ansible剧本实战(lamp为例)
环境说明
| 主机 | ip | 属性 | 系统 |
|---|---|---|---|
| node1 | 192.168.94.141 | httpd | rhel8 |
| node2 | 192.168.94.143 | mysql | rhel8 |
| node3 | 192.168.94.144 | php | rhel8 |
lamp项目目录结构
[root@node0 project]# tree .
.
└── modules
├── app
│ └── php
│ ├── gpgkeys
│ │ └── RPM-GPG-KEY-EPEL-8
│ ├── install.yml
│ └── packages
│ └── epel-release-latest-8.noarch.rpm
├── database
│ └── mysql
│ ├── host_vars
│ │ ├── node2
│ │ └── pass.yml
│ ├── install.yml
│ ├── packages
│ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ └── tasks
│ └── mysqlstart_task.yml
├── lamp
│ ├── ansible.cfg
│ ├── base.yml
│ ├── install.yml
│ ├── inventory
│ └── template
│ └── httpd.conf.j2
├── web
│ └── apache
│ ├── host_vars
│ │ └── node1
│ ├── install.yml
│ ├── packages
│ │ ├── apr-1.7.0.tar.gz
│ │ ├── apr-util-1.6.1.tar.gz
│ │ └── httpd-2.4.46.tar.bz2
│ └── tasks
│ └── httpdinstall_tasks.yml
└── yum
├── CentOS-Base.repo
├── epel-modular.repo
├── epel-playground.repo
├── epel.repo
├── epel-testing-modular.repo
├── epel-testing.repo
└── redhat.repo
apache端配置
- 源码包
[root@node0 apache]# ll packages/
total 8636
-rw-r--r--. 1 root root 1093896 Jan 4 11:21 apr-1.7.0.tar.gz
-rw-r--r--. 1 root root 554301 Jan 4 11:21 apr-util-1.6.1.tar.gz
-rw-r--r--. 1 root root 7187805 Jan 4 11:21 httpd-2.4.46.tar.bz2
- node1端定义的变量
[root@node0 host_vars]# cat node1
username: apache
path: /opt/
packages:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- "gcc-c++"
- "@Development tools"
- apache安装剧本
[root@node0 apache]# cat httpd.yml
---
- name: deploy
gather_facts: no
hosts: node1
vars_files: ./host_vars/node1
tasks:
- name: apacheuser add
user:
name: '{{ username }}'
shell: /sbin/nologin
create_home: false
system: true
- name: deploy environment
yum:
name: '{{ packages }}'
state: present
- name: copy httpd file
copy:
src: ./packages/
dest: '{{ path }}'
- name: uzip file
shell: >
cd {{ path }} &&
tar xf apr-1.7.0.tar.gz &&
tar xf apr-util-1.6.1.tar.gz &&
tar xf httpd-2.4.46.tar.bz2
- name: httpd install
import_tasks: ./tasks/httpdinstall_tasks.yml
- 导入剧本的安装任务
[root@node0 apache]# cat tasks/httpdinstall_tasks.yml
- name: install apr
shell: >
cd {{ path }}/apr-1.7.0/ &&
./configure --prefix=/usr/local/apr &&
make &&
make install &&
cd ..
- name: install apr-util
shell: >
cd {{ path }}/apr-util-1.6.1/ &&
./configure
--prefix=/usr/local/apr-util
--with-apr=/usr/local/apr &&
make &&
make install &&
cd ..
- name: install apr
shell: >
cd {{ path }}/httpd-2.4.46/ &&
./configure --prefix=/usr/local/apache
--sysconfdir=/etc/httpd24
--enable-so
--enable-ssl
--enable-cgi
--enable-rewrite
--with-zlib
--with-pcre
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util/
--enable-modules=most
--enable-mpms-shared=all
--with-mpm=prefork &&
make &&
make install &&
cd ..
- name: environment config
shell: >
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh &&
source /etc/profile.d/httpd.sh
mysql端配置
- 二进制包存放路径
[root@node0 mysql]# ll packages/
total 367716
-rw-r--r--. 1 root root 376537503 Jan 4 11:21 mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
- node2端定义的变量
[root@node0 mysql]# cat host_vars/node2
username: mysql
path: /opt/data
pkgpath: /root/
packages:
- "ncurses-devel"
- "openssl-devel"
- openssl
- cmake
- "mariadb-devel"
- gcc
- "gcc-c++"
- "ncurses-compat-libs*"
//机密变量
[root@node0 mysql]# ansible-vault decrypt host_vars/pass.yml
Vault password:
Decryption successful
[root@node0 mysql]# cat host_vars/pass.yml
---
password: fxx123
- mysql的安装剧本
[root@node0 mysql]# cat mysql.yml
---
- name: deploy
vars_files:
- ./host_vars/pass.yml
- ./host_vars/node2
hosts: node2
tasks:
- name: mysqluser add
user:
name: '{{ username }}'
shell: /sbin/nologin
create_home: false
system: true
- name: deploy environment
yum:
name: '{{ packages }}'
state: present
- name: copy mysql to node2
copy:
src: ./packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: '{{ pkgpath }}'
- name: unzip mysql
shell: 'tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
- mysql的启动任务
[root@node0 mysql]# cat tasks/mysqlstart_task.yml
---
- name: lib config
shell: >
echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf &&
ldconfig
- name: start shell
shell: >
cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld &&
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld &&
sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
- name: get pass
shell: "/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data > /root/.sql 2>&1"
- name: start service
shell: service mysqld start
php端配置
- epel源的安装包
[root@node0 php]# ll packages/
total 24
-rw-r--r--. 1 root root 22576 Dec 6 05:16 epel-release-latest-8.noarch.rpm
- php安装剧本
[root@node0 php]# cat php.yml
---
- name: php install
gather_facts: no
hosts: node3
tasks:
- name: copy key
copy:
src: ./gpgkeys/RPM-GPG-KEY-EPEL-8
