git clone https://github.com/donxan/ansible_playbooks.git
初始化
批量推送公钥到被控制机
[[email protected] ~]# vim pushkeys.sh #!/bin/bash #Author: Aiker #mail: [email protected] keypath=/root/.ssh iplist=/root/ip.txt [[ -e ${iplist} ]] && > ${iplist} for i in `seq 92 102` do echo -E "192.168.118.$i" >> ${iplist} ssh-keyscan 192.168.118.$i >> ${keypath}/kNown_hosts done cat ${iplist} [ -d {keypath} ] || mkdir -p ${keypath} rpm -q expect &> /dev/null || yum install expect -y [[ -e ${keypath}/id_rsa.pub ]] || ssh-keygen -t rsa -f ${keypath}/id_rsa -P "" password=OezywIq36 while read ip;do expect << EOF set timeout 5 spawn ssh-copy-id $ip expect { “yes/no” { send "yes\n";exp_continue } "password" { send "$password\n" } } expect off EOF done < ${iplist}
执行脚本:
[[email protected] ~]# sh pushkeys.sh # 192.168.118.92:22 SSH-2.0-OpenSSH_7.4 # 192.168.118.92:22 SSH-2.0-OpenSSH_7.4 。。。 spawn ssh-copy-id 192.168.118.102 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),to filter out any that are already installed
公钥已经推送到被控制机
执行初始化
yum -y install ansible lrzsz git //安装需要使用的工具
vim /etc/ansible/hosts //增加 [all] 092 ansible_host=192.168.118.92 s093 ansible_host=192.168.118.93 s094 ansible_host=192.168.118.94 s095 ansible_host=192.168.118.95 s096 ansible_host=192.168.118.96 s097 ansible_host=192.168.118.97 s098 ansible_host=192.168.118.98 s099 ansible_host=192.168.118.99 s100 ansible_host=192.168.118.100 s101 ansible_host=192.168.118.101 s102 ansible_host=192.168.118.102 s105 ansible_host=192.168.118.105
# vim /etc/hosts //增加 192.168.118.92 s092 192.168.118.93 s093 192.168.118.94 s094 192.168.118.95 s095 192.168.118.96 s096 192.168.118.97 s097 192.168.118.98 s098 192.168.118.99 s099 192.168.118.100 s100 192.168.118.101 s101 192.168.118.102 s102 192.168.118.105 s105
外网主机启用iptables:
安装iptable iptable-service
#先检查是否安装了iptables service iptables status #安装iptables yum install -y iptables #升级iptables yum update iptables #安装iptables-services yum install iptables-services
禁用/停止自带的firewalld服务
#停止firewalld服务 systemctl stop firewalld #禁用firewalld服务 systemctl mask firewalld
设置现有规则
[[email protected] ~]# vim iptables.sh # cat iptables.sh #!/bin/bash service iptables restart iptables -L -n #先允许所有,不然有可能会杯具 #iptables -P INPUT ACCEPT #清空所有默认规则 iptables -F #清空所有自定义规则 iptables -X #所有计数器归0 iptables -Z #允许来自于lo接口的数据包(本地访问) iptables -A INPUT -i lo -j ACCEPT #开放22端口 iptables -A INPUT -p tcp --dport 22 -j ACCEPT #开放21端口(FTP) iptables -A INPUT -p tcp --dport 21 -j ACCEPT #开放80端口(HTTP) iptables -A INPUT -p tcp --dport 80 -j ACCEPT #开放443端口(HTTPS) iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 3128 -j ACCEPT #允许ping iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #如果要添加内网ip信任(接受其所有TCP请求) iptables -A INPUT -p tcp -s 192.168.118.0/24 -j ACCEPT #允许接受本机请求之后的返回数据 RELATED,是为FTP设置的 #iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #其他入站一律丢弃 iptables -P INPUT DROP #所有出站一律绿灯 iptables -P OUTPUT ACCEPT #所有转发一律丢弃 #iptables -P FORWARD DROP #过滤所有非以上规则的请求 iptables -P INPUT DROP #要封停一个IP,使用下面这条命令: #iptables -I INPUT -s 100.100.100.100 -j DROP #要解封一个IP,使用下面这条命令: #iptables -D INPUT -s 100.100.100.100 -j DROP service iptables save systemctl restart iptables.service #相当于以前的chkconfig iptables on systemctl enable iptables.service #开启服务 #systemctl start iptables.service #查看状态 systemctl status iptables.service #重新设置iptables设置 #iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #解决vsftpd在iptables开启后,无法使用被动模式的问题 #首先在/etc/sysconfig/iptables-config中修改或者添加以下内容 #添加以下内容,注意顺序不能调换 #IPTABLES_MODULES="ip_conntrack_ftp" #IPTABLES_MODULES="ip_nat_ftp"
执行脚本快速配置iptables。
配置squid
安装squid:
yum install squid
配置squid及透明模式
备份squid的配置文件
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak
vim /etc/squid/squid.conf
根据自己的需要添加对应的IP,端口
如果你要使用透明模式,在端口后面添加关键字“transparent”
Squid normally listens to port 3128
http_port 3128 transparent
visible_hostname localhost
4.启动squid
service squid restart
[[email protected] playbooks]# cat squid.sh #!/bin/bash echo "1" > /proc/sys/net/ipv4/ip_forward modprobe iptable_nat /sbin/iptables -t nat -A POSTROUTING -j MASQUERADE #将对squid代理服务器DNS的请求转到8.8.8.8上 iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8 iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.118.0/24 --dport 80 -j REDIRECT --to-ports 3128
执行脚本
部署Nginx
vim /etc/ansible/hosts
[Nginxservers] s093 s094 s095 s105
[[email protected] playbooks]# vim Nginx/install.yml --- - hosts: Nginxservers remote_user: root gather_facts: True roles: - common - install
[[email protected] playbooks]# ansible-playbook Nginx/install.yml
