cd /ansible
cat >03_install_nginx.yaml<<EOF
---
- name: install nginx
  hosts: web
  tasks:
  - name: touch
    copy:
      content: |
        [nginx]
        name=nginx repo
        baseurl=http://nginx.org/packages/centos/7/$basearch/
        gpgcheck=0
        enabled=1
      dest: /etc/yum.repos.d/nginx.repo
  - name: shell
    shell:
      cmd:
        yum makecache
  - name: install nginx
    shell:
      cmd: |
        yum -y install nginx
        yum remove -y epel-release.noarch
        yum install -y epel-release
        yum install -y https://mirrors.tuna.tsinghua.edu.cn/remi/enterprise/remi-release-7.rpm
        yum --enablerepo=remi-php74 install -y php php-cli php-common php-devel php-embedded php-gd php-mbstring php-pdo php-xml php-fpm php-mysqlnd php-opcache php-mcrypt php-pecl-memcached php-pecl-mongodb php-pecl-redis
  - name: copy web/default.conf
    copy:
      src: web/default.conf
      dest: /etc/nginx/conf.d/
  - name: copy www.conf
 copy:
      src: files/www.conf
      dest: /etc/php-fpm.d/www.conf
  - name: start  nginx service
    service:
      name: "{{item}}"
      state: restarted
      enabled: yes
    loop: [nginx,php-fpm]
EOF

ansible-playbook  03_install_nginx.yaml  执行

3.一键安装代理服务器nginx,keepalived,部署2台lb01和lb02

cat >05_install_server_nfs-utils.yaml<<EOF
---
- name: install nfs01
  hosts: data
  tasks:
  - name: install nfs-utils
    yum:
      name: nfs-utils,rpcbind
      state: present
  - name: copy /etc/exports
    copy:
      content: |
       /data 192.168.88.0/24(rw,sync)
      dest: /etc/exports
  - name: mkdir /data
    file:
      path: /data
      state: directory
      owner: nfsnobody
      group: nfsnobody
  - name: html
    copy:
      src: web/wordpress-6.1.1-zh_CN.tar.gz
      dest: /data
  - name: tar -xf wordpress-6.1.1-zh_CN.tar.gz
    shell: 
      cmd: |
        tar -xf   /data/wordpress-6.1.1-zh_CN.tar.gz -C /data
        chmod -R 777 /data
  - name: start rpcbind,nfs
    service:
      name: "{{item}}"
      state: restarted
      enabled: yes
    loop: [rpcbind,nfs]

EOF

5.nfs客户端web文件系统部署

cat >07-install_mariadb-server.yaml<<EOF
---
- name: install nfs-utils
  hosts: db
  tasks:
  - name: install nfs-utils
    yum:
      name: mariadb-server,mariadb
      state: present
  - name: start mariadb
    service:
      name: mariadb
      state: restarted
      enabled: yes
  - name: 修改passwd
    shell:
      cmd: |
       mysqladmin -u root password '123456'
EOF

7.创建收钱数据库和用户

cat >08-config-mysql.yml<<EOF
---
- name: config mysql
  hosts: db
  tasks:
  - name: create database
    script: files/config_mysql.sh
EOF

7.files目录下文件

cat files/config_mysql.sh<<EOF
mysql -u root -p123456 -e "create database wordpress character set utf8mb4"
mysql -u root -p123456 -e "create user wordpress@'%' identified by 'wordpress'"
mysql -u root -p123456 -e "grant all privileges on wordpress.* to wordpress@'%'"
EOF

2.files/default.conf

cat >default.conf<<EOF
server {
    listen       80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
    proxy_pass http://webserver; #路由转发
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
 #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
EOF

3.files/keepalived.conf 

cat >keepalived.conf<<EOF
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id lb01
   vrrp_iptables
   vrrp_skip_check_adv_addr
   vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_script chk_http_port {  # 定义监视脚本
    script "/etc/keepalived/check_lvs.sh"  
   interval 2   # 脚本每隔2秒运行一次
 }
vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
     192.168.88.80/24
  }
track_script {    # 引用脚本
         chk_http_port
      }
}
EOF

4.files/check_lvs.sh

cat >files/check_lvs.sh<<EOF  #检测keepalived主备切换
#!/bin/bash
ss -ntulp | grep :80 &> /dev/null && exit 0 || exit 1
EOF
chmod +x files/check_lvs.sh #记得加执行权限

5.files/www.conf

cat >files/www.conf<<EOF #源文件修改以下2行
...
user = nginx

group = nginx
...
EOF

8.web目录下文件

1.web/default.conf

cat >web/default.conf<<EOF
server {
    listen       80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /mnt/wordpress;
        index index.php index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /mnt/wordpress;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root           /mnt/wordpress;
        fastcgi_pass   127.0.0.1:9000;
     fastcgi_index  index.php;
      #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
       include        fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}
EOF

如果客户端是windows主机，则使用记事本程序打开C:\windows\System32\drivers\etc\hosts添加名称解析
当点击http://192.168.88.80页面中任意链接时，地址栏上的地址，都会变成192.168.88.7。通过以下方式修复它：
# 在nfs服务器上修改配置文件
[root@nfs01 ~]# vim /mnt/wordpress/wp-config.php 
# define('DB_NAME', 'wordpress')它的上方添加以下两行：
define('WP_SITEURL', 'http://192.168.88.80');
define('WP_HOME', 'http://192.168.88.80');