dest: /etc/pki/rpm-gpg/
- name: install tools
dnf:
name: '@Development Tools'
state: present
- name: install dependence packages
dnf:
name: '{{ item }}'
state: present
loop:
- libxml2
- 'libxml2-devel'
- openssl
- 'openssl-devel'
- bzip2
- 'bzip2-devel'
- libcurl
- 'libcurl-devel'
- 'libicu-devel'
- libjpeg
- 'libjpeg-devel'
- libpng
- 'libpng-devel'
- 'openldap-devel'
- 'pcre-devel'
- freetype
- 'freetype-devel'
- gmp
- 'gmp-devel'
- libmcrypt
- 'libmcrypt-devel'
- readline
- 'readline-devel'
- libxslt
- 'libxslt-devel'
- mhash
- 'mhash-devel'
- 'php-mysqlnd'
- name: install php
dnf:
name: php-*
state: present
- name: start php
shell: 'systemctl enable --now php-fpm'
通用配置
- yum源
[root@node0 yum]# ll
total 28
-rw-r--r--. 1 root root 1683 Jan 4 19:09 CentOS-Base.repo
-rw-r--r--. 1 root root 1051 Jan 11 19:21 epel-modular.repo
-rw-r--r--. 1 root root 1133 Jan 11 19:21 epel-playground.repo
-rw-r--r--. 1 root root 988 Jan 11 19:21 epel.repo
-rw-r--r--. 1 root root 1150 Jan 11 19:21 epel-testing-modular.repo
-rw-r--r--. 1 root root 1087 Jan 11 19:21 epel-testing.repo
-rw-r--r--. 1 root root 358 Jan 4 19:09 redhat.repo
- lamp相关配置
[root@node0 lamp]# ll
total 32
-rw-r--r--. 1 root root 19977 Feb 20 16:40 ansible.cfg
-rw-r--r--. 1 root root 720 Feb 21 13:55 base.yml
-rw-r--r--. 1 root root 3439 Feb 21 13:08 install.yml
-rw-r--r--. 1 root root 26 Jan 17 13:02 inventory
drwxr-xr-x. 2 root root 27 Jan 21 00:45 template
- lamp通用配置
[root@node0 lamp]# cat base.yml
---
- name: environment config
hosts: lamp
tasks:
- name: stop service
service:
name: firewalld
enabled: no
- name: stop selinux1
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
- name: stop selinux2
shell: '/usr/sbin/setenforce 0'
- name: yum config
copy:
src: ../yum/
dest: /etc/yum.repos.d/
register: yumresult
- name: yum makecache
shell: 'yum clean all && yum makecache'
when: yumresult.changed == true
notify:
- reboot_lamphost
ignore_errors: yes
handlers:
- name: reboot_lamphost
shell: '/usr/sbin/reboot'
[root@node0 lamp]#
- lamp搭建相关配置
[root@node0 lamp]# cat install.yml
---
- name: install web server
import_playbook: ../web/apache/install.yml
- name: install mysql
import_playbook: ../database/mysql/install.yml
- name: install php
import_playbook: ../app/php/install.yml
- name: apache config
hosts: node1
tasks:
- name: symbolic link create
file:
src: /usr/local/apache/include
dest: /usr/local/include/httpd
state: link
- name: httpd-php config
template:
src: ./template/httpd.conf.j2
dest: /etc/httpd24/httpd.conf
backup: yes
- name: start service
shell: "/usr/local/apache/bin/apachectl start"
- name: mysql config
vars_files:
- ../database/mysql/host_vars/pass.yml
- ../database/mysql/host_vars/node2
hosts: node2
tasks:
- name: create symbolic link1
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
dest: /usr/local/mysql
owner: mysql
group: mysql
state: link
- name: create symbolic link2
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64/include
dest: /usr/local/include/mysql
state: link
- name: create data directory #创建数据存放目录
file:
path: '{{ path }}'
state: directory
mode: '0755'
- name: change ownership #更改目录属主组为mysql
shell: 'chown -R mysql:mysql /usr/local/mysql* && chown -R mysql:mysql /opt/data/'
- name: environment variable #配置环境变量
shell: >
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh &&
source /etc/profile.d/mysql.sh
- name: mysql config
lineinfile:
path: /etc/my.cnf
line: |
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
state: present
- name: man config
lineinfile:
path: /etc/man_db.conf
line: 'MANDATORY_MANPATH /usr/local/mysql/man'
state: present
- name: start service
import_tasks: ../database/mysql/tasks/mysqlstart_task.yml
- name: change mysql pass
shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/.sql)" --connect-expired-password -e "set password = password(\"{{ password }}\");"
- name: php config
hosts: node3
tasks:
- name: add listen socket
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen ='
line: listen = 0.0.0.0:9000
- name: create php testpage
shell: 'echo -e "<?php\n\tphpinfo();\n?>" > /var/www/html/index.php'
- name: change owner
shell: 'chown -R apache:apache /var/www/html/'
- name: phpconfig
hosts: node1,node3
tasks:
- name: add listen client
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients ='
line: listen.allowed_clients = {{ hostvars['node1']['ansible_default_ipv4']['address'] }}
ignore_errors: yes
- name: restart php
gather_facts: no
hosts: node3
tasks:
- name: restart service
service:
name: php-fpm
state: restarted
- name: restart httpd
gather_facts: no
hosts: node1
tasks:
- name: restart apache
shell: "/usr/local/apache/bin/apachectl restart"
- 测试运行
[root@node0 lamp]# ansible-playbook base.yml
[root@node0 lamp]# ansible-playbook --vault-id @prompt install.yml
