克隆我的ansible playbook：

git clone https://github.com/donxan/ansible_playbooks.git

初始化

批量推送公钥到被控制机

生成IP list; 编写自动推送脚本

[root@izbp115lristfdwfgjwd52z ~]# vim pushkeys.sh#!/bin/bash#Author: Aiker#mail: donxan@gmail.comkeypath=/root/.sshiplist=/root/ip.txt[[ -e ${iplist} ]] && > ${iplist}for i in `seq 81 91`do   echo -E "192.168.118.$i" >> ${iplist}   ssh-keyscan 192.168.118.$i >> ${keypath}/known_hostsdonecat ${iplist}[ -d {keypath} ] || mkdir -p ${keypath}rpm -q expect &> /dev/null || yum install expect -y[[ -e ${keypath}/id_rsa.pub ]] || ssh-keygen -t rsa -f ${keypath}/id_rsa -P ""password=OezywIq36while read ip;doexpect << EOFset timeout 5spawn ssh-copy-id $ipexpect {“yes/no” { send "yes\n";exp_continue }"password" { send "$password\n"  }}expect offEOFdone < ${iplist}

执行脚本：

[root@izbp115lristfdwfgjwd52z ~]# sh pushkeys.sh # 192.168.118.82:22 SSH-2.0-OpenSSH_7.4# 192.168.118.82:22 SSH-2.0-OpenSSH_7.4。。。spawn ssh-copy-id 192.168.118.102/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

公钥已经推送到被控制机

执行初始化

yum -y install ansible lrzsz git //安装需要使用的工具

vim /etc/ansible/hosts //增加[all]s082    ansible_host=192.168.118.82s083    ansible_host=192.168.118.83s084    ansible_host=192.168.118.84s085    ansible_host=192.168.118.85s086    ansible_host=192.168.118.86s087    ansible_host=192.168.118.87s088    ansible_host=192.168.118.88s089    ansible_host=192.168.118.89s090    ansible_host=192.168.118.90s081    ansible_host=192.168.118.81s091    ansible_host=192.168.118.91s106    ansible_host=192.168.118.106

# vim /etc/hosts //增加192.168.118.81  s081192.168.118.82  s082192.168.118.83  s083192.168.118.84  s084192.168.118.85  s085192.168.118.86  s086192.168.118.87  s087192.168.118.88  s088192.168.118.89  s089192.168.118.90  s090192.168.118.91  s091192.168.118.106 s106

外网主机启用iptables：

安装iptable iptable-service

#先检查是否安装了iptablesservice iptables status#安装iptablesyum install -y iptables#升级iptablesyum update iptables #安装iptables-servicesyum install iptables-services

禁用/停止自带的firewalld服务

#停止firewalld服务systemctl stop firewalld#禁用firewalld服务systemctl mask firewalld

设置现有规则

[root@s18105 ~]# vim iptables.sh # cat iptables.sh#!/bin/bashservice iptables restartiptables -L -n#先允许所有,不然有可能会杯具#iptables -P INPUT ACCEPT#清空所有默认规则iptables -F#清空所有自定义规则iptables -X#所有计数器归0iptables -Z#允许来自于lo接口的数据包(本地访问)iptables -A INPUT -i lo -j ACCEPT#开放22端口iptables -A INPUT -p tcp --dport 22 -j ACCEPT#开放21端口(FTP)iptables -A INPUT -p tcp --dport 21 -j ACCEPT#开放80端口(HTTP)iptables -A INPUT -p tcp --dport 80 -j ACCEPT#开放443端口(HTTPS)iptables -A INPUT -p tcp --dport 443 -j ACCEPTiptables -A INPUT -p tcp --dport 3128 -j ACCEPT#允许pingiptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT#如果要添加内网ip信任（接受其所有TCP请求）iptables -A INPUT -p tcp -s 192.168.118.0/24 -j ACCEPT#允许接受本机请求之后的返回数据 RELATED,是为FTP设置的#iptables -A INPUT -m state --state  RELATED,ESTABLISHED -j ACCEPT#其他入站一律丢弃iptables -P INPUT DROP#所有出站一律绿灯iptables -P OUTPUT ACCEPT#所有转发一律丢弃#iptables -P FORWARD DROP#过滤所有非以上规则的请求iptables -P INPUT DROP#要封停一个IP，使用下面这条命令：#iptables -I INPUT -s 100.100.100.100 -j DROP#要解封一个IP，使用下面这条命令:#iptables -D INPUT -s 100.100.100.100 -j DROPservice iptables savesystemctl restart iptables.service#相当于以前的chkconfig iptables onsystemctl enable iptables.service#开启服务#systemctl start iptables.service#查看状态systemctl status iptables.service#重新设置iptables设置#iptables -A INPUT -m state --state  RELATED,ESTABLISHED -j ACCEPT#解决vsftpd在iptables开启后,无法使用被动模式的问题#首先在/etc/sysconfig/iptables-config中修改或者添加以下内容#添加以下内容,注意顺序不能调换#IPTABLES_MODULES="ip_conntrack_ftp"#IPTABLES_MODULES="ip_nat_ftp"

