ansible环境安装及数据恢复

配置免密登录服务器及下载备份文件
#!/bin/bash BACKUP=192.168.30.233 #一行写一个IP BACKUP_PASSWD="lxzl_root*#2021" #root密码 MYSQLBACKUP=192.168.30.232 #一行写一个IP MYSQLBACKUP_PASSWD="lxzl_root*#2021" #root密码 #检查是否安装expect function init { rpm -qa | grep expect if [[ $? == 0 ]]; then echo "expect已安装" else yum -y install expect fi #抓取服务器IP及写入hosts文件 sed -n "/^\[$1/,/^$/p" /etc/ansible/init_server/hosts | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > /etc/ansible/init_server/ip.list && sed -n "/^\[$1/,/^$/p" /etc/ansible/init_server/hosts >> /etc/ansible/hosts } #function ssh_hosts { #sed -n '/^\[$1/,/^$/p' /etc/ansible/init_server/hosts | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' > /etc/ansible/init_server/ip.list && sed -n '/^\[$1/,/^$/p' /etc/ansible/init_server/hosts >> /etc/ansible/hosts # SERVERS=`cat /etc/ansible/init_server/ip.list` #一行写一个IP # PASSWD="123456" #root密码 # for server in $Server # do # sshcopyid # done #} #BACKUP=192.168.30.233 #一行写一个IP #BACKUP_PASSWD="lxzl_root*#2021" #root密码 #输入免密服务器密码函数 function sshcopyid { expect -c " set timeout -1; spawn ssh-copy-id $1; expect { \"yes/no\" { send \"yes\r\" ;exp_continue; } \"password:\" { send \"$PASSWD\r\";exp_continue; } }; interact " } #免密登录备份服务器拉去备份文件 function backup_sshcopyid { expect -c " set timeout -1; spawn ssh-copy-id $1; expect { \"yes/no\" { send \"yes\r\" ;exp_continue; } \"password:\" { send \"$BACKUP_PASSWD\r\";exp_continue; } }; interact " } #免密登录MYSQL备份服务器拉去备份文件 function mysqlbackup_sshcopyid { expect -c " set timeout -1; spawn ssh-copy-id $1; expect { \"yes/no\" { send \"yes\r\" ;exp_continue; } \"password:\" { send \"$MYSQLBACKUP_PASSWD\r\";exp_continue; } }; interact " } #ansible配置免密登录部署服务器 function ssh_server { SERVERS=`cat /etc/ansible/init_server/ip.list` #一行写一个IP PASSWD="LXZLProSvr4ROOT*#2021" #root密码 #PASSWD="123456" #root密码 for server in $SERVERS do sshcopyid $server done } #下载代理备份文件 function proxy { ansible_nginx=/etc/ansible/init_server/roles/nginx/files/ if [ $1 == "NGINX" ];then scp $BACKUP:/lxserver/backup/Nginx/192.168.0.10/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/ rm -rf nginx && tar xzf nginx_10.tar.gz ssh_server elif [ $1 == "JENKINS" ];then scp $BACKUP:/lxserver/backup/Nginx/192.168.0.120/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/ rm -rf nginx && tar xzf nginx_120.tar.gz ssh_server elif [ $1 == "SLB" ];then scp $BACKUP:/lxserver/backup/Nginx/192.168.0.200/`date +%F`/*.tar.gz $ansible_nginx #/etc/ansible/init_server/roles/nginx/files/ rm -rf nginx && tar xzf nginx_200.tar.gz ssh_server else exit fi } #下载NoSql备份文件 function Nosql { scp $BACKUP:/lxserver/backup/MongoDB/192.168.0.71/`date +%F -d "1 days ago"`/*.tar.gz /etc/ansible/init_server/roles/mongodb/files/ } #下载MYSQL备份文件 function mysql { ansible_mysql=/etc/ansible/init_server/roles/mysql/files/ if [ $1 == "ERPMYSQL" ];then rm -f $ansible_mysql/*.sql.gz scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.82/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #rm -rf nginx && tar xzf nginx_10.tar.gz ssh_server elif [ $1 == "AMSMYSQL" ];then rm -f $ansible_mysql/*.sql.gz scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.84/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/ #rm -rf nginx && tar xzf nginx_120.tar.gz ssh_server elif [ $1 == "HSCSMYSQL" ];then rm -f $ansible_mysql/*.sql.gz scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.162/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/ #rm -rf nginx && tar xzf nginx_200.tar.gz ssh_server elif [ $1 == "WMSMYSQL" ];then rm -f $ansible_mysql/*.sql.gz scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.164/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/ #rm -rf nginx && tar xzf nginx_200.tar.gz ssh_server elif [ $1 == "ALMMYSQL" ];then rm -f $ansible_mysql/*.sql.gz scp $MYSQLBACKUP:/lxserver/backup/MySQL/192.168.0.166/`date +%F -d "1 days ago"`/*.sql.gz $ansible_mysql #/etc/ansible/init_server/roles/nginx/files/ #rm -rf nginx && tar xzf nginx_200.tar.gz ssh_server else exit fi } #main函数 function main { if [ $1 == "NGINX" -o $1 == "SLB" -o $1 == "JENKINS" ];then init #备份服务器 backup_sshcopyid $BACKUP proxy $1 elif [ $1 == "NoSql" ];then init backup_sshcopyid $BACKUP Nosql $1 ssh_server elif [ $1 == "HSCS-NoSql" -o $1 == "APP" -o $1 == "KAFKA" -o $1 == "FASTDFS" -o $1 == "SERVER" ];then init ssh_server elif [ $1 == "ERPMYSQL" -o $1 == "HSCSMYSQL" -o $1 == "AMSMYSQL" -o $1 == "WMSMYSQL" -o $1 == "ALMMYSQL" -o $1 == "MYSQL" ];then init ssh_server mysqlbackup_sshcopyid $MYSQLBACKUP mysql $1 #ssh_server else echo "输入参数错误,请输入:APP | NGINX | SLB | JENKINS | NoSql | HSCS-NOSQL | KAFKA | FASTDFS | SERVER | ERPMYSQL | AMSMYSQL | HSCSMYSQL | WMSMYSQL | ALMMYSQL" exit fi } #程序入口 main $1
安装配置redis
cat
HSCS-Init_Nosql.yml - name: init server #gather_facts: False remote_user: root hosts: Hscs-NoSql roles: - init - hscs-redis

