重置 confluence 管理员密码

1. 在数据库中查看管理员ID

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

   MariaDB [test_confluence]> select * from cwd_user where id\G; *************************** 1. row *************************** id: 458753 user_name: liu_p ... .... credential: {PKCS5S2}VaATUfyNnO5tOglFJN9C8Hqi1UVKA3GTr5zBddT0BnVMTpgNtlP7ciJfdWgERjiz 1 row in set (0.00 sec) MariaDB [test_confluence]> select u.id, u.user_name, u.active from cwd_user u join cwd_membership m on u.id=m.child_user_id join cwd_group g on m.parent_id=g.id join cwd_directory d on d.id=g.directory_id where g.group_name = 'confluence-administrators' and d.directory_name='Confluence Internal Directory'; +--------+-----------+--------+ | id | user_name | active | +--------+-----------+--------+ | 458753 | liu_p | T | +--------+-----------+--------+ 1 row in set (0.00 sec)

2. 重置密码,默认为”Ab123456”

   1	MariaDB [test_confluence]> update cwd_user set credential = '{PKCS5S2}ltrb9LlmZ0QDCJvktxd45WgYLOgPt2XTV8X7av2p0mhPvIwofs9bHYVz2OXQ6/kF' where id=458753;

jira SSL设置

1. 停止服务

   1 2 3

   [root@jira app]# systemctl stop jira 或者 [root@jira app]# /etc/init.d/jira stop

2. 修改tomcat server.conf配置文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

   [root@jira app]# vim /mnt/app/jira/conf/server.xml <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" proxyName="jira" proxyPort="443" scheme="https" secure="true"/> 和 <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

3. 启动服务

   1 2 3

   [root@jira app]# systemctl start jira 或者 [root@jira app]# /etc/init.d/jira start

4. nginx ssl key存放位置

   1 2 3

   [root@nginx ~]# ls -1 /mnt/app/nginx/conf/ssl/* /mnt/app/nginx/conf/ssl/jira.crt /mnt/app/nginx/conf/ssl/jira.key

5. nginx 主配置文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

   [root@nginx ~]# cat /mnt/app/nginx/conf/nginx.conf user nginx nginx; worker_processes 8; worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000; worker_rlimit_nofile 102400; events { use epoll; worker_connections 102400; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server_tokens off; client_max_body_size 30m; client_header_buffer_size 16k; large_client_header_buffers 4 32k; gzip on; gzip_vary on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 5; gzip_types text/plain application/x-javascript text/css application/xml image/jpeg image/png image/gif; log_format main '$remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent ' '"$http_user_agent" $http_x_forwarded_for $request_time $upstream_response_time'; error_log /mnt/log/nginx/nginx_error.log ; include /mnt/app/nginx/conf/vhost/*.conf; } stream { include /mnt/app/nginx/conf/stream/*.conf; }

6. nginx jira 虚拟主机配置文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

   [root@nginx ~]# cat /mnt/app/nginx/conf/vhost/jira.conf server { listen 80; server_name jira.ops.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name jira; access_log /mnt/log/nginx/jira.ops.com.access.log main; error_log /mnt/log/nginx/jira.ops.com.error.log; ssl on; ssl_certificate /mnt/app/nginx/conf/ssl/jira.crt; ssl_certificate_key /mnt/app/nginx/conf/ssl/jira.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { rewrite ^/ https://jira.ops.com/jira/; } location /jira { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect http:// https://; proxy_pass http://10.10.10.11:8080/jira; client_max_body_size 10M; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; # Required for new HTTP-based CLI proxy_http_version 1.1; proxy_request_buffering off; } }

7. nginx reload

   1 2	[root@nginx ~]# /mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf -t [root@nginx ~]# /mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf -s reload

8. 验证: 输入域名”jira.ops.com”查看是否自动跳转为https

confluence 升级版本

1. 备份confluence安装目录

   1	[root@confluence app]# tar czf confluence.bin.tar.gz /mnt/app/confluence

2. 备份confluence.home目录

   1	[root@confluence app]# tar czf confluence.home.tar.gz /mnt/data/confluence.home

3. 备份confluence数据库

   1	[root@confluence app]# mysqldump -u{username} -p{password} -h{ipaddress} confluence > confluence.sql

4. 升级confluence

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115

   [root@confluence app]# ./atlassian-confluence-6.4.1-x64.bin Unpacking JRE ... Starting Installer ... Oct 10, 2017 1:44:58 PM java.util.prefs.FileSystemPreferences$2 run INFO: Created system preferences directory in java.home. This will install Confluence 6.4.1 on your computer. OK [o, Enter], Cancel [c] o Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (uses default settings) [1], Custom Install (recommended for advanced users) [2], Upgrade an existing Confluence installation [3, Enter] 3 Existing installation directory: [/mnt/app/confluence] /mnt/app/confluence Back Up Confluence Home The upgrade process will automatically back up your Confluence Installation Directory. You can also choose to back up your existing Confluence Home Directory. Both directories are backed up as zip archive files in their respective parent directory locations. We strongly recommend choosing this option in the unlikely event that you experience problems with the upgrade and may require these backups to restore your existing Confluence installation. If you have many attachments in your Confluence Home Directory, the zip archive of this directory may consume a significant amount of disk space. Back up Confluence home ? Yes [y, Enter], No [n] y Checking for local modifications. List of modifications made within Confluence directories. The following provides a list of file modifications within the confluence directory. Modified files: bin/catalina.sh bin/setenv.sh conf/server.xml Removed files: (none) Added files: confluence/WEB-INF/lib/mysql-connector-java-5.1.38-bin.jar confluence/images/welcome.png conf/server.xml_bak [Enter] Checking if your instance of Confluence is running Upgrade Check List Back up your external database We strongly recommend you back up your Confluence database if you have not already done so. Please refer to the following URL for back up guidelines: http://docs.atlassian.com/confluence/docs-64/Production+Backup+Strategy Check plugin compatibility Check that your non-bundled plugins are compatible with Confluence 6.4.1. Access the plugin manager through the following URL: http://localhost:8090/plugins/servlet/upm#compatibility For more information see our documentation at the following URL: http://docs.atlassian.com/confluence/docs-64/Installing+and+Configuring+Plugins+using+the+Universal+Plugin+Manager Please ensure you have read the above checklist before upgrading. Your existing Confluence installation is about to be upgraded! The upgrade process will shut down your existing Confluence installation to complete the upgrade. Do you want to proceed? Upgrade [u, Enter], Exit [e] u Your instance of Confluence is currently being upgraded. Shutting down Confluence... Checking if Confluence has been shutdown... Backing up the Confluence installation directory Backing up the Confluence home directory Deleting the previous Confluence installation directory... Extracting files ... Please wait a few moments while we configure Confluence. Installation of Confluence 6.4.1 is complete Start Confluence now? Yes [y, Enter], No [n] y Please wait a few moments while Confluence starts up. Launching Confluence ... Installation of Confluence 6.4.1 is complete Your installation of Confluence 6.4.1 is now ready and can be accessed via your browser. Custom modifications Your previous Confluence installation contains customisations (eg server.xml) that must be manually transferred. Refer to our documentation more information: http://docs.atlassian.com/confluence/docs-64/Upgrading+Confluence#UpgradingConfluence-custommodifications Confluence 6.4.1 can be accessed at http://localhost:8090 Confluence 6.4.1 may take several minutes to load on first start up. Finishing installation ...

