1、搭建DHCP服務,爲局域網內用戶提供10.1.1.0/24網段的IP,且租約期默認爲48小時
```答:
dhcpser]# yum –y install dhcp
dhcpser]# cat /etc/dhcp/dhcpd.conf
option domain-name "WLdhcp";
option domain-name-servers 192.168.1.90;
default-lease-time 172800;
max-lease-time 172800;
·# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
option routers 192.168.21.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.30;
option routers 192.168.91.1;
filename "pxelinux.0";
next-server 192.168.1.90;
}
### 2、在上述實驗基礎上,實現DHCP中繼
``` 環境準備
dhcp-server:Centos7、192.168.100.10 安裝dhcp服務
dhcp-relay:Centos7、eth0:192.168.100.25、eth1:10.1.1.1 安裝dhcp服務
dhcp-client:Centos6,通過dhclient -d 查看獲取IP地址狀態
dhcp-server 配置
網卡配置:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=db2dbbd8-a363-4249-a3cf-7d2a42de81f2
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
GATEWAY=192.168.100.254 #指向dhcp-relay服務器eth0
PREFIX=24
dhcp服務配置:
option domain-name "peaoguo.com";
option domain-name-servers 192.168.0.1;
default-lease-time 43200;
max-lease-time 86400;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.120;
option routers 192.168.100.254;
}
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.100 10.1.1.254;
option routers 10.1.1.1;
}
啓動dhcp服務
system start dhcpd
dhcp-relay服務器配置
eth0網卡配置:
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=f570d8a2-908c-4b0b-9d1c-38524549e0d4
DEVICE=ens34
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.10 #指向dhcp服務器IP地址
eth1網卡配置:
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens35
UUID=0f082b61-0afd-4294-a62a-313e2f5b394e
DEVICE=ens35
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
IPADDR=10.1.1.1 #指向dhcp地址池默認網關
PREFIX=24
dhcrelay配置
[root@node1 ~]# dhcrelay 192.168.100.10
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/ens35/00:50:56:84:33:f0
Sending on LPF/ens35/00:50:56:84:33:f0
Listening on LPF/ens34/00:50:56:84:0f:10
Sending on LPF/ens34/00:50:56:84:0f:10
Listening on LPF/ens32/00:50:56:84:34:a6
Sending on LPF/ens32/00:50:56:84:34:a6
Sending on Socket/fallback
[root@node1 ~]# ss -tunlp |grep dhcrelay
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4092551,fd=7))
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4091950,fd=7))
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4090021,fd=7))
3、藉助Ansible Playbook自動化搭建LNMP環境(可藉助yum)
``` 注意事項:
1、web端防火牆需要禁用
2、php-fpm配置www.conf時要把本地監聽地址放開、拒絕地址列表註釋掉
3、index.php語法要正確
~ansible]# yum –y install ansible
~ansible]# cat /etc/ansible/hosts
[ns]
192.168.1.89
[dbs]
192.168.1.90
[php]
192.168.1.91
直接回車,在本地主機生成一對兒密鑰;
~ansible]# ssh-keygen -t rsa -P ''
將祕鑰發送到客戶端
~ansible]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
~ansible]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
~ansible]# ssh-copy-id -i .ssh/id_rsa.pub [email protected]
~ansible]# cat /tmp/as.yaml
-
hosts: ns
remote_user: root
tasks:- name: reponginx
copy: src=/tmp/nginx.repo dest=/etc/yum.repos.d/nginx.repo - name: f5
shell: yum makecache - name: installnginx
yum: name=nginx state=present - name: nginxconf
copy: src=/tmp/nginxwl.conf dest=/etc/nginx/conf.d/wlnginx.conf - name: startnginx
service: name=nginx state=started - name: stopfirewall
service: name=firewalld state=stopped
- name: reponginx
-
hosts: dbs
remote_user: root
tasks:- name: install mariadb
yum: name={{ item }} state=present
with_items:- mariadb
- mariadb-server
- name: copy dbconf
copy: src=/tmp/mariadb-server.conf dest=/etc/my.cnf.d/server.cnf - name: start mariadb
service: name=mariadb state=started - name: stopfire
service: name=firewalld state=stopped
- name: install mariadb
-
hosts: php
remote_user: root
tasks:-
name: firewalldstop
service: name=firewalld state=stopped -
name: install php
yum: name={{ item }} state=present
with_items:- php
- php-devel
- php-xml
- php-fpm
- php-mbstring
-
name: php-conf
copy: src=/tmp/www.conf dest=/etc/php-fpm.d/www.conf -
name: startphp
service: name=php-fpm state=started -
name: mkdir
shell: mkdir -p /usr/share/nginx/html - name: ceateindex
copy: src=/tmp/index.php dest=/usr/share/nginx/html/index.php
執行即可### 4、採用Ansible Role方式自動化搭建LNMP
創建目錄結構
mkdir -pv {nginx,php,mariadb,wordpress}/{tasks,vars,templates,files,meta,defaults}
nginx角色編排
編排nginx角色tasks
cd /etc/ansible/roles/nginx/tasks
vim main.yml- name: install nginx
yum: name=nginx state=latest
when: ansible_os_family == "RedHat" - name: copy config
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: restart nginx - name: start
service: name=nginx state=started enabled=yes
- name: install nginx
-
編排觸發重啓
cd /etc/ansible/roles/nginx/handlers
vim main.yml
- name: restart nginx
service: name=nginx state=restarted
準備nginx.conf配置文件
cd /etc/ansible/roles/nginx/files
cp /etc/nginx/nginx.conf .
php角色編排
cd /etc/ansible/roles/php/tasks
vim main.yml
- name: install php
yum: name={{ item }} state=present
with_items:- php-fpm
- php-mysql
- name: start php
service: name=php-fmp state=started enabled=yes
mariadb角色編排
cd /etc/ansible/roles/mariadb/tasks
vim main.yml
- name: install mariadb-server
yum: name=mariadb-server - name: start service
service: name=mariadb state=started enabled=yes - name: create wordress databases
mysql_db: login_user=root name=wordpress - name: mariadb conf
mysql_user: login_user=root name=wordpress host=localhost password='wordpress' priv='wordpress.*:ALL' state=present
tags: db
wordpress角色編排
cd /etc/ansible/roles/wordpress/tasks
vim main.yml
- name: mkdir
file: path=/data state=directory mode=0755 - name: uncompress
unarchive: src=/etc/ansible/playbook/wordpress-5.0.3-zh_CN.tar.gz dest=/data/
tags: up - name: wordpress config
copy: src=/etc/ansible/playbook/wp-config.php dest=/data/wordpress/
tags: cpwp
準備WordPress安裝文件
cd /etc/ansible/roles/wordpress/files
cp /root/wordpress-5.0.3-zh_CN.tar.gz .
playbook編寫
- name: install nginx
hosts: LNMP
remote_user: root
roles:- nginx
- php
- mariadb
- wordpress
playbook語法測試
[root@localhost ansible]# ansible-playbook --syntax-check lnmp.yaml
playbook: lnmp.yaml
[root@localhost ansible]#
運行
[root@localhost ansible]# ansible-playbook lnmp.yaml