目录
- 基础优化
- SSH、Ansible,批量管理服务项目
- 剧本开始…………….10分钟左右
- mail.yaml
- base.yaml
- rsync.yaml
- nfs.yaml
- web.yaml
- tweb.yaml
- lb.yaml
- keepalived.yaml
- keepalived2.yaml
- mysql.yaml
- 善后操作
服务器主机名和 IP 规划参考模板
| 主机名 | eth0 网卡 | eth1 网卡 | 服务简介 |
|---|---|---|---|
| lb01 | 10.0.0.5/24 | 172.16.1.5/24 | 负载服务 |
| lb02 | 10.0.0.6/24 | 172.16.1.6/24 | 负载服务 |
| web01 | 10.0.0.7/24 | 172.16.1.7/24 | phpwww 服务 |
| web02 | 10.0.0.8/24 | 172.16.1.8/24 | php www 服务 |
| tweb01 | 10.0.0.9/24 | 172.16.1.9/24 | tomcat www 服务 |
| db01 | 10.0.0.51/24 | 172.16.1.51/24 | 数据库服务 |
| nfs01 | 10.0.0.31/24 | 172.16.1.31/24 | 存储服务 |
| backup | 10.0.0.41/24 | 172.16.1.41/24 | 备份服务 |
| m01 | 10.0.0.61/24 | 172.16.1.61/24 | 管理服务 |
基础优化
修改ip地址
sed -i ‘s#222#61#g‘ /etc/sysconfig/network-scripts/ifcfg-eth[01]
永久修改主机名
[[email protected] ~]# hostnamectl set-hostname oldboyedu-cc7
[[email protected] data]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lo02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 sweb
172.16.1.31 nfs
172.16.1.41 backup
172.16.1.51 db
#批量推送其他主机
[[email protected] data]# scp -rp /etc/hosts [email protected]:/etc/
//2.关闭firewalld防火墙
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld
//3.关闭selinux
# 方式一
sed -ri ‘s#(^SELINUX=).*#\1disabled#g‘ /etc/selinux/config
# 方式二
sed -i ‘/^SELINUX=/c SELINUX=disabled‘ /etc/selinux/config
# 方式三
vim /etc/selinux/config
# 临时生效
setenforce 0
//4.优化ulimit
echo ‘* - nofile 65535‘ >> /etc/security/limits.conf
//5 重启快照SSH、Ansible,批量管理服务项目
1.创建密钥对
[[email protected] ~]# ssh-keygen -t rsa -C xuliangwei.com #一路回车即可
[[email protected] ~]# ls ~/.ssh/
id_rsa(钥匙) id_rsa.pub(锁头)
2#发送密钥给需要登录的用户
[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
# 测试
#远程登录对端主机方式
[[email protected] ~]# ssh [email protected]
# 不登陆主机执行命令
[[email protected] ~]# ssh [email protected] "hostname -i"
.ansible借助公钥批量管理
#利用非交换式工具实现批量分发公钥与批量管理服务器
[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[[email protected] ~]# yum install ansible -y
//检查ansible版本
[[email protected] ~]# ansible --version
ansible 2.6.1
配置ansible 主机清单
[[email protected] ~]# vim /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.7
172.16.1.8
[sweb]
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
[db]
172.16.1.51
测试
# ansible是通过ssh端口探测通信
[[email protected] ~]# ansible all -m ping
#批量执行命令
[[email protected] ~]# ansible all -m command -a "df -h"
[[email protected] ~]# ansible all -m command -a "hostname"
剧本开始…………….10分钟左右
mail.yaml
- import_playbook: base.yaml
- import_playbook: rsync.yaml
- import_playbook: nfs.yaml
- import_playbook: sersync.yaml
- import_playbook: web.yaml
- import_playbook: tweb.yaml
- import_playbook: lb.yaml
- import_playbook: keepalived.yaml
- import_playbook: keepalived02.yaml
- import_playbook: mysql.yamlbase.yaml
- hosts: all
tasks:
# - name: Clear yum.repos.d
# file: path=/etc/yum.repos.d/ state=absent
#
# - name: Create yum.repos.d
# file: path=/etc/yum.repos.d/ state=directory
# - name: install aliyun base
# get_url: url=http://mirrors.aliyun.com/repo/Centos-7.repo dest=/etc/yum.repos.d/CentOS-Base.repo
#
# - name: install aliyun epel
# get_url: url=http://mirrors.aliyun.com/repo/epel-7.repo dest=/etc/yum.repos.d/epel.repo
- name: Push centos75
copy: src=./file/contos75.repo dest=/etc/yum.repos.d/
- name: Push ops
copy: src=./file/ops.repo dest=/etc/yum.repos.d/
# - name: Dns Client
# copy: src=./conf/resolv.conf dest=/etc/resolv.conf
- name: Install base soft
