记录一次运维
程序员文章站
2022-06-11 19:26:36
...
安装ansible
如果yaml没有安装,执行如下命令安装:
yum install python-yaml
然后运行python,执行import yaml验证是否安装成功
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-NzTYyHI8-1625152163326)(C:\Users\wzs\AppData\Roaming\Typora\typora-user-images\image-20210627162433165.png)]
5台虚拟机信息如下
| 管理 | web代理 | 应用1 | 应用2 | 数据库 | |
|---|---|---|---|---|---|
| 主机名 | ops01 | ops02 | ops03 | ops04 | ops05 |
| 地址 | 128 | 129 | 130 | 131 | 132 |
分别执行如下命令,修改主机名
hostnamectl set-hostname ops01
hostnamectl set-hostname ops02
hostnamectl set-hostname ops03
hostnamectl set-hostname ops04
hostnamectl set-hostname ops05
分别修改每台主机的/etc/hosts文件添加记录,如下
192.168.111.128 ops01
192.168.111.129 ops02
192.168.111.130 ops03
192.168.111.131 ops04
192.168.111.132 ops05
配置完后,分别执行ping ops01,ping ops02,ping ops03验证配置的正确性,如下图:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-AmPhqbgE-1625152163327)(C:\Users\wzs\AppData\Roaming\Typora\typora-user-images\image-20210627164252723.png)]
配置免密登录
- 分别在三个节中生成秘钥文件
在三台主机上,顺序执行如下命令:
ssh localhost
exit
cd ~/.ssh/ #如果~/.ssh/不存在 执行ssh localhost
ssh-****** -t rsa #生成公私钥对,执行过程直接回车
cd ~/.ssh/;ssh-****** -t rsa
- 将公钥文件追加到每个主机的authorized_keys中
ssh-copy-id ops01;ssh-copy-id ops02;ssh-copy-id ops03;ssh-copy-id ops04;ssh-copy-id ops05;
然后在每台主机上,分别执行ssh ops01,ssh ops02,ssh ops03,ssh ops04,ssh ops05验证免密登陆是否配置成功。
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ui14jtND-1625152163328)(C:\Users\wzs\AppData\Roaming\Typora\typora-user-images\image-20210627170718641.png)]
安装Ansible
在每台主机上分别执行如下两个命令安装Ansible:
yum install epel-release
yum -y install ansible
执行完后,运行ansible --version验证是否安装成功,如下图:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-Nq1y6MZx-1625152163329)(C:\Users\wzs\AppData\Roaming\Typora\typora-user-images\image-20210627190734670.png)]
配置主机目录
安装好Ansible后,需要配置一个主机清单,保存Ansible管理的所有远程主机信息,可以根据用途划分成不同节点。修改/etc/ansible/hosts文件,定义好主机清单,在文件末尾添加如下内容:
[/etc/ansible/hosts]
192.168.111.128
192.168.111.129
192.168.111.130
192.168.111.131
192.168.111.132
[webservers]
192.168.111.129
[applications]
192.168.111.130
192.168.111.131
[dbservers]
192.168.111.132
配置好之后,执行ansible命令ansible webservers -m ping测试,如下:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-8BrFeBoy-1625152163330)(C:\Users\wzs\AppData\Roaming\Typora\typora-user-images\image-20210627191919822.png)]
表示主机清单配置成功。
安装nginx
在/etc/nginx/
---
# install nginx
- hosts: webservers
remote_user: root
gather_facts: no
tasks:
- name: add group nginx
user: name=nginx state=present
- name: add user nginx
user: name=nginx state=present group=nginx
- name: Install Nginx
yum: name=nginx state=present
- name: config nginx.conf
copy: src=/etc/ansible/files/nginx.conf dest=/etc/nginx/nginx.conf
- name: Start Nginx
script: /etc/ansible/files/nginx.sh
- name: copy static
unarchive: src=/etc/ansible/files/dist.zip dest=/usr/local/
解压静态文件
jieya.sh
unzip /usr/local/dist.zip
nginx配置文件
nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
upstream myServer {
server 192.168.111.130:80 weight=1;
server 192.168.111.131:80 weight=1;
}
server {
listen 80;
listen [::]:80;
server_name localhost;
#root /usr/share/nginx/html;
location = / {
root /usr/local/dist/;
proxy_pass http://myServer/; # 转发规则
proxy_set_header Host $proxy_host; # 修改转发请求头,让8080端口的应用可以受到真实的请求
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~^/(images|image|javascript|js|css|static|json|staticImage)/ {
root /usr/local/dist/;
access_log off;
expires 3000d;
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://myServer/prod-api/;
}
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
nginx初始化脚本
nginx.sh
killall -9 nginx;
nginx;
web服务器安装nginx
install_nginx_hou.yml
---
