playbook部署lamp
环境
| 主机IP | 需要安装的服务 | name |
|---|---|---|
| 192.168.23.132 | ansible | ansible |
| 192.168.23.133 | httpd | httpd |
| 192.168.23.134 | mysql | mysql |
| 192.168.23.135 | php | php |
项目结构
[root@ansible project]# tree
.
├── ansible.cfg
├── inventory
├── modules
│ ├── webservers
│ │ └── apache
│ │ ├── files
│ │ │ ├── apr-1.7.0.tar.gz
│ │ │ ├── apr-util-1.6.1.tar.gz
│ │ │ ├── httpd-2.4.46.tar.bz2
│ │ │ └── httpd.service
│ │ ├── install.yml
│ │ ├── scripts
│ │ │ └── install.sh
│ │ └── vars
│ │ └── var.yml
│ ├── databases
│ │ └── mysql
│ │ ├── files
│ │ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ │ ├── install.yml
│ │ ├── templates
│ │ │ ├── my.cnf.j2
│ │ │ └── mysqld.service.j2
│ │ └── vars
│ │ └── var.yml
│ ├── lamp
│ │ ├── main.yml
│ │ └── vars
│ │ └── mysql.yml
| │—— apps
│ │ └── php
│ │ ├── install.yml
│ │ └── vars
│ │ └── var.yml
│ └── yum
│ ├── files
│ │ ├── centos6-base.repo
│ │ ├── centos7-base.repo
│ │ ├── centos8-base.repo
│ │ ├── epel-6.repo
│ │ ├── epel-7.repo
│ │ └── epel-8.repo
│ └── main.yml
└── project-1
├── main.yml
└── secret.yml
19 directories, 27 files
准备工作:
//映射主机名
[root@ansible ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.132 ansible
192.168.23.133 httpd
192.168.23.134 mysql
192.168.23.135 php
//配置centos源
[root@ansible ~]# rm -rf /etc/yum.repos.d/*
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo
//配置epel源
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache
//安装ansible
[root@ansible ~]# yum -y install ansible
//创建项目目录
[root@ansible ~]# mkdir /project
//编写清单
[root@ansible ~]# vim /project/inventory
[webservers]
httpd
[databases]
mysql
[apps]
php
//更改配置文件
[root@yc ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/inventory //取消注释并把路径改成inventory
//使用ssh-keygen生成私钥和公钥
[root@yc ~]# ssh-keygen -t rsa //后面直接回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hOhPvjrJRzNg+zV3F2fi36lgiGltUl8wSxsmeKEzYg0 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| E . |
| .o.o . |
| .o.*.o * |
| .+ ..+ + * o o|
| ..o. S. o o = |
| .++ B + o o |
| . +oO * = . .o|
| + +.o . . .o|
| .+. .. |
+----[SHA256]-----+
//给httpd、mysql、php三台主机设置免密登录
[root@yc1 ~]# ssh-copy-id root@192.168.23.133
[root@yc2 ~]# ssh-copy-id root@192.168.23.134
[root@yc2 ~]# ssh-copy-id root@192.168.23.135
//测试是否连通
[root@yc lamp]# ansible all -m ping
192.168.23.135 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.23.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.23.134 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
//创建项目结构目录
[root@ansible ~]# mkdir -p /project/modules/yum/files
[root@ansible ~]# mkdir -p /project/modules/webs/apache /project/modules/databases/mysql /project/modules/apps/php
yum源配置
//下载centos源
[root@ansible ~]# wget -O /project/modules/yum/files/centos6-base.repo https://mirrors.aliyun.com/repo/Centos-6.repo
[root@ansible ~]# wget -O /project/modules/yum/files/centos7-base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@ansible ~]# wget -O /project/modules/yum/files/centos8-base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /project/modules/yum/files/*.repo
[root@ansible ~]# sed -i 's|$releasever|6|' /project/modules/yum/files/centos6-base.repo
[root@ansible ~]# sed -i 's|$releasever|7|' /project/modules/yum/files/centos7-base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/centos8-base.repo
//下载epel源
[root@ansible ~]# wget -O /project/modules/yum/files/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@ansible ~]# wget -O /project/modules/yum/files/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@ansible ~]# wget -O /project/modules/yum/files/epel-release-latest-8.noarch.rpm https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
//安装rpm包并提取repo源
[root@ansible ~]# rpm -ivh /project/modules/yum/files/epel-release-latest-8.noarch.rpm
[root@ansible ~]# mv /etc/yum.repos.d/epel.repo /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /project/modules/yum/files/epel-8.repo
//设置gpgcheck=0
[root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /project/modules/yum/files/*.repo
//yumt源的Playbook
[root@ansible ~]# vim /project/modules/yum/main.yml
---
- hosts: all
tasks:
- name: yum config for base
copy:
src: files/centos{{ ansible_facts['distribution_major_version'] }}-base.repo
dest: /etc/yum.repos.d/centos-base.repo
when: ansible_facts['distribution'] == 'RedHat'
- name: yum config for epel
copy:
src: files/epel-{{ ansible_facts['distribution_major_version'] }}.repo
dest: /etc/yum.repos.d/epel.repo
httpd的安装
//下载源码包
[root@ansible ~]# mkdir /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2 /project/modules/webs/apache/files
//配置变量
[root@ansible ~]# mkdir /project/modules/webs/apache/vars
[root@ansible ~]# vim /project/modules/webs/apache/vars/var.yml
depend_pkg:
- "@Development Tools"
- openssl-devel
- pcre-devel
- expat-devel
- libxml2-devel
- libtool
- gcc
- gcc-c++
- bzip2
- make
//创建service文件
[root@ansible ~]# vim /project/modules/webs/apache/files/httpd.service
[Unit]
Description=Start httpd
[Service]
Type=simple
EnvironmentFile=/etc/httpd24/httpd.conf
ExecStart=/usr/local/apache/bin/httpd -k start -DFOREGROUND
ExecReload=/usr/local/apache/bin/httpd -k graceful
ExecStop=/bin/kill -WINCH ${MAINPID}
[Install]
WantedBy=multi-user.target
//配置脚本
[root@ansible ~]# mkdir /project/modules/webs/apache/scripts
[root@ansible ~]# vim /project/modules/webs/apache/scripts/install.sh
#!/bin/bash
if [ ! -d /usr/local/apache ];then
rm -rf /usr/local/apr*
cd /usr/src
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.46.tar.bz2
cd apr-1.7.0
sed -i '/$RM "$cfgfile"/d' configure
./configure --prefix=/usr/local/apr && make && make install &&
cd ../apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr &&
make && make install &&
cd ../httpd-2.4.46
./configure --prefix=/usr/local/apache
--sysconfdir=/etc/httpd24
--enable-so
--enable-ssl
--enable-cgi
--enable-rewrite
--with-zlib
--with-pcre
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util/
--enable-modules=most
--enable-mpms-shared=all
--with-mpm=prefork &&
make && make install
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh
cd /usr/src
mv /usr/src/httpd.service /usr/lib/systemd/system/httpd.service
rm -rf apr-1.7.0 apr-util-1.6.1 httpd-2.4.46
fi
//编写playbook
[root@ansible ~] vim /project/modules/webservers/apache/install.yml
---
- hosts: webservers
vars_files:
- vars/var.yml
tasks:
- name: install depend on apache
yum:
name: "{{ depend_pkg }}"
state: present
- name: create user apache
user:
name: apache
shell: /sbin/nologin
create_home: false
system: yes
state: present
- name: download packages
copy:
src: files/
dest: /usr/src
- name: install apache
script: scripts/install.sh
- name: reload daemon for httpd
command: systemctl daemon-reload
mysql的安装
//下载源码包
[root@ansible ~]# mkdir /project/modules/databases/mysql/files
[root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz /project/modules/databases/mysql/files
//配置变量
[root@ansible ~]# mkdir /project/modules/databases/mysql/vars
[root@ansible ~]# vim /project/modules/databases/mysql/vars/var.yml
basedir: /usr/local
datadir: /opt/data
depend_pkg: ncurses-compat-libs
//创建模板文件
[root@ansible ~]# mkdir /project/modules/databases/mysql/templates
[root@ansible ~]# vim /project/modules/databases/mysql/templates/my.cnf.j2
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
//创建service文件
[root@ansible ~]# vim /project/modules/databases/mysql/templates/mysqld.service.j2
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile={{ datadir }}/mysqld.pid
TimeoutSec=0
PermissionsStartOnly=true
ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir }}/mysqld.pid $MYSQLD_OPTS
LimitNOFILE = 5000
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false
//编写playbook
[root@ansible ~] vim /project/modules/databases/mysql/install.yml
---
- hosts: databases
ignore_errors: yes
vars_files:
- vars/var.yml
tasks:
- name: install depemd packages for mysql
yum:
name: "{{ depend_pkg }}"
state: present
- name: create user mysql
user:
name: mysql
system: yes
create_home: false
shell: /sbin/nologin
state: present
- name: unpack mysql
unarchive:
src: files/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: '{{ basedir }}/'
owner: mysql
group: mysql
- name: create env for mysql
shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
- name: create soft link
file:
src: '{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64'
dest: '{{ basedir }}/mysql'
owner: mysql
group: mysql
state: link
- name: crete datadir
file:
path: '{{ datadir }}'
owner: mysql
group: mysql
state: directory
- name: initialize mysql
command: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}/'
- name: probides config file
template:
src: templates/my.cnf.j2
dest: /etc/my.cnf
- name: probides service file
template:
src: templates/mysqld.service.j2
