返回顶部

Ansible之roles模块--lnmp分布式部署

Ansible之roles模块--lnmp分布式部署

1. role模块的作用

Ansible为了层次化、结构化地组织Playbook,使用了角色(roles),roles可以根据层次型结构自动装载变量文件、task以及handlers等。简单来讲,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们。roles一般用于基于主机构建服务的场景中,但也可以用于构建守护进程等场景中。

2. roles的目录结构

[root@ansible ansible]# tree /etc/ansible/roles/
/etc/ansible/roles/
├── mysql
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   └── vars
│       └── main.yml
├── nginx
│   ├── defaults
│   │   └── main.yml
│   ├── files
│   │   ├── default.conf
│   │   ├── index.php
│   │   ├── mysql.php
│   │   └── nginx.repo
│   ├── handlers
│   │   └── main.yml
│   ├── meta
│   │   └── main.yml
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   └── vars
│       └── main.yml
└── php
    ├── defaults
    │   └── main.yml
    ├── files
    │   ├── php-ini
    │   └── www.conf
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── tasks
    │   └── main.yml
    ├── templates
    └── vars
        └── main.yml

3. roles内个目录含义解释

●files
用来存放由 copy 模块或 script 模块调用的文件。

●templates
用来存放 jinjia2 模板,template 模块会自动在此目录中寻找 jinjia2 模板文件。

●tasks
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件。

●handlers
此目录应当包含一个 main.yml 文件,用于定义此角色中触发条件时执行的动作。

●vars
此目录应当包含一个 main.yml 文件,用于定义此角色用到的变量。

●defaults
此目录应当包含一个 main.yml 文件,用于为当前角色设定默认变量。

●meta
此目录应当包含一个 main.yml 文件,用于定义此角色的特殊设定及其依赖关系。

4. roles创建lamp

4.1 创建以roles命名的目录

yum装完默认已创建

[root@ansible ansible]# ls
ansible.cfg  hosts  roles
[root@ansible ansible]# pwd
/etc/ansible
[root@ansible ansible]# cd roles
[root@ansible roles]# ll
总用量 0

4.2 创建全局变量目录

[root@ansible roles]# mkdir -p /etc/ansible/group_vars/
[root@ansible roles]# touch /etc/ansible/group_vars/all
#文件名自己定义,使用的时候需注意

4.3 在roles目录中分别创建以个角色名称命令的目录

[root@ansible roles]# mkdir /etc/ansible/roles/nginx
[root@ansible roles]# mkdir /etc/ansible/roles/mysql
[root@ansible roles]# mkdir /etc/ansible/roles/php

4.4 在每个角色命令的目录中创建工作目录

在每个角色命令的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建

[root@ansible roles]# mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
[root@ansible roles]# mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
[root@ansible roles]# mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}

4.5 创建main.yml文件

在每个角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名

[root@ansible roles]# touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible roles]# touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible roles]# touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml

4.6 修改site.yml文件,针对不用主机去调用不同的角色

[root@ansible roles]# vim /etc/ansible/site.yml

---
- hosts: webservers
  remote_user: root
  roles:
    - nginx
- hosts: dbservers
  remote_user: root
  roles:
    - mysql
- hosts: phpservers
  remote_user: root
  roles:
    - php

4.7 修改主机清单

[webservers]
192.168.122.11 
[dbservers]
192.168.122.12
[phpservers]
192.168.122.13

4.8 nginx模块

4.8.1 编写任务脚本

[root@ansible ansible]# vim /etc/ansible/roles/nginx/tasks/main.yml 

---
- name: create nginx_yum
  copy: src=/etc/ansible/roles/nginx/files/nginx.repo dest=/etc/yum.repos.d/nginx.repo

- name: install apache
  yum: name={{pkg}} state=latest

- name: modify configuration file
  copy: src=/etc/ansible/roles/nginx/files/default.conf dest=/etc/nginx/conf.d/default.conf

- name: start apache
  service: enabled=true name={{svc}} state=started

- name: create php_test web
  copy: src=/etc/ansible/roles/nginx/files/index.php dest=/usr/share/nginx/html/index.php

- name: create mysql_test web
  copy: src=/etc/ansible/roles/nginx/files/mysql.php dest=/usr/share/nginx/html/mysql.php

- name: install nfs
  yum: name=nfs-utils state=present

- name: nfs_share
  copy: content="/usr/share/nginx/html/ 192.168.122.0/24(rw)" dest=/etc/exports

