ansible部署lnmp架构

环境准备：

主机名	IP	服务	系统
ansible	192.168.160.131	ansible	CentOS-8.5
nginx	192.168.160.132	nginx	CentOS-8.5
mysql	192.168.160.137	mysql	CentOS-8.5
php	192.168.160.139	php	CentOS-8.5

1、生成私钥，对另外三台主机进行免密登入

[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? yes
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ny1q6A+oJY8ZDV3+eX0hpKzOYWvrtR5/FipNa7DWj+0 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|      .     .    |
|   . o   . +     |
|  . . . S * o .  |
|   o . o =.+.... |
|  o + o O +*.o.. |
|   O . *.=++*+o  |
|  + . .+B+ooo=E  |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.160.132
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.160.137
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.160.139

2.构建Ansible清单

[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# vim hosts 
//添加受管主机
192.168.160.132
192.168.160.137
192.168.160.139

3. 受管主机安装python3

[root@nginx ~]# yum -y install python3
[root@mysql ~]# yum -y install python3
[root@php ~]# yum -y install python3

4. 管理nginx受管主机部署nginx服务

//创建系统用户nginx
[root@ansible ansible]# ansible 192.168.160.132 -m user -a 'name=nginx system=yes shell=/sbin/nologin state=present'

//安装依赖包
[root@ansible ansible]# ansible 192.168.160.132 -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make,wget state=present'

//创建日志存放目录
[root@ansible ansible]# ansible 192.168.160.132 -m file -a 'path=/var/log/nginx state=directory'
[root@ansible ansible]# ansible 192.168.160.132 -m file -a 'path=/var/log/nginx state=directory owner=nginx group=nginx'

//下载nginx并解压
[root@ansible ansible]# ansible 192.168.160.132 -m get_url -a 'url=http://nginx.org/download/nginx-1.20.2.tar.gz'
[root@ansible ansible]# ansible 192.168.160.132 -a 'tar xf nginx-1.20.2.tar.gz'

//编写编译脚本，然后进行编译安装
[root@ansible ansible]# mkdir scripts/
[root@ansible ansible]# vim scripts/a.sh 
#!/bin/bash

cd nginx-1.20.2
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
[root@ansible ansible]# chmod +x scripts/a.sh 
[root@ansible ansible]# ansible 192.168.160.132 -m script -a '/etc/ansible/scripts/a.sh'

[root@ansible ansible]# ansible 192.168.160.132 -m shell -a 'cd nginx-1.20.2 && make && make install '

//配置环境变量
[root@ansible ansible]# ansible 192.168.160.132 -m shell -a 'echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh'
[root@ansible ansible]# ansible 192.168.160.132 -m shell -a '. /etc/profile.d/nginx.sh'

[root@ansible ansible]# ansible 192.168.160.132  -a 'nginx'
[root@ansible ansible]# ansible 192.168.160.132  -a 'ss -anlt'
192.168.160.132 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*          
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:* 

//编写service文件
[root@ansible ansible]# vim scripts/nginx.sh
#!/bin/bash

cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp= true

[Install]
WantedBy=multi-user.target
EOF


[root@ansible ansible]# chmod +x scripts/nginx.sh 
[root@ansible ansible]# ansible 192.168.160.132 -m script -a '/etc/ansible/scripts/nginx.sh'

//重启nginx服务
[root@ansible ansible]# ansible 192.168.160.132 -m service -a 'name=nginx state=restarted'

//查看nginx服务状态
[root@ansible ansible]# ansible 192.168.160.132 -a 'ss -anlt' 
192.168.160.132 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*          
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:* 

//创建存放网站名称,写入php网页信息
[root@ansible ansible]# ansible 192.168.160.132 -a 'rm -rf /usr/local/nginx/html/*'
//脚本写入php网页信息
[root@ansible ansible]# vim scripts/nginx.php.sh

#!/bin/bash
cat > /usr/local/nginx/html/index.php <<EOF

EOF
[root@ansible ansible]# chmod +x scripts/nginx.php.sh 
[root@ansible ansible]# ansible 192.168.160.132 -m script -a '/etc/ansible/scripts/nginx.php.sh'

5. 管理mysql受管主机部署mysql服务

//创建系统用户msyql
[root@ansible ansible]# ansible 192.168.160.137 -m user -a 'name=mysql system=yes shell=/sbin/nologin state=present'

//安装依赖包
[root@ansible ansible]# ansible 192.168.160.137 -m yum -a 'name=ncurses-compat-libs,perl,ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel state=present'

//下载mysql并解压
[root@ansible ansible]# ansible 192.168.160.137 -m get_url -a 'url=https://mirrors.aliyun.com/mysql/MySQL-8.0/mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz
[root@ansible ansible]# ansible 192.168.160.137 -a 'tar xf mysql-8.0.28-linux-glibc2.12-x86_64.tar.xz'

