配置免密登录服务器及下载备份文件
#!/bin/bash
BACKUP=192.168.30.233 #一行写一个IP
BACKUP_PASSWD="lxzl_root*#2021" #root密码
MYSQLBACKUP=192.168.30.232 #一行写一个IP
MYSQLBACKUP_PASSWD="lxzl_root*#2021" #root密码
#检查是否安装expect
function init {
rpm -qa | grep expect
if [[ $? == 0 ]]; then
echo "expect已安装"
else yum -y install expect
fi
#抓取服务器IP及写入hosts文件
sed -n "/^\[$1/,/^$/p" /etc/ansible/init_server/hosts | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > /etc/ansible/init_server/ip.list && sed -n "/^\[$1/,/^$/p" /etc/ansible/init_server/hosts >> /etc/ansible/hosts
}
#function ssh_hosts {
#sed -n '/^\[$1/,/^$/p' /etc/ansible/init_server/hosts | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > /etc/ansible/init_server/ip.list && sed -n '/^\[$1/,/^$/p' /etc/ansible/init_server/hosts >> /etc/ansible/hosts
# SERVERS=`cat /etc/ansible/init_server/ip.list` #一行写一个IP
# PASSWD="123456" #root密码
# for server in $Server
# do
# sshcopyid
# done
#}
#BACKUP=192.168.30.233 #一行写一个IP
#BACKUP_PASSWD="lxzl_root*#2021" #root密码
#输入免密服务器密码函数
function sshcopyid {
expect -c "
set timeout -1;
spawn ssh-copy-id $1;
expect {
\"yes/no\" { send \"yes\r\" ;exp_continue; }
\"password:\" { send \"$PASSWD\r\";exp_continue; }
};
interact
"
}
#免密登录备份服务器拉去备份文件
function backup_sshcopyid {
expect -c "
set timeout -1;
spawn ssh-copy-id $1;
expect {
\"yes/no\" { send \"yes\r\" ;exp_continue; }
\"password:\" { send \"$BACKUP_PASSWD\r\";exp_continue; }
};
interact
"
}
#免密登录MYSQL备份服务器拉去备份文件
function mysqlbackup_sshcopyid {
expect -c "
set timeout -1;
spawn ssh-copy-id $1;
expect {
\"yes/no\" { send \"yes\r\" ;exp_continue; }
\"password:\" { send \"$MYSQLBACKUP_PASSWD\r\";exp_continue; }
};
interact
"
}
#ansible配置免密登录部署服务器
function ssh_server {
SERVERS=`cat /etc/ansible/init_server/ip.list` #一行写一个IP
PASSWD="LXZLProSvr4ROOT*#2021" #root密码
#PASSWD="123456" #root密码
for server in $SERVERS
do
sshcopyid $server
done
}
#下载代理备份文件
function proxy {
ansible_nginx=/etc/ansible/init_server/roles/nginx/files/
if [ $1 == "NGINX" ];then
scp $BACKUP:/lxserver/backup/Nginx/192.168.0.10/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/
rm -rf nginx && tar xzf nginx_10.tar.gz
ssh_server
elif [ $1 == "JENKINS" ];then
scp $BACKUP:/lxserver/backup/Nginx/192.168.0.120/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/
rm -rf nginx && tar xzf nginx_120.tar.gz
ssh_server
elif [ $1 == "SLB" ];then
scp $BACKUP:/lxserver/backup/Nginx/192.168.0.200/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/
rm -rf nginx && tar xzf nginx_200.tar.gz
ssh_server
else
exit
fi
}
#下载NoSql备份文件
function Nosql {
scp $BACKUP:/lxserver/backup/MongoDB/192.168.0.71/`date +%F -d "1 days ago"`/*.tar.gz /etc/ansible/init_server/roles/mongodb/files/
}
#下载MYSQL备份文件
function mysql {
ansible_mysql=/etc/ansible/init_server/roles/mysql/files/
if [ $1 == "ERPMYSQL" ];then
rm -f $ansible_mysql/*.sql.gz
scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.82/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql
#rm -rf nginx && tar xzf nginx_10.tar.gz
ssh_server
elif [ $1 == "AMSMYSQL" ];then
rm -f $ansible_mysql/*.sql.gz
scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.84/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/
#rm -rf nginx && tar xzf nginx_120.tar.gz
ssh_server
elif [ $1 == "HSCSMYSQL" ];then
rm -f $ansible_mysql/*.sql.gz
scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.162/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/
