ansible常用模块的使用
ansible常用模块的使用
文章目录
- ansible常用模块的使用
-
- @[toc]
- ansible常用模块
-
- ansible常用模块之ping
- ansible常用模块之command
- ansible常用模块之raw
- ansible常用模块之shell
- ansible常用模块之script
- ansible常用模块之copy
- ansible常用模块之template
- ansible常用模块之yum
- ansible常用模块之group
- ansible常用模块之user
- ansible常用模块之service
- 用ansible在三台被管理主机上部署lnmp
-
- ansible在被管理主机上部署nginx
- ansible在被管理主机上部署mysql
- ansible在被管理主机上部署php
- 部署php测试页面
- 部署nginx
- 访问测试
文章目录
- ansible常用模块的使用
-
- @[toc]
- ansible常用模块
-
- ansible常用模块之ping
- ansible常用模块之command
- ansible常用模块之raw
- ansible常用模块之shell
- ansible常用模块之script
- ansible常用模块之copy
- ansible常用模块之template
- ansible常用模块之yum
- ansible常用模块之group
- ansible常用模块之user
- ansible常用模块之service
- 用ansible在三台被管理主机上部署lnmp
-
- ansible在被管理主机上部署nginx
- ansible在被管理主机上部署mysql
- ansible在被管理主机上部署php
- 部署php测试页面
- 部署nginx
- 访问测试
ansible常用模块
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
ansible常用模块raw、command、shell的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell的指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
ansible常用模块之ping
ping模块一般用于测试是否连接上主机清单内的主机的时候
//出现ping pong字样就表示连接成功。
[root@ansible ansible]# ansible all -m ping
192.168.171.150 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.171.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
ansible常用模块之command
command是ansible这个工具里面默认使用的模块,也就是说使用的时候不需要和别的模块一样带上-m的参数,但是此模块虽然是默认使用linux内部的模块,可这个模块它是不能使用交互式的命令的;如类似于top那种会持续刷新的、和类似于管道符过滤的命令是不可以用ansible的临时命令的。
//基本用法,不需要带-m指定模块的这个参数。
[root@ansible ansible]# ansible all -a 'ls /root'
192.168.171.133 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.171.150 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.171.142 | CHANGED | rc=0 >>
anaconda-ks.cfg
//他是不支持top、管道符类似的交互式的命令的。
[root@ansible ansible]# ansible webservers -a 'ps -ef | grep vsftpd'
192.168.171.142 | FAILED | rc=1 >>
error: garbage option
Usage:
ps [options]
Try 'ps --help '
or 'ps --help '
for additional help text.
ansible常用模块之raw
raw模块和command模块不一样的是他是支持管道符和重定向这些命令的,但他有个缺点,就是不支持多次使用。
//这个raw模块是同样的命令支持使用多次否则有可能会出问题
[root@ansible ansible]# ansible all -m raw -a 'echo "kk" >root'
192.168.171.142 | CHANGED | rc=0 >>
Shared connection to 192.168.171.142 closed.
192.168.171.150 | CHANGED | rc=0 >>
Shared connection to 192.168.171.150 closed.
192.168.171.133 | CHANGED | rc=0 >>
Shared connection to 192.168.171.133 closed.
ansible常用模块之shell
shell模块它是执行脚本用的,只能把脚本传到被管理的节点上才能使用。
//查看被管理主机上的脚本
[root@ansible ansible]# ansible 192.168.171.150 -a 'ls /root'
192.168.171.150 | CHANGED | rc=0 >>
abc
anaconda-ks.cfg
root
test.sh
//使用ansible 的shell模块执行被管理节点的脚本来控制被管理主机,这里执行脚本的时候需要加/bin/bash
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a '/bin/bash test.sh &>abc'
192.168.171.150 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a ' cat abc'
192.168.171.150 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
[root@ansible ansible]#
ansible常用模块之script
这个srcipt的模块功能比shell的功能更强大,因为这个模块不需要脚本在各个被管理主机上,只要管理主机上自己有这个脚本就可以在所有的被管理主机上执行,且执行的时候不需要添加/bin/bash
//查看被管理的各个主机上是否有脚本。
[root@ansible ansible]# ansible all -a 'ls /root/'
192.168.171.133 | CHANGED | rc=0 >>
anaconda-ks.cfg
root
192.168.171.150 | CHANGED | rc=0 >>
abc
anaconda-ks.cfg
root
192.168.171.142 | CHANGED | rc=0 >>
anaconda-ks.cfg
root
//在被管理主机上没有脚本的时候使用script模块也是可以执行的。
[root@ansible ansible]# ansible all -m script -a '/etc/ansible/srcipts/test.sh &>abc'
192.168.171.133 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.171.133 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.171.133 closed."