PLAY [Nginxservers] ***************************************************************************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************************************************************************** ok: [s094] ok: [s095] ok: [s093] ok: [s105] TASK [common : Install initializtion require software] ****************************************************************************************************************************************************** ok: [s095] => (item=[u‘zlib-devel‘,u‘pcre-devel‘]) ok: [s093] => (item=[u‘zlib-devel‘,u‘pcre-devel‘]) ok: [s094] => (item=[u‘zlib-devel‘,u‘pcre-devel‘]) ok: [s105] => (item=[u‘zlib-devel‘,u‘pcre-devel‘]) TASK [common : create Nginx group] ************************************************************************************************************************************************************************** ok: [s095] ok: [s094] ok: [s093] ok: [s105] TASK [common : create Nginx user] *************************************************************************************************************************************************************************** ok: [s095] ok: [s093] ok: [s094] ok: [s105] TASK [common : copy shell to client] ************************************************************************************************************************************************************************ changed: [s095] changed: [s094] changed: [s093] ... s093 : ok=19 changed=10 unreachable=0 Failed=0 s094 : ok=19 changed=11 unreachable=0 Failed=0 s095 : ok=19 changed=11 unreachable=0 Failed=0 s105 : ok=19 changed=10 unreachable=0 Failed=0
Nginx部署完毕
部署MysqL
[[email protected] playbooks]# vim /etc/ansible/hosts [MysqLservers] s096 ansible_host=192.168.118.96 s097 ansible_host=192.168.118.97 s098 ansible_host=192.168.118.98
[[email protected] playbooks]# vim MysqL/roles/vars/master_slaves.yaml #在创建一主多从环境时会用到的变量 master_ip: 192.168.118.96 ave_ips: - 192.168.118.97 - 192.168.118.98
上传MysqL二进制安装包到ansible的/usr/local/src
MysqL密码:
MysqL_data_dir_base: /data/MysqL/ MysqL_port: 3306 MysqL_root_password: egts9758 MysqL_zabbix_password: mtls MysqL_rple_user: repl MysqL_rple_password: repl9758 MysqL_mha_user: mha MysqL_mha_password: egts9758 MysqL_app_user: appuser MysqL_app_password: egts9758 MysqL_monitor_user: monitor MysqL_monitor_password: monitor9758 MysqL_backup_user: backuper MysqL_backup_password: backuper9758
[[email protected] playbooks]# scp /usr/local/src/MysqL-5.7.21-linux-glibc2.12-x86_64.tar.gz 116.62.199.117:/usr/local/src/ MysqL-5.7.21-linux-glibc2.12-x86_64.tar.gz 100% 612MB 7.7MB/s 01:20
[[email protected] playbooks]# ansible-playbook MysqL/roles/install_master_slaves.yaml PLAY [MysqLservers] ***************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************** ok: [s098] ok: [s096] ok: [s097] TASK [create MysqL user] ************************************************************************************************************************ ok: [s097] ok: [s096] ok: [s098] TASK [config /etc/my.cnf for mysql-5.6.x] ******************************************************************************************************* skipping: [s096] skipping: [s097] skipping: [s098] ... TASK [clear temp file tmp/master_slaves.sql] **************************************************************************************************** ok: [s096] ok: [s098] ok: [s097] PLAY RECAP ************************************************************************************************************************************** s096 : ok=27 changed=20 unreachable=0 Failed=0 s097 : ok=27 changed=20 unreachable=0 Failed=0 s098 : ok=27 changed=20 unreachable=0 Failed=0
验证:
[[email protected] playbooks]# ansible MysqLservers -m command -a "MysqL -uroot -pegts9758 -e ‘show master status \G‘" s097 | SUCCESS | rc=0 >> *************************** 1. row *************************** File: MysqL-bin.000002 Position: 595 binlog_Do_DB: binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2MysqL: [Warning] Using a password on the command line interface can be insecure. s096 | SUCCESS | rc=0 >> *************************** 1. row *************************** File: MysqL-bin.000002 Position: 595 binlog_Do_DB: binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2MysqL: [Warning] Using a password on the command line interface can be insecure. s098 | SUCCESS | rc=0 >> *************************** 1. row *************************** File: MysqL-bin.000002 Position: 595 binlog_Do_DB: binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2MysqL: [Warning] Using a password on the command line interface can be insecure.
