ansible模块实现LNMP架构
ansible模块实现LNMP架构
文章目录
-
-
- 准备工作与配置清单文件
- 部署nginx
- 部署mysql
- 部署php
- 配置php测试页面
-
- nginx受控主机配置
- php受控主机配置
- 测试访问
-
环境说明:
| 主机名 | IP地址 | 应用 | 系统 |
|---|---|---|---|
| ansible | 192.168.188.128 | ansible主控机 | centos8 |
| nginx | 192.168.188.129 | nginx受控机 | centos8 |
| mysql | 192.168.188.137 | mysql受控机 | centos8 |
| php | 192.168.188.132 | php受控机 | centos8 |
安装ansible参考文档
准备工作与配置清单文件
修改默认清单文件位置,构建清单
[root@ansible ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/inventory //取消注释
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# touch inventory
[root@ansible ansible]# vim inventory
[lnmp]
nginx
mysql
php
[root@ansible ansible]# vim /etc/hosts
192.168.188.129 nginx
192.168.188.137 mysql
192.168.188.132 php
#列出lnmp主机组
[root@ansible ~]# ansible lnmp --list-host
hosts (3):
nginx
mysql
php
#/设置密钥连接
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VouwBI3HqU9aG0nO2P9WeJESuIwrSeLhBALaTsS6374 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|o.. .+ . . |
|+o. ..* . . |
|ooo Oo+ ... . |
|.o+ +.Xooo..o |
| =.+ *.=S .o . |
|. o + +.. . o |
| . . . . o |
| . . o |
| .E. . |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
#测试受控机连通性
[root@ansible ~]# ansible all -m ping
nginx | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
mysql | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
php | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
部署nginx
#关闭防火墙和selinux
[root@ansible ~]# ansible nginx -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ~]# ansible nginx -a 'setenforce 0'
[root@ansible ~]# ansible nginx -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
#创建用户
[root@ansible ~]# ansible nginx -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
#安装依赖包
[root@ansible ~]# ansible nginx -m yum -a 'name=prce-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make,wget,vim state=present'
#下载软件包并解压
[root@ansible ~]# ansible nginx -a 'wget http://nginx.org/download/nginx-1.20.2.tar.gz'
[root@ansible ~]# ansible nginx -a 'tar -xf nginx-1.20.2.tar.gz'
#进入目录编译安装
[root@ansible ~]# mkdir -p /etc/ansible/scripts/
[root@ansible ~]# cd /etc/ansible/scripts/
[root@ansible scripts]# vim configure.sh
#!/bin/bash
cd nginx-1.20.2
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && \
make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
[root@ansible scripts]# ll
total 4
-rw-r--r--. 1 root root 454 Oct 23 22:18 configure.sh
[root@ansible ~]# ansible nginx -m script -a '/etc/ansible/scripts/configure.sh'
#安装完成
[root@ansible ~]# ansible nginx -a 'ls /usr/local/nginx'
nginx | CHANGED | rc=0 >>
conf
html
logs
sbin
#配置环境变量
[root@ansible ~]# ansible nginx -m shell -a 'echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh'
[root@ansible ~]# ansible nginx -a 'which nginx'
nginx | CHANGED | rc=0 >>
/usr/local/nginx/sbin/nginx
#配置service启动文件
[root@ansible scripts]# vim nginx_service.sh
#!/bin/bash
cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
[root@ansible scripts]# ansible nginx -m script -a '/etc/ansible/scripts/nginx_service.sh'
[root@ansible scripts]# ansible nginx -a 'ss -anlt'
nginx | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 32 *:21 *:*
LISTEN 0 128 [::]:22 [::]:*
部署mysql
#关闭防火墙和selinux
[root@ansible ~]# ansible mysql -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ~]# ansible mysql -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
[root@ansible ~]# ansible mysql -a 'setenforce 0'
#创建用户
[root@ansible ~]# ansible mysql -m user -a 'name=mysql create_home=no system=yes shell=/sbin/nologin state=present'
#安装依赖包
[root@ansible ~]# ansible mysql -m yum -a 'name=ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
#安装mysql软件包并解压
[root@ansible ~]# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
[root@ansible ~]# ansible mysql -a 'tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
[root@ansible ~]# ansible mysql -a 'mv /usr/local/mysql-5.7.38-linux-glibc2.12-x86_64 /usr/local/mysql'
#修改属主属组
[root@ansible ~]# ansible mysql -a 'chown -R mysql.mysql /usr/local/mysql'
#配置环境变量头文件库文件man文档
[root@ansible ~]# ansible mysql -m shell -a "echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh"
[root@ansible ~]# ansible mysql -m shell -a 'ln -s /usr/local/mysql/include /usr/include/mysql'
[root@ansible ~]# ansible mysql -m shell -a "echo '/usr/local/mysql/lib' >/etc/ld.so.conf.d/mysql.conf"
[root@ansible ~]# ansible mysql -m shell -a "sed -i '22a MANDATORY_MANPATH /usr/local/mysql/man' /etc/man_db.conf"
#创建数据存放目录
[root@ansible ~]# ansible mysql -m file -a 'path=/opt/data state=directory owner=mysql group=mysql'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 992,
"group": "mysql",
"mode": "0755",
"owner": "mysql",
"path": "/opt/data",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 995
}
[root@ansible ~]# ansible mysql -a 'ls -l /opt/data'
#初始化数据库
[root@ansible ~]# ansible mysql -a 'mysqld --initialize --user mysql --datadir /opt/data'
mysql | CHANGED | rc=0 >>
2022-10-23T14:44:24.492335Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-23T14:44:24.679708Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-23T14:44:24.707341Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-23T14:44:24.762052Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 302b5b12-52e1-11ed-998a-000c29695be8.
