1冬阳、ansible-playbook實現(xiàn)MySQL的二進制部署

受控主機的基于key登錄不在腳本里；
受控主機的yum源不在腳本里约急；
腳本執(zhí)行過程中有幾次判斷出現(xiàn)的告警無需在意启昧，只是執(zhí)行了判斷，如果直接報錯退出那就是有問題了疆柔。

---
- hosts: centos7-1
  vars:
    - mysqlfile: mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
    - mysqlpath: mysql-5.7.35-linux-glibc2.12-x86_64
    - mysqlversion: MySQL-5.7
    - apppath: /usr/local
  tasks:
    - service:
        name: firewalld
        state: stopped
        enabled: no
    - shell: sed -r -i.bak 's/(^SELINUX=).*/\1permissive/g' /etc/selinux/config
    - shell: setenforce 0
    - yum: name="libaio,numactl-libs" state=present
    - shell: id mysql
      register: mysqlid
      ignore_errors: true
    - block:
        - group: name=mysql gid=306 system=yes state=present
        - user: name=mysql system=yes uid=306 group=mysql state=present home=/data/mysql shell=/bin/false
      when: mysqlid.rc != 0
    - shell: ls -1 /root/{{ mysqlfile }}
      register: mysqllsinfo
      ignore_errors: true
    - get_url: url="http://mirrors.163.com/mysql/Downloads/{{mysqlversion}}/{{mysqlfile}}" dest=/root/
      when: mysqllsinfo.rc != 0
    - file: dest=/data/mysql state=directory owner=mysql group=mysql
    - shell: ls -1 {{apppath}}/{{mysqlpath}}
      register: checkmysqlpath
      ignore_errors: true
    - unarchive: src=/root/{{ mysqlfile }} dest={{apppath}} copy=no
      when: checkmysqlpath.rc != 0
    - file: dest={{ apppath }}/mysql src={{ apppath }}/{{ mysqlpath }} state=link
    - file: dest={{apppath}}/mysql/ state=directory owner=root group=root recurse=yes
    - file: dest="{{ item.name }}" state="{{ item.state }}"
      loop:
        - { name: '/etc/my.cnf', state: 'touch' }
        - { name: '/etc/my.cnf.d', state: 'directory' }
    - copy:
        content: |
          [mysqld]
          datadir = /data/mysql
          innodb_file_per_table = on
          skip_name_resolve = on 

          [client]
                         
          !includedir /etc/my.cnf.d
        dest: /etc/my.cnf
    - shell: ls -1a /data/mysql
      register: checkdatadirectory
    - shell: rm -rf /data/mysql/*
      when: checkdatadirectory["stdout_lines"] | length > 2
    - shell: "{{apppath}}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/data/mysql"
      register: initsql
    - debug:
        msg: "mysql database initialize Successed!"
      when: initsql.rc == 0
    - shell: echo 'PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
    - name: activate PATH_varia 
      shell: source /etc/profile.d/mysql.sh
    - shell: echo $PATH
      register: pathvari
    - debug:
        msg: "{{ pathvari.stdout }}"
    - copy: src={{apppath}}/mysql/support-files/mysql.server dest=/etc/init.d/mysqld remote_src=yes mode=u+x
    - shell: chkconfig --add mysqld
    - shell: chkconfig mysqld on
    - shell: service mysqld start

image.png

2咒精、Ansible playbook實現(xiàn)apache批量部署,并對不同主機提供以各自IP地址為內(nèi)容的index.html

前提條件，基于key的ssh認證還是要提前配上：

[root@localhost ansible]# cat inventory
[localhost]
localhost

[websrv]
centos7-1
centos7-2

[root@localhost ansible]# cat templates/index.html.j2 
This websrv's ip address is: {{ansible_eth0.ipv4.address}}

