1. 配置服务器初始化
1.1) 关闭防火墙和selinux
1 [root@test-1 ~]# /bin/systemctl stop firewalld 2 [root@test-1 ~]# /bin/systemctl disable firewalld 3 [root@test-1 ~]# getenforce #查看selinux是否开启 4 Enforcing #enforcing表示selinux开启的, 5 [root@test-1 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config #修改配置文件,需要重启才后永久关闭 6 [root@test-1 ~]# setenforce 0 #临时关闭selinx 7 [root@test-1 ~]# getenforce #查看是否关闭 8 Disabled
1.2) 安装epel源
1 [root@test-1 ~]# rpm -ivh http://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm 2 Retrieving http://mirrors.ustc.edu.cn/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm 3 Preparing... ################################# [100%] 4 Updating / installing... 5 1:epel-release-7-11 ################################# [100%]
1.3) 安装ansible
1 [root@test-1 ~]# yum install ansible -y 2 Loaded plugins: fastestmirror 3 Determining fastest mirrors 4 epel/x86_64/metalink | 4.7 kB 00:00:00 5 * base: mirror.den1.denvercolo.net 6 * epel: mirrors.aliyun.com 7 * extras: mirrors.aliyun.com 8 * updates: mirrors.aliyun.com 9 base | 3.6 kB 00:00:00 10 epel | 5.3 kB 00:00:00 11 extras | 3.4 kB 00:00:00 12 updates | 3.4 kB 00:00:00 13 epel/x86_64/primary_db FAILED 14 http://fedora.cs.nctu.edu.tw/epel/7/x86_64/repodata/4eaf3073c0c7e6790fe6fc3e69cb1ba4567533af7a2251793344217a67b703b9-primary.sqlite.bz2: [Errno 14] HTTP Error 404 - Not Found 15 Trying other mirror. 16 To address this issue please refer to the below wiki article 17 18 https://wiki.centos.org/yum-errors 19 20 If above article doesn't help to resolve this issue please use https://bugs.centos.org/. 21 22 (1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:03 23 epel/x86_64/primary_db FAILED 24 http://ftp.jaist.ac.jp/pub/Linux/Fedora/epel/7/x86_64/repodata/4eaf3073c0c7e6790fe6fc3e69cb1ba4567533af7a2251793344217a67b703b9-primary.sqlite.bz2: [Errno 14] curl#7 - "Failed connect to ftp.jaist.ac.jp:80; Network is unreachable" 25 Trying other mirror. 26 (2/2): epel/x86_64/primary_db | 6.8 MB 00:00:17 27 Resolving Dependencies 28 --> Running transaction check 29 ---> Package ansible.noarch 0:2.8.4-1.el7 will be installed 30 --> Finished Dependency Resolution 31 32 Dependencies Resolved 33 34 ========================================================================================================================================================================= 35 Package Arch Version Repository Size 36 ========================================================================================================================================================================= 37 Installing: 38 ansible noarch 2.8.4-1.el7 epel 15 M 39 40 Transaction Summary 41 ========================================================================================================================================================================= 42 Install 1 Package 43 44 Total download size: 15 M 45 Installed size: 84 M 46 Downloading packages: 47 ansible-2.8.4-1.el7.noarch.rpm | 15 MB 00:00:41 48 Running transaction check 49 Running transaction test 50 Transaction test succeeded 51 Running transaction 52 Installing : ansible-2.8.4-1.el7.noarch 1/1 53 Verifying : ansible-2.8.4-1.el7.noarch 1/1 54 55 Installed: 56 ansible.noarch 0:2.8.4-1.el7 57 58 Complete!
2. 配置ansible配置文件修改
2.1) 配置ansible配置文件
1 [root@test-1 ~]# vim /etc/ansible/ansible.cfg 2 [root@test-1 ~]# cat /etc/ansible/ansible.cfg 3 # config file for ansible -- https://ansible.com/ 4 # =============================================== 5 6 # nearly all parameters can be overridden in ansible-playbook 7 # or with command line flags. ansible will read ANSIBLE_CONFIG, 8 # ansible.cfg in the current working directory, .ansible.cfg in 9 # the home directory or /etc/ansible/ansible.cfg, whichever it 10 # finds first 11 12 [defaults] 13 14 # some basic default values... 15 16 inventory = /etc/ansible/hosts 17 library = /usr/share/ansible 18 #module_utils = /usr/share/my_module_utils/ 19 #remote_tmp = ~/.ansible/tmp 20 #local_tmp = ~/.ansible/tmp 21 #plugin_filters_cfg = /etc/ansible/plugin_filters.yml 22 forks = 5 23 #poll_interval = 15 24 sudo_user = root 25 #ask_sudo_pass = True 26 #ask_pass = True 27 #transport = smart 28 remote_port = 22 29 #module_lang = C 30 #module_set_locale = False 31 32 # plays will gather facts by default, which contain information about 33 # the remote system. 34 # 35 # smart - gather by default, but don't regather if already gathered 36 # implicit - gather by default, turn off with gather_facts: False 37 # explicit - do not gather by default, must say gather_facts: True 38 #gathering = implicit 39 40 # This only affects the gathering done by a play's gather_facts directive, 41 # by default gathering retrieves all facts subsets 42 # all - gather all subsets 43 # network - gather min and network facts 44 # hardware - gather hardware facts (longest facts to retrieve) 45 # virtual - gather min and virtual facts 46 # facter - import facts from facter 47 # ohai - import facts from ohai 48 # You can combine them using comma (ex: network,virtual) 49 # You can negate them using ! (ex: !hardware,!facter,!ohai) 50 # A minimal set of facts is always gathered. 51 #gather_subset = all 52 53 # some hardware related facts are collected 54 # with a maximum timeout of 10 seconds. This 55 # option lets you increase or decrease that 56 # timeout to something more suitable for the 57 # environment. 58 # gather_timeout = 10 59 60 # Ansible facts are available inside the ansible_facts.* dictionary 61 # namespace. This setting maintains the behaviour which was the default prior 62 # to 2.5, duplicating these variables into the main namespace, each with a 63 # prefix of 'ansible_'. 64 # This variable is set to True by default for backwards compatibility. It 65 # will be changed to a default of 'False' in a future release. 66 # ansible_facts. 