ansible之运用playbook分离部署lamp(2.0)
环境说明
| 主机 | ip | 属性 | 系统 |
|---|---|---|---|
| node1 | 192.168.94.141 | httpd | rhel8 |
| node2 | 192.168.94.143 | mysql | rhel8 |
| node3 | 192.168.94.144 | php | rhel8 |
lamp项目目录结构
[root@node0 lamp]# tree .
.
├── ansible.cfg
├── app
│ └── php
│ ├── gpgkeys
│ │ └── RPM-GPG-KEY-EPEL-8
│ ├── packages
│ │ └── epel-release-latest-8.noarch.rpm
│ └── php.yml
├── base.yml
├── database
│ └── mysql
│ ├── chpass.yml
│ ├── host_vars
│ │ ├── node2
│ │ └── pass.yml
│ ├── mysql.yml
│ ├── packages
│ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ └── tasks
│ └── mysqlstart_task.yml
├── inventory
├── test.yml
├── web
│ └── apache
│ ├── host_vars
│ │ └── node1
│ ├── httpd.yml
│ ├── packages
│ │ ├── apr-1.7.0.tar.gz
│ │ ├── apr-util-1.6.1.tar.gz
│ │ └── httpd-2.4.46.tar.bz2
│ ├── tasks
│ │ └── httpdinstall_tasks.yml
│ └── template
│ └── httpd.conf.j2
└── yum
├── CentOS-Base.repo
├── epel-modular.repo
├── epel-playground.repo
├── epel.repo
├── epel-testing-modular.repo
├── epel-testing.repo
└── redhat.repo
httpd源码安装
- apache目录结构
[root@node0 apache]# tree .
.
├── host_vars
│ └── node1
├── httpd.yml
├── packages
│ ├── apr-1.7.0.tar.gz
│ ├── apr-util-1.6.1.tar.gz
│ └── httpd-2.4.46.tar.bz2
├── tasks
│ └── httpdinstall_tasks.yml
└── template
└── httpd.conf.j2
- node1定义的变量
[root@node0 apache]# cat host_vars/node1
username: apache # 定义用户apache
path: /opt/ # 定义路径变量,用户可根据需求自行更改安装包存放位置
packages: # 定义依赖关系包
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- "gcc-c++"
- "@Development tools"
- 配置的任务yml文件
#由于源码安装,则调用shell模块安装
[root@node0 apache]# cat tasks/httpdinstall_tasks.yml
- name: install apr
shell: >
cd {{ path }}/apr-1.7.0/ &&
./configure --prefix=/usr/local/apr &&
make &&
make install &&
cd ..
- name: install apr-util
shell: >
cd {{ path }}/apr-util-1.6.1/ &&
./configure
--prefix=/usr/local/apr-util
--with-apr=/usr/local/apr &&
make &&
make install &&
cd ..
- name: install apr
shell: >
cd {{ path }}/httpd-2.4.46/ &&
./configure --prefix=/usr/local/apache
--sysconfdir=/etc/httpd24
--enable-so
--enable-ssl
--enable-cgi
--enable-rewrite
--with-zlib
--with-pcre
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util/
--enable-modules=most
--enable-mpms-shared=all
--with-mpm=prefork &&
make &&
make install &&
cd ..
- name: environment config
shell: >
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh &&
source /etc/profile.d/httpd.sh
- httpd配置文件模板需要更改的地方
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName www.example.com:80 #取消注释
<IfModule dir_module>
DirectoryIndex index.php index.html #该行添加index.php
</IfModule>
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#添加下面这两行
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
LoadModule proxy_module modules/mod_proxy.so #取消注释
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so #取消注释
<VirtualHost *:80> #添加虚拟主机
DocumentRoot "/usr/local/apache/htdocs/"
ServerName phptest.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.94.144:9000/var/www/html/$1
<Directory "/usr/local/apache/htdocs/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
- httpd服务安装剧本
[root@node0 apache]# cat httpd.yml
---
- name: deploy
gather_facts: no
hosts: node1
vars_files: ./host_vars/node1 #指定变量文件位置
tasks:
- name: apacheuser add
user:
name: '{{ username }}' # 用户创建
shell: /sbin/nologin
create_home: false
system: true
- name: deploy environment #安装依赖包
yum:
name: '{{ packages }}'
state: present
- name: copy httpd file #部署软件包
copy:
src: ./packages/
dest: '{{ path }}' #变量为opt,则复制到opt目录下
- name: uzip file #调用变量path,切换该目录解压
shell: >
cd {{ path }} &&
tar xf apr-1.7.0.tar.gz &&
tar xf apr-util-1.6.1.tar.gz &&
tar xf httpd-2.4.46.tar.bz2
- name: httpd install #安装httpd选择导入任务文件
import_tasks: ./tasks/httpdinstall_tasks.yml
- name: symbolic link create
file: #调用file模块创建软连接
src: /usr/local/apache/include
dest: /usr/local/include/httpd
state: link
- name: httpd-php config
template: #调用配置好的httpd模板文件
src: ./template/httpd.conf.j2
dest: /etc/httpd24/httpd.conf
backup: yes
- name: start service
shell: "/usr/local/apache/bin/apachectl start"
- 运行剧本
[root@node0 apache]# ansible-playbook httpd.yml
//查看端口
[root@node0 apache]# ansible node1 -a 'ss -antl'
node1 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 [::]:22 [::]:*
mysql安装部署
- mysql目录结构
[root@node0 mysql]# tree .
.
├── chpass.yml
├── host_vars
│ ├── node2
│ └── pass.yml
├── mysql.yml
├── packages
│ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
└── tasks
└── mysqlstart_task.yml
- node2定义的变量
//定义的变量
[root@node0 mysql]# cat host_vars/node2
username: mysql
path: /opt/data #定义数据库数据存放位置
pkgpath: /root/ #定义安装包存放位置
packages:
- "ncurses-devel"
- "openssl-devel"
- openssl
- cmake
- "mariadb-devel"
- gcc
- "gcc-c++"
- "ncurses-compat-libs*"
//定义的机密变量
[root@node0 mysql]# ansible-vault view host_vars/pass.yml
Vault password: (123456)
---
password: fxx123 #定义机密变量password为mysql新密码
- mysql服务安装剧本
[root@node0 mysql]# cat mysql.yml
---
- name: deploy
vars_files:
- ./host_vars/pass.yml
- ./host_vars/node2
hosts: node2
tasks:
- name: mysqluser add
user:
name: '{{ username }}'
shell: /sbin/nologin
create_home: false
system: true
- name: deploy environment
yum:
name: '{{ packages }}'
state: present
- name: copy mysql to node2
copy:
src: ./packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: '{{ pkgpath }}' #调用包路径变量
- name: unzip mysql #解压包
shell: 'tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
- name: create symbolic link1 #创建软连接
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
dest: /usr/local/mysql
owner: mysql
group: mysql
state: link
- name: create symbolic link2 #创建软连接
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64/include
dest: /usr/local/include/mysql
state: link
- name: create data directory #创建数据存放目录
file:
path: '{{ path }}'
state: directory
mode: '0755'
- name: change ownership #更改目录属主组为mysql
shell: 'chown -R mysql:mysql /usr/local/mysql* && chown -R mysql:mysql /opt/data/'
- name: environment variable #配置环境变量
shell: >
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh &&
source /etc/profile.d/mysql.sh
- name: mysql config
lineinfile:
path: /etc/my.cnf
line: |
[mysqld]
basedir = /usr/local/mysql
datadir = {{ path }}
socket = /tmp/mysql.sock
port = 3306
pid-file = {{ path }}/mysql.pid
user = mysql
skip-name-resolve
state: present
- name: man config
lineinfile:
path: /etc/man_db.conf
line: 'MANDATORY_MANPATH /usr/local/mysql/man'
state: present
- name: start service
import_tasks: ./tasks/mysqlstart_task.yml
- name: change mysql pass
shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/.sql)" --connect-expired-password -e "set password = password(\"{{ password }}\");"
- 运行剧本
//运行剧本(调用机密文件)
[root@node0 mysql]# ansible-playbook --vault-id @prompt mysql.yml
Vault password (default):
PLAY [deploy] *******************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************
ok: [node2]
TASK [mysqluser add] ************************************************************************************************