//修改MySQL数据库名称
[root@ansible ansible]# ansible 192.168.160.137 -a 'mv mysql-8.0.28-linux-glibc2.12-x86_64 mysql'
[root@ansible ansible]# ansible 192.168.160.137 -a 'mv mysql /usr/local/'

//修改目录/usr/local/mysql的属主属组
[root@ansible ansible]# ansible 192.168.160.137 -m file -a 'path=/usr/local/mysql owner=mysql group=mysql'

//添加环境变量
[root@ansible ansible]# ansible 192.168.160.137 -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
[root@ansible ansible]# ansible 192.168.160.137 -m shell -a 'source /etc/profile.d/mysql.sh'

//头文件
[root@ansible ansible]# ansible 192.168.160.137 -a 'ln -sv /usr/local/mysql/include/ /usr/include/mysql'

//库文件
[root@ansible ansible]# ansible 192.168.160.137 -m shell -a 'echo "/usr/local/mysql/lib/" > /etc/ld.so.conf.d/mysql.conf'

//man文档
[root@ansible ansible]# ansible 192.168.160.137 -a 'sed -i "22a MANDATORY_MANPATH                         /usr/local/mysql/man" /etc/man_db.conf'

//建立数据存放目录
[root@ansible ansible]# ansible 192.168.160.137 -m file -a 'path=/opt/data state=directory owner=mysql group=mysql'

//初始化数据库 
[root@ansible ansible]# ansible 192.168.160.137 -m shell -a '/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/'
192.168.160.137 | CHANGED | rc=0 >>
2022-10-22T10:16:43.715352Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.28) initializing of server in progress as process 42021
2022-10-22T10:16:43.729133Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2022-10-22T10:16:44.704775Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2022-10-22T10:16:46.845493Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: 1eP>h#nRO&;7

//配置服务启动脚本
[root@ansible ansible]# ansible 192.168.160.137 -a 'cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
[root@ansible ansible]# ansible 192.168.160.137 -a 'sed  -i "46cbasedir=/usr/local/mysql" /etc/init.d/mysqld'
[root@ansible ansible]# ansible 192.168.160.137 -a 'sed  -i "47cdatadir=/opt/data" /etc/init.d/mysqld'

//编写脚本添加mysql配置文件和mysql的service文件
[root@ansible ansible]# vim scripts/mysql.sh 
#!/bin/bash

cat > /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF

cat > /usr/lib/systemd/system/mysqld.service <<EOF
[Unit]
Description=mysql server daemon
After=network.target sshd-keygen.target

[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
EOF
[root@ansible ansible]# chmod +x scripts/mysql.sh 
[root@ansible ansible]# ansible 192.168.160.137 -m script -a '/etc/ansible/scripts/mysql.sh'

[root@ansible ansible]# ansible 192.168.160.137 -a 'systemctl daemon-reload'
[root@ansible ansible]# ansible 192.168.160.137 -m service -a 'name=mysqld state=restarted'
[root@ansible ansible]# ansible 192.168.160.137 -a 'ss -anlt'
192.168.160.137 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*          
LISTEN 0      128                *:3306             *:*          
LISTEN 0      128             [::]:22            [::]:* 

//修改数据库密码
[root@ansible ansible]# ansible 192.168.160.137 -a 'mysqladmin -uroot -p"1eP>h#nRO&;7" password 123456'
192.168.160.137 | CHANGED | rc=0 >>
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.

//重启mysql服务
[root@ansible ansible]# ansible 192.168.160.137 -m service -a 'name=mysqld state=restarted'
[root@ansible ansible]# ansible 192.168.160.137 -a 'ss -anlt'
192.168.160.137 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:22         0.0.0.0:*          
LISTEN 0      128                *:3306             *:*          
LISTEN 0      128             [::]:22            [::]:*   

5. 管理php受管主机部署php服务

//安装依赖包
[root@ansible ansible]# ansible 192.168.160.139 -m yum -a 'name=gcc,gcc-c++,vim,make,wget,libxml2,libxml2-devel,openssl,openssl-devel,bzip2,bzip2-devel,libcurl,libcurl-devel,libicu-devel,libjpeg,libjpeg-devel,libpng,libpng-devel,openldap-devel,pcre-devel,freetype,freetype-devel,gmp,gmp-devel,libmcrypt,libmcrypt-devel,readline,readline-devel,libxslt,libxslt-devel,mhash,mhash-devel,php-mysqlnd,libsqlite3x-devel,libzip-devel state=present'
[root@ansible ansible]# ansible 192.168.160.139 -a 'yum -y install  http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm'

//下载PHP并解压
[root@ansible ansible]# ansible 192.168.160.139 -m get_url -a 'url=https://www.php.net/distributions/php-8.1.11.tar.gz'
[root@ansible ansible]# ansible 192.168.160.139 -a 'tar xf php-8.1.11.tar.gz -C /usr/src'

