任务:一键执行Rsync全网备份、NFS共享目录、sersync实时同步三个服务
ansible官网链接:https://docs.ansible.com/ansible/latest/modules/modules_by_category.html
需要安装的软件:
yum install -y tree vim wget bash-completion bash-completion-extras lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils
有些繁琐,欢迎提出问题。
一、守护进程+全网备份
在完成一键批量执行服务前要保证SSH远程连接服务秘钥分发成功
1.配置ansible主机列表
1.书写分发秘钥脚本保证SSH远程连接服务
2.修改邮件配置文件并推送到backup服务器
3.m01批量管理机本地创建客户端全网备份的脚本
4.m01批量管理机本地创建服务端发送邮件的脚本
5.m01批量管理机本地创建剧本执行 先保证客户端nfs01 web01 web02与服务端backup保证守护进程模式,再进行全网备份。
添加主机列表到/etc/ansible/hosts
[02:15 root@m01 ~]# vim /etc/ansible/hosts
[oldboy]
172.16.1.7
172.16.1.8
172.16.1.31
[web]
172.16.1.7
172.16.1.8
[nfs]
172.16.1.31
[backup]
172.16.1.41
1.本地创建分发秘钥脚本并执行
[21:49 root@m01 /etc/ansible]# vim /server/scripts/fenfa_pub.sh
#!/bin/bash
#make key pair
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
#fenfa public key
for ip in 7 8 41 31
do
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
done
#ansible
ansible all -m shell -a "hostname"
2.修改rsync.conf配置文件
[21:51 root@m01 /etc/ansible]# cat /etc/ansible/file/rsyncd.conf
##Rsync server
##created by oldboy 15:01 2009-6-5
##rsyncd.conf start##
uid = rsync
gid = rsync
use chroot = no
fake super = yes
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = www by old0boy 13:14 2019-5-20
path = /data
#####################################
[backup]
comment = www by old0boy 13:14 2019-5-20
path = /backup
#####################################
[nfsbackup]
comment = www by old0boy 13:14 2019-5-20
path = /nfsbackup
3.创建客户端端脚本:
[21:52 root@m01 /etc/ansible]# cat /server/scripts/rsync_backup.sh
#!/bin/bash
. /etc/profile
#定义变量
IP=$(hostname -I|awk '{print $2}')
HOSTNAME=$(hostname)
#创建目录
mkdir -p /backup/$IP
#打包备份系统配置文件
tar zcf /backup/$IP/`date +%F-%w`.tar.gz /var/spool/cron/root /var/l
og/messages /var/log/cron /var/log/rsyncd.log /etc/rc.local /etc/fst
ab /etc/hosts /server/scripts
#md5校验信息
find /backup/ -type f -name "*.tar.gz"|xargs md5sum >/backup/$IP/$HOSTNAME.md5
#保留7天内的备份
find /backup/ -type f -mtime +7 -name "*.tar.gz"|xargs rm -rf
#推送到备份服务器
rsync -avz /backup/ rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
4.创建服务端发送邮件的脚本
[22:04 root@m01 /etc/ansible]# vim /server/scripts/backup.sh
#!/bin/bash
. /etc/profile
#校验md5信息
find /backup/ -type f -name "*.md5"|xargs md5sum -c >/backup/md5.txt
#删除180天前的并保留每周六的
find /backup/ -type f -name "*.tar.gz" ! -name "*-6.tar.gz" -mtime +180|xargs rm -rf
#发送邮件
mail -s " Rsync Backup 完成 该下班拉" 245684979@qq.com </backup/md5.txt
5.在backup服务端安装mailx软件
然后在邮箱配置文件/etc/mail.rc追加此邮箱配置
把此文件推送到backup服务器上,覆盖源文件
[22:05 root@m01 /etc/ansible]#ansible backup -m yum -a 'name=mailx state=present' \\安装邮箱
[22:05 root@m01 /etc/ansible]# cat >>/etc/mail.rc <<EOF \\追加配置内容
> set from=lichenxing0430@163.com
> set smtp=smtp.163.com
> set smtp-auth=login
> set smtp=auth-user=lichenxing0430
> set smtp-auth-password=\\密码
> set smtp-auth=login
> EOF
playbook-剧本一键批量部署—Rsync全网备份流程图.jpg
6.本地创建剧本文件rsync_backup.yml进行全网配置
[02:56 root@m01 /etc/ansible]# vim rsync_backup.yml
1 #搭建守护进程模式backup服务端
2 ---
