使用ansible-playbook自动化安装mongodb replica set
【使用自动化安装mongodb的replica set架构】
说明:使用ansible-playbook 自动化安装replica set架构
【剧本说明】
以下文件在roles目录下
tree mongo_cluster
mongo_cluster
├── handlers
│ └── main.yml mongodb服务操作
├── tasks
│ ├── install_backup.yml mongodb备份剧本
│ ├── install_exporter.yml mongodb的监控进程剧本
│ └── main.yml 主要步骤剧本
├── templates
│ ├── mongodb_bak.sh mongodb备份的脚本
│ ├── mongodb-exporter.service mongodb监控服务
│ ├── mongodb.service.j2 mongodb服务
│ ├── mongod.conf.j2 mongodb的配置文件
│ └── readme.md
└── vars
└── main.yml 全部的环境变量
【对应目录创建脚本】
handlers目录
vim main.yml
---
- name: reload systemd
systemd:
name: mongod
daemon_reload: yes
enabled: yes
- name: mongodb restart
service:
name: mongod
state: restarted
- name: wait when mongodb is started
wait_for:
host: "{{item}}"
port: "{{mongo_net_port}}"
timeout: 120
with_items: localhost
task目录
vim main.yml
---
- name: prepare dir
file:
name: "{{item}}"
state: directory
mode: '0755'
with_items:
- "{{data_path}}/mongo"
- name: download rpm
copy: src={{download_target}}/{{item.name}} dest=/tmp/{{item.name}} mode=0755
with_items:
- { name: 'mongodb-org-tools-4.2.8-1.el7.x86_64.rpm' }
- { name: 'mongodb-org-mongos-4.2.8-1.el7.x86_64.rpm' }
- { name: 'mongodb-org-shell-4.2.8-1.el7.x86_64.rpm' }
- { name: 'mongodb-org-server-4.2.8-1.el7.x86_64.rpm' }
- { name: 'pymongo-3.12.3.tar.gz' }
- name: unarchive pymongo to /tmp/
shell: tar -xzf /tmp/pymongo-3.12.3.tar.gz -C /tmp/
- name: setup pymongo
shell: cd /tmp/pymongo-3.12.3; python setup.py install
- name: install rpm
yum:
name: /tmp/{{item}}
state: present
with_items:
- mongodb-org-tools-4.2.8-1.el7.x86_64.rpm
- mongodb-org-mongos-4.2.8-1.el7.x86_64.rpm
- mongodb-org-shell-4.2.8-1.el7.x86_64.rpm
- mongodb-org-server-4.2.8-1.el7.x86_64.rpm
- name: make service
template:
src: mongodb.service.j2
dest: "/etc/systemd/system/mongod.service"
owner: root
group: root
mode: '0644'
notify:
- reload systemd
- name: create mongodb group
group:
name: mongod
state: present
- name: create mongodb user
user:
name: mongod
group: mongod
state: present
- name: Create keyFile
copy:
dest: "{{data_path}}/mongo/mongodb-keyfile"
content:Diok6ZoiJm6YhZ0oqsXIPUpWTPwCcMi8BZWB+jqgt3pUSmEz3EwhR3oN1z1Hgi0Q
nnjfaWhsmXHICp4OYDVIq8ApMgU+eCU0G6oBXjSR70DnLLwBySBCOo+CPQXh29wd
pPWXU9O8xJQEMAg+u1SJVhi9oP9y+HD5twby03fcybjXhGgXIoksgCt8f3rDwB7i
fzUR1eO92otbxw8eZbvTIP+TXpASiDcQF7kLGZmLDjMGySgtyziU7xlKdSKkjxXn
bLxYDNNJXf0DsEHlasOvflNJY0nytwc4Nf0EU5w8YgmHzq4Mr8lo1bBgrmcjaidS
U2eeqACOdcTUp9zDZI8+krDvJEOcpF/kRFDVVus1+mW+C/tq7HrKD6SqautqGb7f
91txI108vVBUNR55WXe5zolzTM66XVesp6Sf9vzjqxpo1BrfytJMnKpW6VQluOPX
PTcU4vYznzCXQniZTLfXvDyN5yqZGdx3pDMGuU4jcA9hOtRb9Oz8MnnA87IQ3srI
1e4rkeUlc9sG0U5fYPjtkhReDVoWO12FTVl2WUxqx+YL/2p9XmIX5G0k3b47oAwk
WjvfmbvH5UYUVlci5kLgbak5Rmn0QNEuLZTmlIcfJSthFNmnxOQ+6H+N6QuptCHk
6amX/zaBUpqU31sQEPh5RMu6CAfVMXvz3x3Pr+Q3xYL2yXBkKZ/ZbL2YCNhIY/7b
yLzJ59V2eoY4/8PPNDJyJjj7rRKeV0QD8kNVkfN+W/DVVNXf7V+98wtZvvwwuNoT
7W+LOaHCtkyqdiSxcwQcwEe9GrwhoOu4MFQs7OKcTbl2vK2rGeP09YIZ7B0b+gO2
o5qTRfqw3+JpCitvcpny+oiOODAUC3qY4LnJpodlp5QhN88kAgQF6Bc0yi6XYeMW
+o3NXKxjOZKGFpFNH3ympxmstjJ5RTq4I6RnP9ctmy/hc4KRaPV5UNvgmhOEuI3F
Yu88KQpp1LgGjcw1bXo+1rCgbs80/u+B0Q==
owner: mongod
group: root
mode: 0600
- name: create log dir if missing
file:
state: directory
dest: "{{data_path}}/mongo/log"
owner: mongod
group: mongod
mode: 0755
when: mongo_sysytemlog_destiantion == "file"
- name: ensure dbpath directory
file:
path: "{{data_path}}/mongo/data"