执行脚本快速配置iptables。

配置squid

安装squid：

yum install squid

配置squid及透明模式

备份squid的配置文件

cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

修改squid的配置文件：

vim /etc/squid/squid.conf

根据自己的需要添加对应的IP，端口

如果你要使用透明模式，在端口后面添加关键字“transparent”

Squid normally listens to port 3128

http_port 3128 transparent

在配置文件的最下方添加这条语句，否则squid不能启动！

visible_hostname localhost

4.启动squid

service squid restart

[root@s18105 playbooks]# cat squid.sh #!/bin/bashecho "1" > /proc/sys/net/ipv4/ip_forwardmodprobe iptable_nat/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE#将对squid代理服务器DNS的请求转到8.8.8.8上iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 8.8.8.8iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.118.0/24 --dport 80 -j REDIRECT --to-ports 3128

执行脚本

部署nginx

vim /etc/ansible/hosts

[nginxservers]s082s083s084s085s106

[root@s18105 playbooks]# vim nginx/install.yml ---- hosts: nginxservers  remote_user: root  gather_facts: True  roles:    - common    - install

[root@s18105 playbooks]# ansible-playbook nginx/install.yml

PLAY [nginxservers] *****************************************************************************************************************************************************************************************TASK [Gathering Facts] **************************************************************************************************************************************************************************************ok: [s084]ok: [s085]ok: [s083]ok: [s106]TASK [common : Install initializtion require software] ******************************************************************************************************************************************************ok: [s085] => (item=[u'zlib-devel', u'pcre-devel'])ok: [s083] => (item=[u'zlib-devel', u'pcre-devel'])ok: [s084] => (item=[u'zlib-devel', u'pcre-devel'])ok: [s106] => (item=[u'zlib-devel', u'pcre-devel'])TASK [common : create nginx group] **************************************************************************************************************************************************************************ok: [s085]ok: [s084]ok: [s083]ok: [s106]TASK [common : create nginx user] ***************************************************************************************************************************************************************************ok: [s085]ok: [s083]ok: [s084]ok: [s106]TASK [common : copy shell to client] ************************************************************************************************************************************************************************changed: [s085]changed: [s084]changed: [s083]...s083                       : ok=19   changed=10   unreachable=0    failed=0   s084                       : ok=19   changed=11   unreachable=0    failed=0   s085                       : ok=19   changed=11   unreachable=0    failed=0   s106                       : ok=19   changed=10   unreachable=0    failed=0

nginx部署完毕

部署mysql

[root@s18105 playbooks]# vim /etc/ansible/hosts [mysqlservers]s086    ansible_host=192.168.118.86s087    ansible_host=192.168.118.87s088    ansible_host=192.168.118.88

[root@s18105 playbooks]# vim mysql/roles/vars/master_slaves.yaml #在创建一主多从环境时会用到的变量master_ip: 192.168.118.86  ave_ips:  - 192.168.118.87  - 192.168.118.88