2022-10-23T14:44:24.763297Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-23T14:44:24.993813Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T14:44:24.993828Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T14:44:24.994311Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-23T14:44:25.047542Z 1 [Note] A temporary password is generated for root@localhost: taN/0RJO5Be(
#配置mysql配置文件service启动文件
[root@ansible scripts]# vim mysql_service.sh
#!/bin/bash
cat >> /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
cat > /usr/lib/systemd/system/mysqld.service <<EOF
[Unit]
Description=mysqld server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/mysqld start
ExecStop=/etc/init.d/mysqld stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now mysqld
#启动脚本
[root@ansible ~]# ansible mysql -m script -a '/etc/ansible/scripts/mysql_service.sh'
[root@ansible ~]# ansible mysql -a 'ss -anlt'
mysql | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
部署php
#关闭防火墙和selinux
[root@ansible ~]# ansible php -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ~]# ansible php -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
[root@ansible ~]# ansible php -a 'setenforce 0'
#用脚本配置yum源安装依赖包
[root@ansible ~]# cd /etc/ansible/scripts/
[root@ansible scripts]# vim php_yum.sh
#!/bin/bash
curl -o /etc/yum.repos.d/CentOS-Base.repo
https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum -y install epel-release && \
curl -o /etc/yum.repos.d/CentOS-Base.repo
https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum -y install epel-release && \
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/m/mhash-0.9.9.9-20.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libmcrypt-devel-2.5.8-26.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libmcrypt-2.5.8-26.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/m/mhash-devel-0.9.9.9-20.el8.x86_64.rpm
dnf -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
rpm -ivh https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libsqlite3x-devel-20071018-26.el8.x86_64.rpm --nodeps
dnf -y install wget gcc gcc-c++ make libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libzip-devel sqlite-devel
#执行脚本
[root@ansible scripts]# ansible php -m script -a '/etc/ansible/scripts/php_yum.sh'
#下载php软件包解压并编译安装
[root@ansible scripts]# ansible php -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz'
[root@ansible scripts]# ansible php -a 'tar xf php-8.1.11.tar.gz'
#用脚本编译安装
[root@ansible scripts]# vim php_configure.sh
#!/bin/bash
cd php-8.1.11
./configure --prefix=/usr/local/php --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix && \
make && make install
#执行脚本
[root@ansible scripts]# ansible php -m script -a '/etc/ansible/scripts/php_configure.sh'
#设置环境变量
[root@ansible scripts]# ansible php -m shell -a "echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh"
#配置文件
[root@ansible scripts]# vim php_file.sh
#!/bin/bash
cd /usr/local/php
cp etc/php-fpm.conf.default etc/php-fpm.conf
cp etc/php-fpm.d/www.conf.default etc/php-fpm.d/www.conf
ln -s /usr/local/php /usr/include/php
echo "/usr/local/php/lib" > /etc/ld.so.conf.d/php.conf
ldconfig
#执行脚本
[root@ansible scripts]# ansible php -m script -a '/etc/ansible/scripts/php_file.sh'
#配置文件
[root@ansible scripts]# vim php_file2.sh
#!/bin/bash
cat > /usr/lib/systemd/system/php.service << EOF
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/php/sbin/php-fpm
ExecStop=ps -ef |grep php |grep -v grep|awk '{print$2}'|xargs kill
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now php.service
#执行脚本
[root@ansible scripts]# ansible php -m script -a '/etc/ansible/scripts/php_file2.sh'
[root@ansible scripts]# ansible php -a 'ss -anlt'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
配置php测试页面
nginx受控主机配置
[root@ansible ~]# ansible nginx -a "sed -i '45 s/index index.html index.htm;/index index.php index.html index.htm;/g' /usr/local/nginx/conf/nginx.conf"
[root@ansible ~]# ansible nginx -a "sed -i '65,71 s/#/ /' /usr/local/nginx/conf/nginx.conf"
[root@ansible ~]# ansible nginx -a "sed -i '67 s/fastcgi_pass 127.0.0.1:9000;/fastcgi_pass 192.168.188.132:9000;/g' /usr/local/nginx/conf/nginx.conf"
[root@ansible ]# ansible nginx -a "sed -i '69 s/\/scripts/\$document_root/' /usr/local/nginx/conf/nginx.conf"
#查看语法是否正确
[root@ansible ~]# ansible nginx -a 'nginx -t'
nginx | CHANGED | rc=0 >>
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
#重启服务&创建index.php文件
[root@ansible ~]# ansible nginx -m service -a 'name=nginx state=restarted'
[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# vim index.php
<?php
phpinfo();
?>
[root@ansible ansible]# ls
ansible.cfg hosts index.php inventory roles scripts
[root@ansible ansible]# ansible nginx -m copy -a 'src=/etc/ansible/index.php dest=/usr/local/nginx/html/index.php'
php受控主机配置
#监听php
[root@ansible ansible]# ansible php -m shell -a "echo 'listen = 192.168.188.132:9000' >> /usr/local/php/etc/php-fpm.d/www.conf"
[root@ansible ansible]# ansible php -m shell -a "echo 'listen.allowed_clients = 192.168.188.129' >> /usr/local/php/etc/php-fpm.d/www.conf"
#创建index.php文件
[root@ansible scripts]# ansible php -a 'mkdir -p /usr/local/nginx/html'
[root@ansible scripts]# ansible php -m copy -a 'src=/etc/ansible/index.php dest=/usr/local/nginx/html/'
#重启服务
[root@ansible ansible]# ansible php -m service -a 'name=php state=restarted'
[root@ansible ansible]# ansible php -a 'ss -anlt'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 192.168.188.132:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
测试访问
