(一).实现cobbler+pxe自动化装机
客户端pxe安装过程
注: pxe和cobbler自动化安装需要上述dhcp、tftp、httpd、服务的开启,所以安装上述服务为第一优先级.
CentOS 7自动化安装示例
第一、安装tftp服务
[root@servers ~]#yum install tftp tftp-server -y
[root@servers ~]#tftp 192.168.10.114
tftp> status
Connected to 192.168.10.114.
Mode: netascii Verbose: off Tracing: off Literal: off
Rexmt-interval: 5 seconds, Max-timeout: 25 seconds
tftp>
[root@servers ~]#systemctl start tftp.service
第二、安装dhcp服务
[root@servers ~]#yum install dhcp -y
[root@servers ~]#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
cp:是否覆盖"/etc/dhcp/dhcpd.conf"? y
[root@servers ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.114;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.110 192.168.10.130;
filename "pxelinux.0";
next-server 192.168.10.114;
}
[root@servers ~]#systemctl start dhcpd
[root@servers ~]#systemctl enable dhcpd
第三、安装http服务并挂载yum仓库及kickstart文件
[root@servers ~]#yum install httpd -y
[root@servers ~]#mkdir /var/www/html/centos/7/x86_64 -pv
[root@servers ~]#mkdir /var/www/html/kickstarts
[root@servers ~]#mount -r /dev/cdrom /var/www/html/centos/7/x86_64/
[root@servers ~]#systemctl start httpd.service
[root@servers ~]#systemctl enable httpd.service
[root@servers ~]#ss -tnl
[root@servers ~]#cp centos7ks.cfg /var/www/html/kickstarts/
测试yum仓库挂载
测试kickstart文件
第四、安装系统引导文件
[root@servers ~]#yum install syslinux -y
[root@servers ~]#cd /usr/share/syslinux
[root@servers syslinux]#cp {chain.c32,mboot.c32,menu.c32,memdisk,pxelinux.0} /var/lib/tftpboot/
[root@servers syslinux]#cd /var/www/html/centos/7/x86_64/images/pxeboot/
[root@servers pxeboot]#cp {initrd.img,vmlinuz} /var/lib/tftpboot/
[root@servers pxeboot]#cd /var/lib/tftpboot/
[root@servers tftpboot]#mkdir pxelinux.cfg
[root@servers tftpboot]#ls
chain.c32 initrd.img mboot.c32 memdisk menu.c32 pxelinux.0 pxelinux.cfg vmlinuz
[root@servers tftpboot]#cd pxelinux.cfg/
[root@servers pxelinux.cfg]#vim default
default menu.c32
prompt 30
timeout 60
MENU TITLE CentOS 7 PXE Menu
LABEL linux
MENU LABEL Install Centos 7 x86_64 test
KERNEL vmlinuz
APPEND initrd=initrd.img inst.repo=http://192.168.10.114/centos/7/x86_64
LABEL linux
MENU LABEL Install Centos 7 x86_64 Auto_install
KERNEL vmlinuz
APPEND initrd=initrd.img ks=http://192.168.10.114/kickstarts inst.repo=http://192.168.10.114/centos/7/x86_64
第五、新建虚拟机测试
虚拟机测试
CentOS 6安装示例:
第一、安装所有依赖的服务并配置dhcp
[root@localhost ~]#yum install dhcp tftp tftp-server httpd syslinux -y
[root@localhost ~]#cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
cp: overwrite `/etc/dhcp/dhcpd.conf'? y
[root@localhost ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.165;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.160 192.168.10.180;
filename "pxelinux.0";
next-server 192.168.10.165;
}
[root@localhost ~]#service dhcpd start
[root@localhost ~]#chkconfig dhcpd on
第二、配置tftp服务
[root@localhost ~]#vim /etc/xinetd.d/tftp
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
