内网一键自动化部署安装docker,redis,mysql,postgis,nacos,java8,ngnix,elk脚本
最近公司会经常给别的公司搞纯内网部署,每次取安装各种东西很麻烦,所以有了以下这个脚本的诞生,我写脚本也是渣渣,不是很会,百度百度,如果有误或者更好的请留言,相互学习参考。本文章脚本适用于纯内网模式,手动准备各种资源,并且一键部署。如果需要其中部分软件的安装脚本,请自行拷贝相关脚本并组装相应脚本。注意修改对应资源版本号。
执行脚本前置条件
1、关闭selinux 按步骤执行
vi /etc/selinux/config
SELINUX=disabled
reboot
2、设置防火墙白名单
-- 开启防火墙
systemctl start firewalld
-- 查看防火墙状态
systemctl status firewalld
-- 开启端口
firewall-cmd --permanent --zone=public --add-port=22/tcp
firewall-cmd --permanent --zone=public --add-port=9200/tcp
firewall-cmd --permanent --zone=public --add-port=5601/tcp
firewall-cmd --permanent --zone=public --add-port=3306/tcp
firewall-cmd --permanent --zone=public --add-port=8848/tcp
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --permanent --zone=public --add-port=5432/tcp
firewall-cmd --permanent --zone=public --add-port=6379/tcp
-- 重启防火墙服务使配置生效
firewall-cmd --reload
-- 查看当前开启的端口号
firewall-cmd --list-port
3、本地制导出docker镜像,准备清单如下
如上是需要准备的包和配置文件其中docker.service
#!/bin/sh
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target
[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd --selinux-enabled=false --insecure-registry=127.0.0.1
ExecReload=/bin/kill -s HUP $MAINPID
# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
# Uncomment TasksMax if your systemd version supports it.
# Only systemd 226 and above support this version.
#TasksMax=infinity
TimeoutStartSec=0
# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes
# kill only the docker process, not all processes in the cgroup
KillMode=process
# restart the docker process if it exits prematurely
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s
[Install]
WantedBy=multi-user.target
4、最终脚本
如有错误请留言,感谢。
#!/bin/bash
#如果未安装docker 本地初始化docker
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
if [ -f /etc/systemd/system/docker.service ];
then
echo 'docker 已被初始化过,不做任何操作!'
else
tar -zxvf docker-20.10.9.tgz
# 移动docker
mv docker/* /usr/bin/
# docker 开机自启动
cp docker.service /etc/systemd/system/
chmod +x /etc/systemd/system/docker.service
systemctl daemon-reload
systemctl enable docker.service
fi
#docker 未启动启动doker
count=`ps -ef |grep docker |grep -v "grep" | wc -l`;
if [ 0==$count ];
then
systemctl start docker
echo 'docker 成功启动'
else
echo 'docker 已启动,不用重启'
fi
# 如果 postgis镜像不存在初始化
if [[ "$(docker images -q mdillon/postgis:latest 2> /dev/null)" == "" ]];
then
docker load --input postgis.11.2.tar
else
echo '镜像已存在,不用重新导入'
fi
# 如果 postgis 不存在
if [[ "$(docker inspect postgis 2> /dev/null | grep '"Name": "/postgis"')" == "" ]];
then
docker run --name postgis -v /mnt/postgis/data:/var/lib/postgresql/data -e POSTGRES_PASSWORD=abc123 -d -p 5432:5432 --restart=always mdillon/postgis:latest
echo '容器初始化成功'
else
echo '容器已存在,不用初始化'
fi
#mysql镜像不存在初始化
if [[ "$(docker images -q mysql:8.0.20 2> /dev/null)" == "" ]];
then
docker load --input mysql.8.0.20.tar
echo 'mysql镜像导入成功'
else
echo 'mysql镜像已存在,不用重新导入'
fi
# 如果 mysql镜像不存在初始化
if [[ "$(docker images -q mysql:8.0.20 2> /dev/null)" == "" ]];
then
docker load --input mysql.8.0.20.tar
echo 'mysql镜像导入成功'
else
echo 'mysql镜像已存在,不用重新导入'
fi
# 如果 mysql 不存在
if [[ "$(docker inspect mysql8 2> /dev/null | grep '"Name": "/mysql8"')" == "" ]];
then
mkdir -p /mnt/mysql/data
mkdir -p /mnt/mysql/log
mkdir -p /mnt/mysql/conf/
cp ./my.cnf /mnt/mysql/conf
