ansible使用playbook部署LNMP
目录
环境介绍:
| 系统 | ip | 主机名 | 服务 |
|---|---|---|---|
| centos8 | 192.168.222.250 | ansible | ansinle |
| ceotos8 | 192.168.222.137 | nginx | nginx |
| centos8 | 192.168.222.138 | mysql | mysql |
| centos8 | 192.168.222.139 | php | php |
nginx-1.22.0
mysql-5.7.38
php-8.1.11
安装ansible
//配置阿里源
[root@ansible ~]# cd /etc/yum.repos.d/
[root@ansible yum.repos.d]# rm -rf *
[root@ansible yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2495 100 2495 0 0 10439 0 --:--:-- --:--:-- --:--:-- 10439
[root@ansible yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
//配置epel
[root@ansible yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible yum.repos.d]# ls
CentOS-Base.repo epel-modular.repo epel-testing-modular.repo epel-testing.repo epel.repo
[root@ansible yum.repos.d]# cd
//安装ansible
[root@ansible ~]# dnf -y install platform-python
[root@ansible ~]# dnf -y install centos-release-ansible-29
[root@ansible ~]# dnf -y install ansible --nobest
[root@ansible ~]# ansible --version //查看版本
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Sep 10 2021, 09:13:53) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)]
基于ansible进行基础准备
//做映射
[root@ansible ~]# vim /etc/hosts
[root@ansible ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.222.137 nginx
192.168.222.138 mysql
192.168.222.139 php
[root@ansible ~]# mkdir playdemo
[root@ansible ~]# cd playdemo/
[root@ansible playdemo]# cp /etc/ansible/ansible.cfg .
[root@ansible playdemo]# ls
ansible.cfg
[root@ansible playdemo]# vim ansible.cfg
#inventory = /etc/ansible/hosts
inventory = inventory
[root@ansible playdemo]# vim inventory //存放清单的目录
[root@ansible playdemo]# cat inventory
[nginx] //受控主机
192.168.222.137
[mysql]
192.168.222.138
[php]
192.168.222.139
[root@ansible playdemo]# ls
ansible.cfg inventory
//查看受控主机
[root@ansible playdemo]# ansible all --list-hosts
hosts (3):
192.168.222.137
192.168.222.138
192.168.222.139
//实现免密登录受控主机
[root@ansible playdemo]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mpyjGH8V9Fiy/Snu9xMsGcCtrQQFEm5dvSSgI++dqco root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| o.o=oo |
| . ++.= + |
| . =..O * . |
| + .+ = + |
| . So o = |
| o =.oo = o |
| . B.+. . . . |
| = ..o . . . |
| . Eo. ... ... |
+----[SHA256]-----+
[root@ansible playdemo]# ssh-copy-id 192.168.222.137
[root@ansible playdemo]# ssh-copy-id 192.168.222.138
[root@ansible playdemo]# ssh-copy-id 192.168.222.139
//检查机器节点是否连通
[root@ansible playdemo]# ansible all -m ping
192.168.222.137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.222.139 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.222.138 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
//关闭主控主机的防火墙
[root@ansible playdemo]# systemctl stop firewalld.service
[root@ansible playdemo]# vim /etc/selinux/config
SELINUX=disabled
[root@ansible playdemo]# setenforce 0
[root@ansible playdemo]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
使用playbook进行编写
[root@ansible playdemo]# mkdir playbook //此处需要使playbook目录
和存放清单inventory目录处于同一级目录
[root@ansible playdemo]# cd playbook/
[root@ansible playbook]# vim lnmp.yml
[root@ansible playbook]# cat lnmp.yml
---
- name: nginx mysql php stop firewalld and selinux
hosts: all
tasks:
- name: stop firewalled
service:
name: firewalld.service
state: stopped
enabled: no
- name: Ensure SELinux is set to disabled mode
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
- name: install nginx
hosts: nginx
tasks:
- name: create user nginx
user:
name: nginx
system: yes
shell: /sbin/nologin
create_home: no
state: present
- name: download nginx
get_url:
url: https://nginx.org/download/nginx-1.22.0.tar.gz
dest: /usr/local/src
- name: Unarchive a nginx
unarchive:
src: /usr/local/src/nginx-1.22.0.tar.gz
dest: /usr/src/
remote_src: yes
- name: yum install
yum:
name: pcre-devel,openssl,openssl-devel,gd-devel,make,gcc,gcc-c++,wget
state: present
- name: nginx configure
shell:
cd /usr/src/nginx-1.22.0 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module
- name: nginx make
shell:
cd /usr/src/nginx-1.22.0 && make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
- name: nginx PATH
copy:
dest: /etc/profile.d/nginx.sh
content: export PATH=$PATH:/usr/local/nginx/sbin
- name: nginx service.file
copy:
dest: /usr/lib/systemd/system/nginx.service
content: |
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
- name: modfiy configuration file