],
"stdout": "",
"stdout_lines": []
}
...
//在各个被管理主机上查看abc文件里面是否有东西
[root@ansible ansible]# ansible all -a 'cat abc'
192.168.171.133 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
192.168.171.150 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
192.168.171.142 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
ansible常用模块之copy
copy模块其实很简单,就是将管理主机上的文件cp到被管理的各个主机上面
//先在管理主机上随便创建一个文件。
[root@ansible ~]# touch 123
[root@ansible ~]# ls
123 anaconda-ks.cfg
//然后把目录123使用copy模块这个目录
[root@ansible ansible]# ansible all -m copy -a 'src=/root/123 dest=/root/'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/123",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1666418511.0779111-229460-206440547291802/source",
"state": "file",
"uid": 0
}
...
//查看文件是否传过去
[root@ansible ansible]# ansible all -a 'ls /root/'
192.168.171.150 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
root
192.168.171.133 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
root
ansible常用模块之template
template这个模块你暂时可以理解为跟copy是差不多的一个使用方式,但是这个模块是可以传送模板的。
//src表示的是管理主机上的文件也就是源文件需要写绝对路径,而dest是表示目标文件,就是传到被管理主机的那个位置,也需要绝对路径
[root@ansible ansible]# ansible all -m template -a 'src=/root/123 dest=/opt/'
192.168.171.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/123",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1666418756.5842128-246043-233561179254967/source",
"state": "file",
"uid": 0
}
//查看
[root@ansible ansible]# ansible 192.168.171.133 -a 'ls /opt/'
192.168.171.133 | CHANGED | rc=0 >>
123
myrepo
ansible常用模块之yum
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
//先查看被管理主机上有没有服务
[root@localhost ~]# rpm -qa | grep vsftpd
[root@localhost ~]#
//在用yum模块来在被管理主机上安装服务
[root@ansible ansible]# ansible 192.168.171.150 -m yum -a 'name=vsftpd state=present'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-35.el8.x86_64"
]
}
//可以查看被管理主机的服务有没有安装
[root@localhost ~]# rpm -qa | grep vsftpd
vsftpd-3.0.3-35.el8.x86_64
[root@localhost ~]#
ansible常用模块之group
group模块用于创建组和删除组,并且可以设置组的gid
-
name:要创建的组名
-
state:要进行的操作
-
present:创建组
-
removed:删除组
-
absent:删除组
-
gid:创建组的gid
//可以在被管理主机上创建一个叫mysql的用户,并使它的gid为306
[root@ansible ansible]# ansible 192.168.171.150 -m group -a 'name=mysql gid=306 state=present'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
[root@ansible ansible]#
//看组有没有创建
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep mysql /etc/group'
192.168.171.150 | CHANGED | rc=0 >>
mysql:x:306:
[root@ansible ansible]#
//删除组
[root@ansible ansible]# ansible 192.168.171.150 -m group -a 'name=mysql gid=306 state=absent'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "mysql",
"state": "absent"
}
//在过滤一下组
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep mysql /etc/group'
192.168.171.150 | FAILED | rc=1 >>
non-zero return code
ansible常用模块之user
user模块可以在被管理的各个主机上创建用户,删除用户、设置用户的uid、设置其shell为/sbin/nologin,无家目录等
//在被管理的主机上创建一个wtk用户,uid为2020 设置shell为/sbin/nologin无家目录、系统用户
[root@ansible ansible]# ansible 192.168.171.150 -m user -a 'name=wtk system=yes uid=2020 create_home=no shell=/sbin/nologin state=present'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 991,
"home": "/home/wtk",
