ansible实现部署知乎和博客
ansible搭建博客和知乎
需求使用自动化管理工具ansible部署wordpress服务,需要连接数据库,图片共享存储,挂载nfs服务器并实时备份到backup服务器
首先准备出环境
| 服务器名 | 外网IP | 内网IP | 搭建服务 | 角色 |
|---|---|---|---|---|
| web01 | 10.0.0.7 | 172.16.1.7 | nginx,php-fpm | 被控端 |
| web02 | 10.0.0.8 | 172.16.1.8 | nginx,php-fpm | 被控端 |
| nfs | 10.0.0.31 | 172.16.1.31 | sersync,inotify-tools,nfs-utils | 被控端 |
| backup | 10.0.0.41 | 172.16.1.41 | rsync | 被控端 |
| db01 | 10.0.0.51 | 172.16.1.51 | mariadb-server | 被控端 |
| m01 | 10.0.0.61 | 172.16.1.61 | ansible | 控制端 |
做题思路
1.控制端安装ansible,获取密钥对把公钥发送到被控端
2.编辑主机清单,创建存放提前准备数据和变量的目录
3.提前准备好用到的安装包或者配置文件
3.1 nginx主配置文件
3.2 nginx站点连接php配置文件
3.3 wordpress安装包
3.4wecenter安装包
3.5php_nginx程序安装包
3.6php-fpm.d/www.conf配置文件
3.7rsync配置文件
3.8sersync安装包
3.9sersync配置文件
4基础优化:统一环境,创建www用户组和用户,
5.开启防火墙,打开http,https,rsync,mariadb等服务端口,关闭selinux
先部署nfs服务器和backup服务器,然后部署数据库,最后部署web服务器
实际操作
# 1.1 m01控制端安装ansible
[root@m01 ~]# yum install -y ansible
# 1.2 获取密钥对
[root@m01 ~]# ssh-keygen
# 1.3 向被控端发送公钥
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.51
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.41
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.31
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.8
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.7
# 1.4 编辑主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
[backup_group]
backup ansible_ssh_host=10.0.0.41
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[db_group]
db01 ansible_ssh_host=10.0.0.51
[install_nfs:children]
web_group
nfs_group
[install_rsync:children]
nfs_group
backup_group
# 1.5 创建存放数据和文件的目录
[root@m01 ~]# mkdir /ansible/{nginx,nfs,mariadb,rsync,sersync,host_vars,group_vars} -p
# 1.6 定义变量
[root@m01 ansible]# vim group_vars/install_rsync
rsync_user: 'wzh'
rsync_pass: '123'
rsync_dir: 'backup'
nfs_dir: 'data'
[root@m01 ansible]# cat group_vars/all
web_u_g: 'www'
# 1.7 基础优化
[root@m01 ansible]# vim lnmp.yml
- hosts: all
tasks:
# 创建www用户组
- name: Create {{ web_u_g }} Group
group:
name: "{{ web_u_g }}"
gid: 666
state: present
# 创建www用户
- name: Create {{ web_u_g }} User
user:
name: "{{ web_u_g }}"
uid: 666
group: "{{ web_u_g }}"
shell: /sbin/nologin
create_home: False
# 启动防火墙
- name: Start FireWalld Server
service:
name: firewalld
state: started
# 开启nfs,http,https,rsyncd端口
- name: Open Port
firewalld:
service: "{{ item }}"
state: enabled
permanent: no
with_items:
- nfs
- http
- https
- rsyncd
# 关闭selinux
- name: Stop Selinux
selinux:
state: disabled
# 关闭防火墙
- name: Start FireWalld Server
service:
name: firewalld
state: stopped
************以上是基础优化内容***********
# 安装rsync
- name: Install Rsync Server
yum:
name: rsync
state: present
when: ansible_fqdn == 'nfs' or ansible_fqdn == 'backup'
- name: Configure Rsync Config
template:
src: /ansible/rsync/rsyncd.conf
dest: /etc/rsyncd.conf
when: ansible_fqdn == 'backup'
- name: Create Rsync Pass File
copy:
content: "{{ rsync_user }}:{{ rsync_pass }}"
dest: /etc/rsync.passwd
mode: 0600
when: ansible_fqdn == 'backup'
- name: Create {{ rsync_dir }} Directory
file:
path: /{{ rsync_dir }}
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
mode: 0755
state: directory
when: ansible_fqdn == 'backup'
- name: Start Rsync Server
service:
name: rsyncd
state: started
enabled: true
when: ansible_fqdn == 'backup'
# 安装部署nfs
- name: Install NFS Server
yum:
name: nfs-utils
state: present
when: ansible_fqdn == 'nfs' or ansible_fqdn is match 'web*'
- name: Configure NFS Config
copy:
content: "/{{ nfs_dir }} 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)"
dest: /etc/exports
when: ansible_fqdn == 'nfs'
- name: Create {{ nfs_dir }} Directory
file:
path: "{{ item }}"
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
mode: 0755
state: directory
with_items:
- /{{ nfs_dir }}/wp
- /{{ nfs_dir }}/zh
when: ansible_fqdn == 'nfs'
- name: Start NFS Server
service:
name: nfs-server
state: started
enabled: true
when: ansible_fqdn == 'nfs'
# 部署sersync
- name: Install Inotify-tools