# install nginx
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: add group nginx
user: name=nginx state=present
- name: add user nginx
user: name=nginx state=present group=nginx
- name: Install Nginx
yum: name=nginx state=present
- name: config nginx.conf
copy: src=/etc/ansible/files/nginx_hou.conf dest=/etc/nginx/nginx.conf
- name: Start Nginx
script: /etc/ansible/files/nginx.sh
nginx_hou.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/dist/;
try_files $uri $uri/ /index.html;
index index.html index.htm;
}
location /prod-api/{
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
安装mysql
准备好安装包
准备好配置文件
准备好数据库文件
my.cnf
[mysqld]
socket=/tmp/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
log-bin
pid-file=/data/mysql/mysqld.pid
lower_case_table_names=1
[client]
port=3306
socket=/tmp/mysql.sock
[mysqld_safe]
log-error=/var/log/mysqld.log
准备安全加固脚本
secure_mysql.sh
#!/bin/bash
/usr/local/mysql/bin/mysql_secure_installation <<EOF
y
123456
123456
y
y
y
y
EOF
准备好数据库初始化脚本
mysql -uroot -p123456 -e "use mysql;UPDATE user SET user.host='%' WHERE user.user= 'root';";
mysql -uroot -p123456 -e "flush privileges;exit"
install_mysql.yml
---
# install mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz
- hosts: dbservers
remote_user: root
gather_facts: no
tasks:
- name: install packages
yum: name=libaio,perl-Data-Dumper,perl-Getopt-Long
- name: create mysql group
group: name=mysql gid=306
- name: create mysql user
user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes create_home=no home=/data/mysql
- name: copy tar to remote host and file mode
unarchive: src=/etc/ansible/files/mysql-5.6.46-linux-glibc2.12-x86_64.tar.gz dest=/usr/local/ owner=root group=root
- name: create linkfile /usr/local/mysql
file: src=/usr/local/mysql-5.6.46-linux-glibc2.12-x86_64 dest=/usr/local/mysql state=link
- name: create mysqldata
file: path=/data/mysql state=directory
- name: data dir
shell: chdir=/usr/local/mysql/ ./scripts/mysql_install_db --datadir=/data/mysql --user=mysql
tags: data
- name: config my.cnf
copy: src=/etc/ansible/files/my.cnf dest=/etc/my.cnf
- name: service script
shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
- name: enable service
shell: /etc/init.d/mysqld start;chkconfig --add mysqld;chkconfig mysqld on
tags: service
- name: PATH variable
copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh
- name: secure script
script: /etc/ansible/files/secure_mysql.sh
- name: copy sql
copy: src=/etc/ansible/files/ry-vue.sql dest=/usr/local/ry-vue.sql
- name: mysql script
script: /etc/ansible/files/import_mysql.sh
tags: script
- name: mysql init
script: /etc/ansible/files/mysql_init.sh
导入mysql的脚本
import_mysql.sh
#变量定义
sqlname="ry-vue.sql"
dir="/usr/local"
host="127.0.0.1"
user="root"
passwd="123456"
dbname="ry"
create_db_sql="create database IF NOT EXISTS $dbname"
#导入sql文件到指定数据库
mysql -h$host -u$user -p$passwd -e"${create_db_sql}"
mysql -h$host -u$user -p$passwd $dbname < $dir/$sqlname
jdk安装
准备好安装文件
install_jdk.yml
---
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: mkdir jdk directory #创建安装目录
file: path=/usr/local state=directory mode=0755
- name: mkdir jdk directory #创建安装目录
file: path=/usr/local state=directory mode=0755
- name: copy and unzip jdk #解压安装
unarchive: src=/etc/ansible/files/jdk-8u231-linux-x64.tar.gz dest=/usr/local
- name: set env #设置环境变量
lineinfile: dest=/etc/profile insertafter="{{item.position}}" line="{{item.value}}" state=present
with_items:
- {position: EOF, value: "export JAVA_HOME=/usr/local/jdk1.8.0_231"}
- {position: EOF, value: "export PATH=$JAVA_HOME/bin:$PATH"}
- name: chmod bin #修改执行权限
shell: chmod 755 /usr/local/jdk1.8.0_231/bin
- name: enforce env #刷新环境变量