- name: start nfs
  service: name=nfs state=restarted enabled=yes

4.8.2 定义变量

可以定义在全局变量中,也可以定义在roles角色变量中,一般定义在角色变量中

[root@ansible ansible]# vim /etc/ansible/roles/nginx/vars/main.yml 

pkg: nginx
svc: nginx

4.8.3 准备nginx.repo文件

[root@ansible files]# vim /etc/ansible/roles/nginx/files/nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

4.8.4 准备nginx配置文件default.conf

取消location ~ .php$域的注释,
修改fastcgi_pass为php的IP和端口
修改fastcgi_param为SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;

[root@ansible files]# egrep -v ^' '*# /etc/ansible/roles/nginx/files/default.conf | grep -v '^$'
server {
    listen       80;
    server_name  localhost;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
    location ~ \.php$ {
        root           html;
        fastcgi_pass   192.168.122.13:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html$fastcgi_script_name;
        include        fastcgi_params;
    }
}

4.8.5 准备测试网页index.php

index.php(用于测试php与nginx的连接)

[root@ansible files]# vim /etc/ansible/roles/nginx/files/index.php

<?php
phpinfo();
?>

mysql.php(用于测试php与mysql的连接)

[root@ansible files]# vim /etc/ansible/roles/nginx/files/mysql.php

<?php
$link=mysqli_connect('192.168.122.12','root','Admin@123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>

4.9 mysql模块

编写任务脚本

[root@ansible ansible]# vim /etc/ansible/roles/mysql/tasks/main.yml 

---
- name: clean mariadb
  yum: name=mariadb state=absent

- name: get mysql download source
  command: wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
  #get_url: url=http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm dest=/etc/yum.repos.d/mysql57-community-release-el7-10.noarch.rpm

- name: install mysql5.7
  yum: name=mysql57-community-release-el7-10.noarch.rpm

- name: install mysql-community-server
  yum: name=mysql-community-server state=latest

- name: start mysql
  service: enabled=true name=mysqld state=started

- name: change passwd
  shell: mysqladmin -u root -p"$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}')" password 'Admin@123'
  ignore_errors: yes

- name: grant pribileges
  command: mysql -uroot -p"Admin@123" -e 'grant all privileges on *.* to root@"%" identified by "Admin@123" with grant option;'

- name: flush privileges
  command: mysql -uroot -p"Admin@123" -e 'flush privileges;'

- name: stop auto-update
  yum: name=mysql57-community-release-el7-10.noarch state=absent

- name: install nfs
  yum: name=nfs-utils state=present

- name: nfs_share
  copy: content="/var/lib/mysql/ 192.168.122.0/24(rw)" dest=/etc/exports

- name: start nfs
  service: name=nfs state=restarted enabled=yes

4.10 php模块

4.10.1 编写任务脚本

[root@ansible ansible]# vim /etc/ansible/roles/php/tasks/main.yml 

---
- name: get epel download source
  command: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

- name: get webtatic download source
  command: rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

- name: install php7.2
  command: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-redis

- name: modify www.conf
  copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d/www.conf

- name: modify php.ini
  copy: src=/etc/ansible/roles/php/files/php-ini dest=/etc/php.ini

- name: create nginx directory
  file: path=/usr/share/nginx/html/ state=directory mode=777 recurse=yes

- name: create mysql directory
  file: path=/var/lib/mysql/ state=directory mode=777 recurse=yes

- name: mount nginx
  mount: src=192.168.122.11:/usr/share/nginx/html/ path=/usr/share/nginx/html/ fstype=nfs state=mounted

- name: mounnt mysql
  mount: src=192.168.122.12:/var/lib/mysql/ path=/var/lib/mysql/ fstype=nfs state=mounted

- name: start php
  service: name=php-fpm enabled=true state=started

4.10.2 准备www.conf文件

修改listen监听IP和端口为0.0.0.0:9000
修改listen.allowed_clients = 192.168.122.11,设置为nginx的IP地址

[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/www.conf
[www]
user = apache
group = apache
listen = 0.0.0.0:9000
listen.allowed_clients = 192.168.122.11
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

4.10.3 准备php.ini文件

877行,修改date.timezone = Asia/Shanghai
1097行,修改mysqli.default_socket = /var/lib/mysql/mysql.sock

[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/php-ini 
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Asia/Shanghai
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket = /var/lib/mysql/mysql.sock
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]
[openssl]

4.11 执行site.yml脚本

[root@ansible roles]# cd /etc/ansible
[root@ansible ansible]# ansible-playbook site.yml

4.12 访问测试网页

访问192.168.122.11/index.php,测试php与nginx的接连

访问192.168.122.11/mysql.php,测试php与mysql的连接

posted @ 2021-09-12 18:36  丨君丶陌  阅读(267)  评论(2编辑  收藏  举报