Ansible之roles模块--lnmp分布式部署
Ansible之roles模块--lnmp分布式部署
目录
1. role模块的作用
Ansible为了层次化、结构化地组织Playbook,使用了角色(roles),roles可以根据层次型结构自动装载变量文件、task以及handlers等。简单来讲,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们。roles一般用于基于主机构建服务的场景中,但也可以用于构建守护进程等场景中。
2. roles的目录结构
copy[root@ansible ansible]# tree /etc/ansible/roles/ /etc/ansible/roles/ ├── mysql │ ├── defaults │ │ └── main.yml │ ├── files │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ └── vars │ └── main.yml ├── nginx │ ├── defaults │ │ └── main.yml │ ├── files │ │ ├── default.conf │ │ ├── index.php │ │ ├── mysql.php │ │ └── nginx.repo │ ├── handlers │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ └── vars │ └── main.yml └── php ├── defaults │ └── main.yml ├── files │ ├── php-ini │ └── www.conf ├── handlers │ └── main.yml ├── meta │ └── main.yml ├── tasks │ └── main.yml ├── templates └── vars └── main.yml
3. roles内个目录含义解释
●files
用来存放由 copy 模块或 script 模块调用的文件。
●templates
用来存放 jinjia2 模板,template 模块会自动在此目录中寻找 jinjia2 模板文件。
●tasks
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件。
●handlers
此目录应当包含一个 main.yml 文件,用于定义此角色中触发条件时执行的动作。
●vars
此目录应当包含一个 main.yml 文件,用于定义此角色用到的变量。
●defaults
此目录应当包含一个 main.yml 文件,用于为当前角色设定默认变量。
●meta
此目录应当包含一个 main.yml 文件,用于定义此角色的特殊设定及其依赖关系。
4. roles创建lamp
4.1 创建以roles命名的目录
yum装完默认已创建
copy[root@ansible ansible]# ls ansible.cfg hosts roles [root@ansible ansible]# pwd /etc/ansible [root@ansible ansible]# cd roles [root@ansible roles]# ll 总用量 0
4.2 创建全局变量目录
copy[root@ansible roles]# mkdir -p /etc/ansible/group_vars/ [root@ansible roles]# touch /etc/ansible/group_vars/all #文件名自己定义,使用的时候需注意
4.3 在roles目录中分别创建以个角色名称命令的目录
copy[root@ansible roles]# mkdir /etc/ansible/roles/nginx [root@ansible roles]# mkdir /etc/ansible/roles/mysql [root@ansible roles]# mkdir /etc/ansible/roles/php
4.4 在每个角色命令的目录中创建工作目录
在每个角色命令的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
copy[root@ansible roles]# mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta} [root@ansible roles]# mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta} [root@ansible roles]# mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
4.5 创建main.yml文件
在每个角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
copy[root@ansible roles]# touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml [root@ansible roles]# touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml [root@ansible roles]# touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
4.6 修改site.yml文件,针对不用主机去调用不同的角色
copy[root@ansible roles]# vim /etc/ansible/site.yml --- - hosts: webservers remote_user: root roles: - nginx - hosts: dbservers remote_user: root roles: - mysql - hosts: phpservers remote_user: root roles: - php
4.7 修改主机清单
copy[webservers] 192.168.122.11 [dbservers] 192.168.122.12 [phpservers] 192.168.122.13
4.8 nginx模块
4.8.1 编写任务脚本
copy[root@ansible ansible]# vim /etc/ansible/roles/nginx/tasks/main.yml --- - name: create nginx_yum copy: src=/etc/ansible/roles/nginx/files/nginx.repo dest=/etc/yum.repos.d/nginx.repo - name: install apache yum: name={{pkg}} state=latest - name: modify configuration file copy: src=/etc/ansible/roles/nginx/files/default.conf dest=/etc/nginx/conf.d/default.conf - name: start apache service: enabled=true name={{svc}} state=started - name: create php_test web copy: src=/etc/ansible/roles/nginx/files/index.php dest=/usr/share/nginx/html/index.php - name: create mysql_test web copy: src=/etc/ansible/roles/nginx/files/mysql.php dest=/usr/share/nginx/html/mysql.php - name: install nfs yum: name=nfs-utils state=present - name: nfs_share copy: content="/usr/share/nginx/html/ 192.168.122.0/24(rw)" dest=/etc/exports - name: start nfs service: name=nfs state=restarted enabled=yes