67 # inject_facts_as_vars = True 68 69 # additional paths to search for roles in, colon separated 70 #roles_path = /etc/ansible/roles 71 72 # uncomment this to disable SSH key host checking 73 host_key_checking = False 74 75 # change the default callback, you can only have one 'stdout' type enabled at a time. 76 #stdout_callback = skippy 77 78 79 ## Ansible ships with some plugins that require whitelisting, 80 ## this is done to avoid running all of a type by default. 81 ## These setting lists those that you want enabled for your system. 82 ## Custom plugins should not need this unless plugin author specifies it. 83 84 # enable callback plugins, they can output to stdout but cannot be 'stdout' type. 85 #callback_whitelist = timer, mail 86 87 # Determine whether includes in tasks and handlers are "static" by 88 # default. As of 2.0, includes are dynamic by default. Setting these 89 # values to True will make includes behave more like they did in the 90 # 1.x versions. 91 #task_includes_static = False 92 #handler_includes_static = False 93 94 # Controls if a missing handler for a notification event is an error or a warning 95 #error_on_missing_handler = True 96 97 # change this for alternative sudo implementations 98 #sudo_exe = sudo 99 100 # What flags to pass to sudo 101 # WARNING: leaving out the defaults might create unexpected behaviours 102 #sudo_flags = -H -S -n 103 104 # SSH timeout 105 timeout = 20 106 107 # default user to use for playbooks if user is not specified 108 # (/usr/bin/ansible will use current user as default) 109 #remote_user = root 110 111 # logging is off by default unless this path is defined 112 # if so defined, consider logrotate 113 log_path = /var/log/ansible/ansible.log 114 115 # default module name for /usr/bin/ansible 116 #module_name = command 117 118 # use this shell for commands executed under sudo 119 # you may need to change this to bin/bash in rare instances 120 # if sudo is constrained 121 #executable = /bin/sh 122 123 # if inventory variables overlap, does the higher precedence one win 124 # or are hash values merged together? The default is 'replace' but 125 # this can also be set to 'merge'. 126 #hash_behaviour = replace 127 128 # by default, variables from roles will be visible in the global variable 129 # scope. To prevent this, the following option can be enabled, and only 130 # tasks and handlers within the role will see the variables there 131 #private_role_vars = yes 132 133 # list any Jinja2 extensions to enable here: 134 #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 135 136 # if set, always use this private key file for authentication, same as 137 # if passing --private-key to ansible or ansible-playbook 138 private_key_file = /root/.ssh/id_rsa 139 140 # If set, configures the path to the Vault password file as an alternative to 141 # specifying --vault-password-file on the command line. 142 #vault_password_file = /path/to/vault_password_file 143 144 # format of string {{ ansible_managed }} available within Jinja2 145 # templates indicates to users editing templates files will be replaced. 146 # replacing {file}, {host} and {uid} and strftime codes with proper values. 147 #ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 148 # {file}, {host}, {uid}, and the timestamp can all interfere with idempotence 149 # in some situations so the default is a static string: 150 #ansible_managed = Ansible managed 151 152 # by default, ansible-playbook will display "Skipping [host]" if it determines a task 153 # should not be run on a host. Set this to "False" if you don't want to see these "Skipping" 154 # messages. NOTE: the task header will still be shown regardless of whether or not the 155 # task is skipped. 156 #display_skipped_hosts = True 157 158 # by default, if a task in a playbook does not include a name: field then 159 # ansible-playbook will construct a header that includes the task's action but 160 # not the task's args. This is a security feature because ansible cannot know 161 # if the *module* considers an argument to be no_log at the time that the 162 # header is printed. If your environment doesn't have a problem securing 163 # stdout from ansible-playbook (or you have manually specified no_log in your 164 # playbook on all of the tasks where you have secret information) then you can 165 # safely set this to True to get more informative messages. 166 #display_args_to_stdout = False 167 168 # by default (as of 1.3), Ansible will raise errors when attempting to dereference 169 # Jinja2 variables that are not set in templates or action lines. Uncomment this line 170 # to revert the behavior to pre-1.3. 171 #error_on_undefined_vars = False 172 173 # by default (as of 1.6), Ansible may display warnings based on the configuration of the 174 # system running ansible itself. This may include warnings about 3rd party packages or 175 # other conditions that should be resolved if possible. 176 # to disable these warnings, set the following value to False: 177 #system_warnings = True 178 179 # by default (as of 1.4), Ansible may display deprecation warnings for language 180 # features that should no longer be used and will be removed in future versions. 181 # to disable these warnings, set the following value to False: 182 deprecation_warnings = False 183 184 # (as of 1.8), Ansible can optionally warn when usage of the shell and 185 # command module appear to be simplified by using a default Ansible module 186 # instead. These warnings can be silenced by adjusting the following 187 # setting or adding warn=yes or warn=no to the end of the command line 188 # parameter string. This will for example suggest using the git module 189 # instead of shelling out to the git command. 