#rm -rf nginx && tar xzf nginx_200.tar.gz
ssh_server
elif [ $1 == "WMSMYSQL" ];then
rm -f $ansible_mysql/*.sql.gz
scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.164/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/
#rm -rf nginx && tar xzf nginx_200.tar.gz
ssh_server
elif [ $1 == "ALMMYSQL" ];then
rm -f $ansible_mysql/*.sql.gz
scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.166/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/
#rm -rf nginx && tar xzf nginx_200.tar.gz
ssh_server
else
exit
fi
}
#main函数
function main {
if [ $1 == "NGINX" -o $1 == "SLB" -o $1 == "JENKINS" ];then
init
#备份服务器
backup_sshcopyid $BACKUP
proxy $1
elif [ $1 == "NoSql" ];then
init
backup_sshcopyid $BACKUP
Nosql $1
ssh_server
elif [ $1 == "HSCS-NoSql" -o $1 == "APP" -o $1 == "KAFKA" -o $1 == "FASTDFS" -o $1 == "SERVER" ];then
init
ssh_server
elif [ $1 == "ERPMYSQL" -o $1 == "HSCSMYSQL" -o $1 == "AMSMYSQL" -o $1 == "WMSMYSQL" -o $1 == "ALMMYSQL" -o $1 == "MYSQL" ];then
init
ssh_server
mysqlbackup_sshcopyid $MYSQLBACKUP
mysql $1
#ssh_server
else
echo "输入参数错误,请输入:APP | NGINX | SLB | JENKINS | NoSql | HSCS-NOSQL | KAFKA | FASTDFS | SERVER | ERPMYSQL | AMSMYSQL | HSCSMYSQL | WMSMYSQL | ALMMYSQL"
exit
fi
}
#程序入口
main $1
安装配置redis
cat HSCS-Init_Nosql.yml
- name: init server
#gather_facts: False
remote_user: root
hosts: Hscs-NoSql
roles:
- init
- hscs-redis
![]()
安装配置mongodb及数据恢复
cat roles/mongodb/tasks/main.yml
- name: copy install package
copy:
src: "{{ item }}"
dest: /root
with_items:
- mongodb-org-4.0.1-1.el7.x86_64.rpm
- mongodb-org-server-4.0.1-1.el7.x86_64.rpm
- mongodb-org-mongos-4.0.1-1.el7.x86_64.rpm
- mongodb-org-shell-4.0.1-1.el7.x86_64.rpm
- mongodb-org-tools-4.0.1-1.el7.x86_64.rpm
- name: install mongod
shell: yum localinstall -y /root/mongodb-* && rm -f /root/mongodb-* /etc/mongo* && rm -f /usr/lib/systemd/system/mongo*
- name: copy mongo service && conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mongod19000.conf', dest: '/etc/', mode: '0644' }
- { src: 'mongod19001.conf', dest: '/etc/', mode: '0644' }
- { src: 'mongod19000.service', dest: '/usr/lib/systemd/system', mode: '0644' }
- { src: 'mongod19001.service', dest: '/usr/lib/systemd/system', mode: '0644' }
- name: mkdir dir
file:
path: "{{ item }}"
state: directory
with_items:
- /var/run/mongodb19000
- /var/lib/mongo19000
- /var/log/mongodb19000
- /var/run/mongodb19001
- /var/lib/mongo19001
- /var/log/mongodb19001
- name: Unarchive a file that is already on the remote machine
unarchive:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mongodb_71_19000_all.tar.gz', dest: '/var/lib/mongo19000', mode: '0755' }
- { src: 'mongodb_71_19001_all.tar.gz', dest: '/var/lib/mongo19001', mode: '0755' }
- name: daemon-reload
shell: systemctl daemon-reload
- name: systemctl start
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- mongod19000
- mongod19001
- name: 19000 restore data
shell: mongorestore -h 127.0.0.1:19000 -d "{{ item.name }}" "{{ item.path }}"
with_items:
- { name: 'workflow', path: '/var/lib/mongo19000/mongodb_71_19000_all/workflow' }
- { name: 'risk_system', path: '/var/lib/mongo19000/mongodb_71_19000_all/risk_system' }
- { name: 'admin', path: '/var/lib/mongo19000/mongodb_71_19000_all/admin' }
- name: 19001 restore data
shell: mongorestore -h 127.0.0.1:19001 -d "{{ item.name }}" "{{ item.path }}"
with_items:
- { name: 'tencent_qm_status', path: '/var/lib/mongo19001/mongodb_71_19001_all/tencent_qm_status' }
- { name: 'lxzl_message', path: '/var/lib/mongo19001/mongodb_71_19001_all/lxzl_message' }
- { name: 'admin', path: '/var/lib/mongo19001/mongodb_71_19001_all/admin' }
- name: 19000 restore data
shell: mongorestore -h 127.0.0.1:19000 -u '{{ item.user}}' -p '{{ item.password}}' -d "{{ item.name }}" "{{ item.path }}"
with_items:
- { user: 'workflow', password: 'workflow', name: 'workflow', path: '/var/lib/mongo19000/mongodb_71_19000_all/workflow' }
- { user: 'risk_system', password: 'risk_system', name: 'risk_system', path: '/var/lib/mongo19000/mongodb_71_19000_all/risk_system' }
- { user: 'root', password: 'lx_root*#2020', name: 'admin', path: '/var/lib/mongo19000/mongodb_71_19000_all/admin' }
- name: 19001 restore data
shell: mongorestore -h 127.0.0.1:19001 -u '{{ item.user}}' -p '{{ item.password}}' -d "{{ item.name }}" "{{ item.path }}"
with_items:
- { user: 'tencent_qm_status', password: 'tencent_qm_status', name: 'tencent_qm_status', path: '/var/lib/mongo19001/mongodb_71_19001_all/tencent_qm_status' }
- { user: 'lxzl_message', password: 'lxzl_message', name: 'lxzl_message', path: '/var/lib/mongo19001/mongodb_71_19001_all/lxzl_message' }
- { user: 'root', password: 'lx_root*#2020', name: 'admin', path: '/var/lib/mongo19001/mongodb_71_19001_all/admin' }
shell: systemctl daemon-reload
- name: systemctl start
service:
name: "{{ item }}"
state: started
enabled: yes
with_items:
- mongod19000
- mongod19001
- name: reboot
shell: reboot
cat Init_Mysql.yml
- name: init server
gather_facts: False
remote_user: root
hosts: Mysql
vars:
- key: 164 #主机变量,指定后续恢复那台mysql数据
roles:
- init
- mysql
安装配置mysql及数据恢复
cat roles/mysql/tasks/main.yml
- name: copy mysql
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql-community-common-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' }
- { src: 'mysql-community-libs-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' }
- { src: 'mysql-community-libs-compat-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' }
- { src: 'mysql-community-client-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' }
- { src: 'mysql-community-server-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' }
#- name: stop mariadb
# service:
# name: mariadb
# state: stopped
- name: remove mariadb
yum:
name: mariadb
state: absent
- name: install mysql
yum:
name: "{{ packages }}"
vars:
packages:
- /opt/mysql-community-common-5.7.11-1.el7.x86_64.rpm
- /opt/mysql-community-libs-5.7.11-1.el7.x86_64.rpm
- /opt/mysql-community-libs-compat-5.7.11-1.el7.x86_64.rpm
- /opt/mysql-community-client-5.7.11-1.el7.x86_64.rpm
- /opt/mysql-community-server-5.7.11-1.el7.x86_64.rpm
- name: copy mysql config file
copy: src='my.cnf' dest='/etc/' mode='0644'
- name: start mysqld
service:
name: mysqld
state: started
enabled: yes
- name: copy change password
copy:
src: "mysql.sh"
dest: "/root"
- name: chang root password
shell: sh /root/mysql.sh
- name: copy AMS file that is already on the remote machine
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql_84_db_lxzl_ams_admin.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_db_lxzl_ams.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_db_lxzl_ams_workflow.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_db_lxzl_nacos.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_db_lxzl_openapi.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_db_lxzl_rules_engine.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_84_mysql.sql.gz', dest: '/root', mode: '0644' }
