克隆我的ansible playbook:
git clone https://github.com/donxan/ansible_playbooks.git
初始化
批量推送公钥到被控制机
生成IP list; 编写自动推送脚本
[root@izbp115lristfdwfgjwd52z ~]# vim pushkeys.sh
#!/bin/bash
#Author: Aiker
#mail: [email protected]
keypath=/root/.ssh
iplist=/root/ip.txt
[[ -e ${iplist} ]] && > ${iplist}
for i in `seq 81 91`
do
echo -E "192.168.118.$i" >> ${iplist}
ssh-keyscan 192.168.118.$i >> ${keypath}/known_hosts
done
cat ${iplist}
[ -d {keypath} ] || mkdir -p ${keypath}
rpm -q expect &> /dev/null || yum install expect -y
[[ -e ${keypath}/id_rsa.pub ]] || ssh-keygen -t rsa -f ${keypath}/id_rsa -P ""
password=OezywIq36
while read ip;do
expect << EOF
set timeout 5
spawn ssh-copy-id $ip
expect {
“yes/no” { send "yes\n";exp_continue }
"password" { send "$password\n" }
}
expect off
EOF
done < ${iplist}执行脚本:
[root@izbp115lristfdwfgjwd52z ~]# sh pushkeys.sh
# 192.168.118.82:22 SSH-2.0-OpenSSH_7.4
# 192.168.118.82:22 SSH-2.0-OpenSSH_7.4
。。。
spawn ssh-copy-id 192.168.118.102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
公钥已经推送到被控制机
执行初始化
yum -y install ansible lrzsz git //安装需要使用的工具vim /etc/ansible/hosts //增加
[all]
s082 ansible_host=192.168.118.82
s083 ansible_host=192.168.118.83
s084 ansible_host=192.168.118.84
s085 ansible_host=192.168.118.85
s086 ansible_host=192.168.118.86
s087 ansible_host=192.168.118.87
s088 ansible_host=192.168.118.88
s089 ansible_host=192.168.118.89
s090 ansible_host=192.168.118.90
s081 ansible_host=192.168.118.81
s091 ansible_host=192.168.118.91
s106 ansible_host=192.168.118.106# vim /etc/hosts //增加
192.168.118.81 s081
192.168.118.82 s082
192.168.118.83 s083
192.168.118.84 s084
192.168.118.85 s085
192.168.118.86 s086
192.168.118.87 s087
192.168.118.88 s088
192.168.118.89 s089
192.168.118.90 s090
192.168.118.91 s091
192.168.118.106 s106外网主机启用iptables:
安装iptable iptable-service
#先检查是否安装了iptables
service iptables status
#安装iptables
yum install -y iptables
#升级iptables
yum update iptables
#安装iptables-services
yum install iptables-services禁用/停止自带的firewalld服务
#停止firewalld服务
systemctl stop firewalld
#禁用firewalld服务
systemctl mask firewalld设置现有规则
[root@s18105 ~]# vim iptables.sh
# cat iptables.sh
#!/bin/bash
service iptables restart
iptables -L -n
#先允许所有,不然有可能会杯具
#iptables -P INPUT ACCEPT
#清空所有默认规则
iptables -F
#清空所有自定义规则
iptables -X
#所有计数器归0
iptables -Z
#允许来自于lo接口的数据包(本地访问)
iptables -A INPUT -i lo -j ACCEPT
#开放22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#开放21端口(FTP)
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
#开放80端口(HTTP)
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#开放443端口(HTTPS)
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
#允许ping
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
#如果要添加内网ip信任(接受其所有TCP请求)
iptables -A INPUT -p tcp -s 192.168.118.0/24 -j ACCEPT
#允许接受本机请求之后的返回数据 RELATED,是为FTP设置的
#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#其他入站一律丢弃
iptables -P INPUT DROP
#所有出站一律绿灯
iptables -P OUTPUT ACCEPT
#所有转发一律丢弃
#iptables -P FORWARD DROP