190 # command_warnings = False 191 192 193 # set plugin path directories here, separate with colons 194 #action_plugins = /usr/share/ansible/plugins/action 195 #become_plugins = /usr/share/ansible/plugins/become 196 #cache_plugins = /usr/share/ansible/plugins/cache 197 #callback_plugins = /usr/share/ansible/plugins/callback 198 #connection_plugins = /usr/share/ansible/plugins/connection 199 #lookup_plugins = /usr/share/ansible/plugins/lookup 200 #inventory_plugins = /usr/share/ansible/plugins/inventory 201 #vars_plugins = /usr/share/ansible/plugins/vars 202 #filter_plugins = /usr/share/ansible/plugins/filter 203 #test_plugins = /usr/share/ansible/plugins/test 204 #terminal_plugins = /usr/share/ansible/plugins/terminal 205 #strategy_plugins = /usr/share/ansible/plugins/strategy 206 207 208 # by default, ansible will use the 'linear' strategy but you may want to try 209 # another one 210 #strategy = free 211 212 # by default callbacks are not loaded for /bin/ansible, enable this if you 213 # want, for example, a notification or logging callback to also apply to 214 # /bin/ansible runs 215 #bin_ansible_callbacks = False 216 217 218 # don't like cows? that's unfortunate. 219 # set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 220 #nocows = 1 221 222 # set which cowsay stencil you'd like to use by default. When set to 'random', 223 # a random stencil will be selected for each task. The selection will be filtered 224 # against the `cow_whitelist` option below. 225 #cow_selection = default 226 #cow_selection = random 227 228 # when using the 'random' option for cowsay, stencils will be restricted to this list. 229 # it should be formatted as a comma-separated list with no spaces between names. 230 # NOTE: line continuations here are for formatting purposes only, as the INI parser 231 # in python does not support them. 232 #cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes, 233 # hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus, 234 # stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www 235 236 # don't like colors either? 237 # set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1 238 #nocolor = 1 239 240 # if set to a persistent type (not 'memory', for example 'redis') fact values 241 # from previous runs in Ansible will be stored. This may be useful when 242 # wanting to use, for example, IP information from one group of servers 243 # without having to talk to them in the same playbook run to get their 244 # current IP information. 245 #fact_caching = memory 246 247 #This option tells Ansible where to cache facts. The value is plugin dependent. 248 #For the jsonfile plugin, it should be a path to a local directory. 249 #For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0 250 251 #fact_caching_connection=/tmp 252 253 254 255 # retry files 256 # When a playbook fails a .retry file can be created that will be placed in ~/ 257 # You can enable this feature by setting retry_files_enabled to True 258 # and you can change the location of the files by setting retry_files_save_path 259 260 #retry_files_enabled = False 261 #retry_files_save_path = ~/.ansible-retry 262 263 # squash actions 264 # Ansible can optimise actions that call modules with list parameters 265 # when looping. Instead of calling the module once per with_ item, the 266 # module is called once with all items at once. Currently this only works 267 # under limited circumstances, and only with parameters named 'name'. 268 #squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper 269 270 # prevents logging of task data, off by default 271 #no_log = False 272 273 # prevents logging of tasks, but only on the targets, data is still logged on the master/controller 274 #no_target_syslog = False 275 276 # controls whether Ansible will raise an error or warning if a task has no 277 # choice but to create world readable temporary files to execute a module on 278 # the remote machine. This option is False by default for security. Users may 279 # turn this on to have behaviour more like Ansible prior to 2.1.x. See 280 # https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user 281 # for more secure ways to fix this than enabling this option. 282 #allow_world_readable_tmpfiles = False 283 284 # controls the compression level of variables sent to 285 # worker processes. At the default of 0, no compression 286 # is used. This value must be an integer from 0 to 9. 287 #var_compression_level = 9 288 289 # controls what compression method is used for new-style ansible modules when 290 # they are sent to the remote system. The compression types depend on having 291 # support compiled into both the controller's python and the client's python. 292 # The names should match with the python Zipfile compression types: 293 # * ZIP_STORED (no compression. available everywhere) 294 # * ZIP_DEFLATED (uses zlib, the default) 295 # These values may be set per host via the ansible_module_compression inventory 296 # variable 297 #module_compression = 'ZIP_DEFLATED' 298 299 # This controls the cutoff point (in bytes) on --diff for files 300 # set to 0 for unlimited (RAM may suffer!). 301 #max_diff_size = 1048576 302 303 # This controls how ansible handles multiple --tags and --skip-tags arguments 304 # on the CLI. If this is True then multiple arguments are merged together. If 305 # it is False, then the last specified argument is used and the others are ignored. 306 # This option will be removed in 2.8. 307 #merge_multiple_cli_flags = True 308 309 # Controls showing custom stats at the end, off by default 310 #show_custom_stats = True 311 312 # Controls which files to ignore when using a directory as inventory with 313 # possibly multiple sources (both static and dynamic) 314 #inventory_ignore_extensions = ~, .orig, .bak, .ini, .cfg, .retry, .pyc, .pyo 315 316 # This family of modules use an alternative execution path optimized for network appliances 317 # only update this setting if you know how this works, otherwise it can break module execution 318 #network_group_modules=eos, nxos, ios, iosxr, junos, vyos 319 320 # When enabled, this option allows lookups (via variables like {{lookup('foo')}} or when used as 321 # a loop with `with_foo`) to return data that is not marked "unsafe". This means the data may contain 322 # jinja2 templating language which will be run through the templating engine. 