ansible常用模块
ansible常用模块有:
ansible常用模块raw
、command
、shell
的区别:
ping模块用于检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
//可以ping某个组的,也可以ping所有的主机
[root@ansible ~]# ansible web1 -m ping
web1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
//ansible默认模板就是command模块
[root@ansible ~]# ansible webserver -a 'ls'
192.168.159.100 | CHANGED | rc=0 >>
anaconda-ks.cfg
nginx-1.22.0
nginx-1.22.0.tar.gz
php-8.1.11
php-8.1.11.tar.gz
web1 | CHANGED | rc=0 >>
anaconda-ks.cfg
harbor-offline-installer-v2.5.3.tgz
man.test.config
pubic
runtime.gz
zabbix-6.2.2.tar.gz
//command模块是不能使用管道符和重定向功能的,所以执行失败
[root@ansible ~]# ansible web1 -a "echo 'hello' > /tmp/123"
web1 | CHANGED | rc=0 >>
hello > /tmp/123
[root@ansible ~]# ansible web1 -a 'cat /tmp/123'
web1 | FAILED | rc=1 >>
cat: /tmp/123: No such file or directorynon-zero return code
[root@ansible ~]# ansible web1 -a 'ps -ef |grep ssh'
web1 | FAILED | rc=1 >>
error: garbage option
Usage:
ps [options]
Try 'ps --help '
or 'ps --help '
for additional help text.
For more details see ps(1).non-zero return code
raw模块用于在远程主机上执行命令,其支持管道符与重定向
//支持重定向
[root@ansible ~]# ansible web1 -m raw -a "echo 'hello' > /tmp/test"
web1 | CHANGED | rc=0 >>
Shared connection to web1 closed.
[root@ansible ~]# ansible web1 -a 'cat /tmp/test'
web1 | CHANGED | rc=0 >>
hello
//支持管道符
[root@ansible ~]# ansible web1 -m raw -a 'ps -ef|grep httpd'
web1 | CHANGED | rc=0 >>
root 2927 2763 0 14:15 pts/0 00:00:00 bash -c ps -ef|grep httpd
root 2947 2927 0 14:15 pts/0 00:00:00 grep httpd
Shared connection to web1 closed.
shell模块用于在受控机上执行受控机上的脚本,亦可直接在受控机上执行命令。
shell模块亦支持管道与重定向。
//在192.168.159.100这台机子上写一个脚本
[root@node1 scripts]# ./test.sh
1
2
3
4
5
6
7
8
9
10
//就100这台机子成功了,其他的都不能成功,这是正确的,因为别的机子没有这个脚本。
[root@ansible ansible]# ansible all -m shell -a '/bin/bash /scripts/test.sh' 192.168.159.100 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
192.168.159.104 | FAILED | rc=127 >>
/bin/bash: /scripts/test.sh: No such file or directorynon-zero return code
web1 | FAILED | rc=127 >>
/bin/bash: /scripts/test.sh: No such file or directorynon-zero return code
script模块用于在受控机上执行主控机上的脚本
[root@ansible ansible]# ansible all -m script -a '/etc/ansible/scripts/a.sh'
192.168.159.100 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.159.100 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.159.100 closed."
],
"stdout": "",
"stdout_lines": []
}
web1 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to web1 closed.\r\n",
"stderr_lines": [
"Shared connection to web1 closed."
],
"stdout": "",
"stdout_lines": []
}
192.168.159.104 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.159.104 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.159.104 closed."