4.8.2 定义变量
可以定义在全局变量中,也可以定义在roles角色变量中,一般定义在角色变量中
copy[root@ansible ansible]# vim /etc/ansible/roles/nginx/vars/main.yml pkg: nginx svc: nginx
4.8.3 准备nginx.repo文件
copy[root@ansible files]# vim /etc/ansible/roles/nginx/files/nginx.repo [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1
4.8.4 准备nginx配置文件default.conf
取消location ~ .php$域的注释,
修改fastcgi_pass为php的IP和端口
修改fastcgi_param为SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
copy[root@ansible files]# egrep -v ^' '*# /etc/ansible/roles/nginx/files/default.conf | grep -v '^$' server { listen 80; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { root html; fastcgi_pass 192.168.122.13:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name; include fastcgi_params; } }
4.8.5 准备测试网页index.php
index.php(用于测试php与nginx的连接)
copy[root@ansible files]# vim /etc/ansible/roles/nginx/files/index.php <?php phpinfo(); ?>
mysql.php(用于测试php与mysql的连接)
copy[root@ansible files]# vim /etc/ansible/roles/nginx/files/mysql.php <?php $link=mysqli_connect('192.168.122.12','root','Admin@123'); if($link) echo "<h1>Success!!</h1>"; else echo "Fail!!"; ?>
4.9 mysql模块
编写任务脚本
copy[root@ansible ansible]# vim /etc/ansible/roles/mysql/tasks/main.yml --- - name: clean mariadb yum: name=mariadb state=absent - name: get mysql download source command: wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm #get_url: url=http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm dest=/etc/yum.repos.d/mysql57-community-release-el7-10.noarch.rpm - name: install mysql5.7 yum: name=mysql57-community-release-el7-10.noarch.rpm - name: install mysql-community-server yum: name=mysql-community-server state=latest - name: start mysql service: enabled=true name=mysqld state=started - name: change passwd shell: mysqladmin -u root -p"$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}')" password 'Admin@123' ignore_errors: yes - name: grant pribileges command: mysql -uroot -p"Admin@123" -e 'grant all privileges on *.* to root@"%" identified by "Admin@123" with grant option;' - name: flush privileges command: mysql -uroot -p"Admin@123" -e 'flush privileges;' - name: stop auto-update yum: name=mysql57-community-release-el7-10.noarch state=absent - name: install nfs yum: name=nfs-utils state=present - name: nfs_share copy: content="/var/lib/mysql/ 192.168.122.0/24(rw)" dest=/etc/exports - name: start nfs service: name=nfs state=restarted enabled=yes
4.10 php模块
4.10.1 编写任务脚本
copy[root@ansible ansible]# vim /etc/ansible/roles/php/tasks/main.yml --- - name: get epel download source command: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm - name: get webtatic download source command: rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm - name: install php7.2 command: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-redis - name: modify www.conf copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d/www.conf - name: modify php.ini copy: src=/etc/ansible/roles/php/files/php-ini dest=/etc/php.ini - name: create nginx directory file: path=/usr/share/nginx/html/ state=directory mode=777 recurse=yes - name: create mysql directory file: path=/var/lib/mysql/ state=directory mode=777 recurse=yes - name: mount nginx mount: src=192.168.122.11:/usr/share/nginx/html/ path=/usr/share/nginx/html/ fstype=nfs state=mounted - name: mounnt mysql mount: src=192.168.122.12:/var/lib/mysql/ path=/var/lib/mysql/ fstype=nfs state=mounted - name: start php service: name=php-fpm enabled=true state=started
4.10.2 准备www.conf文件
修改listen监听IP和端口为0.0.0.0:9000
修改listen.allowed_clients = 192.168.122.11,设置为nginx的IP地址
copy[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/www.conf [www] user = apache group = apache listen = 0.0.0.0:9000 listen.allowed_clients = 192.168.122.11 pm = dynamic pm.max_children = 50 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 35 slowlog = /var/log/php-fpm/www-slow.log php_admin_value[error_log] = /var/log/php-fpm/www-error.log php_admin_flag[log_errors] = on php_value[session.save_handler] = files php_value[session.save_path] = /var/lib/php/session php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
4.10.3 准备php.ini文件
877行,修改date.timezone = Asia/Shanghai
1097行,修改mysqli.default_socket = /var/lib/mysql/mysql.sock
copy[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/php-ini [PHP] engine = On short_open_tag = Off precision = 14 output_buffering = 4096 zlib.output_compression = Off implicit_flush = Off unserialize_callback_func = serialize_precision = 17 disable_functions = disable_classes = zend.enable_gc = On expose_php = On max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off display_startup_errors = Off log_errors = On log_errors_max_len = 1024 ignore_repeated_errors = Off ignore_repeated_source = Off report_memleaks = On track_errors = Off html_errors = On variables_order = "GPCS" request_order = "GP" register_argc_argv = Off auto_globals_jit = On post_max_size = 8M auto_prepend_file = auto_append_file = default_mimetype = "text/html" default_charset = "UTF-8" doc_root = user_dir = enable_dl = Off file_uploads = On upload_max_filesize = 2M max_file_uploads = 20 allow_url_fopen = On allow_url_include = Off default_socket_timeout = 60 [CLI Server] cli_server.color = On [Date] date.timezone = Asia/Shanghai [filter] [iconv] [intl] [sqlite] [sqlite3] [Pcre] [Pdo] [Pdo_mysql] pdo_mysql.cache_size = 2000 pdo_mysql.default_socket= [Phar] [mail function] sendmail_path = /usr/sbin/sendmail -t -i mail.add_x_header = On [SQL] sql.safe_mode = Off [ODBC] odbc.allow_persistent = On odbc.check_persistent = On odbc.max_persistent = -1 odbc.max_links = -1 odbc.defaultlrl = 4096 odbc.defaultbinmode = 1 [Interbase] ibase.allow_persistent = 1 ibase.max_persistent = -1 ibase.max_links = -1 ibase.timestampformat = "%Y-%m-%d %H:%M:%S" ibase.dateformat = "%Y-%m-%d" ibase.timeformat = "%H:%M:%S" [MySQLi] mysqli.max_persistent = -1 mysqli.allow_persistent = On mysqli.max_links = -1 mysqli.cache_size = 2000 mysqli.default_port = 3306 mysqli.default_socket = /var/lib/mysql/mysql.sock mysqli.default_host = mysqli.default_user = mysqli.default_pw = mysqli.reconnect = Off [mysqlnd] mysqlnd.collect_statistics = On mysqlnd.collect_memory_statistics = Off [OCI8] [PostgreSQL] pgsql.allow_persistent = On pgsql.auto_reset_persistent = Off pgsql.max_persistent = -1 pgsql.max_links = -1 pgsql.ignore_notice = 0 pgsql.log_notice = 0 [bcmath] bcmath.scale = 0 [browscap] [Session] session.save_handler = files session.use_strict_mode = 0 session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.cookie_httponly = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 1000 session.gc_maxlifetime = 1440 session.referer_check = session.cache_limiter = nocache session.cache_expire = 180 session.use_trans_sid = 0 session.hash_function = 0 session.hash_bits_per_character = 5 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" [Assertion] zend.assertions = -1 [mbstring] [gd] [exif] [Tidy] tidy.clean_output = Off [soap] soap.wsdl_cache_enabled=1 soap.wsdl_cache_dir="/tmp" soap.wsdl_cache_ttl=86400 soap.wsdl_cache_limit = 5 [sysvshm] [ldap] ldap.max_links = -1 [mcrypt] [dba] [curl] [openssl]
4.11 执行site.yml脚本
copy[root@ansible roles]# cd /etc/ansible [root@ansible ansible]# ansible-playbook site.yml
4.12 访问测试网页
访问192.168.122.11/index.php,测试php与nginx的接连
访问192.168.122.11/mysql.php,测试php与mysql的连接
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构