弄4台主机,其中一台装ansible,其余三台分别部署nginx、mysql、php,实现lamp架构。请合理分配主机资源,所有主机均给500M内存即可,若资源富裕多给些亦可。
主控机ip:192.168.44.128 localhost ansible
受控机ip:192.168.44.131 node2 httpd
192.168.44.132 node3 mysql
192.168.44.133 node4 php
整体结构树
[root@localhost project]# tree . . ├── lamp │ └── main.yml └── modules ├── ansible.cfg ├── base │ ├── files │ │ ├── centos7-base.repo │ │ ├── centos8-base.repo │ │ ├── epel-7.repo │ │ └── epel-8.repo │ └── yum.yml ├── databases │ └── mysql │ ├── install.yml │ ├── packages │ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz │ ├── templates │ │ ├── mysql.j2 │ │ └── mysql.service.j2 │ └── vars │ └── mysql.yml ├── inventory ├── phpproject │ └── php │ ├── install.yml │ └── vars │ └── php.yml └── web └── apache ├── install.yml ├── packages │ ├── apr-1.7.0.tar.bz2 │ ├── apr-util-1.6.1.tar.gz │ └── httpd-2.4.46.tar.gz ├── templates │ ├── httpd.j2 │ └── httpd.service.j2 └── vars └── httpd.yml
准备主机环境
//下载centos源 [root@localhost ~]# mount /dev/cdrom /mnt [root@ansible ~]# wget -O /project/modules/yum/files/centos7-base.repo https://mirrors.aliyun.com/repo/Centos-7.repo [root@ansible ~]# wget -O /project/modules/yum/files/centos8-base.repo https://mirrors.aliyun.com/repo/Centos-8.repo [root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /project/modules/yum/files/*.repo [root@ansible ~]# sed -i 's|$releasever|7|' /project/modules/yum/files/centos7-base.repo [root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/centos8-base.repo //下载epel源 [root@ansible ~]# wget -O /project/modules/yum/files/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo [root@ansible ~]# wget -O /project/modules/yum/files/epel-release-latest-8.noarch.rpm https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm //安装rpm包并提取repo源 [root@ansible ~]# rpm -ivh /project/modules/yum/files/epel-release-latest-8.noarch.rpm [root@ansible ~]# mv /etc/yum.repos.d/epel.repo /project/modules/yum/files/epel-8.repo [root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/centos8-base.repo [root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /project/modules/yum/files/epel-8.repo [root@ansible ~]# sed -i 's|^metalink|#metalink|' /project/modules/yum/files/epel-8.repo //设置gpgcheck=0 [root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /project/modules/yum/files/*.repo [root@localhost yum.repos.d]# yum clean all [root@localhost yum.repos.d]# yum makeache [root@localhost ~]# yum -y install vim //设置三台受控机免密登陆 [root@localhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.44.131 node2 192.168.44.132 node3 192.168.44.133 node4 [root@localhost ~]# ssh-keygen -t rsa //全部按回车 [root@localhost ~]# ssh-copy-id root@192.168.44.131 [root@localhost ~]# ssh-copy-id root@192.168.44.132 [root@localhost ~]# ssh-copy-id root@192.168.44.133 [root@localhost ~]# vim /etc/ansible/ansible.cfg #inventory = /etc/ansible/hosts //取消注释并把路径改成./inventory [root@localhost ~]# cd project/modules [root@localhost modules]# cp /etc/ansible/ansible.cfg . [root@localhost modules]# vi inventory [group_apache] node2 [group_mysql] node3 [group_php] node4 //测试能否使用ansible链接其他受控机 [root@localhost ~]# ansible node2 -m ping [root@localhost ~]# ansible node3 -m ping [root@localhost ~]# ansible node4 -m ping
配置yum源的playbook
[root@localhost ~]# vim project/modules/base/yum.yml --- - hosts: all tasks: - name: yum config for base copy: src: files/centos{{ ansible_facts['distribution_major_version'] }}-base.repo dest: /etc/yum.repos.d/centos-base.repo when: ansible_facts['distribution'] == 'RedHat' - name: yum config for epel copy: src: files/epel-{{ ansible_facts['distribution_major_version'] }}.repo dest: /etc/yum.repos.d/epel.repo - name: stop firewalld service: name: firewalld state: stopped - name: disabled selinux lineinfile: path: /etc/selinux/config regexp: '^SELINUX=' line: SELINUX=disabled - name: stop selinux shell: setenforce 0 [root@localhost ~]# ansible-playbook project/modules/base/yum.yml