"name": "wtk",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 2020
}
//查看用户
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep wtk /etc/passwd'
192.168.171.150 | CHANGED | rc=0 >>
wtk:x:2020:991::/home/wtk:/sbin/nologin
//删除的操作和删除组是一样的用法,这里就不过多阐述
ansible常用模块之service
service模块是可以实现在被管理主机上启动、关闭和设置开机自启服务的。
name:要控制的服务
state:控制服务的状态
服务状态的参数
started:启动服务
restarted:重启服务
stoped:停止服务
reloaded:重载服务
enabled=yes :服务开机自启
//启动被管理主机上的httpd服务并设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=httpd state=started enabled=yes'
192.168.171.150 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "httpd-init.service sysinit.target system.slice network.target -.mount systemd-journald.socket remote-fs.target tmp.mount nss-lookup.target systemd-tmpfiles-setup.service basic.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
"Before": "shutdown.target",
...
//在被管理主机上查看服务
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-10-22 02:45:51 EDT; 30s ago
Docs: man:httpd.service(8)
Main PID: 161865 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 23460)
Memory: 37.0M
CGroup: /system.slice/httpd.service
├─161865 /usr/sbin/httpd -DFOREGROUND
//关闭被管理主机上的httpd服务
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=httpd state=stopped'
192.168.171.150 | CHANGED => {
...
//查看被管理主机上的httpd服务状态,注意这里用的模块是shell
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'systemctl is-active httpd'
192.168.171.150 | FAILED | rc=3 >>
inactivenon-zero return code
用ansible在三台被管理主机上部署lnmp
弄4台主机,其中一台装ansible,其余三台分别部署nginx、mysql、php,实现lnmp架构
实验环境:
| 系统 | 主机ip | 服务 |
|---|---|---|
| centos8 | 192.168.171.141 | ansible |
| centos8 | 192.168.171.133 | nginx1.20.2(被管理主机) |
| centos8 | 192.168.171.142 | mysql5.7.39(被管理主机) |
| centos8 | 192.168.171.150 | php8.1.11(被管理主机) |
准备工作:
//关闭133、142、150、三台主机的防火墙和selinux,并且确保三台主机的yum可以正常使用
[root@localhost ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
ansible在被管理主机上部署nginx
//用管理主机在被管理主机上创建用户
[root@ansible ansible]# ansible 192.168.171.133 -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
//创建nginx的安装目录,然后修改nginx安装目录的属主属组
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/usr/local/nginx state=directory'
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/usr/local/nginx state=directory owner=nginx group=nginx recurse=yes'
//在管理主机上创建一个nginx的安装脚本
[root@ansible ansible]# ls
ansible.cfg hosts inventory scripts
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# cat nginx_install.sh
#!/bin/bash
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ vim wget make
if [ ! -d nginx-1.20.2 ];then
wget http://nginx.org/download/nginx-1.20.2.tar.gz
tar xf nginx-1.20.2.tar.gz
fi
cd nginx-1.20.2
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
make && make install
echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
cat >/usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
//用scripts模块执行脚本,在被管理主机上安装nginx
[root@ansible ansible]# ansible 192.168.171.133 -m script -a './scripts/nginx_install.sh &>root'
192.168.171.133 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.171.133 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.171.133 closed."