安装配置mongodb及数据恢复
cat
roles/mongodb/tasks/main.yml - name: copy install package copy: src: "{{ item }}" dest: /root with_items: - mongodb-org-4.0.1-1.el7.x86_64.rpm - mongodb-org-server-4.0.1-1.el7.x86_64.rpm - mongodb-org-mongos-4.0.1-1.el7.x86_64.rpm - mongodb-org-shell-4.0.1-1.el7.x86_64.rpm - mongodb-org-tools-4.0.1-1.el7.x86_64.rpm - name: install mongod shell: yum localinstall -y /root/mongodb-* && rm -f /root/mongodb-* /etc/mongo* && rm -f /usr/lib/systemd/system/mongo* - name: copy mongo service && conf copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mongod19000.conf', dest: '/etc/', mode: '0644' } - { src: 'mongod19001.conf', dest: '/etc/', mode: '0644' } - { src: 'mongod19000.service', dest: '/usr/lib/systemd/system', mode: '0644' } - { src: 'mongod19001.service', dest: '/usr/lib/systemd/system', mode: '0644' } - name: mkdir dir file: path: "{{ item }}" state: directory with_items: - /var/run/mongodb19000 - /var/lib/mongo19000 - /var/log/mongodb19000 - /var/run/mongodb19001 - /var/lib/mongo19001 - /var/log/mongodb19001 - name: Unarchive a file that is already on the remote machine unarchive: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mongodb_71_19000_all.tar.gz', dest: '/var/lib/mongo19000', mode: '0755' } - { src: 'mongodb_71_19001_all.tar.gz', dest: '/var/lib/mongo19001', mode: '0755' } - name: daemon-reload shell: systemctl daemon-reload - name: systemctl start service: name: "{{ item }}" state: started enabled: yes with_items: - mongod19000 - mongod19001 - name: 19000 restore data shell: mongorestore -h 127.0.0.1:19000 -d "{{ item.name }}" "{{ item.path }}" with_items: - { name: 'workflow', path: '/var/lib/mongo19000/mongodb_71_19000_all/workflow' } - { name: 'risk_system', path: '/var/lib/mongo19000/mongodb_71_19000_all/risk_system' } - { name: 'admin', path: '/var/lib/mongo19000/mongodb_71_19000_all/admin' } - name: 19001 restore data shell: mongorestore -h 127.0.0.1:19001 -d "{{ item.name }}" "{{ item.path }}" with_items: - { name: 'tencent_qm_status', path: '/var/lib/mongo19001/mongodb_71_19001_all/tencent_qm_status' } - { name: 'lxzl_message', path: '/var/lib/mongo19001/mongodb_71_19001_all/lxzl_message' } - { name: 'admin', path: '/var/lib/mongo19001/mongodb_71_19001_all/admin' } - name: 19000 restore data shell: mongorestore -h 127.0.0.1:19000 -u '{{ item.user}}' -p '{{ item.password}}' -d "{{ item.name }}" "{{ item.path }}" with_items: - { user: 'workflow', password: 'workflow', name: 'workflow', path: '/var/lib/mongo19000/mongodb_71_19000_all/workflow' } - { user: 'risk_system', password: 'risk_system', name: 'risk_system', path: '/var/lib/mongo19000/mongodb_71_19000_all/risk_system' } - { user: 'root', password: 'lx_root*#2020', name: 'admin', path: '/var/lib/mongo19000/mongodb_71_19000_all/admin' } - name: 19001 restore data shell: mongorestore -h 127.0.0.1:19001 -u '{{ item.user}}' -p '{{ item.password}}' -d "{{ item.name }}" "{{ item.path }}" with_items: - { user: 'tencent_qm_status', password: 'tencent_qm_status', name: 'tencent_qm_status', path: '/var/lib/mongo19001/mongodb_71_19001_all/tencent_qm_status' } - { user: 'lxzl_message', password: 'lxzl_message', name: 'lxzl_message', path: '/var/lib/mongo19001/mongodb_71_19001_all/lxzl_message' } - { user: 'root', password: 'lx_root*#2020', name: 'admin', path: '/var/lib/mongo19001/mongodb_71_19001_all/admin' } shell: systemctl daemon-reload - name: systemctl start service: name: "{{ item }}" state: started enabled: yes with_items: - mongod19000 - mongod19001 - name: reboot shell: reboot
cat Init_Mysql.yml
- name: init server
  gather_facts: False
  remote_user: root
  hosts: Mysql
  vars:
    - key: 164  #主机变量,指定后续恢复那台mysql数据
  roles:
    - init
    - mysql
安装配置mysql及数据恢复
cat
