1、ansible-playbook实现MySQL的二进制部署
环境准备:
源码包准备:mysql-5.7.36-linux-glibc2.12-x86_64.tar.gz
已经实现了ansible主控端基于key验证
主机配置清单:
[root@ansible ansible]#pwd /data/ansible [root@ansible ansible]#cat hosts [webservers]
1.创建mysql角色相关的目录
[root@ansible roles]#pwd /data/ansible/roles [root@ansible roles]#mkdir -pv mysql/{tasks,files,vars} mkdir: created directory 'mysql' mkdir: created directory 'mysql/tasks' mkdir: created directory 'mysql/files' mkdir: created directory 'mysql/vars'
2.创建mysql角色相关的文件
[root@ansible mysql]#pwd /data/ansible/roles/mysql [root@ansible mysql]#treee . ├── files │ ├── my.cnf │ └── mysql-5.7.36-linux-glibc2.12-x86_64.tar.gz ├── tasks │ ├── config.yml │ ├── data.yml │ ├── group.yml │ ├── install.yml │ ├── linkfile.yml │ ├── main.yml │ ├── path.yml │ ├── script.yml │ ├── secure.yml │ ├── service.yml │ ├── unarchive.yml │ └── user.yml └── vars └── main.yml 3 directories, 15 files [root@ansible mysql]#ls files/ my.cnf mysql-5.7.36-linux-glibc2.12-x86_64.tar.gz [root@ansible mysql]#vim files/my.cnnf [mysqld] explicit_defaults_for_timestamp=true server-id=1 log-bin datadir=/data/mysql socket=/data/mysql/mysql.sock [mysqld_safe] log-error=/data/mysql/mysql.log-bin pid-file/data [client] socket=/data/mysql/mysql.sock [root@ansible mysql]#vim vars/main.yml mysql_version:5.7.36 mysql_file: mysql-{{mysql-version}}-linux-glibc2.12-x86_64.tar.xz mysql_root_password:123456 #main.yml 是task的入口文件 [root@ansible mysql]#vim tasks/main.yml - include: install.yml - include: group.yml - include: user.yml - include: unarchive.yml - include: linkfile.yml - include: data.yml - include: config.yml - include: script.yml - include: path.yml - include: service.yml - include: secure.yml [root@ansible mysql]#vim tasks/install.yml - name: install packages yum: name: - libaio - numactl-libs [root@ansible mysql]#vim tasks/group.yml - name: create mysql group group: name=mysql gid=306 [root@ansible mysql]#vim tasks/user.yml - name: create mysql user user: name=mysql uid=306 group=mysql shell=/sbin/nologin system=yes create_home=no home=/data/mysql [root@ansible mysql]#vim tasks/unarchive.yml - name: copy tar to remote host and file mode unarchive: src=/data/ansible/roles/mysql/files/mysql-5.7.36-linux-glibc2.12-x86_64.tar.gz dest=/usr/local/owner=root group=root copy=yes [root@ansible mysql]#vim tasks/linkfile.yml - name: create linkfile /usr/local/mysql file: src=/usr/local/mysql-5.7.36-linux-glibc2.12-x86_64 path=/usr/local/mysql state=link [root@ansible mysql]#vim tasks/data.yml - name: data dir shell: /usr/local/mysql/bin/mysqld --initialie-insecure --user=mysql --datadir=/data/mysql tags: data [root@ansible mysql]#vim tasks/config.yml - name: config my.cnf copy: src=/data/ansible/roles/mysql/files/my.cnf dest=/etc/my.cnf [root@ansible mysql]#vim tasks/script.yml - name: service script shell: /bin/cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld [root@ansible mysql]#vim tasks/path.yml - name: PATH variable copy: content='PATH=/usr/local/mysql/bin:$PATH' dest=/etc/profile.d/mysql.sh [root@ansible mysql]#vim tasks/service.yml - name: enable service shell: chkconfig --add mysqld:/etc/init.d/mysqld start tags: service [root@ansible mysql]#vim tasks/secure.yml - name: change password shell: /usr/local/mysql/bin/mysqladmin -uroot password {{mysql_root_password}}
3.在playbook中调用角色
[root@ansible ansible]pwd /data/ansible [root@ansible ansible]vim role_mysql.yml --- - hosts: webservers remote_user: root gather_facts: no roles: - mysql
4.运行playbook