copy:
dest: /usr/local/nginx/conf/nginx.conf
content: |
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.php;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /var/www;
fastcgi_pass 192.168.222.139:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
- name: index.php
file:
path: /usr/local/nginx/html/index.php
state: touch
- name: start nginx
service:
name: nginx.service
state: restarted
enabled: yes
- name: install mysql
hosts: mysql
tasks:
- name: create user mysql
user:
name: mysql
system: yes
shell: /sbin/nologin
create_home: no
state: present
- name: download mysql
get_url:
url: https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
dest: /usr/local/src/
- name: unarchive mysql
unarchive:
src: /usr/local/src/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
dest: /usr/src/
remote_src: yes
- name: Modifying Directory Permissions
file:
src: /usr/src/mysql-5.7.38-linux-glibc2.12-x86_64
dest: /usr/local/mysql
owner: mysql
group: mysql
state: link
- name: mysql PATH
copy:
dest: /etc/profile.d/mysql.sh
content: export PATH=$PATH:/usr/local/mysql/bin
- name: create mysql date
file:
path: /opt/data
state: directory
owner: mysql
group: mysql
- name: Modifying mysql include
file:
src: /usr/local/mysql/include
dest: /usr/include/mysql
state: link
- name: Modifying mysql lib
copy:
dest: /etc/ld.so.conf.d/mysql.conf
content: /usr/local/mysql/lib
- name: Initializing the database
shell:
mysqld --initialize --user mysql --datadir /opt/data > /tmp/passwd
- name: create mysql.conf
copy:
dest: /etc/my.cnf
content: |
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
- name: create service_file
copy:
dest: /usr/lib/systemd/system/mysqld.service
content: |
[Unit]
Description=mysql server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP
[Install]
WantedBy=multi-user.target
- name: start mysql
service:
name: mysqld.service
state: started
enabled: yes
- name: install php
hosts: php
tasks:
- name: php yum
yum:
name: libxml2-devel,openssl-devel,curl-devel,libjpeg-devel,libpng-devel,libicu-devel,freetype-devel,openldap-devel,openldap,openldap-devel,gcc,gcc-c++,sqlite-devel,libzip-devel,openssl,libcurl-devel.x86_64,libpng.x86_64,libpng-devel.x86_64,freetype-devel,readline,readline-devel,make
state: present
- name: php yum
shell:
yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- name: download php
get_url:
url: https://www.php.net/distributions/php-8.1.11.tar.gz
dest: /usr/local/src/
- name: unarchive php
unarchive:
src: /usr/local/src/php-8.1.11.tar.gz
dest: /usr/src/
remote_src: yes
- name: php configure
shell:
cd /usr/src/php-8.1.11 && ./configure --prefix=/usr/local/php --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix
- name: php make
shell:
cd /usr/src/php-8.1.11 && make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
- name: php copy conf_file
copy:
src: /usr/local/php/etc/php-fpm.conf.default
dest: /usr/local/php/etc/php-fpm.conf
remote_src: yes
- name: php copy php-fpm.conf
copy:
src: /usr/local/php/etc/php-fpm.d/www.conf.default
dest: /usr/local/php/etc/php-fpm.d/www.conf
remote_src: yes
- name: config listen
lineinfile:
path: /usr/local/php/etc/php-fpm.d/www.conf
regexp: '^listen = '
line: listen = 192.168.222.139:9000
- name: config listen.allowed_clients
lineinfile:
path: /usr/local/php/etc/php-fpm.d/www.conf
regexp: '^;listen.allowed_clients = '
line: listen.allowed_clients = 192.168.222.137
- name: php service
copy:
dest: /usr/lib/systemd/system/php.service
content: |
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/php/sbin/php-fpm
ExecStop=ps -ef |grep php |grep -v grep|awk '{print$2}'|xargs kill
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
- name: start php
service:
name: php.service
state: restarted
enabled: yes
- name: var directory
file:
path: /var/www
state: directory
- name: index.php
copy:
dest: /var/www/index.php
content: |
<?php
phpinfo();
?>
[root@ansible playbook]# cd ..
[root@ansible playdemo]# ansible-playbook playbook/lnmp.yml -vv
...
PLAY RECAP ***********************************************************************************************
192.168.222.137 : ok=15 changed=13 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.222.138 : ok=16 changed=14 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.222.139 : ok=18 changed=16 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
访问:
