playbook布置lamp 最新
准备4台主机,其中一台装ansible,其余三台分别部署apache、mysql、php,实现lamp架构 主控机ip:192.168.170.20 wang ansible 受控机ip: 192.168.170.134 apache apache 192.168.170.135 mysql mysql
192.168.170.136 php php
结构图
[root@wang project]# tree . . └── modules ├── apps │ └── php │ ├── install.yml │ └── vars │ └── var.yml ├── database │ └── mysql │ ├── files │ ├── install.yml │ ├── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz │ ├── templates │ │ ├── my.cnf.j2 │ │ └── mysqld.service.j2 │ └── vars │ └── var.yml ├── lamp │ └── vars │ └── mysql.yml ├── web │ └── apache │ ├── apr-1.7.0.tar.gz │ ├── apr-util-1.6.1.tar.gz │ ├── files │ │ └── httpd.service │ ├── httpd-2.4.46.tar.bz2 │ ├── install.yml │ ├── scripts │ │ └── install.sh │ └── vars │ └── var.yml └── yum ├── files │ ├── CentOS6-Base.repo │ ├── CentOS7-Base.repo │ ├── CentOS8-Base.repo │ ├── epel-6.repo │ ├── epel-7.repo │ ├── epel-8.repo │ └── epel-release-latest-8.noarch.rpm └── main.yml 18 directories, 23 files
配置yum源 下载centos源 [root@wang modules]# wget -O yum/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo [root@wang modules]# curl -o yum/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo [root@wang modules]# wget -O yum/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-6.repo [root@wang modules]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /project/modules/yum/*.repo [root@wang modules]# sed -i 's|$releasever|6|' /project/modules/yum/files/CentOS6-Base.repo [root@wang modules]# sed -i 's|$releasever|7|' /project/modules/yum/files/CentOS7-Base.repo [root@wang modules]# sed -i 's|$releasever|8|' /project/modules/yum/files/CentOS8-Base.repo 下载epel源 [root@wang modules]# wget -O /project/modules/yum/files/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo [root@wang modules]# wget -O /project/modules/yum/files/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@wang modules]# wget -O /project/modules/yum/files/epel-release-latest-8.noarch.rpm https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm [root@wang modules]# rpm -ivh /project/modules/yum/files/epel-release-latest-8.noarch.rpm [root@wang modules]# mv /etc/yum.repos.d/epel.repo /project/modules/yum/files/epel-8.repo [root@wang modules]# sed -i 's|$releasever|8|' /project/modules/yum/files/epel-8.repo [root@wang modules]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /project/modules/yum/files/epel-8.repo [root@wang modules]# sed -i 's|^metalink|#metalink|' /project/modules/yum/files/epel-8.repo 设置gpgcheck=0 [root@wang modules]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /project/modules/yum/files/*.repo yum配置 [root@wang modules]# vim yum/main.yml [root@wang modules]# cat yum/main.yml --- - hosts: all tasks: - name: yum base copy: src: files/centos{{ ansible_facts['distribution_major_version'] }}-base.repo dest: /etc/yum.repos.d/centos-base.repo when: ansible_facts['distribution'] == 'RedHat' - name: yum epel copy: src: files/epel-{{ ansible_facts['distribution_major_version'] }}.repo dest: /etc/yum.repos.d/epel.repo 配置apache变量 [root@wang apache]# mkdir vars [root@wang apache]# vim vars/var.yml [root@wang apache]# cat vars/var.yml depend_pkg: - "@Development Tools" - openssl-devel - pcre-devel - expat-devel - libxml2-devel - libtool - gcc - gcc-c++ - bzip2 - make 创建service文件 [root@wang apache]# vim files/httpd.service [root@wang apache]# cat files/httpd.service [Unit] Description=Start httpd [Service] Type=simple EnvironmentFile=/etc/httpd24/httpd.conf ExecStart=/usr/local/apache/bin/httpd -k start -DFOREGROUND ExecReload=/usr/local/apache/bin/httpd -k graceful ExecStop=/bin/kill -WINCH ${MAINPID} [Install] WantedBy=multi-user.target 配置文件 [root@wang apache]# mkdir scripts [root@wang apache]# vim scripts/install.sh [root@wang apache]# cat scripts/install.sh #!