期中架构

1 管理机准备的文1 cat /server/scripts/rsyncd.conf    pid file = /var/run/rsyncd.pid

    lock file = /var/run/rsync.lock
    log file = /var/log/rsyncd.log
    uid = www
    gid = www
    use chroot = no
    max connections = 200
    timeout = 300
    ignore errors
    read only = false
    list = false
    hosts allow = 172.16.1.0/24
    hosts deny = 0.0.0.0/32
    auth users = rsync_backup
    secrets file = /etc/rsync.password

    [backup_test]
    path = /backup
    
2 /server/tools/sersync/sersync.tar.gz    
    /application/sersync/conf/confxml_backup.xml
    /application/sersync/conf/confxml_www.xml
    /application/sersync/conf/confxml_blog.xml    
    
3 cat /server/scripts/web01/rsyncd.conf
    pid file = /var/run/rsyncd.pid
    lock file = /var/run/rsync.lock
    log file = /var/log/rsyncd.log
    uid = www
    gid = www
    use chroot = no
    max connections = 200
    timeout = 300
    ignore errors
    read only = false
    list = false
    hosts allow = 172.16.1.0/24
    hosts deny = 0.0.0.0/32
    auth users = rsync_backup
    secrets file = /etc/rsync.password

    [www]
    path = /application/nginx/html/www/uploads/

    [blog]
    path = /application/nginx/html/blog/wp-content/uploads/
    
4 cat     /server/scripts/mysql_shucong.sh
    #!/bin/bash
    IP=`hostname -i`
    Date=`date +%F`
    if [ $IP == '172.16.1.51' ]
    then
        rm /root/.ssh/id_dsa* -f
        ssh-keygen  -f /root/.ssh/id_dsa -P "" >/dev/null 2>&1
        sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.41" >/dev/null 2>&1
        #/application/mysql/bin/mysql -e "grant replication slave  on *.* to rep@'172.16.1.%' identified by '123456';"/application/mysql/bin/mysql -e "flush table with read lock;"
        /application/mysql/bin/mysql -e "show master status\G;"| awk -F "[: ]+" 'NR==2 {print $3}' > /tmp/mysql_file.txt
       
/application/mysql/bin/mysql -e "show master status\G;"| awk -F "[: ]+" 'NR==3 {print $3}' > /tmp/mysql_post.txt /application/mysql/bin/mysqldump --events -A -B |gzip > /tmp/mysql-${Date}.sql.gz scp -rp /tmp/mysql_file.txt /tmp/mysql-${Date}.sql.gz /tmp/mysql_post.txt 172.16.1.41:/tmp/ /application/mysql/bin/mysql -e "unlock tables;" fi if [ $IP == '172.16.1.41' ] then while true do if [ -e /tmp/mysql-${Date}.sql.gz ] then File=`cat /tmp/mysql_file.txt` Pos=`cat /tmp/mysql_post.txt` gzip -d /tmp/mysql-${Date}.sql.gz /application/mysql/bin/mysql </tmp/mysql-${Date}.sql /application/mysql/bin/mysql<< EOF CHANGE MASTER TO MASTER_HOST='172.16.1.51', MASTER_PORT=3306, MASTER_USER='rep', MASTER_PASSWORD='123456', MASTER_LOG_FILE='$File', MASTER_LOG_POS=$Pos; EOF /application/mysql/bin/mysql -e "start slave;" /application/mysql/bin/mysql -e "show slave status\G;"|egrep "IO_Running|SQL_Running|Seconds_Behind_Master"|sed -n '1,3p' fi exit done fi 5 /server/scripts/check_back.sh Host_IP=`hostname -i` Date_Info=`date +%F-%w -d "-1day"` cd / tar -zchf $Backup_Dir/$Host_IP/sys_backup${Date_Info}.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables #creat finger_info find $Backup_Dir/$Host_IP -type f -name "*${Date_Info}.tar.gz" |xargs md5sum > $Backup_Dir/$Host_IP/finger.txt #delete the backup file that creat more than 7days find $Backup_Dir/$Host_IP/ -type f -name "*.tar.gz" -mtime +7 |xargs rm -f find $Backup_Dir/ -type f -name "finger.txt"|xargs md5sum -c > /tmp/check_info.txt mail -s "check_info$Date_Info" 577800103@qq.com < /tmp/check_info.txt 6 /server/scripts/backup.sh #!/bin/bash #creat by degary #function:backup some important file/dir for web-server #creat backup dir Backup_Dir="/data/backup" Host_IP=`hostname -i` Date_Info=`date +%F-%w -d "-1day"` cd / mkdir -p $Backup_Dir/$Host_IP #compress system file/dir tar -zchf $Backup_Dir/$Host_IP/sys_backup${Date_Info}.tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables if [ -d /application/nginx ];then tar -zchf $Backup_Dir/$Host_IP/blog_backup${Date_Info}.tar.gz application/nginx/html tar -zchf $Backup_Dir/$Host_IP/log_backup${Date_Info}.tar.gz application/nginx/logs fi #creat finger_info find $Backup_Dir/$Host_IP -type f -name "*${Date_Info}.tar.gz" |xargs md5sum > $Backup_Dir/$Host_IP/finger.txt #push to rsync server rsync -az $Backup_Dir/$Host_IP/ BACKUP@172.16.1.41::backup/$Host_IP/ --password-file=/etc/rsync.password #delete the backup file that creat more than 7days find $Backup_Dir/$Host_IP/ -type f -name "*.tar.gz" -mtime +7 |xargs rm -f 7 /server/scripts/yum_client.sh cat > /etc/yum.repos.d/CentOS-Base.repo << EOF [oldboy] name=Server baseurl=http://172.16.1.61 enable=1 gpgcheck=0 EOF yum --enablerepo=oldboy --disablerepo=base,extras,updates,epel list yum clean all yum makecache
8
/server/scripts/fenfa.sh