3 - hosts: backup
4 tasks:
5
6 - name: rsyncd.conf
7 copy:
8 src: /etc/ansible/file/rsyncd.conf
9 dest: /etc/rsyncd.conf
10 force: yes
11 - name: useradd rsync
12 user:
13 name: rsync
14 shell: /sbin/nologin
15 create_home: no
16
17 - name: mkdir /backup
18 file:
19 path: /backup
20 state: directory
21 owner: rsync
22 group: rsync
23
24 - name: touch password chmod 600
25 file:
26 path: /etc/rsync.password
27 state: touch
28 mode: 600
29
30 - name: content password
31 copy:
32 dest: /etc/rsync.password
33 content: rsync_backup:123456
34
35 - name: restart rsyncd
36 service:
37 name: rsyncd.service
38 state: restarted
39 enabled: yes
40
41 #nfs01 web01 web02 客户端守护进程
42
43 - hosts: oldboy
44 tasks:
45
46 - name: touch password chmod 600
47 file:
48 path: /etc/rsync.password
49 state: touch
50 mode: 600
51 - name: content password
52 copy:
53 dest: /etc/rsync.password
54 content: 123456
55
56 - name: copy rsync_backup
57 copy:
58 src: /server/scripts/rsync_backup.sh
59 dest: /server/scripts/
60
61 ##客户端定时任务 每天凌晨0点执行备份推送到服务端
62
63 - name: cron backup
64 cron:
65 name: rsync_backup
66 minute: 00
67 hour: 00
68 job: sh /server/scripts/rsync_backup.sh >/dev/null 2>&1
69 state: present
70
71 ##服务端定时任务 将备份校验信息发送mail
72
73 - hosts: backup
74 tasks:
75
76 - name: yum mailx
77 yum:
78 name: mailx
79 state: present
80
81 - name: copy rsync_backup
82 copy:
83 src: /server/scripts/backup.sh
84 dest: /server/scripts/
85
86 - name: copy mail.rc
87 copy:
88 src: /etc/mail.rc
89 dest: /etc/mail.rc
90 force: yes
91 - name: mail-cron
92 cron:
93 name: set mail
94 minute: 01
95 hour: 00
96 job: sh /server/scripts/backup.sh >/dev/null 2>&1
97 state: present
7.先检查剧本后再完成推送
可以在剧本中定时任务改为每分钟,单个拿出模块测试一下是否能备份,是否可以收到邮件。
--start-at-task=模块名 指定任务执行
ansible-playbook rsync_backup.yml --start-at-task="mail-cron" 检查剧本
※二、批量部署nfs服务(服务端 客户端)
1.书写分发秘钥脚本保证SSH远程连接服务
5.本地创建剧本执行nfs网络文件系统服务
1.本地创建分发秘钥脚本并执行
如果已经批量分发过秘钥,此步不需要执行
[03:00 root@m01 /etc/ansible]# vim /server/scripts/fenfa_pub.sh
#!/bin/bash
#make key pair
ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ''
#fenfa public key
for ip in 7 8 41 31
do
sshpass -p123456 ssh-copy-id -o StrictHostKeyChecking=no 172.16.1.$ip
done
#ansible
ansible all -m shell -a "hostname"
playbook-剧本一键批量部署—NFS存储服务流程图.jpg
2.本地创建剧本文件nfs.yml进行全网配置
[03:02 root@m01 /etc/ansible]# vim nfs.yml
1 #nfs服务端配置-安装软件-配置/etc/exports权限-创建共享目录-重启服务
2 ---
3 #安装软件
4 - hosts: nfs web
5 tasks:
6
7 - name: yum rpcbind nfs-utils
8 yum:
9 name: rpcbind
10 name: nfs-utils
11 state: present
12
13 #nfs服务端
14
15 - hosts: nfs
16 tasks:
17
18 - name: configure nfs
19 shell: echo '/nfs 172.16.1.0/24(rw,all_squash)' >>/etc/exports
20
21 - name: mkdir chown /nfs
22 file:
23 path: /nfs
24 owner: nfsnobody
25 group: nfsnobody
26 state: directory
27
28 - name: start && enable rpcbind
29 service:
30 name: rpcbind
31 state: restarted
32 enabled: yes
33
34 - name: reloaded nfs
35 service:
36 name: nfs.service
37 state: reloaded
38 enabled: yes
39
40
41 #web客户端配置-创建挂载目录-安装nfs-挂载nfs共享目录到/upload
42 - hosts: web
43 tasks:
44
45 - name: mkdir /upload
46 file:
47 path: /upload
48 state: directory
49
50 - name: mount
51 mount:
52 fstype: nfs
53 src: 172.16.1.31:/nfs
54 path: /upload
55 state: mounted
3.7.先检查剧本后再完成推送
ansible-playbook -C nfs.yml 检查剧本
※三、批量部署sersync
ansible-playbook -C sersync.yml 检查剧本
剧本可能会有很多瑕疵,欢迎补充。
playbook-剧本一键批量部署—sersync实时同步思路图 .jpg
[03:05 root@m01 /etc/ansible]# vim sersync.yml
1 ##sersync实时同步服务
2 ---
3 #服务端配置:
4
5 - hosts: backup
6 tasks:
7
8 - name: gourpadd rsync
9 group:
10 name: rsync
11 state: present
12
13 - name: useradd rsync
14 user:
15 name: rsync
16 shell: /sbin/nologin
17 create_home: no
18
19 - name: copy rsyncd.conf
20 copy:
21 src: /etc/ansible/file/rsyncd.conf
22 dest: /etc/rsyncd.conf
23
24 - name: mkdir nfsbackup
25 file:
26 path: /nfsbackup
27 state: directory
28 owner: rsync
29 group: rsync
30
31 - name: mkdir password chmod 600
32 file:
33 path: /etc/rsync.password
34 state: touch
35 mode: 600
36
37 - name: content password
38 copy:
39 dest: /etc/rsync.password
40 content: rsync_backup:123456
41
42 #客户端配置:
43
44 - hosts: nfs
45 tasks:
46
47 - name: rsyncd restart && enable
48 service:
49 name: rsyncd
50 state: restarted
51 enabled: yes
52
53 - name: mkdir server/scripts && tools &&
54 file:
55 path: '{{ item }}'
56 state: directory
57 with_items:
58 - /server/scripts
59 - /server/tools
60
61 - name: copy sercync.zip
62 copy:
63 src: /server/tools/sersync_installdir_64bit.zip
64 dest: /server/tools/
65
66 - name: unzip
67 unarchive:
68 src: /server/tools/sersync_installdir_64bit.zip
69 copy: no
70 dest: /server/tools/
71 - name: mkdir app
72 file:
73 path: /app
74 state: directory
75
76 - name: cp sersync /app/
77 shell: cp -a /server/tools/sersync_installdir_64bit/sersync /app/
78
79 - name: chmod +x
80 file:
81 path: /app/sersync/bin/sersync
82 mode: 755
83
84 - name: link sersync
85 file:
86 src: /app/sersync/bin/sersync
87 path: /sbin/sersync
88 state: link
89 force: yes
90
91 - name: copy confxml.xml
92 copy:
93 src: /etc/ansible/file/confxml.xml
94 dest: /app/sersync/conf/
95 backup: yes
96
97 - name: touch password chmod 600
98 file:
99 path: /etc/rsync.password
100 state: touch
101 mode: 600
102
103 - name: content password
104 copy:
105 dest: /etc/rsync.password
106 content: 123456
107
108 - name: mkdir /upload
109 file:
110 path: /upload
111 state: directory
112 owner: nfsnobody
113 group: nfsnobody
114
115 - name: shell sersync
116 shell: sersync -rd -o /app/sersync/conf/confxml.xml
117
118 - name: /etc/rc.d/rc.local
119 shell: echo "sersync -rd -o /app/sersync/conf/confxml.xml" >>/etc/rc.d/rc.local
检查一下
客户端
[03:06 root@nfs01 ~]# touch /upload/lcx{01..5}.txt
[03:06 root@nfs01 ~]# ll /upload/
total 0
-rw-r--r-- 1 root root 0 Jun 1 03:06
lcx01.txt
-rw-r--r-- 1 root root 0 Jun 1 03:06 lcx02.txt
-rw-r--r-- 1 root root 0 Jun 1 03:06 lcx03.txt
-rw-r--r-- 1 root root 0 Jun 1 03:06 lcx04.txt
-rw-r--r-- 1 root root 0 Jun 1 03:06 lcx05.txt
服务端
[03:06 root@backup ~]# ll /nfsbackup/
total 0
-rw-r--r-- 1 rsync rsync 0 Jun 1 03:06 lcx01.txt