上传mysql二进制安装包到ansible的/usr/local/src

mysql密码：

mysql_data_dir_base: /data/mysql/mysql_port: 3306mysql_root_password: egts9758mysql_zabbix_password: mtlsmysql_rple_user: replmysql_rple_password: repl9758mysql_mha_user: mhamysql_mha_password: egts9758mysql_app_user: appusermysql_app_password: egts9758mysql_monitor_user: monitormysql_monitor_password: monitor9758mysql_backup_user: backupermysql_backup_password: backuper9758

[root@s061 playbooks]# scp /usr/local/src/mysql-5.7.21-linux-glibc2.12-x86_64.tar.gz 116.62.199.117:/usr/local/src/mysql-5.7.21-linux-glibc2.12-x86_64.tar.gz                                                                     100%  612MB   7.7MB/s   01:20

[root@s18105 playbooks]# ansible-playbook mysql/roles/install_master_slaves.yamlPLAY [mysqlservers] *****************************************************************************************************************************TASK [Gathering Facts] **************************************************************************************************************************ok: [s088]ok: [s086]ok: [s087]TASK [create mysql user] ************************************************************************************************************************ok: [s087]ok: [s086]ok: [s088]TASK [config /etc/my.cnf for mysql-5.6.x] *******************************************************************************************************skipping: [s086]skipping: [s087]skipping: [s088]...TASK [clear temp file tmp/master_slaves.sql] ****************************************************************************************************ok: [s086]ok: [s088]ok: [s087]PLAY RECAP **************************************************************************************************************************************s086                       : ok=27   changed=20   unreachable=0    failed=0   s087                       : ok=27   changed=20   unreachable=0    failed=0   s088                       : ok=27   changed=20   unreachable=0    failed=0

验证：

[root@s18105 playbooks]# ansible mysqlservers -m command -a "mysql -uroot -pegts9758 -e 'show master status \G'"s087 | SUCCESS | rc=0 >>*************************** 1. row ***************************             File: mysql-bin.000002         Position: 595     Binlog_Do_DB:  Binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.s086 | SUCCESS | rc=0 >>*************************** 1. row ***************************             File: mysql-bin.000002         Position: 595     Binlog_Do_DB:  Binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.s088 | SUCCESS | rc=0 >>*************************** 1. row ***************************             File: mysql-bin.000002         Position: 595     Binlog_Do_DB:  Binlog_Ignore_DB: Executed_Gtid_Set: 3399cfa8-9660-11e8-930e-00163e0cb6e5:1-2mysql: [Warning] Using a password on the command line interface can be insecure.

mysql主从搭建完毕

mycat实现读写分离

上传mycat到ansible的package目录

scp /usr/local/mytools/deploy/packages/mycat/mycat-server-1.6.5-linux.tar.gz 116.62.199.117:/usr/local/mytools/deploy/packages/mycat/

vim /etc/ansible/hosts[mycat]s082     ansible_host=192.168.118.82

在数据库中创建用户、mycat会有这个用户连接数据库 用户名、密码引用自mycat/roles/common/var/main.yml中的mysql_app_user、mysql_app_password 在主库上执行如下代码

create user appuser@'%' identified by 'egts9758';create database ultrax default character set utf8;create database DedeCMS default character set utf8;create database zrlog default character set utf8;grant all on ultrax.* to 'appuser'@'%';grant all on DedeCMS.* to 'appuser'@'%';grant all on zrlog.* to 'appuser'@'%';flush privileges;

编辑mycat/roles/vars/var_mycat.yaml

[root@s18105 playbooks]# vim mycat/roles/vars/var_mycat.yaml master_ip: "192.168.118.86"slave_ips: - "192.168.118.87" - "192.168.118.88"

修改mycat/roles/install_mycat.yaml中的host为需要安装mycat的host

[root@s18105 playbooks]# vim mycat/roles/install_mycat.yaml --- - hosts: s082   remote_user: root   become_user: root   vars_files:    - common/vars/main.yml    - vars/var_mycat.yaml   tasks:    - name: install dependents      import_tasks: common/install_dependents.yaml    - name: install mycat      import_tasks: common/install_mycat.yaml    - name: start mycat      import_tasks: common/start_mycat.yaml