yum: name=rsync,nfs-utils,net-tools,vim,tree,htop,iftop,iotop,lrzsz,sl,wget,unzip,telnet,nmap,nc,psmisc,dos2unix,bash-completion,iotop,iftop,sysstat,screen,zip state=installed
- name: Create Group WWW
group: name=www gid=666
- name: Create User WWW
user: name=www uid=666 group=666 create_home=no shell=/sbin/nologin
- name: Create Rsync_Client_Pass
copy: content=‘1‘ dest=/etc/rsync.pass mode=600
- name: Create Sripts Directory
file: path=/server/scripts/ recurse=yes state=directory
- name: Push Scripts
copy: src=./scripts/rsync_backup_md5.sh dest=/server/scripts/
- name: Crontable Scripts
cron: name="backup scripts" hour=01 minute=00 job="/usr/bin/bash /server/scripts/rsync_backup_md5.sh &>/dev/null"
rsync.yaml
- hosts: backup
tasks:
- name: Install Rsync Server
yum: name=rsync,mailx state=installed
- name: Configure Rsync Server
copy: src=./conf/rsyncd.conf dest=/etc/rsyncd.conf
notify: Restart Rsync Server
- name: Create Date
file: path=/data state=directory owner=www group=www mode=755
- name: Create Backup
file: path=/backup state=directory owner=www group=www mode=755
- name: Create Virt User
copy: content=‘rsync_backup:1‘ dest=/etc/rsync.password mode=600
- name: Start RsyncServer
service: name=rsyncd state=started enabled=yes
- name: Push Check Scripts
copy: src=./scripts/rsync_check_backup.sh dest=/server/scripts/
- name: Crond Check Scripts
cron: name="check scripts" hour=05 minute=00 job="/usr/bin/bash /server/scripts/rsync_check_backup.sh &>/dev/null"
handlers:
- name: Restart Rsync Server
service: name=rsyncd state=restarted
nfs.yaml
- hosts: nfs
tasks:
- name: Installed Nfs Server
yum: name=nfs-utils state=installed
- name: Configure Nfs Server
copy: src=./conf/exports dest=/etc/exports
notify: Restart Nfs Server
- name: Create Share Data
file: path=/data state=directory owner=www group=www mode=755
- name: Create Share /data{}
shell: mkdir /data/{wordpress,wecenter,jpress} -p
- name: Chown -R www.www /data
file: path=/data recurse=yes owner=www group=www
- name: Start Nfs Server
service: name=nfs-server state=started enabled=yes
handlers:
- name: Restart Nfs Server
service: name=nfs-server state=restartedsersync.yaml
- hosts: nfs
tasks:
- name: Scp Sersync
copy: src=./file/sersync2.5.4_64bit_binary_stable_final.tar.gz dest=/usr/local/sersync.tar.gz
- name: Zip
shell: cd /usr/local && tar xf sersync.tar.gz && mv GNU-Linux-x86 sersync
args:
creates: /usr/local/sersync
- name: configure Sersync
copy: src=./conf/confxml.xml dest=/usr/local/sersync/confxml.xml
notify: kill old sersync and restart new sersync
- name: Start Sersync
shell: pgrep sersync;
[ $? -eq 0 ] || /usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
handlers:
- name: kill old sersync and restart new sersync
shell: pegrep sersync | xargs kill -9;
/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml
web.yaml
- hosts: web
tasks:
# - name: Mount NFS Server Share Date
# mount: src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=mounted
- name: Install Mariadb
yum: name=mysql state=installed
- name: Install nginx
yum: name=nginx state=installed
- name: nginx.conf copy
copy: src=./conf/nginx.conf dest=/etc/nginx/nginx.conf
notify: Restart nginx
- name: install php7.1
yum: name=php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb state=installed
- name: Copy www.conf
copy: src=./conf/www.conf dest=/etc/php-fpm.d/www.conf