5. 停止服务

   1 2 3

   [root@confluence app]# systemctl stop confluence 或者 [root@confluence app]# /etc/init.d/confluence stop

6. 将JDBC的客户端拷贝到confluence安装目录lib下

   1 2 3

   [root@confluence app]# cp mysql-connector-java-5.1.44-bin.jar /mnt/app/confluence/lib/ [root@confluence app]# ls -1 /mnt/app/confluence/lib/mysql-connector-java-5.1.44-bin.jar /mnt/app/confluence/lib/mysql-connector-java-5.1.44-bin.jar

7. 启动服务

   1 2 3

   [root@confluence app]# systemctl start confluence 或者 [root@confluence app]# /etc/init.d/confluence start

8. 通过URL访问,进行验证

jira 升级版本

1. 备份jira安装目录

   1	[root@jira app]# tar czf jira.bin.tar.gz /mnt/app/jira

2. 备份jira.home目录

   1	[root@jira app]# tar czf jira.home.tar.gz /mnt/data/jira.home

3. 备份jira数据库

   1	[root@jira app]# mysqldump -u{username} -p{password} -h{ipaddress} jira > jira.sql

4. 升级jira

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111

   [root@jira app]# ./atlassian-jira-software-7.5.0-x64.bin Unpacking JRE ... Starting Installer ... Oct 10, 2017 2:04:49 PM java.util.prefs.FileSystemPreferences$2 run INFO: Created system preferences directory in java.home. This will install JIRA Software 7.5.0 on your computer. OK [o, Enter], Cancel [c] o Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2], Upgrade an existing JIRA installation [3, Enter] 3 Existing installation directory: [/mnt/app/jira] /mnt/app/jira Back up JIRA home directory The upgrade process will automatically back up your JIRA installation directory. You can also choose to back up your existing JIRA home directory. Both directories are backed up as zip archive files in their respective parent directory locations. We strongly recommend choosing this option in the unlikely event that you experience problems with the upgrade and may require these backups to restore your existing JIRA installation. If you have many attachments in your JIRA home directory, the zip archive of this directory may consume a significant amount of disk space. Back up JIRA home directory? Yes [y, Enter], No [n] y Checking for local modifications. List of modifications made within JIRA directories. The following provides a list of file modifications within the atlassian-jira directory. Modified files: bin/setenv.sh conf/server.xml bin/check-java.sh Removed files: (none) Added files: atlassian-jira/WEB-INF/lib/mysql-connector-java-5.1.38-bin.jar bin/atlassian-jira-security.log bin/atlassian-jira.log [Enter] Checking if your instance of JIRA Software is running Upgrade check list Back up your external database We strongly recommend you back up your JIRA Software database if you have not already done so. Please refer to the following URL for back up guidelines: http://docs.atlassian.com/jira/jadm-docs-075/Backing+up+data Check plugin compatibility Check that your non-bundled plugins are compatible with JIRA Software 7.5.0. Access the plugin manager through the following URL: http://localhost:8080/plugins/servlet/upm#compatibility For more information see our documentation at the following URL: http://docs.atlassian.com/jira/jadm-docs-075/Upgrading+JIRA+applications Please ensure you have read the above checklist before upgrading. Your existing JIRA installation is about to be upgraded! The upgrade process will shut down your existing JIRA installation to complete the upgrade. Do you want to proceed? Upgrade [u, Enter], Exit [e] u Your instance of JIRA is currently being upgraded. Shutting down JIRA... Checking if JIRA has been shutdown... Backing up the JIRA installation directory Backing up the JIRA home directory Deleting the previous JIRA installation directory... Extracting files ... Please wait a few moments while JIRA Software is configured. Installation of JIRA Software 7.5.0 is complete Start JIRA Software 7.5.0 now? Yes [y, Enter], No [n] y Please wait a few moments while JIRA Software starts up. Launching JIRA Software ... Installation of JIRA Software 7.5.0 is complete Your installation of JIRA Software 7.5.0 is now ready and can be accessed via your browser. Custom modifications Your previous JIRA installation contains customisations (eg server.xml) that must be manually transferred. Refer to our documentation more information: http://docs.atlassian.com/jira/jadm-docs-075/Upgrading+JIRA+applications+manually#UpgradingJIRAapplicationsmanually-configuringnewjiraasold3.4MigrateyourexistingJIRAconfigurationsovertoyournewJIRAinstallation JIRA Software 7.5.0 can be accessed at http://localhost:8080 JIRA Software may take several minutes to load on first start up. Finishing installation ...

5. 停止服务

   1 2 3

   [root@jira app]# systemctl stop jira 或者 [root@jira app]# /etc/init.d/jira stop

6. 将JDBC的客户端拷贝到jira安装目录lib下

   1 2 3

   [root@jira app]# cp mysql-connector-java-5.1.44-bin.jar /mnt/app/jira/lib/ [root@jira app]# ls -1 /mnt/app/jira/lib/mysql-connector-java-5.1.44-bin.jar /mnt/app/jira/lib/mysql-connector-java-5.1.44-bin.jar

7. 启动服务

   1 2 3

   [root@jira app]# systemctl start jira 或者 [root@jira app]# /etc/init.d/jira start

8. 通过URL访问,进行验证

系统初始化

1
2
3
4
5
6
7
8
9
10

本次使用mariadb作为MySQL数据库软件安装使用:
首先简绍一下mairadb优点,当然这些MySQL也在开发出来
1.并行复制,在从库中距日志回放,可以配置多个sql线程并行执行
2.多源复制,可以将多个mysql实例中中数据汇集到一个实例中,报表库非常实用
3.连接线程池,高并发下使用线程池维护连接线程能很好的降低资源负载
4.使用GTID,故障恢复更加快捷
5.MySQL是只适应哈希索引.Mariadb支持更好的hash join

上面好多特征MySQL5.6,MySQL5.7,MySQL7.0等也在逐渐提供,且有一些也在开源社区可以下载插件.但是就目前来说mariadb是一个不错的选择.
版本 mariadb-10.0.14不是最新版本,是一个很稳定且上述特征都已经提供

1. 服务器信息

   1 2	10.10.10.13 mariadb.master 10.10.10.14 mariadb.slave

2. 查看系统版本

   1 2	[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)

3. 设置主机名

   1 2 3 4 5 6 7 8 9

   //mariadb13 [root@localhost ~]# hostname mariadb13 && echo mariadb13 | tee /etc/hostname [root@localhost ~]# echo '10.10.10.13 mariadb13' |tee -a /etc/hosts [root@localhost ~]# $SHELL //mariadb14 [root@localhost ~]# hostname mariadb14 && echo mariadb14 | tee /etc/hostname [root@localhost ~]# echo '10.10.10.14 mariadb14' |tee -a /etc/hosts [root@localhost ~]# $SHELL

4. 硬盘格式化挂载

   1 2 3

   [root@[x] ~]# mkfs.xfs /dev/vdb [root@[x] ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab [root@[x] ~]# mount -a

5. 设置打开最大文件数

   1 2 3

   [root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f

6. 设置yum源

   1 2 3 4 5 6

   [root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup} [root@[x] ~]# rpm --import http://yum.ops.cn/epel/RPM-GPG-KEY-EPEL-7 [root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.ops.cn/epel-7.repo [root@[x] ~]# rpm --import http://yum.ops.cn/centos/RPM-GPG-KEY-CentOS-7 [root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.ops.cn/centos-7.repo [root@[x] ~]# yum clean all && yum makecache