MysqL主从搭建完毕
mycat实现读写分离
上传mycat到ansible的package目录
scp /usr/local/mytools/deploy/packages/mycat/mycat-server-1.6.5-linux.tar.gz 116.62.199.117:/usr/local/mytools/deploy/packages/mycat/
vim /etc/ansible/hosts [mycat] s092 ansible_host=192.168.118.92
在数据库中创建用户、mycat会有这个用户连接数据库 用户名、密码引用自mycat/roles/common/var/main.yml中的MysqL_app_user、MysqL_app_password 在读写库上执行如下代码
使用playbook快速执行:
[[email protected] playbooks]# ansible-playbook mycat/roles/common/create_appuser.yaml PLAY [s096] ************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************** ok: [s096] TASK [stransfer create_appuser.sql to remote host] ********************************************************************************************** changed: [s096] TASK [create MysqL of mycat user on master] ***************************************************************************************************** skipping: [s096] TASK [clear temp file tmp/master_slaves.sql] **************************************************************************************************** changed: [s096] PLAY RECAP ************************************************************************************************************************************** s096 : ok=3 changed=2 unreachable=0 Failed=0
编辑mycat/roles/vars/var_mycat.yaml
[[email protected] playbooks]# vim mycat/roles/vars/var_mycat.yaml master_ip: "192.168.118.96" slave_ips: - "192.168.118.97" - "192.168.118.98"
修改mycat/roles/install_mycat.yaml中的host为需要安装mycat的host
[[email protected] playbooks]# vim mycat/roles/install_mycat.yaml --- - hosts: s092 remote_user: root become_user: root vars_files: - common/vars/main.yml - vars/var_mycat.yaml tasks: - name: install dependents import_tasks: common/install_dependents.yaml - name: install mycat import_tasks: common/install_mycat.yaml - name: start mycat import_tasks: common/start_mycat.yaml
执行剧本:
[[email protected] playbooks]# ansible-playbook mycat/roles/install_mycat.yaml PLAY [s092] ************************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************** ok: [s092] TASK [install java-1.7.0-openjdk] *************************************************************************************************************** ok: [s092] TASK [create mycat user] ************************************************************************************************************************ ok: [s092] TASK [trasfer mycat-server-1.6.5-linux.tar.gz to remonte host] ********************************************************************************** changed: [s092] TASK [export MYCAT_HOME env to /etc/profile] **************************************************************************************************** changed: [s092] TASK [config schema.xml] ************************************************************************************************************************ changed: [s092] TASK [config server.xml] ************************************************************************************************************************ changed: [s092] TASK [transfer start_mycat.sh to remonte /tmp/] ************************************************************************************************* changed: [s092] TASK [start mycat] ****************************************************************************************************************************** changed: [s092] TASK [remove start_mycat.sh] ******************************************************************************************************************** changed: [s092] PLAY RECAP ************************************************************************************************************************************** s092 : ok=10 changed=7 unreachable=0 Failed=0
检查mycat是否启动:
[[email protected] playbooks]# ansible s092 -m shell -a "ps -ef | grep mycat" s092 | SUCCESS | rc=0 >> root 12210 12209 0 23:10 pts/1 00:00:00 /bin/sh -c ps -ef | grep mycat root 12212 12210 0 23:10 pts/1 00:00:00 grep mycat
此处有坑:
没有启动,注意,这是java vm不能分配内存
echo 1 > /proc/sys/vm/overcommit_memory
永久更改:
vim /etc/sysctl.conf
修改参数
vm.overcommit_memory = 1
sysctl -p
部署PHP-fpm
vim /etc/ansible/hosts
添加以下:
[PHPservers] s093 s094 s095
执行剧本
