1、ansible-playbook实现MySQL的二进制部署
受控主机的基于key登录不在脚本里;
受控主机的yum源不在脚本里;
脚本执行过程中有几次判断出现的告警无需在意,只是执行了判断,如果直接报错退出那就是有问题了。
---
- hosts: centos7-1
vars:
- mysqlfile: mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
- mysqlpath: mysql-5.7.35-linux-glibc2.12-x86_64
- mysqlversion: MySQL-5.7
- apppath: /usr/local
tasks:
- service:
name: firewalld
state: stopped
enabled: no
- shell: sed -r -i.bak 's/(^SELINUX=).*/\1permissive/g' /etc/selinux/config
- shell: setenforce 0
- yum: name="libaio,numactl-libs" state=present
- shell: id mysql
register: mysqlid
ignore_errors: true
- block:
- group: name=mysql gid=306 system=yes state=present
- user: name=mysql system=yes uid=306 group=mysql state=present home=/data/mysql shell=/bin/false
when: mysqlid.rc != 0
- shell: ls -1 /root/{{ mysqlfile }}
register: mysqllsinfo
ignore_errors: true
- get_url: url="http://mirrors.163.com/mysql/Downloads/{{mysqlversion}}/{{mysqlfile}}" dest=/root/
when: mysqllsinfo.rc != 0
- file: dest=/data/mysql state=directory owner=mysql group=mysql
- shell: ls -1 {{apppath}}/{{mysqlpath}}
register: checkmysqlpath
ignore_errors: true
- unarchive: src=/root/{{ mysqlfile }} dest={{apppath}} copy=no
when: checkmysqlpath.rc != 0
- file: dest={{ apppath }}/mysql src={{ apppath }}/{{ mysqlpath }} state=link
- file: dest={{apppath}}/mysql/ state=directory owner=root group=root recurse=yes
- file: dest="{{ item.name }}" state="{{ item.state }}"
loop:
- { name: '/etc/my.cnf', state: 'touch' }
- { name: '/etc/my.cnf.d', state: 'directory' }
- copy:
content: |
[mysqld]
datadir = /data/mysql
innodb_file_per_table = on
skip_name_resolve = on
[client]
!includedir /etc/my.cnf.d
dest: /etc/my.cnf
- shell: ls -1a /data/mysql
register: checkdatadirectory
- shell: rm -rf /data/mysql/*
when: checkdatadirectory["stdout_lines"] | length > 2
- shell: "{{apppath}}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql"
register: initsql
- debug:
msg: "mysql database initialize Successed!"
when: initsql.rc == 0
- shell: echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
- name: activate PATH_varia
shell: source /etc/profile.d/mysql.sh
- shell: echo $PATH
register: pathvari
- debug:
msg: "{{ pathvari.stdout }}"
- copy: src={{apppath}}/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes mode=u+x
- shell: chkconfig --add mysqld
- shell: chkconfig mysqld on
- shell: service mysqld start
image.png
2、Ansible playbook实现apache批量部署,并对不同主机提供以各自IP地址为内容的index.html
前提条件,基于key的ssh认证还是要提前配上:
[root@localhost ansible]# cat inventory
[localhost]
localhost
[websrv]
centos7-1
centos7-2
[root@localhost ansible]# cat templates/index.html.j2
This websrv's ip address is: {{ansible_eth0.ipv4.address}}
源码编译安装httpd 2.4.51,同时提供IP地址为内容的index.html设置的脚本
---
- hosts: all
vars:
- httpdfile: httpd-2.4.51
- aprfile: apr-1.7.0
- aprutilfile: apr-util-1.6.1
tasks:
- block:
- shell: ls -1 /root/
register: lsroot
ignore_errors: yes
- get_url: url="https://dlcdn.apache.org//httpd/{{httpdfile}}.tar.bz2" dest=/root/
when: "(httpdfile + '.tar.bz2') not in lsroot.stdout_lines"
- get_url: url="https://dlcdn.apache.org//apr/{{aprfile}}.tar.bz2" dest=/root/
when: "(aprfile + '.tar.bz2') not in lsroot.stdout_lines"
- get_url: url="https://dlcdn.apache.org//apr/{{aprutilfile}}.tar.bz2" dest=/root/
when: "(aprutilfile + '.tar.bz2') not in lsroot.stdout_lines"
when: "'localhost' in group_names"
- block:
- shell: setenforce 0
- service: name=firewalld state=stopped enabled=no
- replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1permissive" backup=yes
- yum: name="bzip2,gcc,make,pcre-devel,openssl-devel,expat-devel" state=latest
- file: dest=/data/httpd24 state=directory
- unarchive: src=/root/{{ item }} dest=/root/ copy=yes
loop:
- "{{httpdfile}}.tar.bz2"
- "{{aprfile}}.tar.bz2"
- "{{aprutilfile}}.tar.bz2"
- shell: mv /root/{{aprfile}} /root/{{httpdfile}}/srclib/apr
- shell: mv /root/{{aprutilfile}} /root/{{httpdfile}}/srclib/apr-util
- wait_for: path=/root/{{httpdfile}}/srclib/apr-util state=present
- wait_for: path=/root/{{httpdfile}}/srclib/apr state=present
- shell: chdir=/root/{{httpdfile}} ./configure --prefix=/data/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
- shell: chdir=/root/{{httpdfile}} make -j 2 && make install
register: configurehttpd
- fail: msg="httpd compilation failed!"
