准备4台服务器
| 安装的环境 | IP/主机名 |
| ansible | 192.168.220.10/apache |
| apache | 192.168.220.20/apache |
| mysql | 192.168.220.30/mysql |
| php | 192.168.220.40/php |
层级树
[root@RedHat lamp]# tree . ├── ansible.cfg ├── application │ └── php │ ├── install.yml │ └── vars │ └── php.yml ├── base │ └── yum.yml ├── database │ ├── mysql │ │ ├── install.yml │ │ ├── packages │ │ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz │ │ ├── templeates │ │ │ ├── my.cnf.j2 │ │ │ └── my.service.j2 │ │ └── vars │ │ └── mysql.yml │ ├── templates │ └── vars ├── hosts ├── inventory ├── lamp │ └── main.yml └── web └── apache ├── install.yml ├── packages │ ├── apr-1.7.0.tar.gz │ ├── apr-util-1.6.1.tar.gz │ └── httpd-2.4.46.tar.bz2 ├── templates │ ├── httpd.j2 │ └── httpd.service.j2 └── vars └── httpd.yml 17 directories, 19 files
安装ansible:
//配置yum源 [root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo [root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# sed -i 's#$releasever#8#g' /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm [root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel* [root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel* [root@ansible ~]# sed -i 's#$releasever#8#g' /etc/yum.repos.d/epel.repo //安装ansible [root@ansible ~]# yum -y install ansible //查看ansible版本 [root@ansible ~]# ansible --version ansible 2.9.16 config file = /etc/ansible/ansible.cfg configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] //ssh免密登录 [root@ansible lamp]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.220.10 ansible 192.168.220.20 apache 192.168.220.30 mysql 192.168.248.40 php [root@ansible ~]# ssh-keygen -t rsa [root@ansible ~]# ssh-copy-id root@apache [root@ansible ~]# ssh-copy-id root@mysql [root@ansible ~]# ssh-copy-id root@php
将被控机IP加入到主控机清单:
[root@ansible ~]# mkdir lamp [root@ansible ~]# cd lamp [root@ansible lamp]# cp /etc/ansible/ansible.cfg . //创建清单文件 [root@ansible lamp]# vim inventory [group_apache] apache [group_mysql] mysql [group_php] php //测试 [root@ansible lamp]# ansible all -m ping php | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } apache | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } mysql | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" }
yum源配置和关闭防火墙,selinux
[root@RedHat lamp]# cat base/yum.yml --- - hosts: all tasks: - name: yum to configure yum_repository: name: "{{ item }}" description: "{{ item }}" file: "{{ item }}" baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/ gpgcheck: no enabled: yes gpgcheck: no enabled: yes loop: - BaseOS - AppStream - name: epel yum_repository: name: epel description: epel file: epel baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/ gpgcheck: no enabled: yes - name: stop firewalld service: name: firewalld state: stopped - name: disabled selinux lineinfile: path: /etc/selinux/config regexp: '^SELINUX' line: SELINUX=disable - name: stop selinux shell: setenforce 0
apache配置:
//变量 [root@RedHat lamp]# cat web/apache/vars/httpd.yml packages: - openssl-devel - pcre-devel - expat-devel - libtool - gcc - gcc-c++ - make - '@development tools' user: apache php_ip: 192.168.220.40 //使用httpd.j2作为模板文件配置 [root@ansible lamp]# vim web/apache/templates/httpd.j2 #搜索AddType AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php #添加此行 AddType application/x-httpd-php-source .phps #添加此行 //搜索proxy.so #LoadModule remoteip_module modules/mod_remoteip.so LoadModule proxy_module modules/mod_proxy.so //取消注释 #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so //取消注释 //搜索index.html DirectoryIndex index.php index.html #添加index.php #在配置文件的最后加入以下内容 <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/" ServerName www.xixi.com ProxyRequests Off ProxyPassMatch ^/(.*.php)$ fcgi://{{ php_ip }}:9000/var/www/html/$1 <Directory "/usr/local/apache/htdocs"> Options none AllowOverride none Require all granted </Directory> </VirtualHost> //httpd.service.j2文件作为模板 [root@ansible modules]# vim web/apache/templates/httpd.service.j2 [Unit] Description = The httpd process manager [Service] Type = forking ExecStart = /usr/local/apache/bin/apachectl ExecReload = /usr/local/apache/bin/apachectl -s reload ExecStop = /usr/local/apache/apachectl -s stop [Install] WantedBy = multi-user.target //playbook [root@RedHat lamp]# cat web/apache/install.yml --- - hosts: apache vars_files: - vars/httpd.yml tasks: - name: create user user: name: "{{ user }}" system: yes create_home: no shell: /sbin/nologin state: present - name: install base packages yum: name: "{{ item }}" state: present loop: "{{ packages }}" - name: uncompress apr unarchive: src: packages/apr-1.7.0.tar.gz dest: /opt/ - name: uncompress apr-util unarchive: src: packages/apr-util-1.6.1.tar.gz dest: /opt/ - name: uncompress httpd unarchive: src: packages/httpd-2.4.46.tar.bz2 dest: /opt/ - name: install apr shell: sed -i 's/$RM "$cfgfile"/#$RM "$cfgfile"/' /opt/apr-1.7.0/configure && cd /opt/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install - name: install apr-util shell: cd /opt/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install - name: install httpd shell: cd /opt/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install - name: create export path shell: echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh - name: systemctl httpd template: src: templates/httpd.service.j2 dest: /usr/lib/systemd/system/httpd.service - name: shell: systemctl daemon-reload