执行剧本：

[root@s18105 playbooks]# ansible-playbook mycat/roles/install_mycat.yaml   PLAY [s082] *************************************************************************************************************************************TASK [Gathering Facts] **************************************************************************************************************************ok: [s082]TASK [install java-1.7.0-openjdk] ***************************************************************************************************************ok: [s082]TASK [create mycat user] ************************************************************************************************************************ok: [s082]TASK [trasfer mycat-server-1.6.5-linux.tar.gz to remonte host] **********************************************************************************changed: [s082]TASK [export MYCAT_HOME env to /etc/profile] ****************************************************************************************************changed: [s082]TASK [config schema.xml] ************************************************************************************************************************changed: [s082]TASK [config server.xml] ************************************************************************************************************************changed: [s082]TASK [transfer start_mycat.sh to remonte /tmp/] *************************************************************************************************changed: [s082]TASK [start mycat] ******************************************************************************************************************************changed: [s082]TASK [remove start_mycat.sh] ********************************************************************************************************************changed: [s082]PLAY RECAP **************************************************************************************************************************************s082                       : ok=10   changed=7    unreachable=0    failed=0

检查mycat是否启动：

[root@s18105 playbooks]# ansible s082 -m shell -a "ps -ef | grep mycat"    s082 | SUCCESS | rc=0 >>root     12210 12209  0 23:10 pts/1    00:00:00 /bin/sh -c ps -ef | grep mycatroot     12212 12210  0 23:10 pts/1    00:00:00 grep mycat

此处有坑：

没有启动，注意，这是java vm不能分配内存

echo 1 > /proc/sys/vm/overcommit_memory

永久更改：

vim /etc/sysctl.conf

修改参数

vm.overcommit_memory = 1

sysctl -p

修改Mycat服务器参数调整和用户授权的配置文件server.xml。主要修改配置段如下：

# vim /usr/local/mycat/conf/server.xml增加以下：        # root用户对逻辑数据库ultrax,DedeCMS,zrlog具有增删改查的权限        
                    
     
      egts9758
                     
     
      ultrax,DedeCMS,zrlog
             
            # discuz用户对逻辑数据库ultrax具有增删改查的权限        
                    
     
      egts9758
                     
     
      ultrax
             
            # dedecms用户对逻辑数据库DedeCMS具有增删改查的权限        
                    
     
      egts9758
                     
     
      DedeCMS
             
            # zrlog用户对逻辑数据库zrlog具有增删改查的权限        
                    
     
      egts9758
                     
     
      zrlog
             
            # 该用户对逻辑数据库ultrax,DedeCMS,zrlog仅有只读的权限        
                    
     
      egts9758
                     
     
      ultrax,DedeCMS,zrlog
                     
     
      true
             
    

修改逻辑库定义和表及分片定义的配置文件schema.xml：

# 把配置文件备份:cp /usr/local/mycat/conf/schema.xml /usr/local/mycat/conf/schema.xml.bak

配置内容如下：

# cat /usr/local/mycat/conf/schema.xml
    
            
             
             
             
             
             
             
             
             
             
             
             
             
                       
      
                           select user()                  
                        
                              
                               
                               
                               
                         
              
     
    

修改后：

部署php-fpm

vim /etc/ansible/hosts

添加以下：

[phpservers]s083s084s085

执行剧本

[root@s18105 playbooks]# ansible-playbook php/install.yml PLAY [phpservers] *******************************************************************************************************************************TASK [Gathering Facts] **************************************************************************************************************************ok: [s085]ok: [s083]ok: [s084]TASK [Uncompression php setup] ******************************************************************************************************************changed: [s083]changed: [s084]changed: [s085]TASK [Uncompression php.bin] ********************************************************************************************************************changed: [s084]changed: [s083]changed: [s085]。。。TASK [restart nginx] ****************************************************************************************************************************changed: [s084]changed: [s083]changed: [s085]PLAY RECAP **************************************************************************************************************************************s083                       : ok=13   changed=12   unreachable=0    failed=0   s084                       : ok=13   changed=12   unreachable=0    failed=0   s085                       : ok=13   changed=12   unreachable=0    failed=0