[root@localhost ~]#service xinetd start
[root@localhost ~]#chkconfig xinetd on
第三、配置httpd服务
[root@localhost ~]#mkdir /var/www/html/centos6 -pv
mkdir: created directory `/var/www/html/centos6'
[root@localhost ~]#mkdir /var/www/html/kickstarts
[root@localhost ~]#service httpd start
[root@localhost ~]#chkconfig httpd on
第四、配置引导文件
[root@localhost ~]#mkdir /media/cdrom/ -pv
[root@localhost ~]#mount -r /dev/cdrom /media/cdrom/
[root@localhost cdrom]#cp isolinux/* /var/lib/tftpboot/
[root@localhost tftpboot]#cd /usr/share/syslinux/
[root@localhost syslinux]#cp pxelinux.0 /var/lib/tftpboot/
[root@localhost ~]#mkdir /var/lib/tftpboot/pxelinux.cfg
[root@localhost ~]#cp /media/cdrom/isolinux/isolinux.cfg /var/lib/tftpboot/pxelinux.cfg/default
[root@localhost ~]#chmod +w /var/lib/tftpboot/pxelinux.cfg/default
[root@localhost ~]#vim /var/lib/tftpboot/pxelinux.cfg/default
default vesamenu.c32
#prompt 1
timeout 600
display boot.msg
menu background splash.jpg
menu title Welcome to CentOS 6.6!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color scrollbar 0 #ffffffff #00000000
label linux
menu label Install CentOS 6 testing
menu default
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.10.165/centos6
label auto linux
menu label ^Install Centos6 auto
kernel vmlinuz
append initrd=initrd.img inst.repo=http://192.168.10.165/centos6 ks=http://192.168.10.165/kickstarts
第五、制作yum仓以及kickstart文件
[root@localhost ~]#umount /dev/cdrom
[root@localhost ~]#mount /dev/cdrom /var/www/html/centos6/
[root@localhost ~]#vim centos6-ks.cfg
#platform=x86, AMD64, 或 Intel EM64T
#version=DEVEL
# Firewall configuration
firewall --disabled
# Install OS instead of upgrade
install
url --url = "http://192.168.10.165/centos6"
lang en_US.UTF-8
keyboard us
# Root password
rootpw 123456
# System authorization information
auth --useshadow --passalgo=sha512
# Use text mode install
text
# System keyboard
keyboard us
# System language
lang en_US
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Installation logging level
logging --level=info
key --skip
# Reboot after installation
reboot
# System timezone
timezone Asia/Shanghai
# Network information
network --bootproto=dhcp --device=eth0 --onboot=on
# System bootloader configuration
bootloader --location=mbr
# Clear the Master Boot Record
zerombr
# Partition clearing information
clearpart --all --initlabel
# Disk partitioning information
part swap --fstype="swap" --size=1024
part / --fstype="ext4" --grow --size=1
%packages
@base
@compat-libraries
@core
@debugging
@development
@server-policy
@workstation-policy
python-dmidecode
sgpio
device-mapper-persistent-data
systemtap-client
%end
[root@localhost ~]#cp centos6-ks.cfg /var/www/html/kickstarts/
第六、测试
centos6
kickstart
测试结果
(二). cobbler自动化装机
第一、安装程序以及依赖服务
[root@centos7 ~]#yum install cobbler dhcp tftp tftp-server httpd -y
第二、配置相关服务并启动