323 # ENABLING THIS COULD BE A SECURITY RISK 324 #allow_unsafe_lookups = False 325 326 # set default errors for all plays 327 #any_errors_fatal = False 328 329 [inventory] 330 # enable inventory plugins, default: 'host_list', 'script', 'auto', 'yaml', 'ini', 'toml' 331 #enable_plugins = host_list, virtualbox, yaml, constructed 332 333 # ignore these extensions when parsing a directory as inventory source 334 #ignore_extensions = .pyc, .pyo, .swp, .bak, ~, .rpm, .md, .txt, ~, .orig, .ini, .cfg, .retry 335 336 # ignore files matching these patterns when parsing a directory as inventory source 337 #ignore_patterns= 338 339 # If 'true' unparsed inventory sources become fatal errors, they are warnings otherwise. 340 #unparsed_is_failed=False 341 342 [privilege_escalation] 343 #become=True 344 #become_method=sudo 345 #become_user=root 346 #become_ask_pass=False 347 348 [paramiko_connection] 349 350 # uncomment this line to cause the paramiko connection plugin to not record new host 351 # keys encountered. Increases performance on new host additions. Setting works independently of the 352 # host key checking setting above. 353 #record_host_keys=False 354 355 # by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this 356 # line to disable this behaviour. 357 #pty=False 358 359 # paramiko will default to looking for SSH keys initially when trying to 360 # authenticate to remote devices. This is a problem for some network devices 361 # that close the connection after a key failure. Uncomment this line to 362 # disable the Paramiko look for keys function 363 #look_for_keys = False 364 365 # When using persistent connections with Paramiko, the connection runs in a 366 # background process. If the host doesn't already have a valid SSH key, by 367 # default Ansible will prompt to add the host key. This will cause connections 368 # running in background processes to fail. Uncomment this line to have 369 # Paramiko automatically add host keys. 370 #host_key_auto_add = True 371 372 [ssh_connection] 373 374 # ssh arguments to use 375 # Leaving off ControlPersist will result in poor performance, so use 376 # paramiko on older platforms rather than removing it, -C controls compression use 377 #ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s 378 379 # The base directory for the ControlPath sockets. 380 # This is the "%(directory)s" in the control_path option 381 # 382 # Example: 383 # control_path_dir = /tmp/.ansible/cp 384 #control_path_dir = ~/.ansible/cp 385 386 # The path to use for the ControlPath sockets. This defaults to a hashed string of the hostname, 387 # port and username (empty string in the config). The hash mitigates a common problem users 388 # found with long hostnames and the conventional %(directory)s/ansible-ssh-%%h-%%p-%%r format. 389 # In those cases, a "too long for Unix domain socket" ssh error would occur. 390 # 391 # Example: 392 # control_path = %(directory)s/%%h-%%r 393 #control_path = 394 395 # Enabling pipelining reduces the number of SSH operations required to 396 # execute a module on the remote server. This can result in a significant 397 # performance improvement when enabled, however when using "sudo:" you must 398 # first disable 'requiretty' in /etc/sudoers 399 # 400 # By default, this option is disabled to preserve compatibility with 401 # sudoers configurations that have requiretty (the default on many distros). 402 # 403 #pipelining = False 404 405 # Control the mechanism for transferring files (old) 406 # * smart = try sftp and then try scp [default] 407 # * True = use scp only 408 # * False = use sftp only 409 #scp_if_ssh = smart 410 411 # Control the mechanism for transferring files (new) 412 # If set, this will override the scp_if_ssh option 413 # * sftp = use sftp to transfer files 414 # * scp = use scp to transfer files 415 # * piped = use 'dd' over SSH to transfer files 416 # * smart = try sftp, scp, and piped, in that order [default] 417 #transfer_method = smart 418 419 # if False, sftp will not use batch mode to transfer files. This may cause some 420 # types of file transfer failures impossible to catch however, and should 421 # only be disabled if your sftp version has problems with batch mode 422 #sftp_batch_mode = False 423 424 # The -tt argument is passed to ssh when pipelining is not enabled because sudo 425 # requires a tty by default. 426 #usetty = True 427 428 # Number of times to retry an SSH connection to a host, in case of UNREACHABLE. 429 # For each retry attempt, there is an exponential backoff, 430 # so after the first attempt there is 1s wait, then 2s, 4s etc. up to 30s (max). 431 #retries = 3 432 433 [persistent_connection] 434 435 # Configures the persistent connection timeout value in seconds. This value is 436 # how long the persistent connection will remain idle before it is destroyed. 437 # If the connection doesn't receive a request before the timeout value 438 # expires, the connection is shutdown. The default value is 30 seconds. 439 #connect_timeout = 30 440 441 # The command timeout value defines the amount of time to wait for a command 442 # or RPC call before timing out. The value for the command timeout must 443 # be less than the value of the persistent connection idle timeout (connect_timeout) 444 # The default value is 30 second. 445 #command_timeout = 30 446 447 [accelerate] 448 #accelerate_port = 5099 449 #accelerate_timeout = 30 450 #accelerate_connect_timeout = 5.0 451 452 # The daemon timeout is measured in minutes. This time is measured 453 # from the last activity to the accelerate daemon. 454 #accelerate_daemon_timeout = 30 455 456 # If set to yes, accelerate_multi_key will allow multiple 457 # private keys to be uploaded to it, though each user must 458 # have access to the system via SSH to add a new key. The default 459 # is "no". 460 #accelerate_multi_key = yes 461 462 [selinux] 463 # file systems that require special treatment when dealing with security context 464 # the default behaviour that copies the existing context or uses the user default 465 # needs to be changed to use the file system dependent context. 466 #special_context_filesystems=nfs,vboxsf,fuse,ramfs,9p 467 468 # Set this to yes to allow libvirt_lxc connections to work without SELinux. 469 #libvirt_lxc_noseclabel = yes 470 471 [colors] 472 #highlight = white 473 #verbose = blue 474 #warn = bright purple 475 #error = red 476 #debug = dark gray 477 #deprecate = purple 478 #skip = cyan 479 #unreachable = red 480 #ok = green 481 #changed = yellow 482 #diff_add = green 483 #diff_remove = red 484 #diff_lines = cyan 485 486 487 [diff] 488 # Always print diff when running ( same as always running with -D/--diff ) 489 # always = no 490 491 # Set how many context lines to show in diff 492 # context = 3
修改黄色标记位置,修改为一样
2.2) 配置ansible的hosts文件
提示:注意以下的配置的hosts文件的IP要根据自己的环境IP配置
1 [root@test-1 ~]# vim /etc/ansible/hosts 2 [root@test-1 ~]# cat /etc/ansible/hosts 3 # This is the default ansible 'hosts' file. 4 # 5 # It should live in /etc/ansible/hosts 6 # 7 # - Comments begin with the '#' character 8 # - Blank lines are ignored 9 # - Groups of hosts are delimited by [header] elements 10 # - You can enter hostnames or ip addresses 11 # - A hostname/ip can be a member of multiple groups 12 # 13 # Ex 1: Ungrouped hosts, specify before any group headers. 14 [localhost] 15 192.168.200.131 ansible_host_pass='123456' 16 [web1] 17 192.168.200.132 ansible_host_pass='123456' 18 192.168.200.133 ansible_host_pass='123456' 19 20 [tomcat1] 21 192.168.200.134 ansible_host_pass='123456' 22 23 24 [mysql] 25 192.168.200.135 ansible_host_pass='123456' 26 27 [redis] 28 192.168.200.136 ansible_host_pass='123456' 29 30 # green.example.com 31 # blue.example.com 32 # 192.168.100.1 33 # 192.168.100.10 34 # 35 # Ex 2: A collection of hosts belonging to the 'webservers' group 36 # 37 # [webservers] 38 # alpha.example.org 39 # beta.example.org 40 # 192.168.1.100 41 # 192.168.1.110 42 # 43 # If you have multiple hosts following a pattern you can specify 44 # them like this: 45 # 46 # www[001:006].example.com 47 # 48 # Ex 3: A collection of database servers in the 'dbservers' group
3. 配置服务器免之间密钥通信
3.1) 创建免密钥
1 [root@test-1 ~]# ssh-keygen -t rsa 2 Generating public/private rsa key pair. 3 Enter file in which to save the key (/root/.ssh/id_rsa): 4 Enter passphrase (empty for no passphrase): 5 Enter same passphrase again: 6 Your identification has been saved in /root/.ssh/id_rsa. 7 Your public key has been saved in /root/.ssh/id_rsa.pub. 8 The key fingerprint is: 9 SHA256:lhTKHMoe5UjsWvb3xRHKeQVposFktqZnUONEtq3OEV8 root@test-1 10 The key's randomart image is: 11 +---[RSA 2048]----+ 12 | .. o+@ .o | 13 | o.B Xo*. + . | 14 | .= * B+.=Eo | 15 | .+. =.=+.o | 16 | +... S .o . | 17 | . .*.. o | 18 | .o. . | 19 | . | 20 | | 21 +----[SHA256]-----+
提示:
ssh-keygen -t rsa需要在每台的测试服务器上运行
3.2) 拷贝密钥到其他服务器上
1 [root@test-1 ~]# ssh-copy-id 192.168.200.132 2 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" 3 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 4 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 5 root@192.168.200.132's password: 6 Permission denied, please try again. 7 root@192.168.200.132's password: 8 9 Number of key(s) added: 1 10 11 Now try logging into the machine, with: "ssh '192.168.200.132'" 12 and check to make sure that only the key(s) you wanted were added. 13 14 [root@test-1 ~]# ssh-copy-id 192.168.200.133 15 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" 16 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 17 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 18 root@192.168.200.133's password: 19 20 Number of key(s) added: 1 21 22 Now try logging into the machine, with: "ssh '192.168.200.133'" 23 and check to make sure that only the key(s) you wanted were added. 24 25 [root@test-1 ~]# ssh-copy-id 192.168.200.134 26 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" 27 The authenticity of host '192.168.200.134 (192.168.200.134)' can't be established. 28 ECDSA key fingerprint is SHA256:tLhcv0ggEH8CXLX8raKfSu4pUHrHVL/3eWjACu9GbWo. 29 ECDSA key fingerprint is MD5:9b:f7:cf:6d:c1:dc:49:fb:fa:5b:6a:43:8d:9a:1b:91. 30 Are you sure you want to continue connecting (yes/no)? yes 31 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 32 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 33 root@192.168.200.134's password: 34 35 Number of key(s) added: 1 36 37 Now try logging into the machine, with: "ssh '192.168.200.134'" 38 and check to make sure that only the key(s) you wanted were added. 39 40 [root@test-1 ~]# ssh-copy-id 192.168.200.135 41 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" 42 The authenticity of host '192.168.200.135 (192.168.200.135)' can't be established. 43 ECDSA key fingerprint is SHA256:tLhcv0ggEH8CXLX8raKfSu4pUHrHVL/3eWjACu9GbWo. 44 ECDSA key fingerprint is MD5:9b:f7:cf:6d:c1:dc:49:fb:fa:5b:6a:43:8d:9a:1b:91. 45 Are you sure you want to continue connecting (yes/no)? yes 46 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 47 /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 48 root@192.168.200.135's password: 49 50 Number of key(s) added: 1 51 52 Now try logging into the machine, with: "ssh '192.168.200.135'" 53 and check to make sure that only the key(s) you wanted were added.
3.3) 验证是否可以从ansible主服务器连接到其他管理服务端服务器
1 [root@test-1 ~]# ssh 192.168.200.132 2 Last failed login: Thu Sep 19 12:17:05 EDT 2019 from 192.168.200.131 on ssh:notty 3 There was 1 failed login attempt since the last successful login. 4 Last login: Thu Sep 19 12:14:13 2019 from 192.168.200.1 5 6 [root@test-2 ~]# logout 7 Connection to 192.168.200.132 closed. 8 [root@test-1 ~]# ssh 192.168.200.133 9 Last login: Thu Sep 19 12:14:17 2019 from 192.168.200.1 10 11 [root@test-3 ~]# logout 12 Connection to 192.168.200.133 closed. 13 [root@test-1 ~]# ssh 192.168.200.134 14 Last login: Thu Sep 19 12:14:18 2019 from 192.168.200.1 15 16 [root@test-4 ~]# logout 17 Connection to 192.168.200.134 closed. 18 [root@test-1 ~]# ssh 192.168.200.135 19 Last login: Thu Sep 19 12:14:25 2019 from 192.168.200.1 20 21 [root@test-5 ~]# logout 22 Connection to 192.168.200.135 closed.
