当前位置：首页 > news >正文

网易校招面试题 - 如何给 10 台机器安装 Nginx

news 来源：原创 2024/9/21 22:34:42

文章目录

0. centos7.9 停止维护更新 yum 源
- 0. 备份
- 1. 配置阿里云的 yum 源
1. 确定要安装的主机
2. 了解 /etc/ansible/roles 的目录文件
3. 编辑yml文件
4. 执行剧本

这种批量的重复工作，一般就是通过 ansible 或者 saltstack 来进行操作，roles 是 ansible 中 playbooks 的目录组织接口，并且在模块化以后，易读，代码可重用，层次清晰

0. centos7.9 停止维护更新 yum 源

以阿里云为例，其他国内开源镜像站类似。此处主要以 Centos 7.9为例。

0. 备份

cd /etc/yum.repos.dmkdir backupmv *.repo backup

1. 配置阿里云的 yum 源

cat > CentOS-aliyun-lhr.repo << 'EOF'
[base]
name=CentOS-$releasever - Base - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/os/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#released updates 
[updates]
name=CentOS-$releasever - Updates - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/updates/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/extras/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/centosplus/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib - mirrors.aliyun.com
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/http://mirrors.aliyuncs.com/centos/$releasever/contrib/$basearch/http://mirrors.cloud.aliyuncs.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
EOF

cat > epel-aliyun.repo <<'EOF'
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
EOF

检查验证

yum  clean allyum makecache fastyum install vim lrzsz wget curl net-tools

1. 确定要安装的主机

[root@k8s-master roles]# cat /etc/ansible/hosts |tail -n15
## db-[99:101]-node.example.com
[allnode]
192.168.1.201
192.168.1.202
[node1]
192.168.1.201
[node2]
192.168.1.202
[node1]
host3
124.221.111.224[root@k8s-master roles]#

2. 了解 /etc/ansible/roles 的目录文件

[root@ansible-server roles]# tree
.
├── nginx
│   ├── files
│   │   └── index.html
│   ├── handlers
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   │   └── nginx.conf.j2
│   └── vars
│       └── main.yml
└── site.yml6 directories, 6 files
============================================================================================================
详解：
role_name/     ---角色名称=目录files/：存储一些可以用copy调用的静态文件。tasks/： 存储任务的目录,此目录中至少应该有一个名为main.yml的文件，用于定义各task；其它的文件需要由main.yml进行“包含”调用； handlers/:此目录中至少应该有一个名为main.yml的文件，用于定义各handler；其它的文件需要由（与notify:名字相同，方便notify通知执行下一条命令）通过main.yml进行“包含”调用； vars/：此目录中至少应该有一个名为main.yml的文件，用于定义各variable；其它的文件需要由main.yml进行“包含”调用； templates/：存储由template模块调用的模板文本； （也可以调用变量）site.yml：定义哪个主机应用哪个角色

3. 编辑yml文件

[root@k8s-master roles]# cat nginx/*/*
index.html 
<h1>hello nginx <h1>tasks/main.yml
---- name: start nginxservice: name=nginx state=started
---- name: install nginxyum: name=nginx state=latest- name: copy nginx_conftemplate: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf- name: copy indexcopy: src=/etc/ansible/roles/nginx/files/index.html dest=/usr/share/nginx/html/index.htmlnotify: start nginx templates/nginx.conf.j2
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;events {worker_connections {{ worker_connections  }};
}http {log_format  main  '$remote_addr - $remote_user [$time_local] "$request" ''$status $body_bytes_sent "$http_referer" ''"$http_user_agent" "$http_x_forwarded_for"';access_log  /var/log/nginx/access.log  main;sendfile            on;tcp_nopush          on;tcp_nodelay         on;keepalive_timeout   65;types_hash_max_size 4096;include             /etc/nginx/mime.types;default_type        application/octet-stream;# Load modular configuration files from the /etc/nginx/conf.d directory.# See http://nginx.org/en/docs/ngx_core_module.html#include# for more information.include /etc/nginx/conf.d/*.conf;server {listen       80;listen       [::]:80;server_name  _;root         /usr/share/nginx/html;# Load configuration files for the default server block.include /etc/nginx/default.d/*.conf;error_page 404 /404.html;location = /404.html {}error_page 500 502 503 504 /50x.html;location = /50x.html {}}# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }}
vars/main.yml
worker_connections: 2048

4. 执行剧本

[root@k8s-master roles]# ansible-playbook main.yml --syntax-checkplaybook: main.yml
[root@k8s-master roles]# ansible-playbook main.ymlPLAY [allnode] ****************************************************************************************************************************************************************************TASK [Gathering Facts] ********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]TASK [install nginx] **********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]TASK [copy nginx_conf] ********************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]TASK [nginx : copy index] *****************************************************************************************************************************************************************
ok: [192.168.1.202]
ok: [192.168.1.201]PLAY RECAP ********************************************************************************************************************************************************************************
192.168.1.201              : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.1.202              : ok=4    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   [root@k8s-master roles]# ansible allnode -m shell -a 'ss -tlnp |grep nginx'
192.168.1.201 | CHANGED | rc=0 >>
LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=128790,fd=6),("nginx",pid=128789,fd=6),("nginx",pid=128788,fd=6),("nginx",pid=128787,fd=6),("nginx",pid=128786,fd=6))
LISTEN     0      128       [::]:80                    [::]:*                   users:(("nginx",pid=128790,fd=7),("nginx",pid=128789,fd=7),("nginx",pid=128788,fd=7),("nginx",pid=128787,fd=7),("nginx",pid=128786,fd=7))
192.168.1.202 | CHANGED | rc=0 >>
LISTEN     0      128          *:80                       *:*                   users:(("nginx",pid=80192,fd=6),("nginx",pid=80191,fd=6),("nginx",pid=80190,fd=6),("nginx",pid=80189,fd=6),("nginx",pid=80188,fd=6))
LISTEN     0      128       [::]:80                    [::]:*                   users:(("nginx",pid=80192,fd=7),("nginx",pid=80191,fd=7),("nginx",pid=80190,fd=7),("nginx",pid=80189,fd=7),("nginx",pid=80188,fd=7))
[root@k8s-master roles]#