roles/mysql/tasks/main.yml - name: copy mysql copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql-community-common-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' } - { src: 'mysql-community-libs-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' } - { src: 'mysql-community-libs-compat-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' } - { src: 'mysql-community-client-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' } - { src: 'mysql-community-server-5.7.11-1.el7.x86_64.rpm', dest: '/opt', mode: '0644' } #- name: stop mariadb # service: # name: mariadb # state: stopped - name: remove mariadb yum: name: mariadb state: absent - name: install mysql yum: name: "{{ packages }}" vars: packages: - /opt/mysql-community-common-5.7.11-1.el7.x86_64.rpm - /opt/mysql-community-libs-5.7.11-1.el7.x86_64.rpm - /opt/mysql-community-libs-compat-5.7.11-1.el7.x86_64.rpm - /opt/mysql-community-client-5.7.11-1.el7.x86_64.rpm - /opt/mysql-community-server-5.7.11-1.el7.x86_64.rpm - name: copy mysql config file copy: src='my.cnf' dest='/etc/' mode='0644' - name: start mysqld service: name: mysqld state: started enabled: yes - name: copy change password copy: src: "mysql.sh" dest: "/root" - name: chang root password shell: sh /root/mysql.sh - name: copy AMS file that is already on the remote machine copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql_84_db_lxzl_ams_admin.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_db_lxzl_ams.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_db_lxzl_ams_workflow.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_db_lxzl_nacos.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_db_lxzl_openapi.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_db_lxzl_rules_engine.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_84_mysql.sql.gz', dest: '/root', mode: '0644' } when: key == 84 - name: gzip backup file shell: cd /root && gzip -d {{ item }} with_items: - mysql_84_db_lxzl_ams_admin.sql.gz - mysql_84_db_lxzl_ams.sql.gz - mysql_84_db_lxzl_ams_workflow.sql.gz - mysql_84_db_lxzl_nacos.sql.gz - mysql_84_db_lxzl_openapi.sql.gz - mysql_84_db_lxzl_rules_engine.sql.gz - mysql_84_mysql.sql.gz when: key == 84 - name: copy ERP file that is already on the remote machine copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql_82_db_lxzl_app.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_bank_enterprise.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_bill.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_contract.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_coupon.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_datacenter.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_dingding.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_erp.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_file_gateway.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_message_gateway.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_oauth.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_payment_gateway.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_product.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_risk_system.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_sap_assets_modification.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_sms.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_worker.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_workflow.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_db_lxzl_zl_jd.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_82_mysql.sql.gz', dest: '/root', mode: '0644' } when: key == 82 - name: gzip backup file shell: cd /root && gzip -d {{ item }} with_items: - mysql_82_db_lxzl_app.sql.gz - mysql_82_db_lxzl_bank_enterprise.sql.gz - mysql_82_db_lxzl_bill.sql.gz - mysql_82_db_lxzl_contract.sql.gz - mysql_82_db_lxzl_coupon.sql.gz - mysql_82_db_lxzl_datacenter.sql.gz - mysql_82_db_lxzl_dingding.sql.gz - mysql_82_db_lxzl_erp.sql.gz - mysql_82_db_lxzl_file_gateway.sql.gz - mysql_82_db_lxzl_message_gateway.sql.gz - mysql_82_db_lxzl_oauth.sql.gz - mysql_82_db_lxzl_payment_gateway.sql.gz - mysql_82_db_lxzl_product.sql.gz - mysql_82_db_lxzl_risk_system.sql.gz - mysql_82_db_lxzl_sap_assets_modification.sql.gz - mysql_82_db_lxzl_sms.sql.gz - mysql_82_db_lxzl_worker.sql.gz - mysql_82_db_lxzl_workflow.sql.gz - mysql_82_db_lxzl_zl_jd.sql.gz - mysql_82_mysql.sql.gz when: key == 82 - name: copy HSCSMYSQL file that is already on the remote machine copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql_162_db_lxzl_hscs.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_162_mysql.sql.gz', dest: '/root', mode: '0644' } when: key == 162 - name: shell: cd root && gzip -d {{ item }} with_items: - mysql_162_db_lxzl_hscs.sql.gz - mysql_162_mysql.sql.gz when: key == 162 - name: copy WMSMYSQL file that is already on the remote machine copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql_164_db_lxzl_purchase.