#过滤所有非以上规则的请求
iptables -P INPUT DROP
#要封停一个IP,使用下面这条命令:
#iptables -I INPUT -s 100.100.100.100 -j DROP
#要解封一个IP,使用下面这条命令:
#iptables -D INPUT -s 100.100.100.100 -j DROP
service iptables save
systemctl restart iptables.service
#相当于以前的chkconfig iptables on
systemctl enable iptables.service
#开启服务
#systemctl start iptables.service
#查看状态
systemctl status iptables.service
#重新设置iptables设置
#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#解决vsftpd在iptables开启后,无法使用被动模式的问题
#首先在/etc/sysconfig/iptables-config中修改或者添加以下内容
#添加以下内容,注意顺序不能调换
#IPTABLES_MODULES="ip_conntrack_ftp"
#IPTABLES_MODULES="ip_nat_ftp"执行脚本快速配置iptables。
配置squid
安装squid:
yum install squid配置squid及透明模式
备份squid的配置文件
cp /etc/squid/squid.conf /etc/squid/squid.conf.bak修改squid的配置文件:
vim /etc/squid/squid.conf根据自己的需要添加对应的IP,端口
如果你要使用透明模式,在端口后面添加关键字“transparent”
Squid normally listens to port 3128
http_port 3128 transparent在配置文件的最下方添加这条语句,否则squid不能启动!
visible_hostname localhost4.启动squid
service squid restart[root@s18105 playbooks]# cat squid.sh
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe iptable_nat
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
#将对squid代理服务器DNS的请求转到8.8.8.8上
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.118.0/24 --dport 80 -j REDIRECT --to-ports 3128执行脚本
部署nginx
vim /etc/ansible/hosts
[nginxservers]
s082
s083
s084
s085
s106[root@s18105 playbooks]# vim nginx/install.yml
---
- hosts: nginxservers
remote_user: root
gather_facts: True
roles:
- common
- install[root@s18105 playbooks]# ansible-playbook nginx/install.ymlPLAY [nginxservers] *****************************************************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************************************************************
ok: [s084]
ok: [s085]
ok: [s083]
ok: [s106]
TASK [common : Install initializtion require software] ******************************************************************************************************************************************************
ok: [s085] => (item=[u'zlib-devel', u'pcre-devel'])
ok: [s083] => (item=[u'zlib-devel', u'pcre-devel'])
ok: [s084] => (item=[u'zlib-devel', u'pcre-devel'])
ok: [s106] => (item=[u'zlib-devel', u'pcre-devel'])
TASK [common : create nginx group] **************************************************************************************************************************************************************************
ok: [s085]
ok: [s084]
ok: [s083]
ok: [s106]
TASK [common : create nginx user] ***************************************************************************************************************************************************************************
ok: [s085]
ok: [s083]
ok: [s084]
ok: [s106]
TASK [common : copy shell to client] ************************************************************************************************************************************************************************
changed: [s085]
changed: [s084]
changed: [s083]
...
