一、项目需求
1、在 bbs.example.com 主机上创建 Discuz 论坛,数据库服务器使用 db.example.com 主机的 bbs 数据库实例,该实例由 MySQL数据库软件提供服务。
2、在 ntp.example.com 主机上创建 NTP 服务,该服务由 Chronyd软件提供服务,将时间服务器上连到 time.windows.com 主机,允许内网所有主机从该主机同步时间。
3、在dns.example.com主机上创建 DNS 服务,该域内所有域名解析请求由该服务器提供解析,同时,该主机也为内网所有主机提供DNS转发服务。
4、在上面所有主机上保持服务在重启系统之后依然能够自动启动,同时,开启防火墙和 SELinux 服务。
5、使用 Shell脚本完成 Mysql 数据的每天晚上1点整做全局备份,将备份通过脚本传递到 data.example.com 主机的 /backup/ 目录下。
6、使用 Shell 脚本和 Ansible playbook 完成以上所有内容,将内容尽可能自动化在无人值守的情况下实现出现问题自动判断,自动解决问题。
7、如果机器不够,可酌情使用一台虚拟机完成任务。
二、项目实现
需求 01
一、搭建MySQL服务器
1、安装软件包
[root@bbs ~]# yum install -y mariadb mariadb-server
2、启动MySQL数据库,并完成基础配置
[root@bbs ~]# systemctl enable --now mariadb
[root@bbs ~]# mysql_secure_installation
Enter current password for root (enter for none): 按回车(Enter键)直接进入数据库
OK, successfully used password, moving on...
Switch to unix_socket authentication [Y/n]:输入 n 跳过安全保护
... skipping.
Change the root password? [Y/n] :输入 y 确认修改密码
New password: 输入新密码
Re-enter new password: 输入新密码
Password updated successfully!
Remove anonymous users? [Y/n]:输入 y 删除匿名用户
... Success!
Disallow root login remotely? [Y/n]:输入 n 允许用户远程登录
... skipping.
Remove test database and access to it? [Y/n]:输入 y 删除测试数据库并接入数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reload privilege tables now? [Y/n]:输入 y 重新加载权限表
... Success!
3、登录MySQL数据库,并创建所需数据
[root@localhost ~]# mysql -u root -p
Enter password: 密码root
MariaDB [(none)]> CREATE DATABASE bbs;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'bbs_user'@'bbs.example.com' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON bbs.* TO 'bbs_user'@'bbs.example.com';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.111.131' IDENTIFIED BY 'root' WITH GRANT OPTION;
Query OK, 0 rows affected (0.001 sec)
允许用户myuser从ip为192.168.1.3的主机连接到mysql服务器,并使用mypassword作为密码
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> EXIT;
Bye
4、关闭防火墙和更改SELinux模式
[root@localhost ~]# setenforce 0
[root@localhost ~]# systemctl stop firewalld.service
二、搭建Discuz论坛服务器
1、安装软件包(httpd、php、mysql),并开机自启动
[root@bbs ~]# yum install -y httpd
[root@bbs ~]# yum install -y php php-devel php-mysqlnd
[root@bbs ~]# systemctl enable --now httpd
2、下载和安装Discuz
1>在 bbs.example.com 上创建一个网站目录
[root@localhost ~]# mkdir /var/www/html/discuz
2>上传或下载最新Discuz并解压缩
[root@localhost ~]# unzip Discuz_X3.4_SC_UTF8_20210520.zip -d /var/www/html/discuz
3>给与discuz目录具有适当的权限
[root@localhost ~]# chown -R apache:apache /var/www/html/discuz
[root@localhost ~]# chmod -R 777 /var/www/html/discuz
3、关闭防火墙和更改SELinux模式
[root@localhost upload]# setenforce 0
[root@localhost upload]# systemctl stop firewalld.service
4、用浏览器打开Discuz的安装目录
http://192.168.111.131/discuz/Discuz_X3.4_SC_UTF8_20210520/upload/install/
5、进行图形界面的Discuz安装
6、配置Apache HTTP服务器
1>创建一个新的Apache配置文件
vim /etc/httpd/conf.d/discuz.conf
<VirtualHost *:80>
ServerName bbs.example.com
DocumentRoot /var/www/html/discuz
<Directory /var/www/html/discuz>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
