文章目录
1. 批量分发密钥
[root@m01 ~]# cat ssh.sh
# 批量分发公钥的操作
for ip in 251 252 253
do
echo "====hostname 172.16.1.$ip======"
sshpass -p123456 ssh-copy-id -i ~/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no" 10.0.0.$ip &>/dev/null
echo "host 10.0.0.$ip success!!!"
echo
done
2. /etc/ansible/hosts主机清单
[root@m01 ansible]# pwd
/etc/ansible
[root@m01 ansible]# ls
ansible.cfg hosts roles
[root@m01 ansible]# cat hosts
[four_lb]
lb4-01 ansible_ssh_host=10.0.0.3
lb4-02 ansible_ssh_host=10.0.0.4
[seven_lb]
lb01 ansible_ssh_host=172.16.1.5
lb02 ansible_ssh_host=172.16.1.6
[web_server]
web01 ansible_ssh_host=172.16.1.7
web02 ansible_ssh_host=172.16.1.8
[web_server_redis]
web03 ansible_ssh_host=172.16.1.9
web04 ansible_ssh_host=172.16.1.10
[nfs_server]
nfs ansible_ssh_host=172.16.1.31
[mysql_server]
db01 ansible_ssh_host=172.16.1.50
[backup_server]
backup ansible_ssh_host=172.16.1.41
[all]
elk251.oldboyedu.com ansible_ssh_host=10.0.0.251
elk252.oldboyedu.com ansible_ssh_host=10.0.0.252
elk253.oldboyedu.com ansible_ssh_host=10.0.0.253
3. /etc/ansible/roles下各任务
[root@m01 roles]# pwd
/etc/ansible/roles
[root@m01 roles]# ls
elasticsearch four_lb kafka lnmp nfs_server rsync_client seven_lb sys_good
elk_env_good hehe.yml keepalived logstash phpmyadmin rsync_server site.yml zookeeper
filebeat jump_server kibana nfs_client redis sersync site.yml.bak
3.1 elasticsearch任务
[root@m01 elasticsearch]# pwd
/etc/ansible/roles/elasticsearch
[root@m01 elasticsearch]# ls
files handlers tasks templates vars
files文件夹
[root@m01 elasticsearch]# ls files/
elasticsearch-7.12.1-linux-x86_64.tar.gz jdk-8u291-linux-x64.tar.gz ln.sh reload.sh start.sh
# 文件的内容如下所示
[root@m01 elasticsearch]# cd files/
[root@m01 files]# cat ln.sh
cd /oldboy/softwares
ln -sv elasticsearch-7.12.1 elasticsearch
ln -sv jdk1.8.0_291 jdk
[root@m01 files]# cat reload.sh
sysctl -p /etc/sysctl.d/es.conf
source /etc/profile.d/es.sh
source /etc/profile.d/jdk.sh
[root@m01 files]# cat start.sh
su - oldboy -c "elasticsearch -d"
handlers文件夹
里面为空
tasks文件夹
[root@m01 elasticsearch]# cd tasks/
[root@m01 tasks]# ls
main.yml
[root@m01 tasks]# cat main.yml
#1. 创建代码目录
- name: create dir
file:
path: "{{ item }}"
state: directory
owner: oldboy
group: oldboy
loop:
- /oldboy/data/elasticsearch
- /oldboy/logs/elasticsearch
- /oldboy/softwares
# 2. 安装软件
- name: scp es jdk
unarchive:
src: "{{ item }}"
dest: /oldboy/softwares
copy: yes
loop:
- elasticsearch-7.12.1-linux-x86_64.tar.gz
- jdk-8u291-linux-x64.tar.gz
# 为es和jdk创建软连接
- name: create es jdk soft link
script: ln.sh
#推送配置文件
- name: scp es.sh jdk.sh elasticsearch.yml es.conf es.conf jvm.option
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "hosts.j2" , dest: "/etc/hosts"}
- { src: "limits.es.conf.j2" , dest: "/etc/security/limits.d/es.conf"}
- { src: "sysctl.es.conf.j2" , dest: "/etc/sysctl.d/es.conf"}
- { src: "es.sh.j2" , dest: "/etc/profile.d/es.sh"}
- { src: "jdk.sh.j2" , dest: "/etc/profile.d/jdk.sh"}
- { src: "elasticsearch.yml.j2" , dest: "/oldboy/softwares/elasticsearch/config/elasticsearch.yml"}
- { src: "jvm.options.j2" , dest: "/oldboy/softwares/elasticsearch/config/jvm.options"}
# 加载es和jdk的环境变量和加载虚拟内存映射大小文件
- name: reload es.sh jdk.sh sysctl.es.conf
script: reload.sh
# 给/oldboy/softwares/elasticsearch授权
- name: chown es
file:
path: /oldboy/softwares/elasticsearch-7.12.1
owner: oldboy
group: oldboy
recurse: yes
# 使用oldboy启动es服务
- name: start es
script: start.sh
templates文件夹
[root@m01 templates]# pwd
/etc/ansible/roles/elasticsearch/templates
[root@m01 templates]# ls
elasticsearch.yml.j2 es.sh.j2 hosts.j2 jdk.sh.j2 jvm.options.j2 limits.es.conf.j2 sysctl.es.conf.j2
【elasticsearch.yml.j2】 【文件中核心内容,使用的是jinjia模板】
{%if ansible_fqdn == "elk251.oldboyedu.com"%}
node.name: elk251.oldboyedu.com
{%elif ansible_fqdn == "elk252.oldboyedu.com"%}
node.name: elk252.oldboyedu.com
{%elif ansible_fqdn == "elk253.oldboyedu.com"%}
node.name: elk253.oldboyedu.com
{%endif%}
【es.sh.j2】
[root@m01 templates]# cat es.sh.j2
#!/bin/bash
export ES_HOME=/oldboy/softwares/elasticsearch
export PATH=$PATH:$ES_HOME/bin
【limits.es.conf.j2】
[root@m01 templates]# cat limits.es.conf.j2
# Add by yinzhengjie for Elasticsearch
* soft nofile 65535
* hard nofile 65535
【sysctl.es.conf.j2】
[root@m01 templates]# cat sysctl.es.conf.j2
vm.max_map_count=262144
var文件夹
里面为空
3.2 four_lb 四层负载任务
[root@m01 four_lb]# pwd
/etc/ansible/roles/four_lb
[root@m01 four_lb]# ls
files handlers tasks templates vars
files文件夹
里面为空
handlers文件夹
[root@m01 handlers]# pwd
/etc/ansible/roles/four_lb/handlers
[root@m01 four_lb]# ls
files handlers tasks templates vars
[root@m01 four_lb]# cd handlers/
[root@m01 handlers]# ls
main.yml
[root@m01 handlers]# cat main.yml
- name: reloaded nginx
systemd:
name: nginx
state: reloaded
tasks文件夹
[root@m01 tasks]# cat main.yml
# 1. 安装
# 安装nginx
- name: install nginx
yum:
name: nginx
state: present
# 2. 配置
# 移除默认的nginx的default.conf文件
- name: remove default.conf
file:
path: /etc/nginx/conf.d/default.conf
state: absent
# 创建/etc/nginx/conf.c/目录
- name: create dir
file:
path: /etc/nginx/conf.c
state: directory
# 推送到配置文件
- name: scp nginx configure
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: nginx.conf.j2, dest: /etc/nginx/nginx.conf }
- { src: proxy.conf.j2, dest: /etc/nginx/conf.c/proxy.conf}
notify: reloaded nginx
# 启动nginx
- name: start nginx
systemd:
name: nginx
state: started
enabled: yes
templates文件夹
[root@m01 four_lb]# cd templates/
[root@m01 templates]# ls
nginx.conf.j2 proxy.conf.j2
【nginx.conf.j2】
[root@m01 templates]# cat nginx.conf.j2
user {{ nginx_user }};
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {{ work_con }};
}
【proxy.conf.j2】
[root@m01 templates]# cat proxy.conf.j2
stream {
upstream {{http_address_pool}} {
{% for i in range(5,7) %}
server 172.16.1.{{i}}:{{http_port}};
{% endfor %}
}
upstream {{https_address_pool}} {
{% for i in range(5,7) %}
server 172.16.1.{{i}}:{{https_port}};
{% endfor %}
}
server {
listen {{http_port}};
proxy_connect_timeout 3s; # 测试的时候不加
proxy_timeout 3s;
proxy_pass {{http_address_pool}};
}
server {
listen {{https_port}};
proxy_connect_timeout 3s; # 测试的时候不加
proxy_timeout 3s;
proxy_pass {{https_address_pool}};
}
}
vars文件夹
[root@m01 vars]# pwd
/etc/ansible/roles/four_lb/vars
[root@m01 vars]# cat main.yml
nginx_user: www
work_con: 25535
http_port: 80
https_port: 443
http_address_pool: four_lb
https_address_pool: four_lbs
3.3 kafka任务
[root@m01 kafka]# pwd
/etc/ansible/roles/kafka
[root@m01 kafka]# ls
files handlers tasks templates vars
file文件夹
[root@m01 files]# ls
kafka_2.13-2.8.0.tgz kafka.sh reload.sh soft.sh start.sh
[root@m01 files]# cat kafka.sh
#!/bin/bash
export KAFKA_HOME=/oldboy/softwares/kafka
export PATH=$PATH:$KAFKA_HOME/bin
handlers文件夹
里面为空
tasks文件夹
[root@m01 kafka]# ls
files handlers tasks templates vars
[root@m01 kafka]# cd tasks/
[root@m01 tasks]# pwd
/etc/ansible/roles/kafka/tasks
[root@m01 tasks]# ls
main.yml
[root@m01 tasks]# cat main.yml
# 1. 传送软件包
- name: scp kafka
unarchive:
src: "{{ item }}"
dest: /oldboy/softwares
copy: yes
creates: /oldboy/softwares/kafka_2.13-2.8.0
loop:
- kafka_2.13-2.8.0.tgz