//编译安装php
#编译脚本
[root@ansible ansible]# vim scripts/php.sh
#!/bin/bash

cd /usr/src/php-8.1.11/
./configure --prefix=/usr/local/php8   --with-config-file-path=/etc  --enable-fpm  --enable-inline-optimization  --disable-debug  --disable-rpath  --enable-shared  --enable-soap  --with-openssl  --enable-bcmath  --with-iconv  --with-bz2  --enable-calendar  --with-curl  --enable-exif   --enable-ftp  --enable-gd  --with-jpeg  --with-zlib-dir  --with-freetype  --with-gettext  --enable-json  --enable-mbstring  --enable-pdo  --with-mysqli=mysqlnd  --with-pdo-mysql=mysqlnd  --with-readline  --enable-shmop  --enable-simplexml  --enable-sockets  --with-zip  --enable-mysqlnd-compression-support  --with-pear  --enable-pcntl  --enable-posix

[root@ansible ansible]# chmod +x scripts/php.sh 
[root@ansible ansible]# ansible 192.168.160.139 -m script -a '/etc/ansible/scripts/php.sh'
[root@ansible ansible]# ansible 192.168.160.139 -m shell -a 'cd /usr/src/php-8.1.11/ && make && make install'

//安装后配置
[root@ansible ansible]# ansible 192.168.160.139 -m shell -a 'echo "export PATH=/usr/local/php8/bin/:$PATH" > /etc/profile.d/php8.sh
[root@ansible ansible]# ansible 192.168.160.139 -m shell -a 'source /etc/profile.d/php8.sh'
[root@ansible ansible]# ansible 192.168.160.139 -a 'php -v'
192.168.160.139 | CHANGED | rc=0 >>
PHP 8.1.11 (cli) (built: Oct 22 2022 09:23:40) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.11, Copyright (c) Zend Technologies

//配置php-fpm
[root@ansible ansible]# ansible 192.168.160.139 -a '\cp /usr/src/php-8.1.11/php.ini-production /etc/php.ini'
[root@ansible ansible]# ansible 192.168.160.139 -a '\cp /usr/src/php-8.1.11/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'
[root@ansible ansible]# ansible 192.168.160.139 -m file -a 'path=/etc/init.d/php-fpm mode=755'
[root@ansible ansible]# ansible 192.168.160.139 -a '\cp /usr/local/php8/etc/php-fpm.conf.default  /usr/local/php8/etc/php-fpm.conf'
[root@ansible ansible]# ansible 192.168.160.139 -a '\cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf'

//启动php-fpm
[root@ansible ansible]# ansible 192.168.160.139 -a 'service php-fpm start'
192.168.160.139 | CHANGED | rc=0 >>
Starting php-fpm  done
[root@ansible ansible]# ansible 192.168.160.139 -a 'ss -anlt'
192.168.160.139 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128        127.0.0.1:9000      0.0.0.0:*          
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:*

//连接nginx和php
##生成php测试页面
[root@ansible ansible]# ansible 192.168.160.139 -m file -a 'path=/usr/local/nginx state=directory'
[root@ansible ansible]# ansible 192.168.160.139 -m file -a 'path=/usr/local/nginx/html state=directory'
//编写脚本添加php测试页面
[root@ansible ansible]# vim scripts/n-p.sh
#!/bin/bash

cat > /usr/local/nginx/html/index.php << EOF

EOF
[root@ansible ansible]# chmod +x scripts/n-p.sh 
[root@ansible ansible]# ansible 192.168.160.139 -m script -a '/etc/ansible/scripts/n-p.sh' 

//修改php/usr/local/php8/etc/php-fpm.d/www.conf文件的clisten和clisten.allowed_clients指向
[root@ansible ansible]# ansible 192.168.160.139 -a 'sed -i "36clisten = 192.168.160.139:9000" /usr/local/php8/etc/php-fpm.d/www.conf'
[root@ansible ansible]# ansible 192.168.160.139 -a 'sed -i "63clisten.allowed_clients = 192.168.160.132" /usr/local/php8/etc/php-fpm.d/www.conf'

//修改nginx配置文件
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "45c                   index  index.php index.html index.htm;" /usr/local/nginx/conf/nginx.conf' 
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "65c     location ~ \.php$ {" /usr/local/nginx/conf/nginx.conf'
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "66c     root           html;" /usr/local/nginx/conf/nginx.conf' 
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "67c     fastcgi_pass   192.168.160.139:9000;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "68c     fastcgi_index  index.php;" /usr/local/nginx/conf/nginx.conf' 
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "69c     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "70c      include        fastcgi_params;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ansible]# ansible 192.168.160.132 -a 'sed -i "71c      }" /usr/local/nginx/conf/nginx.conf'

//重启nginx和php服务
[root@ansible ansible]# ansible 192.168.160.132 -m service -a 'name=nginx state=restarted'
[root@ansible ansible]# ansible 192.168.160.139 -a 'service php-fpm restart' 

访问web