],
"stdout": "",
"stdout_lines": []
}
//查看受管主机的内容
[root@ansible ansible]# ansible all -a 'cat /tmp/runtime'
192.168.159.100 | CHANGED | rc=0 >>
heipi
web1 | CHANGED | rc=0 >>
heipi
192.168.159.104 | CHANGED | rc=0 >>
heipi
template模块用于生成一个模板,并可将其传输至远程主机上。
[root@ansible ansible]# ansible web1 -m template -a 'src=~/anaconda-ks.cfg dest=/tmp/ mode=0644'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "0360febcd5d8e0313b8f5f10dc87edf5b142cca7",
"dest": "/tmp/anaconda-ks.cfg",
"gid": 0,
"group": "root",
"md5sum": "f2fd988fae6b24dd8ffeeeaf26ca7df3",
"mode": "0644",
"owner": "root",
"size": 1092,
"src": "/root/.ansible/tmp/ansible-tmp-1666509027.4797955-2948-235854609580067/source",
"state": "file",
"uid": 0
}
//在受管主机上查看是否有传过去的文件
[root@ansible ansible]# ansible web1 -a 'ls /tmp/'
web1 | CHANGED | rc=0 >>
anaconda-ks.cfg
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
state常用的值:
若想使用yum来管理软件,请确保受控机上的yum源无异常。
//在受管主机上查看有没有安装该软件
[root@node1 scripts]# rpm -qa |grep vsftpd
[root@node1 scripts]#
//使用yum模块来进行安装
[root@ansible ansible]# ansible 192.168.159.100 -m yum -a 'name=vsftpd state=present'
192.168.159.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-34.el8.x86_64"
]
}
//去受管主机上查看是否安装了vsftpd
[root@node1 ~]# rpm -qa |grep vsftpd
vsftpd-3.0.3-34.el8.x86_64
copy模块用于复制文件至远程受控机。
[root@ansible ansible]# ls scripts/
a.sh test.sh
[root@ansible ansible]# ansible web1 -m copy -a 'src=scripts/test.sh dest=/tmp'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "9acd6f7e4ca38fd0900e3f7b9ad459551ab46b17",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "62caecc29748ef06289d8d9765219f15",
"mode": "0644",
"owner": "root",
"size": 50,
"src": "/root/.ansible/tmp/ansible-tmp-1666510534.726503-3171-114743423788283/source",
"state": "file",
"uid": 0
}
//查看受管主机
[root@ansible ansible]# ansible web1 -a 'ls /tmp'
web1 | CHANGED | rc=0 >>
anaconda-ks.cfg
ansible_command_payload_q65vhlbr
runtime
test
test.sh
vmware-root_936-2697532681
vmware-root_946-2688685205
vmware-root_950-2697008400
zabbix_agentd.log
group模块用于在受控机上添加或删除组。
//在受管主机上面创建一个roufeng的组,gid为250
[root@ansible ansible]# ansible 192.168.159.100 -m group -a 'name=roufeng gid=250 state=present'
192.168.159.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 250,
"name": "roufeng",
"state": "present",
"system": false
}
//查看受管主机上的组
[root@ansible ansible]# ansible 192.168.159.100 -m shell -a 'grep roufeng /etc/group'
192.168.159.100 | CHANGED | rc=0 >>
roufeng:x:250:
//删除受管主机上的组
[root@ansible ansible]# ansible 192.168.159.100 -m group -a 'name=roufeng state=absent'
192.168.159.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "roufeng",
"state": "absent"
}
[root@ansible ansible]# ansible 192.168.159.100 -m shell -a 'grep roufeng /etcgroup' 192.168.159.100 | FAILED | rc=2 >>
grep: /etcgroup: No such file or directorynon-zero return code
user模块用于管理受控机的用户帐号。
//在受控机上添加一个系统用户,用户名为jilao,uid为206,设置其shell为/sbin/nologin,无家目录
[root@ansible ansible]# ansible web1 -m user -a 'name=jilao uid=206 system=yes create_home=no shell=/sbin/nologin state=present'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 206,
"home": "/home/jilao",
"name": "jilao",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 206
}
[root@ansible ansible]# ansible web1 -m shell -a 'grep jilao /etc/passwd'
web1 | CHANGED | rc=0 >>
jilao:x:206:206::/home/jilao:/sbin/nologin
//修改用户uid为260
[root@ansible ansible]# ansible web1 -m user -a 'name=jilao uid=260' web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 206,
"home": "/home/jilao",
"move_home": false,
"name": "jilao",
"shell": "/sbin/nologin",
"state": "present",
"uid": 260
}
[root@ansible ansible]# ansible web1 -m shell -a 'grep jilao /etc/passwd'
web1 | CHANGED | rc=0 >>
jilao:x:260:206::/home/jilao:/sbin/nologin
