ansible部署lamp
一台台安装ansible,进行管理与控制;一台安装apache;一台安装mysql;最后安装php。
| 环境 | IP | 应用 |
| RedHat8 | 192.168.248.130 | ansible |
| RedHat8 | 192.168.248.131 | apache |
| RedHat8 | 192.168.248.132 | mysql |
| RedHat8 | 192.168.248.133 | php |
准备httpd源码包,二进制MySQL包
#下载httpd源码包以及apr,apr_util wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.gz wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz wget http://mirrors.hust.edu.cn/apache//apr/apr-util-1.6.1.tar.gz #下载二进制mysql包 wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
安装ansible
#配置yum源 [root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo [root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# sed -i 's#\$releasever#8#g' /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm [root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel* [root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel* [root@ansible ~]# sed -i 's#\$releasever#8#g' /etc/yum.repos.d/epel.repo #安装ansible [root@ansible ~]# yum -y install ansible #查看ansible版本 [root@ansible ~]# ansible --version ansible 2.9.16 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] #ssh免密登录 [root@ansible lamp]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.248.131 httpd 192.168.248.132 mysql 192.168.248.133 php [root@ansible ~]# ssh-keygen -t rsa [root@ansible ~]# ssh-copy-id root@httpd [root@ansible ~]# ssh-copy-id root@mysql [root@ansible ~]# ssh-copy-id root@php
将被控机IP加入到主控机清单
#修改清单文件位置
[root@ansible ~]# vim /etc/ansible/ansible.cfg
[defaults]
# some basic default values...
inventory = ./inventory #指定清单文件位置
#library = /usr/share/my_modules/
[root@ansible ~]# mkdir lamp
[root@ansible ~]# cd lamp
[root@ansible lamp]# cp /etc/ansible/ansible.cfg .
#创建清单文件
[root@ansible lamp]# vim inventory
[group_apache]
httpd
[group_mysql]
mysql
[group_php]
php
运用ping模块检查节点机
[root@ansible lamp]# ansible all -m ping
mysql | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
httpd | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
php | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
目录结构
[root@ansible opt]# tree
.
├── ansible.cfg
├── inventory
├── lamp
│ └── main.yml
└── modules
├── application
│ └── php
│ ├── install.yml
│ └── vars
│ └── php.yml
├── base
│ └── yum.yml
├── databases
│ └── mysql
│ ├── install.yml
│ ├── packages
│ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ ├── templates
│ │ ├── my.cnf.j2
│ │ └── mysqld.service.j2
│ └── vars
│ └── mysql.yml
└── web
└── apache
├── install.yml
├── packages
│ ├── apr-1.7.0.tar.bz2
│ ├── apr-util-1.6.1.tar.gz
│ └── httpd-2.4.46.tar.gz
├── templates
│ ├── httpd.conf.j2
│ └── httpd.service.j2
└── vars
└── httpd.yml
yum源playbook
[root@ansible lamp]# vim base/yum.yml
---
- hosts: all
tasks:
- name: yum warehouse
yum_repository:
name: "{{ item }}"
description: "{{ item }}"
file: "{{ item }}"
baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
gpgcheck: no
enabled: yes
loop:
- BaseOS
- AppStream
- name: epel
yum_repository:
name: epel
description: epel
file: epel
baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/
gpgcheck: no
enabled: yes
- name: stop firewalld
service:
name: firewalld
state: stopped
- name: disabled selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
- name: stop selinux
shell: setenforce 0
apache安装配置
#变量
[root@ansible lamp]# vim web/apache/vars/httpd.yml
packages:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
- '@development tools'
user: apache
php_ip: 192.168.248.133
#使用httpd.conf作为模板文件配置
[root@ansible lamp]# vim web/apache/templates/httpd.conf.j2
#搜索AddType
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php #添加此行
AddType application/x-httpd-php-source .phps #添加此行
#搜索proxy.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so //取消注释
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so //取消注释
#搜索index.html
DirectoryIndex index.php index.html #添加index.php
#在配置文件的最后加入以下内容
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/"
ServerName www.testhhhh.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://{{ php_ip }}:9000/var/www/html/$1
<Directory "/usr/local/apache/htdocs">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
#创建httpd.service文件作为模板
[root@ansible modules]# vim web/apache/templates/httpd.service.j2
[Unit]
Description = The httpd process manager
[Service]
Type = forking
ExecStart = /usr/local/apache/bin/apachectl
ExecReload = /usr/local/apache/bin/apachectl -s reload
ExecStop = /usr/local/apache/apachectl -s stop
[Install]
WantedBy = multi-user.target
#编写playbook
[root@ansible modules]# cat web/apache/install.yml
---
- hosts: httpd
vars_files:
- vars/httpd.yml
tasks:
- name: create user
user:
name: '{{ user }}'
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: install base packages