7. 安装基础依赖库和常用工具包

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

   [root@[x] ~]# yum -y groupinstall "Development Tools" [root@[x] ~]# yum -y install \ make cmake \ bison-devel \ bzip2-devel \ zlib zlib-devel \ openssl openssl-devel openssl-libs openssl-static \ pcre pcre-devel pcre-static \ ncurses ncurses-devel ncurses-libs \ curl-devel \ expat-devel \ gettext-devel \ openldap openldap-devel \ readline readline-devel readline-static \ libssh2 libssh2-devel \ unixODBC unixODBC-devel \ sqlite sqlite-devel \ tcl tcl-devel \ perl-Digest-SHA1 \ python-libs python-devel python2-pip python-crypto \ perl-libs \ perl-ExtUtils-MakeMaker \ GeoIP GeoIP-devel \ gperftools gperftools-devel gperftools-libs \ libatomic_ops-devel \ gtest gtest-devel \ gdk-pixbuf2 gdk-pixbuf2-deve \ libffi libffi-devel \ libcurl libcurl-devel \ http-parser http-parser-devel \ libxml2* \ libmcrypt* \ libtool-ltdl-devel* [root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

8. 关闭selinux

   1 2	[root@[x] ~]# setenforce 0 [root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

9. 关闭防火墙

   1	[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld

10. 设置系统时区

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

    [root@[x] ~]# ntpdate cn.pool.ntp.org [root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock [root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone [root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd [root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak} [root@[x] ~]# cat > /etc/ntp.conf <<EOF driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server cn.pool.ntp.org prefer server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor EOF [root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak} [root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF cn.pool.ntp.org 0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org 3.centos.pool.ntp.org EOF [root@[x] ~]# systemctl start ntpd && systemctl enable ntpd

11. 安装python,并设置python源

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

    [root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv [root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache [root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里 [root@[x] ~]# pyenv install 2.7.13 [root@[x] ~]# pyenv local 2.7.13 [root@[x] ~]# mkdir ~/.pip [root@[x] ~]# cat > ~/.pip/pip.conf <<EOF [global] trusted-host=mirrors.aliyun.com index-url=http://mirrors.aliyun.com/pypi/simple/ [list] format=columns EOF

12. 设置开机启动文件权限

    1	[root@[x] ~]# chmod +x /etc/rc.d/rc.local

13. 创建常见目录

    1	[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

14. 部署mariadb

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

    [root@mariadb[X] ~]# yum -y install wget make cmake gcc gcc-c++ autoconf automake zlib* libxml2* ncurses-devel libmcrypt* libtool-ltdl-devel* [root@mariadb[X] ~]# yum -y install keepalived [root@mariadb[X] ~]# useradd -s /sbin/nologin mysql [root@mariadb[X] ~]# cd /mnt/ops/app [root@mariadb[X] app]# tar xzf mariadb-10.0.14.tar.gz [root@mariadb[X] app]# cd mariadb-10.0.14 [root@mariadb[X] mariadb-10.0.14]# cmake -DCMAKE_INSTALL_PREFIX=/mnt/app/mariadb \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_FEDERATED_STORAGE_ENGINE=1 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DWITH_READLINE=1 \ -DENABLED_LOCAL_INFILE=1 \ -DEXTRA_CHARSETS=all \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci \ -DMYSQL_USER=mysql [root@mariadb[X] mariadb-10.0.14]# make -j 8 [root@mariadb[X] mariadb-10.0.14]# make -j 8 install [root@mariadb[X] mariadb-10.0.14]# echo 'export MYSQL_BASE=/mnt/app/mariadb' |tee /etc/profile.d/mysql.sh [root@mariadb[X] mariadb-10.0.14]# echo 'export MYSQL_BIN=$MYSQL_BASE/bin' |tee -a /etc/profile.d/mysql.sh [root@mariadb[X] mariadb-10.0.14]# echo 'export PATH=$MYSQL_BIN:$PATH' |tee -a /etc/profile.d/mysql.sh [root@mariadb[X] mariadb-10.0.14]# source /etc/profile [root@mariadb[X] mariadb-10.0.14]# mkdir -p /mnt/{data,log}/mysql/3306 [root@mariadb[X] mariadb-10.0.14]# chown -R mysql.mysql /mnt/{data,log}/mysql/3306 [root@mariadb[X] mariadb-10.0.14]# mkdir -p /mnt/app/mariadb/conf [root@mariadb[X] mariadb-10.0.14]# chmod +x scripts/* [root@mariadb[X] mariadb-10.0.14]# ./scripts/mysql_install_db --basedir=/mnt/app/mysql/ --datadir=/mnt/data/mysql/3306/ --user=mysql

15. mariadb master

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96

    [root@mariadb13 mariadb-10.0.14]# cat > /mnt/app/mariadb/conf/3306.cnf <<EOF [client] port = 3306 socket = /mnt/data/mysql/3306/mysqld.sock [mysqld] port = 3306 socket = /mnt/data/mysql/3306/mysqld.sock datadir = /mnt/data/mysql/3306/ basedir = /mnt/app/mariadb default-storage-engine=InnoDB expire-logs-days = 7 skip-name-resolve skip-external-locking key_buffer_size = 128M max_allowed_packet = 64M table_open_cache = 512 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_concurrency = 8 query_cache_type = 0 thread_cache_size = 128 max_binlog_size = 512M max_connections = 2000 max_user_connections = 1600 max_connect_errors = 99999999 connect_timeout = 30 tmp_table_size = 128M max_heap_table_size = 128M log-bin = 3306-bin binlog_cache_size = 4M slow_query_log = 1 slow-query-log-file = /mnt/log/mysql/3306/ms.slow pid_file = /mnt/data/mysql/3306/mysqld.pid log_error = /mnt/log/mysql/3306/err.log general_log_file = /mnt/log/mysql/3306/gene.log long_query_time = 1 log-slave-updates #binlog_format = MIXED binlog_format = ROW sync-master-info=1 slave-parallel-threads=20 binlog-checksum=CRC32 master-verify-checksum=1 slave-sql-verify-checksum=1 #report-host=IP #report-port=3306 server-id = 1313 #read_only = 1 #auto_increment_increment=2 #auto_increment_offset=1 innodb_file_per_table = 1 innodb_data_home_dir = /mnt/data/mysql/3306 innodb_log_group_home_dir = /mnt/data/mysql/3306 innodb_buffer_pool_size = 6G innodb_additional_mem_pool_size = 20M innodb_log_file_size = 512M innodb_log_buffer_size = 32M innodb_flush_log_at_trx_commit = 2 #innodb_io_capacity = 500 #innodb_support_xa = false innodb_lock_wait_timeout = 30 #transaction-isolation = READ-COMMITTED #thread pool thread_handling=pool-of-threads init-connect = 'set names utf8' character_set_server = utf8 [mysqldump] quick max_allowed_packet = 64M [mysql] no-auto-rehash [myisamchk] key_buffer_size = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M [mysqlhotcopy] interactive-timeout EOF

