ansible搭建wordpress,安装nfs和rsync
ansible-playbook变量
作业:
搭建WordPress
安装nfs,rsync
使用变量
环境准备
服务器名 | 外网IP | 内网IP | 角色 |
---|---|---|---|
web01 | 10.0.0.7 | 172.16.1.7 | 被控端 |
web02 | 10.0.0.8 | 172.16.1.8 | 被控端 |
nfs | 10.0.0.31 | 172.16.1.31 | 被控端 |
backup | 10.0.0.41 | 172.16.1.41 | 被控端 |
m01 | 10.0.0.61 | 172.16.1.61 | 控制端 |
db01 | 10.0.0.51 | 172.16.1.51 | 被控端 |
服务准备
WordPress安装包,添加主机配置清单,获取密钥对,发送公钥
编辑主机管理清单,编辑调用变量文件,编辑ansible-playbook剧本
m01管理端配置
# 下载ansible
[root@m01 ~]# yum install -y ansible
# 修改ansible配置文件
[root@m01 ~]# vim /etc/ansible/ansible.cfg
# 开启ansible的日志
log_path = /var/log/ansible.log
# 默认模块由command改成shell
module_name = shell
# 检查对应服务器的主机密钥,打开注释
host_key_checking = False
# 添加主机清单
[root@m01 ~]# !v
vim /etc/ansible/hosts
[web_group]
web01 ansible_ssh_host=10.0.0.7
web02 ansible_ssh_host=10.0.0.8
# web03 ansible_ssh_host=10.0.0.9
[backup_group]
backup ansible_ssh_host=10.0.0.41
[nfs_group]
nfs ansible_ssh_host=10.0.0.31
[rsync:children]
backup_group
[db_group]
db01 ansible_ssh_host=10.0.0.51
~
# 生成密钥
[root@m01 ~]# ssh-keygen
# 把公钥发送给被控端服务器
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.31
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.41
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.9
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.8
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.7
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.51
# wordpress配置
[root@m01 ansible]# ll
total 16
drwxr-xr-x 2 root root 21 Jun 11 21:34 cron
-rw-r--r-- 1 root root 5281 Jun 11 21:53 deployment.yml
-rw-r--r-- 1 root root 181 Jun 11 21:55 distrubute.sh
drwxr-xr-x 2 root root 40 Jun 11 18:22 group_vars
drwxr-xr-x 2 root root 17 Jun 11 11:24 host_vars
drwxr-xr-x 3 root root 38 Jun 11 19:23 nginx
drwxr-xr-x 2 root root 61 Jun 11 19:38 package
drwxr-xr-x 2 root root 22 Jun 11 20:29 php
drwxr-xr-x 2 root root 25 Jun 11 21:40 rsyncd
-rw-r--r-- 1 root root 259 Jun 11 20:19 test.yml
[root@m01 ansible]# tree
.
├── cron
│ └── cron.sh # 定时推送 nfs 共享存储目录的脚本
├── deployment.yml # playbook
├── distrubute.sh # 分发公钥脚本
├── group_vars
│ ├── nfs_group # 没用上
│ └── web_group # 需要卸载的安装包名称(php残留,安装php71w之前要remove的软件包)
├── host_vars
│ └── nfs # 没用上
├── nginx
│ ├── conf.d # 配置文件目录
│ │ └── blog.wqh.com.conf # nginx 虚拟主机配置文件
│ └── nginx.conf # 主配置文件
├── package
│ ├── nginx_php.zip # nginx-1.18 php71w
│ └── wordpress-5.4-zh_CN.tar.gz # wordpress软件包,传送到客户端前修改好属主和数据库连接文件
├── php
│ └── www.conf # php-fpm 配置文件
├── rsyncd
│ └── rsyncd.conf # rsyncd 配置文件
└── test.yml
ansible-playbook
# firewalld & selinux 基本配置,创建一个统一的运行各服务的用户
- hosts: all
gather_facts: no
tasks:
- name: start all firewalld service
service:
name: firewalld
state: started
enabled: true
- name: stop selinux
selinux:
state: disabled
- name: create run-group
group:
name: seven
gid: 777
state: present
- name: create run-user
user:
name: seven
group: seven
uid: 777
shell: /sbin/nologin
create_home: false
state: present
# 开放各主机各部分服务需要开放的端口(web_group:80,nfs:nfs,backup:873,db01:3306)
- hosts: web_group
gather_facts: no
tasks:
- name: open 80
firewalld:
port: 80/tcp
state: enabled
permanent: no
- hosts: nfs
gather_facts: no
tasks:
- name: open nfs
firewalld:
service: nfs
state: enabled
permanent: no
- hosts: backup
gather_facts: no
tasks:
- name: open 873
firewalld:
port: 873/tcp
state: enabled
permanent: no
- hosts: db01
gather_facts: no
tasks:
- name: open 3306
firewalld:
port: 3306/tcp
state: enabled
permanent: no
# 安装 nfs
- hosts: nfs,web_group
gather_facts: no
tasks:
- name: install nfs
yum:
name: nfs-utils
state: present
# 安装 rsync
- hosts: backup,nfs
gather_facts: no
tasks:
- name: install rsync
yum:
name: rsync
state: present
# 安装 mariadb
- hosts: db_group
gather_facts: no
tasks:
- name: install mariadb
yum:
name: mariadb-server
state: present
# 配置 backup —— rsyncd
- hosts: backup
gather_facts: no
tasks:
- name: configure rsyncd.conf
copy:
src: /root/ansible/rsyncd/rsyncd.conf
dest: /etc/rsyncd.conf
- name: configure secret file
copy:
content: rsync_backup:123
dest: /etc/rsync.passwd
mode: 0600
owner: root
group: root
- name: configure /wp_backup directory
file:
path: /wp_backup
state: directory
owner: seven
group: seven
- name: start rsyncd
service:
name: rsyncd
state: started
# 配置 nfs —— nfs-server
- hosts: nfs
gather_facts: no
tasks:
- name: configure /etc/exports
copy:
content: /wp_data 172.16.1.0/24(rw,sync,all_squash,anonuid=777,anongid=777)
dest: /etc/exports
- name: create mounted directory
file:
path: /wp_data
state: directory
owner: seven
group: seven
- name: restart nfs
service:
name: nfs
state: restarted
# 与 rsync 相关的配置
- name: create secret file
copy:
content: 123
dest: /etc/rsync.passwd
mode: 0600
owner: root
group: root
- name: send cron.sh
copy:
src: /root/ansible/cron/cron.sh
dest: /root
- name: rsync cron
cron:
name: ansible rsync task
job: "/bin/sh /root/cron.sh &>/dev/null"
# 安装 nginx & php
- hosts: web_group
gather_facts: no
tasks:
# 先判断 php.ini, nginx.conf 是否存在
- name: if or not exist
shell: "ls -l /etc/php.ini && ls -l /etc/nginx/nginx.conf"
register: exist_info
ignore_errors: yes
- name: msg
debug:
msg: "{{ exist_info.rc }}"
# 如果 php.ini, nginx.conf 不存在, 清理以前相关的 php 软件 , 重新安装 php-fpm 和 nginx
- name: uninstall old_ngx_php
yum:
name: "{{ old_ngx_php }}"
state: absent
when: exist_info.rc != 0
- name: unarchive nginx_php
unarchive:
src: /root/ansible/package/nginx_php.zip
dest: /root
when: exist_info.rc != 0
- name: install ngx_php ,when not exist
shell: "cd /root/nginx_php/ && rpm -Uvh *.rpm"
when: exist_info.rc != 0
# 安装完成,配置 nginx
- name: configrue nginx.conf
copy:
src: /root/ansible/nginx/nginx.conf
dest: /etc/nginx
- name: configrue conf.d
copy:
src: /root/ansible/nginx/conf.d
dest: /etc/nginx
# 配置 php-fpm
- name: configure www.conf
copy:
src: /root/ansible/php/www.conf
dest: /etc/php-fpm.d/
# 创建站点目录,解压 wordpress到站点目录,wordpress的数据库配置以及属主已经修改完成
- name: make website directory
file:
path: /website
state: directory
mode: 0755
owner: seven
group: seven
- name: unarchive wordpress to /website
unarchive:
src: /root/ansible/package/wordpress-5.4-zh_CN.tar.gz
dest: /website
# 挂载 uploads 目录
- name: mount nfs's directory
mount:
path: /website/wordpress/wp-content/uploads
src: 172.16.1.31:/wp_data
fstype: nfs
state: mounted
# 启动 nginx php-fpm 服务
- name: start nginx
service:
name: nginx
state: restarted
- name: start php-fpm
service:
name: php-fpm
state: restarted