httpd部分
[root@localhost modules]# vim web/apache/vars/httpd.yml packages: - openssl-devel - pcre-devel - expat-devel - libtool - gcc - gcc-c++ - make - '@development tools' user: apache php_ip: 192.168.44.133 //模板文件httpd.j2配置 [root@localhost modules]# vim web/apache/templates/httpd.j2 //搜索AddType AddType application/x-compress .Z AddType application/x-gzip .gz .tgz AddType application/x-httpd-php .php //添加此行 AddType application/x-httpd-php-source .phps //添加此行 //搜索proxy.so #LoadModule remoteip_module modules/mod_remoteip.so LoadModule proxy_module modules/mod_proxy.so //取消注释 #LoadModule proxy_connect_module modules/mod_proxy_connect.so #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so #LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so //取消注释 //搜索index.html DirectoryIndex index.php index.html //添加index.php在前面 //在配置文件的最后加入以下内容 <VirtualHost *:80> DocumentRoot "/usr/local/apache/htdocs/" ServerName www.csltest.com ProxyRequests Off ProxyPassMatch ^/(.*.php)$ fcgi://{{ hostvars['node4'].ansible_default_ipv4.address }}:9000/var/www/html/$1 <Directory "/usr/local/apache/htdocs"> Options none AllowOverride none Require all granted </Directory> </VirtualHost> //模板文件httpd.service配置 [root@localhost modules]# vim web/apache/templates/httpd.service.j2 [Unit] Description = The httpd process manager [Service] Type = forking ExecStart = /usr/local/apache/bin/apachectl ExecReload = /usr/local/apache/bin/apachectl -s reload ExecStop = /usr/local/apache/apachectl -s stop [Install] WantedBy = multi-user.target //编写apache的playbook [root@localhost modules]# vim web/apache/install.yml --- - hosts: node2 vars_files: - vars/httpd.yml tasks: - name: create user user: name: '{{ user }}' system: yes create_home: no shell: /sbin/nologin state: present - name: install base packages yum: name: '{{ item }}' state: present loop: '{{ packages }}' - name: uncompress apr unarchive: src: packages/apr-1.7.0.tar.bz2 dest: /opt/ - name: uncompress apr-util unarchive: src: packages/apr-util-1.6.1.tar.gz dest: /opt/ - name: uncompress httpd unarchive: src: packages/httpd-2.4.46.tar.gz dest: /opt/ - name: install apr shell: sed -i 's/$RM "$cfgfile"/#$RM "$cfgfile"/' /opt/apr-1.7.0/configure && cd /opt/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install - name: install apr-util shell: cd /opt/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install - name: install httpd shell: cd /opt/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install - name: create export path shell: echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh - name: systemctl httpd template: src: templates/httpd.service.j2 dest: /usr/lib/systemd/system/httpd.service - name: shell: systemctl daemon-reload
mysql部分
//编辑模板文件mysql.j2 [root@localhost modules]# vim databases/mysql/templates/mysql.j2 [mysqld] basedir = {{ basedir }}/mysql datadir = {{ datadir }} socket = /tmp/mysql.sock port = 3306 pid-file = {{ datadir }}/mysql.pid user = mysql skip-name-resolve //创建模板文件mysqld.service.j2 [root@localhost ~]# vim project/modules/databases/mysql/templates/mysqld.service.j2 [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql Type=forking PIDFile={{ datadir }}/mysql.pid TimeoutSec=0 PermissionsStartOnly=true ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir}}/mysql.pid $MYSQLD_OPTS LimitNOFILE = 5000 Restart=on-failure RestartPreventExitStatus=1 PrivateTmp=false [root@localhost modules]# vim databases/mysql/vars/mysql.yml packages: - ncurses-devel - openssl-devel - openssl - cmake - mariadb-devel - ncurses-compat-libs datadir: /mydata basedir: /usr/local user: mysql //配置mysql的playbook [root@localhost modules]# vim databases/mysql/install.yml - hosts: node3 vars_files: - vars/mysql.yml tasks: - name: base packages yum: name: '{{ item }}' state: present loop: '{{ packages }}' - name: create user user: name: '{{ user }}' create_home: no system: yes shell: /sbin/nologin state: present - name: uncompress mysql unarchive: src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz dest: '{{ basedir }}/' owner: mysql group: mysql - name: soft link file: src: '{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64' dest: '{{ basedir }}/mysql' state: link - name: create export mysql shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh - name: create datadir file: path: '{{ datadir }}' owner: mysql group: mysql state: directory - name: initialize mysql shell: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}' ignore_errors: yes - name: config file template: src: templates/mysql.j2 dest: /etc/my.cnf - name: systemctl mysqld template: src: templates/mysqld.service.j2 dest: /usr/lib/systemd/system/mysqld.service - name: reload shell: systemctl daemon-reload
php部分
[root@localhost modules]# vim appproject/php/vars/php.yml packages: - libxml2 - libxml2-devel - openssl - openssl-devel - bzip2 - bzip2-devel - libcurl - libcurl-devel - libicu-devel - libjpeg - libjpeg-devel - libpng - libpng-devel - openldap-devel - pcre-devel - freetype - freetype-devel - gmp - gmp-devel - libmcrypt - libmcrypt-devel - readline - readline-devel - libxslt - libxslt-devel - mhash - mhash-devel - php-mysqlnd - php-* //配置php的playbook [root@localhost modules]# vim appproject/php/install.yml --- - hosts: node4 vars_files: - vars/php.yml tasks: - name: base packages yum: name: '{{ item }}' state: present loop: '{{ packages }}' - name: config php socket lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen =' line: listen = 0.0.0.0:9000
lamp部分
[root@localhost project]# vim lamp/main.yml --- - name: conf yum.repo import_playbook: ../modules/base/yum.yml - name: httpd import_playbook: ../modules/web/apache/install.yml - name: mysql import_playbook: ../modules/databases/mysql/install.yml - name: php import_playbook: ../modules/application/php/install.yml - hosts: node2 vars_files: - ../modules/web/apache/vars/httpd.yml tasks: - name: httpd config file template: src: ../modules/web/apache/templates/httpd.j2 dest: /etc/httpd24/httpd.conf - name: start httpd service: name: httpd enabled: yes state: started - hosts: node3 vars_files: - ../modules/databases/mysql/vars/mysql.yml tasks: - name: start mysql service: name: mysqld enabled: yes state: started - name: set passwd shell: '{{ basedir }}/mysql/bin/mysql -uroot -e "set password = password("123")"' - hosts: node4 tasks: - name: index.php file: path: /var/www/html/index.php owner: apache group: apache state: touch - name: test index lineinfile: path: /var/www/html/index.php line: | <?php phpinfo(); ?> state: present - name: allow access to IP lineinfile: path: /etc/php-fpm.d/www.conf regexp: '^listen.allowed_clients =' line: listen.allowed_clients = 192.168.44.131 - name: start php service: name: php-fpm state: started enabled: yes [root@localhost project]# ansible-playbook lamp/main.yml
验证,在浏览器里输入安装httpd服务的受控机IP