-rw-r--r-- 1 rsync rsync 0 Jun 1 03:06 lcx02.txt
-rw-r--r-- 1 rsync rsync 0 Jun 1 03:06 lcx03.txt
-rw-r--r-- 1 rsync rsync 0 Jun 1 03:06 lcx04.txt
-rw-r--r-- 1 rsync rsync 0 Jun 1 03:06 lcx05.txt
大功告成
把rsync全网备份服务 nfs网络文件共享服务 sersync实时同步服务都放到一个脚本中执行
把SSH远程分发秘钥写到脚本中
[03:07 root@m01 /etc/ansible]# vim /server/scripts/one.sh
#!/bin/bash
. /etc/profile
sh /server/scripts/fenfa_pub.sh
ansible-playbook /etc/ansible/rsync_backup.yml
ansible-playbook /etc/ansible/nfs.yml
ansible-playbook /etc/ansible/sersync.yml
克隆四台全新的虚拟机测试一下吧:
web01 web02 nfs01 backup
修改主机名 IP地址 做基础优化 关闭防火墙
这种一条走到头的感觉非常爽,有种上厕所的通畅感,终于搞定了!
[03:17 root@m01 /etc/ansible]# sh /server/scripts/one.sh
Generating public/private dsa key pair.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:Jl7LZ3tPlY2k/WnwjPpaRQcjFwoBecUGCAtiynKARCU root@m01
The key's randomart image is:
+---[DSA 1024]----+
|=E+.. ...++=o =. |
|o+.. . .o ..o+ o |
|o.. . . .. ...|
|.. +..+|
| . S ..ooo|
| . = . *o.|
| . o o o.=.|
| o .+.. |
| .+oo. |
+----[SHA256]-----+
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.1.7'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.1.8'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.1.41'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -o 'StrictHostKeyChecking=no' '172.16.1.31'"
and check to make sure that only the key(s) you wanted were added.
172.16.1.7 | CHANGED | rc=0 >>
web01
172.16.1.31 | CHANGED | rc=0 >>
nfs01
172.16.1.41 | CHANGED | rc=0 >>
backup
172.16.1.8 | CHANGED | rc=0 >>
web02
PLAY [backup] ************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.41]
TASK [rsync.conf] ********************************************************************
ok: [172.16.1.41]
TASK [useradd rsync] *****************************************************************
ok: [172.16.1.41]
TASK [mkdir /backup] *****************************************************************
ok: [172.16.1.41]
TASK [touch password chmod 600] ******************************************************
changed: [172.16.1.41]
TASK [content password] **************************************************************
ok: [172.16.1.41]
TASK [restart rsyncd] ****************************************************************
changed: [172.16.1.41]
PLAY [oldboy] ************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.7]
ok: [172.16.1.31]
ok: [172.16.1.8]
TASK [touch password chmod 600] ******************************************************
changed: [172.16.1.7]
changed: [172.16.1.8]
changed: [172.16.1.31]
TASK [content password] **************************************************************
ok: [172.16.1.7]
ok: [172.16.1.8]
ok: [172.16.1.31]
TASK [copy rsync_backup] *************************************************************
ok: [172.16.1.7]
ok: [172.16.1.8]
ok: [172.16.1.31]
TASK [cron backup] *******************************************************************
[WARNING]: The value 0 (type int) in a string field was converted to u'0' (type
string). If this does not look like what you expect, quote the entire value to ensure
it does not change.