s083 : ok=19 changed=10 unreachable=0 failed=0
s084 : ok=19 changed=11 unreachable=0 failed=0
s085 : ok=19 changed=11 unreachable=0 failed=0
s106 : ok=19 changed=10 unreachable=0 failed=0 nginx部署完毕
部署mysql
[root@s18105 playbooks]# vim /etc/ansible/hosts
[mysqlservers]
s086 ansible_host=192.168.118.86
s087 ansible_host=192.168.118.87
s088 ansible_host=192.168.118.88[root@s18105 playbooks]# vim mysql/roles/vars/master_slaves.yaml
#在创建一主多从环境时会用到的变量
master_ip: 192.168.118.86
ave_ips:
- 192.168.118.87
- 192.168.118.88上传mysql二进制安装包到ansible的/usr/local/src
mysql密码:
mysql_data_dir_base: /data/mysql/
mysql_port: 3306
mysql_root_password: egts9758
mysql_zabbix_password: mtls
mysql_rple_user: repl
mysql_rple_password: repl9758
mysql_mha_user: mha
mysql_mha_password: egts9758
mysql_app_user: appuser
mysql_app_password: egts9758
mysql_monitor_user: monitor
mysql_monitor_password: monitor9758
mysql_backup_user: backuper
mysql_backup_password: backuper9758[root@s061 playbooks]# scp /usr/local/src/mysql-5.7.21-linux-glibc2.12-x86_64.tar.gz 116.62.199.117:/usr/local/src/
mysql-5.7.21-linux-glibc2.12-x86_64.tar.gz 100% 612MB 7.7MB/s 01:20 [root@s18105 playbooks]# ansible-playbook mysql/roles/install_master_slaves.yaml
PLAY [mysqlservers] *****************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************
ok: [s088]
ok: [s086]
ok: [s087]
TASK [create mysql user] ************************************************************************************************************************
ok: [s087]
ok: [s086]
ok: [s088]
TASK [config /etc/my.cnf for mysql-5.6.x] *******************************************************************************************************
skipping: [s086]
skipping: [s087]
skipping: [s088]
...
TASK [clear temp file tmp/master_slaves.sql] ****************************************************************************************************
ok: [s086]
ok: [s088]
ok: [s087]
PLAY RECAP **************************************************************************************************************************************
s086 : ok=27 changed=20 unreachable=0 failed=0
s087 : ok=27 changed=20 unreachable=0 failed=0
s088 : ok=27 changed=20 unreachable=0 failed=0 验证:
[root@s18105 playbooks]# ansible mysqlservers -m command -a "mysql -uroot -pegts9758 -e 'show master status \G'"
s087 | SUCCESS | rc=0 >>
*************************** 1. row ***************************
File: mysql-bin.000002
Position: 595
Binlog_Do_DB:
Binlog_Ignore_DB:
Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.
s086 | SUCCESS | rc=0 >>
*************************** 1. row ***************************
File: mysql-bin.000002
Position: 595
Binlog_Do_DB:
Binlog_Ignore_DB:
Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.
s088 | SUCCESS | rc=0 >>
*************************** 1. row ***************************
File: mysql-bin.000002
Position: 595
Binlog_Do_DB:
Binlog_Ignore_DB:
Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.mysql主从搭建完毕
mycat实现读写分离
上传mycat到ansible的package目录
scp /usr/local/mytools/deploy/packages/mycat/mycat-server-1.6.5-linux.tar.gz 116.62.199.117:/usr/local/mytools/deploy/packages/mycat/vim /etc/ansible/hosts
[mycat]
s082 ansible_host=192.168.118.82在数据库中创建用户、mycat会有这个用户连接数据库 用户名、密码引用自mycat/roles/common/var/main.yml中的mysql_app_user、mysql_app_password 在主库上执行如下代码
create user appuser@'%' identified by 'egts9758';
create database ultrax default character set utf8;
create database DedeCMS default character set utf8;
create database zrlog default character set utf8;
grant all on ultrax.* to 'appuser'@'%';
grant all on DedeCMS.* to 'appuser'@'%';
grant all on zrlog.* to 'appuser'@'%';
flush privileges;编辑mycat/roles/vars/var_mycat.yaml
[root@s18105 playbooks]# vim mycat/roles/vars/var_mycat.yaml
master_ip: "192.168.118.86"
slave_ips:
- "192.168.118.87"