#!/bin/bash
. /etc/init.d/functions
yum install -y sshpass
rm -rf ~/.ssh/*
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
for i in 5 6 7 8 9 31 41 51
do
sshpass -p 123456 ssh-copy-id "-i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i" &>/dev/null
if [ 0 -eq 0 ];then
action "copy-$i" /bin/true
else
action "copy-$i" /bin/false
fi
done

2 管理机操作

1.1 优化脚本(提前克隆并优化好所有虚拟机,管理机配置好yum源,除lb服务器外都一块网卡 lb服务器两块网卡)
    cat > /etc/hosts <<EOF
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    ########################################
    172.16.1.5      lb01
    172.16.1.6      lb02
    172.16.1.7      web01
    172.16.1.8      web02
    172.16.1.9      web03
    172.16.1.51     db01
    172.16.1.31     nfs
    172.16.1.41     backup
    172.16.1.61     m01
    ########################################
    EOF
    管理机更新yum源
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
    wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
1.2 ssh秘钥分发脚本 使得管理机可以通过ssh秘钥直接连入其他服务器
    cat > /server/scripts/fenfa.sh <<EOF
    #!/bin/bash
    . /etc/init.d/functions
    rm -rf ~/.ssh/*
    ssh-keygen -q -N ""  -f ~/.ssh/id_rsa
    for i in 5 6 7 8 9 31 41 51
    do 
        sshpass -p 123456 ssh-copy-id "-i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@172.16.1.$i" &>/dev/null
    if [ $? -eq 0 ];then
        action "copy-$i"  /bin/true
    else
        action "copy-$i" /bin/false
    fi
    done
    EOF
1.3 搭建vpn脚本
    cat /server/scripts/vpn.sh
    yum install pptpd -y
    sed -i 's#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g'  /etc/sysctl.conf
    sysctl -p
    echo "localip 10.0.0.61
    remoteip 172.16.1.1-100" >>/etc/pptpd.conf
    echo "oldboy * 123456 *" >> /etc/ppp/chap-secrets
    /etc/init.d/pptpd start
    chkconfig pptpd on
1.4 安装ansible脚本 
    cat /server/scripts/ansible.sh
    #!/bin/bash
    yum install -y ansible 
    #cd /etc/ansible/
    cat >> /etc/ansible/hosts <<EOF
    db01 ansible_ssh_host=172.16.1.51
    backup ansible_ssh_host=172.16.1.41
    nfs  ansible_ssh_host=172.16.1.31
    web01 ansible_ssh_host=172.16.1.7
    lb01 ansible_ssh_host=172.16.1.5
    lb02 ansible_ssh_host=172.16.1.6