when: configurehttpd.rc != 0
- shell: id apache
register: apacheid
ignore_errors: true
- block:
- group: name=apache system=yes state=present
- user: name=apache system=yes group=apache state=present shell=/sbin/nologin
when: apacheid.rc != 0
- shell: ls -1 /data/httpd24/conf/httpd.conf
register: httpdconf
ignore_errors: yes
- fail: msg="File not found!"
when: httpdconf.rc != 0
- block:
- replace: path=/data/httpd24/conf/httpd.conf regexp="^(User).*" replace="\1 apache"
- replace: path=/data/httpd24/conf/httpd.conf regexp="^(Group).*" replace="\1 apache"
- shell: grep -iE "^user|^group" /data/httpd24/conf/httpd.conf
register: grepug
ignore_errors: true
- debug:
msg: "{{grepug.stdout}}"
- copy: content="PATH=/data/httpd24/bin:$PATH" dest=/etc/profile.d/httpd.sh
- name: activate PATH_varia
shell: source /etc/profile.d/httpd.sh
- shell: echo $PATH
register: pathvari
- debug:
msg: "{{ pathvari.stdout }}"
- name: insert httpd to mandb
lineinfile: path=/etc/man_db.conf insertafter='^MANDATORY_MANPATH' line='MANDATORY_MANPATH /data/httpd24/man'
- shell: mandb
- name: set auto start
lineinfile: path=/etc/rc.d/rc.local insertafter=EOF line="/data/httpd24/bin/apachectl start" mode=u+x
- file: dest=/usr/lib/systemd/system/httpd24.service state=touch force=yes
- copy:
content: |
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/data/httpd24/bin/apachectl start
#ExecStart=/data/httpd24/bin/httpd $OPTIONS -k start
ExecReload=/data/httpd24/bin/apachectl graceful
#ExecReload=/data/httpd24/bin/httpd $OPTIONS -k graceful
ExecStop=/data/httpd24/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
dest: /usr/lib/systemd/system/httpd24.service
- service: name=httpd24 state=started enabled=yes
tags: sstart
- block:
- replace: path=/data/httpd24/conf/httpd.conf regexp="^(DocumentRoot).*" replace="\1 "/var/www/html""
- lineinfile: path=/data/httpd24/conf/httpd.conf insertafter=EOF line="IncludeOptional conf.d/*.conf"
- file: path={{item}} state=directory recurse=yes
loop:
- /data/httpd24/conf.d
- /var/www/html
- file: path=/data/httpd24/conf.d/myhttp.conf state=touch
- copy:
content: |
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
dest: /data/httpd24/conf.d/myhttp.conf
- template:
src: index.html.j2
dest: /var/www/html/index.html
force: yes
- service: name=httpd24 state=restarted
tags: configblock
when: "'websrv' in group_names"
image.png
image.png
3、http的报文结构和状态码总结
HTTP分为请求报文和响应报文,请求报文格式如下:
image.png
开始行:承载了请求使用的Method,请求的URL和HTTP的版本号
Method方法常用的是GET、HEAD、POST,其他还有PUT、DELETE、TRACE、OPTIONS、CONNECT、PATCH,支持的Method与HTTP的协议版本有关,是一个逐步添加的过程;
URL:请求的PATH部分
版本:HTTP/版本号
首部行:包含多个键值对,客户端和服务器端都可以通过读取键值对获取信息,提供各种功能,如:Host提供的虚拟主机、Connection提供的会话保持、Cache-Control提供的缓存、以及Set-cookie和cookie为http提供状态化支持等
Entity Body:请求时附加的数据,如,通过post提交的用户名密码
image.png
响应头的格式和请求头一样,只是当中的字段不同。
开始行:包含HTTP/版本号、状态码和状态短语则是对当前请求资源结果的简单描述。
常用状态码如下:
200:成功,用户请求的资源:通过entity-body部分发送;
301:永久重定向,用户请求的资源需从报文头部中的Location指明的位置获取,且该位置需要客户端缓存下来;
302:临时重定向,客户端临时从Location位置请求资源
304:客户端请求的资源没有发生改变,客户端可以直接使用本地缓存的资源;
307:浏览器内部执行跳转;
401:需要用户提供用户名密码执行Basic验证
403:用户不具备请求该资源的权限
404:用户请求了一个不存在的页面
500:服务器内部错误
502:用户通过代理服务器访问网站时,代理服务器无法连接到后端真实服务器,代理服务器会响应502;
503:服务器无法处理请求,临时的服务器维护、过载或崩溃了;
504:代理服务器在规定的时间内没有收到服务器返回的信息,代理服务器认为超时,返回504;
首部行:和请求报文一样,以键值对方式由服务器发送给客户端;
Entity Body:通常包含用户请求的资源;