源碼編譯安裝httpd 2.4.51旷档，同時提供IP地址為內(nèi)容的index.html設(shè)置的腳本

---
- hosts: all
  vars:
    - httpdfile: httpd-2.4.51
    - aprfile: apr-1.7.0
    - aprutilfile: apr-util-1.6.1
  tasks:
    - block:
        - shell: ls -1 /root/
          register: lsroot
          ignore_errors: yes
        - get_url: url="https://dlcdn.apache.org//httpd/{{httpdfile}}.tar.bz2" dest=/root/
          when: "(httpdfile + '.tar.bz2') not in lsroot.stdout_lines"
        - get_url: url="https://dlcdn.apache.org//apr/{{aprfile}}.tar.bz2" dest=/root/
          when: "(aprfile + '.tar.bz2') not in lsroot.stdout_lines"
        - get_url: url="https://dlcdn.apache.org//apr/{{aprutilfile}}.tar.bz2" dest=/root/
          when: "(aprutilfile + '.tar.bz2') not in lsroot.stdout_lines"
      when: "'localhost' in group_names"
    - block:
        - shell: setenforce 0
        - service: name=firewalld state=stopped enabled=no
        - replace: path=/etc/selinux/config regexp="^(SELINUX=).*" replace="\1permissive" backup=yes
        - yum: name="bzip2,gcc,make,pcre-devel,openssl-devel,expat-devel" state=latest
        - file: dest=/data/httpd24 state=directory
        - unarchive: src=/root/{{ item }} dest=/root/ copy=yes
          loop:
            - "{{httpdfile}}.tar.bz2"
            - "{{aprfile}}.tar.bz2"
            - "{{aprutilfile}}.tar.bz2"
        - shell: mv /root/{{aprfile}} /root/{{httpdfile}}/srclib/apr
        - shell: mv /root/{{aprutilfile}} /root/{{httpdfile}}/srclib/apr-util
        - wait_for: path=/root/{{httpdfile}}/srclib/apr-util state=present
        - wait_for: path=/root/{{httpdfile}}/srclib/apr state=present
        - shell: chdir=/root/{{httpdfile}} ./configure --prefix=/data/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
        - shell: chdir=/root/{{httpdfile}} make -j 2 && make install
          register: configurehttpd
        - fail: msg="httpd compilation failed!"
          when: configurehttpd.rc != 0
        - shell: id apache
          register: apacheid
          ignore_errors: true
        - block:
            - group: name=apache system=yes state=present
            - user: name=apache system=yes group=apache state=present shell=/sbin/nologin
          when: apacheid.rc != 0
        - shell: ls -1 /data/httpd24/conf/httpd.conf
          register: httpdconf
          ignore_errors: yes
        - fail: msg="File not found!"
          when: httpdconf.rc != 0
        - block:
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(User).*" replace="\1  apache"
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(Group).*" replace="\1  apache"
        - shell: grep -iE "^user|^group" /data/httpd24/conf/httpd.conf
          register: grepug
          ignore_errors: true
        - debug:
            msg: "{{grepug.stdout}}"
        - copy: content="PATH=/data/httpd24/bin:$PATH" dest=/etc/profile.d/httpd.sh
        - name: activate PATH_varia 
          shell: source /etc/profile.d/httpd.sh
        - shell: echo $PATH
          register: pathvari
        - debug:
            msg: "{{ pathvari.stdout }}"
        - name: insert httpd to mandb
          lineinfile: path=/etc/man_db.conf insertafter='^MANDATORY_MANPATH' line='MANDATORY_MANPATH           /data/httpd24/man'
        - shell: mandb
        - name: set auto start
          lineinfile: path=/etc/rc.d/rc.local insertafter=EOF line="/data/httpd24/bin/apachectl start" mode=u+x
        - file: dest=/usr/lib/systemd/system/httpd24.service state=touch force=yes
        - copy: 
            content: |
              [Unit]
              Description=The Apache HTTP Server
              After=network.target remote-fs.target nss-lookup.target
              Documentation=man:httpd(8)
              Documentation=man:apachectl(8)
              [Service]
              Type=forking
              #EnvironmentFile=/etc/sysconfig/httpd
              ExecStart=/data/httpd24/bin/apachectl start
              #ExecStart=/data/httpd24/bin/httpd $OPTIONS -k start
              ExecReload=/data/httpd24/bin/apachectl graceful
              #ExecReload=/data/httpd24/bin/httpd $OPTIONS -k graceful
              ExecStop=/data/httpd24/bin/apachectl stop
              KillSignal=SIGCONT
              PrivateTmp=true
              [Install]
              WantedBy=multi-user.target
            dest: /usr/lib/systemd/system/httpd24.service
        - service: name=httpd24 state=started enabled=yes
          tags: sstart
        - block:
            - replace: path=/data/httpd24/conf/httpd.conf regexp="^(DocumentRoot).*" replace="\1 "/var/www/html""
            - lineinfile: path=/data/httpd24/conf/httpd.conf insertafter=EOF line="IncludeOptional conf.d/*.conf"
            - file: path={{item}} state=directory recurse=yes
              loop:
                - /data/httpd24/conf.d
                - /var/www/html
            - file: path=/data/httpd24/conf.d/myhttp.conf state=touch
            - copy: 
                content: |
                  <Directory "/var/www/html">
                  AllowOverride None
                  Require all granted
                  </Directory>
                dest: /data/httpd24/conf.d/myhttp.conf
            - template:
                src: index.html.j2
                dest: /var/www/html/index.html
                force: yes
            - service: name=httpd24 state=restarted
          tags: configblock
      when: "'websrv' in group_names"

