Devops之Ansible大规模主机部署

其他 2018-10-31 04:41:28 阅读次数: 0
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/qq_32642039/article/details/81560010

一、应用场景

  • 大规模部署。
  • 要求保持环境一致性
  • 涉及到大量配置繁琐的服务

二、部署规划以及实现的功能

  • Ansible-Playbook统一调度
  • 分发秘钥
  • 分发大容量文件
  • 服务器初始化
  • 部署服务
  • 服务器安全配置

三、Ansible-playbook逻辑解读

1.Ansible-Playbook统一调度

[root@master src]# cat  /opt/playbook/test.yaml
---
- hosts: test  #定义的主机组,即应用的主机
  remote_user: root     # 远程用户为root

  tasks:
    - name: mkdir ssh dir   #开始使用密码部署,需要安装sshpass
      shell: mkdir -p /root/scripts/.ssh

    - name: copy ssh file
      copy: src=/root/scripts/.ssh/authorized_keys dest=/root/.ssh/authorized_keys 

    - name: rsync scripts   #传输秘钥后可以实现rsync传输
      synchronize: src=/root/scripts dest=/root rsync_opts=-avuz # rsync增量传输

    - name:  rsync tomcat jdk
      synchronize: src=/opt/service dest=/opt  rsync_opts=-avuz

    - name: "initialize"
      shell: sh /root/scripts/auto_fdisk.sh
    - shell: sh /root/scripts/useradd.sh   #存在多个相同模块时,后面的木块要加-
    - shell: sh /root/scripts/init.sh
    - shell: sh /root/scripts/service.sh

2./opt/service目录主要是需要传输的服务如tomcat、jdk

[root@master playbook]# tree -L 1 /opt/service
/opt/service
├── apache-tomcat-6.0.45
├── apache-tomcat-7.0.82
├── jdk1.6.0_13
├── jdk1.7.0_80
└── jdk1.8.0_181

3./root/scripts 主要是急需要执行的脚本和一些功能文件

[root@master playbook]# tree -L 1 -a /root/scripts 
/root/scripts
├── auto_fdisk.sh   #磁盘格式化脚本
├── bash_profile    #JDK环境变量文件
├── host_name.txt   #主机信息模板
├── init.sh         #初始化脚本
├── iptables.sh     #防火墙规则配置
├── limits.conf     #内核优化
├── rm.sh           #还原脚本
├── root            #计划任务文件
├── service.sh      #服务部署脚本
├── .ssh            #秘钥目录
├── sysctl.conf     #内核优化
└── useradd.sh      #增加用户

四、部分功能脚本解析

1.增加用户

[root@master scripts]# cat useradd.sh
useradd Development
su Development
cd ~/
mkdir .ssh
chmod 700 .ssh
cd .ssh/
(cat << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbJ3nlWAAtsdV7ivuBllojMQOIbVQrKcrpwaQAewCtZQFAh7d8J8uSn6Rxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
bzGASDdbrwSIrAlu4M0yMRXP Development
EOF
) > /home/Development/.ssh/authorized_keys
chmod 600 /home/Development/.ssh/authorized_keys
exit
if ! grep 'Development' /etc/sudoers;then
chmod 700 /etc/sudoers
echo 'Development ALL=(ALL)       NOPASSWD: ALL' >> /etc/sudoers
chmod 400 /etc/sudoers
fi

echo 'AAAAAAAAAA' |sudo passwd --stdin saas  #统一服务账号密码
echo 'BBBBBBBBBB' |sudo passwd --stdin root  #统一root账号密码
#################################################################
出事话脚本
[root@master scripts]# cat init.sh 
#!/bin/bash


#修改系统参数和系统调优,防火墙规则配置
init(){
sed -i s\#'PermitRootLogin yes'\#'PermitRootLogin no'\#g /etc/ssh/sshd_config
systemctl restart sshd
#系统调优
rm -f /etc/security/limits.conf /etc/sysctl.conf
cp /root/scripts/limits.conf /etc/security/limits.conf && cp /root/sysctl.conf /etc/sysctl.conf
sysctl -p
#主机名
intranet_ip=$(ip addr show eth0|grep  "([0-9]{1,3}[\.]){3}[0-9]{1,3}" -E -o|sed -n 1p)
host_name=$(grep $intranet_ip /root/scripts/host_name.txt|awk '{print $2}')
echo "$host_name" > /etc/hostname
echo "HOSTNAME=$host_name" >> /etc/sysconfig/network
hostnamectl set-hostname $host_name
#字符集
echo 'LANG="zh_CN.UTF-8"' > /etc/sysconfig/i18n
source /etc/sysconfig/i18n
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
source /etc/locale.conf
\cp /root/scripts/root /var/spool/cron/root
}

init

2.修改系统参数和系统调优,防火墙规则配置

  • root禁登
  • 内核调优(最好写好配置文件覆盖分发)
[root@master scripts]# cat sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120


# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2


# see details in https://help.aliyun.com/knowledge_detail/41334.html
#net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 6000

##################################################################
[root@master scripts]# cat limits.conf 
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

3.服务部署脚本


[root@master scripts]# cat service.sh 
#!/bin/bash

mv /opt/service/* /home/saas/
cp /root/scripts/bash_profile /home/saas/.bash_profile
chown -R saas:saas /home/saas/
#启动Tomcat
if ! grep '/home/saas/apache-tomcat-6.0.45/bin/startup.sh' /etc/rc.local;then echo 'su - saas -c "/home/saas/apache-tomcat-6.0.45/bin/startup.sh"' >> /etc/rc.local;fi
if ! grep 'sh /root/scripts/iptables.sh' /etc/rc.local;then echo 'sh /root/scripts/iptables.sh' >> /etc/rc.local;fi
su - saas -c "/home/saas/apache-tomcat-6.0.45/bin/startup.sh"
sh /root/scripts/iptables.sh

4.计划任务部署

[root@master scripts]# cat root 
0 */3 * * * source /etc/profile;for I in $(find /home/saas/apache-tomcat-6.0.45 -size  +200M|grep -e '\.txt$\|\.log$\|\.out$');do sh -c " > $I";done
0 */3 * * * source /etc/profile;for I in $(find /home/saas/apache-tomcat-7.0.82 -size  +200M|grep -e '\.txt$\|\.log$\|\.out$');do sh -c " > $I";done
0 */3 * * * source /etc/profile;for I in $(find /var/log/ -size  +200M|grep -e '\.txt$\|\.log$\|\.out$');do sh -c " > $I";done

5.主机信息列表

[root@master scripts]# cat host_name.txt 
192.168.1.232 d-hd-public-zipkin-01
192.168.1.233 d-hd-public-public_service-01
192.168.1.234 master
192.168.1.235 d-hd-public-public_service-02
192.168.1.236 d-hd-public-zookeeper-01
192.168.1.237 d-hd-public-fms-01
192.168.1.238 d-hd-public-fmsfinance-01
192.168.1.239 d-hd-public-edi-01
192.168.1.240 d-hd-public-OA-01
192.168.1.241 d-hd-public-fms_crm-01
192.168.1.242 d-hd-public-fmsinance_air-01
192.168.1.243 d-hd-public-jenkins-01
192.168.1.244 d-hd-public-iboss-01
192.168.1.245 d-hd-public-nginx-01
192.168.1.246 d-hd-public-oracle-01
192.168.1.247 d-hd-public-oracle-01

6.还原脚本

[root@master scripts]# cat rm.sh 
#!/bin/bash
pkill java
sed -i s\#'PermitRootLogin no'\#'PermitRootLogin yes'\#g /etc/ssh/sshd_config
systemctl restart sshd
rm /home/saas/ /home/Development/  /var/mail/Development  /var/mail/saas -rf ; userdel saas;userdel Development

五、总结

1.需要安装sshpass
2、仅提供/home/saas/apache-tomcat-6.0.45、/home/saas/apache-tomcat-7.0.82、/var/log/目录下,以.log、.out、.txt文件清理。请规范路径和命名
3、118.31.52.28:22为管理机,可以通过ansible批量管理其他机器。
4.这里只是一个简化版的playbook,并且不够规范。
“`

猜你喜欢

转载自blog.csdn.net/qq_32642039/article/details/81560010
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
周排行
浏览器对同一域名进行请求的最大并发连接数
React Hook之自定义Hook
【转】MyBatis缓存机制
-Java-泛型
自动化测试常用脚本-发送邮件
LeetCode#859: Buddy Strings
java、Python处理字符串
第二篇の博客
Hadoop伪分布式环境安装
SQL Server进阶(十一)临时表、表变量
每日归档
更多
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022