Ansible之roles模块--lnmp分布式部署
Ansible之roles模块--lnmp分布式部署
1. role模块的作用
Ansible为了层次化、结构化地组织Playbook,使用了角色(roles),roles可以根据层次型结构自动装载变量文件、task以及handlers等。简单来讲,roles就是通过分别将变量、文件、任务、模块及处理器放置于单独的目录中,并可以便捷地include它们。roles一般用于基于主机构建服务的场景中,但也可以用于构建守护进程等场景中。
2. roles的目录结构
[root@ansible ansible]# tree /etc/ansible/roles/
/etc/ansible/roles/
├── mysql
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
├── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── default.conf
│ │ ├── index.php
│ │ ├── mysql.php
│ │ └── nginx.repo
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
└── php
├── defaults
│ └── main.yml
├── files
│ ├── php-ini
│ └── www.conf
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
└── vars
└── main.yml
3. roles内个目录含义解释
●files
用来存放由 copy 模块或 script 模块调用的文件。
●templates
用来存放 jinjia2 模板,template 模块会自动在此目录中寻找 jinjia2 模板文件。
●tasks
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件。
●handlers
此目录应当包含一个 main.yml 文件,用于定义此角色中触发条件时执行的动作。
●vars
此目录应当包含一个 main.yml 文件,用于定义此角色用到的变量。
●defaults
此目录应当包含一个 main.yml 文件,用于为当前角色设定默认变量。
●meta
此目录应当包含一个 main.yml 文件,用于定义此角色的特殊设定及其依赖关系。
4. roles创建lamp
4.1 创建以roles命名的目录
yum装完默认已创建
[root@ansible ansible]# ls
ansible.cfg hosts roles
[root@ansible ansible]# pwd
/etc/ansible
[root@ansible ansible]# cd roles
[root@ansible roles]# ll
总用量 0
4.2 创建全局变量目录
[root@ansible roles]# mkdir -p /etc/ansible/group_vars/
[root@ansible roles]# touch /etc/ansible/group_vars/all
#文件名自己定义,使用的时候需注意
4.3 在roles目录中分别创建以个角色名称命令的目录
[root@ansible roles]# mkdir /etc/ansible/roles/nginx
[root@ansible roles]# mkdir /etc/ansible/roles/mysql
[root@ansible roles]# mkdir /etc/ansible/roles/php
4.4 在每个角色命令的目录中创建工作目录
在每个角色命令的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
[root@ansible roles]# mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
[root@ansible roles]# mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
[root@ansible roles]# mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
4.5 创建main.yml文件
在每个角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
[root@ansible roles]# touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible roles]# touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible roles]# touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
4.6 修改site.yml文件,针对不用主机去调用不同的角色
[root@ansible roles]# vim /etc/ansible/site.yml
---
- hosts: webservers
remote_user: root
roles:
- nginx
- hosts: dbservers
remote_user: root
roles:
- mysql
- hosts: phpservers
remote_user: root
roles:
- php
4.7 修改主机清单
[webservers]
192.168.122.11
[dbservers]
192.168.122.12
[phpservers]
192.168.122.13
4.8 nginx模块
4.8.1 编写任务脚本
[root@ansible ansible]# vim /etc/ansible/roles/nginx/tasks/main.yml
---
- name: create nginx_yum
copy: src=/etc/ansible/roles/nginx/files/nginx.repo dest=/etc/yum.repos.d/nginx.repo
- name: install apache
yum: name={{pkg}} state=latest
- name: modify configuration file
copy: src=/etc/ansible/roles/nginx/files/default.conf dest=/etc/nginx/conf.d/default.conf
- name: start apache
service: enabled=true name={{svc}} state=started
- name: create php_test web
copy: src=/etc/ansible/roles/nginx/files/index.php dest=/usr/share/nginx/html/index.php
- name: create mysql_test web
copy: src=/etc/ansible/roles/nginx/files/mysql.php dest=/usr/share/nginx/html/mysql.php
- name: install nfs
yum: name=nfs-utils state=present
- name: nfs_share
copy: content="/usr/share/nginx/html/ 192.168.122.0/24(rw)" dest=/etc/exports
- name: start nfs
service: name=nfs state=restarted enabled=yes
4.8.2 定义变量
可以定义在全局变量中,也可以定义在roles角色变量中,一般定义在角色变量中
[root@ansible ansible]# vim /etc/ansible/roles/nginx/vars/main.yml
pkg: nginx
svc: nginx
4.8.3 准备nginx.repo文件
[root@ansible files]# vim /etc/ansible/roles/nginx/files/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1
4.8.4 准备nginx配置文件default.conf
取消location ~ .php$域的注释,
修改fastcgi_pass为php的IP和端口
修改fastcgi_param为SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
[root@ansible files]# egrep -v ^' '*# /etc/ansible/roles/nginx/files/default.conf | grep -v '^$'
server {
listen 80;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root html;
fastcgi_pass 192.168.122.13:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
}
4.8.5 准备测试网页index.php
index.php(用于测试php与nginx的连接)
[root@ansible files]# vim /etc/ansible/roles/nginx/files/index.php
<?php
phpinfo();
?>
mysql.php(用于测试php与mysql的连接)
[root@ansible files]# vim /etc/ansible/roles/nginx/files/mysql.php
<?php
$link=mysqli_connect('192.168.122.12','root','Admin@123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>
4.9 mysql模块
编写任务脚本
[root@ansible ansible]# vim /etc/ansible/roles/mysql/tasks/main.yml
---
- name: clean mariadb
yum: name=mariadb state=absent
- name: get mysql download source
command: wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
#get_url: url=http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm dest=/etc/yum.repos.d/mysql57-community-release-el7-10.noarch.rpm
- name: install mysql5.7
yum: name=mysql57-community-release-el7-10.noarch.rpm
- name: install mysql-community-server
yum: name=mysql-community-server state=latest
- name: start mysql
service: enabled=true name=mysqld state=started
- name: change passwd
shell: mysqladmin -u root -p"$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}')" password 'Admin@123'
ignore_errors: yes
- name: grant pribileges
command: mysql -uroot -p"Admin@123" -e 'grant all privileges on *.* to root@"%" identified by "Admin@123" with grant option;'
- name: flush privileges
command: mysql -uroot -p"Admin@123" -e 'flush privileges;'
- name: stop auto-update
yum: name=mysql57-community-release-el7-10.noarch state=absent
- name: install nfs
yum: name=nfs-utils state=present
- name: nfs_share
copy: content="/var/lib/mysql/ 192.168.122.0/24(rw)" dest=/etc/exports
- name: start nfs
service: name=nfs state=restarted enabled=yes
4.10 php模块
4.10.1 编写任务脚本
[root@ansible ansible]# vim /etc/ansible/roles/php/tasks/main.yml
---
- name: get epel download source
command: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- name: get webtatic download source
command: rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- name: install php7.2
command: yum -y install php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache php72w-redis
- name: modify www.conf
copy: src=/etc/ansible/roles/php/files/www.conf dest=/etc/php-fpm.d/www.conf
- name: modify php.ini
copy: src=/etc/ansible/roles/php/files/php-ini dest=/etc/php.ini
- name: create nginx directory
file: path=/usr/share/nginx/html/ state=directory mode=777 recurse=yes
- name: create mysql directory
file: path=/var/lib/mysql/ state=directory mode=777 recurse=yes
- name: mount nginx
mount: src=192.168.122.11:/usr/share/nginx/html/ path=/usr/share/nginx/html/ fstype=nfs state=mounted
- name: mounnt mysql
mount: src=192.168.122.12:/var/lib/mysql/ path=/var/lib/mysql/ fstype=nfs state=mounted
- name: start php
service: name=php-fpm enabled=true state=started
4.10.2 准备www.conf文件
修改listen监听IP和端口为0.0.0.0:9000
修改listen.allowed_clients = 192.168.122.11,设置为nginx的IP地址
[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/www.conf
[www]
user = apache
group = apache
listen = 0.0.0.0:9000
listen.allowed_clients = 192.168.122.11
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
4.10.3 准备php.ini文件
877行,修改date.timezone = Asia/Shanghai
1097行,修改mysqli.default_socket = /var/lib/mysql/mysql.sock
[root@ansible files]# egrep -v "^;|^$" /etc/ansible/roles/php/files/php-ini
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = 17
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Asia/Shanghai
[filter]
[iconv]
[intl]
[sqlite]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
sendmail_path = /usr/sbin/sendmail -t -i
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket = /var/lib/mysql/mysql.sock
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
[Assertion]
zend.assertions = -1
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[curl]
[openssl]
4.11 执行site.yml脚本
[root@ansible roles]# cd /etc/ansible
[root@ansible ansible]# ansible-playbook site.yml
4.12 访问测试网页
访问192.168.122.11/index.php,测试php与nginx的接连
访问192.168.122.11/mysql.php,测试php与mysql的连接