- "192.168.118.88"
修改mycat/roles/install_mycat.yaml中的host为需要安装mycat的host
[root@s18105 playbooks]# vim mycat/roles/install_mycat.yaml
---
- hosts: s082
remote_user: root
become_user: root
vars_files:
- common/vars/main.yml
- vars/var_mycat.yaml
tasks:
- name: install dependents
import_tasks: common/install_dependents.yaml
- name: install mycat
import_tasks: common/install_mycat.yaml
- name: start mycat
import_tasks: common/start_mycat.yaml执行剧本:
[root@s18105 playbooks]# ansible-playbook mycat/roles/install_mycat.yaml
PLAY [s082] *************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************
ok: [s082]
TASK [install java-1.7.0-openjdk] ***************************************************************************************************************
ok: [s082]
TASK [create mycat user] ************************************************************************************************************************
ok: [s082]
TASK [trasfer mycat-server-1.6.5-linux.tar.gz to remonte host] **********************************************************************************
changed: [s082]
TASK [export MYCAT_HOME env to /etc/profile] ****************************************************************************************************
changed: [s082]
TASK [config schema.xml] ************************************************************************************************************************
changed: [s082]
TASK [config server.xml] ************************************************************************************************************************
changed: [s082]
TASK [transfer start_mycat.sh to remonte /tmp/] *************************************************************************************************
changed: [s082]
TASK [start mycat] ******************************************************************************************************************************
changed: [s082]
TASK [remove start_mycat.sh] ********************************************************************************************************************
changed: [s082]
PLAY RECAP **************************************************************************************************************************************
s082 : ok=10 changed=7 unreachable=0 failed=0 检查mycat是否启动:
[root@s18105 playbooks]# ansible s082 -m shell -a "ps -ef | grep mycat"
s082 | SUCCESS | rc=0 >>
root 12210 12209 0 23:10 pts/1 00:00:00 /bin/sh -c ps -ef | grep mycat
root 12212 12210 0 23:10 pts/1 00:00:00 grep mycat此处有坑:
没有启动,注意,这是java vm不能分配内存
echo 1 > /proc/sys/vm/overcommit_memory永久更改:
vim /etc/sysctl.conf修改参数
vm.overcommit_memory = 1sysctl -p修改Mycat服务器参数调整和用户授权的配置文件server.xml。主要修改配置段如下:
# vim /usr/local/mycat/conf/server.xml
增加以下:
# root用户对逻辑数据库ultrax,DedeCMS,zrlog具有增删改查的权限
egts9758
ultrax,DedeCMS,zrlog
# discuz用户对逻辑数据库ultrax具有增删改查的权限
egts9758
ultrax
# dedecms用户对逻辑数据库DedeCMS具有增删改查的权限
egts9758
DedeCMS
# zrlog用户对逻辑数据库zrlog具有增删改查的权限
egts9758
zrlog
# 该用户对逻辑数据库ultrax,DedeCMS,zrlog仅有只读的权限
egts9758
ultrax,DedeCMS,zrlog
true
修改逻辑库定义和表及分片定义的配置文件schema.xml:
# 把配置文件备份:
cp /usr/local/mycat/conf/schema.xml /usr/local/mycat/conf/schema.xml.bak配置内容如下:
# cat /usr/local/mycat/conf/schema.xml
select user()
修改后:
部署php-fpm
vim /etc/ansible/hosts添加以下:
[phpservers]
s083
s084
s085执行剧本
[root@s18105 playbooks]# ansible-playbook php/install.yml
PLAY [phpservers] *******************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************
ok: [s085]
ok: [s083]
ok: [s084]
TASK [Uncompression php setup] ******************************************************************************************************************
changed: [s083]
changed: [s084]
changed: [s085]
TASK [Uncompression php.bin] ********************************************************************************************************************
changed: [s084]