notify: Restart php-fpm
- name: Copy php.ini
copy: src=./conf/php.ini dest=/etc/php.ini
notify: Restart php-fpm
- name: Start php-fpm
service: name=php-fpm state=started enabled=yes
#- name: Unzip kaoshi.zip
# unarchive: src=./file/kaoshi.zip dest=/data/ creates=/data/index.html
- name: Start nginx
service: name=nginx state=started enabled=yes
- name: Del /etc/nginx/conf.d/default.conf
file: path=/etc/nginx/conf.d/default.conf state=absent
- name: Copy conf.d/*
unarchive: src=./conf/conf.zip dest=/etc/nginx/conf.d/ creates=/etc/nginx/conf.d/wecenter.conf
- name: Copy ./file/ssl_key.zip
unarchive: src=./file/ssl_key.zip dest=/etc/nginx/ creates=/etc/nginx/ssl_key/server.crt
- name: Create /code
file: path=/code/ recurse=yes state=directory mode=755 owner=www group=www
- name: Copy /code.zip
unarchive: src=./file/code.zip dest=/code/ creates=/code/wordpress/index.php
- name: chown www.www /code
file: path=/code owner=www group=www mode=0755
# - name: Mount data
# mount: src=172.16.1.31:/data path=/data fstype=nfs opts=defaults state=mounted
- name: Mount wordpress
mount: src=172.16.1.31:/data/wordpress path=/code/wordpress/wp-content/uploads fstype=nfs opts=defaults state=mounted
- name: Mount wecenter
mount: src=172.16.1.31:/data/wecenter path=/code/wecenter/uploads fstype=nfs opts=defaults state=mounted
- name: Start nginx
service: name=nginx state=started enabled=yes
# - name: recovery data
# shell: cp -rp /code/wecenter/uploads_bak/* /code/wecenter/uploads/ && cp -rp /code/wordpress/wp-content/uploads_bak/* /code/wordpress/wp-content/uploads/
handlers:
- name: Restart nginx
service: name=nginx state=restarted enabled=yes
- name: Restart php-fpm
service: name=php-fpm state=restarted enabled=yes
tweb.yaml
- hosts: sweb
tasks:
- name: Install java jarjar
yum: name=java,jarjar-maven-plugin state=installed
- name: Create /server
file: path=/server/scripts/ recurse=yes state=directory
- name: Unzip tomcat8_1.zip
unarchive: src=./file/tomcat8_1.zip dest=/server/ creates=/server/tomcat8_1/bin/startup.sh
- name: Configgurl copy
copy: src=./conf/server.xml dest=/server/tomcat8_1/conf/server.xml
notify: Restart tomcat
- name: chown www
file: path=/server/tomcat8_1 recurse=yes owner=www group=www
- name: Start tomcat8_1
# command: /server/tomcat8_1/bin/startup.sh
shell: /server/tomcat8_1/bin/startup.sh
- name: Mount NFS Server Share jpress
mount: src=172.16.1.31:/data/jpress path=/server/tomcat8_1/webapps/jpress/attachment fstype=nfs opts=defaults state=mounted
# - name: Recovery data
# shell: cd /server/tomcat8_1/webapps/jpress && cp -rp attachment_bak/* attachment/
# - name chown www
# shell: chown -R www.www /server/tomcat8_1/webapps
# handlers:
# - name: Restart tomcat
# shell: /server/tomcat8_1/bin/shutdown.sh && /server/tomcat8_1/bin/startup.sh
lb.yaml
- hosts: lb
tasks:
- name: install nginx
yum: name=nginx state=installed
- name: Del /etc/nginx/conf.d/default.conf
file: path=/etc/nginx/conf.d/default.conf state=absent
- name: Copy ds.conf
copy: src=./lb/ds.conf dest=/etc/nginx/conf.d/ds.conf
notify: Restart nginx
- name: Copy proxy-https.conf
copy: src=./lb/proxy-https.conf dest=/etc/nginx/conf.d/proxy-https.conf
notify: Restart nginx
- name: Copy ./file/ssl_key.zip
unarchive: src=./file/ssl_key.zip dest=/etc/nginx/ creates=/etc/nginx/ssl_key/server.crt
- name: Copy proxy_params
copy: src=./lb/proxy_params dest=/etc/nginx/proxy_params