when: key == 84
- name: gzip backup file
shell: cd /root && gzip -d {{ item }}
with_items:
- mysql_84_db_lxzl_ams_admin.sql.gz
- mysql_84_db_lxzl_ams.sql.gz
- mysql_84_db_lxzl_ams_workflow.sql.gz
- mysql_84_db_lxzl_nacos.sql.gz
- mysql_84_db_lxzl_openapi.sql.gz
- mysql_84_db_lxzl_rules_engine.sql.gz
- mysql_84_mysql.sql.gz
when: key == 84
- name: copy ERP file that is already on the remote machine
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql_82_db_lxzl_app.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_bank_enterprise.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_bill.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_contract.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_coupon.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_datacenter.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_dingding.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_erp.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_file_gateway.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_message_gateway.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_oauth.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_payment_gateway.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_product.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_risk_system.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_sap_assets_modification.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_sms.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_worker.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_workflow.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_db_lxzl_zl_jd.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_82_mysql.sql.gz', dest: '/root', mode: '0644' }
when: key == 82
- name: gzip backup file
shell: cd /root && gzip -d {{ item }}
with_items:
- mysql_82_db_lxzl_app.sql.gz
- mysql_82_db_lxzl_bank_enterprise.sql.gz
- mysql_82_db_lxzl_bill.sql.gz
- mysql_82_db_lxzl_contract.sql.gz
- mysql_82_db_lxzl_coupon.sql.gz
- mysql_82_db_lxzl_datacenter.sql.gz
- mysql_82_db_lxzl_dingding.sql.gz
- mysql_82_db_lxzl_erp.sql.gz
- mysql_82_db_lxzl_file_gateway.sql.gz
- mysql_82_db_lxzl_message_gateway.sql.gz
- mysql_82_db_lxzl_oauth.sql.gz
- mysql_82_db_lxzl_payment_gateway.sql.gz
- mysql_82_db_lxzl_product.sql.gz
- mysql_82_db_lxzl_risk_system.sql.gz
- mysql_82_db_lxzl_sap_assets_modification.sql.gz
- mysql_82_db_lxzl_sms.sql.gz
- mysql_82_db_lxzl_worker.sql.gz
- mysql_82_db_lxzl_workflow.sql.gz
- mysql_82_db_lxzl_zl_jd.sql.gz
- mysql_82_mysql.sql.gz
when: key == 82
- name: copy HSCSMYSQL file that is already on the remote machine
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql_162_db_lxzl_hscs.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_162_mysql.sql.gz', dest: '/root', mode: '0644' }
when: key == 162
- name:
shell: cd root && gzip -d {{ item }}
with_items:
- mysql_162_db_lxzl_hscs.sql.gz
- mysql_162_mysql.sql.gz
when: key == 162
- name: copy WMSMYSQL file that is already on the remote machine
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql_164_db_lxzl_purchase.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_164_db_lxzl_sap.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_164_db_lxzl_wms.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_164_mysql.sql.gz', dest: '/root', mode: '0644' }