提示:
验证没问题,都可以连接
4. ansible连接是否ping是正常的
4.1) ansible使用ping,看主机是否正常
1 [root@test-1 ~]# ansible web1 -m ping 2 192.168.200.133 | SUCCESS => { 3 "ansible_facts": { 4 "discovered_interpreter_python": "/usr/bin/python" 5 }, 6 "changed": false, 7 "ping": "pong" 8 } 9 192.168.200.132 | SUCCESS => { 10 "ansible_facts": { 11 "discovered_interpreter_python": "/usr/bin/python" 12 }, 13 "changed": false, 14 "ping": "pong" 15 } 16 [root@test-1 ~]# ansible mysql -m ping 17 192.168.200.135 | SUCCESS => { 18 "ansible_facts": { 19 "discovered_interpreter_python": "/usr/bin/python" 20 }, 21 "changed": false, 22 "ping": "pong" 23 }
5. ansible-playbook通常github拉取部署
5.1) 创建ansible目录
1 [root@test-1 ~]# mkdir -p /ansible
5.2) 创建github目录拉取代码
1 [root@test-1 ~]# mkdir -p /github 2 [root@test-1 ~]# cd /github/ 3 [root@test-1 github]# ll 4 total 0
5.3) 安装git拉取工具
1 [root@test-1 github]# yum install git -y 2 [root@test-1 github]# git clone https://github.com/tiaotiaodan/ansible.git 3 Cloning into 'ansible'... 4 remote: Enumerating objects: 58, done. 5 remote: Counting objects: 100% (58/58), done. 6 remote: Compressing objects: 100% (40/40), done. 7 remote: Total 58 (delta 5), reused 58 (delta 5), pack-reused 0 8 Unpacking objects: 100% (58/58), done. 9 [root@test-1 github]# ll 10 total 0 11 drwxr-xr-x 5 root root 79 Sep 19 13:28 ansible
5.4) 拷贝ansible-playbook配置文件到/ansible下
1 [root@test-1 github]# cd ansible/ 2 [root@test-1 ansible]# ll 3 total 8 4 drwxr-xr-x 2 root root 17 Sep 19 13:28 group_vars 5 -rw-r--r-- 1 root root 326 Sep 19 13:28 hosts 6 drwxr-xr-x 7 root root 68 Sep 19 13:28 roles 7 -rw-r--r-- 1 root root 323 Sep 19 13:28 site.yaml 8 [root@test-1 ansible]# cp -a * /ansible/ 9 [root@test-1 ansible]# cd /ansible/ 10 [root@test-1 ansible]# ll 11 total 8 12 drwxr-xr-x 2 root root 17 Sep 19 13:28 group_vars 13 -rw-r--r-- 1 root root 326 Sep 19 13:28 hosts 14 drwxr-xr-x 7 root root 68 Sep 19 13:28 roles 15 -rw-r--r-- 1 root root 323 Sep 19 13:28 site.yaml
6. 部署ansible-playbook的lnmp环境
6.1) 进入ansible目录
1 [root@test-1 ansible]# cd /ansible/ 2 [root@test-1 ansible]# ll 3 total 8 4 drwxr-xr-x 2 root root 17 Sep 19 13:28 group_vars 5 -rw-r--r-- 1 root root 326 Sep 19 13:28 hosts 6 drwxr-xr-x 7 root root 68 Sep 19 13:28 roles 7 -rw-r--r-- 1 root root 323 Sep 19 13:28 site.yaml
6.2) 检查配置文件
1 [root@test-1 ansible]# ansible-playbook --syntax-check site.yaml 2 3 playbook: site.yaml
6.3) 执行配置文件
1 [root@test-1 ansible]# ansible-playbook site.yaml 2 3 PLAY [install nginx, php and www] *************************************************************************************************************************************** 4 5 TASK [Gathering Facts] ************************************************************************************************************************************************** 6 ok: [192.168.200.133] 7 ok: [192.168.200.132] 8 9 TASK [common : install yum centos 7 epel] ******************************************************************************************************************************* 10 ok: [192.168.200.133] 11 ok: [192.168.200.132] 12 13 TASK [common : Install deps] ******************************************************************************************************************************************** 14 changed: [192.168.200.132] => (item=[u'gcc', u'gcc-c++', u'gd', u'cmake', u'patch', u'autoconf', u'libjpeg', u'libjpeg-devel', u'libpng', u'libpng-devel', u'freetype', u'libxml2-devel', u'zlib', u'zlib-devel', u'glibc', u'glibc-devel', u'glib2', u'glib2-devel', u'ncurses', u'ncurses-devel', u'curl', u'curl-devel', u'e2fsprogs', u'krb5-devel', u'libidn', u'libidn-devel', u'openssl', u'openldap-devel', u'nss_ldap', u'openldap-clients', u'openldap-servers', u'pcre-devel', u'libmcrypt-devel']) 15 changed: [192.168.200.133] => (item=[u'gcc', u'gcc-c++', u'gd', u'cmake', u'patch', u'autoconf', u'libjpeg', u'libjpeg-devel', u'libpng', u'libpng-devel', u'freetype', u'libxml2-devel', u'zlib', u'zlib-devel', u'glibc', u'glibc-devel', u'glib2', u'glib2-devel', u'ncurses', u'ncurses-devel', u'curl', u'curl-devel', u'e2fsprogs', u'krb5-devel', u'libidn', u'libidn-devel', u'openssl', u'openldap-devel', u'nss_ldap', u'openldap-clients', u'openldap-servers', u'pcre-devel', u'libmcrypt-devel']) 16 17 TASK [nginx : mkdir /tools] ********************************************************************************************************************************************* 18 ok: [192.168.200.133] 19 ok: [192.168.200.132] 20 21 TASK [nginx : mkdir nginx log] ****************************************************************************************************************************************** 22 changed: [192.168.200.132] 23 changed: [192.168.200.133] 24 25 TASK [nginx : Copy nginx source pkg] ************************************************************************************************************************************ 26 changed: [192.168.200.133] 27 changed: [192.168.200.132] 28 29 TASK [nginx : Install nginx] ******************************************************************************************************************************************** 30 changed: [192.168.200.133] 31 changed: [192.168.200.132] 32 33 TASK [nginx : Creating Users Group] ************************************************************************************************************************************* 34 changed: [192.168.200.133] 35 changed: [192.168.200.132] 36 37 TASK [nginx : Creating Users] ******************************************************************************************************************************************* 38 changed: [192.168.200.132] 39 changed: [192.168.200.133] 40 41 TASK [nginx : mkdir /usr/local/nginx/conf/conf.d] ********************************************************************************************************************** 42 changed: [192.168.200.132] 43 changed: [192.168.200.133] 44 45 TASK [nginx : Copy nginx config file] *********************************************************************************************************************************** 46 changed: [192.168.200.132] 47 changed: [192.168.200.133] 48 49 TASK [nginx : Copy nginx www.conf] ************************************************************************************************************************************** 50 changed: [192.168.200.132] 51 changed: [192.168.200.133] 52 53 TASK [nginx : Change ownership of nginx installation] ******************************************************************************************************************* 54 changed: [192.168.200.132] 55 changed: [192.168.200.133] 56 57 TASK [nginx : Copy nginx systemctl service] ***************************************************************************************************************************** 58 changed: [192.168.200.132] 59 changed: [192.168.200.133] 60 61 TASK [nginx : system reload file nginx] ********************************************************************************************************************************* 62 changed: [192.168.200.132] 63 changed: [192.168.200.133] 