2>重启Apache 服务器
[root@bbs ~]# systemctl restart httpd
需求 02
一、ntp.example.com主机
1、修改主机名并重启
[root@localhost ~]# hostnamectl set-hostname ntp.example.com
[root@localhost ~]# reboot
2、修改配置文件,允许time.windows.com主机进行注册
# Allow NTP client access from local network.
allow 192.168.111.132
3、关闭防火墙
[root@localhost ~]# systemctl stop firewalld
4、重启chronyd服务
[root@localhost ~]# systemctl restart chronyd.service
二、time.windows.com主机
1、修改主机名并重启
[root@localhost ~]# hostnamectl set-hostname time.windows.com
[root@localhost ~]# reboot
2、修改配置文件,向ntp.example.com主机,且允许内网所有主机从该主机同步时间
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
#pool 2.rhel.pool.ntp.org iburst
server 192.168.111.131 iburst
# Allow NTP client access from local network.
allow all
3、关闭防火墙
[root@localhost ~]# systemctl stop firewalld
4、重启chronyd服务
[root@localhost ~]# systemctl restart chronyd.service
三、查看时间源
[root@localhost ~]# watch chronyc sources
需求 03
一、DNS域名“正向”解析
1、修改主机名并重启
[root@localhost ~]# hostnamectl set-hostname dns.example.com
[root@localhost ~]# reboot
2、安装软件包,并查看版本号
[root@dns ~]# yum install -y bind
[root@dns ~]# rpm -qf /usr/bin/dig
3、配置/etc/named.conf文件
[root@dns ~]# vim /etc/named.conf
options{
listen-on port 53 { 192.168.111.131; };
directory "/var/named";
};
zone "bbs.example.com" IN {
type master;
file "bbs.example.com";
};
zone "db.example.com" IN {
type master;
file "db.example.com";
};
zone "ntp.example.com" IN {
type master;
file "ntp.example.com";
};
zone "data.example.com" IN {
type master;
file "data.example.com";
};
4、配置/var/named/named.com区域文件
iokju[root@dns ~]# vim /var/named/bbs.example.com /i8u9
$TTL 1D
@ IN SOA @ admin.example.com. (
0
1D
1D
1D
1D
)
IN NS dns.example.com.
dns IN A 192.168.111.131
bbs IN A 192.168.111.130
[root@dns ~]# vim /var/named/db.example.com
$TTL 1D
@ IN SOA @ admin.example.com. (
0
1D
1D
1D
1D
)
IN NS dns.example.com.
dns IN A 192.168.111.131
db IN A 192.168.111.129
[root@dns ~]# vim /var/named/ntp.example.com
$TTL 1D
@ IN SOA @ admin.example.com. (
0
1D
1D
1D
1D
)
IN NS dns.example.com.
dns IN A 192.168.111.131
ntp IN A 192.168.111.128
[root@dns ~]# vim /var/named/data.example.com
$TTL 1D
@ IN SOA @ admin.example.com. (
0
1D
1D
1D
1D
)
IN NS dns.example.com.
dns IN A 192.168.111.131
data IN A 192.168.111.127
二、DNS域名“反向”解析
1、配置vim/etc/named.comf文件
[root@dns ~]# vim /etc/named.conf
options{
listen-on port 53 { 192.168.111.131; };
directory "/var/named";
};
zone "bbs.example.com" IN {
type master;
file "bbs.example.com";
};
zone "db.example.com" IN {
type master;
file "db.example.com";
};
zone "ntp.example.com" IN {
type master;
file "ntp.example.com";
};
zone "data.example.com" IN {
type master;
file "data.example.com";
};
zone "111.168.192.in-addr.arpa" IN {
type master;
file "named.reverse.com";
};
注:xxx--->ip所在网段 192.168.111.131/24 192.168.111.0 64.168.192(反着写)
2、配置/var/named/named.ixah.com区域文件
[root@dns ~]# vim /var/named/named.reverse.com
$TTL 1D
@ IN SOA @ admin.example.com. (
0
1D
1D
1D
1D)
IN NS ns.haxi.com.
130 IN PTR bbs.example.com.
129 In PTR db.example.com.
128 In PTR ntp.example.com.
127 IN PTR data.example.com.
需求 04
1、bbs.example.com主机
[root@localhost ~]# firewall-cmd --permanent --add-port=22/tcp
success
[root@localhost ~]# firewall-cmd --reload
success