3.backup备份

服务端：backup

客户端：web01 web02 web03 

要求：

       每天晚上 00 点整在 Web 服务器上打包备份系统配置文件、网站程序目录及访问日志并通过 rsync 命令推送备份服务器 backup 上备份保留（备份思路可以是先在本地按日期打包，然后再推到备份服务器 backup 上） ，NFS 存储服务器同 Web 服务器，实际工作 中就是全部的服务器。

具体要求如下：
1)所有服务器的备份目录必须都为/backup。

2)要备份的系统配置文件包括但不限于：

a.定时任务服务的配置文件(/var/spool/cron/root)

b.开机自启动的配置文件(/etc/rc.local)

c.日常脚本的目录 (/server/scripts)。

d.防火墙 iptables 的配置文件(/etc/sysconfig/iptables)。

e.自己思考下还有什么需要备份呢？

3)Web 服务器站点目录(/var/html/www)。

4)Web 服务器 A 访问日志路径（/app/logs）

5)Web 服务器保留打包后的 7 天的备份数据即可(本地留存不能多于 7 天，因为太多硬盘会 满)

6)备份服务器上,保留每周一的所有数据副本，其它要保留 6 个月的数据副本。

7)备份服务器上要按照备份数据服务器的内网 IP 为目录保存备份，备份的文件按照时间名 字保存。

8）*需要确保备份的数据尽量完整正确，在备份服务器上对备份的数据进行检查，把备份的成功及失败结 果信息发给系统管理员邮箱中。

cat >09_backup_all_config.yaml<<EOF
---
- name: 客户端和服务端安装rsync
  hosts: web,backup
  tasks:
  - name: 安装rsync同步软件
    yum:
      name: rsync
      state: latest
  - name: 创建备份目录
    file:
      path: /server/scripts
      state: directory
- name: 配置backup服务端
  hosts: backup
  vars:
    rsync_password: "rsync_backup:123456"
    backup_dir: "/backup"
  tasks:
  - name: 配置/etc/rsyncd.conf
    copy:
      dest: /etc/rsyncd.conf
      content: |
       uid = rsync
       gid = rsync
       port = 873
       fake super = yes
       use chroot = no
       max connections =200
 timeout = 300
       pid file = /var/run/rsyncd.pid
       lock file = /var/run/rsync.lock
       log file = /var/log/rsyncd.log
       ignore errors
       read only = false
       list = false
       hosts allow = 192.168.88.0/24
       hosts deny = 0.0.0.0/32
       auth users = rsync_backup
       secrets file = /etc/rsync.password
       [backup]
       comment = "backup dir by abin"
       path = /backup
  - name: Add rsync user
    user:
      name: rsync
      create_home: no
      shell: /sbin/nologin
      system: yes
  - name: Create rsync password file
    shell: echo "{{ rsync_password }}" > /etc/rsync.password && chmod 600 /etc/rsync.password
  - name: Create backup directory
    file:
      path: "{{ backup_dir }}"
      state: directory
      owner: rsync
 group: rsync
  - name: Start and enable rsync service
    service:
      name: rsyncd
      state: restarted
      enabled: yes
  - name: 清理过期文件脚本
    copy:
      dest: /server/scripts/backup_server.sh
      content: |
       #!/bin/bash
       # del 180 day ago data
       find /backup/ -type f -mtime +180 ! -name "*week1.tar.gz"|xargs rm 2>/dev/null
       # check backup data
       find /backup/ -type f -name "finger.txt"|xargs md5sum -c >/tmp/check.txt
       #send check mail
       mail -s "check backup info for $(date +%F)" 1781668237@qq.com </tmp/check.txt
  - name: Add cron job for backup_server script
    cron:
      user: "root"
      minute: "0"
      hour: "0"
      job: "/bin/sh /server/scripts/backup_server.sh"
      state: present
- name: 配置web客户端
 hosts: web
  vars:
     password: "123456"
  tasks:
  - name: Create rsync password file
    shell: echo "{{ password }}" > /etc/rsync.password && chmod 600 /etc/rsync.password
  - name: 备份脚本
    copy:
      dest: /server/scripts/backup.sh
      content: |
       #!/bin/bash
       Backup_dir="/backup"
       IP_info=`ifconfig | head -2 | tail -1 | awk '{print $2}'`
       # create backup dir
       mkdir -p $Backup_dir/$IP_info
       # tar backup data
       cd /
       tar zchf /$Backup_dir/$IP_info/system_backup_$(date +%F_week%w -d -0day).tar.gz  /etc/rc.local /etc/nginx/nginx.conf /etc/nginx/conf.d/default.conf  /server/scripts /var/spool/cron/root 
       tar zchf /$Backup_dir/$IP_info/www_backup_$(date +%F_week%w).tar.gz  ./var/html/www
       tar zchf /$Backup_dir/$IP_info/www_log_backup_$(date +%F_week%w).tar.gz  ./app/logs
       # del 7 day ago data
       find $Backup_dir -type f -mtime +7|xargs rm 2>/dev/null
       # create finger file
       find $Backup_dir/ -type f -mtime -1 ! -name "finger*"|xargs md5sum >/$Backup_dir/$IP_info/finger.txt
       # backup push data info
       rsync -az $Backup_dir/ rsync_backup@192.168.88.41::backup --password-file=/etc/rsync.password
  - name: Add cron job for backup script
    cron:
      user: "root"
      minute: "0"
      hour: "0"
      job: "/bin/sh /server/scripts/backup.sh"
      state: present
EOF