shell: source /etc/profile
maven 安装
准备好maven的安装包
install_maven.yml
---
# install tomcat
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: copy tar to remote host and file mode
unarchive: src=/etc/ansible/files/apache-maven-3.8.1-bin.tar.gz dest=/usr/local/ owner=root group=root
- name: set env #设置环境变量
lineinfile: dest=/etc/profile insertafter="{{item.position}}" line="{{item.value}}" state=present
with_items:
- {position: EOF, value: "export MAVEN_HOME=/usr/local/apache-maven-3.8.1"}
- {position: EOF, value: "export PATH=$PATH:$MAVEN_HOME/bin"}
- name: enforce env #刷新环境变量
shell: source /etc/profile
redis安装
install_redis.yml
---
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: mkdir redis directory #创建安装目录
file: path=/usr/local state=directory mode=0755
- name: mkdir redis directory #创建安装目录
file: path=/usr/local state=directory mode=0755
- name: copy and unzip redis #解压安装
unarchive: src=/etc/ansible/files/redis-6.2.4.tar.gz dest=/usr/local
- name: redis init1
script: /etc/ansible/files/redis_init1.sh
- name: config redis.conf
copy: src=/etc/ansible/files/redis.conf dest=/usr/local/redis-6.2.4/redis.conf
- name: redis init2
script: /etc/ansible/files/redis_init2.sh
redis_init1.sh
cd /usr/local/redis-6.2.4
make
redis_init2.sh
cd /usr/local/redis-6.2.4/src
./redis-server /usr/local/redis-6.2.4/redis.conf
管理机存放静态资源
copy_static.yml
---
# install nginx
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: copy static
copy: src=/etc/ansible/files/disk dest=/usr/local/disk
创建完全安装脚本
. install_all.sh
#!/bin/sh
ansible-playbook install_nginx.yml;
ansible-playbook install_mysql.yml;
ansible-playbook install_jdk.yml;
ansible-playbook install_maven.yml;
ansible-playbook install_redis.yml;
ansible-playbook install_nginx_hou.yml;
ansible-playbook copy_static.yml;
#ansible-playbook install_tomcat.yml;
后台一键式部署
ansible-playbook release_hou.yml
---
- hosts: applications
remote_user: root
gather_facts: no
tasks:
- name: copy jar
copy: src=/etc/ansible/files/ruoyi-admin.jar dest=/usr/local/ruoyi-admin.jar
- name: copy static
unarchive: src=/etc/ansible/files/dist.zip dest=/usr/local/
- name: copy shell
copy: src=/etc/ansible/files/test.sh dest=/usr/local/test.sh mode=0755
- name: jar start
shell: /usr/local/test.sh
test.sh
#!/bin/sh
ssh 192.168.111.130 "java -jar /usr/local/ruoyi-admin.jar &"
备份数据库任务
backup.yml发送脚本到数据库服务器执行
---
- hosts: dbservers
tasks:
- name: copy static
copy: src=/etc/ansible/files/backup.sh dest=/usr/local/backup.sh
- name: mkdir redis directory #创建安装目录
file: path=/usr/local state=directory mode=0755
- name: backup
script: /etc/ansible/files/backup.sh
start_back.sh用于执行backup.yml
#!/bin/bash
ansible-playbook backup.yml
. backup_cron.sh设置定时任务
#!/bin/bash
ansible dbservers -m cron -a 'name="back" minute=10 hour=0 day=* month=* weekday=* job="/etc/ansible/start_back.sh"'
backup.sh采集数据并且返回到主机ops01
#!/bin/bash
/usr/local/mysql/bin/mysqldump -h192.168.111.132 -uroot -p123456 ry-vue > /root/mbackup/`date +%Y%m%d_%H%M`.sql;
scp -r /root/mbackup/* [email protected]:/backup/mysqldb/
查看定时任务
ansible all -m shell -a "crontab -l"
state=directory mode=0755
- name: backup
script: /etc/ansible/files/backup.sh
start_back.sh用于执行backup.yml
```shell
#!/bin/bash
ansible-playbook backup.yml
. backup_cron.sh设置定时任务
#!/bin/bash
ansible dbservers -m cron -a 'name="back" minute=10 hour=0 day=* month=* weekday=* job="/etc/ansible/start_back.sh"'
backup.sh采集数据并且返回到主机ops01
#!/bin/bash
/usr/local/mysql/bin/mysqldump -h192.168.111.132 -uroot -p123456 ry-vue > /root/mbackup/`date +%Y%m%d_%H%M`.sql;
scp -r /root/mbackup/* [email protected]:/backup/mysqldb/
查看定时任务
ansible all -m shell -a "crontab -l"
上一篇: python3实现冒泡排序和插入排序