ok: [172.16.1.31]
ok: [172.16.1.8]
ok: [172.16.1.7]
PLAY [backup] ************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.41]
TASK [yum mailx] *********************************************************************
ok: [172.16.1.41]
TASK [copy rsync_backup] *************************************************************
ok: [172.16.1.41]
TASK [copy mail.rc] ******************************************************************
ok: [172.16.1.41]
TASK [mail-cron] *********************************************************************
[WARNING]: The value 1 (type int) in a string field was converted to u'1' (type
string). If this does not look like what you expect, quote the entire value to ensure
it does not change.
ok: [172.16.1.41]
TASK [crontab] ***********************************************************************
changed: [172.16.1.41]
PLAY RECAP ***************************************************************************
172.16.1.31 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.41 : ok=13 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.7 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.8 : ok=5 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[WARNING]: While constructing a mapping from /etc/ansible/nfs.yml, line 9, column 9,
found a duplicate dict key (name). Using last defined value only.
PLAY [nfs web] ***********************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.7]
ok: [172.16.1.31]
ok: [172.16.1.8]
TASK [yum rpcbind nfs-utils] *********************************************************
ok: [172.16.1.8]
ok: [172.16.1.31]
ok: [172.16.1.7]
PLAY [nfs] ***************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.31]
TASK [configure nfs] *****************************************************************
changed: [172.16.1.31]
TASK [mkdir chown /nfs] **************************************************************
ok: [172.16.1.31]
TASK [start && enable rpcbind] *******************************************************
changed: [172.16.1.31]
TASK [reloaded nfs] ******************************************************************
changed: [172.16.1.31]
PLAY [web] ***************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.7]
ok: [172.16.1.8]
TASK [mkdir /upload] *****************************************************************
ok: [172.16.1.7]
ok: [172.16.1.8]
TASK [mount] *************************************************************************
ok: [172.16.1.8]
ok: [172.16.1.7]
PLAY RECAP ***************************************************************************
172.16.1.31 : ok=7 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.7 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.8 : ok=5 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
PLAY [backup] ************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.41]
TASK [gourpadd rsync] ****************************************************************
ok: [172.16.1.41]
TASK [useradd rsync] *****************************************************************
ok: [172.16.1.41]
TASK [copy rsyncd.conf] **************************************************************
ok: [172.16.1.41]
TASK [mkdir nfsbackup] ***************************************************************
ok: [172.16.1.41]
TASK [mkdir password chmod 600] ******************************************************
changed: [172.16.1.41]
TASK [content password] **************************************************************
ok: [172.16.1.41]
PLAY [nfs] ***************************************************************************
TASK [Gathering Facts] ***************************************************************
ok: [172.16.1.31]
TASK [rsyncd restart && enable] ******************************************************
changed: [172.16.1.31]
TASK [mkdir server/scripts && tools &&] **********************************************
ok: [172.16.1.31] => (item=/server/scripts)
ok: [172.16.1.31] => (item=/server/tools)
TASK [copy sercync.zip] **************************************************************
ok: [172.16.1.31]
TASK [unzip] *************************************************************************
ok: [172.16.1.31]
TASK [mkdir app] *********************************************************************
changed: [172.16.1.31]
TASK [mv sersync /app/] **************************************************************
changed: [172.16.1.31]
TASK [chmod +x] **********************************************************************
changed: [172.16.1.31]
TASK [link sersync] ******************************************************************
ok: [172.16.1.31]
TASK [copy confxml.xml] **************************************************************
changed: [172.16.1.31]
TASK [touch password chmod 600] ******************************************************
changed: [172.16.1.31]
TASK [content password] **************************************************************
ok: [172.16.1.31]
TASK [mkdir /upload] *****************************************************************
ok: [172.16.1.31]
TASK [shell sersync] *****************************************************************
changed: [172.16.1.31]
TASK [/etc/rc.d/rc.local] ************************************************************
changed: [172.16.1.31]
PLAY RECAP ***************************************************************************
172.16.1.31 : ok=15 changed=8 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.1.41 : ok=7 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[03:18 root@m01 /etc/ansible]#
未完待续...