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_164_db_lxzl_sap.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_164_db_lxzl_wms.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_164_mysql.sql.gz', dest: '/root', mode: '0644' } when: key == 164 - name: shell: cd /root && gzip -d {{ item }} with_items: - mysql_164_db_lxzl_purchase.sql.gz - mysql_164_db_lxzl_sap.sql.gz - mysql_164_db_lxzl_wms.sql.gz - mysql_164_mysql.sql.gz when: key == 164 - name: copy ALMMYSQL file that is already on the remote machine copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - { src: 'mysql_166_halm_atn.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_mdm.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_mmt.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_mtc.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_open.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_platform.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_halm_ppm.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_file.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_governance.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_import.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_interface.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_message.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_platform.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_hzero_scheduler.sql.gz', dest: '/root', mode: '0644' } - { src: 'mysql_166_mysql.sql.gz', dest: '/root', mode: '0644' } when: key == 166 - name: shell: cd /root && gzip -d {{ item }} with_items: - mysql_166_halm_atn.sql.gz - mysql_166_halm_mdm.sql.gz - mysql_166_halm_mmt.sql.gz - mysql_166_halm_mtc.sql.gz - mysql_166_halm_open.sql.gz - mysql_166_halm_platform.sql.gz - mysql_166_halm_ppm.sql.gz - mysql_166_hzero_file.sql.gz - mysql_166_hzero_governance.sql.gz - mysql_166_hzero_import.sql.gz - mysql_166_hzero_interface.sql.gz - mysql_166_hzero_message.sql.gz - mysql_166_hzero_platform.sql.gz - mysql_166_hzero_scheduler.sql.gz - mysql_166_mysql.sql.gz when: key == 166 - name: DELETE GTID SQL shell: sed -i "/^SET\ \@\@GLOBAL.GTID_PURGED/,/^$/d" /root/*.sql - name: restore data shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }} with_items: - mysql_84_db_lxzl_ams_admin.sql - mysql_84_db_lxzl_ams.sql - mysql_84_db_lxzl_ams_workflow.sql - mysql_84_db_lxzl_nacos.sql - mysql_84_db_lxzl_openapi.sql - mysql_84_db_lxzl_rules_engine.sql - mysql_84_mysql.sql when: key == 84 - name: restore data shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }} with_items: - mysql_82_db_lxzl_app.sql - mysql_82_db_lxzl_bank_enterprise.sql - mysql_82_db_lxzl_bill.sql - mysql_82_db_lxzl_contract.sql - mysql_82_db_lxzl_coupon.sql - mysql_82_db_lxzl_datacenter.sql - mysql_82_db_lxzl_dingding.sql - mysql_82_db_lxzl_erp.sql - mysql_82_db_lxzl_file_gateway.sql - mysql_82_db_lxzl_message_gateway.sql - mysql_82_db_lxzl_oauth.sql - mysql_82_db_lxzl_payment_gateway.sql - mysql_82_db_lxzl_product.sql - mysql_82_db_lxzl_risk_system.sql - mysql_82_db_lxzl_sap_assets_modification.sql - mysql_82_db_lxzl_sms.sql - mysql_82_db_lxzl_worker.sql - mysql_82_db_lxzl_workflow.sql - mysql_82_db_lxzl_zl_jd.sql - mysql_82_mysql.sql when: key == 82 - name: restore data shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }} with_items: - mysql_162_db_lxzl_hscs.sql - mysql_162_mysql.sql when: key == 162 - name: restore data shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }} with_items: - mysql_164_db_lxzl_purchase.sql - mysql_164_db_lxzl_sap.sql - mysql_164_db_lxzl_wms.sql - mysql_164_mysql.sql when: key == 164 - name: restore data shell: cd /root && mysql -uroot -p'lx_root*#2020' < {{ item }} with_items: - mysql_166_halm_atn.sql - mysql_166_halm_mdm.sql - mysql_166_halm_mmt.sql - mysql_166_halm_mtc.sql - mysql_166_halm_open.sql - mysql_166_halm_platform.sql - mysql_166_halm_ppm.sql - mysql_166_hzero_file.sql - mysql_166_hzero_governance.sql - mysql_166_hzero_import.sql - mysql_166_hzero_interface.sql - mysql_166_hzero_message.sql - mysql_166_hzero_platform.sql - mysql_166_hzero_scheduler.sql - mysql_166_mysql.sql when: key == 166
服务器初始化
cat roles/init/tasks/main.yml
#修改ssh
- name: Modify ssh port 12580
  lineinfile:
      dest: /etc/ssh/{{ item }}
      regexp: '^Port 12580'
      insertafter: '#Port 22'
      line: 'Port 12580'