64 65 TASK [nginx : systemctl start nginx service] *************************************************************************************************************************** 66 changed: [192.168.200.132] 67 changed: [192.168.200.133] 68 69 TASK [php : Install php deps] ******************************************************************************************************************************************* 70 changed: [192.168.200.133] => (item=[u'libmcrypt', u'libmcrypt-devel', u'autoconf', u'freetype', u'gd', u'libmcrypt', u'libpng', u'libpng-devel', u'libjpeg', u'libxml2', u'libxml2-devel', u'zlib', u'curl', u'curl-devel', u'net-snmp-devel', u'libjpeg-devel', u'php-ldap', u'openldap-devel', u'openldap-servers', u'openldap-clients', u'freetype-devel', u'gmp-devel']) 71 changed: [192.168.200.132] => (item=[u'libmcrypt', u'libmcrypt-devel', u'autoconf', u'freetype', u'gd', u'libmcrypt', u'libpng', u'libpng-devel', u'libjpeg', u'libxml2', u'libxml2-devel', u'zlib', u'curl', u'curl-devel', u'net-snmp-devel', u'libjpeg-devel', u'php-ldap', u'openldap-devel', u'openldap-servers', u'openldap-clients', u'freetype-devel', u'gmp-devel']) 72 73 TASK [php : mkdir /tools] *********************************************************************************************************************************************** 74 ok: [192.168.200.132] 75 ok: [192.168.200.133] 76 77 TASK [php : Copy php source pkg] **************************************************************************************************************************************** 78 changed: [192.168.200.133] 79 changed: [192.168.200.132] 80 81 TASK [php : Install php] ************************************************************************************************************************************************ 82 changed: [192.168.200.133] 83 changed: [192.168.200.132] 84 85 TASK [php : Copy php config file php-ini] ******************************************************************************************************************************* 86 changed: [192.168.200.132] 87 changed: [192.168.200.133] 88 89 TASK [php : Copy php config file php-fpm] ******************************************************************************************************************************* 90 changed: [192.168.200.132] 91 changed: [192.168.200.133] 92 93 TASK [php : Copy php php-fpm servers] *********************************************************************************************************************************** 94 changed: [192.168.200.132] 95 changed: [192.168.200.133] 96 97 TASK [php : systemctl start php service] ******************************************************************************************************************************** 98 changed: [192.168.200.133] 99 changed: [192.168.200.132] 100 101 TASK [www : mkdir www] ************************************************************************************************************************************************** 102 changed: [192.168.200.132] 103 changed: [192.168.200.133] 104 105 TASK [www : unarchive nginx source pkg] ********************************************************************************************************************************* 106 changed: [192.168.200.132] 107 changed: [192.168.200.133] 108 109 TASK [www : Change ownership of mysql installation] ********************************************************************************************************************* 110 changed: [192.168.200.132] 111 changed: [192.168.200.133] 112 113 RUNNING HANDLER [nginx : reload nginx] ********************************************************************************************************************************** 114 changed: [192.168.200.133] 115 changed: [192.168.200.132] 116 117 RUNNING HANDLER [php : restart php-fpm] ********************************************************************************************************************************* 118 changed: [192.168.200.132] 119 changed: [192.168.200.133] 120 121 PLAY [install mysql] **************************************************************************************************************************************************** 122 123 TASK [Gathering Facts] ************************************************************************************************************************************************** 124 ok: [192.168.200.135] 125 126 TASK [mysql : Remove shell yum] ***************************************************************************************************************************************** 127 changed: [192.168.200.135] => (item=[u'mariadb-libs', u'boost-thread', u'boost-system', u'boost-date-time']) 128 129 TASK [mysql : Install mysql deps] *************************************************************************************************************************************** 130 changed: [192.168.200.135] => (item=[u'cmake', u'make', u'gcc', u'gcc-c++', u'bison', u'ncurses', u'ncurses-devel']) 131 132 TASK [mysql : mkdir /tools] ********************************************************************************************************************************************* 133 ok: [192.168.200.135] 134 135 TASK [mysql : mkdir -p /usr/local/mysql/] ******************************************************************************************************************************* 136 changed: [192.168.200.135] 137 138 TASK [mysql : mkdir -p /data/mysql/] ************************************************************************************************************************************ 139 changed: [192.168.200.135] 140 141 TASK [mysql : mkdir -p /usr/local/boost] ******************************************************************************************************************************** 142 changed: [192.168.200.135] 143 144 TASK [mysql : Copy boost source pkg] ************************************************************************************************************************************ 145 changed: [192.168.200.135] 146 147 TASK [mysql : Copy mysql source pkg] ************************************************************************************************************************************ 148 changed: [192.168.200.135] 149 150 TASK [mysql : Creating Users Group] ************************************************************************************************************************************* 151 changed: [192.168.200.135] 152 153 TASK [mysql : Creating Users] ******************************************************************************************************************************************* 154 changed: [192.168.200.135] 155 156 TASK [mysql : Install boost] ******************************************************************************************************************************************** 157 changed: [192.168.200.135] 158 159 TASK [mysql : Install mysql] ******************************************************************************************************************************************** 160 changed: [192.168.200.135] 161 