[root@ansible ansible]#ansible-playbook -C role_mysql.yml [root@ansible ansible]#ansible-playbook role_mysql.yml [root@ansible ansible]#ansible-playbook role_mysql.yml PLAY [webservers] **************************************************************************************************** TASK [mysql : install packages] ************************************************************************************** ok: [10.0.0.17] TASK [create mysql group] ******************************************************************************************** ok: [10.0.0.17] TASK [create mysql user] ********************************************************************************************* ok: [10.0.0.17] TASK [mysql : copy tar to remote host and file mode] ***************************************************************** changed: [10.0.0.17] TASK [create linkfile /usr/local/mysql] ****************************************************************************** ok: [10.0.0.17] TASK [mysql : data dir] ********************************************************************************************** changed: [10.0.0.17] TASK [mysql : config my.cnf] ***************************************************************************************** changed: [10.0.0.17] TASK [mysql : service script] **************************************************************************************** changed: [10.0.0.17] TASK [mysql : PATH variable] ***************************************************************************************** changed: [10.0.0.17] TASK [mysql : enable service] **************************************************************************************** changed: [10.0.0.17] TASK [mysql : change password] *************************************************************************************** changed: [10.0.0.17] PLAY RECAP *********************************************************************************************************** 10.0.0.17 : ok=11 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [root@centos7 ~]#ss -ntl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:22 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 80 [::]:3306 [::]:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 100 [::1]:25 [::]:* ———————————————— [root@centos7 ~]#mysql -uroot -p123456 -Dmysql mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ ————————————————
2、Ansible playbook实现apache批量部署,并对不同主机提供以各自IP地址为内容的index.html
一、基于key验证免密授权
1.1生成keygen
[root@centos8-hkping ~]#ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:pCNabyYggFETLT7G5hDszaBqeUGh50otLMe0f+FLj1A root@centos8-hkping.com The key's randomart image is: +---[RSA 3072]----+ |o.++. | |o+oo. | |==*o . | |=+X= o | |+O*++ E S | |+=+* = o | |..o + B | | B + | | o . | +----[SHA256]-----+
1.2复制到远程客户端
[root@centos8-hkping ~]#ssh-copy-id root@10.0.0.155 [root@centos8-hkping ~]#ssh-copy-id root@10.0.0.160 [root@centos8-hkping ~]#ssh-copy-id root@10.0.0.161
二、ansible服务器配置
2.1安装ansible
[root@centos8-hkping ~]#yum -y install ansible
2.2配置ansible主机清单
[root@centos8-hkping ~]#vim /etc/ansible/hosts [local] 10.0.0.150 ansible_connection=local [webserver] 10.0.0.155 10.0.0.160 10.0.0.161
2.3检查配置ansible远程主机的连通性
[root@centos8-hkping ~]#ansible all -m ping 10.0.0.150 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.161 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/bin/python" }, "changed": false, "ping": "pong" } 10.0.0.155 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } 10.0.0.160 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
2.4准备相关文件
[root@centos8-hkping httpd]#cd /apps/httpd/ [root@centos8-hkping httpd]#wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.51.tar.bz2 --no-check-certificate [root@centos8-hkping httpd]#wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.bz2 --no-check-certificate wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.bz2 --no-check-certificate [root@centos8-hkping httpd]#vim /apps/httpd/httpd.service [Unit] Description=The Apache HTTP Server After=network.target remote-fs.target nss-lookup.target Documentation=man:httpd(8) Documentation=man:apachectl(8) [Service] Type=forking ExecStart=/apps/httpd/bin/apachectl start ExecReload=/apps/httpd/bin/apachectl