[[email protected] playbooks]# ansible-playbook PHP/install.yml PLAY [PHPservers] ******************************************************************************************************************************* TASK [Gathering Facts] ************************************************************************************************************************** ok: [s095] ok: [s093] ok: [s094] TASK [Uncompression PHP setup] ****************************************************************************************************************** changed: [s093] changed: [s094] changed: [s095] TASK [Uncompression PHP.bin] ******************************************************************************************************************** changed: [s094] changed: [s093] changed: [s095] 。。。 TASK [restart Nginx] **************************************************************************************************************************** changed: [s094] changed: [s093] changed: [s095] PLAY RECAP ************************************************************************************************************************************** s093 : ok=13 changed=12 unreachable=0 Failed=0 s094 : ok=13 changed=12 unreachable=0 Failed=0 s095 : ok=13 changed=12 unreachable=0 Failed=0
验证:
[[email protected] playbooks]# ansible PHPservers -m shell -a "ps -ef | grep PHP" s094 | SUCCESS | rc=0 >> root 23583 1 0 00:19 ? 00:00:00 PHP-fpm: master process (/usr/local/PHP/etc/PHP-fpm.conf) www 23584 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www www 23585 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www www 23586 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www www 23587 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www www 23588 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www www 23589 23583 0 00:19 ? 00:00:00 PHP-fpm: pool www ...
PHP-fpm安装完毕
安装apache tomcat
先安装apache
# vim /etc/ansible/hosts
增加以下
[apacheservers] s099 ansible_host=192.168.118.99 [tomcatservers] s093 ansible_host=192.168.118.93 s094 ansible_host=192.168.118.94 s095 ansible_host=192.168.118.95
/usr/local/mytoos/deploy/packages/httpd
[[email protected] playbooks]# ls /usr/local/mytools/deploy/packages/httpd/ apr-1.6.2.tar.gz apr-util-1.6.0.tar.gz httpd-2.4.28.tar.gz
[[email protected] playbooks]# ansible-playbook httpd/install_httpd.yaml PLAY [apacheservers] **************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************** ok: [s099] TASK [install gcc] ****************************************************************************************************************************** ok: [s099] ... TASK [enable httpd.service] ********************************************************************************************************************* changed: [s099] PLAY RECAP ************************************************************************************************************************************** s099 : ok=25 changed=18 unreachable=0 Failed=0
验证:
[[email protected] playbooks]# ansible s099 -m shell -a "ps -ef | grep httpd" s099 | SUCCESS | rc=0 >> root 31745 1 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND daemon 31783 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND daemon 31784 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND daemon 31785 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND root 32394 32393 0 01:25 pts/1 00:00:00 /bin/sh -c ps -ef | grep httpd root 32396 32394 0 01:25 pts/1 00:00:00 grep httpd
Apache安装完成。
安装tomcat
先上传jdk和tomcat tar包到/usr/local/src
[[email protected] playbooks]# ls /usr/local/src/ -h apache-tomcat-8.5.32.tar.gz jdk-8u161-linux-x64.tar.gz
mycat安装zookeeper
zookeeeper
wget http://mirrors.hust.edu.cn/apache/zookeeper/zookeeper-3.4.13/zookeeper-3.4.13.tar.gz
tar zxf zookeeper-3.4.13.tar.gz cd zookeeper-3.4.13/ cp conf/zoo_sample.cfg conf/zoo.cfg sh bin/zkServer.sh start
可以看到如下信息:
ZooKeeper JMX enabled by default Using config: /root/zookeeper-3.4.13/bin/../conf/zoo.cfg Starting zookeeper ... STARTED
mycat-web
wget http://dl.mycat.io/mycat-web-1.0/Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gz
tar zxf Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gz cd mycat-web/ vim mycat-web/WEB-INF/classes/mycat.properties # #Mon Jan 16 15:37:36 CST 2012 show.period=3000000 zookeeper=localhost:2181 mycat_warn_mail=[{"cc"\:"[email protected]","index"\:1,"mangerPort"\:"465","smtpHost"\:"smtp.139. com","smtpPassword"\:"123456","smtpProtocol"\:"smtp","smtpUser"\:"[email protected]","to"\:"9 [email protected]"}] ##sql\u4E0A\u7EBF\u76F8\u5173\u914D\u7F6E sqlonline.server=192.168.118.92 sqlonline.user=appuser sqlonline.passwd=egts9758
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。