base

Posted syy1757528181

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了base相关的知识,希望对你有一定的参考价值。

使用roles一键优化企业架构

环境

外网IP 内网IP 主机名
10.0.0.5 172.16.1.5 lb01 (负载均衡)
10.0.0.6 172.16.1.6 lb02
10.0.0.7 172.16.1.7 web01(服务器)
10.0.0.8 172.16.1.8 web02
10.0.0.9 172.16.1.9 web03
10.0.0.31 172.16.1.31 nfs (共享存储)
10.0.0.41 172.16.1.41 backup
10.0.0.51 172.16.1.51 db01 (数据库)
10.0.0.52 172.16.1.52 db02
10.0.0.53 172.16.1.53 db03(代理机)
10.0.0.54 172.16.1.54 db04(代理机)
10.0.0.61 172.16.1.61 m01 (跳板机)
10.0.0.71 172.16.1.71 zabbix

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户

推送公钥脚本

#推送过后,使用172.16.1.网段, 跳板机可以直接连接,10.0.0.网段第一次的连接只需要输入yes
#使用该脚本可以向新克隆的虚拟机推送该公钥

vim /root/jb.sh	    
#!/bin/bash 
pass=‘1‘
        ip=‘172.16.1.‘
        ip2=‘10.0.0.‘
	    [ -f /root/.ssh/id_rsa ] ||         ssh-keygen -t rsa -P "" -f /root/.ssh/id_rsa

        for i in  5 6 7 8 9 31 41 51 52 53 54 61 71 81;
        do
        sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip}${i}
        
        sshpass -p $pass ssh-copy-id -i /root/.ssh/id_rsa.pub -o stricthostkeychecking=no root@${ip2}${i}
        
        done
	    chmod 600 /root/jb.sh
1.安装absible
[root@m01 ~]# yum install -y ansible
2.优化ansible
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False
3.创建密钥对
[root@m01 ~]# ssh-keygen
4.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81

#或者使用脚本推送公钥
sh jb.sh

5.编辑主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=172.16.1.7 asible_ssh_user=root ansible_ssh_port=22
web02 ansible_ssh_host=172.16.1.8 asible_ssh_user=root ansible_ssh_port=22
web03 ansible_ssh_host=172.16.1.9 asible_ssh_user=root ansible_ssh_port=22

[db_group]
db01 ansible_ssh_host=172.16.1.51 asible_ssh_user=root ansible_ssh_port=22
db02 ansible_ssh_host=172.16.1.52 asible_ssh_user=root ansible_ssh_port=22
db03 ansible_ssh_host=172.16.1.53 asible_ssh_user=root ansible_ssh_port=22
db04 ansible_ssh_host=172.16.1.54 asible_ssh_user=root ansible_ssh_port=22

[nfs_group]
nfs ansible_ssh_host=172.16.1.31 asible_ssh_user=root ansible_ssh_port=22

[redis_group]
redis ansible_ssh_host=172.16.1.81 asible_ssh_user=root ansible_ssh_port=22

[lb_group]
lb01 ansible_ssh_host=172.16.1.5 asible_ssh_user=root ansible_ssh_port=22
lb02 ansible_ssh_host=172.16.1.6 asible_ssh_user=root ansible_ssh_port=22

[backup_group]
backup ansible_ssh_host=172.16.1.41 asible_ssh_user=root ansible_ssh_port=22

[zabbix_group]
zabbix ansible_ssh_host=172.16.1.71 asible_ssh_user=root ansible_ssh_port=22

[m01_group]
m01 ansible_ssh_host=172.16.1.61 asible_ssh_user=root ansible_ssh_port=22

6.仪式(检测)
[root@m01 ~]# ansible ‘*‘ -m ping

ansible优化

1.下载
[root@m01 ~]#  yum install -y ansible
2.优化
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False

使用ansible-galaxy创建角色目录

[root@m01 ansible]# ansible-galaxy init base

编辑tasks目录

1.打开防火墙
[root@m01 base]# vim tasks/firewalld.yml 
- name: start firewalld
  service:
    name: firewalld
    state: started
    enabled: yes
2.打开常用端口
[root@m01 base]# vim tasks/port.yml 
- name: Open Port
  firewalld:
    port: "{{ item }}"
    state: enabled
    permanent: no
  loop:
    - "{{ port }}"

- name: Open nfs
  firewalld:
    service: nfs
    state: enabled
    permanent: no
3.关闭selinux
[root@m01 base]# vim tasks/selinux.yml 
- name: stop selinux
  selinux:
    state: disabled
4.创建"www"用户
[root@m01 base]# vim tasks/user_group.yml 
- name: panduan "{{ ww_w }}"
  shell: ‘id {{ ww_w }}‘
  ignore_errors: yes
  register: id_www

- name: Create {{ ww_w }} Group
  group:
    name: "{{ ww_w }}"
    gid: "{{ uid_gid }}"
    state: present
  when: id_www.rc != 0

- name: Create {{ ww_w }} User
  user:
    name: "{{ ww_w }}"
    uid: "{{ uid_gid }}"
    group: "{{ ww_w }}"
    shell: /sbin/nologin
    create_home: false
  when: id_www.rc != 0
5.编辑main.yml
[root@m01 base]# vim tasks/main.yml 
- include: firewalld.yml
- include: port.yml
- include: selinux.yml
- include: user_group.yml
6.编辑变量文件
[root@m01 base]# vim vars/main.yml 

编辑vars目录

port:
  - "22/tcp"
  - "23/tcp"
  - "80/tcp"
  - "443/tcp"
  - "873/tcp"
  - "3306/tcp"
  - "9000/tcp"
  - "6379/tcp"
  - "8080/tcp"
ww_w: www
uid_gid: 666

编辑入口文件

[root@m01 roles]# vim site.yml 
- hosts: all
  roles:
    - { role: base }

执行

[root@m01 roles]# ansible-playbook site.yml

以上是关于base的主要内容,如果未能解决你的问题,请参考以下文章

java.util.MissingResourceException: Can't find bundle for base name init, locale zh_CN问题的处理(代码片段

将base64编码的Textmate片段过滤回文本

VSCode创建自定义用户片段

C#解码base64编码的二进制数据的代码

php代码片段: sendFile/videoStream/sendEmail/phpexcel/ffmpeg/zip

使用OpenSSL进行Base64编码和解码