一、主节点配置
注意:以下所有命令和脚本都是在 centos7 环境运行。
主节点:用于其他所有机器
# 在主节点安装 ansible 用于控制其他机器yun update && yun install python3 python3-pip && pip3 install --upgrade pippip3 install ansibleyum install sshpass -yexport ANSIBLE_HOST_KEY_CHECKING=False # 屏蔽密码警告,需要设置export ANSIBLE_FORKS=3 # ansible 工作并发数,可以不设置
上面命令全部执行完毕且没有异常之后,开始简单配置 ansible。
新建文件:/etc/ansible/hosts
[ssr] # 此处ssr只是个标签名字,后面会用到54.169.168.25454.169.111.13013.228.203.107... 被控制机器ip列表[all:vars]ansible_ssh_port=22 # 机器远程ssh连接端口,如果不知道默认就是22ansible_ssh_user=root # 机器连接用户名ansible_ssh_pass=Rzxxxxx # 机器连接密码
新建文件:/root/install-ssr-server.sh,改文件为ssr服务安装脚本
改脚本的第292行的41218是机器需要映射的端口,可以自行修改。
该脚本可以通过远程或者拷贝的方式新建,远程可使用:wget “https://github.com/h1code2/opt/raw/main/shell/install-ssr.sh“ -O install-ssr-server.sh 下载
#!/bin/bash# shadowsocksR/SSR CentOS 7/8一键安装RED="\033[31m" # Error messageGREEN="\033[32m" # Success messageYELLOW="\033[33m" # Warning messageBLUE="\033[36m" # Info messagePLAIN='\033[0m'V6_PROXY=""IP=`curl -sL -4 ip.sb`if [[ "$?" != "0" ]]; thenIP=`curl -sL -6 ip.sb`V6_PROXY="https://gh.hijk.art/"fiFILENAME="ShadowsocksR-v3.2.2"URL="${V6_PROXY}https://github.com/shadowsocksrr/shadowsocksr/archive/3.2.2.tar.gz"BASE=`pwd`OS=`hostnamectl | grep -i system | cut -d: -f2`CONFIG_FILE="/etc/shadowsocksR.json"colorEcho() {echo -e "${1}${@:2}${PLAIN}"}checkSystem() {result=$(id | awk '{print $1}')if [ $result != "uid=0(root)" ]; thencolorEcho $RED " 请以root身份执行该脚本"exit 1fiif [ ! -f /etc/centos-release ];thenres=`which yum`if [ "$?" != "0" ]; thencolorEcho $RED " 系统不是CentOS"exit 1fielseresult=`cat /etc/centos-release|grep -oE "[0-9.]+"`main=${result%%.*}if [ $main -lt 7 ]; thencolorEcho $RED " 不受支持的CentOS版本"exit 1fifi}slogon() {clearecho "#############################################################"echo -e "# ${RED} ShadowsocksR/SSR 一键安装脚本${PLAIN} #"echo "#############################################################"echo ""}getData() {read -p " 请设置SSR的密码(不输入则随机生成):" PASSWORD[ -z "$PASSWORD" ] && PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1`echo ""colorEcho $BLUE " 密码: $PASSWORD"echo ""while truedoread -p " 请设置SSR的端口号[1-65535]:" PORT[ -z "$PORT" ] && PORT="12345"if [ "${PORT:0:1}" = "0" ]; thenecho -e " ${RED}端口不能以0开头${PLAIN}"exit 1fiexpr $PORT + 0 &>/dev/nullif [ $? -eq 0 ]; thenif [ $PORT -ge 1 ] && [ $PORT -le 65535 ]; thenecho ""colorEcho $BLUE " 端口号: $PORT"echo ""breakelsecolorEcho $RED " 输入错误,端口号为1-65535的数字"fielsecolorEcho $RED " 输入错误,端口号为1-65535的数字"fidonecolorEcho $BLUE " 请选择SSR的加密方式:"echo " 1)aes-256-cfb"echo " 2)aes-192-cfb"echo " 3)aes-128-cfb"echo " 4)aes-256-ctr"echo " 5)aes-192-ctr"echo " 6)aes-128-ctr"echo " 7)aes-256-cfb8"echo " 8)aes-192-cfb8"echo " 9)aes-128-cfb8"echo " 10)camellia-128-cfb"echo " 11)camellia-192-cfb"echo " 12)camellia-256-cfb"echo " 13)chacha20-ietf"read -p " 请选择加密方式(默认aes-256-cfb)" answerif [ -z "$answer" ]; thenMETHOD="aes-256-cfb"elsecase $answer in1)METHOD="aes-256-cfb";;2)METHOD="aes-192-cfb";;3)METHOD="aes-128-cfb";;4)METHOD="aes-256-ctr";;5)METHOD="aes-192-ctr";;6)METHOD="aes-128-ctr";;7)METHOD="aes-256-cfb8";;8)METHOD="aes-192-cfb8";;9)METHOD="aes-128-cfb8";;10)METHOD="camellia-128-cfb";;11)METHOD="camellia-192-cfb";;12)METHOD="camellia-256-cfb";;13)METHOD="chacha20-ietf";;*)colorEcho $RED " 无效的选择,使用默认加密方式"METHOD="aes-256-cfb"esacfiecho ""colorEcho $BLUE " 加密方式: $METHOD"echo ""colorEcho $BLUE " 请选择SSR协议:"echo " 1)origin"echo " 2)verify_deflate"echo " 3)auth_sha1_v4"echo " 4)auth_aes128_md5"echo " 5)auth_aes128_sha1"echo " 6)auth_chain_a"echo " 7)auth_chain_b"echo " 8)auth_chain_c"echo " 9)auth_chain_d"echo " 10)auth_chain_e"echo " 11)auth_chain_f"read -p " 请选择SSR协议(默认origin)" answerif [ -z "$answer" ]; thenPROTOCOL="origin"elsecase $answer in1)PROTOCOL="origin";;2)PROTOCOL="verify_deflate";;3)PROTOCOL="auth_sha1_v4";;4)PROTOCOL="auth_aes128_md5";;5)PROTOCOL="auth_aes128_sha1";;6)PROTOCOL="auth_chain_a";;7)PROTOCOL="auth_chain_b";;8)PROTOCOL="auth_chain_c";;9)PROTOCOL="auth_chain_d";;10)PROTOCOL="auth_chain_e";;11)PROTOCOL="auth_chain_f";;*)colorEcho $RED " 无效的选择,使用默认协议"PROTOCOL="origin"esacfiecho ""colorEcho $BLUE " SSR协议: $PROTOCOL"echo ""colorEcho $BLUE " 请选择SSR混淆模式:"echo " 1)plain"echo " 2)http_simple"echo " 3)http_post"echo " 4)tls1.2_ticket_auth"echo " 5)tls1.2_ticket_fastauth"read -p " 请选择混淆模式(默认plain)" answerif [ -z "$answer" ]; thenOBFS="plain"elsecase $answer in1)OBFS="plain";;2)OBFS="http_simple";;3)OBFS="http_post";;4)OBFS="tls1.2_ticket_auth";;5)OBFS="tls1.2_ticket_fastauth";;*)colorEcho $RED " 无效的选择,使用默认混淆模式"OBFS="plain"esacfiecho ""colorEcho $BLUE " 混淆模式: $OBFS"echo ""}preinstall() {colorEcho $BLUE " 更新系统..."yum clean all#yum update -ycolorEcho $BLUE " 安装必要软件"yum install -y epel-release telnet curl wget vim net-tools libsodium openssl unzip tar qrencoderes=`which wget`[ "$?" != "0" ] && yum install -y wgetres=`which netstat`[ "$?" != "0" ] && yum install -y net-toolsif [ $main -eq 8 ]; thenln -s /usr/bin/python3 /usr/bin/pythonfiif [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; thensed -i 's/SELINUX=enforcing/SELINUX=permissive/g' /etc/selinux/configsetenforce 0fi}installSSR() {if [ ! -d /usr/local/shadowsocks ]; thenecho 下载安装文件if ! wget --no-check-certificate -O ${FILENAME}.tar.gz ${URL}; thenecho -e " [${RED}Error${PLAIN}] 下载文件失败!"exit 1fitar -zxf ${FILENAME}.tar.gzmv shadowsocksr-3.2.2/shadowsocks /usr/localif [ ! -f /usr/local/shadowsocks/server.py ]; thencolorEcho $RED " $OS 安装失败"cd ${BASE} && rm -rf shadowsocksr-3.2.2 ${FILENAME}.tar.gzexit 1ficd ${BASE} && rm -rf shadowsocksr-3.2.2 ${FILENAME}.tar.gzfiPORT=41218PASSWORD="uzon57jd0v869t7w"METHOD="chacha20-ietf"PROTOCOL="auth_aes128_sha1"OBFS="plain"cat > $CONFIG_FILE<<-EOF{"server":"0.0.0.0","server_ipv6":"::","server_port":${PORT},"local_port":1080,"password":"${PASSWORD}","timeout":600,"method":"${METHOD}","protocol":"${PROTOCOL}","protocol_param":"","obfs":"${OBFS}","obfs_param":"","redirect":"","dns_ipv6":false,"fast_open":false,"workers":1}EOFcat > /usr/lib/systemd/system/shadowsocksR.service <<-EOF[Unit]Description=shadowsocksRDocumentation=https://hijk.art/After=network-online.targetWants=network-online.target[Service]Type=forkingLimitNOFILE=32768ExecStart=/usr/local/shadowsocks/server.py -c $CONFIG_FILE -d startExecReload=/bin/kill -s HUP \$MAINPIDExecStop=/bin/kill -s TERM \$MAINPID[Install]WantedBy=multi-user.targetEOFsystemctl daemon-reloadsystemctl enable shadowsocksR && systemctl restart shadowsocksRsleep 3res=`netstat -nltp | grep ${PORT} | grep python`if [ "${res}" = "" ]; thencolorEcho $RED " ssr启动失败,请检查端口是否被占用!"exit 1fi}setFirewall() {systemctl status firewalld > /dev/null 2>&1if [[ $? -eq 0 ]];thenfirewall-cmd --permanent --add-service=httpfirewall-cmd --permanent --add-port=${PORT}/tcpfirewall-cmd --permanent --add-port=${PORT}/udpfirewall-cmd --reloadelsenl=`iptables -nL | nl | grep FORWARD | awk '{print $1}'`if [[ "$nl" != "3" ]]; theniptables -I INPUT -p tcp --dport 80 -j ACCEPTiptables -I INPUT -p tcp --dport ${PORT} -j ACCEPTiptables -I INPUT -p udp --dport ${PORT} -j ACCEPTfifi}installBBR() {result=$(lsmod | grep bbr)if [ "$result" != "" ]; thencolorEcho $GREEN " BBR模块已安装"INSTALL_BBR=falsereturnfires=`hostnamectl | grep -i openvz`if [ "$res" != "" ]; thencolorEcho $YELLOW " openvz机器,跳过安装"INSTALL_BBR=falsereturnfiecho "net.core.default_qdisc=fq" >> /etc/sysctl.confecho "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.confsysctl -presult=$(lsmod | grep bbr)if [[ "$result" != "" ]]; thencolorEcho $GREEN " BBR模块已启用"INSTALL_BBR=falsereturnficolorEcho $BLUE " 安装BBR模块..."rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.orgrpm -Uvh http://www.elrepo.org/elrepo-release-7.0-4.el7.elrepo.noarch.rpmyum --enablerepo=elrepo-kernel install kernel-ml -yyum remove kernel-3.* -ygrub2-set-default 0echo "tcp_bbr" >> /etc/modules-load.d/modules.confINSTALL_BBR=true}info() {port=`grep server_port $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`res=`netstat -nltp | grep ${port} | grep python`[ -z "$res" ] && status="${RED}已停止${PLAIN}" || status="${GREEN}正在运行${PLAIN}"password=`grep password $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`method=`grep method $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`protocol=`grep protocol $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`obfs=`grep obfs $CONFIG_FILE| cut -d: -f2 | tr -d \",' '`p1=`echo -n ${password} | base64 -w 0`p1=`echo -n ${p1} | tr -d =`res=`echo -n "${IP}:${port}:${protocol}:${method}:${obfs}:${p1}/?remarks=&protoparam=&obfsparam=" | base64 -w 0`res=`echo -n ${res} | tr -d =`link="ssr://${res}"echo ""echo ============================================echo -e " ${BLUE}ssr运行状态:${PLAIN}${status}"echo -e " ${BLUE}ssr配置文件:${PLAIN}${RED}$CONFIG_FILE${PLAIN}"echo ""echo -e " ${RED}ssr配置信息:${PLAIN}"echo -e " ${BLUE}IP(address):${PLAIN} ${RED}${IP}${PLAIN}"echo -e " ${BLUE}端口(port):${PLAIN}${RED}${port}${PLAIN}"echo -e " ${BLUE}密码(password):${PLAIN}${RED}${password}${PLAIN}"echo -e " ${BLUE}加密方式(method):${PLAIN} ${RED}${method}${PLAIN}"echo -e " ${BLUE}协议(protocol):${PLAIN} ${RED}${protocol}${PLAIN}"echo -e " ${BLUE}混淆(obfuscation):${PLAIN} ${RED}${obfs}${PLAIN}"echoecho -e " ${BLUE}ssr链接:${PLAIN} $link"echo $link > ssr.txt# qrencode -o - -t utf8 $link}bbrReboot() {if [ "${INSTALL_BBR}" == "true" ]; thenechoecho 为使BBR模块生效,系统将在30秒后重启echoecho -e " 您可以按 ctrl + c 取消重启,稍后输入 ${RED}reboot${PLAIN} 重启系统"sleep 30rebootfi}install() {echo -n "系统版本: "cat /etc/centos-releasecheckSystem# getDatapreinstall# installBBRinstallSSR# setFirewallinfo# bbrReboot}uninstall() {echo ""read -p " 确定卸载SSR吗?(y/n)" answer[ -z ${answer} ] && answer="n"if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; thenrm -f $CONFIG_FILErm -f /var/log/shadowsocks.logrm -rf /usr/local/shadowsockssystemctl disable shadowsocksR && systemctl stop shadowsocksR && rm -rf /usr/lib/systemd/system/shadowsocksR.servicefiecho -e " ${RED}卸载成功${PLAIN}"}slogonaction=$1[ -z $1 ] && action=installcase "$action" ininstall|uninstall|info)${action};;*)echo " 参数错误"echo " 用法: `basename $0` [install|uninstall]";;esac
新建文件:/etc/anbsible/install-ssr.yaml , 注意该文件拷贝时格式不能错误。
- hosts: ssrremote_user: roottasks:- name: 更新软件源shell: yum update -y- name: 安装基础包shell: yum install libsodium.x86_64 wget -y- name: 删除之前ssr安装脚本shell: rm -rf /tmp/*install-ssr*- name: 拷贝安装脚本到其他机器copy:src: /root/install-ssr-server.shdest: /tmp/install-ssr.sh- name: 修改脚本权限777shell: chmod 777 /tmp/install-ssr.sh- name: 开始安装ssr服务shell: sh /tmp/install-ssr.sh
二、开始使用 ansible
1.给所有机器安装 ssr 服务
# 该命令在主节点上执行ansible playbook /etc/ansible/install-ssr.yaml# 等待该命令运行完毕即可,运行时长和被控制机器数量有关。
2.获取所有机器上所有的ssr地址信息
# 其中 ssr 是上面配置文件中的标签名字,可以根据实际情况进行修改ansible ssr -a 'cat /root/ssr.txt' | grep ssr > ssr-info.txt# 下面这条命令导出ssr地址信息会包含对应的vps公网ipansible ssr -m shell -a 'AA=`cat /root/ssr.txt` && BB=`curl -s ip.sb` && echo -e "$AA\t$BB"' | grep ssr > ssr-info.txt# 执行该命令之后,会在当前路径下生成已给 ssr-info.txt 文件,该文件包含所有机器上启用的ssr地址。
建议:主节点配置好一点可以提高部署速度
异常处理:
出现以下异常提示:
fatal: [13.229.56.59]: FAILED! => {“msg”: “Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host’s fingerprint to your known_hosts file to manage this host.”}
# 重新设置一下环境变量export ANSIBLE_HOST_KEY_CHECKING=False
若有收获,就点个赞吧
0 人点赞