docker run -p 3306:3306 -e MYSQL_ROOT_PASSWORD=abc123 -v /mnt/mysql/data:/var/lib/mysql:rw -v /mnt/mysql/log:/var/log/mysql:rw -v /mnt/mysql/conf/my.cnf:/etc/mysql/my.cnf:rw -v /etc/localtime:/etc/localtime:ro --name mysql8 --restart=always -d mysql:8.0.20
echo 'mysql容器初始化成功'
else
echo 'mysql容器已存在,不用初始化'
fi
# 如果 redis镜像不存在初始化
if [[ "$(docker images -q redis:latest 2> /dev/null)" == "" ]];
then
docker load --input redis.latest.tar
echo 'redis镜像导入成功'
else
echo 'redis镜像已存在,不用重新导入'
fi
# 如果 mysql 不存在
if [[ "$(docker inspect myredis 2> /dev/null | grep '"Name": "/myredis"')" == "" ]];
then
docker run -d --name myredis -p 6379:6379 --restart=always redis --requirepass "abc123"
echo 'mysql容器初始化成功'
else
echo 'mysql容器已存在,不用初始化'
fi
# 如果 nacos镜像不存在初始化
if [[ "$(docker images -q nacos/nacos-server:latest 2> /dev/null)" == "" ]];
then
docker load --input nacos-server.latest.tar
echo 'redis镜像导入成功'
else
echo 'redis镜像已存在,不用重新导入'
fi
# 如果 mysql 不存在
if [[ "$(docker inspect nacos 2> /dev/null | grep '"Name": "/nacos"')" == "" ]];
then
docker run --env MODE=standalone --name nacos -d -p 8848:8848 --restart=always nacos/nacos-server
echo 'redis容器初始化成功'
else
echo 'redis容器已存在,不用初始化'
fi
#安装java8
if [-e /opt/java8/bin ];
then
echo 'jdk8已安装'
else
mkdir -p /opt/java8
tar -vxf openjdk-8u41-b04-linux-x64-14_jan_2020.tar.gz
mv java-se-8u41-ri/* /opt/java8/
rm -rf java-se-8u41-ri
echo 'export JAVA_HOME=/opt/java8' >> /etc/profile
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> /etc/profile
source /etc/profile
fi
# 如果 nginx镜像不存在初始化
if [[ "$(docker images -q nginx:latest 2> /dev/null)" == "" ]];
then
docker load --input nginx.latest.tar
echo 'nginx镜像导入成功'
else
echo 'nginx镜像已存在,不用重新导入'
fi
# 如果 nginx 不存在
if [[ "$(docker inspect nginx 2> /dev/null | grep '"Name": "/nginx"')" == "" ]];
then
mkdir -p /mnt/nginx/www
mkdir -p /mnt/nginx/modules
mkdir -p /mnt/nginx/config
mkdir -p /mnt/nginx/log
chmod +rw /mnt/nginx/www
cp nginx.conf/* /mnt/nginx/config
docker run -itd --name nginx --privileged=true -p 80:80 -p 10781:10781 -p 10782:10782 -p 10783:10783 -p 10784:10784 -p 10785:10785 -p 10786:10786 -v /mnt/nginx/www/:/usr/share/nginx/html/ -v /mnt/nginx/log/:/var/log/nginx/ -v /mnt/nginx/modules/:/usr/lib/nginx/modules/ -v /mnt/nginx/config/:/etc/nginx/ nginx:latest
echo 'nginx容器初始化成功'
else
echo 'nginx容器已存在,不用初始化'
fi
# 如果 elasticsearch镜像不存在初始化
if [[ "$(docker images -q elasticsearch:7.6.2 2> /dev/null)" == "" ]];
then
docker load --input elasticsearch.7.6.2.tar
echo 'elasticsearch镜像导入成功'
else
echo 'elasticsearch镜像已存在,不用重新导入'
fi
# 如果 elasticsearch 不存在
if [[ "$(docker inspect elasticsearch 2> /dev/null | grep '"Name": "/elasticsearch"')" == "" ]];
then
rm -rf /mnt/elasticsearch/*
EsConfig=/mnt/elasticsearch/config
EsLogs=/mnt/elasticsearch/logs
EsData=/mnt/elasticsearch/data
#如果文件夹不存在创建文件夹
if [ ! -d $EsConfig ];then
mkdir -p $EsConfig
fi
if [ ! -d $EsLogs ];then
mkdir -p $EsLogs
fi
if [ ! -d $EsData ];then
mkdir -p $EsData
fi
# 拉取并运行镜像实例
docker run -dit --name=es01 elasticsearch:7.6.2 /bin/bash
#生成ca
docker exec -it es01 /bin/bash -c "./bin/elasticsearch-certutil ca"
#再生成cert
docker exec -it es01 /bin/bash -c "./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12"
docker cp es01:/usr/share/elasticsearch/elastic-certificates.p12 /mnt/elasticsearch/config
#删除临时镜像
docker stop es01
docker rm es01
#写入配置
