1 管理机准备的文1 cat /server/scripts/rsyncd.conf pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log uid = www gid = www use chroot = no max connections = 200 timeout = 300 ignore errors read only = false list = false hosts allow = 172.16.1.0/24 hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password [backup_test] path = /backup 2 /server/tools/sersync/sersync.tar.gz /application/sersync/conf/confxml_backup.xml /application/sersync/conf/confxml_www.xml /application/sersync/conf/confxml_blog.xml 3 cat /server/scripts/web01/rsyncd.conf pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log uid = www gid = www use chroot = no max connections = 200 timeout = 300 ignore errors read only = false list = false hosts allow = 172.16.1.0/24 hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password [www] path = /application/nginx/html/www/uploads/ [blog] path = /application/nginx/html/blog/wp-content/uploads/ 4 cat /server/scripts/mysql_shucong.sh #!/bin/bash IP=`hostname -i` Date=`date +%F` if [ $IP == '172.16.1.51' ] then rm /root/.ssh/id_dsa* -f ssh-keygen -f /root/.ssh/id_dsa -P "" >/dev/null 2>&1 sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.41" >/dev/null 2>&1 #/application/mysql/bin/mysql -e "grant replication slave on *.* to rep@'172.16.1.%' identified by '123456';"/application/mysql/bin/mysql -e "flush table with read lock;" /application/mysql/bin/mysql -e "show master status\G;"| awk -F "[: ]+" 'NR==2 {print $3}' > /tmp/mysql_file.txt
/application/mysql/bin/mysql -e "show master status\G;"| awk -F "[: ]+" 'NR==3 {print $3}' > /tmp/mysql_post.txt /application/mysql/bin/mysqldump --events -A -B |gzip > /tmp/mysql-${Date}.sql.gz scp -rp /tmp/mysql_file.txt /tmp/mysql-${Date}.sql.gz /tmp/mysql_post.txt 172.16.1.41:/tmp/ /application/mysql/bin/mysql -e "unlock tables;" fi if [ $IP == '172.16.1.41' ] then while true do if [ -e /tmp/mysql-${Date}.sql.gz ] then File=`cat /tmp/mysql_file.txt` Pos=`cat /tmp/mysql_post.txt` gzip -d /tmp/mysql-${Date}.sql.gz /application/mysql/bin/mysql </tmp/mysql-${Date}.sql /application/mysql/bin/mysql<< EOF CHANGE MASTER TO MASTER_HOST='172.16.1.51', MASTER_PORT=3306, MASTER_USER='rep', MASTER_PASSWORD='123456', MASTER_LOG_FILE='$File', MASTER_LOG_POS=$Pos; EOF /application/mysql/bin/mysql -e "start slave;" /application/mysql/bin/mysql -e "show slave status\G;"|egrep "IO_Running|SQL_Running|Seconds_Behind_Master"|sed -n '1,3p' fi exit done fi 5 /server/scripts/check_back.sh Host_IP=`hostname -i` Date_Info=`date +%F-%w -d "-1day"` cd / tar -zchf $Backup_Dir/$Host_IP/sys_backup${Date_Info}.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables #creat finger_info find $Backup_Dir/$Host_IP -type f -name "*${Date_Info}.tar.gz" |xargs md5sum > $Backup_Dir/$Host_IP/finger.txt #delete the backup file that creat more than 7days find $Backup_Dir/$Host_IP/ -type f -name "*.tar.gz" -mtime +7 |xargs rm -f find $Backup_Dir/ -type f -name "finger.txt"|xargs md5sum -c > /tmp/check_info.txt mail -s "check_info$Date_Info" 577800103@qq.com < /tmp/check_info.txt 6 /server/scripts/backup.sh #!/bin/bash #creat by degary #function:backup some important file/dir for web-server #creat backup dir Backup_Dir="/data/backup" Host_IP=`hostname -i` Date_Info=`date +%F-%w -d "-1day"` cd / mkdir -p $Backup_Dir/$Host_IP #compress system file/dir tar -zchf $Backup_Dir/$Host_IP/sys_backup${Date_Info}.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables if [ -d /application/nginx ];then tar -zchf $Backup_Dir/$Host_IP/blog_backup${Date_Info}.tar.gz application/nginx/html tar -zchf $Backup_Dir/$Host_IP/log_backup${Date_Info}.tar.gz application/nginx/logs fi #creat finger_info find $Backup_Dir/$Host_IP -type f -name "*${Date_Info}.tar.gz" |xargs md5sum > $Backup_Dir/$Host_IP/finger.txt #push to rsync server rsync -az $Backup_Dir/$Host_IP/ BACKUP@172.16.1.41::backup/$Host_IP/ --password-file=/etc/rsync.password #delete the backup file that creat more than 7days find $Backup_Dir/$Host_IP/ -type f -name "*.tar.gz" -mtime +7 |xargs rm -f 7 /server/scripts/yum_client.sh cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [oldboy] name=Server baseurl=http://172.16.1.61 enable=1 gpgcheck=0 EOF yum --enablerepo=oldboy --disablerepo=base,extras,updates,epel list yum clean all yum makecache