ok: [node2]
TASK [deploy environment] *******************************************************************************************
ok: [node2]
TASK [copy mysql to node2] ******************************************************************************************
ok: [node2]
TASK [unzip mysql] **************************************************************************************************
[WARNING]: Consider using the unarchive module rather than running 'tar'. If you need to use command because
unarchive is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
changed: [node2]
TASK [create symbolic link1] ****************************************************************************************
changed: [node2]
TASK [create symbolic link2] ****************************************************************************************
ok: [node2]
TASK [create data directory] ****************************************************************************************
ok: [node2]
TASK [change ownership] *********************************************************************************************
[WARNING]: Consider using the file module with owner rather than running 'chown'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
changed: [node2]
TASK [environment variable] *****************************************************************************************
changed: [node2]
TASK [mysql config] *************************************************************************************************
changed: [node2]
TASK [man config] ***************************************************************************************************
ok: [node2]
TASK [lib config] ***************************************************************************************************
changed: [node2]
TASK [copy mysql.server] ********************************************************************************************
changed: [node2]
TASK [mysqld config] ************************************************************************************************
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If you need to use
command because replace, lineinfile or template is insufficient you can add 'warn: false' to this command task or
set 'command_warnings=False' in ansible.cfg to get rid of this message.
changed: [node2]
TASK [initialize mysql & get pass] **********************************************************************************
changed: [node2]
TASK [change mysql pass] ********************************************************************************************
changed: [node2]
PLAY RECAP **********************************************************************************************************
node2 : ok=17 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//查看端口验证
[root@node0 mysql]# ansible node2 -m shell -a 'ss -antl'
node2 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
php安装
- php目录结构
[root@node0 php]# tree .
.
├── gpgkeys
│ └── RPM-GPG-KEY-EPEL-8
├── packages
│ └── epel-release-latest-8.noarch.rpm
└── php.yml
- php剧本
[root@node0 php]# cat php.yml
---
- name: php install
gather_facts: no
hosts: node3
tasks:
- name: copy key
copy:
src: ./gpgkeys/RPM-GPG-KEY-EPEL-8
dest: /etc/pki/rpm-gpg/
- name: install tools
dnf:
name: '@Development Tools'
state: present
- name: install dependence packages
dnf:
name: '{{ item }}'
state: present
loop:
- libxml2
- 'libxml2-devel'
- openssl
- 'openssl-devel'
- bzip2
- 'bzip2-devel'
- libcurl
- 'libcurl-devel'
- 'libicu-devel'
- libjpeg
- 'libjpeg-devel'
- libpng
- 'libpng-devel'
- 'openldap-devel'
- 'pcre-devel'
- freetype
- 'freetype-devel'
- gmp
- 'gmp-devel'
- libmcrypt
- 'libmcrypt-devel'
- readline
- 'readline-devel'
- libxslt
- 'libxslt-devel'
- mhash
- 'mhash-devel'
- 'php-mysqlnd'
- name: install php
dnf:
name: php-*
state: present
- name: start php
shell: 'systemctl enable --now php-fpm'
- name: add listen socket
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen ='
line: listen = 0.0.0.0:9000
- name: create php testpage
shell: 'echo -e "<?php\n\tphpinfo();\n?>" > /var/www/html/index.php'
- name: change owner
shell: 'chown -R apache:apache /var/www/html/'
- name: phpconfig
hosts: node1,node3
tasks:
- name: add listen client
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients ='
line: listen.allowed_clients = {{ hostvars['node1']['ansible_default_ipv4']['address'] }}
ignore_errors: yes
- name: restart php
gather_facts: no
hosts: node3
tasks:
- name: restart service
service:
name: php-fpm
state: restarted
- name: restart httpd
gather_facts: no
hosts: node1
tasks:
- name: restart apache
shell: "/usr/local/apache/bin/apachectl restart"
- 测试验证