//删除受管主机的jilao用户
[root@ansible ansible]# ansible web1 -m user -a 'name=jilao state=absent'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "jilao",
"remove": false,
"state": "absent"
}
[root@ansible ansible]# ansible web1 -m shell -a 'grep jilao /etc/passwd'
web1 | FAILED | rc=1 >>
non-zero return code
service模块用于管理受控机上的服务。
//查看受管主机的vsftpd服务是否启动
[root@ansible ansible]# ansible 192.168.159.100 -m shell -a 'systemctl status vsftpd'
192.168.159.100 | FAILED | rc=3 >>
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)non-zero return code
//开启受管主机服务
[root@ansible ansible]# ansible 192.168.159.100 -m service -a 'name=vsftpd state=started'
192.168.159.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "vsftpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "sysinit.target systemd-journald.socket network-online.target basic.target system.slice",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "no",
"AssertTimestampMonotonic": "0",
.......................省略
//设置受管主机服务开机自启
[root@ansible ansible]# ansible 192.168.159.100 -m service -a 'name=vsftpd enabled=yes'
192.168.159.100 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
"ActiveEnterTimestamp": "Sun 2022-10-23 15:52:17 CST",
"ActiveEnterTimestampMonotonic": "7388772569",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "network-online.target basic.target system.slice systemd-journald.socket sysinit.target",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
"AssertTimestamp": "Sun 2022-10-23 15:52:17 CST",
................省略
//查看是否开机自启
[root@ansible ansible]# ansible 192.168.159.100 -m shell -a 'systemctl status vsftpd' 192.168.159.100 | CHANGED | rc=0 >>
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-10-23 15:52:17 CST; 2min 18s ago
Main PID: 4689 (vsftpd)
Tasks: 1 (limit: 11217)
//专门用来设定文件属性。
force:需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软
链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
group:定义文件/目录的属组
mode:定义文件/目录的权限
owner:定义文件/目录的属主
path:必选项,定义文件/目录的路径
recurse:递归的设置文件的属性,只对目录有效
src:要被链接的源文件的路径,只应用于state=link的情况
dest:被链接到的路径,只应用于state=link的情况
state:
=directory:如果目录不存在,创建目录
=file:即使文件不存在,也不会被创建
=link:创建软链接
=hard:创建硬链接
=touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
=absent:删除目录、文件或者取消链接文件
//创建文件
[root@ansible ansible]# ansible web1 -m file -a 'path=/tmp/jjyy state=touch owner=root group=root'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/tmp/jjyy",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
[root@ansible ansible]# ansible web1 -m file -a 'path=/tmp/yyjj state=directory owner=root group=root mode=0755'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/yyjj",
"size": 6,
"state": "directory",
"uid": 0
}
[root@ansible ansible]# ansible web1 -a 'ls -l /tmp'
web1 | CHANGED | rc=0 >>
total 64
-rw-r--r-- 1 root root 0 Oct 23 19:20 jjyy
//创建目录
[root@ansible ansible]# ansible web1 -m file -a 'path=/tmp/yyjj state=directory owner=root group=root mode=0755'
web1 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/yyjj",
"size": 6,
"state": "directory",
"uid": 0
}
[root@ansible ansible]# ansible web1 -a 'ls -l /tmp'
web1 | CHANGED | rc=0 >>
total 64
drwxr-xr-x 2 root root 6 Oct 23 19:21 yyjj
主机名 | iP地址 | 应用 | 系统 |
---|---|---|---|
ansible | 192.168.159.103 | ansible主控机 | centos8 |
nginx | 192.168.159.100 | nginx受控机 | centos8 |
mysql | 192.168.159.101 | mysql受控机 | centos8 |
php | 192.168.159.104 | php受控机 | centos8 |
[root@ansible ansible]# vim ansible.cfg
inventory = /etc/ansible/inventory
[root@ansible ansible]# cat inventory
nginx
mysql
php
//进行域名映射
[root@ansible ansible]# vim /etc/hosts
[root@ansible ansible]# tail /etc/hosts
192.168.159.100 nginx
192.168.159.101 mysql
192.168.159.104 php
//关闭防火墙和selinux