dest: /usr/lib/systemd/system/mysqld.service
- name: reload daemon for mysql
command: systemctl daemon-reload
phpd的安装
//配置变量
[root@ansible ~]# mkdir /project/modules/apps/php/vars
[root@ansible ~]# vim /project/modules/apps/php/vars/var.yml
packages:
- '@Development Tools'
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg
- libjpeg-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
- 'php-*'
//编写playbook
[root@ansible ~] vim /project/modules/apps/php/install.yml
---
- hosts: apps
vars_files:
- vars/var.yml
tasks:
- name: install php
yum:
name: "{{ packages }}"
state: present
- name: config php-fpm
lineinfile:
path: /etc/php-fpm.d/www.conf
regex: '^listen = /run/php-fpm/www.sock'
line: 'listen=0.0.0.0:9000'
state: present
创建lamp项目模板
//配置变量
[root@ansible ~] mkdir -p /project/modules/lamp/vars
[root@ansible ~] vim /project/modules/lamp/vars/mysql.yml
depend_mysql_on_lamp:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
//创建lamp模板
[root@ansible ~] vim /project/modules/lamp/main.yml
---
- name: import yum
import_playbook: ../yum/main.yml
- name: import apache
import_playbook: ../webservers/apache/install.yml
- name: import mysql
import_playbook: ../databases/mysql/install.yml
- name: import php
import_playbook: ../apps/php/install.yml
- name: config apache for lamp
hosts: webservers
tasks:
- name: enable module(1)
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^#LoadModule proxy_module'
line: LoadModule proxy_module modules/mod_proxy.so
- name: enable module(2)
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^#LoadModule proxy_fcgi_module'
line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
- name: add index.php
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^ DirectoryIndex'
line: ' DirectoryIndex index.php index.html'
- name: add type
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '^ AddType application/x-gzip .gz .tgz'
line: " AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
"
- name: add virtualhost
lineinfile:
path: /etc/httpd24/httpd.conf
regexp: '<VirtualHost *:80>'
line: |
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/"
ServerName yuqinghao.com
ProxyRequests Off
ProxyPassMatch ^/(.*.php)$ fcgi://192.168.100.4:9000/var/www/html/$1
<Directory "/usr/local/apache/htdocs/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
state: present
- name: config mysql for lamp
hosts: databases
vars_files:
- vars/mysql.yml
tasks:
- name: install depend mysql on lamp
yum:
name: "{{ depend_mysql_on_lamp }}"
state: present
- name: config php for lamp
hosts: apps
tasks:
- name: mkdir index.php
file:
path: /var/www/html/index.php
owner: apache
group: apache
state: touch
- name: index.php config
lineinfile:
path: /var/www/html/index.php
line: "<?php
phpinfo();
?>"
state: present
- name: change web address
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients = 127.0.0.1'
line: "listen.allowed_clients = 192.168.100.2"
搭建lamp
//创建项目文件夹
[root@ansible ~] mkdir -p /project/project-1
//在项目yuqinghao中搭建lamp
[root@ansible ~] vim /project/project-1/main.yml
---
- name: import lamp
import_playbook: ../modules/lamp/main.yml
- name: config apache for lamp
hosts: webservers
tasks:
- name: start httpd service
service:
name: httpd
state: started
enabled: yes
- name: config mysql for lamp
hosts: databases
tasks:
- name: start mysql on lamp
service:
name: mysqld
state: started
enabled: yes
- name: set password for mysql
import_playbook: ./secret.yml
- name: config php for lamp
hosts: apps
tasks:
- name: start php service
service:
name: php-fpm
state: started
enabled: yes
设置并修改mysql的密码(需要加密)
//编写修改密码剧本
[root@ansible ~]# vim /project/project1/secret.yml
---
- name: config mysql for lamp
hosts: databases
tasks: vim
- name: set password for mysql
shell: /usr/local/mysql/bin/mysql -uroot -e "set password = password("123456");"
//加密修改密码剧本
[root@ansible ~]# ansible-vault encrypt /project/project1/secret.yml
New Vault password: yanchuang
Confirm New Vault password: yanchuang
Encryption successful
//记录加密密码
[root@ansible ~]# echo 'yanchuang' > /project/project1/.mypass
//修改权限只允许root读写
[root@ansible ~]# chmod 600 /project/project1/.mypass
//使用加密密码查看加密剧本
[root@ansible ~]# ansible-vault view --vault-password-file=/project/project1/.mypass /project/project1/secret.yml
执行剧本
[root@ansible ~]# cd /project/
[root@ansible project]# ansible-playbook --vault-password-file=project1/.mypass project-1/main.yml
验证
