使用roles部署PHP
环境
外网IP |
内网IP |
主机名 |
10.0.0.5 |
172.16.1.5 |
lb01 (负载均衡) |
10.0.0.6 |
172.16.1.6 |
lb02 |
10.0.0.7 |
172.16.1.7 |
web01(服务器) |
10.0.0.8 |
172.16.1.8 |
web02 |
10.0.0.9 |
172.16.1.9 |
web03 |
10.0.0.31 |
172.16.1.31 |
nfs (共享存储) |
10.0.0.41 |
172.16.1.41 |
backup |
10.0.0.51 |
172.16.1.51 |
db01 (数据库) |
10.0.0.52 |
172.16.1.52 |
db02 |
10.0.0.53 |
172.16.1.53 |
db03(代理机) |
10.0.0.54 |
172.16.1.54 |
db04(代理机) |
10.0.0.61 |
172.16.1.61 |
m01 (跳板机) |
10.0.0.71 |
172.16.1.71 |
zabbix |
流程分析
1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
1.安装PHP
2.拷贝PHP配置文件
3.启动PHP
推送公钥
1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81
ansible优化
1.下载
[root@m01 ~]# yum install -y ansible
2.优化
[root@m01 ~]# vim /etc/ansible/ansible.cfg #改为
host_key_checking = False
配置主机清单
[root@m01 ~]# vim /root/ansible/hosts
#[]标签名任意,但是最好不要用特殊符号(- | &)和大写字母,中文(不能是nginx)
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
前戏
1.上传PHP安装包
2.把PHP配置文件放到files目录
PHP配置文件
[root@m01 roles]# cat php/templates/www.conf.j2
[www]
user = {{ user_group }}
group = {{ user_group }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
创建角色
[root@m01 roles]# ansible-galaxy init php
编辑tasks目录
1.解压
[root@m01 php]# vim tasks/jieya.yml
- name: unarchive php-packages
unarchive:
src: php-71.tar.gz
dest: "{{ php_packages_pos }}"
2.安装
[root@m01 php]# vim tasks/install.yml
- name: install php
shell: "{{ item }}"
with_items:
- "yum remove -y php-common"
- "yum install -y {{ php_packages_pos }}/{{ php_packages_name }}/*rpm"
ignore_errors: yes
3.拷贝
[root@m01 php]# vim tasks/copy.yml
- name: copy php packages
template:
src: www.conf.j2
dest: "/etc/php-fpm.d/www.conf"
notify:
- "reload php"
4.启动
[root@m01 php]# vim tasks/start.yml
- name: start php
service:
name: php-fpm
state: started
enabled: yes
5.include
[root@m01 php]# vim tasks/main.yml
- include: jieya.yml
- include: install.yml
- include: copy.yml
- include: start.yml
6.触发器
[root@m01 php]# vim handlers/main.yml
- name: reload php
service:
name: php-fpm
state: reloaded
7.依赖
[root@m01 php]# vim meta/main.yml
dependencies:
- { role: base }
8.变量
[root@m01 php]# vim vars/main.yml
#php安装包的解压位置
php_packages_pos: "/tmp"
#php解压后的包名
php_packages_name: "php-71"
#php安装包
php_packages:
- "autoconf-2.69-11.el7.noarch.rpm"
- "automake-1.13.4-3.el7.noarch.rpm"
- "libjpeg-turbo-1.2.90-8.el7.x86_64.rpm"
- "libmcrypt-2.5.8-13.el7.x86_64.rpm"
- "libmemcached-1.0.16-5.el7.x86_64.rpm"
- "libX11-1.6.7-2.el7.x86_64.rpm"
- "libX11-common-1.6.7-2.el7.noarch.rpm"
- "libXau-1.0.8-2.1.el7.x86_64.rpm"
- "libxcb-1.13-1.el7.x86_64.rpm"
- "libXpm-3.5.12-1.el7.x86_64.rpm"
- "m4-1.4.16-10.el7.x86_64.rpm"
- "mod_php71w-7.1.33-1.w7.x86_64.rpm"
- "pcre-devel-8.32-17.el7.x86_64.rpm"
- "perl-Data-Dumper-2.145-3.el7.x86_64.rpm"
- "perl-Test-Harness-3.28-3.el7.noarch.rpm"
- "perl-Thread-Queue-3.02-2.el7.noarch.rpm"
- "php71w-cli-7.1.33-1.w7.x86_64.rpm"
- "php71w-common-7.1.33-1.w7.x86_64.rpm"
- "php71w-devel-7.1.33-1.w7.x86_64.rpm"
- "php71w-embedded-7.1.33-1.w7.x86_64.rpm"
- "php71w-fpm-7.1.33-1.w7.x86_64.rpm"
- "php71w-gd-7.1.33-1.w7.x86_64.rpm"
- "php71w-mbstring-7.1.33-1.w7.x86_64.rpm"
- "php71w-mcrypt-7.1.33-1.w7.x86_64.rpm"
- "php71w-mysqlnd-7.1.33-1.w7.x86_64.rpm"
- "php71w-opcache-7.1.33-1.w7.x86_64.rpm"
- "php71w-pdo-7.1.33-1.w7.x86_64.rpm"
- "php71w-pear-1.10.4-1.w7.noarch.rpm"
- "php71w-pecl-igbinary-2.0.5-1.w7.x86_64.rpm"
- "php71w-pecl-memcached-3.0.4-1.w7.x86_64.rpm"
- "php71w-pecl-mongodb-1.5.3-1.w7.x86_64.rpm"
- "php71w-pecl-redis-3.1.6-1.w7.x86_64.rpm"
- "php71w-process-7.1.33-1.w7.x86_64.rpm"
- "php71w-xml-7.1.33-1.w7.x86_64.rpm"
编辑入口文件
[root@m01 roles]# vim site.yml
- hosts: web01
roles:
- { role: base }
#- { role: rsync_client,when: ansible_fqdn is match 'web*' }
#- { role: rsync_client,when: ansible_fqdn is match 'nfs*' }
#- { role: rsync_server,when: ansible_fqdn is match 'backup*' }
#- { role: nfs_server,when: ansible_fqdn is match 'nfs*' }
#- { role: nfs_client,when: ansible_fqdn is match 'web*' }
#- { role: mount_server,when: ansible_fqdn is match 'nfs*' }
#- { role: mount_client,when: ansible_fqdn is match 'web*' }
#- { role: sersync,when: ansible_fqdn is match 'web*' }
#- { role: nginx_web,when: ansible_fqdn is match 'web*' }
#- { role: nginx_lb,when: ansible_fqdn is match 'lb*' }
#- { role: keepalived_lb,when: ansible_fqdn is match 'nfs*' }
- { role: php,when: ansible_fqdn is match 'web*' }
执行
[root@m01 roles]# ansible-playbook site.yml