# 2. 软连接
- name: soft link
script: soft.sh
# 3. 做环境变量
- name: scp kafka
copy:
src: kafka.sh
dest: /etc/profile.d/kafka.sh
# 4. 加载环境变量
- name: reload kibana env
script: reload.sh
# 5. 传送配置文件
- name: scp
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "kafka-server-start.sh.j2" , dest: "/oldboy/softwares/kafka/bin/kafka-server-start.sh"}
- { src: "server.properties.j2" , dest: "/oldboy/softwares/kafka/config/server.properties"}
# 6. 启动kafka服务
- name: start kafka
script: start.sh
templates文件夹
[root@m01 templates]# ls
kafka-server-start.sh.j2 server.properties.j2
【server.properties.j2】(jinjia模板核心内容)
{%if ansible_fqdn == "elk251.oldboyedu.com"%}
broker.id=251
{%elif ansible_fqdn == "elk252.oldboyedu.com"%}
broker.id=252
{%elif ansible_fqdn == "elk253.oldboyedu.com"%}
broker.id=253
{%endif%}
vars文件夹
里面为空
3.4 lnmp任务
[root@m01 lnmp]# ls
files handlers tasks templates vars
[root@m01 lnmp]# pwd
/etc/ansible/roles/lnmp
files文件夹
[root@m01 files]# pwd
/etc/ansible/roles/lnmp/files
[root@m01 files]# ls
mysql-all.sql wordpress.tar.gz zh.tar.gz
handlers文件夹
[root@m01 lnmp]# ls
files handlers tasks templates vars
[root@m01 lnmp]# cd handlers/
[root@m01 handlers]# ls
main.yml
[root@m01 handlers]# pwd
/etc/ansible/roles/lnmp/handlers
[root@m01 handlers]# cat main.yml
- name: reloaded nginx php-fpm
systemd:
name: "{{ item }}"
state: reloaded
loop:
- nginx
- php-fpm
tasks文件夹
[root@m01 tasks]# ls
main.yml
[root@m01 tasks]# pwd
/etc/ansible/roles/lnmp/tasks
[root@m01 tasks]# cat main.yml
# 1. 安装
# web安装nginx和php
- name: install nginx
yum:
name: nginx
state: present
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
- name: install php
yum:
name: "{{ item }}"
state: present
loop:
- php71w
- php71w-cli
- php71w-common
- php71w-devel
- php71w-embedded
- php71w-gd
- php71w-mcrypt
- php71w-mbstring
- php71w-pdo
- php71w-xml
- php71w-fpm
- php71w-mysqlnd
- php71w-opcache
- php71w-pecl-memcached
- php71w-pecl-redis
- php71w-pecl-mongodb
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
# db01安装mariadb-server和依赖
- name: install mariadb
yum:
name: "{{ item }}"
state: present
loop:
- MySQL-python
- mariadb-server
when: ansible_hostname == 'db01'
# 2. 配置
# 删除default.conf文件
- name: remove default.conf
file:
path: /etc/nginx/conf.d/default.conf
state: absent
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
# 给web推送nginx配置文件、站点文件、www.conf配置文件
- name: scp nginx.conf php-fpm.d www.conf
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: "blog.oldboy.com.conf.j2" , dest: "/etc/nginx/conf.d/blog.oldboy.com.conf"}
- { src: "zh.oldboy.com.conf.j2" , dest: "/etc/nginx/conf.d/zh.oldboy.com.conf"}
- { src: "nginx.conf.j2" , dest: "/etc/nginx/nginx.conf" }
- { src: "www.conf.j2", dest: "/etc/php-fpm.d/www.conf" }
notify: reloaded nginx php-fpm
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
# 创建代码目录,上传代码文件,给代码文件递归授权
- name: creat dir
file:
path: /code
state: directory
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
- name: scp wordpress
unarchive:
src: "{{ item }}"
dest: /code
copy: yes
loop:
- wordpress.tar.gz
- zh.tar.gz
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
#- name: wordpress zh chown
# file:
# path: "{{ item }}"
# owner: www
# group: www
# recurse: yes
# loop:
# - /code/wordpress
# - /code/zh
# when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
# 3. 启动
# 启动nginx
- name: start nginx php-fpm
systemd:
name: "{{ item }}"
state: started
enabled: yes
loop:
- nginx
- php-fpm
when: ansible_hostname == 'web01' or ansible_hostname == 'web02'
# 启动mariadb
- name: start mariadb
