DHCP、Ansible
2019-05-22 本文已影响0人
请叫我飘哥
1、搭建DHCP服务,为局域网内用户提供192.168.100.0/24网段的IP,且租约期默认为48小时
-
网络拓扑
网络拓扑
-
环境说明
dhcp-server:Centos7、192.168.100.10 安装dhcp服务
dhcp-client:Centos6,通过dhclient -d 查看获取IP地址状态 -
dhcp服务搭建及配置
option domain-name "peaoguo.com";
option domain-name-servers 192.168.0.1;
default-lease-time 86400; #默认续期为48小时
max-lease-time 172800; #最大续期为72小时
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.120; #IP地址池
option routers 192.168.100.254; #网关
filename "pxelinux.0"; #网络引导文件
next-server 192.168.100.10; # dhcp服务IP地址
}
-
dhcp-client 获取ip 地址测试
dhcp获取IP过程
- dhcp-server服务器日志
[root@localhost dhcpd]# tail /var/log/messages
May 13 14:32:07 localhost dhcpd: DHCPREQUEST for 192.168.100.100 from 00:50:56:ae:70:49 (localhost) via ens34
May 13 14:32:07 localhost dhcpd: DHCPACK on 192.168.100.100 to 00:50:56:ae:70:49 (localhost) via ens34
May 13 14:33:23 localhost dhcpd: DHCPDISCOVER from 00:50:56:ae:70:49 (localhost) via ens34
May 13 14:33:23 localhost dhcpd: Abandoning IP address 192.168.100.100: pinged before offer
May 13 14:33:25 localhost dhcpd: DHCPDISCOVER from 00:50:56:ae:70:49 via ens34
May 13 14:33:26 localhost dhcpd: DHCPOFFER on 192.168.100.101 to 00:50:56:ae:70:49 via ens34
May 13 14:33:26 localhost dhcpd: DHCPREQUEST for 192.168.100.101 (192.168.100.10) from 00:50:56:ae:70:49 via ens34
May 13 14:33:26 localhost dhcpd: DHCPACK on 192.168.100.101 to 00:50:56:ae:70:49 via ens34
May 13 14:39:26 localhost dhcpd: DHCPREQUEST for 192.168.100.101 from 00:50:56:ae:70:49 via ens34
May 13 14:39:26 localhost dhcpd: DHCPACK on 192.168.100.101 to 00:50:56:ae:70:49 via ens34
2、在上述实验基础上,实现DHCP中继
-
网络拓扑
dhcp中继网络拓扑
- 环境准备
dhcp-server:Centos7、192.168.100.10 安装dhcp服务
dhcp-relay:Centos7、eth0:192.168.100.25、eth1:10.1.1.1 安装dhcp服务
dhcp-client:Centos6,通过dhclient -d 查看获取IP地址状态 - dhcp-server 配置
网卡配置:
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=db2dbbd8-a363-4249-a3cf-7d2a42de81f2
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.100.10
NETMASK=255.255.255.0
GATEWAY=192.168.100.254 #指向dhcp-relay服务器eth0
PREFIX=24
---------------------------------------------------------
dhcp服务配置:
option domain-name "peaoguo.com";
option domain-name-servers 192.168.0.1;
default-lease-time 43200;
max-lease-time 86400;
log-facility local7;
subnet 192.168.100.0 netmask 255.255.255.0 {
range 192.168.100.100 192.168.100.120;
option routers 192.168.100.254;
}
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.100 10.1.1.254;
option routers 10.1.1.1;
}
启动dhcp服务
system start dhcpd
- dhcp-relay服务器配置
eth0网卡配置:
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens34
UUID=f570d8a2-908c-4b0b-9d1c-38524549e0d4
DEVICE=ens34
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
IPADDR=192.168.100.254
PREFIX=24
GATEWAY=192.168.100.10 #指向dhcp服务器IP地址
eth1网卡配置:
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens35
UUID=0f082b61-0afd-4294-a62a-313e2f5b394e
DEVICE=ens35
ONBOOT=yes
PROXY_METHOD=none
BROWSER_ONLY=no
IPADDR=10.1.1.1 #指向dhcp地址池默认网关
PREFIX=24
dhcrelay配置
[root@node1 ~]# dhcrelay 192.168.100.10
Dropped all unnecessary capabilities.