    [web]
    172.16.1.9
    172.16.1.8
    EOF
    mkdir /etc/ansible/playbook/
    
1.5 搭建yum仓库服务端脚本(并手动上传之前打包好的rpm包)
    cat /server/scripts/yum_server.sh
    #!/bin/bash
    mkdir -p /application/yum/centos6/x86_64/
    cd /application/yum/centos6/x86_64/ 
    yum -y install createrepo
    yum install -y --downloaddir=/application/yum/centos6/x86_64/ --downloadonly memcached lrzsz libevent nc livevent-devel keepalived sshpass rpcbind nfs-utils  pcre-devel openssl-devel perl-Module-Install zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libxslt-devel libmcrypt-devel mhash mcrypt
    createrepo -pdo /application/yum/centos6/x86_64/ /application/yum/centos6/x86_64/
    createrepo --update /application/yum/centos6/x86_64/ 
    python -m SimpleHTTPServer 80 &>/dev/null & 
    
1.6 搭建yum仓库客户端脚本
    cat /server/scripts/yum_client.sh
    #!/bin/bash
    cat > /etc/yum.repos.d/CentOS-Base.repo << EOF
    [oldboy] 
    name=Server 
    baseurl=http://172.16.1.61 
    enable=1 
    gpgcheck=0 
    EOF
    yum --enablerepo=oldboy --disablerepo=base,extras,updates,epel list 
    yum clean all
    yum makecache 

cat > /etc/ansible/playbook/yum_client.yml <<EOF
- hosts: all
  tasks:
    - script: /server/scripts/yum_client.sh
EOF
    
1.7 时间服务器脚本
    cat /server/scripts/time_server.sh
    #!/bin/bash
    cp /etc/ntp.conf{,.bak}

    cat > /etc/ntp.conf <<EOF
    driftfile /var/lib/ntp/drift
    restrict default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery
    restrict 127.0.0.1
    restrict -6 ::1

    restrict 172.16.1.0 mask 255.255.255.0 nomodify notrap
    server time1.aliyun.com
    server ntp1.aliyun.com
    server 0.centos.pool.ntp.org
    restrict time1.aliyun.com  nomodify notrap noquery
    restrict ntp1.aliyun.com  nomodify notrap noquery
    server  127.127.1.0
    fudge   127.127.1.0 stratum 10
    includefile /etc/ntp/crypto/pw
    keys /etc/ntp/keys
    EOF

    /etc/init.d/ntpd start   
    chkconfig ntpd on

1.8 客户端时间同步脚本
    cat /server/scripts/time_client.yml
- hosts: all
  tasks:
    - cron: minute=5 job='/usr/sbin/ntpdate 172.16.1.61'  

1.9 iptables 网络共享管理机--先不做
    cat /server/scripts/iptables_net_server.sh
    #!/bin/bash
    service iptables restart
    iptables -F
  iptables -t nat -A POSTROUTING  -s 172.16.1.0/24 -o eth0 -j SNAT --to 10.0.0.61
2.0 iptables 网络共享client--先不做
    cat /server/scripts/ptables_net_client.yml
- hosts: all
  tasks:
    - shell: route add default gw 172.16.1.61
    
=======================搭建backup服务器=============================================================
cat /server/scripts/backup_01.yml
- hosts: backup
  tasks:
    - name: backup-rsyncd.conf
      copy: src=/server/scripts/rsyncd.conf dest=/etc/
    - group: name=www gid=888 state=present
    - user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
    - name: backup-directory
      file: dest=/backup state=directory owner=www group=www
    - name: backup-rsync.password
      copy: content="rsync_backup:123456"  dest=/etc/rsync.password mode=0600
    - shell: rsync --daemon
    - blockinfile: content='rsync --daemon' dest=/etc/rc.local 