8
/server/scripts/fenfa.sh
#!/bin/bash
. /etc/init.d/functions
yum install -y sshpass
rm -rf ~/.ssh/*
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
for i in 5 6 7 8 9 31 41 51
do
sshpass -p 123456 ssh-copy-id "-i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i" &>/dev/null
if [ 0 -eq 0 ];then
action "copy-$i" /bin/true
else
action "copy-$i" /bin/false
fi
done
2 管理机操作
1.1 优化脚本(提前克隆并优化好所有虚拟机,管理机配置好yum源,除lb服务器外都一块网卡 lb服务器两块网卡) cat > /etc/hosts <<EOF 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 ######################################## 172.16.1.5 lb01 172.16.1.6 lb02 172.16.1.7 web01 172.16.1.8 web02 172.16.1.9 web03 172.16.1.51 db01 172.16.1.31 nfs 172.16.1.41 backup 172.16.1.61 m01 ######################################## EOF 管理机更新yum源 wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo 1.2 ssh秘钥分发脚本 使得管理机可以通过ssh秘钥直接连入其他服务器 cat > /server/scripts/fenfa.sh <<EOF #!/bin/bash . /etc/init.d/functions rm -rf ~/.ssh/* ssh-keygen -q -N "" -f ~/.ssh/id_rsa for i in 5 6 7 8 9 31 41 51 do sshpass -p 123456 ssh-copy-id "-i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i" &>/dev/null if [ $? -eq 0 ];then action "copy-$i" /bin/true else action "copy-$i" /bin/false fi done EOF 1.3 搭建vpn脚本 cat /server/scripts/vpn.sh yum install pptpd -y sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g' /etc/sysctl.conf sysctl -p echo "localip 10.0.0.61 remoteip 172.16.1.1-100" >>/etc/pptpd.conf echo "oldboy * 123456 *" >> /etc/ppp/chap-secrets /etc/init.d/pptpd start chkconfig pptpd on 1.4 安装ansible脚本 cat /server/scripts/ansible.sh #!/bin/bash yum install -y ansible #cd /etc/ansible/ cat >> /etc/ansible/hosts <<EOF db01 ansible_ssh_host=172.16.1.51 backup ansible_ssh_host=172.16.1.41 nfs ansible_ssh_host=172.16.1.31 web01 ansible_ssh_host=172.16.1.7 lb01 ansible_ssh_host=172.16.1.5 lb02 ansible_ssh_host=172.16.1.6 [web] 172.16.1.9 172.16.1.8 EOF mkdir /etc/ansible/playbook/ 1.5 搭建yum仓库服务端脚本(并手动上传之前打包好的rpm包) cat /server/scripts/yum_server.sh #!/bin/bash mkdir -p /application/yum/centos6/x86_64/ cd /application/yum/centos6/x86_64/ yum -y install createrepo yum install -y --downloaddir=/application/yum/centos6/x86_64/ --downloadonly memcached lrzsz libevent nc livevent-devel keepalived sshpass rpcbind nfs-utils pcre-devel openssl-devel perl-Module-Install zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libxslt-devel libmcrypt-devel mhash mcrypt createrepo -pdo /application/yum/centos6/x86_64/ /application/yum/centos6/x86_64/ createrepo --update /application/yum/centos6/x86_64/ python -m SimpleHTTPServer 80 &>/dev/null & 1.6 搭建yum仓库客户端脚本 cat /server/scripts/yum_client.sh #!/bin/bash cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [oldboy] name=Server baseurl=http://172.16.1.61 enable=1 gpgcheck=0 EOF yum --enablerepo=oldboy --disablerepo=base,extras,updates,epel list yum clean all yum makecache cat > /etc/ansible/playbook/yum_client.yml <<EOF - hosts: all tasks: - script: /server/scripts/yum_client.sh EOF 1.7 时间服务器脚本 cat /server/scripts/time_server.sh #!/bin/bash cp /etc/ntp.conf{,.bak} cat > /etc/ntp.conf <<EOF driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap nopeer noquery restrict 127.0.0.1 restrict -6 ::1 restrict 172.16.1.0 mask 255.255.255.0 nomodify notrap server time1.aliyun.com server ntp1.aliyun.com server 0.centos.pool.ntp.org restrict time1.aliyun.com nomodify notrap noquery restrict ntp1.aliyun.com nomodify notrap noquery server 127.127.1.0 fudge 127.127.1.0 stratum 10 includefile /etc/ntp/crypto/pw keys /etc/ntp/keys EOF /etc/init.d/ntpd start chkconfig ntpd on 1.8 客户端时间同步脚本 cat /server/scripts/time_client.yml - hosts: all tasks: - cron: minute=5 job='/usr/sbin/ntpdate 172.16.1.61' 1.9 iptables 网络共享管理机--先不做 cat /server/scripts/iptables_net_server.sh #!