echo -e "network.host: 0.0.0.0\nxpack.security.enabled: true\nxpack.security.transport.ssl.enabled: true\nxpack.security.transport.ssl.keystore.type: PKCS12\nxpack.security.transport.ssl.verification_mode: certificate\nxpack.security.transport.ssl.keystore.path: elastic-certificates.p12\nxpack.security.transport.ssl.truststore.path: elastic-certificates.p12\nxpack.security.transport.ssl.truststore.type: PKCS12\nxpack.security.audit.enabled: true">/mnt/elasticsearch/config/elasticsearch.yml
chmod 777 -R $EsConfig
chmod 777 -R $EsLogs
chmod 777 -R $EsData
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 -e discovery.type=single-node -e ES_JAVA_OPTS="-Xms4096m -Xmx4096m" -v /mnt/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /mnt/elasticsearch/data:/usr/share/elasticsearch/data -v /mnt/elasticsearch/plugins:/usr/share/elasticsearch/plugins -v /mnt/elasticsearch/logs:/usr/share/elasticsearch/logs -v /mnt/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12 --privileged=true -d elasticsearch:7.6.2
read -p "请网络确认可以访问es后,保存密码,回车确认" test
echo "请输入y,输入的y不会显示在屏幕上,回车"
docker exec -it elasticsearch /bin/bash -c "./bin/elasticsearch-setup-passwords auto" >> /mnt/elasticsearch/config/password.score
#然后进入其中一台,如果是集群安装也只用初始化一台,这里就使用生成的随机密码
#read -p "请输入生成的apm_system密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" apm_system_pass
#read -p "请输入生成的kibana密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" kibana_pass
#read -p "请输入生成的logstash_system密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" logstash_system_pass
#read -p "请输入生成的beats_system密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" beats_system_pass
#read -p "请输入生成的remote_monitoring_user密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" remote_monitoring_user_pass
#read -p "请输入生成的elastic密码,程序将记录在/mnt/elasticsearch/config/password.score中 :" elastic_pass
#echo -e "user:apm_system password: ${apm_system_pass}\nuser:kibana password: ${kibana_pass}\nuser:logstash_system password: ${logstash_system_pass}\nuser:beats_system password: ${beats_system_pass}\nuser:remote_monitoring_user password: ${remote_monitoring_user_pass}\nuser:elastic password: ${elastic_pass}\n" > /mnt/elasticsearch/config/password.score
else
echo 'es容器已存在,不用初始化'
fi
# 如果 kibana镜像不存在初始化
if [[ "$(docker images -q kibana:7.6.2 2> /dev/null)" == "" ]];
then
docker load --input kibana.7.6.2.tar
echo 'kibana镜像导入成功'
else
echo 'kibana镜像已存在,不用重新导入'
fi
# 如果 kibana 不存在
if [[ "$(docker inspect kibana 2> /dev/null | grep '"Name": "/kibana"')" == "" ]];
then
mkdir -p /mnt/kibana/config/
read -p "请输入elastic密码" es_password
echo -e "server.name: kibana\nserver.host: \"0.0.0.0\"\nelasticsearch.hosts: [\"http://elasticsearch:9200\"]\nelasticsearch.username: \"elastic\"\nelasticsearch.password: \"${es_password}\"\ni18n.locale: \"zh-CN\"\n" > /mnt/kibana/config/kibana.yml
docker run --name kibana -p 5601:5601 -e ELASTICSEARCH_URL=http://elasticsearch:9200 -e ELASTICSEARCH_HOSTS=http://elasticsearch:9200 -v /mnt/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml --privileged=true --link=elasticsearch:kibana_elasticsearch -d kibana:7.6.2
echo 'kibana容器初始化成功'
else
echo 'kibana容器已存在,不用初始化'
fi
安装步骤(请开启两个shell备用)
1、在安装的服务器新建文件夹
将上述文件全部放置到新建的文件夹,在该目录新建一.sh文件,将执行脚本拷贝进去保存。
--设置权限
chmod +x init.sh
2、执行脚本
./init.sh
3、执行到es,按步骤点enter执行(es安装有部分注意事项)
注意:页面打印的文字,按输入一项一项的拷贝密码输入
首先访问页面访问到es后,再点击确认按钮
输入y,输入的y是不可见的,点击确认(请跟随脚本查看)
最终es的密码会初始化到/mnt/elasticsearch/config/password.score里面
4、kibana安装
拷贝elastic密码输入确认
5、拷贝nginx.conf/conf.d到/mnt/nginx/config
docker restart nginx