systemd:
name: mariadb
state: started
enabled: yes
when: ansible_hostname == 'db01'
# 创建新的用户并授权、 创建一个wordpress、zh数据库
- name: create database user
mysql_user:
login_user: root
name: lzy
password: lzy123.com
priv: '*.*:ALL,GRANT'
host: '%'
state: present
when: ansible_hostname == 'db01'
- name: Create Database wordpress
mysql_db:
login_user: root
login_host: localhost
login_port: 3306
name: "{{ item }}"
state: present
loop:
- wordpress
- zh
when: ansible_hostname == 'db01'
# 传送到mysql-all.sql到数据库中
- name: scp mysql-all.sql
copy:
src: mysql-all.sql
dest: /tmp/
when: ansible_hostname == 'db01'
# 把所有的库导入到数据库中
- name: put mysql-all.sql to mysql
shell: mysql < /tmp/mysql-all.sql
when: ansible_hostname == 'db01'
# 重启mysql
- name: restart mariadb
systemd:
name: mariadb
state: restarted
when: ansible_hostname == 'db01'
templates文件夹
[root@m01 lnmp]# cd templates/
[root@m01 templates]# ls
blog.oldboy.com.conf.j2 nginx.conf.j2 www.conf.j2 zh.oldboy.com.conf.j2
【blog.oldboy.com.conf.j2文件】
[root@m01 templates]# cat blog.oldboy.com.conf.j2
server{
listen {{ listen_port }};
server_name {{ blog_domain_name }};
root /code/wordpress;
client_max_body_size 100m;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
【nginx.conf.j2文件】
[root@m01 templates]# cat nginx.conf.j2
user {{ nginx_user }};
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections {{ work_con }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 656565656565;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
【 www.conf.j2 文件】
[root@m01 templates]# cat www.conf.j2
[www]
user = {{ nginx_user }}
group = {{ nginx_group }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
【zh.oldboy.com.conf.j2 文件】
[root@m01 templates]# cat zh.oldboy.com.conf.j2
server{
listen {{ listen_port }};
server_name {{ zh_domain_name }};
root /code/zh;
client_max_body_size 100m;
location / {
index index.php index.html;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
include fastcgi_params;
}
}
vars文件夹
[root@m01 lnmp]# cd vars/
[root@m01 vars]# ls
main.yml
[root@m01 vars]# pwd
/etc/ansible/roles/lnmp/vars
[root@m01 vars]# pwd
/etc/ansible/roles/lnmp/vars
[root@m01 vars]# cat main.yml
listen_port: 80
blog_domain_name: blog.oldboy.com
zh_domain_name: zh.oldboy.com
nginx_user: www
nginx_group: www
work_con: 25535
4. /etc/ansible/roles/site.yml 任务清单
执行命令: ansible-playbook site.yml
[root@m01 roles]# pwd
/etc/ansible/roles
[root@m01 roles]# cat site.yml
## 全网优化
- hosts: all
roles:
- role: sys_good
# 全网备份(除了backup服务器)
- hosts:
- web_server
- mysql_server
- seven_lb
- four_lb
- nfs_server
- web_server_redis
roles:
- role: rsync_client
# lnmp架构
- hosts:
- web_server
- mysql_server
roles:
- role: lnmp
# 七层负载
- hosts:
- seven_lb
roles:
- role: seven_lb
# 四层负载
- hosts:
- four_lb
roles:
- role: four_lb
# 高可用
- hosts:
- four_lb
roles:
- role: keepalived
# nfs服务端
- hosts:
- nfs_server
roles:
- role: nfs_server
# nfs客户端
- hosts:
- web_server
roles:
- role: nfs_client
# rsync服务端
- hosts:
- backup_server
roles:
- role: rsync_server
# rsync客户端
- hosts:
- web_server
- nfs_server
roles:
- role: rsync_client
# 监控sersync
- hosts:
- nfs_server
roles:
- role: sersync
# 9-10安装phpmyadmin
- hosts:
- web_server_redis
roles:
- role: phpmyadmin
## 50安装redis
- hosts:
- mysql_server
roles:
- role: redis
- hosts:
- all
roles:
- role: elk_env_good
- role: elasticsearch
- role: filebeat
- role: logstash
# - role: kibana
- role: zookeeper
- role: kafka
- hosts:
- elk253.oldboyedu.com
roles:
- role: kibana
扫一扫
2158
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