image.png

image.png

3模叙、http的報文結(jié)構(gòu)和狀態(tài)碼總結(jié)

HTTP分為請求報文和響應(yīng)報文，請求報文格式如下：

image.png

開始行：承載了請求使用的Method鞋屈，請求的URL和HTTP的版本號

• Method方法常用的是GET范咨、HEAD故觅、POST，其他還有PUT渠啊、DELETE输吏、TRACE、OPTIONS替蛉、CONNECT贯溅、PATCH，支持的Method與HTTP的協(xié)議版本有關(guān)灭返，是一個逐步添加的過程盗迟；

• URL：請求的PATH部分

• 版本：HTTP/版本號

首部行：包含多個鍵值對，客戶端和服務(wù)器端都可以通過讀取鍵值對獲取信息熙含，提供各種功能罚缕，如：Host提供的虛擬主機、Connection提供的會話保持怎静、Cache-Control提供的緩存邮弹、以及Set-cookie和cookie為http提供狀態(tài)化支持等

Entity Body：請求時附加的數(shù)據(jù)，如蚓聘，通過post提交的用戶名密碼

image.png

響應(yīng)頭的格式和請求頭一樣腌乡，只是當中的字段不同。

開始行：包含HTTP/版本號夜牡、狀態(tài)碼和狀態(tài)短語則是對當前請求資源結(jié)果的簡單描述与纽。

常用狀態(tài)碼如下：

200：成功，用戶請求的資源:通過entity-body部分發(fā)送塘装；
301：永久重定向急迂，用戶請求的資源需從報文頭部中的Location指明的位置獲取，且該位置需要客戶端緩存下來蹦肴；
302：臨時重定向僚碎，客戶端臨時從Location位置請求資源
304：客戶端請求的資源沒有發(fā)生改變，客戶端可以直接使用本地緩存的資源阴幌；
307：瀏覽器內(nèi)部執(zhí)行跳轉(zhuǎn)勺阐；
401：需要用戶提供用戶名密碼執(zhí)行Basic驗證
403：用戶不具備請求該資源的權(quán)限
404：用戶請求了一個不存在的頁面
500：服務(wù)器內(nèi)部錯誤
502：用戶通過代理服務(wù)器訪問網(wǎng)站時，代理服務(wù)器無法連接到后端真實服務(wù)器矛双，代理服務(wù)器會響應(yīng)502渊抽；
503：服務(wù)器無法處理請求，臨時的服務(wù)器維護议忽、過載或崩潰了腰吟；
504：代理服務(wù)器在規(guī)定的時間內(nèi)沒有收到服務(wù)器返回的信息，代理服務(wù)器認為超時，返回504毛雇；

首部行：和請求報文一樣，以鍵值對方式由服務(wù)器發(fā)送給客戶端侦镇；

Entity Body：通常包含用戶請求的資源灵疮；