162 TASK [mysql : Initialization mysql] ************************************************************************************************************************************* 163 changed: [192.168.200.135] 164 165 TASK [mysql : Change ownership of mysql installation] ******************************************************************************************************************* 166 changed: [192.168.200.135] 167 168 TASK [mysql : Change ownership of mysql data installation] ************************************************************************************************************** 169 changed: [192.168.200.135] 170 171 TASK [mysql : Copy mysql config file My.cnf] ************************************************************************************************************************* 172 changed: [192.168.200.135] 173 174 TASK [mysql : Copy mysql config file mysql] ***************************************************************************************************************************** 175 changed: [192.168.200.135] 176 177 TASK [mysql : Copy mysql config file mysql.server] ********************************************************************************************************************** 178 changed: [192.168.200.135] 179 180 TASK [mysql : Increase MySQL execution privileges] ********************************************************************************************************************** 181 [WARNING]: Consider using the file module with mode rather than running 'chmod'. If you need to use command because file is insufficient you can add 'warn: false' to 182 this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message. 183 184 changed: [192.168.200.135] 185 186 TASK [mysql : system reload file mysql] ********************************************************************************************************************************* 187 changed: [192.168.200.135] 188 189 TASK [mysql : echo mysql bin file] ************************************************************************************************************************************** 190 changed: [192.168.200.135] 191 192 TASK [mysql : systemctl start mysql service] *************************************************************************************************************************** 193 changed: [192.168.200.135] 194 195 RUNNING HANDLER [mysql : restart mysql] ********************************************************************************************************************************* 196 changed: [192.168.200.135] 197 198 PLAY RECAP ************************************************************************************************************************************************************** 199 192.168.200.132 : ok=29 changed=25 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 200 192.168.200.133 : ok=29 changed=25 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 201 192.168.200.135 : ok=24 changed=22 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
6.4) 验证服务是否安装成功
1 [root@test-1 ansible]# ansible web1 -m shell -a "ps -ef |grep nginx" 2 192.168.200.133 | CHANGED | rc=0 >> 3 www 11642 16456 0 11:04 ? 00:00:00 nginx: worker process 4 root 14028 14023 64 13:19 pts/1 00:00:00 /bin/sh -c ps -ef |grep nginx 5 root 14030 14028 0 13:19 pts/1 00:00:00 grep nginx 6 root 16456 1 0 10:44 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx 7 8 192.168.200.132 | CHANGED | rc=0 >> 9 www 11648 16457 0 11:03 ? 00:00:00 nginx: worker process 10 root 14015 14010 0 13:19 pts/1 00:00:00 /bin/sh -c ps -ef |grep nginx 11 root 14017 14015 0 13:19 pts/1 00:00:00 grep nginx 12 root 16457 1 0 10:44 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx 13 14 [root@test-1 ansible]# ansible web1 -m shell -a "netstat -lntup |grep nginx" 15 192.168.200.133 | CHANGED | rc=0 >> 16 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11642/nginx: worker 17 18 192.168.200.132 | CHANGED | rc=0 >> 19 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11648/nginx: worker 20 21 22 [root@test-1 ansible]# ansible web1 -m shell -a "ps -ef |grep php" 23 192.168.200.132 | CHANGED | rc=0 >> 24 root 11714 1 0 11:03 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf) 25 www 11716 11714 0 11:03 ? 00:00:00 php-fpm: pool www 26 www 11717 11714 0 11:03 ? 00:00:00 php-fpm: pool www 27 root 14084 14079 65 13:19 pts/1 00:00:00 /bin/sh -c ps -ef |grep php 28 root 14086 14084 0 13:19 pts/1 00:00:00 grep php 29 30 192.168.200.133 | CHANGED | rc=0 >> 31 root 11708 1 0 11:04 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf) 32 www 11710 11708 0 11:04 ? 00:00:00 php-fpm: pool www 33 www 11711 11708 0 11:04 ? 00:00:00 php-fpm: pool www 34 root 14097 14092 67 13:19 pts/1 00:00:00 /bin/sh -c ps -ef |grep php 35 root 14099 14097 0 13:19 pts/1 00:00:00 grep php 36 37 [root@test-1 ansible]# ansible web1 -m shell -a "netstat -lntup |grep php" 38 192.168.200.132 | CHANGED | rc=0 >> 39 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 11714/php-fpm: mast 40 41 192.168.200.133 | CHANGED | rc=0 >> 42 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 11708/php-fpm: mast
6.5) 验证数据库安装是否成功
1 [root@test-1 ansible]# ansible mysql -m shell -a "ps -ef |grep mysql" 2 192.168.200.135 | CHANGED | rc=0 >> 3 root 2495 2490 69 13:22 pts/1 00:00:00 /bin/sh -c ps -ef |grep mysql 4 root 2497 2495 0 13:22 pts/1 00:00:00 grep mysql 5 root 32178 1 0 11:19 ? 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/data/mysql --pid-file=/data/mysql/mysql.pid 6 mysql 32342 32178 0 11:19 ? 00:00:02 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/data/mysql --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=/data/mysql/mysql.log --pid-file=/data/mysql/mysql.pid --socket=/data/mysql/mysql.sock 7 8 [root@test-1 ansible]# ansible mysql -m shell -a "netstat -lntup|grep mysql" 9 192.168.200.135 | CHANGED | rc=0 >> 10 tcp6 0 0 :::3306 :::* LISTEN 32342/mysqld
7. 配置数据库连接
7.1) 创建数据库和连接
1 mysql> show databases; 2 +--------------------+ 3 | Database | 4 +--------------------+ 5 | information_schema | 6 | mysql | 7 | performance_schema | 8 | sys | 9 +--------------------+ 10 4 rows in set (0.00 sec) 11 12 mysql> create database www DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; 13 Query OK, 1 row affected (0.01 sec) 14 15 mysql> show databases; 16 +--------------------+ 17 | Database | 18 +--------------------+ 19 | information_schema | 20 | mysql | 21 | performance_schema | 22 | sys | 23 | www | 24 +--------------------+ 25 5 rows in set (0.00 sec) 26 27 mysql> grant all on www.* to 'www'@'%' IDENTIFIED BY '123456'; 28 Query OK, 0 rows affected, 1 warning (0.01 sec) 29 30 mysql> select user,host from mysql.user; 31 +---------------+-----------+ 32 | user | host | 33 +---------------+-----------+ 34 | www | % | 35 | mysql.session | localhost | 36 | mysql.sys | localhost | 37 | root | localhost | 38 +---------------+-----------+ 39 4 rows in set (0.00 sec) 40 41 mysql> flush privileges; 42 Query OK, 0 rows affected (0.00 sec)
8. 浏览器验证是否正常
8.1) 浏览器请求
提示:
1、本次用了一台服务器进行验证测试,
2、在生产环境应该是用域名请求,负载均衡到随机每台服务器。