=======================搭建nfs服务器=============================================================
cat /server/scripts/nfs_01.yml
- hosts: nfs
  tasks:
    - yum: state=installed name=rpcbind name=nfs-utils
    - group: name=www gid=888 state=present 
    - user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
    - file: dest=/data/www/ state=directory owner=www group=www 
    - file: dest=/data/blog/ state=directory owner=www group=www 
    - blockinfile: content='/data 172.16.1.0/24(rw,sync,root_squash,no_all_squash,anonuid=888,anongid=888)' dest=/etc/exports 
    - service: name=rpcbind state=started enabled=true
    - service: name=nfs state=started enabled=true

    
=======================web01-静态服务器=============================================================    
    cat /server/scripts/web01.yml
- hosts: web01
  tasks:
    - yum: name=nginx_uploads state=installed
    - copy: src=/server/scripts/web01/rsyncd.conf dest=/etc/
    
=======================实时备份+web01-静态服务器=============================================================
cat /server/scripts/real_backup.yml
- hosts: nfs
  tasks:
    - unarchive: src=/server/tools/sersync/sersync.tar.gz dest=/
    - copy: content="123456" dest=/etc/rsync.password mode=0600
    - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml
    - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml
    - shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml    
    - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml" path=/etc/rc.local
    - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml" path=/etc/rc.local
    - blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml" path=/etc/rc.local

=======================mysql主服务器+memcached================================================================
cat /server/scripts/mysql_main.yml
- hosts: db01
  tasks:
    - yum: name=sshpass state=installed 
    - yum: name=mysql state=installed
    - shell: source /etc/profile
    - service: name=mysqld state=started
    - yum: name=libevent name=livevent-devel name=nc state=installed
    - yum: name=memcached state=installed
    - shell: memcached -m 16m -p 11211 -d -u root -c 8192
=======================mysql从服务器(backup服务器)================================================================    
    cat /server/scripts/mysql_slave.yml
- hosts: backup
  tasks:    
    - yum: name=mysql_slave state=installed
    - shell: source /etc/profile
- hosts: db01
  tasks: 
    - script: /server/scripts/mysql_shucong.sh
- hosts: backup
  tasks: 
    - script: /server/scripts/mysql_shucong.sh
    
=======================web02-03动态服务器=============================================================    
- hosts: web
  tasks:    
    - yum: name=nfs-utils state=installed
    - yum: name=lnp state=installed
- hosts: nfs
  tasks:    
    - shell: chown -R www.www /data
=======================lb01-负载均衡服务器=============================================================    
- hosts: lb01
  tasks:
    - yum: name=keepalived state=installed
    - copy: src=/server/scripts/lb01/keepalived.conf dest=/etc/keepalived/keepalived.conf
    - blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
    - shell: sysctl -p
    - service: name=keepalived state=started   enabled=true
    - yum: name=lb01 state=installed
    
    
=======================lb02-负载均衡服务器=============================================================        
- hosts: lb02
  tasks:
    - yum: name=keepalived state=installed
    - copy: src=/server/scripts/lb02/keepalived.conf dest=/etc/keepalived/keepalived.conf
    - blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
    - shell: sysctl -p
    - service: name=keepalived state=started   enabled=true
    - yum: name=lb01 state=installed    
    
=======================全网备份=============================================================   

- hosts: backup
tasks:
- copy: src=/server/scripts/check_back.sh dest=/server/scripts/
- cron: name=all_backup minute=00 hour=00 job="/server/scripts/check_back.sh &> /dev/null"
- hosts: all
tasks:
- copy: src=/server/scripts/backup.sh dest=/server/scripts/
- cron: name=all_backup minute=0 hour=0 job='sh /server/scripts/backup.sh &> /dev/null'

=========================命令集========================================================