when: key == 164
- name:
shell: cd /root && gzip -d {{ item }}
with_items:
- mysql_164_db_lxzl_purchase.sql.gz
- mysql_164_db_lxzl_sap.sql.gz
- mysql_164_db_lxzl_wms.sql.gz
- mysql_164_mysql.sql.gz
when: key == 164
- name: copy ALMMYSQL file that is already on the remote machine
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode }}"
with_items:
- { src: 'mysql_166_halm_atn.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_mdm.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_mmt.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_mtc.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_open.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_platform.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_halm_ppm.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_file.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_governance.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_import.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_interface.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_message.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_platform.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_hzero_scheduler.sql.gz', dest: '/root', mode: '0644' }
- { src: 'mysql_166_mysql.sql.gz', dest: '/root', mode: '0644' }
when: key == 166
- name:
shell: cd /root && gzip -d {{ item }}
with_items:
- mysql_166_halm_atn.sql.gz
- mysql_166_halm_mdm.sql.gz
- mysql_166_halm_mmt.sql.gz
- mysql_166_halm_mtc.sql.gz
- mysql_166_halm_open.sql.gz
- mysql_166_halm_platform.sql.gz
- mysql_166_halm_ppm.sql.gz
- mysql_166_hzero_file.sql.gz
- mysql_166_hzero_governance.sql.gz
- mysql_166_hzero_import.sql.gz
- mysql_166_hzero_interface.sql.gz
- mysql_166_hzero_message.sql.gz
- mysql_166_hzero_platform.sql.gz
- mysql_166_hzero_scheduler.sql.gz
- mysql_166_mysql.sql.gz
when: key == 166
- name: DELETE GTID SQL
shell: sed -i "/^SET\ \@\@GLOBAL.GTID_PURGED/,/^$/d" /root/*.sql
- name: restore data
shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }}
with_items:
- mysql_84_db_lxzl_ams_admin.sql
- mysql_84_db_lxzl_ams.sql
- mysql_84_db_lxzl_ams_workflow.sql
- mysql_84_db_lxzl_nacos.sql
- mysql_84_db_lxzl_openapi.sql
- mysql_84_db_lxzl_rules_engine.sql
- mysql_84_mysql.sql
when: key == 84
- name: restore data
shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }}
with_items:
- mysql_82_db_lxzl_app.sql
- mysql_82_db_lxzl_bank_enterprise.sql
- mysql_82_db_lxzl_bill.sql
- mysql_82_db_lxzl_contract.sql
- mysql_82_db_lxzl_coupon.sql
- mysql_82_db_lxzl_datacenter.sql
- mysql_82_db_lxzl_dingding.sql
- mysql_82_db_lxzl_erp.sql
- mysql_82_db_lxzl_file_gateway.sql
- mysql_82_db_lxzl_message_gateway.sql
- mysql_82_db_lxzl_oauth.sql
- mysql_82_db_lxzl_payment_gateway.sql
- mysql_82_db_lxzl_product.sql
- mysql_82_db_lxzl_risk_system.sql
- mysql_82_db_lxzl_sap_assets_modification.sql
- mysql_82_db_lxzl_sms.sql
- mysql_82_db_lxzl_worker.sql
- mysql_82_db_lxzl_workflow.sql
- mysql_82_db_lxzl_zl_jd.sql
- mysql_82_mysql.sql
when: key == 82
- name: restore data
shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }}
with_items:
- mysql_162_db_lxzl_hscs.sql
- mysql_162_mysql.sql
when: key == 162
- name: restore data
shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }}
with_items:
- mysql_164_db_lxzl_purchase.sql
- mysql_164_db_lxzl_sap.sql