mysql安装:
//变量 [root@RedHat lamp]# cat database/mysql/vars/mysql.yml packages: - ncurses-devel - openssl-devel - openssl - cmake - mariadb-devel - ncurses-compat-libs datadir: /mydata basedir: /usr/local user: mysql #创建my.cnf.j2文件做为模板 [root@ansible modules]# vim databases/mysql/templates/my.cnf.j2 [mysqld] basedir = {{ basedir }}/mysql datadir = {{ datadir }} socket = /tmp/mysql.sock port = 3306 pid-file = {{ datadir }}/mysql.pid user = mysql skip-name-resolve //创建mysqld.servicej2文件做为模板 [root@ansible modules]# vim databases/mysql/templates/mysqld.service.j2 [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql Type=forking PIDFile={{ datadir }}/mysql.pid TimeoutSec=0 PermissionsStartOnly=true ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir}}/mysql.pid $MYSQLD_OPTS LimitNOFILE = 5000 Restart=on-failure RestartPreventExitStatus=1 PrivateTmp=false //playbook [root@RedHat lamp]# cat database/mysql/install.yml --- - hosts: mysql vars_files: - vars/mysql.yml tasks: - name: base packages yum: name: "{{ item }}" state: present loop: "{{ packages }}" - name: create user user: name: "{{ user }}" create_home: no system: yes shell: /sbin/nologin state: present - name: uncompress mysql unarchive: src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz dest: "{{ basedir }}/" owner: mysql group: mysql - name: soft link file: src: "{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64" dest: "{{ basedir }}/mysql" state: link - name: create export mysql shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh - name: create datadir file: path: "{{ datadir }}" owner: mysql group: mysql state: directory - name: initialize mysql shell: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}' ignore_errors: yes - name: config file template: src: templeates/my.cnf.j2 dest: /etc/my.cnf - name: systemctl mysqld template: src: templeates/my.service.j2 dest: /usr/lib/systemd/system/mysqld.service - name: reload shell: systemctl daemon-reload
php安装:
//变量 [root@RedHat lamp]# cat application/php/vars/php.yml packages: - libxml2 - libxml2-devel - openssl - openssl-devel - bzip2 - bzip2-devel - libcurl - libcurl-devel - libicu-devel - libjpeg - libjpeg-devel - libpng - libpng-devel - openldap-devel - pcre-devel - freetype - freetype-devel - gmp - gmp-devel - libmcrypt - libmcrypt-devel - readline - readline-devel - libxslt - libxslt-devel - mhash - mhash-devel - php-mysqlnd - php-* //playbook [root@RedHat lamp]# cat application/php/install.yml --- - hosts: php vars_files: - vars/php.yml tasks: - name: base packages yum: name: "{{ item }}" state: present loop: "{{ packages }}" - name: config php socket lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen =' line: listen = 0.0.0.0:9000
lamp:
[root@RedHat lamp]# cat lamp/main.yml --- - name: conf yum.repo //导入操作 import_playbook: ../base/yum.yml - name: httpd import_playbook: ../web/apache/install.yml - name: mysql import_playbook: ../database/mysql/install.yml - name: php import_playbook: ../application/php/install.yml - hosts: apache //替换模板 vars_files: - ../web/apache/vars/httpd.yml tasks: - name: httpd config file template: src: ../web/apache/templates/httpd.j2 dest: /etc/httpd24/httpd.conf - name: start httpd //启动服务 service: name: httpd enabled: yes state: started - hosts: mysql //启动服务 vars_files: - ../database/mysql/vars/mysql.yml tasks: - name: start mysql service: name: mysqld enabled: yes state: started - name: set passwd //修改密码 shell: '{{ basedir }}/mysql/bin/mysql -uroot -e "set password = password("123")"' ignore_errors: yes - hosts: php //创建测试页面文件 tasks: - name: index.php file: path: /var/www/html/index.php owner: apache group: apache state: touch - name: test index //写入测试内容 lineinfile: path: /var/www/html/index.php line: | <?php phpinfo(); ?> state: present - name: allow access to IP //修改监听IP lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen.allowed_clients =' line: listen.allowed_clients = 192.168.220.20 - name: start php //启动服务 service: name: php-fpm state: started enabled: yes
测试:
