ansible搭建wordpress,安装nfs和rsync

ansible-playbook变量

作业:

搭建WordPress

安装nfs,rsync

使用变量

环境准备

服务器名 外网IP 内网IP 角色
web01 10.0.0.7 172.16.1.7 被控端
web02 10.0.0.8 172.16.1.8 被控端
nfs 10.0.0.31 172.16.1.31 被控端
backup 10.0.0.41 172.16.1.41 被控端
m01 10.0.0.61 172.16.1.61 控制端
db01 10.0.0.51 172.16.1.51 被控端

服务准备

WordPress安装包,添加主机配置清单,获取密钥对,发送公钥

编辑主机管理清单,编辑调用变量文件,编辑ansible-playbook剧本

m01管理端配置

# 下载ansible
[root@m01 ~]# yum install -y ansible
# 修改ansible配置文件
[root@m01 ~]# vim /etc/ansible/ansible.cfg 
# 开启ansible的日志
log_path = /var/log/ansible.log
# 默认模块由command改成shell
module_name = shell
# 检查对应服务器的主机密钥,打开注释
host_key_checking = False
# 添加主机清单
[root@m01 ~]# !v
vim /etc/ansible/hosts 

[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
# web03 ansible_ssh_host=10.0.0.9
[backup_group]
backup ansible_ssh_host=10.0.0.41
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[rsync:children]
backup_group
[db_group]
db01 ansible_ssh_host=10.0.0.51
~          
# 生成密钥
[root@m01 ~]# ssh-keygen
# 把公钥发送给被控端服务器
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.31
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.41
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.9
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.8
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.7
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.51


# wordpress配置
[root@m01 ansible]# ll
total 16
drwxr-xr-x 2 root root   21 Jun 11 21:34 cron
-rw-r--r-- 1 root root 5281 Jun 11 21:53 deployment.yml
-rw-r--r-- 1 root root  181 Jun 11 21:55 distrubute.sh
drwxr-xr-x 2 root root   40 Jun 11 18:22 group_vars
drwxr-xr-x 2 root root   17 Jun 11 11:24 host_vars
drwxr-xr-x 3 root root   38 Jun 11 19:23 nginx
drwxr-xr-x 2 root root   61 Jun 11 19:38 package
drwxr-xr-x 2 root root   22 Jun 11 20:29 php
drwxr-xr-x 2 root root   25 Jun 11 21:40 rsyncd
-rw-r--r-- 1 root root  259 Jun 11 20:19 test.yml
[root@m01 ansible]# tree
.
├── cron
│   └── cron.sh     # 定时推送 nfs 共享存储目录的脚本
├── deployment.yml  # playbook
├── distrubute.sh   # 分发公钥脚本
├── group_vars
│   ├── nfs_group   # 没用上
│   └── web_group   # 需要卸载的安装包名称(php残留,安装php71w之前要remove的软件包)
├── host_vars
│   └── nfs         # 没用上
├── nginx
│   ├── conf.d      # 配置文件目录
│   │   └── blog.wqh.com.conf  # nginx 虚拟主机配置文件
│   └── nginx.conf	# 主配置文件
├── package
│   ├── nginx_php.zip 		   # nginx-1.18  php71w
│   └── wordpress-5.4-zh_CN.tar.gz # wordpress软件包,传送到客户端前修改好属主和数据库连接文件
├── php
│   └── www.conf	# php-fpm 配置文件
├── rsyncd
│   └── rsyncd.conf	# rsyncd 配置文件
└── test.yml

ansible-playbook

# firewalld & selinux 基本配置,创建一个统一的运行各服务的用户
- hosts: all
  gather_facts: no
  tasks:
    - name: start all firewalld service
      service: 
        name: firewalld
        state: started
        enabled: true
    - name: stop selinux
      selinux:
        state: disabled
    - name: create run-group
      group:
        name: seven 
        gid: 777
        state: present
    - name: create run-user
      user:
        name: seven
        group: seven
        uid: 777
        shell: /sbin/nologin
        create_home: false
        state: present
    


# 开放各主机各部分服务需要开放的端口(web_group:80,nfs:nfs,backup:873,db01:3306)
- hosts: web_group
  gather_facts: no
  tasks: 
    - name: open 80
      firewalld:
        port: 80/tcp
        state: enabled
        permanent: no 
- hosts: nfs
  gather_facts: no
  tasks: 
    - name: open nfs 
      firewalld:
        service: nfs
        state: enabled
        permanent: no 
- hosts: backup
  gather_facts: no
  tasks: 
    - name: open 873
      firewalld:
        port: 873/tcp
        state: enabled
        permanent: no 
- hosts: db01
  gather_facts: no
  tasks: 
    - name: open 3306
      firewalld:
        port: 3306/tcp
        state: enabled
        permanent: no 

# 安装 nfs
- hosts: nfs,web_group
  gather_facts: no
  tasks:
    - name: install nfs
      yum: 
        name: nfs-utils
        state: present 
# 安装 rsync
- hosts: backup,nfs
  gather_facts: no 
  tasks:
    - name: install rsync
      yum:
        name: rsync
        state: present
# 安装 mariadb
- hosts: db_group
  gather_facts: no
  tasks:
    - name: install mariadb
      yum:
        name: mariadb-server
        state: present

# 配置 backup —— rsyncd
- hosts: backup
  gather_facts: no
  tasks:
    - name: configure rsyncd.conf
      copy:
        src: /root/ansible/rsyncd/rsyncd.conf
        dest: /etc/rsyncd.conf
    - name: configure secret file
      copy:
        content: rsync_backup:123
        dest: /etc/rsync.passwd
        mode: 0600
        owner: root
        group: root
    - name: configure /wp_backup directory
      file:
        path: /wp_backup
        state: directory
        owner: seven
        group: seven
    - name: start rsyncd
      service: 
        name: rsyncd
        state: started

# 配置 nfs —— nfs-server
- hosts: nfs
  gather_facts: no
  tasks:
    - name: configure /etc/exports
      copy: 
        content: /wp_data 172.16.1.0/24(rw,sync,all_squash,anonuid=777,anongid=777)
        dest: /etc/exports
    - name: create mounted directory
      file: 
        path: /wp_data
        state: directory
        owner: seven
        group: seven
    - name: restart nfs
      service: 
        name: nfs
        state: restarted
    # 与 rsync 相关的配置
    - name: create secret file
      copy:
        content: 123
        dest: /etc/rsync.passwd
        mode: 0600
        owner: root
        group: root
    - name: send cron.sh 
      copy:
        src: /root/ansible/cron/cron.sh
        dest: /root
    - name: rsync cron
      cron:
        name: ansible rsync task
        job: "/bin/sh /root/cron.sh &>/dev/null"



# 安装 nginx & php
- hosts: web_group
  gather_facts: no
  tasks:
    # 先判断 php.ini, nginx.conf 是否存在
    - name: if or not exist
      shell: "ls -l /etc/php.ini && ls -l /etc/nginx/nginx.conf"
      register: exist_info
      ignore_errors: yes
    - name: msg
      debug:
        msg: "{{ exist_info.rc  }}"
    # 如果 php.ini, nginx.conf 不存在, 清理以前相关的 php 软件 , 重新安装 php-fpm 和 nginx
    - name: uninstall old_ngx_php
      yum:
        name: "{{ old_ngx_php }}"
        state: absent
      when: exist_info.rc != 0
    - name: unarchive nginx_php
      unarchive:
        src: /root/ansible/package/nginx_php.zip
        dest: /root
      when: exist_info.rc != 0
    - name: install ngx_php ,when not exist
      shell: "cd /root/nginx_php/ && rpm -Uvh *.rpm"
      when: exist_info.rc != 0
    # 安装完成,配置 nginx
    - name: configrue nginx.conf
      copy:
        src: /root/ansible/nginx/nginx.conf
        dest: /etc/nginx
    - name: configrue conf.d
      copy:
        src: /root/ansible/nginx/conf.d
        dest: /etc/nginx
    # 配置 php-fpm
    - name: configure www.conf
      copy:
        src: /root/ansible/php/www.conf
        dest: /etc/php-fpm.d/

    # 创建站点目录,解压 wordpress到站点目录,wordpress的数据库配置以及属主已经修改完成
    - name: make website directory
      file:
        path: /website
        state: directory
        mode: 0755
        owner: seven
        group: seven
    - name: unarchive wordpress to /website
      unarchive:
        src: /root/ansible/package/wordpress-5.4-zh_CN.tar.gz
        dest: /website
    # 挂载 uploads 目录
    - name: mount nfs's directory
      mount:
        path: /website/wordpress/wp-content/uploads
        src: 172.16.1.31:/wp_data
        fstype: nfs
        state: mounted
    # 启动 nginx  php-fpm 服务
    - name: start nginx
      service:
        name: nginx
        state: restarted
    - name: start php-fpm
      service:    
        name: php-fpm
        state: restarted
posted @ 2020-07-23 18:56  王顺子  阅读(240)  评论(0编辑  收藏  举报