[root@ansible ansible]# ansible nginx -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ansible]# ansible nginx -a "sed -ri 's/^(SELINUX=).*/\1disabled/g'
> /etc/selinux/config"
//创建用户
[root@ansible ansible]# ansible nginx -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
//安装依赖包
[root@ansible ~]# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make,wget,vim state=present'
//下载nginx软件包并解压
[root@ansible ansible]# ansible nginx -a 'wget http://nginx.org/download/nginx-1.20.2.tar.gz'
[root@ansible ansible]# ansible nginx -a 'tar -xf nginx-1.20.2.tar.gz'
//编译安装
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vim configure.sh
[root@ansible scripts]# cat configure.sh
#!/bin/bash
cd nginx-1.20.2
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && \
make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
[root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/configure.sh'
//安装完成
[root@ansible ansible]# ansible nginx -a 'ls /usr/local/nginx'
nginx | CHANGED | rc=0 >>
conf
html
logs
sbin
//配置环境变量,配置service启动文件
[root@ansible ansible]# ansible nginx -m shell -a 'echo "export PATH=$PATH:/usr/local/nginx/sbin"> /etc/profile.d/nginx.sh'
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vim nginxservice.sh
[root@ansible scripts]# cat nginxservice.sh
#!/bin/bash
cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
[root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/nginxservice.sh'
nginx
[root@ansible ansible]# ansible nginx -a 'ss -anlt'
nginx | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 *:21 *:*
LISTEN 0 128 [::]:22 [::]:*
//关闭防火墙和selinux
[root@ansible ansible]# ansible mysql -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ansible]# ansible mysql -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
//创建用户
[root@ansible ansible]# ansible mysql -m user -a 'name=mysql create_home=no system=yes shell=/sbin/nologin state=present'
//安装依赖包
[root@ansible ansible]# ansible mysql -m yum -a 'name=ncurses-devel,openssldevel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
//安装mysql软件包并解压
[root@ansible ansible]# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
[root@ansible ansible]# ansible mysql -a 'tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
[root@ansible ansible]# ansible mysql -a 'mv /usr/local/mysql-5.7.38-linux-glibc2.12-x86_64 /usr/local/mysql'
//修改属主属组
[root@ansible ansible]# ansible mysql -a 'chown -R mysql.mysql /usr/local/mysql'
//配置环境变量头文件库文件man文档
[root@ansible ansible]# ansible mysql -m shell -a "echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh"
[root@ansible ansible]# ansible mysql -m shell -a 'ln -s /usr/local/mysql/include /usr/include/mysql'
[root@ansible ansible]# ansible mysql -m shell -a "echo '/usr/local/mysql/lib' >/etc/ld.so.conf.d/mysql.conf"
[root@ansible ansible]# ansible mysql -m shell -a "sed -i '22a MANDATORY_MANPATH /usr/local/mysql/man' /etc/man_db.conf"
//创建数据存放目录
[root@ansible ansible]# ansible mysql -m file -a 'path=/opt/data state=directory owner=mysql group=mysql'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/opt/data",
"gid": 249,
"group": "mysql",
"mode": "0644",
"owner": "mysql",
"size": 0,
"state": "file",
"uid": 249
}
[root@ansible ansible]# ansible mysql -a 'ls -l /opt/data'
mysql | CHANGED | rc=0 >>
-rw-r--r-- 1 mysql mysql 0 Oct 23 20:36 /opt/data
//初始化数据库
[root@ansible ansible]# ansible mysql -a 'mysqld --initialize --user mysql --datadir /opt/data'
mysql | CHANGED | rc=0 >>
2022-10-23T12:43:24.884400Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-23T12:43:35.269233Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-23T12:43:37.082268Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-23T12:43:37.086138Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5037c6f5-52d0-11ed-8e29-000c29163b39.