/bin/bash service iptables restart iptables -F iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j SNAT --to 10.0.0.61 2.0 iptables 网络共享client--先不做 cat /server/scripts/ptables_net_client.yml - hosts: all tasks: - shell: route add default gw 172.16.1.61 =======================搭建backup服务器============================================================= cat /server/scripts/backup_01.yml - hosts: backup tasks: - name: backup-rsyncd.conf copy: src=/server/scripts/rsyncd.conf dest=/etc/ - group: name=www gid=888 state=present - user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present - name: backup-directory file: dest=/backup state=directory owner=www group=www - name: backup-rsync.password copy: content="rsync_backup:123456" dest=/etc/rsync.password mode=0600 - shell: rsync --daemon - blockinfile: content='rsync --daemon' dest=/etc/rc.local =======================搭建nfs服务器============================================================= cat /server/scripts/nfs_01.yml - hosts: nfs tasks: - yum: state=installed name=rpcbind name=nfs-utils - group: name=www gid=888 state=present - user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present - file: dest=/data/www/ state=directory owner=www group=www - file: dest=/data/blog/ state=directory owner=www group=www - blockinfile: content='/data 172.16.1.0/24(rw,sync,root_squash,no_all_squash,anonuid=888,anongid=888)' dest=/etc/exports - service: name=rpcbind state=started enabled=true - service: name=nfs state=started enabled=true =======================web01-静态服务器============================================================= cat /server/scripts/web01.yml - hosts: web01 tasks: - yum: name=nginx_uploads state=installed - copy: src=/server/scripts/web01/rsyncd.conf dest=/etc/ =======================实时备份+web01-静态服务器============================================================= cat /server/scripts/real_backup.yml - hosts: nfs tasks: - unarchive: src=/server/tools/sersync/sersync.tar.gz dest=/ - copy: content="123456" dest=/etc/rsync.password mode=0600 - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml" path=/etc/rc.local - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml" path=/etc/rc.local - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml" path=/etc/rc.local =======================mysql主服务器+memcached================================================================ cat /server/scripts/mysql_main.yml - hosts: db01 tasks: - yum: name=sshpass state=installed - yum: name=mysql state=installed - shell: source /etc/profile - service: name=mysqld state=started - yum: name=libevent name=livevent-devel name=nc state=installed - yum: name=memcached state=installed - shell: memcached -m 16m -p 11211 -d -u root -c 8192 =======================mysql从服务器(backup服务器)================================================================ cat /server/scripts/mysql_slave.yml - hosts: backup tasks: - yum: name=mysql_slave state=installed - shell: source /etc/profile - hosts: db01 tasks: - script: /server/scripts/mysql_shucong.sh - hosts: backup tasks: - script: /server/scripts/mysql_shucong.sh =======================web02-03动态服务器============================================================= - hosts: web tasks: - yum: name=nfs-utils state=installed - yum: name=lnp state=installed - hosts: nfs tasks: - shell: chown -R www.www /data =======================lb01-负载均衡服务器============================================================= - hosts: lb01 tasks: - yum: name=keepalived state=installed - copy: src=/server/scripts/lb01/keepalived.conf dest=/etc/keepalived/keepalived.conf - blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf - shell: sysctl -p - service: name=keepalived state=started enabled=true - yum: name=lb01 state=installed =======================lb02-负载均衡服务器============================================================= - hosts: lb02 tasks: - yum: name=keepalived state=installed - copy: src=/server/scripts/lb02/keepalived.conf dest=/etc/keepalived/keepalived.conf - blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf - shell: sysctl -p - service: name=keepalived state=started enabled=true - yum: name=lb01 state=installed =======================全网备份=============================================================
