playbook部署lamp
环境说明:
| 主机IP | 需要安装的服务 |
|---|---|
| 192.168.100.1 | ansible |
| 192.168.100.2 | httpd |
| 192.168.100.3 | mysql |
| 192.168.100.4 | php |
项目结构预览:
[root@ansible lamp]# tree
.
├── ansible.cfg
├── app
│ └── php
│ ├── php.yml
│ └── vars
│ └── php_vars
├── base
│ └── base.yml
│
├── database
│ └── mysql
│ ├── mysql.yml
│ ├── packages
│ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ ├── secret.yml
│ └── vars
│ └── mysql_vars
├── inventory
├── lamp.yml
├── test.yml
└── web
└── httpd
├── httpd.yml
├── packages
│ ├── apr-1.7.0.tar.gz
│ ├── apr-util-1.6.1.tar.gz
│ └── httpd-2.4.46.tar.bz2
└── vars
└── httpd_vars
13 directories, 22 files
本次环境YUM源(centos和epel)为:"阿里云官方镜像站"
准备工作:
//映射主机名
[root@ansible ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.1 ansible
192.168.100.2 httpd
192.168.100.3 mysql
192.168.100.4 php
//配置centos源
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /etc/yum.repos.d/CentOS-Base.repo
//配置epel源
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /etc/yum.repos.d/epel*
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache
//安装ansible
[root@ansible ~]# yum -y install ansible
//创建项目文件夹
[root@ansible ~]# mkdir ~/lamp
//修改清单文件位置
[root@ansible ~]# vim /etc/ansible/ansible.cfg
inventory = ./inventory
[root@ansible ~]# cp /etc/ansible/ansible.cfg ~/lamp/
//编写清单
[root@ansible ~]# vim ~/lamp/inventory
[web]
httpd
[database]
mysql
[app]
php
//使用ssh-keygen生成私钥和公钥
[root@ansible ~]# ssh-keygen -t rsa
//设置免密登录
[root@ansible ~]# ssh-copy-id root@httpd
[root@ansible ~]# ssh-copy-id root@mysql
[root@ansible ~]# ssh-copy-id root@php
基础配置的playbook
[root@ansible ~]# mkdir ~/lamp/base
//基础配置的剧本
[root@ansible ~]# vim ~/lamp/base/base.yml
---
- hosts: all
tasks:
- name: copy yum
copy:
src: /etc/yum.repos.d/
dest: /etc/yum.repos.d/
- name: clean
shell: yum clean all
- name: makecache
shell: yum makecache
- name: selinux
shell: setenforce 0
- name: stop firewalld
service:
name: firewalld
state: stopped
- name: disable selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name: disable firewalld
shell: systemctl disable firewalld
配置变量
//配置httpd的变量
[root@ansible ~]# mkdir -p ~/lamp/web/httpd/vars
[root@ansible ~]# vim ~/lamp/web/httpd/vars/httpd_vars
user: apache
path_packages: "/root"
httpd_packages:
- bzip2
- make
- "openssl-devel"
- "pcre-devel"
- "expat-devel"
- libtool
- gcc
- "gcc-c++"
- "libxml2-devel"
//配置mysql的变量
[root@ansible ~]# mkdir -p ~/lamp/database/mysql/vars
[root@ansible ~]# vim ~/lamp/database/mysql/vars/mysql_vars
user: mysql
path_packages: "/root"
path_data: "/opt/data"
mysql_packages:
- "ncurses-devel"
- "openssl-devel"
- openssl
- cmake
- "mariadb-devel"
- "ncurses-compat-libs"
//配置php的变量
[root@ansible ~]# mkdir -p ~/lamp/app/php/vars
[root@ansible ~]# vim ~/lamp/app/php/vars/php_vars
php_packages:
- libxml2
- "libxml2-devel"
- openssl
- "openssl-devel"
- bzip2
- "bzip2-devel"
- libcurl
- "libcurl-devel"
- "libicu-devel"
- libjpeg
- "libjpeg-devel"
- libpng
- "libpng-devel"
- "openldap-devel"
- "pcre-devel"
- freetype
- "freetype-devel"
- gmp
- "gmp-devel"
- libmcrypt
- "libmcrypt-devel"
- readline
- "readline-devel"
- libxslt
- "libxslt-devel"
- mhash
- "mhash-devel"
- "php-mysqlnd"
安装httpd的playbook
//下载httpd源码包
[root@ansible ~]# mkdir ~/lamp/web/httpd/packages
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2 ~/lamp/web/httpd/packages
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz ~/lamp/web/httpd/packages
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz ~/lamp/web/httpd/packages
[root@ansible ~]# vim ~/lamp/web/httpd/httpd.yml
---
- hosts: httpd
vars_files: vars/httpd_vars
tasks:
- name: install packages
yum:
name: '{{ httpd_packages }}'
state: present
- name: install tools
yum:
name: "@Development tools"
state: present
- name: create user {{ user }}
user:
name: '{{ user }}'
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: copy apr package
copy:
src: ./packages/apr-1.7.0.tar.gz
dest: '{{ path_packages }}'
- name: copy apr-util package
copy:
src: ./packages/apr-util-1.6.1.tar.gz
dest: '{{ path_packages }}'
- name: copy httpd package
copy:
src: ./packages/httpd-2.4.46.tar.bz2
dest: '{{ path_packages }}'
- name: unzip all
shell: tar xf {{ path_packages }}/apr-1.7.0.tar.gz && tar xf {{ path_packages }}/apr-util-1.6.1.tar.gz && tar xf {{ path_packages }}/httpd-2.4.46.tar.bz2
- name: delete notes for apr
shell: sed -i 's|$RM "$cfgfile"|#$RM "$cfgfile"|' ./apr-1.7.0/configure
- name: install apr
shell: cd {{ path_packages }}/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install && cd
- name: install apr-util
shell: cd {{ path_packages }}/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install && cd
- name: install httpd
shell: cd {{ path_packages }}/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install && cd
- name: path config
shell: echo "export PATH=/usr/local/apache/bin:$PATH" > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh
- name: delete servername notes
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^#ServerName'
line: ServerName www.example.com:80
- name: include config
file:
src: /usr/local/apache/include
dest: /usr/local/include/httpd
state: link
- name: man_db config
lineinfile:
path: /etc/man_db.conf
regexp: '^MANDATORY_MANPATH /usr/local/share/man'
