网易校招面试题 - 如何给 10 台机器安装 Nginx
文章目录
- 0. centos7.9 停止维护更新 yum 源
- 0. 备份
- 1. 配置阿里云的 yum 源
- 1. 确定要安装的主机
- 2. 了解 /etc/ansible/roles 的目录文件
- 3. 编辑yml文件
- 4. 执行剧本
这种批量的重复工作,一般就是通过 ansible 或者 saltstack 来进行操作,roles 是 ansible 中 playbooks 的目录组织接口,并且在模块化以后,易读,代码可重用,层次清晰
0. centos7.9 停止维护更新 yum 源
以阿里云为例,其他国内开源镜像站类似。此处主要以 Centos 7.9为例。
0. 备份
cd /etc/yum.repos.d
mkdir backup
mv *.repo backup
1. 配置阿里云的 yum 源
cat > CentOS-aliyun-lhr.repo << 'EOF'
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#released updates
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/
http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
EOF
cat > epel-aliyun.repo <<'EOF'
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
EOF
- 检查验证
yum clean all
yum makecache fast
yum install vim lrzsz wget curl net-tools
1. 确定要安装的主机
[root@k8s-master roles]# cat /etc/ansible/hosts |tail -n15
## db-[99:101]-node.example.com
[allnode]
192.168.1.201
192.168.1.202
[node1]
192.168.1.201
[node2]
192.168.1.202
[node1]
host3
124.221.111.224
[root@k8s-master roles]#
2. 了解 /etc/ansible/roles 的目录文件
[root@ansible-server roles]# tree
.
├── nginx
│ ├── files
│ │ └── index.html
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yml
└── site.yml
6 directories, 6 files
============================================================================================================
详解:
role_name/ ---角色名称=目录
files/:存储一些可以用copy调用的静态文件。
tasks/: 存储任务的目录,此目录中至少应该有一个名为main.yml的文件,用于定义各task;其它的文件需要由main.yml进行“包含”调用;
handlers/:此目录中至少应该有一个名为main.yml的文件,用于定义各handler;其它的文件需要由(与notify:名字相同,方便notify通知执行下一条命令)通过main.yml进行“包含”调用;
vars/:此目录中至少应该有一个名为main.yml的文件,用于定义各variable;其它的文件需要由main.yml进行“包含”调用;
templates/:存储由template模块调用的模板文本; (也可以调用变量)
site.yml:定义哪个主机应用哪个角色
3. 编辑yml文件
[root@k8s-master roles]# cat nginx/*/*
index.html
<h1>hello nginx <h1>
tasks/main.yml
---
- name: start nginx
service: name=nginx state=started
---
- name: install nginx
yum: name=nginx state=latest
- name: copy nginx_conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
- name: copy index
copy: src=/etc/ansible/roles/nginx/files/index.html dest=/usr/share/nginx/html/index.html
notify: start nginx
templates/nginx.conf.j2
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections {{ worker_connections }};
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
vars/main.yml
worker_connections: 2048
4. 执行剧本
[root@k8s-master roles]# ansible-playbook main.yml --syntax-check
playbook: main.yml
[root@k8s-master roles]# ansible-playbook main.yml
PLAY [allnode] ****************************************************************************************************************************************************************************
TASK [Gathering Facts] ********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]
TASK [install nginx] **********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]
TASK [copy nginx_conf] ********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]
TASK [nginx : copy index] *****************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]
PLAY RECAP ********************************************************************************************************************************************************************************
192.168.1.201 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.1.202 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@k8s-master roles]# ansible allnode -m shell -a 'ss -tlnp |grep nginx'
192.168.1.201 | CHANGED | rc=0 >>
LISTEN 0 128 *:80 *:* users:(("nginx",pid=128790,fd=6),("nginx",pid=128789,fd=6),("nginx",pid=128788,fd=6),("nginx",pid=128787,fd=6),("nginx",pid=128786,fd=6))
LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=128790,fd=7),("nginx",pid=128789,fd=7),("nginx",pid=128788,fd=7),("nginx",pid=128787,fd=7),("nginx",pid=128786,fd=7))
192.168.1.202 | CHANGED | rc=0 >>
LISTEN 0 128 *:80 *:* users:(("nginx",pid=80192,fd=6),("nginx",pid=80191,fd=6),("nginx",pid=80190,fd=6),("nginx",pid=80189,fd=6),("nginx",pid=80188,fd=6))
LISTEN 0 128 [::]:80 [::]:* users:(("nginx",pid=80192,fd=7),("nginx",pid=80191,fd=7),("nginx",pid=80190,fd=7),("nginx",pid=80189,fd=7),("nginx",pid=80188,fd=7))
[root@k8s-master roles]#