[root@centos7 ~]#cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
[root@centos7 ~]#vim /etc/dhcp/dhcpd.conf
option domain-name "example.org";
option domain-name-servers 192.168.10.202;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.200 192.168.10.220;
filename "pxelinux.0";
next-server 192.168.10.202;
}
[root@centos7 ~]#systemctl start dhcpd.service
[root@centos7 ~]#systemctl enable dhcpd.service
[root@centos7 ~]#systemctl start tftp.service
[root@centos7 ~]#systemctl start rsyncd.service
[root@centos7 ~]#systemctl start httpd.service
[root@centos7 ~]#systemctl start cobblerd.service
[root@centos7 ~]#useradd test
[root@centos7 ~]#echo "test" |passwd --stdin test
更改用户 test 的密码 。
passwd:所有的身份验证令牌已经成功更新。
[root@centos7 ~]#tail -1 /etc/shadow
test:$6$OxdeCuVy$KS8m04x7P03RioHn2np/16eno73r8o0YsfZaR.NqLVAHqFxF1IBSJVmtEHJ22jT0OUsYaQHFTioR.bE2D.rzg1:17925:0:99999:7:::
[root@centos7 ~]#cd /usr/share/syslinux
[root@centos7 syslinux]#cp {menu.c32,pxelinux.0} /var/lib/cobbler/loaders/
[root@centos7 syslinux]#vim /etc/cobbler/settings
server: 192.168.10.202
next_server: 192.168.10.202
default_password_crypted: "$6$OxdeCuVy$KS8m04x7P03RioHn2np/16eno73r8o0YsfZaR.NqLVAHqFxF1IBSJVmtEHJ22jT0OUsYaQHFTioR.bE2D.rzg1"
[root@centos7 syslinux]#cobbler sync
[root@centos7 syslinux]#systemctl restart cobblerd.service
第三、创建yum仓并导入cobbler
[root@centos7 syslinux]#mkdir /media/cdrom
[root@centos7 syslinux]#mount -r /dev/cdrom /media/cdrom/
[root@centos7 syslinux]#ls /media/cdrom/
CentOS_BuildTag EULA images LiveOS repodata RPM-GPG-KEY-CentOS-Testing-7
EFI GPL isolinux Packages RPM-GPG-KEY-CentOS-7 TRANS.TBL
[root@centos7 syslinux]#cobbler import --name='Centos7_test' --path=/media/cdrom
-----------
*** TASK COMPLETE ***
[root@centos7 ~]#cobbler distro list
Centos7_test-x86_64
[root@centos7 ~]#cobbler profile list
Centos7_test-x86_64
[root@centos7 ~]#cobbler sync
[root@centos7 ~]#systemctl restart cobblerd
第四、测试(内存需要大于2G)
测试
(三)、 Ansible实现主备模式的高可用
什么是ansible?
Ansible是一款极其简单的IT自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。Ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是Ansible所运行的模块,Ansible只是提供一种框架。Ansible主要承担的工作包括:配置管理、服务即时开通、应用部署、流程编排、监控告警、日志记录等。
ansible架构
核心模块(Core Module):在模块库(Module Library)中分为两块,一个是核心模块,另外一个就是自定义模块(Custom Modules)。核心模块中都是Ansible自带的模块,模块资源分发到远程节点使其执行特定任务或匹配一个特定的状态;
自定义模块(Custom Modules):如果Ansible满足不了你所需求的模块,则在此处添加自定义化的模块;
插件(Plugins):协助模块来完成某个功能;
剧本(Playbooks):定义需要给远程主机执行的一系列任务;
连接插件(Connectior Plugins):Ansible默认基于SSH连接到目标机器上执行操作的,但也支持不同的连接方法,此时需要连接插件来帮助我们完成连接;
主机清单(Host Inventory):定义需要管理的主机,小型环境中我们只需要在host文件中写入主机的IP地址即可,但到了中大型环境我们有可能需要使用静态inventory或者动态主机清单来生成我们所需要执行的目标主机。
硬件配置搭配:
两台Nginx作为Web Proxy,配置实现KeepAlived做主备;后端两台Apache,一台部署Apache+PHP,一台部署Apache+MySQL。
架构搭配
搭建ansible
[root@ansible ~]#ntpdate ntp.aliyun.com
[root@ansible ~]#yum install ansible -y
[root@ansible ~]#vim /etc/ansible/hosts
[hasrvs]
192.168.10.211
192.168.10.212
[websrvs]
192.168.10.213
192.168.10.214
[php]
192.168.10.213
[mysql]
192.168.10.214
[root@ansible ~]#vim /etc/hosts
192.168.10.211 nginx1
192.168.10.212 nginx2
192.168.10.213 apachephp
192.168.10.214 apachemysql
[root@ansible ~]#ssh-keygen -t rsa -N ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:t813Xo9WaT13elqopDZ7Hauxbi114Q/ivVISq7+P0rE root@ansible
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| |
| . . |
| S . o. +|
| . += =**|
| .+=@+BO|
| =oE*B==|
| .oOOB=+o|
+----[SHA256]-----+
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub [email protected]
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub [email protected]
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub [email protected]
[root@ansible ~]#ssh-copy-id -i .ssh/id_rsa.pub [email protected]
ansible测试是否能送通
[root@ansible ~]#ansible all -m ping
192.168.10.211 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.213 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.212 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.10.214 | SUCCESS => {
"changed": false,
"ping": "pong"
}
所有服务器同步时间关闭selinux以及firewall防止出现问题
[root@ansible ~]#ansible all -m shell -a 'systemctl stop firewalld; systemctl disable firewalld; setenforce 0'
[root@ansible ~]#ansible all -m shell -a 'echo "TZ='Asia/Shanghai'; export TZ" >> /etc/profile'
[root@ansible ~]#ansible all -m cron -a 'minute=*/5 job="/usr/sbin/ntpdate ntp.aliyun.com &> /dev/null" name=UpdateTime'
配置roles--apache
[root@ansible ~]#mkdir /etc/ansible/roles/apache/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#vim /etc/ansible/roles/apache/templates/vhost.conf.j2
ServerName www.ilinux.io
DirectoryIndex index.html index.php
DocumentRoot /var/www/html
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.10.213:9000/var/www/html/$1
ProxyPassMatch ^/(ping|status)$ fcgi://192.168.10.213:9000/$1
[root@ansible ~]#vim /etc/ansible/roles/apache/templates/index.html
test html page {{ ansible_hostname }}
[root@ansible ~]#vim /etc/ansible/roles/apache/files/index.php
[root@ansible ~]#vim /etc/ansible/roles/apache/tasks/main.yml
- name: install apache
shell: yum install httpd -y
- name: copy configfile
template: src=vhost.conf.j2 dest=/etc/httpd/conf.d/vhost.conf
- name: copy index.html
template: src=index.html dest=/var/www/html/index.html
- name: copy index.php
copy: src=index.php dest=/var/www/html/index.php
- name: start httpd
service: name=httpd state=started
配置roles---php服务
[root@ansible ~]#mkdir /etc/ansible/roles/php-fpm/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp [email protected]:/etc/php-fpm.d/www.conf ./
[root@ansible ~]#cp www.conf /etc/ansible/roles/php-fpm/templates/www.conf.j2
[root@ansible ~]#vim /etc/ansible/roles/php-fpm/templates/www.conf.j2
........................
listen = 0.0.0.0:9000
listen.allowed_clients = 127.0.0.1
pm.status_path = /status
ping.path = /ping
ping.response = pong
.........................