/bin/bash if [ ! -d /usr/local/apache ];then rm -rf /usr/local/apr* cd /usr/src tar xf apr-1.7.0.tar.gz tar xf apr-util-1.6.1.tar.gz tar xf httpd-2.4.46.tar.bz2 cd apr-1.7.0 sed -i '/$RM "$cfgfile"/d' configure ./configure --prefix=/usr/local/apr && make && make install && \ cd ../apr-util-1.6.1 ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && \ make && make install && \ cd ../httpd-2.4.46 ./configure --prefix=/usr/local/apache \ --sysconfdir=/etc/httpd24 \ --enable-so \ --enable-ssl \ --enable-cgi \ --enable-rewrite \ --with-zlib \ --with-pcre \ --with-apr=/usr/local/apr \ --with-apr-util=/usr/local/apr-util/ \ --enable-modules=most \ --enable-mpms-shared=all \ --with-mpm=prefork && \ make && make install echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh cd /usr/src mv /usr/src/httpd.service /usr/lib/systemd/system/httpd.service rm -rf apr-1.7.0 apr-util-1.6.1 httpd-2.4.46 fi 编写apache的playbook [root@wang apache]# vim install.yml [root@wang apache]# cat install.yml --- - hosts: webservers vars_files: - vars/var.yml tasks: - name: install depend on apache yum: name: "{{ depend_pkg }}" state: present - name: create user apache user: name: apache shell: /sbin/nologin create_home: false system: yes - name: packages copy: src: files/ dest: /usr/src - name: install apache script: scripts/install.sh - name: reload daemon for httpd command: systemctl daemon-reload 安装mysq [root@wang modules]# cd database/mysql/ [root@wang mysql]# mkdir files [root@wang mysql]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz /project/modules/databases/mysql/files 配置变量 [root@wang mysql]# mkdir vars [root@wang mysql]# vim vars/var.yml [root@wang mysql]# cat vars/var.yml basedir: /usr/local datadir: /opt/data depend_pkg: ncurses-compat-libs 创建模板文件 [root@wang mysql]# mkdir templates [root@wang mysql]# vim templates/my.cnf.j2 [root@wang mysql]# cat templates/my.cnf.j2 [mysqld] basedir = /usr/local/mysql datadir = /opt/data socket = /tmp/mysql.sock port = 3306 pid-file = /opt/data/mysql.pid user = mysql skip-name-resolve 创建service文件 [root@wang mysql]# vim templates/mysqld.service.j2 [root@wang mysql]# cat templates/mysqld.service.j2 [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql Type=forking PIDFile={{ datadir }}/mysqld.pid TimeoutSec=0 PermissionsStartOnly=true ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir }}/mysqld.pid $MYSQLD_OPTS LimitNOFILE = 5000 Restart=on-failure RestartPreventExitStatus=1 PrivateTmp=false 编写MySQL的playbook [root@wang mysql]# vim install.yml [root@wang mysql]# cat install.yml --- - hosts: databases ignore_errors: yes vars_files: - vars/var.yml tasks: - name: install mysql yum: name: "{{ depend_pkg }}" state: present - name: create mysql user: name: mysql system: yes create_home: fales shell: /sbin/nologin state: present - name: umpack mysql unarchive: src: files/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz dest: '{{ basedir }}/' owner: mysql group: mysql - name: create mysql shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/mysql.sh - name: create link file: src: '{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64' dest: '{{ basedir }}/mysql' owner: mysql group: mysql state: link - name: create datadir file: path: '{{ datadir }}' owner: mysql group: mysql state: directory - name: initialize mysql command: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}/' - name: probides file template: src: templates/my.cnf.j2 dest: /etc/my.cnf - name: probides service file template: src: templates/mysqld.service,j2 dest: /usr/lib/systemd/mysqld.service - name: reload mysql command: systemctl daemon-reload 安装php 配置变量 [root@wang php]# mkdir vars [root@wang php]# vim vars/var.yml [root@wang php]# catvars/var.yml -bash: catvars/var.yml: 没有那个文件或目录 [root@wang php]# cat vars/var.yml packages: - '@Development Tools' - libxml2 - libxml2-devel - openssl - openssl-devel - bzip2 - bzip2-devel - libcurl - libcurl-devel - libicu-devel - libjpeg - libjpeg-devel - libpng - libpng-devel - openldap-devel - pcre-devel - freetype - freetype-devel - gmp - gmp-devel - libmcrypt - libmcrypt-devel - readline - readline-devel - libxslt - libxslt-devel - mhash - mhash-devel - php-mysqlnd - 'php-*' 编写php的playbook [root@wang php]# vim install.yml [root@wang php]# cat install.yml --- - hosts: apps vars_files: - vars/var.yml tasks: - name: install php yum: name: "{{ packages }}" state: present - name: config php-fpm lineinfile: path: /etc/php-fpm.d/www.conf regex: '^listen = /run/php-fpm/www.sock' line: 'listen=0.0.0.0:9000' state: present 创建lamp模板 //配置变量 [root@wang modules]# mkdir -p lamp/vars [root@wang modules]# vim lamp/vars/mysql.yml [root@wang modules]# cat lamp/vars/mysql.yml depend_mysql_on_lamp: - ncurses-devel - openssl-devel - openssl - cmake - mariadb-devel //创建lamp模板 [root@wang] vim /project/modules/lamp/main.yml --- - name: config apache for lamp hosts: webservers tasks: - name: enable module(1) lineinfile: path: /etc/httpd24/httpd.conf regexp: '^#LoadModule proxy_module' line: LoadModule proxy_module modules/mod_proxy.so - name: enable module(2) lineinfile: path: /etc/httpd24/httpd.conf regexp: '^#LoadModule proxy_fcgi_module' line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so - name: add index.php lineinfile: path: /etc/httpd24/httpd.conf regexp: '^ DirectoryIndex' line: ' DirectoryIndex index.php index.html' - name: add type lineinfile: path: /etc/httpd24/httpd.conf regexp: '^ AddType application/x-gzip .gz .tgz' line: " AddType application/x-gzip .gz .tgz\n AddType application/x-httpd-php .php\n AddType application/x-httpd-php-source .phps\n" - name: add virtualhost lineinfile: path: /etc/httpd24/httpd.conf regexp: '<VirtualHost *:80>' line: | <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/" ServerName wangming.com ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.170.136:9000/var/www/html/$1 <Directory "/usr/local/apache/htdocs/"> Options none AllowOverride none Require all granted </Directory> </VirtualHost> state: present - name: config mysql for lamp hosts: databases vars_files: - vars/mysql.yml tasks: - name: install depend mysql on lamp yum: name: "{{ depend_mysql_on_lamp }}" state: present - name: config php for lamp hosts: apps tasks: - name: mkdir index.php file: path: /var/www/html/index.php owner: apache group: apache state: touch - name: index.php config lineinfile: path: /var/www/html/index.php line: "<?php\n\tphpinfo();\n?>" state: present - name: change web address lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen.allowed_clients = 127.0.0.1' line: "listen.allowed_clients = 192.168.170.134" 修改mysql密码并加密 //编写修改密码剧本 [root@wang]# vim /project/wangming/secret.yml --- - name: config mysql for lamp hosts: databases tasks: vim - name: set password for mysql shell: /usr/local/mysql/bin/mysql -uroot -e "set password = password(\"123456\");" //加密修改密码剧本 [root@wang]# ansible-vault encrypt /project/wangming/secret.yml New Vault password: wangming123 Confirm New Vault password: wangming123; Encryption successful //记录加密密码 [root@wang]# echo 'wangming' > /project/wangming/.mypass //修改权限只允许root读写 [root@wang]# chmod 600 /project/wangming/.mypass //使用加密密码查看加密剧本 [root@wang]# ansible-vault view --vault-password-file=/project/wangming/.mypass /project/wangming/secret.yml 创建lamp模板 //配置变量 [root@ansible ~] mkdir -p /project/modules/lamp/vars [root@ansible ~] vim /project/modules/lamp/vars/mysql.yml depend_mysql_on_lamp: - ncurses-devel - openssl-devel - openssl - cmake - mariadb-devel //创建lamp模板 [root@ansible ~] vim /project/modules/lamp/main.yml --- - name: import yum import_playbook: ../yum/main.yml - name: import apache import_playbook: ../webservers/apache/install.yml - name: import mysql import_playbook: ../databases/mysql/install.yml - name: import php import_playbook: ../apps/php/install.yml - name: config apache for lamp hosts: webservers tasks: - name: enable module(1) lineinfile: path: /etc/httpd24/httpd.conf regexp: '^#LoadModule proxy_module' line: LoadModule proxy_module modules/mod_proxy.so - name: enable module(2) lineinfile: path: /etc/httpd24/httpd.conf regexp: '^#LoadModule proxy_fcgi_module' line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so - name: add index.php lineinfile: path: /etc/httpd24/httpd.conf regexp: '^ DirectoryIndex' line: ' DirectoryIndex index.php index.html' - name: add type lineinfile: path: /etc/httpd24/httpd.conf regexp: '^ AddType application/x-gzip .gz .tgz' line: " AddType application/x-gzip .gz .tgz\n AddType application/x-httpd-php .php\n AddType application/x-httpd-php-source .phps\n" - name: add virtualhost lineinfile: path: /etc/httpd24/httpd.conf regexp: '<VirtualHost *:80>' line: | <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/" ServerName yuqinghao.com ProxyRequests Off ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.100.4:9000/var/www/html/$1 <Directory "/usr/local/apache/htdocs/"> Options none AllowOverride none Require all granted </Directory> </VirtualHost> state: present - name: config mysql for lamp hosts: databases vars_files: - vars/mysql.yml tasks: - name: install depend mysql on lamp yum: name: "{{ depend_mysql_on_lamp }}" state: present - name: config php for lamp hosts: apps tasks: - name: mkdir index.php file: path: /var/www/html/index.php owner: apache group: apache state: touch - name: index.php config lineinfile: path: /var/www/html/index.php line: "<?php\n\tphpinfo();\n?>" state: present - name: change web address lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen.allowed_clients = 127.0.0.1' line: "listen.allowed_clients = 192.168.100.2" 在项目中搭建lamp //创建项目文件夹 [root@ansible ~] mkdir -p /project/yuqinghao //在项目yuqinghao中搭建lamp [root@ansible ~] vim /project/yuqinghao/main.yml --- - name: import lamp import_playbook: ../modules/lamp/main.yml - name: config apache for lamp hosts: webservers tasks: - name: start httpd service service: name: httpd state: started enabled: yes - name: config mysql for lamp hosts: databases tasks: - name: start mysql on lamp service: name: mysqld state: started enabled: yes - name: set password for mysql import_playbook: ./secret.yml - name: config php for lamp hosts: apps tasks: - name: start php service service: name: php-fpm state: started enabled: yes 修改mysql密码并加密 //编写修改密码剧本 [root@ansible ~]# vim /project/yuqinghao/secret.yml --- - name: config mysql for lamp hosts: databases tasks: vim - name: set password for mysql shell: /usr/local/mysql/bin/mysql -uroot -e "set password = password(\"123456\");" //加密修改密码剧本 [root@ansible ~]# ansible-vault encrypt /project/yuqinghao/secret.yml New Vault password: yuqinghao123! Confirm New Vault password: yuqinghao123! Encryption successful //记录加密密码 [root@ansible ~]# echo 'yuqinghao123!' > /project/yuqinghao/.mypass //修改权限只允许root读写 [root@ansible ~]# chmod 600 /project/yuqinghao/.mypass //使用加密密码查看加密剧本 [root@ansible ~]# ansible-vault view --vault-password-file=/project/yuqinghao/.mypass /project/yuqinghao/secret.yml
浙公网安备 33010602011771号