zoukankan      html  css  js  c++  java
  • playbook部署lamp

    playbook部署lamp

    环境说明:

    主机IP 需要安装的服务
    192.168.100.1 ansible
    192.168.100.2 httpd
    192.168.100.3 mysql
    192.168.100.4 php

    项目结构预览:

    [root@ansible lamp]# tree
    .
    ├── ansible.cfg
    ├── app
    │   └── php
    │       ├── php.yml
    │       └── vars
    │           └── php_vars
    ├── base
    │   └── base.yml
    │
    ├── database
    │   └── mysql
    │       ├── mysql.yml
    │       ├── packages
    │       │   └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
    │       ├── secret.yml
    │       └── vars
    │           └── mysql_vars
    ├── inventory
    ├── lamp.yml
    ├── test.yml
    └── web
        └── httpd
            ├── httpd.yml
            ├── packages
            │   ├── apr-1.7.0.tar.gz
            │   ├── apr-util-1.6.1.tar.gz
            │   └── httpd-2.4.46.tar.bz2
            └── vars
                └── httpd_vars
    
    13 directories, 22 files
    

    本次环境YUM源(centos和epel)为:"阿里云官方镜像站"

    准备工作:

    //映射主机名
    [root@ansible ~]# vim /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    192.168.100.1 ansible
    192.168.100.2 httpd
    192.168.100.3 mysql
    192.168.100.4 php
    
    //配置centos源
    [root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
    [root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
    [root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo
    [root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /etc/yum.repos.d/CentOS-Base.repo
    
    //配置epel源
    [root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
    [root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
    [root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
    [root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
    [root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /etc/yum.repos.d/epel*
    
    [root@ansible ~]# yum clean all
    [root@ansible ~]# yum makecache
    
    //安装ansible
    [root@ansible ~]# yum -y install ansible
    
    //创建项目文件夹
    [root@ansible ~]# mkdir ~/lamp
    
    //修改清单文件位置
    [root@ansible ~]# vim /etc/ansible/ansible.cfg
    inventory      = ./inventory
    
    [root@ansible ~]# cp /etc/ansible/ansible.cfg ~/lamp/
    
    //编写清单
    [root@ansible ~]# vim ~/lamp/inventory
    [web]
    httpd
    
    [database]
    mysql
    
    [app]
    php
    
    //使用ssh-keygen生成私钥和公钥
    [root@ansible ~]# ssh-keygen -t rsa
    
    //设置免密登录
    [root@ansible ~]# ssh-copy-id root@httpd
    [root@ansible ~]# ssh-copy-id root@mysql
    [root@ansible ~]# ssh-copy-id root@php
    

    基础配置的playbook

    [root@ansible ~]# mkdir ~/lamp/base
    
    //基础配置的剧本
    [root@ansible ~]# vim ~/lamp/base/base.yml
    ---
    - hosts: all
      tasks:
        - name: copy yum
          copy:
            src: /etc/yum.repos.d/
            dest: /etc/yum.repos.d/
    
        - name: clean
          shell: yum clean all
    
        - name: makecache
          shell: yum makecache
    
        - name: selinux
          shell: setenforce 0
          
        - name: stop firewalld
          service:
            name: firewalld
            state: stopped
    
        - name: disable selinux
          lineinfile:
            path: /etc/selinux/config
            regexp: '^SELINUX='
            line: 'SELINUX=disabled'
    
        - name: disable firewalld
          shell: systemctl disable firewalld
    

    配置变量

    //配置httpd的变量
    [root@ansible ~]# mkdir -p ~/lamp/web/httpd/vars
    [root@ansible ~]# vim ~/lamp/web/httpd/vars/httpd_vars
    user: apache
    path_packages: "/root"
    httpd_packages:
      - bzip2
      - make
      - "openssl-devel"
      - "pcre-devel"
      - "expat-devel"
      - libtool
      - gcc
      - "gcc-c++"
      - "libxml2-devel"
     
    //配置mysql的变量
    [root@ansible ~]# mkdir -p ~/lamp/database/mysql/vars
    [root@ansible ~]# vim ~/lamp/database/mysql/vars/mysql_vars
    user: mysql
    path_packages: "/root"
    path_data: "/opt/data"
    mysql_packages:
      - "ncurses-devel"
      - "openssl-devel"
      - openssl
      - cmake
      - "mariadb-devel"
      - "ncurses-compat-libs"
    
    //配置php的变量
    [root@ansible ~]# mkdir -p ~/lamp/app/php/vars
    [root@ansible ~]# vim ~/lamp/app/php/vars/php_vars
    php_packages:
      - libxml2
      - "libxml2-devel"
      - openssl
      - "openssl-devel"
      - bzip2
      - "bzip2-devel"
      - libcurl
      - "libcurl-devel"
      - "libicu-devel"
      - libjpeg
      - "libjpeg-devel"
      - libpng
      - "libpng-devel"
      - "openldap-devel"
      - "pcre-devel"
      - freetype
      - "freetype-devel"
      - gmp
      - "gmp-devel"
      - libmcrypt
      - "libmcrypt-devel"
      - readline
      - "readline-devel"
      - libxslt
      - "libxslt-devel"
      - mhash
      - "mhash-devel"
      - "php-mysqlnd"
    

    安装httpd的playbook

    //下载httpd源码包
    [root@ansible ~]# mkdir ~/lamp/web/httpd/packages
    [root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2 ~/lamp/web/httpd/packages
    [root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz ~/lamp/web/httpd/packages
    [root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz ~/lamp/web/httpd/packages
    
    [root@ansible ~]# vim ~/lamp/web/httpd/httpd.yml
    ---
    - hosts: httpd
      vars_files: vars/httpd_vars
      tasks:  
        - name: install packages
          yum:
            name: '{{ httpd_packages }}'
            state: present
            
        - name: install tools
          yum:
            name: "@Development tools"
            state: present
            
        - name: create user {{ user }}
          user:
            name: '{{ user }}'
            system: yes
            create_home: no
            shell: /sbin/nologin
            state: present
     
        - name: copy apr package
          copy:
            src: ./packages/apr-1.7.0.tar.gz
            dest: '{{ path_packages }}'
    
        - name: copy apr-util package
          copy:
            src: ./packages/apr-util-1.6.1.tar.gz
            dest: '{{ path_packages }}'
    
        - name: copy httpd package
          copy:
            src: ./packages/httpd-2.4.46.tar.bz2
            dest: '{{ path_packages }}'
    
        - name: unzip all
          shell: tar xf {{ path_packages }}/apr-1.7.0.tar.gz && tar xf {{ path_packages }}/apr-util-1.6.1.tar.gz && tar xf {{ path_packages }}/httpd-2.4.46.tar.bz2
    
        - name: delete notes for apr
          shell: sed -i 's|$RM "$cfgfile"|#$RM "$cfgfile"|' ./apr-1.7.0/configure
    
        - name: install apr
          shell: cd {{ path_packages }}/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install && cd
    
        - name: install apr-util
          shell: cd {{ path_packages }}/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install && cd
    
        - name: install httpd
          shell: cd {{ path_packages }}/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install && cd
    
        - name: path config
          shell: echo "export PATH=/usr/local/apache/bin:$PATH" > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh
         
        - name: delete servername notes
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '^#ServerName'
            line: ServerName www.example.com:80
         
        - name: include config
          file:
            src: /usr/local/apache/include
            dest: /usr/local/include/httpd
            state: link
            
        - name: man_db config
          lineinfile:
            path: /etc/man_db.conf
            regexp: '^MANDATORY_MANPATH                       /usr/local/share/man'
            line: "MANDATORY_MANPATH                       /usr/local/share/man
    MANDATORY_MANPATH                       /usr/local/apache/man"
            
        - name: enable module(1)
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '^#LoadModule proxy_module'
            line: LoadModule proxy_module modules/mod_proxy.so
    
        - name: enable module(2)
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '^#LoadModule proxy_fcgi_module'
            line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
    
        - name: add index.php
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '^    DirectoryIndex'
            line: '    DirectoryIndex index.php index.html'
            
        - name: add type
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '^    AddType application/x-gzip .gz .tgz'
            line: "    AddType application/x-gzip .gz .tgz
        AddType application/x-httpd-php .php
        AddType application/x-httpd-php-source .phps
    "
    
        - name: add virtualhost
          lineinfile:
            path: /etc/httpd24/httpd.conf
            regexp: '<VirtualHost *:80>'
            line: |
              <VirtualHost *:80>
                  DocumentRoot "/usr/local/apache/htdocs/"
                  ServerName yuqinghao.com
                  ProxyRequests Off
                  ProxyPassMatch ^/(.*.php)$ fcgi://192.168.100.4:9000/var/www/html/$1
                  <Directory "/usr/local/apache/htdocs/">
                      Options none
                      AllowOverride none
                      Require all granted
                  </Directory>
              </VirtualHost>
            state: present
              
        - name: restart apache
          shell: /usr/local/apache/bin/apachectl restart
    

    安装mysql的playbook

    //下载mysql源码包
    [root@ansible ~]# mkdir ~/lamp/database/mysql/packages
    [root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz ~/lamp/database/mysql/packages
    
    [root@ansible ~]# vim ~/lamp/database/mysql/mysql.yml
    ---
    - hosts: mysql
      vars_files: vars/mysql_vars
      tasks:
        - name: install packages
          yum:
            name: '{{ mysql_packages }}'
            state: present
           
        - name: copy mysql package
          copy:
            src: ./packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
            dest: '{{ path_packages }}'
            
        - name: create user {{ user }}
          user:
            name: '{{ user }}'
            system: yes
            create_home: no
            shell: /sbin/nologin
            state: present
            
        - name: mkdir data
          file:
            path: '{{ path_data }}'
            owner: '{{ user }}'
            group: '{{ user }}'
            state: directory        
            
        - name: install mysql
          shell: tar xf {{ path_packages }}/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
          
        - name: soft link
          file:
            src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
            dest: /usr/local/mysql
            state: link
            
        - name: chown mysql
          file:
            path: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
            owner: '{{ user }}'
            group: '{{ user }}'
            state: directory 
           
        - name: my.cnf config
          lineinfile:
            path: /etc/my.cnf
            line: |
              [mysqld]
              basedir = /usr/local/mysql
              datadir = /opt/data
              socket = /tmp/mysql.sock
              port = 3306
              pid-file = /opt/data/mysql.pid
              user = mysql
              skip-name-resolve
            state: present
            
        - name: copy start shell
          shell: cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
            
        - name: start shell config(1)
          lineinfile:
            path: /etc/init.d/mysqld
            regexp: '^basedir='
            line: basedir=/usr/local/mysql
            
        - name: start shell config(2)
          lineinfile:
            path: /etc/init.d/mysqld
            regexp: '^datadir='
            line: datadir={{ path_data }}
            
        - name: man_db config
          lineinfile:
            path: /etc/man_db.conf
            regexp: '^MANDATORY_MANPATH                       /usr/local/share/man'
            line: "MANDATORY_MANPATH                       /usr/local/share/man
    MANDATORY_MANPATH                       /usr/local/mysql/man"
            
        - name: path config
          shell: echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh
          
        - name: initialize mysql
          shell: /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data > /root/sqlpass 2>&1
          
        - name: lib config
          shell: echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf && ldconfig
          
        - name: start mysql
          shell: service mysqld start
    

    修改mysql密码的playbook

    //编写修改密码剧本
    [root@ansible ~]# vim ~/lamp/database/mysql/secret.yml
    ---
    - hosts: mysql    
      tasks:
        - name: change pass
          shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/sqlpass)" --connect-expired-password -e "set password = password("123456");"
          
    //加密修改密码剧本
    [root@ansible ~]# ansible-vault encrypt ~/lamp/database/mysql/secret.yml
    New Vault password: yuqinghao123!
    Confirm New Vault password: yuqinghao123!
    Encryption successful
    
    //记录加密密码
    [root@ansible ~]# echo 'yuqinghao123!' > ~/lamp/database/mysql/.mypass
    
    //修改权限只允许root读写
    [root@ansible ~]# chmod 600 ~/lamp/database/mysql/.mypass
    
    //使用加密密码查看加密剧本
    [root@ansible ~]# ansible-vault view --vault-password-file=lamp/database/mysql/.mypass ~/lamp/database/mysql/secret.yml
    

    安装php的playbook

    [root@ansible ~]# vim ~/lamp/app/php/php.yml
    ---
    - hosts: php
      vars_files: vars/php_vars
      tasks:
        - name: install packages
          yum:
            name: '{{ php_packages }}'
            state: present
            
        - name: install php
          yum:
            name: php-*
            state: present
    
        - name: mkdir index.php
          file:
            path: /var/www/html/index.php
            state: touch 
            
        - name: index.php config
          lineinfile:
            path: /var/www/html/index.php
            line: "<?php
    	phpinfo();
    ?>"
            state: present
            
        - name: chown html
          file:
            path: /var/www/html
            owner: apache
            group: apache
            state: directory 
            
        - name: change listen address
          lineinfile:
            path: /etc/php-fpm.d/www.conf
            regexp: '^listen = /run/php-fpm/www.sock'
            line: "listen=0.0.0.0:9000"
            
        - name: change web address
          lineinfile:
            path: /etc/php-fpm.d/www.conf
            regexp: '^listen.allowed_clients = 127.0.0.1'
            line: "listen.allowed_clients = 192.168.100.2"
          
        - name: start php
          service:
            name: php-fpm
            state: restarted
    

    导入任务

    [root@ansible ~]# vim ~/lamp/lamp.yml
    ---
    - name: base config
      import_playbook: ./base/base.yml
    
    - name: build httpd
      import_playbook: ./web/httpd/httpd.yml
      
    - name: build mysql
      import_playbook: ./database/mysql/mysql.yml
      
    - name: build php
      import_playbook: ./app/php/php.yml
    

    执行剧本

    [root@ansible ~]# cd ~/lamp/
    [root@ansible lamp]# ansible-playbook ./lamp.yml
    [root@ansible lamp]# ansible-playbook --vault-password-file=database/mysql/.mypass database/mysql/secret.yml
    

    验证

    lamp1

  • 相关阅读:
    需求分析-配置软件开发的出发点
    有关tab页的
    有关菜单的
    有关树形结构的
    需求分析-新闻发布的完整需求
    需求分析-网盘类的需求分析
    需求分析-有关有关富文本编辑器的需求
    Objective-C中的instancetype和id区别
    webservice远程调试开启
    Controller之间传递数据:Block传值
  • 原文地址:https://www.cnblogs.com/yuqinghao/p/14253039.html
Copyright © 2011-2022 走看看