使用playbook实现一键优化集群

Posted 2020-12-10 syy1757528181

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了使用playbook实现一键优化集群相关的知识，希望对你有一定的参考价值。

环境

外网IP	内网IP	主机名
10.0.0.5	172.16.1.5	lb01 （负载均衡）
10.0.0.6	172.16.1.6	lb02
10.0.0.7	172.16.1.7	web01(服务器)
10.0.0.8	172.16.1.8	web02
10.0.0.9	172.16.1.9	web03
10.0.0.31	172.16.1.31	nfs （共享存储）
10.0.0.41	172.16.1.41	backup
10.0.0.51	172.16.1.51	db01 （数据库）
10.0.0.52	172.16.1.52	db02
10.0.0.53	172.16.1.53	db03（代理机）
10.0.0.54	172.16.1.54	db04（代理机）
10.0.0.61	172.16.1.61	m01 （跳板机）
10.0.0.71	172.16.1.71	zabbix

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户

推送公钥

1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81

ansible优化

1.下载
[root@m01 ~]#  yum install -y ansible
2.优化
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False

配置主机清单

[root@m01 ~]# vim /root/ansible/hosts 
#[]标签名任意，但是最好不要用特殊符号（- | &）和大写字母，中文（不能是nginx）
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

yml

mkdir /root/ansible/ -p &&vim /root/ansible/base.yml

- hosts: all
  tasks:
    - name: Start FireWall
      service:
        name: firewalld
        state: started

    - name: Stop SeLinux
      selinux:
        state: disabled

    - name: Create www Group
      group:
        name: www
        gid: 666
        state: present

    - name: Create www User
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nologin
        create_home: false

    - name: Open http Port
      firewalld:
        service: http
        state: enabled
        permanent: no

    - name: Open https Port
      firewalld:
        service: https
        state: enabled
        permanent: no

    - name: Open rsync Port
      firewalld:
        port: 873/tcp
        state: enabled
        permanent: no

    - name: Open nfs Port
      firewalld:
        service: nfs
        state: enabled
        permanent: no

yml2

- hosts: all 
  tasks: 
    - name: Start FireWall 
      service: 
        name: firewalld 
        state: started
        enabled: yes
 
    - name: Stop SeLinux 
      selinux: 
        state: disabled 

    - name: open ports
      firewalld: 
        port: ‘{{ item.port }}‘
        state: enabled
        permanent: no
      with_items:
        - { port: "80/tcp" }
        - { port: "443/tcp" }
        - { port: "873/tcp" }

    - name: open nfs 
      firewalld:
        service: nfs
        state: enabled
        permanent: no

    - name: Create www Group
      group:
        name: www
        gid: 666
        state: present

    - name: Create www User
      user:
        name: www
        uid: 666
        group: www
        shell: /sbin/nologin
        create_home: false

以上是关于使用playbook实现一键优化集群的主要内容，如果未能解决你的问题，请参考以下文章

使用playbook实现一键安装nginx+PHP

使用playbook实现一键部署mysql数据库

使用playbook实现一键部署keepalived+nginx+PHP+wordpress+mariadb

使用playbook实现一键部署rsync

solr 学习片段

Ansible最佳实践之Playbook执行速度优化