line: "MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/apache/man"
- name: enable module(1)
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^#LoadModule proxy_module'
line: LoadModule proxy_module modules/mod_proxy.so
- name: enable module(2)
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^#LoadModule proxy_fcgi_module'
line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
- name: add index.php
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^ DirectoryIndex'
line: ' DirectoryIndex index.php index.html'
- name: add type
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^ AddType application/x-gzip .gz .tgz'
line: " AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
"
- name: add virtualhost
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '<VirtualHost *:80>'
line: |
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/"
ServerName yuqinghao.com
ProxyRequests Off
ProxyPassMatch ^/(.*.php)$ fcgi://192.168.100.4:9000/var/www/html/$1
<Directory "/usr/local/apache/htdocs/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
state: present
- name: restart apache
shell: /usr/local/apache/bin/apachectl restart
安装mysql的playbook
//下载mysql源码包
[root@ansible ~]# mkdir ~/lamp/database/mysql/packages
[root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz ~/lamp/database/mysql/packages
[root@ansible ~]# vim ~/lamp/database/mysql/mysql.yml
---
- hosts: mysql
vars_files: vars/mysql_vars
tasks:
- name: install packages
yum:
name: '{{ mysql_packages }}'
state: present
- name: copy mysql package
copy:
src: ./packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: '{{ path_packages }}'
- name: create user {{ user }}
user:
name: '{{ user }}'
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: mkdir data
file:
path: '{{ path_data }}'
owner: '{{ user }}'
group: '{{ user }}'
state: directory
- name: install mysql
shell: tar xf {{ path_packages }}/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
- name: soft link
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
dest: /usr/local/mysql
state: link
- name: chown mysql
file:
path: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
owner: '{{ user }}'
group: '{{ user }}'
state: directory
- name: my.cnf config
lineinfile:
path: /etc/my.cnf
line: |
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
state: present
- name: copy start shell
shell: cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
- name: start shell config(1)
lineinfile:
path: /etc/init.d/mysqld
regexp: '^basedir='
line: basedir=/usr/local/mysql
- name: start shell config(2)
lineinfile:
path: /etc/init.d/mysqld
regexp: '^datadir='
line: datadir={{ path_data }}
- name: man_db config
lineinfile:
path: /etc/man_db.conf
regexp: '^MANDATORY_MANPATH /usr/local/share/man'
line: "MANDATORY_MANPATH /usr/local/share/man
MANDATORY_MANPATH /usr/local/mysql/man"
- name: path config
shell: echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh
- name: initialize mysql
shell: /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data > /root/sqlpass 2>&1
- name: lib config
shell: echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf && ldconfig
- name: start mysql
shell: service mysqld start
修改mysql密码的playbook
//编写修改密码剧本
[root@ansible ~]# vim ~/lamp/database/mysql/secret.yml
---
- hosts: mysql
tasks:
- name: change pass
shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/sqlpass)" --connect-expired-password -e "set password = password("123456");"
//加密修改密码剧本
[root@ansible ~]# ansible-vault encrypt ~/lamp/database/mysql/secret.yml
New Vault password: yuqinghao123!
Confirm New Vault password: yuqinghao123!
Encryption successful
//记录加密密码
[root@ansible ~]# echo 'yuqinghao123!' > ~/lamp/database/mysql/.mypass
//修改权限只允许root读写
[root@ansible ~]# chmod 600 ~/lamp/database/mysql/.mypass
//使用加密密码查看加密剧本
[root@ansible ~]# ansible-vault view --vault-password-file=lamp/database/mysql/.mypass ~/lamp/database/mysql/secret.yml
安装php的playbook
[root@ansible ~]# vim ~/lamp/app/php/php.yml
---
- hosts: php
vars_files: vars/php_vars
tasks:
- name: install packages
yum:
name: '{{ php_packages }}'
state: present
- name: install php
yum:
name: php-*
state: present
- name: mkdir index.php
file:
path: /var/www/html/index.php
state: touch
- name: index.php config
lineinfile:
path: /var/www/html/index.php
line: "<?php
phpinfo();
?>"
state: present
- name: chown html
file:
path: /var/www/html
owner: apache
group: apache
state: directory
- name: change listen address
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen = /run/php-fpm/www.sock'
line: "listen=0.0.0.0:9000"
- name: change web address
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients = 127.0.0.1'
line: "listen.allowed_clients = 192.168.100.2"
- name: start php
service:
name: php-fpm
state: restarted
导入任务
[root@ansible ~]# vim ~/lamp/lamp.yml
---
- name: base config
import_playbook: ./base/base.yml
- name: build httpd
import_playbook: ./web/httpd/httpd.yml
- name: build mysql
import_playbook: ./database/mysql/mysql.yml
- name: build php
import_playbook: ./app/php/php.yml
执行剧本
[root@ansible ~]# cd ~/lamp/
[root@ansible lamp]# ansible-playbook ./lamp.yml
[root@ansible lamp]# ansible-playbook --vault-password-file=database/mysql/.mypass database/mysql/secret.yml
验证
