etc/ansible/roles/nginx/tasks/main.yml
- name: install nginx
yum: name=nginx state=latest
- name: copy nginx configfile
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: copy localnginx configfile
template: src=localnginx.conf.j2 dest=/etc/nginx/conf.d/localnginx.conf
- name: copy index
template: src=index.html dest=/usr/share/nginx/html/index.html
- name: start nginx
service: name=nginx state=started
配置roles---keepalived服务
[root@ansible ~]#mkdir /etc/ansible/roles/keepalived/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#vim /etc/ansible/roles/keepalived/templates/keepalived.conf.j2
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_nodename }}
vrrp_mcast_group4 224.1.101.33
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ keepalived_role }}
interface ens33
virtual_router_id 51
priority {{ keepalived_pri }}
advert_int 1
authentication {
auth_type PASS
auth_pass 901010Ztt@
}
virtual_ipaddress {
192.168.10.99/24 dev ens33 label ens33:0
}
}
[root@ansible ~]#vim /etc/ansible/hosts
192.168.10.211 keepalived_role=MASTER keepalived_pri=100
192.168.10.212 keepalived_role=BACKUP keepalived_pri=98
[root@ansible ~]#vim /etc/ansible/roles/keepalived/tasks/main.yml
- name: install keepalived
yum: name=keepalived state=latest
- name: install configfile
template: src=/etc/ansible/roles/keepalived/templates/keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
- name: start keepalived
service: name=keepalived state=started
配置playbook--- apache+php
[root@ansible ~]#mkdir /etc/ansible/playbooks
[root@ansible ~]#vim /etc/ansible/playbooks/ap.yml
- hosts: php
remote_user: root
roles:
- apache
- php-fpm
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/ap.yml
playbook: /etc/ansible/playbooks/ap.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/ap.yml
配置playbook--- apache+mysql
[root@ansible ~]#vim /etc/ansible/playbooks/am.yml
- hosts: mysql
remote_user: root
roles:
- apache
- mysql
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/am.yml
playbook: /etc/ansible/playbooks/am.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/am.yml
配置playbook---nginx+keepalived
[root@ansible ~]#vim /etc/ansible/playbooks/ha.yml
- hosts: hasrvs
remote_user: root
roles:
- nginx
- keepalived
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml
playbook: /etc/ansible/playbooks/ha.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/ha.yml
测试
[root@client ~]# for i in {1..10};do curl http://192.168.10.99;done
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
<h1> This is apache2 </h1>
<h1> This is apache1 </h1>
网友评论