changed: [s083]
changed: [s085]
。。。
TASK [restart nginx] ****************************************************************************************************************************
changed: [s084]
changed: [s083]
changed: [s085]
PLAY RECAP **************************************************************************************************************************************
s083 : ok=13 changed=12 unreachable=0 failed=0
s084 : ok=13 changed=12 unreachable=0 failed=0
s085 : ok=13 changed=12 unreachable=0 failed=0
验证:
[root@s18105 playbooks]# ansible phpservers -m shell -a "ps -ef | grep php"
s084 | SUCCESS | rc=0 >>
root 23583 1 0 00:19 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf)
www 23584 23583 0 00:19 ? 00:00:00 php-fpm: pool www
www 23585 23583 0 00:19 ? 00:00:00 php-fpm: pool www
www 23586 23583 0 00:19 ? 00:00:00 php-fpm: pool www
www 23587 23583 0 00:19 ? 00:00:00 php-fpm: pool www
www 23588 23583 0 00:19 ? 00:00:00 php-fpm: pool www
www 23589 23583 0 00:19 ? 00:00:00 php-fpm: pool www
...php-fpm安装完毕
安装apache tomcat
先安装apache
# vim /etc/ansible/hosts 增加以下
[apacheservers]
s089 ansible_host=192.168.118.89
[tomcatservers]
s083 ansible_host=192.168.118.83
s084 ansible_host=192.168.118.84
s085 ansible_host=192.168.118.85apache的安装包路径,上传文件到此路径
/usr/local/mytoos/deploy/packages/httpd[root@s18105 playbooks]# ls /usr/local/mytools/deploy/packages/httpd/
apr-1.6.2.tar.gz apr-util-1.6.0.tar.gz httpd-2.4.28.tar.gz[root@s18105 playbooks]# ansible-playbook httpd/install_httpd.yaml
PLAY [apacheservers] ****************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************
ok: [s089]
TASK [install gcc] ******************************************************************************************************************************
ok: [s089]
...
TASK [enable httpd.service] *********************************************************************************************************************
changed: [s089]
PLAY RECAP **************************************************************************************************************************************
s089 : ok=25 changed=18 unreachable=0 failed=0
验证:
[root@s18105 playbooks]# ansible s089 -m shell -a "ps -ef | grep httpd"
s089 | SUCCESS | rc=0 >>
root 31745 1 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND
daemon 31783 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND
daemon 31784 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND
daemon 31785 31745 0 00:43 ? 00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUND
root 32394 32393 0 01:25 pts/1 00:00:00 /bin/sh -c ps -ef | grep httpd
root 32396 32394 0 01:25 pts/1 00:00:00 grep httpdApache安装完成。
安装tomcat
先上传jdk和tomcat tar包到/usr/local/src
[root@s18105 playbooks]# ls /usr/local/src/ -h
apache-tomcat-8.5.32.tar.gz jdk-8u161-linux-x64.tar.gz mycat安装zookeeper
zookeeeper
wget http://mirrors.hust.edu.cn/apache/zookeeper/zookeeper-3.4.13/zookeeper-3.4.13.tar.gztar zxf zookeeper-3.4.13.tar.gz
cd zookeeper-3.4.13/
cp conf/zoo_sample.cfg conf/zoo.cfg
sh bin/zkServer.sh start可以看到如下信息:
ZooKeeper JMX enabled by default
Using config: /root/zookeeper-3.4.13/bin/../conf/zoo.cfg
Starting zookeeper ... STARTED
mycat-web
wget http://dl.mycat.io/mycat-web-1.0/Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gztar zxf Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gz
cd mycat-web/
vim mycat-web/WEB-INF/classes/mycat.properties
#
#Mon Jan 16 15:37:36 CST 2012
show.period=3000000
zookeeper=localhost:2181
mycat_warn_mail=[{"cc"\:"[email protected]","index"\:1,"mangerPort"\:"465","smtpHost"\:"smtp.139.
com","smtpPassword"\:"123456","smtpProtocol"\:"smtp","smtpUser"\:"[email protected]","to"\:"9
[email protected]"}]
##sql\u4E0A\u7EBF\u76F8\u5173\u914D\u7F6E
sqlonline.server=192.168.118.82
sqlonline.user=appuser
sqlonline.passwd=egts9758