state: directory
owner: mongod
group: mongod
setype: 'mongod_var_lib_t'
recurse: true
follow: true
- name: authorization
set_fact:
authorization: false
- name: make conf
template:
src: mongod.conf.j2
dest: "{{data_path}}/mongo/mongod.conf"
owner: root
group: root
mode: 0644
notify:
- mongodb restart
- wait when mongodb is started
- name: flush all handlers at this point
meta: flush_handlers
- name: create admin user
mongodb_user:
database: admin
name: "{{item.name}}"
password: "{{item.password}}"
roles: "{{item.roles}}"
login_port: "27017"
with_items:
- {
name: "{{mongo_root_username}}",
password: "{{mongo_root_password}}",
roles: "root"
}
- name: create backup user
mongodb_user:
database: admin
name: "{{mongo_backup_username}}"
password: "{{mongo_backup_password}}"
roles:
- clusterAdmin
- dbAdminAnyDatabase
- userAdminAnyDatabase
- readWriteAnyDatabase
- readAnyDatabase
- clusterManager
- clusterMonitor
- hostManager
- readWriteAnyDatabase
login_port: "27017"
- name: set authorization
set_fact:
authorization: true
- name: make conf
template:
src: mongod.conf.j2
dest: "{{data_path}}/mongo/mongod.conf"
owner: root
group: root
mode: 0644
notify:
- mongodb restart
- wait when mongodb is started
- name: flush all handlers at this point
meta: flush_handlers
- name: register replicaset_host
set_fact:
replicaset_host: []
- name: loop host
set_fact:
replicaset_host: "{{replicaset_host}} + [ '{{item}}:{{mongo_net_port}}' ]"
with_items: "{{groups['mongo_cluster']}}"
- name: set arbiter
mongodb_replicaset:
login_host: localhost
login_port: "{{mongo_net_port}}"
login_user: "{{mongo_root_username}}"
login_password: "{{mongo_root_password}}"
replica_set: easydb
members: "{{replicaset_host}}"
arbiter_at_index: 2
when: ( primary is defined and primary )
- name: sleep 30 seconds
shell: sleep 30s
- name: restart mongodb secondary
shell: systemctl daemon-reload && systemctl stop mongod.service && sleep 30s && systemctl start mongod.service
when: secondary is defined and secondary
- name: install Exporter
include: install_exporter.yml
when: (primary is defined and primary ) or ( secondary is defined and secondary )
tags:
- mongodb_exporter
- name: install backup files
include: install_backup.yml
tags:
- mongodb_backup
vim install_exporter.yml
---
- name: Download mongodb Exporter
copy: src={{download_target}}/{{exporter_binary}} dest=/usr/local/bin/{{exporter_binary}} mode=0755
- name: Add mongodb exporter system server
template:
dest: /etc/systemd/system/mongodb-exporter.service
src: mongodb-exporter.service
- name: Ensure mongodb exporter is enabled
systemd:
daemon_reload: yes
name: mongodb-exporter
enabled: yes
- name: Start mongodb exporter
service:
name: mongodb-exporter
state: restarted
enabled: yes
vim install_backup.yml --- - name: create data directory file: path: '{{backup_dir}}/{{item.0}}/{{item.1}}' state: directory owner: root group: root recurse: yes with_nested: - ['mongodb_bak'] - ['mongodbdump', 'scripts', 'logs'] when: (primary is defined and primary ) - name: Add mongodb backup shell scripts template: dest: '{{backup_dir}}/mongodb_bak/scripts/mongodb_bak.sh' src: mongodb_bak.sh mode: 755 when: (primary is defined and primary ) - name: Mongodb xtrabackup ansible.builtin.cron: name: "Mongodb mongodump" minute: "0" hour: "3" job: "{{backup_dir}}/mongodb_bak/scripts/mongodb_bak.sh >> {{backup_dir}}/mongodb_bak/logs/mongodb_back_all.log 2>&1 &" disabled: false when: (primary is defined and primary )