16. mariadb slave

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96

    [root@mariadb14 ~]# cat > /mnt/app/mariadb/conf/3306.cnf <<EOF [client] port = 3306 socket = /mnt/data/mysql/3306/mysqld.sock [mysqld] port = 3306 socket = /mnt/data/mysql/3306/mysqld.sock datadir = /mnt/data/mysql/3306/ basedir = /mnt/app/mariadb default-storage-engine=InnoDB expire-logs-days = 7 skip-name-resolve skip-external-locking key_buffer_size = 128M max_allowed_packet = 64M table_open_cache = 512 sort_buffer_size = 2M read_buffer_size = 2M read_rnd_buffer_size = 8M myisam_sort_buffer_size = 64M thread_concurrency = 8 query_cache_type = 0 thread_cache_size = 128 max_binlog_size = 512M max_connections = 2000 max_user_connections = 1600 max_connect_errors = 99999999 connect_timeout = 30 tmp_table_size = 128M max_heap_table_size = 128M log-bin = 3306-bin binlog_cache_size = 4M slow_query_log = 1 slow-query-log-file = /mnt/log/mysql/3306/ms.slow pid_file = /mnt/data/mysql/3306/mysqld.pid log_error = /mnt/log/mysql/3306/err.log general_log_file = /mnt/log/mysql/3306/gene.log long_query_time = 1 log-slave-updates #binlog_format = MIXED binlog_format = ROW sync-master-info=1 slave-parallel-threads=20 binlog-checksum=CRC32 master-verify-checksum=1 slave-sql-verify-checksum=1 #report-host=IP #report-port=3306 server-id = 1314 read_only = 1 #auto_increment_increment=2 #auto_increment_offset=1 innodb_file_per_table = 1 innodb_data_home_dir = /mnt/data/mysql/3306 innodb_log_group_home_dir = /mnt/data/mysql/3306 innodb_buffer_pool_size = 6G innodb_additional_mem_pool_size = 20M innodb_log_file_size = 512M innodb_log_buffer_size = 32M innodb_flush_log_at_trx_commit = 2 #innodb_io_capacity = 500 #innodb_support_xa = false innodb_lock_wait_timeout = 30 #transaction-isolation = READ-COMMITTED #thread pool thread_handling=pool-of-threads init-connect = 'set names utf8' character_set_server = utf8 [mysqldump] quick max_allowed_packet = 64M [mysql] no-auto-rehash [myisamchk] key_buffer_size = 256M sort_buffer_size = 256M read_buffer = 2M write_buffer = 2M [mysqlhotcopy] interactive-timeout EOF

17. mariadb 启动服务

    1	[root@mariadb[X] ~]# /mnt/app/mariadb/bin/mysqld_safe --defaults-file=/mnt/app/mariadb/conf/${port}.cnf &

18. mariadb 连接脚本

    1 2 3 4 5 6

    [root@mariadb[X] ~]# cat > /mnt/app/mariadb/bin/mylin <<EOF #!/bin/bash p=\$1 shift mysql -h"127.0.0.1" -P"\$p" --default-character-set=utf8 --show-warnings -uroot -p'{password}' -A --prompt="(\u@\p)[\d]> " "\$@" EOF

19. keepalived设置

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

    [root@mariadb13 ~]# cat /etc/keepalived/keepalived.conf Configuration File for keepalived global_defs { router_id HA_10.10.10.13 } vrrp_instance VI_10.10.10.13 { state BACKUP smtp_alter dont_track_primary interface eth0 virtual_router_id 92 priority 101 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 92 } virtual_ipaddress { 10.10.10.92 } } [root@mariadb13 ~]# systemctl start keepalived [root@mariadb13 ~]# systemctl enable keepalived [root@mariadb14 ~]# cat /etc/keepalived/keepalived.conf Configuration File for keepalived global_defs { router_id HA_10.10.10.14 } vrrp_instance VI_10.10.10.14 { state BACKUP smtp_alter dont_track_primary interface eth0 virtual_router_id 92 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 92 } virtual_ipaddress { 10.10.10.92 } } [root@mariadb14 ~]# systemctl start keepalived [root@mariadb14 ~]# systemctl enable keepalived

confluence SSL设置

1. 停止服务

   1 2 3

   [root@confluence app]# systemctl stop confluence 或者 [root@confluence app]# /etc/init.d/confluence stop

2. 修改tomcat server.conf配置文件

   1 2 3 4 5 6 7 8

   [root@confluence app]# vim /mnt/app/confluence/conf/server.xml <Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="wiki.ops.com" proxyPort="443" scheme="https" secure="true"/> 和 <Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">

3. 启动服务

   1 2 3

   [root@confluence app]# systemctl start confluence 或者 [root@confluence app]# /etc/init.d/confluence start

4. nginx ssl key存放位置

   1 2 3

   [root@nginx ~]# ls -1 /mnt/app/nginx/conf/ssl/* /mnt/app/nginx/conf/ssl/confluence.crt /mnt/app/nginx/conf/ssl/confluence.key

5. nginx 主配置文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

   [root@nginx ~]# cat /mnt/app/nginx/conf/nginx.conf user nginx nginx; worker_processes 8; worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000; worker_rlimit_nofile 102400; events { use epoll; worker_connections 102400; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server_tokens off; client_max_body_size 30m; client_header_buffer_size 16k; large_client_header_buffers 4 32k; gzip on; gzip_vary on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.0; gzip_comp_level 5; gzip_types text/plain application/x-javascript text/css application/xml image/jpeg image/png image/gif; log_format main '$remote_addr $remote_user [$time_local] "$request" ' '$status $body_bytes_sent ' '"$http_user_agent" $http_x_forwarded_for $request_time $upstream_response_time'; error_log /mnt/log/nginx/nginx_error.log ; include /mnt/app/nginx/conf/vhost/*.conf; } stream { include /mnt/app/nginx/conf/stream/*.conf; }

6. nginx confluence 虚拟主机配置文件

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

   [root@nginx ~]# cat /mnt/app/nginx/conf/vhost/wiki.conf server { listen 80; server_name wiki.ops.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name wiki.ops.com; access_log /mnt/log/nginx/wiki.ops.com.access.log main; error_log /mnt/log/nginx/wiki.ops.com.error.log; ssl on; ssl_certificate /mnt/app/nginx/conf/ssl/confluence.crt; ssl_certificate_key /mnt/app/nginx/conf/ssl/confluence.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { rewrite ^/ https://wiki.ops.com/confluence/; } location /confluence { proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect http:// https://; proxy_pass http://10.10.10.12:8090/confluence; client_max_body_size 10M; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; # Required for new HTTP-based CLI proxy_http_version 1.1; proxy_request_buffering off; } }

7. nginx reload

   1 2	[root@nginx ~]# /mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf -t [root@nginx ~]# /mnt/app/nginx/sbin/nginx -c /mnt/app/nginx/conf/nginx.conf -s reload

8. 验证: 输入域名”wiki.ops.com”查看是否自动跳转为https

系统初始化

1. 服务器信息

   1	10.10.10.11 jira

2. 查看系统版本

   1 2	[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)

3. 设置主机名

   1 2 3 4

   //jira [root@localhost ~]# hostname jira && echo jira | tee /etc/hostname [root@localhost ~]# echo '10.10.10.11 jira' |tee -a /etc/hosts [root@localhost ~]# $SHELL

4. 硬盘格式化挂载

   1 2 3

   [root@[x] ~]# mkfs.xfs /dev/vdb [root@[x] ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab [root@[x] ~]# mount -a

5. 设置打开最大文件数

   1 2 3

   [root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f

6. 设置yum源

   1 2 3 4 5 6

   [root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup} [root@[x] ~]# rpm --import http://yum.ops.cn/epel/RPM-GPG-KEY-EPEL-7 [root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.ops.cn/epel-7.repo [root@[x] ~]# rpm --import http://yum.ops.cn/centos/RPM-GPG-KEY-CentOS-7 [root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.ops.cn/centos-7.repo [root@[x] ~]# yum clean all && yum makecache