graceful ExecStop=/apps/httpd/bin/apachectl stop # We want systemd to give httpd some time to finish gracefully, but still want # it to kill httpd after TimeoutStopSec if something went wrong during the # graceful stop. Normally, Systemd sends SIGTERM signal right after the # ExecStop, which would kill httpd. We are sending useless SIGCONT here to give # httpd time to finish. KillSignal=SIGCONT PrivateTmp=true [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable --now httpd.service [root@centos8-hkping httpd]#ls apr-1.7.0.tar.bz2 httpd-2.4.51.tar.bz2 apr-util-1.6.1.tar.bz2 httpd.service
2.5准备playbook
[root@centos8-hkping httpd]#vim install_httpd.yml - hosts: webserver remote_user: root gather_facts: no vars: data_dir: /usr/local/src base_dir : /apps/httpd install_dir: /apps/httpd httpd_version: httpd-2.4.51 apr_version: apr-1.7.0 apr_util_version: apr-util-1.6.1 httpd_url: https://mirrors.tuna.tsinghua.edu.cn/apache/httpd apr_url: https://mirrors.tuna.tsinghua.edu.cn/apache/apr tasks : - name : install packages yum : name=gcc,make,pcre-devel,openssl-devel,expat-devel,bzip2 state=installed - name : download httpd file unarchive : src: "{{ base_dir }}/{{ httpd_version }}.tar.bz2" dest: "{{ data_dir }}" owner: root copy: yes - name : download apr file unarchive : src: "{{ base_dir }}/{{ apr_version }}.tar.bz2" dest: "{{ data_dir }}" owner: root copy: yes - name : download apr_util file unarchive : src: "{{ base_dir }}/{{ apr_util_version }}.tar.bz2" dest: "{{ data_dir }}" owner: root copy: yes - name : prepare apr dir shell: mv {{ apr_version }} {{ httpd_version }}/srclib/apr args: chdir: "{{ data_dir }}" - name : prepare apr_util dir shell : mv {{ apr_util_version }} {{ httpd_version }}/srclib/apr-util args: chdir: "{{ data_dir }}" - name : build httpd shell : ./configure --prefix={{ install_dir }} --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-enablempms-shared=all --with-mpm=prefork && make -j && make install args: chdir: "{{ data_dir }}/{{ httpd_version }}" - name : create group group : name=apache gid=80 system=yes - name : create user user : name=apache uid=80 group=apache shell=/sbin/nologin system=yes create_home=no home={{ install_dir }}/conf/httpd - name : set httpd user lineinfile : path={{ install_dir }}/conf/httpd.conf regexp='^User' line='User apache' - name : set httpd group lineinfile : path={{ install_dir }}/conf/httpd.conf regexp='^Group' line='Group apache' - name : set variable PATH shell : echo PATH={{ install_dir }}/bin:$PATH >> /etc/profile.d/httpd.sh - name : copy service file to remote copy: src: "{{ base_dir }}/httpd.service" dest: /usr/lib/systemd/system/httpd.service - name : start service service : name=httpd state=started enabled=yes
2.6playbook安装httpd
[root@centos8-hkping httpd]#ansible-playbook install_httpd.yml
2.7测试页面访问
[root@centos8-hkping httpd]#curl -I 10.0.0.155 [root@centos8-hkping httpd]#curl -I 10.0.0.160 [root@centos8-hkping httpd]#curl -I 10.0.0.161
3、http的报文结构和状态码总结
1.http的报文结构(请求报文) 报文由三个由三个部分组成:开始行、首部行和实体主机。 在请求报文中,开始行就是请求行。 request报文格式 <method><request-URL><version> <headers> <entity-body> 2.http的报文结构(响应报文) 报文由三个由三个部分组成:开始行、首部行和实体主机。 响应报文的开始行是状态行。 状态行包括三项内容,即http的版本,状态码,以及解释状态码的简单短语。 response报文格式 <version><status><reason-phrase> <headers> <entity-body> 3.http协议状态码分类 1xx:100-101信息提示 2xx:200-206成功 3xx:300-307重定向 4xx:400-415错误类信息,客户端错误 5xx:500-505错误类信息,服务器端错误 4.http协议常用的状态码 200:成功,请求数据通过响应报文的entity-body部分发送;OK 301:请求的URL志向的资源已近被删除:但是响应报文中通过首部Location指明了资源现在所处的新位置:Moved Permanently 302:响应报文Location指明资源临时新位置Moved Temporarily 304:客户端发出了条件式请求,但服务器上得资源未曾发生改变,则通过响应此响应状态码通知客户端:Not Modified 307:浏览器内部重定向 410:需要输入账号和密码认证方能访问资源:Unauthorized 403:请求被禁止:Forbidden 404:服务器无法找到客户端请求的资源:Not Found 500:服务器内部错误:Internal Server Error 502:代理服务器从后端服务器收到了一条伪响应,如无法连接到网关:Bad Gateway 503:服务不可用,临时服务器维护或过载,服务器无法处理请求 504:网关超时