templates目录
vim mongod.conf.j2
# {{ansible_managed}}
systemLog:
destination: {{mongo_sysytemlog_destiantion}}
{% if mongo_sysytemlog_destiantion == 'file' %}
logAppend: true
logRotate: "rename"
path: {{data_path}}/mongo/log/mongo.log
{% endif %}
net:
bindIp: 0.0.0.0
maxIncomingConnections: 65536
port: "{{mongo_net_port}}"
{% if authorization is defined and authorization %}
replication:
oplogSizeMB: 6144
replSetName: easydb
security:
authorization: enabled
keyFile: "{{data_path}}/mongo/mongodb-keyfile"
javascriptEnabled: false
{% else %}
security:
authorization: disabled
{% endif %}
storage:
journal:
enabled: true
dbPath: {{data_path}}/mongo/data
directoryPerDB: true
engine: wiredTiger
wiredTiger:
engineConfig:
cacheSizeGB: 3
directoryForIndexes: true
collectionConfig:
blockCompressor: zlib
indexConfig:
prefixCompression: true
processManagement:
fork: true
pidFilePath: /var/run/mongodb/mongod.pid
vim mongodb.service.j2
[Unit]
Description=MongoDB Database Server
Documentation=https://docs.mongodb.org/manual
After=network.target
[Service]
User=mongod
Group=mongod
Environment="OPTIONS=-f {{data_path}}/mongo/mongod.conf"
EnvironmentFile=-/etc/sysconfig/mongod
ExecStart=/usr/bin/mongod $OPTIONS
ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb
ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb
ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb
PermissionsStartOnly=true
PIDFile=/var/run/mongodb/mongod.pid
Type=forking
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=64000
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
# Recommended limits for for mongod as specified in
# http://docs.mongodb.org/manual/reference/ulimit/#recommended-settings
[Install]
WantedBy=multi-user.target
vim mongodb-exporter.service
[Unit]
Description=mongodb_exporter
After=network.target
Documentation= https://github.com/percona/mongodb_exporter
[Service]
Type=simple
ExecStart=/usr/local/bin/mongodb-exporter --mongodb.uri=mongodb://backup_admin:tcHykBYyXj@127.0.0.1:27017/admin?ssl=false
Restart=on-failure
[Install]
WantedBy=multi-user.target
mongodb备份脚本需要根据实际情况编写,有需要的发信息我这边提供
vim mongodb_bak.sh
vars目录
vim main.yml
---
data_path: /data
mongo_root_username: admin
mongo_root_password: admin_1234
mongo_backup_username: backup
mongo_backup_password: backup_1234
mongo_database: admin
mongo_net_port: 27017
mongo_sysytemlog_destiantion: file
download_target: /tmp/soft
exporter_binary: mongodb-exporter
backup_dir: /backup/mongodb
【安装包及配置】
环境变量说明,这里默认数据目录为/data,用户信息及备份信息
vim main.yml
---
data_path: /data 数据目录
mongo_root_username: admin 管理员用户
mongo_root_password: admin_1234 管理员密码
mongo_backup_username: backup 备份用户
mongo_backup_password: backup_1234 备份密码
mongo_database: admin
mongo_net_port: 27017 端口
mongo_sysytemlog_destiantion: file
download_target: /tmp/soft 软件的目录
exporter_binary: mongodb-exporter
backup_dir: /backup/mongodb 备份目录
创建ansible的hosts文件,前面换成你的IP,root用户root密码
[mongo_cluster]
IPXXX ansible_user=root ansible_ssh_pass=xxx primary=true
IPXXX ansible_user=root ansible_ssh_pass=xxx secondary=true
IPXXX ansible_user=root ansible_ssh_pass=xxx arbiter=true
创建playbook文件
vim mongo_cluster.yaml
---
- hosts: mongo_cluster
gather_facts: yes
roles:
- mongo_cluster
然后执行自动化安装,等待安装完成即可
可以使用openssl rand -base64 745创建新的ssl key
ansible-playbook mongo_cluster.yaml
【检查】
查看数据库服务:systemctl status mongod
查看监控服务:systemctl status mongod-exporter
查看备份信息:crontab -l