7. 安装基础依赖库和常用工具包

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

   [root@[x] ~]# yum -y groupinstall "Development Tools" [root@[x] ~]# yum -y install \ make cmake \ bison-devel \ bzip2-devel \ zlib zlib-devel \ openssl openssl-devel openssl-libs openssl-static \ pcre pcre-devel pcre-static \ ncurses ncurses-devel ncurses-libs \ curl-devel \ expat-devel \ gettext-devel \ openldap openldap-devel \ readline readline-devel readline-static \ libssh2 libssh2-devel \ unixODBC unixODBC-devel \ sqlite sqlite-devel \ tcl tcl-devel \ perl-Digest-SHA1 \ python-libs python-devel python2-pip python-crypto \ perl-libs \ perl-ExtUtils-MakeMaker \ GeoIP GeoIP-devel \ gperftools gperftools-devel gperftools-libs \ libatomic_ops-devel \ gtest gtest-devel \ gdk-pixbuf2 gdk-pixbuf2-deve \ libffi libffi-devel \ libcurl libcurl-devel \ http-parser http-parser-devel \ libxml2* \ libmcrypt* \ libtool-ltdl-devel* [root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

8. 关闭selinux

   1 2	[root@[x] ~]# setenforce 0 [root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

9. 关闭防火墙

   1	[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld

10. 设置系统时区

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

    [root@[x] ~]# ntpdate cn.pool.ntp.org [root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock [root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone [root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd [root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak} [root@[x] ~]# cat > /etc/ntp.conf <<EOF driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server cn.pool.ntp.org prefer server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor EOF [root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak} [root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF cn.pool.ntp.org 0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org 3.centos.pool.ntp.org EOF [root@[x] ~]# systemctl start ntpd && systemctl enable ntpd

11. 安装python,并设置python源

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

    [root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv [root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache [root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里 [root@[x] ~]# pyenv install 2.7.13 [root@[x] ~]# pyenv local 2.7.13 [root@[x] ~]# mkdir ~/.pip [root@[x] ~]# cat > ~/.pip/pip.conf <<EOF [global] trusted-host=mirrors.aliyun.com index-url=http://mirrors.aliyun.com/pypi/simple/ [list] format=columns EOF

12. 设置开机启动文件权限

    1	[root@[x] ~]# chmod +x /etc/rc.d/rc.local

13. 创建常见目录

    1	[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

14. 部署mysql
    jira mysql install

15. 部署java

    1 2 3 4 5 6 7 8 9 10

    //jira/confluence: [root@[x] ~]# tar xzf jdk-8u131-linux-x64.tar.gz [root@[x] ~]# mv jdk1.8.0_131 /mnt/app/java [root@[x] ~]# chown -R root.root /mnt/app/java [root@[x] ~]# echo 'JAVA_HOME=/mnt/app/java' | tee /etc/profile.d/java.sh [root@[x] ~]# echo 'JRE_HOME=${JAVA_HOME}/jre' | tee -a /etc/profile.d/java.sh [root@[x] ~]# echo 'CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib' | tee -a /etc/profile.d/java.sh [root@[x] ~]# echo 'export PATH=${JAVA_HOME}/bin:$PATH' | tee -a /etc/profile.d/java.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# java -version

16. 部署jira

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58

    [root@jira app]# chmod +x atlassian-jira-software-7.5.0-x64.bin [root@jira app]# ./atlassian-jira-software-7.5.0-x64.bin Unpacking JRE ... Starting Installer ... Oct 10, 2017 10:15:40 AM java.util.prefs.FileSystemPreferences$2 run INFO: Created system preferences directory in java.home. This will install JIRA Software 7.5.0 on your computer. OK [o, Enter], Cancel [c] o Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing JIRA installation [3] 2 Where should JIRA Software be installed? [/opt/atlassian/jira] /mnt/app/jira Default location for JIRA Software data [/var/atlassian/application-data/jira] /mnt/data/jira.home Configure which ports JIRA Software will use. JIRA requires two TCP ports that are not being used by any other applications on this machine. The HTTP port is where you will access JIRA through your browser. The Control port is used to startup and shutdown JIRA. Use default ports (HTTP: 8080, Control: 8005) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2] 1 JIRA can be run in the background. You may choose to run JIRA as a service, which means it will start automatically whenever the computer restarts. Install JIRA as Service? Yes [y, Enter], No [n] y Details on where JIRA Software will be installed and the settings that will be used. Installation Directory: /mnt/app/jira Home Directory: /mnt/data/jira.home HTTP Port: 8080 RMI Port: 8005 Install as service: Yes Install [i, Enter], Exit [e] i Extracting files ... Please wait a few moments while JIRA Software is configured. Installation of JIRA Software 7.5.0 is complete Start JIRA Software 7.5.0 now? Yes [y, Enter], No [n] y Please wait a few moments while JIRA Software starts up. Launching JIRA Software ... Installation of JIRA Software 7.5.0 is complete Your installation of JIRA Software 7.5.0 is now ready and can be accessed via your browser. JIRA Software 7.5.0 can be accessed at http://localhost:8080 Finishing installation ...

17. 停止服务

    1	[root@jira app]# /etc/init.d/jira stop

18. 将JDBC的客户端拷贝到jira安装目录lib下

    1 2 3

    [root@jira app]# cp mysql-connector-java-5.1.44-bin.jar /mnt/app/jira/lib/ [root@jira app]# ls -1 /mnt/app/jira/lib/mysql-connector-java-5.1.44-bin.jar /mnt/app/jira/lib/mysql-connector-java-5.1.44-bin.jar

19. 创建数据库

    1 2	[root@jira app]# mysql -u{username} -p{password} -h{ipaddress} MariaDB [(none)]> CREATE DATABASE jira CHARACTER SET utf8 COLLATE utf8_bin;

20. 查看设置jira.home配置文件

    1 2	[root@jira app]# cat /mnt/app/jira/atlassian-jira/WEB-INF/classes/jira-application.properties jira.home = /mnt/data/jira.home

21. 查看启动jira时java版本

    1 2 3

    [root@jira app]# vim /mnt/app/jira/bin/check-java.sh _EXPECTED_JAVA_VERSION="8" #_RUNJAVA=/mnt/app/java/bin/java 注意: 如果使用tar包解压,这里最好加上_RUNJAVA变量

22. 查看jira启动端口号

    1 2 3 4 5 6 7 8 9 10 11 12 13

    [root@jira app]# vim /mnt/app/jira/conf/server.xml <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

23. 设置jira systemd

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

    [root@jira app]# cat /etc/init.d/jira #!/bin/bash # JIRA Linux service controller script cd "/mnt/app/jira/bin" case "$1" in start) ./start-jira.sh ;; stop) ./stop-jira.sh ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac [root@jira app]# cat > /usr/lib/systemd/system/jira.service <<EOF [Unit] Description=jira - atlassian-jira Documentation=https://confluence.atlassian.com/alldoc/atlassian-documentation-32243719.html After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/mnt/app/jira/bin/start-jira.sh ExecStop=/mnt/app/jira/bin/stop-jira.sh PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF

24. 启动jira

    1 2 3

    [root@jira app]# systemctl daemon-reload [root@jira app]# systemctl start jira [root@jira app]# systemctl enable jira

25. 访问jira

    1 2 3 4 5

    * 浏览器中输入: http://{IP}:8080 * 选择"中文",自定义设置 * 选择"Mysql",根据提示输入 数据库地址,用户名,密码 * 输入"Listen key" * 根据提示操作,结束