notify: Restart nginx
- name: start nginx
service: name=nginx state=started enabled=yes
handlers:
- name: Restart nginx
service: name=nginx state=restarted enabled=yes
keepalived.yaml
- hosts: lb
tasks:
- name: install keepalived
yum: name=keepalived state=installed
- name: Copy keepalived.conf
copy: src=./lb/keepalived.conf dest=/etc/keepalived/keepalived.conf
notify: Restart keepalived
- name: start keepalived
service: name=keepalived state=started enabled=yes
handlers:
- name: Restart keepalived
service: name=keepalived state=restarted enabled=yes
keepalived2.yaml
- hosts: 172.16.1.6
tasks:
- name: Copy keepalived2.conf
copy: src=./lb/keepalived2.conf dest=/etc/keepalived/keepalived.conf
notify: Restart keepalived
- name: start keepalived
service: name=keepalived state=started enabled=yes
handlers:
- name: Restart keepalived
service: name=keepalived state=restarted enabled=yes
mysql.yaml
- hosts: db
tasks:
- name: Install mysql-community
yum: name=mysql-community-server state=installed
- name: Start mysqld
service: name=mysqld state=started enabled=yes
# - name: copy /etc/my.cnf
# copy: src=./conf/my.cnf dest=/etc/my.cnf
# - name: Restart mysqld
# service: name=mysqld state=restarted enabled=yes
# - name: modify mysql passwd
# shell: mysql -uroot -se "update mysql.user set authentication_string=password(‘Ckh123.com‘) where user=‘root‘;"
# - name: modify my.cnf
# shell: sed ‘20s#skip-grant-tables##pg‘ /etc/my.cnf
# - name: Restart mysqld
# service: name=mysqld state=restarted enabled=yes
# - name: Grant all user
# shell: mysql -uroot -pCkh123.com mysql -se "update user set host = ‘%‘ where user = ‘root‘;"
# - name: flush privileges
# shell: mysql -uroot -p‘Ckh123.com‘ -se "flush privileges;"
# - name: Create daabase
# shell: mysql -uroot -p‘Ckh123.com‘ -se "create database wordpress;"
- name: Copy backup.sql
copy: src=./file/2018-10-0613-mysql-all.sql dest=/tmp/
# - name: Input mysql
# shell: mysql -uroot -p‘Ckh123.com‘</root/2018-09-2417-mysql-all.sql
善后操作
#4.由于mysql5.7默认配置了默认密码, 需要过滤temporary password关键字查看对应登陆数据库密码
[[email protected] ~]# grep ‘temporary password‘ /var/log/mysqld.log
#5.登陆mysql数据库[password中填写上一步过滤的密码]
[[email protected] ~]# mysql -uroot -p$(awk ‘/temporary password/{print $NF}‘ /var/log/mysqld.log)
#6.重新修改数据库密码
mysql> ALTER USER ‘root‘@‘localhost‘ IDENTIFIED BY ‘Ckh123.com‘;
# 服务器mysql允许远程用户连接 (授权法)
grant all privileges on *.* to ‘all‘@‘%‘ identified by ‘Ckh123.com‘;
flush privileges;
1.老服务器操作
#1.指定导出对应的数据库文件。
[[email protected] ~]# mysqldump -uroot -p‘Ckh123.com‘ --all-databases --single-transaction > `date +%F%H`-mysql-all.sql
#2.传输备份数据库文件至新服务器
[[email protected] zh]# scp 2018-10-0613-mysql-all.sql [email protected]:/tmp
2.新服务器操作
#1.导入数据库
[[email protected] ~]# cd /tmp && mysql -uroot -p‘Ckh123.com‘ < 2018-10-0613-mysql-all.sql
# 手动启动tomcat8
/usr/bin/sh /server/tomcat8_1/bin/startup.sh扩展 zip命令使用
# 当前目录下 所有文件 压缩包
[[email protected] conf.d]# zip conf.zip ./*
# -r 递归所有目录
[[email protected] conf.d]# zip -r conf.zip ./*
2.unzip
unzip -o -d /home/sunny myfile.zip
把myfile.zip文件解压到 /home/sunny/
-o:不提示的情况下覆盖文件;
-d:-d /home/sunny 指明将文件解压缩到/home/sunny目录下;
3.其他
zip -d myfile.zip smart.txt
删除压缩文件中smart.txt文件
zip -m myfile.zip ./rpm_info.txt
向压缩文件中myfile.zip中添加rpm_info.txt文件源码下载地址
链接:https://pan.baidu.com/s/1KqE4sdDdQxhIHJyK4QFfuw 密码:cwtn
原文地址:https://www.cnblogs.com/chengkanghua/p/9748599.html
时间: 2024-10-14 16:54:58