2022-10-23T12:43:37.086591Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-23T12:43:37.440851Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T12:43:37.440881Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T12:43:37.441243Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-23T12:43:37.521913Z 1 [Note] A temporary password is generated for root@localhost: yRjO7uRvB3*X
//配置mysql配置文件service启动文件
[root@ansible scripts]# cat mysqlservice.sh
#!/bin/bash
cat >> /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
cat > /usr/lib/systemd/system/mysqld.service <<EOF
[Unit]
Description=mysqld server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/mysqld start
ExecStop=/etc/init.d/mysqld stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now mysqld
[root@ansible ansible]# ansible mysql -m script -a '/etc/ansible/scripts/mysqlservice.sh'
[root@ansible ansible]# ansible mysql -a 'ss -anlt'
mysql | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:22 [::]:*
//关闭防火墙和selinux
[root@ansible ansible]# ansible php -m service -a 'name=firewalld state=stopped enabled=no'
[root@ansible ansible]# ansible php -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
//用脚本配置yum源安装依赖包
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vim phpyum.sh
[root@ansible scripts]# cat phpyum.sh
#!/bin/bash
curl -o /etc/yum.repos.d/CentOS-Base.repo
https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum -y install epel-release && \
#!/bin/bash
curl -o /etc/yum.repos.d/CentOS-Base.repo
https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo && \
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum -y install epel-release && \
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/m/mhash-0.9.9.9-20.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libmcrypt-devel-2.5.8-26.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libmcrypt-2.5.8-26.el8.x86_64.rpm
dnf -y install https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/m/mhash-devel-0.9.9.9-20.el8.x86_64.rpm
dnf -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
rpm -ivh https://download-ib01.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/l/libsqlite3x-devel-20071018-26.el8.x86_64.rpm --nodeps
dnf -y install wget gcc gcc-c++ make libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libzip-devel sqlite-devel
[root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/phpyum.sh'
//下载php软件包解压并编译安装
[root@ansible ansible]# ansible php -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz'
[root@ansible ansible]# ansible php -a 'tar xf php-8.1.11.tar.gz'
//用脚本编译安装
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vim phpconfigure.sh
[root@ansible scripts]# cat phpconfigure.sh
#!/bin/bash
#!/bin/bash
cd php-8.1.11
./configure --prefix=/usr/local/php --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix && \
make && make install
[root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/phpconfigure.sh'
//设置环境变量
[root@ansible ansible]# ansible php -m shell -a "echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh"
//配置文件
[root@ansible scripts]# vim php.sh
[root@ansible scripts]# cat php.sh
#!/bin/bash
cd /usr/local/php
cp etc/php-fpm.conf.default etc/php-fpm.conf
cp etc/php-fpm.d/www.conf.default etc/php-fpm.d/www.conf
cat > /usr/lib/systemd/system/php.service <<EOF
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now php
[root@ansible ansible]# ansible php -a 'ss -anlt'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
nginx受控主机配置
[root@ansible ansible]# ansible nginx -a "sed -i '45 s/index index.html index.htm;/index index.php index.html index.htm;/g' /usr/local/nginx/conf/nginx.conf"
[root@ansible ansible]# ansible nginx -a "sed -i '65,71 s/#/ /' /usr/local/nginx/conf/nginx.conf"
[root@ansible ansible]# ansible nginx -a "sed -i '67 s/fastcgi_pass 127.0.0.1:9000;/fastcgi_pass 192.168.183.137:9000;/g' /usr/local/nginx/conf/nginx.conf"
//查看语法是否正确
[root@ansible ansible]# ansible nginx -a 'nginx -t'
nginx | CHANGED | rc=0 >>
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
//重启服务&创建index.php文件
[root@ansible ansible]# ansible nginx -m service -a 'name=nginx state=restarted'
[root@ansible ansible]# vim index.php
[root@ansible ansible]# cat index.php
<?php
phpinfo();
?>
[root@ansible ansible]# ls
ansible.cfg hosts index.php inventory roles scripts
[root@ansible ansible]# ansible nginx -m copy -a 'src=/etc/ansible/index.php dest=/usr/local/nginx/html/index.php'
php受控主机配置
//监听php
[root@ansible ansible]# ansible php -m shell -a "echo 'listen = 192.168.159.104:9000' >> /usr/local/php/etc/php-fpm.d/www.conf"
[root@ansible ansible]# ansible php -m shell -a "echo 'listen.allowed_clients = 192.168.159.100' >> /usr/local/php/etc/php-fpm.d/www.conf"
//创建index.php文件
[root@ansible ansible]# ansible php -m copy -a 'src=/etc/ansible/index.php dest=/var/www/index.php'
//重启服务
[root@ansible ansible]# ansible php -m service -a 'name=php state=restarted'
[root@ansible ansible]# ansible php -a 'ss -anlt'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 192.168.159.104:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
dest=/usr/local/nginx/html/index.php’
**php受控主机配置**
```bash
//监听php
[root@ansible ansible]# ansible php -m shell -a "echo 'listen = 192.168.159.104:9000' >> /usr/local/php/etc/php-fpm.d/www.conf"
[root@ansible ansible]# ansible php -m shell -a "echo 'listen.allowed_clients = 192.168.159.100' >> /usr/local/php/etc/php-fpm.d/www.conf"
//创建index.php文件
[root@ansible ansible]# ansible php -m copy -a 'src=/etc/ansible/index.php dest=/var/www/index.php'
//重启服务
[root@ansible ansible]# ansible php -m service -a 'name=php state=restarted'
[root@ansible ansible]# ansible php -a 'ss -anlt'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 192.168.159.104:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*