系统初始化

1. 服务器信息

   1	10.10.10.12 confluence

2. 查看系统版本

   1 2	[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)

3. 设置主机名

   1 2 3 4

   //confluence [root@localhost ~]# hostname confluence && echo confluence | tee /etc/hostname [root@localhost ~]# echo '10.10.10.12 confluence' |tee -a /etc/hosts [root@localhost ~]# $SHELL

4. 硬盘格式化挂载

   1 2 3

   [root@[x] ~]# mkfs.xfs /dev/vdb [root@[x] ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab [root@[x] ~]# mount -a

5. 设置打开最大文件数

   1 2 3

   [root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f

6. 设置yum源

   1 2 3 4 5 6

   [root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup} [root@[x] ~]# rpm --import http://yum.ops.cn/epel/RPM-GPG-KEY-EPEL-7 [root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.ops.cn/epel-7.repo [root@[x] ~]# rpm --import http://yum.ops.cn/centos/RPM-GPG-KEY-CentOS-7 [root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.ops.cn/centos-7.repo [root@[x] ~]# yum clean all && yum makecache

7. 安装基础依赖库和常用工具包

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

   [root@[x] ~]# yum -y groupinstall "Development Tools" [root@[x] ~]# yum -y install \ make cmake \ bison-devel \ bzip2-devel \ zlib zlib-devel \ openssl openssl-devel openssl-libs openssl-static \ pcre pcre-devel pcre-static \ ncurses ncurses-devel ncurses-libs \ curl-devel \ expat-devel \ gettext-devel \ openldap openldap-devel \ readline readline-devel readline-static \ libssh2 libssh2-devel \ unixODBC unixODBC-devel \ sqlite sqlite-devel \ tcl tcl-devel \ perl-Digest-SHA1 \ python-libs python-devel python2-pip python-crypto \ perl-libs \ perl-ExtUtils-MakeMaker \ GeoIP GeoIP-devel \ gperftools gperftools-devel gperftools-libs \ libatomic_ops-devel \ gtest gtest-devel \ gdk-pixbuf2 gdk-pixbuf2-deve \ libffi libffi-devel \ libcurl libcurl-devel \ http-parser http-parser-devel \ libxml2* \ libmcrypt* \ libtool-ltdl-devel* [root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

8. 关闭selinux

   1 2	[root@[x] ~]# setenforce 0 [root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

9. 关闭防火墙

   1	[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld

10. 设置系统时区

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

    [root@[x] ~]# ntpdate cn.pool.ntp.org [root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock [root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone [root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd [root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak} [root@[x] ~]# cat > /etc/ntp.conf <<EOF driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server cn.pool.ntp.org prefer server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor EOF [root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak} [root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF cn.pool.ntp.org 0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org 3.centos.pool.ntp.org EOF [root@[x] ~]# systemctl start ntpd && systemctl enable ntpd

11. 安装python,并设置python源

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

    [root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv [root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache [root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里 [root@[x] ~]# pyenv install 2.7.13 [root@[x] ~]# pyenv local 2.7.13 [root@[x] ~]# mkdir ~/.pip [root@[x] ~]# cat > ~/.pip/pip.conf <<EOF [global] trusted-host=mirrors.aliyun.com index-url=http://mirrors.aliyun.com/pypi/simple/ [list] format=columns EOF

12. 设置开机启动文件权限

    1	[root@[x] ~]# chmod +x /etc/rc.d/rc.local

13. 创建常见目录

    1	[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

14. 部署mysql
    confluence mysql install

15. 部署java

    1 2 3 4 5 6 7 8 9 10

    //jira/confluence: [root@[x] ~]# tar xzf jdk-8u131-linux-x64.tar.gz [root@[x] ~]# mv jdk1.8.0_131 /mnt/app/java [root@[x] ~]# chown -R root.root /mnt/app/java [root@[x] ~]# echo 'JAVA_HOME=/mnt/app/java' | tee /etc/profile.d/java.sh [root@[x] ~]# echo 'JRE_HOME=${JAVA_HOME}/jre' | tee -a /etc/profile.d/java.sh [root@[x] ~]# echo 'CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib' | tee -a /etc/profile.d/java.sh [root@[x] ~]# echo 'export PATH=${JAVA_HOME}/bin:$PATH' | tee -a /etc/profile.d/java.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# java -version

16. 部署confluence

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

    [root@confluence app]# chmod +x atlassian-confluence-6.4.1-x64.bin [root@confluence app]# ./atlassian-confluence-6.4.1-x64.bin Unpacking JRE ... Starting Installer ... Oct 10, 2017 11:38:32 AM java.util.prefs.FileSystemPreferences$1 run INFO: Created user preferences directory. Oct 10, 2017 11:38:32 AM java.util.prefs.FileSystemPreferences$2 run INFO: Created system preferences directory in java.home. This will install Confluence 6.4.1 on your computer. OK [o, Enter], Cancel [c] o Choose the appropriate installation or upgrade option. Please choose one of the following: Express Install (uses default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing Confluence installation [3] 2 Where should Confluence 6.4.1 be installed? [/opt/atlassian/confluence] /mnt/app/confluence Default location for Confluence data [/var/atlassian/application-data/confluence] /mnt/data/confluence.home Configure which ports Confluence will use. Confluence requires two TCP ports that are not being used by any other applications on this machine. The HTTP port is where you will access Confluence through your browser. The Control port is used to Startup and Shutdown Confluence. Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2] 1 Confluence can be run in the background. You may choose to run Confluence as a service, which means it will start automatically whenever the computer restarts. Install Confluence as Service? Yes [y, Enter], No [n] y Extracting files ... Please wait a few moments while we configure Confluence. Installation of Confluence 6.4.1 is complete Start Confluence now? Yes [y, Enter], No [n] y Please wait a few moments while Confluence starts up. Launching Confluence ... Installation of Confluence 6.4.1 is complete Your installation of Confluence 6.4.1 is now ready and can be accessed via your browser. Confluence 6.4.1 can be accessed at http://localhost:8090 Finishing installation ...

17. 停止服务

    1	[root@confluence app]# /etc/init.d/confluence stop

18. 将JDBC的客户端拷贝到confluence安装目录lib下

    1 2 3

    [root@confluence app]# cp mysql-connector-java-5.1.44-bin.jar /mnt/app/confluence/lib/ [root@confluence app]# ls -1 /mnt/app/confluence/lib/mysql-connector-java-5.1.44-bin.jar /mnt/app/confluence/lib/mysql-connector-java-5.1.44-bin.jar

19. 创建数据库

    1 2	[root@confluence app]# mysql -u{username} -p{password} -h{ipaddress} MariaDB [(none)]> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;

20. 查看confluence.home

    1 2	[root@confluence app]# cat /mnt/app/confluence/confluence/WEB-INF/classes/confluence-init.properties confluence.home=/mnt/data/confluence.home

21. 查看confluence.port

    1 2 3 4 5

    [root@confluence app]# cat /mnt/app/confluence/conf/server.xml <Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" />

22. 设置confluence systemd

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39

    [root@confluence app]# cat /etc/init.d/confluence #!/bin/bash # Confluence Linux service controller script cd "/mnt/app/confluence/bin" case "$1" in start) ./start-confluence.sh ;; stop) ./stop-confluence.sh ;; restart) ./stop-confluence.sh ./start-confluence.sh ;; *) echo "Usage: $0 {start|stop|restart}" exit 1 ;; esac [root@confluence app]# cat > /usr/lib/systemd/system/confluence.service <<EOF [Unit] Description=confluence - atlassian-confluence Documentation=https://confluence.atlassian.com/alldoc/atlassian-documentation-32243719.html After=network.target remote-fs.target nss-lookup.target [Service] Type=forking ExecStart=/mnt/app/confluence/bin/start-confluence.sh ExecStop=/mnt/app/confluence/bin/stop-confluence.sh PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF

23. 启动confluence

    1 2 3

    [root@confluence app]# systemctl daemon-reload [root@confluence app]# systemctl start confluence [root@confluence app]# systemctl enable confluence

24. 访问confluence

    1 2 3 4 5

    * 浏览器中输入: http://{IP}:8090 * 选择"中文",自定义设置 * 选择"Mysql",根据提示输入 数据库地址,用户名,密码 * 输入"Listen key" * 根据提示操作,结束

salt master syndic install

1. 服务器信息

   1 2 3 4

   192.168.13.217 CentOS 7.3.1611 master 192.168.13.218 CentOS 7.3.1611 master+syndic 192.168.13.187 CentOS 6.5 minion 192.168.13.188 CentOS 7.0.1406 minion

2. 查看系统版本

   1 2	[root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)

3. 设置主机名

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

   //salt-master [root@localhost ~]# hostname salt-master && echo salt-master | tee /etc/hostname [root@localhost ~]# echo '192.168.13.217 salt-master' |tee -a /etc/hosts [root@localhost ~]# $SHELL //salt-syndic [root@localhost ~]# hostname salt-syndic && echo salt-syndic | tee /etc/hostname [root@localhost ~]# echo '192.168.13.218 salt-syndic' |tee -a /etc/hosts [root@localhost ~]# $SHELL /salt-minion CentOS-6: [root@localhost ~]# hostname salt-minion-187 && echo salt-minion-187 | tee /etc/hostname [root@localhost ~]# echo '192.168.13.187 salt-minion-187' |tee -a /etc/hosts [root@localhost ~]# sed -i /'HOSTNAME'/d /etc/sysconfig/network [root@localhost ~]# echo 'HOSTNAME=salt-minion-187'|tee -a /etc/sysconfig/network [root@localhost ~]# $SHELL CentOS-7: [root@localhost ~]# hostname salt-minion-188 && echo salt-minion-188 | tee /etc/hostname [root@localhost ~]# echo '192.168.13.188 salt-minion-188' |tee -a /etc/hosts [root@localhost ~]# $SHELL

4. 硬盘格式化挂载

   1 2 3

   [root@[x] ~]# mkfs.xfs /dev/vdb [root@[x] ~]# echo '/dev/vdb /mnt xfs defaults 0 0' | tee -a /etc/fstab [root@[x] ~]# mount -a

5. 设置打开最大文件数

   1 2 3

   [root@[x] ~]# echo '* - nproc 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# echo '* - nofile 65535' | tee -a /etc/security/limits.conf [root@[x] ~]# ls /etc/security/limits.d/*|xargs rm -f

6. 设置yum源

   1 2 3 4 5 6

   [root@[x] ~]# mkdir /etc/yum.repos.d/backup && mv /etc/yum.repos.d/{*,backup} [root@[x] ~]# rpm --import http://yum.jwops.cn/epel/RPM-GPG-KEY-EPEL-7 [root@[x] ~]# curl -o /etc/yum.repos.d/epel.repo http://yum.jwops.cn/epel-7.repo [root@[x] ~]# rpm --import http://yum.jwops.cn/centos/RPM-GPG-KEY-CentOS-7 [root@[x] ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://yum.jwops.cn/centos-7.repo [root@[x] ~]# yum clean all && yum makecache

7. 安装基础依赖库和常用工具包

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

   [root@[x] ~]# yum -y groupinstall "Development Tools" [root@[x] ~]# yum -y install \ make cmake \ bison-devel \ bzip2-devel \ zlib zlib-devel \ openssl openssl-devel openssl-libs openssl-static \ pcre pcre-devel pcre-static \ ncurses ncurses-devel ncurses-libs \ curl-devel \ expat-devel \ gettext-devel \ openldap openldap-devel \ readline readline-devel readline-static \ libssh2 libssh2-devel \ unixODBC unixODBC-devel \ sqlite sqlite-devel \ tcl tcl-devel \ perl-Digest-SHA1 \ python-libs python-devel python2-pip python-crypto \ perl-libs \ perl-ExtUtils-MakeMaker \ GeoIP GeoIP-devel \ gperftools gperftools-devel gperftools-libs \ libatomic_ops-devel \ gtest gtest-devel \ gdk-pixbuf2 gdk-pixbuf2-deve \ libffi libffi-devel \ libcurl libcurl-devel \ http-parser http-parser-devel \ libxml2* \ libmcrypt* \ libtool-ltdl-devel* [root@[x] ~]# yum -y install bash-completion fop lftp ntp ntpdate vim wget telnet dstat tree lrzsz net-tools nmap-ncat nmap sysstat dmidecode bc

8. 关闭selinux

   1 2	[root@[x] ~]# setenforce 0 [root@[x] ~]# sed -i s/'SELINUX=enforcing'/'SELINUX=disabled'/g /etc/selinux/config

9. 关闭防火墙

   1	[root@[x] ~]# systemctl stop firewalld && systemctl disable firewalld

10. 设置系统时区

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

    [root@[x] ~]# ntpdate cn.pool.ntp.org [root@[x] ~]# [ -f /etc/localtime ] && cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime [root@[x] ~]# [ -f /etc/sysconfig/clock ] && echo 'ZONE="Asia/Shanghai"' | tee /etc/sysconfig/clock [root@[x] ~]# [ -f /etc/timezone ] && echo 'Asia/Shanghai' | tee /etc/timezone [root@[x] ~]# [ -f /etc/sysconfig/ntpd ] && echo 'SYNC_HWCLOCK=yes' | tee -a /etc/sysconfig/ntpd [root@[x] ~]# cp -f /etc/{ntp.conf,ntp.conf.bak} [root@[x] ~]# cat > /etc/ntp.conf <<EOF driftfile /var/lib/ntp/drift restrict default nomodify notrap nopeer noquery restrict 127.0.0.1 restrict ::1 server cn.pool.ntp.org prefer server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst includefile /etc/ntp/crypto/pw keys /etc/ntp/keys disable monitor EOF [root@[x] ~]# cp -f /etc/ntp/{step-tickers,step-tickers.bak} [root@[x] ~]# cat > /etc/ntp/step-tickers <<EOF cn.pool.ntp.org 0.centos.pool.ntp.org 1.centos.pool.ntp.org 2.centos.pool.ntp.org 3.centos.pool.ntp.org EOF [root@[x] ~]# systemctl start ntpd && systemctl enable ntpd

11. 安装python,并设置python源

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

    [root@[x] ~]# git clone https://github.com/yyuu/pyenv.git /usr/local/pyenv [root@[x] ~]# echo 'export PYENV_ROOT="/usr/local/pyenv"' | tee /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'export PATH="$PYENV_ROOT/bin:$PATH"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# echo 'eval "$(pyenv init -)"' | tee -a /etc/profile.d/pyenv.sh [root@[x] ~]# source /etc/profile [root@[x] ~]# mkdir -p ${PYENV_ROOT}/cache [root@[x] ~]# ls ${PYENV_ROOT}/cache/Python-2.7.13.tar.xz 将源码包放到这里 [root@[x] ~]# pyenv install 2.7.13 [root@[x] ~]# pyenv local 2.7.13 [root@[x] ~]# pyenv rehash [root@[x] ~]# mkdir ~/.pip [root@[x] ~]# cat > ~/.pip/pip.conf <<EOF [global] trusted-host=mirrors.aliyun.com index-url=http://mirrors.aliyun.com/pypi/simple/ [list] format=columns EOF