验证：

[root@s18105 playbooks]# ansible phpservers -m shell -a "ps -ef | grep php"              s084 | SUCCESS | rc=0 >>root     23583     1  0 00:19 ?        00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf)www      23584 23583  0 00:19 ?        00:00:00 php-fpm: pool wwwwww      23585 23583  0 00:19 ?        00:00:00 php-fpm: pool wwwwww      23586 23583  0 00:19 ?        00:00:00 php-fpm: pool wwwwww      23587 23583  0 00:19 ?        00:00:00 php-fpm: pool wwwwww      23588 23583  0 00:19 ?        00:00:00 php-fpm: pool wwwwww      23589 23583  0 00:19 ?        00:00:00 php-fpm: pool www...

php-fpm安装完毕

安装apache tomcat

先安装apache

# vim /etc/ansible/hosts

增加以下

[apacheservers]s089    ansible_host=192.168.118.89[tomcatservers]s083    ansible_host=192.168.118.83s084    ansible_host=192.168.118.84s085    ansible_host=192.168.118.85

apache的安装包路径,上传文件到此路径

/usr/local/mytoos/deploy/packages/httpd

[root@s18105 playbooks]# ls /usr/local/mytools/deploy/packages/httpd/ apr-1.6.2.tar.gz  apr-util-1.6.0.tar.gz  httpd-2.4.28.tar.gz

[root@s18105 playbooks]# ansible-playbook httpd/install_httpd.yaml PLAY [apacheservers] ****************************************************************************************************************************TASK [Gathering Facts] **************************************************************************************************************************ok: [s089]TASK [install gcc] ******************************************************************************************************************************ok: [s089]...TASK [enable httpd.service] *********************************************************************************************************************changed: [s089]PLAY RECAP **************************************************************************************************************************************s089                       : ok=25   changed=18   unreachable=0    failed=0

验证：

[root@s18105 playbooks]# ansible s089 -m shell -a "ps -ef | grep httpd"     s089 | SUCCESS | rc=0 >>root     31745     1  0 00:43 ?        00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUNDdaemon   31783 31745  0 00:43 ?        00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUNDdaemon   31784 31745  0 00:43 ?        00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUNDdaemon   31785 31745  0 00:43 ?        00:00:00 /usr/local/httpd/bin/httpd -DFOREGROUNDroot     32394 32393  0 01:25 pts/1    00:00:00 /bin/sh -c ps -ef | grep httpdroot     32396 32394  0 01:25 pts/1    00:00:00 grep httpd

Apache安装完成。

安装tomcat

先上传jdk和tomcat tar包到/usr/local/src

[root@s18105 playbooks]# ls /usr/local/src/ -h apache-tomcat-8.5.32.tar.gz  jdk-8u161-linux-x64.tar.gz

mycat安装zookeeper

zookeeeper

wget http://mirrors.hust.edu.cn/apache/zookeeper/zookeeper-3.4.13/zookeeper-3.4.13.tar.gz

tar zxf zookeeper-3.4.13.tar.gzcd zookeeper-3.4.13/cp conf/zoo_sample.cfg conf/zoo.cfgsh bin/zkServer.sh start

可以看到如下信息：

ZooKeeper JMX enabled by defaultUsing config: /root/zookeeper-3.4.13/bin/../conf/zoo.cfgStarting zookeeper ... STARTED

mycat-web

wget http://dl.mycat.io/mycat-web-1.0/Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gz

tar zxf Mycat-web-1.0-SNAPSHOT-20170102153329-linux.tar.gz  cd mycat-web/ vim mycat-web/WEB-INF/classes/mycat.properties ##Mon Jan 16 15:37:36 CST 2012show.period=3000000zookeeper=localhost:2181mycat_warn_mail=[{"cc"\:"sohudo@mycat.io","index"\:1,"mangerPort"\:"465","smtpHost"\:"smtp.139.com","smtpPassword"\:"123456","smtpProtocol"\:"smtp","smtpUser"\:"agile_louie@139.com","to"\:"9183838@qq.com"}]##sql\u4E0A\u7EBF\u76F8\u5173\u914D\u7F6Esqlonline.server=192.168.118.82sqlonline.user=appusersqlonline.passwd=egts9758