[root@ansible ~]#vim /etc/ansible/roles/php-fpm/tasks/main.yml
- name: install php
yum: name={{ item }} state=latest
with_items:
- php-fpm
- php-mysql
- php-mbstring
- php-mcrypt
- name: copy configfile
template: src=www.conf.j2 dest=/etc/php-fpm.d/www.conf
- name: create directory
file: path=/var/lib/php/session group=apache owner=apache state=directory
- name: start php-fpm
service: name=php-fpm state=started
配置roles---mysql服务
[root@ansible ~]#mkdir /etc/ansible/roles/mysql/{file,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp [email protected]:/etc/my.cnf.d/server.cnf ./
[root@ansible ~]#cp server.cnf my.cnf
[root@ansible ~]#cp my.cnf /etc/ansible/roles/mysql/templates/my.cnf.j2
[root@ansible ~]#vim /etc/ansible/roles/mysql/templates/my.cnf.j2
[mysqld]
skip-name-resolve=on
innodb-file-per-table=on
[root@ansible ~]#vim /etc/ansible/roles/mysql/tasks/main.yml
- name: install mysql
yum: name=mariadb-server state=latest
- name: copy configfile
template: src=my.cnf.j2 dest=/etc/my.cnf
- name: start mysql
service: name=mariadb state=started
配置roles---nginx服务
[root@ansible ~]#mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#scp [email protected]:/etc/nginx/nginx.conf ./
[root@ansible ~]#cp nginx.conf /etc/ansible/roles/nginx/templates/nginx.conf.j2
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/nginx.conf.j2
http {
upstream websrvs {
server 192.168.10.213:80;
server 192.168.10.214:80;
server 127.0.0.1:80 backup;
}
server {
listen 80;
include /etc/nginx/default.d/*.conf;
location / {
proxy_pass http://websrvs;
proxy_set_header host $http_host;
proxy_set_header X-Forward-For $remote_addr;
}
}
}
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/localnginx.conf.j2
server {
listen 127.0.0.1:80;
root /usr/share/nginx/html;
index index.html;
}
[root@ansible ~]#vim /etc/ansible/roles/nginx/templates/index.html
test page nginx HA server {{ ansible_hostname }}
[root@ansible ~]#vim /etc/ansible/roles/nginx/tasks/main.yml
- name: install nginx
yum: name=nginx state=latest
- name: copy nginx configfile
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: copy localnginx configfile
template: src=localnginx.conf.j2 dest=/etc/nginx/conf.d/localnginx.conf
- name: copy index
template: src=index.html dest=/usr/share/nginx/html/index.html
- name: start nginx
service: name=nginx state=started
配置roles---keepalived服务
[root@ansible ~]#mkdir /etc/ansible/roles/keepalived/{files,templates,tasks,handlers,vars,meta,default} -pv
[root@ansible ~]#vim /etc/ansible/roles/keepalived/templates/keepalived.conf.j2
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ ansible_nodename }}
vrrp_mcast_group4 224.1.101.33
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ keepalived_role }}
interface ens33
virtual_router_id 51
priority {{ keepalived_pri }}
advert_int 1
authentication {
auth_type PASS
auth_pass 901010Ztt@
}
virtual_ipaddress {
192.168.10.99/24 dev ens33 label ens33:0
}
}
[root@ansible ~]#vim /etc/ansible/hosts
192.168.10.211 keepalived_role=MASTER keepalived_pri=100
192.168.10.212 keepalived_role=BACKUP keepalived_pri=98
[root@ansible ~]#vim /etc/ansible/roles/keepalived/tasks/main.yml
- name: install keepalived
yum: name=keepalived state=latest
- name: install configfile
template: src=/etc/ansible/roles/keepalived/templates/keepalived.conf.j2 dest=/etc/keepalived/keepalived.conf
- name: start keepalived
service: name=keepalived state=started
配置playbook--- apache+php
[root@ansible ~]#mkdir /etc/ansible/playbooks
[root@ansible ~]#vim /etc/ansible/playbooks/ap.yml
- hosts: php
remote_user: root
roles:
- apache
- php-fpm
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/ap.yml
playbook: /etc/ansible/playbooks/ap.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/ap.yml
配置playbook--- apache+mysql
[root@ansible ~]#vim /etc/ansible/playbooks/am.yml
- hosts: mysql
remote_user: root
roles:
- apache
- mysql
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/am.yml
playbook: /etc/ansible/playbooks/am.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/am.yml
配置playbook---nginx+keepalived
[root@ansible ~]#vim /etc/ansible/playbooks/ha.yml
- hosts: hasrvs
remote_user: root
roles:
- nginx
- keepalived
[root@ansible ~]#ansible-playbook --syntax-check /etc/ansible/playbooks/ha.yml
playbook: /etc/ansible/playbooks/ha.yml
[root@ansible ~]#ansible-playbook /etc/ansible/playbooks/ha.yml
测试
[root@client ~]# for i in {1..10};do curl http://192.168.10.99;done
This is apache2
This is apache1
This is apache2
This is apache1
This is apache2
This is apache1
This is apache2
This is apache1
This is apache2
This is apache1