Internet Systems Consortium DHCP Relay Agent 4.2.5
Copyright 2004-2013 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/ens35/00:50:56:84:33:f0
Sending on LPF/ens35/00:50:56:84:33:f0
Listening on LPF/ens34/00:50:56:84:0f:10
Sending on LPF/ens34/00:50:56:84:0f:10
Listening on LPF/ens32/00:50:56:84:34:a6
Sending on LPF/ens32/00:50:56:84:34:a6
Sending on Socket/fallback
[root@node1 ~]# ss -tunlp |grep dhcrelay
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4092551,fd=7))
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4091950,fd=7))
udp UNCONN 0 0 *:67 *:* users:(("dhcrelay",pid=4090021,fd=7))
-
dhcp-client测试
image.png
- dhcp-server日志
[root@localhost ~]# tailf /var/log/messages
May 13 17:53:24 localhost dhcpd: DHCPREQUEST for 10.1.1.101 (192.168.100.10) from 00:50:56:ae:76:2b via 10.1.1.1
May 13 17:53:24 localhost dhcpd: DHCPACK on 10.1.1.101 to 00:50:56:ae:76:2b via 10.1.1.1
May 13 17:54:15 localhost dhcpd: DHCPREQUEST for 10.1.1.101 from 00:50:56:ae:76:2b via 10.1.1.1
May 13 17:54:15 localhost dhcpd: DHCPACK on 10.1.1.101 to 00:50:56:ae:76:2b via 10.1.1.1
3、借助Ansible Playbook自动化搭建LNMP环境(可借助yum)
-
网络拓扑
网络拓扑
- 环境说明
ansible服务器:安装ansible、免密登录LNMP服务器
LNMP:安装nginx、php-fpm、php-mysql、mariadb-service(采用yum安装) - ansible服务器配置
编辑hosts文件添加LNMP主机
[root@localhost ansible]# vim hosts
[LNMP]
10.192.1.158
准备各服务配置及WordPress安装文件
nginx.conf
wordpress-5.0.3-zh_CN.tar.gz
wp-config.php
编写playbook
[root@localhost playbook]# vim lnmp.yaml
- hosts: LNMP
remote_user: root
tasks:
- name: install rpms #安装软件包
yum: name={{ item }} state=present
with_items:
- nginx
- php-fpm
- php-mysql
- mariadb-server
tags: rpm
- name: install conf #拷贝nginx配置文件,如果配置文件发生改变触发nginx重启
copy: src=/etc/ansible/playbook/nginx.conf dest=/etc/nginx/nginx.conf
notify: restartnginx
- name: start service #启动服务
service: name={{ item }} state=started enabled=yes
with_items:
- mariadb
- php-fpm
- nginx
- name: create wordress databases #创建WordPress数据库
mysql_db: login_user=root name=wordpress
- name: mariadb conf #给数据库授权
mysql_user: login_user=root name=wordpress host=localhost password='wordpress' priv='wordpress.*:ALL' state=present
tags: db
- name: mkdir #创建WordPress安装目录
file: path=/data state=directory mode=0755
- name: uncompress #解压
unarchive: src=/etc/ansible/playbook/wordpress-5.0.3-zh_CN.tar.gz dest=/data/
tags: up
- name: wordpress config #拷贝WordPress配置文件
copy: src=/etc/ansible/playbook/wp-config.php dest=/data/wordpress/
tags: cpwp
handlers:
- name: restartnginx
service: name=nginx state=restarted
- 运行playbook
- 测试语法是playbook语法
[root@localhost playbook]# ansible-playbook --syntax-check lnmp.yaml playbook: lnmp.yaml [root@localhost playbook]# -
干跑测试下
[root@localhost playbook]# ansible-playbook -C lnmp.yaml
测试
-
运行
[root@localhost playbook]# ansible-playbook lnmp.yaml
运行
- 测试语法是playbook语法
- 浏览器访问
http://www.peaoguo.wp.com/wp-admin/install.php
访问初始化WordPress
4、采用Ansible Role方式自动化搭建LNMP
- 创建目录结构
mkdir -pv {nginx,php,mariadb,wordpress}/{tasks,vars,templates,files,meta,defaults} - nginx角色编排
编排nginx角色tasks
cd /etc/ansible/roles/nginx/tasks
vim main.yml
- name: install nginx
yum: name=nginx state=latest
when: ansible_os_family == "RedHat"
- name: copy config
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: restart nginx
- name: start
service: name=nginx state=started enabled=yes
编排触发重启
cd /etc/ansible/roles/nginx/handlers
vim main.yml
- name: restart nginx
service: name=nginx state=restarted
准备nginx.conf配置文件
cd /etc/ansible/roles/nginx/files
cp /etc/nginx/nginx.conf .
- php角色编排
cd /etc/ansible/roles/php/tasks
vim main.yml
- name: install php
yum: name={{ item }} state=present
with_items:
- php-fpm
- php-mysql
- name: start php
service: name=php-fmp state=started enabled=yes
- mariadb角色编排
cd /etc/ansible/roles/mariadb/tasks
vim main.yml
- name: install mariadb-server
yum: name=mariadb-server
- name: start service
service: name=mariadb state=started enabled=yes
- name: create wordress databases
mysql_db: login_user=root name=wordpress
- name: mariadb conf
mysql_user: login_user=root name=wordpress host=localhost password='wordpress' priv='wordpress.*:ALL' state=present
tags: db
wordpress角色编排
cd /etc/ansible/roles/wordpress/tasks
vim main.yml
- name: mkdir
file: path=/data state=directory mode=0755
- name: uncompress
unarchive: src=/etc/ansible/playbook/wordpress-5.0.3-zh_CN.tar.gz dest=/data/
tags: up
- name: wordpress config
copy: src=/etc/ansible/playbook/wp-config.php dest=/data/wordpress/
tags: cpwp
准备WordPress安装文件
cd /etc/ansible/roles/wordpress/files
cp /root/wordpress-5.0.3-zh_CN.tar.gz .
- playbook编写
- name: install nginx
hosts: LNMP
remote_user: root
roles:
- nginx
- php
- mariadb
- wordpress
- playbook语法测试
[root@localhost ansible]# ansible-playbook --syntax-check lnmp.yaml
playbook: lnmp.yaml
[root@localhost ansible]#
-
运行
[root@localhost ansible]# ansible-playbook lnmp.yaml
运行