  with_items:
      - sshd_config
  tags:
      - sshport

- name: PermitRootLogin
  replace:
    path: /etc/ssh/sshd_config
    regexp: '#PermitRootLogin yes'
    replace: 'PermitRootLogin no'

- name: selinux
  shell: getenforce
  register: selinux

- name: set permissive
  shell: setenforce 0
  when: selinux == 'Enforcing'

#DNS
- name: add dns
  lineinfile:
    dest: /etc/resolv.conf
    line: 'nameserver 114.114.114.114'

- name: 关闭防火墙服务
  service:
    name: firewalld
    state: stopped
    enabled: no

#修改seliunx
- name: set selinux disabled
  replace:
    path: /etc/selinux/config
    regexp: '^SELINUX=enforcing'
    replace: 'SELINUX=disabled'

#修改root,lxops和jenkins密码
- name: create user
  user: name={{ item.user }} password={{ item.password | password_hash('sha512') }} state=present
  with_items:
   - { user: 'root', password: 'LXZLProSvr4ROOT*#2021' }
   - { user: 'lxops', password: 'LXZLProSvr4LXOPS*#0755' }
   - { user: 'jenkins', password: 'LXZLProSvr4JENKINS*#2021' }

#用户添加sudoer权限
- name: add sudo
  lineinfile:
    path: /etc/sudoers
    regexp: '{{ item.user }} ALL=(ALL)  NOPASSWD:ALL'
    insertafter: '^root'
    line: '{{ item.user }} ALL=(ALL)  NOPASSWD:ALL'
  with_items:
   - { user: 'lxops' }
   - { user: 'jenkins' }

#安装基础工具
- name: yum
  shell: yum install -y vim wget net-tools tcping bash-completion dos2unix lrzsz ntp ntpdate openssl openssl-devel pcre pcre-devel git  ntp ntpdate  zip zip-devel unzip bzip2 bzip2-devel epel-release

#定时清理垃圾文件
- name: clean
  shell: echo "10 * * * * /usr/bin/find /var/spool/clientmqueue/ -type f -mtime +7 | xargs rm -f > /dev/null 2>&1" >> /var/spool/cron/root

#判断是否已安装elrepo源
- name: register elrepo repo
  stat:
    path: "/etc/yum.repos.d/elrepo.repo"
  register: file_path

#- name: import key
#  shell: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

- name: yum install elrepo.repo
  shell: rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org && rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm 
  when: file_path.stat.exists == False

- name: ali yum
  shell: curl http://mirrors.aliyun.com/repo/Centos-7.repo > /etc/yum.repos.d/aliyum.repo

#安装epel
- name: epel repo
  stat:
     path: "/etc/yum.repos.d/epel.repo"
  register: file_path

- name: yum install epel.repo
  yum_repository:
    name: epel-release
    state: present
  when: file_path.stat.exists == False

#内核优化
#- name: register file
#  stat:
#    path: "/etc/security/limits.conf"
#  register: file_path
#
#- name:
#  file:
#    touch: touch /etc/security/limits.conf
#  when: file_path.stat.exists == False

- name:
  shell: rm -f /etc/security/limits.conf /etc/sysctl.conf  

- name: 
  copy: src=limits.conf dest=/etc/security/

- name: copy
  copy: src=sysctl.conf dest=/etc

 

所有代码
链接:https://pan.baidu.com/s/16uKXGI2D2xPEhTbY8xyyrA 
提取码:y2ed

 

posted @ 2022-06-27 15:43  MlxgzZ  阅读(137)  评论(0编辑  收藏  举报