12. 设置开机启动文件权限

    1	[root@[x] ~]# chmod +x /etc/rc.d/rc.local

13. 创建常见目录

    1	[root@[x] ~]# mkdir -p /mnt/{app,data,log,web,ops/{app,data,cron}}

1. salt安装

   1	[root@[x] ~]# pip install salt

2. salt-master配置

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

   [root@salt-master ~]# mkdir -p /etc/salt [root@salt-master ~]# mkdir -p /mnt/data/salt/base/{dev,prod} [root@salt-master ~]# mkdir -p /mnt/data/salt/pillar/{dev,prod} [root@salt-master ~]# cat > /etc/salt/master <<EOF interface: 0.0.0.0 ipv6: False publish_port: 4505 ret_port: 4506 user: root order_masters: True file_roots: base: - /mnt/data/salt/base dev: - /mnt/data/salt/base/dev prod: - /mnt/data/salt/base/prod pillar_roots: base: - /mnt/data/salt/pillar dev: - /mnt/data/salt/pillar/dev prod: - /mnt/data/salt/pillar/prod EOF [root@salt-master ~]# salt-master -c /etc/salt -d [root@salt-master ~]# pkill salt-master [root@salt-master ~]# cat > /usr/lib/systemd/system/salt-master.service <<EOF [Unit] Description=salt-master Documentation=https://docs.saltstack.com/en/latest/ After=network.target [Service] LimitNOFILE=65535 Type=simple NotifyAccess=all ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-master PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF [root@salt-master ~]# systemctl daemon-reload [root@salt-master ~]# systemctl start salt-master [root@salt-master ~]# systemctl enable salt-master [root@salt-master ~]# cp -f /etc/{rsyncd.conf,rsyncd.conf.bak} [root@salt-master ~]# cat > /etc/rsyncd.conf <<EOF uid = root gid = root port = 873 use chroot = yes read only = no write only = no hosts allow = 192.168.13.218 hosts deny = * max connections = 5 exclude = lost+found/ transfer logging = yes timeout = 900 ignore nonreadable = yes dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 [salt] path = /mnt/data/salt list = yes auth users = saltsync secrets file = /etc/rsyncd.secrets read only = yes exclude = test1/ test2/ comment = salt file_roots and pillor_roots EOF [root@salt-master ~]# echo 'saltsync:EcZufi9eoIdUR6X' |tee /etc/rsyncd.secrets [root@salt-master ~]# chmod 600 /etc/rsyncd.secrets [root@salt-master ~]# systemctl start rsyncd [root@salt-master ~]# systemctl enable rsyncd

3. salt-syndic配置

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79

   [root@salt-syndic ~]# echo 'EcZufi9eoIdUR6X' |tee /etc/rsyncd.passwd [root@salt-syndic ~]# chmod 600 /etc/rsyncd.passwd [root@salt-syndic ~]# echo '*/1 * * * * rsync -avzP --delete --password-file=/etc/rsyncd.passwd saltsync@192.168.13.217::salt /mnt/data/salt' |tee /var/spool/cron/root [root@salt-syndic ~]# mkdir -p /etc/salt [root@salt-syndic ~]# cat > /etc/salt/master <<EOF interface: 0.0.0.0 ipv6: False publish_port: 4505 ret_port: 4506 user: root syndic_master: - 192.168.13.217 syndic_master_port: 4506 syndic_failover: random syndic_wait: 20 auto_accept: True file_roots: base: - /mnt/data/salt/base dev: - /mnt/data/salt/base/dev prod: - /mnt/data/salt/base/prod pillar_roots: base: - /mnt/data/salt/pillar dev: - /mnt/data/salt/pillar/dev prod: - /mnt/data/salt/pillar/prod EOF [root@salt-syndic ~]# salt-master -c /etc/salt -d [root@salt-syndic ~]# salt-syndic -c /etc/salt -d [root@salt-syndic ~]# pkill salt-master [root@salt-syndic ~]# pkill salt-syndic [root@salt-syndic ~]# cat > /usr/lib/systemd/system/salt-master.service <<EOF [Unit] Description=salt-master Documentation=https://docs.saltstack.com/en/latest/ After=network.target [Service] LimitNOFILE=65535 Type=simple NotifyAccess=all ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-master PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF [root@salt-syndic ~]# cat > /usr/lib/systemd/system/salt-syndic.service <<EOF [Unit] Description=salt-syndic Documentation=https://docs.saltstack.com/en/latest/ After=network.target [Service] LimitNOFILE=65535 Type=simple NotifyAccess=all ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-syndic PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF [root@salt-syndic ~]# systemctl daemon-reload [root@salt-syndic ~]# systemctl start salt-master [root@salt-syndic ~]# systemctl start salt-syndic [root@salt-syndic ~]# systemctl enable salt-master [root@salt-syndic ~]# systemctl enable salt-syndic

4. salt-minion配置

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72

   CentOS-6: [root@salt-minion-187 ~]# mkdir -p /etc/salt/ [root@salt-minion-187 ~]# cat > /etc/salt/minion <<EOF master: 192.168.13.218 ipv6: False master_port: 4506 user: root id: salt-minion-187 EOF [root@salt-minion-187 ~]# salt-minion -c /etc/salt -d [root@salt-minion-187 ~]# cat > /etc/init.d/salt-minion <<EOF #!/bin/bash # chkconfig: 2345 15 20 # description: salt-minion case "\$1" in start) echo "Starting salt-minion..." /usr/local/pyenv/versions/2.7.13/bin/salt-minion -d ;; stop) echo "Stop salt-minion..." kill -HUP $(cat /var/run/salt-minion.pid) ;; restart) echo "Stop salt-minion..." kill -HUP $(cat /var/run/salt-minion.pid) sleep 1 echo "Starting salt-minion..." /usr/local/pyenv/versions/2.7.13/bin/salt-minion -d ;; status) echo "salt-minion status:" ps -ef|grep salt-minion|grep -v grep|grep -v status ;; esac EOF [root@salt-minion-187 ~]# chmod +x /etc/init.d/salt-minion [root@salt-minion-187 ~]# chkconfig --add salt-minion [root@salt-minion-187 ~]# chkconfig salt-minion on CentOS-7: [root@salt-minion-188 ~]# mkdir -p /etc/salt/ [root@salt-minion-188 ~]# cat > /etc/salt/minion <<EOF master: 192.168.13.218 ipv6: False master_port: 4506 user: root id: salt-minion-188 EOF [root@salt-minion-188 ~]# salt-minion -c /etc/salt -d [root@salt-minion-188 ~]# cat > /usr/lib/systemd/system/salt-minion.service <<EOF [Unit] Description=salt-minion Documentation=https://docs.saltstack.com/en/latest/ After=network.target [Service] LimitNOFILE=65535 Type=simple NotifyAccess=all ExecStart=/usr/local/pyenv/versions/2.7.13/bin/salt-minion PrivateTmp=true Restart=always [Install] WantedBy=multi-user.target EOF [root@salt-minion-188 ~]# systemctl daemon-reload [root@salt-minion-188 ~]# systemctl start salt-minion [root@salt-minion-188 ~]# systemctl enable salt-minion