pip install pipxpipx install --include-deps ansible

ansible --version

ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsafor ip in 173 175 176 177 178 180 181; dossh-copy-id root@192.168.111.$ipdone

mkdir -p my-project/{roles,group_vars}cd my-projectmkdir -p roles/{common,keepalived_nginx,mysql,web}/{tasks,handlers,templates}

all:  vars:    ansible_user: root  children:    lb:      hosts:        lb01: { ansible_host: 192.168.111.173 }        lb02: { ansible_host: 192.168.111.175 }    web:      hosts:        k3s_server: { ansible_host: 192.168.111.176 }        k3s_agent1: { ansible_host: 192.168.111.180 }        k3s_agent2: { ansible_host: 192.168.111.181 }    db:      hosts:        mysql_master: { ansible_host: 192.168.111.177 }        mysql_slave: { ansible_host: 192.168.111.178 }

ansible all -i hosts.yml -a 'whoami'

- name: 安装基础软件  ansible.builtin.package:    name: [vim, tree, net-tools, tmux]    state: present    update_cache: yes- name: 统一时区  community.general.timezone:    name: Asia/Shanghai- name: 关闭SELinux  ansible.posix.selinux:    state: disabled

- name: ProjectX  hosts: all  become: true  gather_facts: yes  roles: [common]

ansible-playbook site.yml -i hosts.yml

tar -xvf mysql-8.4.7-1.el10.x86_64.rpm-bundle.tar

sudo dnf remove mariadb-libs mariadb-connector-c -y

sudo dnf localinstall mysql-community-*.rpm

sudo systemctl start mysqld && sudo systemctl enable mysqld

firewall-cmd --add-port=3306/tcp --permanentfirewall-cmd --reload

grep 'temporary password' /var/log/mysqld.logmysql -u root -p

ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin_123!';FLUSH PRIVILEGES;允许root远程登录：USE mysql;UPDATE user SET host='%' WHERE user='root';FLUSH PRIVILEGES;修改监听地址（/etc/my.cnf）：bind-address=0.0.0.0

[mysqld]bind-address=0.0.0.0server-id=1log_bin=mysql-binbinlog_format=ROWbinlog_expire_logs_seconds=604800gtid_mode=ONenforce_gtid_consistency=ON

CREATE USER 'repl'@'%' IDENTIFIED BY 'Admin_123!';GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%';FLUSH PRIVILEGES;

[mysqld]server-id=2log_bin=mysql-binbinlog_format=ROWbinlog_expire_logs_seconds=604800gtid_mode=ONenforce_gtid_consistency=ONread_only=1

STOP REPLICA;CHANGE REPLICATION SOURCE TOSOURCE_HOST='192.168.111.177',SOURCE_USER='repl',SOURCE_PASSWORD='Admin_123!',SOURCE_PORT=3306,SOURCE_AUTO_POSITION=1,SOURCE_SSL=1;START REPLICA;

SHOW REPLICA STATUS\G（Replica_IO_Running=Yes）

all:  vars:    mysql_bind_address: 0.0.0.0  children:    db:      hosts:        mysql_master: { mysql_id: 1, mysql_role: master }        mysql_slave: { mysql_id: 2, mysql_role: slave }

[mysqld]bind-address={{ mysql_bind_address }}server-id={{ mysql_id }}log_bin=mysql-binbinlog_format=ROWbinlog_expire_logs_seconds=604800gtid_mode=ONenforce_gtid_consistency=ON{% if mysql_role == 'slave' %}read_only=1{% endif %}

- name: 更新MySQL配置  ansible.builtin.template:    src: my.cnf.j2    dest: /etc/my.cnf  notify: 重启MySQL- name: 确保MySQL运行  ansible.builtin.service:    name: mysqld    state: started    enabled: yes

ansible-playbook site.yml -i hosts.yml

curl -sfL https://get.k3s.io > install.sh

docker load -i k3s-airgap-images-amd64.tar.gz

cp k3s /usr/local/bin/ && chmod +x /usr/local/bin/k3s

export INSTALL_K3S_SKIP_DOWNLOAD=trueexport INSTALL_K3S_EXEC="--docker"chmod +x install.sh && ./install.sh

kubectl get nodes

firewall-cmd --permanent --add-port=6443/tcp --add-port=8472/udp --add-port=10250/tcpfirewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16firewall-cmd --reload

export INSTALL_K3S_SKIP_DOWNLOAD=trueexport K3S_URL=https://192.168.111.176:6443export K3S_TOKEN=K104123e9155e9ac199e116488262b932f291e1c18c4cf8648fb46deac6d1dc256d::server:a4ef7df6147c3aaf4f79bd070bdefa0dexport INSTALL_K3S_EXEC="--docker"./install.sh agent