],
"stdout": "",
"stdout_lines": []
}
//在管理主机上用service模块启动nginx并设置开机自启
[root@ansible ansible]# ansible 192.168.171.133 -m service -a 'name=nginx state=started enabled=yes'
//查看被管理主机是否启动服务
[root@ansible ansible]# ansible 192.168.171.133 -m shell -a 'systemctl is-enabled nginx'
192.168.171.133 | CHANGED | rc=0 >>
enabled
//在被管理主机上查看端口是否启动
[root@ansible ansible]# ansible 192.168.171.133 -m shell -a 'ss -antl'
192.168.171.133 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
ansible在被管理主机上部署mysql
//在被管理主机上创建mysql用户。
[root@ansible ansible]# ansible 192.168.171.142 -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'
//在被管理主机上下载wget命令,然后下载mysql的二进制包
[root@ansible ansible]# ansible 192.168.171.142 -m yum -a 'name=wget state=present'
[root@ansible ansible]# ansible 192.168.171.142 -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz'
//查看是否下载好
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls'
192.168.171.142 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz
root
wget-log
wget-log.1
//然后解压mysql到安装目录
[root@ansible ansible]# ansible 192.168.171.142 -a 'tar xf mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls /usr/local'
192.168.171.142 | CHANGED | rc=0 >>
bin
etc
games
include
lib
lib64
libexec
mysql-5.7.39-linux-glibc2.12-x86_64
sbin
share
src
//把mysql的名字修改一下
[root@ansible ansible]# ansible 192.168.171.142 -a 'mv /usr/local/mysql-5.7.39-linux-glibc2.12-x86_64 /usr/local/mysql'
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls /usr/local/'
192.168.171.142 | CHANGED | rc=0 >>
bin
etc
games
include
lib
lib64
libexec
mysql
sbin
share
src
//修改mysql的属主属组
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/usr/local/mysql state=directory owner=mysql group=mysql recurse=yes'
//做一下环境变量
[root@ansible ansible]# ansible 192.168.171.142 -a 'mv /usr/local/mysql/include /usr/include/mysql'
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'echo '/usr/local/mysql/lib/' > /etc/ld.so.conf.d/mysql.conf'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'sed -i "22a MANDATORY_MANPATH /usr/local/mysql/man" /etc/man_db.conf'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'source /etc/profile.d/mysql.sh'
192.168.171.142 | CHANGED | rc=0 >>
//创建mysql的数据目录然后初始化 ,数据库初始化的时候会生成一个密码
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/opt/data/ state=directory'
//修改属主属组为mysql
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/opt/data state=directory owner=mysql group=mysql recurse=yes'
//格式化数据库,并且随机密码在最后一行的localhost后面
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'mysqld --initialize --user mysql --datadir /opt/data/'
192.168.171.142 | CHANGED | rc=0 >>
2022-10-22T09:40:48.676773Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-22T09:40:49.724077Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-22T09:40:49.831009Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-22T09:40:49.848497Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 9cd25e11-51ed-11ed-8136-000c29bab644.
2022-10-22T09:40:49.849525Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-22T09:40:50.039842Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-22T09:40:50.039870Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-22T09:40:50.040305Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-22T09:40:50.113475Z 1 [Note] A temporary password is generated for root@localhost: HfE*u7=aLco4
//写一个脚本给数据目录传配置文件,编写service启动文件
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vi mysql_install.sh
#!/bin/bash
cat >/etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
cat > /usr/lib/systemd/system/mysql.service <<EOF
[Unit]
Description=mysql
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
//用script模块启动脚本
[root@ansible ansible]# ansible 192.168.171.142 -m script -a './scripts/mysql_install.sh '
192.168.171.142 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.171.142 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.171.142 closed."