- mysql_164_db_lxzl_wms.sql
- mysql_164_mysql.sql
when: key == 164
- name: restore data
shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }}
with_items:
- mysql_166_halm_atn.sql
- mysql_166_halm_mdm.sql
- mysql_166_halm_mmt.sql
- mysql_166_halm_mtc.sql
- mysql_166_halm_open.sql
- mysql_166_halm_platform.sql
- mysql_166_halm_ppm.sql
- mysql_166_hzero_file.sql
- mysql_166_hzero_governance.sql
- mysql_166_hzero_import.sql
- mysql_166_hzero_interface.sql
- mysql_166_hzero_message.sql
- mysql_166_hzero_platform.sql
- mysql_166_hzero_scheduler.sql
- mysql_166_mysql.sql
when: key == 166
服务器初始化
cat roles/init/tasks/main.yml
#修改ssh
- name: Modify ssh port 12580
lineinfile:
dest: /etc/ssh/{{ item }}
regexp: '^Port 12580'
insertafter: '#Port 22'
line: 'Port 12580'
with_items:
- sshd_config
tags:
- sshport
- name: PermitRootLogin
replace:
path: /etc/ssh/sshd_config
regexp: '#PermitRootLogin yes'
replace: 'PermitRootLogin no'
- name: selinux
shell: getenforce
register: selinux
- name: set permissive
shell: setenforce 0
when: selinux == 'Enforcing'
#DNS
- name: add dns
lineinfile:
dest: /etc/resolv.conf
line: 'nameserver 114.114.114.114'
- name: 关闭防火墙服务
service:
name: firewalld
state: stopped
enabled: no
#修改seliunx
- name: set selinux disabled
replace:
path: /etc/selinux/config
regexp: '^SELINUX=enforcing'
replace: 'SELINUX=disabled'
#修改root,lxops和jenkins密码
- name: create user
user: name={{ item.user }} password={{ item.password | password_hash('sha512') }} state=present
with_items:
- { user: 'root', password: 'LXZLProSvr4ROOT*#2021' }
- { user: 'lxops', password: 'LXZLProSvr4LXOPS*#0755' }
- { user: 'jenkins', password: 'LXZLProSvr4JENKINS*#2021' }
#用户添加sudoer权限
- name: add sudo
lineinfile:
path: /etc/sudoers
regexp: '{{ item.user }} ALL=(ALL) NOPASSWD:ALL'
insertafter: '^root'
line: '{{ item.user }} ALL=(ALL) NOPASSWD:ALL'
with_items:
- { user: 'lxops' }
- { user: 'jenkins' }
#安装基础工具
- name: yum
shell: yum install -y vim wget net-tools tcping bash-completion dos2unix lrzsz ntp ntpdate openssl openssl-devel pcre pcre-devel git ntp ntpdate zip zip-devel unzip bzip2 bzip2-devel epel-release
#定时清理垃圾文件
- name: clean
shell: echo "10 * * * * /usr/bin/find /var/spool/clientmqueue/ -type f -mtime +7 | xargs rm -f > /dev/null 2>&1" >> /var/spool/cron/root
#判断是否已安装elrepo源
- name: register elrepo repo
stat:
path: "/etc/yum.repos.d/elrepo.repo"
register: file_path
#- name: import key
# shell: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
- name: yum install elrepo.repo
shell: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org && rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
when: file_path.stat.exists == False
- name: ali yum
shell: curl http://mirrors.aliyun.com/repo/Centos-7.repo > /etc/yum.repos.d/aliyum.repo
#安装epel
- name: epel repo
stat:
path: "/etc/yum.repos.d/epel.repo"
register: file_path
- name: yum install epel.repo
yum_repository:
name: epel-release
state: present
when: file_path.stat.exists == False
#内核优化
#- name: register file
# stat:
# path: "/etc/security/limits.conf"
# register: file_path
#
#- name:
# file:
# touch: touch /etc/security/limits.conf
# when: file_path.stat.exists == False
- name:
shell: rm -f /etc/security/limits.conf /etc/sysctl.conf
- name:
copy: src=limits.conf dest=/etc/security/
- name: copy
copy: src=sysctl.conf dest=/etc
所有代码
链接:https://pan.baidu.com/s/16uKXGI2D2xPEhTbY8xyyrA
提取码:y2ed
浙公网安备 33010602011771号