- hosts: all
tasks:
- script: /server/scripts/yum_client.sh
- cron: minute=5 job='/usr/sbin/ntpdate 172.16.1.61'
- hosts: backup
tasks:
- name: backup-rsyncd.conf
copy: src=/server/scripts/rsyncd.conf dest=/etc/
- group: name=www gid=888 state=present
- user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
- name: backup-directory
file: dest=/backup state=directory owner=www group=www
- name: backup-rsync.password
copy: content="rsync_backup:123456" dest=/etc/rsync.password mode=0600
- shell: rsync --daemon
- blockinfile: content='rsync --daemon' dest=/etc/rc.local
- hosts: nfs
tasks:
- yum: state=installed name=rpcbind name=nfs-utils
- group: name=www gid=888 state=present
- user: name=www shell=/sbin/nologin create_home=no uid=888 group=www state=present
- file: dest=/data/www/ state=directory owner=www group=www
- file: dest=/data/blog/ state=directory owner=www group=www
- blockinfile: content='/data 172.16.1.0/24(rw,sync,root_squash,no_all_squash,anonuid=888,anongid=888)' dest=/etc/exports
- service: name=rpcbind state=started enabled=true
- service: name=nfs state=started enabled=true
- hosts: web01
tasks:
- yum: name=nginx_uploads state=installed
- copy: src=/server/scripts/web01/rsyncd.conf dest=/etc/

- shell: rsync --daemon
- blockinfile: content='rsync --daemon' dest=/etc/rc.local


- hosts: nfs
tasks:
- unarchive: src=/server/tools/sersync/sersync.tar.gz dest=/
- copy: content="123456" dest=/etc/rsync.password mode=0600
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml
- shell: /application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_backup.xml" path=/etc/rc.local
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_www.xml" path=/etc/rc.local
- blockinfile: content="/application/sersync/bin/sersync -d -r -o /application/sersync/conf/confxml_blog.xml" path=/etc/rc.local
- hosts: db01
tasks:
- yum: name=sshpass state=installed
- yum: name=mysql state=installed
- shell: source /etc/profile
- service: name=mysqld state=started
- yum: name=libevent name=livevent-devel name=nc state=installed
- yum: name=memcached state=installed
- shell: memcached -m 16m -p 11211 -d -u root -c 8192
- hosts: backup
tasks:
- yum: name=mysql_slave state=installed
- shell: source /etc/profile
- hosts: db01
tasks:
- script: /server/scripts/mysql_shucong.sh
- hosts: backup
tasks:
- script: /server/scripts/mysql_shucong.sh
- hosts: web
tasks:
- yum: name=nfs-utils state=installed
- yum: name=lnp state=installed
- hosts: nfs
tasks:
- shell: chown -R www.www /data
- hosts: lb01
tasks:
- yum: name=keepalived state=installed
- copy: src=/server/scripts/lb01/keepalived.conf dest=/etc/keepalived/keepalived.conf
- blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
- shell: sysctl -w "net.ipv4.ip_nonlocal_bind=1"
- service: name=keepalived state=started enabled=true
- yum: name=lb01_nginx state=installed
- hosts: lb02
tasks:
- yum: name=keepalived state=installed
- copy: src=/server/scripts/lb02/keepalived.conf dest=/etc/keepalived/keepalived.conf
- blockinfile: content=" net.ipv4.ip_nonlocal_bind = 1" path=/etc/sysctl.conf
- shell: sysctl -w "net.ipv4.ip_nonlocal_bind=1"
- service: name=keepalived state=started enabled=true
- yum: name=lb01_nginx state=installed
- hosts: backup
tasks:
- copy: src=/server/scripts/check_back.sh dest=/server/scripts/
- cron: name=all_backup minute=00 hour=00 job="/server/scripts/check_back.sh &> /dev/null"
- hosts: all
tasks:
- copy: src=/server/scripts/backup.sh dest=/server/scripts/
- cron: name=all_backup minute=0 hour=0 job='sh /server/scripts/backup.sh &> /dev/null'





































posted @ 2018-07-16 10:26  口水哥  阅读(440)  评论(0编辑  收藏  举报