],
"stdout": "",
"stdout_lines": []
}
//启动mysql并设开机自启
[root@ansible ansible]# ansible 192.168.171.142 -m service -a 'name=mysql state=started enabled=yes'
//查看是否开机自启,并看3306端口起来没
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'systemctl is-enabled mysql'
192.168.171.142 | CHANGED | rc=0 >>
enabled
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'ss -antl'
192.168.171.142 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 80 *:3306 *:*
ansible在被管理主机上部署php
//在网上下载php的源码包
[root@ansible ansible]# ansible 192.168.171.150 -m yum -a 'name=wget state=present'
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz'
[root@ansible ansible]# ansible 192.168.171.150 -a 'ls'
192.168.171.150 | CHANGED | rc=0 >>
anaconda-ks.cfg
php-8.1.11.tar.gz
wget-log
//解压php的源码包
[root@ansible ansible]# ansible 192.168.171.150 -a ' tar -xf php-8.1.11.tar.gz '
192.168.171.150 | CHANGED | rc=0 >>
//编写脚本安装依赖包和编译安装php
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# ls
mysql_install.sh nginx_install.sh
[root@ansible scripts]# vi php_install.sh
#!/bin/bash
yum -y install make libxml2-devel openssl-devel curl-devel libjpeg-devel libpng-devel libicu-devel freetype-devel openldap-devel openldap openldap-devel gcc gcc-c++ sqlite-devel libzip-devel http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm openssl libcurl-devel.x86_64 libpng.x86_64 libpng-devel.x86_64 freetype-devel --allowerasing
cd php-8.1.11/
if [ ! -d /usr/local/php8 ];then
./configure --prefix=/usr/local/php8 --with-config-file-path=/usr/local/php/etc --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-fpm --enable-static --enable-sockets --with-zip --enable-calendar --enable-bcmath --enable-mbstring --with-zlib --with-iconv=/usr/local/libiconv --enable-gd --enable-mbstring --with-curl --with-freetype --disable-ipv6 --disable-debug --with-openssl --enable-intl --enable-opcach --with-iconv
fi
make && make install
echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf
cat >/usr/lib/systemd/system/php8.service <<EOF
[Unit]
Description=php
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/php8/sbin/php-fpm
ExecStop=ps -ef |grep php|grep -v grep|awk '{print $2}' |xargs kill -9
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
//启动安装脚本
[root@ansible ansible]# ansible 192.168.171.150 -m script -a './scripts/php_install.sh'
...
//启动php并且设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=php8 state=started enabled=yes'
//查看端口是否起来,和服务是否设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'systemctl is-enabled php8'
192.168.171.150 | CHANGED | rc=0 >>
enabled
[root@ansible ansible]# ansible 192.168.171.150 -a 'ss -antl'
192.168.171.150 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
部署php测试页面
//配置php,生成php测试页面
[root@ansible ansible]# ansible 192.168.171.150 -a 'mkdir /www/abc'
[root@ansible ansible]# cat scripts/web_php.sh
#!/bin/bash
cat >/www/abc/index.php <<EOF
EOF
sed -i 's/listen =.*/listen = 192.168.171.150:9000/' /usr/local/php8/etc/php-fpm.d/www.conf
sed -i 's/;listen.allowed_clients.*/;listen.allowed_clients = 192.168.171.133/' /usr/local/php8/etc/php-fpm.d/www.conf
systemctl restart php8.service
//启动脚本
[root@ansible ansible]# ansible 192.168.171.150 -m script -a './scripts/web_php.sh'
192.168.171.150 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.171.150 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.171.150 closed."
],
"stdout": "",
"stdout_lines": []
}
部署nginx
//创建测试测试页面目录
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/www/ state=directory'
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/www/abc state=directory'
//编写脚本配置nginx配置文件
[root@ansible ansible]# cat scripts/web_nginx.sh
#!/bin/bash
cat >/www/abc/index.php <<EOF
EOF
chown -R nginx.nginx /www/abc/
cat > /usr/local/nginx/conf/nginx.conf <<EOF
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /www/abc;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /www/abc;
fastcgi_pass 192.168.171.150:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /www/abc$fastcgi_script_name;
include fastcgi_params;
}
}
}
EOF
//启动脚本
[root@ansible ansible]# ansible 192.168.171.133 -m script -a './scripts/web_nginx.sh'
192.168.171.133 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.171.133 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.171.133 closed."
],
"stdout": "",
"stdout_lines": []
//重启nginx服务
[root@ansible ansible]# ansible 192.168.171.133 -m service -a 'name=nginx state=restarted'
访问测试