yum:
name: inotify-tools
state: present
when: ansible_fqdn == 'nfs'
- name: Unarchive Sersync Server
unarchive:
src: /ansible/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz
dest: /usr/local/
when: ansible_fqdn == 'nfs'
- name: Configure Sersync Config
template:
src: /ansible/sersync/confxml.xml
dest: /usr/local/GNU-Linux-x86/confxml.xml
when: ansible_fqdn == 'nfs'
- name: Create Rsync Client Pass File
copy:
content: "{{ rsync_pass }}"
dest: /etc/rsync.pass
mode: 0600
when: ansible_fqdn == 'nfs'
- name: Start Sersync Server
shell: "/usr/local/GNU-Linux-x86/sersync2 -dro /usr/local/GNU-Linux-x86/confxml.xml"
when: ansible_fqdn == 'nfs'
# 部署mariadb
- name: Install MariaDB Server
yum:
name:
- mariadb-server
- MySQL-python
state: present
when: ansible_fqdn == 'db01'
- name: Start MariaDB Server
service:
name: mariadb
state: started
enabled: true
when: ansible_fqdn == 'db01'
- name: Create WordPress User
mysql_user:
name: wp_user
password: '123'
host: '%'
priv: '*.*:ALL'
state: present
when: ansible_fqdn == 'db01'
- name: wordpress.sql page
copy:
src: /ansible/mariadb/wordpress.sql
dest: /tmp/wordpress.sql
when: ansible_fqdn == 'db01'
- name: Import WordPress Data
mysql_db:
state: import
name: wp
target: /tmp/wordpress.sql
when: ansible_fqdn == 'db01'
- name: create WorePress database
mysql_db:
name: zh
state: present
when: ansible_fqdn == 'db01'
# 部署ngx和php和wp
- name: Unarchive Nginx and PHP
unarchive:
src: /ansible/nginx/php_nginx.tgz
dest: /root
when: ansible_fqdn is match 'web*'
- name: Install Nginx and PHP
shell: 'yum localinstall -y /root/root/nginx_php/*.rpm'
when: ansible_fqdn is match 'web*'
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/nginx/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/nginx/www.wzh.com.conf",dest: "/etc/nginx/conf.d/www.wzh.com.conf" }
- { src: "/ansible/nginx/www.conf",dest: "/etc/php-fpm.d/www.conf" }
when: ansible_fqdn is match 'web*'
- name: Create HTML Dir
file:
path: /code
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
state: directory
when: ansible_fqdn is match 'web*'
- name: Unarchive WordPress Package
unarchive:
src: /ansible/mariadb/wordpress.tgz
dest: /code
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
tags: tuisongwordpress.tgz
when: ansible_fqdn is match 'web*'
- name: Unarchive Wecenter package
unarchive:
src: /ansible/nginx/WeCenter_3-2-1.zip
dest: /code
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
when: ansible_fqdn is match 'web*'
- name: Start Nginx Server
service:
name: "{{ item }}"
state: started
enabled: true
with_items:
- nginx
- php-fpm
when: ansible_fqdn is match 'web*'
- name: create uploads nfs
file:
path: /code/wordpress/wp-content/uploads
owner: "{{ web_u_g }}"
group: "{{ web_u_g }}"
state: directory
when: ansible_fqdn is match 'web*'
- name: systemctl nfs-server
service:
name: nfs-server
state: restarted
enabled: true
- name: Mount wordpress Share Directory
mount:
path: /code/wordpress/wp-content/uploads
src: 172.16.1.31:/{{ nfs_dir }}/wp
fstype: nfs
state: mounted
when: ansible_fqdn is match 'web*'
- name: Mount zh share directory
mount:
path: /code/WeCenter_3-2-1/uploads
src: 172.16.1.31:/{{ nfs_dir }}/zh
fstype: nfs
state: mounted
when: ansible_fqdn is match 'web*'
# lb01 负载均衡配置
- name: Unarchive Nginx and PHP
unarchive:
src: /ansible/nginx/php_nginx.tgz
dest: /root
when: ansible_fqdn == 'lb01'
- name: Install Nginx and PHP
shell: 'yum localinstall -y /root/root/nginx_php/nginx*.rpm'
when: ansible_fqdn == 'lb01'
- name: Push Nginx PHP Conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: "/ansible/nginx/nginx.conf",dest: "/etc/nginx/nginx.conf" }
- { src: "/ansible/lb/blog.wzh.com.conf",dest: "/etc/nginx/conf.d/" }
- { src: "/ansible/lb/proxy_params",dest: "/etc/nginx/" }
when: ansible_fqdn == 'lb01'
- name: Start Nginx Server
service:
name: nginx
state: started
enabled: true
when: ansible_fqdn == 'lb01'