docker pull wordpress:php8.5-apache && docker pull nginx:alpinedocker save -o wordpress-php8.5-apache.tar wordpress:php8.5-apachedocker save -o nginx-alpine.tar nginx:alpine

docker load -i wordpress-php8.5-apache.tardocker load -i nginx-alpine.tar

dnf install -y nfs-utilsmkdir -p /data/k3s/wordpress && chmod 777 /data/k3s/wordpressecho "/data/k3s/wordpress 192.168.111.*(rw,sync,no_root_squash)" >> /etc/exportssystemctl enable --now nfs-server.servicefirewall-cmd --add-service={nfs,mountd,rpc-bind} --permanent && firewall-cmd --reload

dnf -y install nfs-utils

apiVersion: v1kind: PersistentVolumemetadata:  name: wordpress-pvspec:  capacity: { storage: 5Gi }  volumeMode: Filesystem  accessModes: [ReadWriteMany]  persistentVolumeReclaimPolicy: Retain  storageClassName: nfs-manual  nfs:    server: 192.168.111.179    path: /data/k3s/wordpress---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: wordpress-pvcspec:  accessModes: [ReadWriteMany]  storageClassName: nfs-manual  resources: { requests: { storage: 5Gi } }

apiVersion: v1kind: ConfigMapmetadata:  name: wordpress-confdata:  WORDPRESS_DB_HOST: "192.168.111.177:3306"  WORDPRESS_DB_USER: "root"  WORDPRESS_DB_NAME: "wordpress_db"---apiVersion: v1kind: Secretmetadata:  name: wordpress-secrettype: OpaquestringData:  WORDPRESS_DB_PASSWORD: "Admin_123!"

apiVersion: apps/v1kind: Deploymentmetadata:  name: wordpress-deployspec:  replicas: 3  selector: { matchLabels: { app: wordpress-deploy } }  template:    metadata: { labels: { app: wordpress-deploy } }    spec:      volumes: [{ name: wordpress-data, persistentVolumeClaim: { claimName: wordpress-pvc } }]      containers:      - name: wordpress        image: wordpress:php8.5-apache        ports: [{ containerPort: 80 }]        env:        - { name: WORDPRESS_DB_HOST, valueFrom: { configMapKeyRef: { name: wordpress-conf, key: WORDPRESS_DB_HOST } } }        - { name: WORDPRESS_DB_USER, valueFrom: { configMapKeyRef: { name: wordpress-conf, key: WORDPRESS_DB_USER } } }        - { name: WORDPRESS_DB_NAME, valueFrom: { configMapKeyRef: { name: wordpress-conf, key: WORDPRESS_DB_NAME } } }        - { name: WORDPRESS_DB_PASSWORD, valueFrom: { secretKeyRef: { name: wordpress-secret, key: WORDPRESS_DB_PASSWORD } } }        volumeMounts: [{ name: wordpress-data, mountPath: /var/www/html }]

apiVersion: v1kind: Servicemetadata:  name: wordpress-servicespec:  type: NodePort  selector: { app: wordpress-deploy }  ports: [{ port: 80, targetPort: 80, nodePort: 30080 }]

kubectl apply -f .&& firewall-cmd --add-port=30080/tcp --permanent && firewall-cmd --reload

CREATE DATABASE wordpress_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

upstream my_backend_servers {  server 192.168.111.176:30080;  server 192.168.111.180:30080;  server 192.168.111.181:30080;}server {  listen 80;  server_name localhost;  location / {    proxy_pass http://my_backend_servers;    proxy_connect_timeout 2s;    proxy_next_upstream error timeout http_500 http_502 http_503 http_504;    proxy_set_header Host $host;    proxy_set_header X-Real-IP $remote_addr;    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  }}

firewall-cmd --permanent --add-protocol=vrrpfirewall-cmd --permanent --add-rich-rule='rule family="ipv4" destination address="224.0.0.18" protocol value="vrrp" accept'firewall-cmd --reload

global_defs { router_id Master }vrrp_script check_nginx { script "killall -0 nginx"; interval 2; weight -20 }vrrp_instance VI_1 {  state MASTER  interface ens224  virtual_router_id 51  priority 100  advert_int 1  authentication { auth_type PASS; auth_pass Admin123 }  virtual_ipaddress { 192.168.183.100 }  track_script { check_nginx }}

global_defs { router_id Backup }vrrp_instance VI_1 { state BACKUP; priority 90 }

USEwordpress_db;UPDATE wp_options SET option_value ='http://192.168.183.100'WHERE option_name ='siteurl';UPDATE wp_options SET option_value ='http://192.168.183.100'WHERE option_name ='siteurl';

ab -n 1000 -c 100 http://192.168.183.100/