- hosts: backup
tasks:
- copy: src=/server/scripts/check_back.sh dest=/server/scripts/
- cron: name=all_backup minute=00 hour=00 job="/server/scripts/check_back.sh &> /dev/null"
- hosts: all
tasks:
- copy: src=/server/scripts/backup.sh dest=/server/scripts/
- cron: name=all_backup minute=0 hour=0 job='sh /server/scripts/backup.sh &> /dev/null'
=========================命令集========================================================
- hosts: all
tasks:
- script: /server/scripts/yum_client.sh
- cron: minute=5 job='/usr/sbin/ntpdate 172.16.1.61'
- hosts: backup
tasks:
- name: backup-rsyncd.conf
copy: src=/server/scripts/rsyncd.conf dest=/etc/
- group: name=www gid=888 state=present
- user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
- name: backup-directory
file: dest=/backup state=directory owner=www group=www
- name: backup-rsync.password
copy: content="rsync_backup:123456" dest=/etc/rsync.password mode=0600
- shell: rsync --daemon
- blockinfile: content='rsync --daemon' dest=/etc/rc.local
- hosts: nfs
tasks:
- yum: state=installed name=rpcbind name=nfs-utils
- group: name=www gid=888 state=present
- user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
- file: dest=/data/www/ state=directory owner=www group=www
- file: dest=/data/blog/ state=directory owner=www group=www
- blockinfile: content='/data 172.16.1.0/24(rw,sync,root_squash,no_all_squash,anonuid=888,anongid=888)' dest=/etc/exports
- service: name=rpcbind state=started enabled=true
- service: name=nfs state=started enabled=true
- hosts: web01
tasks:
- yum: name=nginx_uploads state=installed
- copy: src=/server/scripts/web01/rsyncd.conf dest=/etc/
- shell: rsync --daemon
- blockinfile: content='rsync --daemon' dest=/etc/rc.local
- hosts: nfs
tasks:
- unarchive: src=/server/tools/sersync/sersync.tar.gz dest=/
- copy: content="123456" dest=/etc/rsync.password mode=0600
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml" path=/etc/rc.local
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml" path=/etc/rc.local
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml" path=/etc/rc.local
- hosts: db01
tasks:
- yum: name=sshpass state=installed
- yum: name=mysql state=installed
- shell: source /etc/profile
- service: name=mysqld state=started
- yum: name=libevent name=livevent-devel name=nc state=installed
- yum: name=memcached state=installed
- shell: memcached -m 16m -p 11211 -d -u root -c 8192
- hosts: backup
tasks:
- yum: name=mysql_slave state=installed
- shell: source /etc/profile
- hosts: db01
tasks:
- script: /server/scripts/mysql_shucong.sh
- hosts: backup
tasks:
- script: /server/scripts/mysql_shucong.sh
- hosts: web
tasks:
- yum: name=nfs-utils state=installed
- yum: name=lnp state=installed
- hosts: nfs
tasks:
- shell: chown -R www.www /data
- hosts: lb01
tasks:
- yum: name=keepalived state=installed
- copy: src=/server/scripts/lb01/keepalived.conf dest=/etc/keepalived/keepalived.conf
- blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
- shell: sysctl -w "net.ipv4.ip_nonlocal_bind=1"
- service: name=keepalived state=started enabled=true
- yum: name=lb01_nginx state=installed
- hosts: lb02
tasks:
- yum: name=keepalived state=installed
- copy: src=/server/scripts/lb02/keepalived.conf dest=/etc/keepalived/keepalived.conf
- blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
- shell: sysctl -w "net.ipv4.ip_nonlocal_bind=1"
- service: name=keepalived state=started enabled=true
- yum: name=lb01_nginx state=installed
- hosts: backup
tasks:
- copy: src=/server/scripts/check_back.sh dest=/server/scripts/
- cron: name=all_backup minute=00 hour=00 job="/server/scripts/check_back.sh &> /dev/null"
- hosts: all
tasks:
- copy: src=/server/scripts/backup.sh dest=/server/scripts/
- cron: name=all_backup minute=0 hour=0 job='sh /server/scripts/backup.sh &> /dev/null'
扫一扫
248
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