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: uncompress apr
unarchive:
src: packages/apr-1.7.0.tar.bz2
dest: /opt/
- name: uncompress apr-util
unarchive:
src: packages/apr-util-1.6.1.tar.gz
dest: /opt/
- name: uncompress httpd
unarchive:
src: packages/httpd-2.4.46.tar.gz
dest: /opt/
- name: install apr
shell: sed -i 's/$RM "$cfgfile"/#$RM "$cfgfile"/' /opt/apr-1.7.0/configure && cd /opt/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install
- name: install apr-util
shell: cd /opt/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
- name: install httpd
shell: cd /opt/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install
- name: create export path
shell: echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh
- name: systemctl httpd
template:
src: templates/httpd.service.j2
dest: /usr/lib/systemd/system/httpd.service
- name:
shell: systemctl daemon-reload
mysql
# 变量
[root@ansible modules]# vim databases/mysql/vars/mysql.yml
packages:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- ncurses-compat-libs
datadir: /mydata
basedir: /usr/local
user: mysql
#创建my.cnf文件做为模板
[root@ansible modules]# vim databases/mysql/templates/my.cnf.j2
[mysqld]
basedir = {{ basedir }}/mysql
datadir = {{ datadir }}
socket = /tmp/mysql.sock
port = 3306
pid-file = {{ datadir }}/mysql.pid
user = mysql
skip-name-resolve
#创建mysqld.service文件做为模板
[root@ansible modules]# vim databases/mysql/templates/mysqld.service.j2
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile={{ datadir }}/mysql.pid
TimeoutSec=0
PermissionsStartOnly=true
ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir}}/mysql.pid $MYSQLD_OPTS
LimitNOFILE = 5000
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false
# 编写playbook
[root@ansible modules]# vim databases/mysql/install.yml
- hosts: mysql
vars_files:
- vars/mysql.yml
tasks:
- name: base packages
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: create user
user:
name: '{{ user }}'
create_home: no
system: yes
shell: /sbin/nologin
state: present
- name: uncompress mysql
unarchive:
src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: '{{ basedir }}/'
owner: mysql
group: mysql
- name: soft link
file:
src: '{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64'
dest: '{{ basedir }}/mysql'
state: link
- name: create export mysql
shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh
- name: create datadir
file:
path: '{{ datadir }}'
owner: mysql
group: mysql
state: directory
- name: initialize mysql
shell: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}'
ignore_errors: yes
- name: config file
template:
src: templates/my.cnf.j2
dest: /etc/my.cnf
- name: systemctl mysqld
template:
src: templates/mysqld.service.j2
dest: /usr/lib/systemd/system/mysqld.service
- name: reload
shell: systemctl daemon-reload
yum安装php
#变量
[root@ansible modules]# vim application/php/vars/php.yml
packages:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg
- libjpeg-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
- php-*
#编写playbook
[root@ansible modules]# vim application/php/install.yml
---
- hosts: php
vars_files:
- vars/php.yml
tasks:
- name: base packages
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: config php socket
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen ='
line: listen = 0.0.0.0:9000
lamp
[root@ansible opt]# vim lamp/main.yml
---
- name: conf yum.repo
import_playbook: ../modules/base/yum.yml
- name: httpd
import_playbook: ../modules/web/apache/install.yml
- name: mysql
import_playbook: ../modules/databases/mysql/install.yml
- name: php
import_playbook: ../modules/application/php/install.yml
- hosts: httpd
vars_files:
- ../modules/web/apache/vars/httpd.yml
tasks:
- name: httpd config file
template:
src: ../modules/web/apache/templates/httpd.conf.j2
dest: /etc/httpd24/httpd.conf
- name: start httpd
service:
name: httpd
enabled: yes
state: started
- hosts: mysql
vars_files:
- ../modules/databases/mysql/vars/mysql.yml
tasks:
- name: start mysql
service:
name: mysqld
enabled: yes
state: started
- name: set passwd
shell: '{{ basedir }}/mysql/bin/mysql -uroot -e "set password = password(\"123\")"'
- hosts: php
tasks:
- name: index.php
file:
path: /var/www/html/index.php
owner: apache
group: apache
state: touch
- name: test index
lineinfile:
path: /var/www/html/index.php
line: |
<?php
phpinfo();
?>
state: present
- name: allow access to IP
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients ='
line: listen.allowed_clients = 192.168.248.131
- name: start php
service:
name: php-fpm
state: started
enabled: yes
#执行剧本
[root@ansible opt]# ansible-playbook lamp/main.yml
验证
浙公网安备 33010602011771号