ansible部署lnmp
环境部署
主机名/IP | 服务 | 系统 |
---|---|---|
ansible (192.168.91.134) | ansible | Centos 8 |
nginx (192.168.91.129) | nginx | Centos 8 |
mysql (192.168.91.139) | mysql | Centos 8 |
php (192.168.91.145) | php | Centos 8 |
ansible安装
[root@ansible ~]# yum list all|grep ansible
....
centos-release-ansible-29.noarch 1-2.el8
[root@ansible ~]# cd /etc/yum.repos.d/
[root@ansible yum.repos.d]# ls
CentOS-Base.repo
[root@ansible yum.repos.d]# yum -y install centos-release-ansible
[root@ansible yum.repos.d]# ls
CentOS-Base.repo CentOS-SIG-ansible-29.repo //安装之后就有ansible的源
[root@ansible ~]# yum -y install ansible
[root@ansible ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Mar 25 2022, 11:15:52) [GCC 8.5.0 20210514 (Red Hat 8.5.0-10)]
配置ssh进行连接
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:a0hn8LRJFXihOWKxAWyl/nf8yG/nNrRn1UoFIPXxU6w root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| ..o+ .=+o....|
| o. +.+.. ..oo|
| .. = *. .+.|
| . . * + E o|
| . . S ..|
| o + o o o|
| o + o o o.|
| o o o. * o|
| ooo+.+ |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.91.129
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.91.139
[root@ansible ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.91.145
将要配置nginx、mysql、php的被控主机的IP添加到ansible主机清单
[root@ansible ~]# vim /etc/ansible/ansible.cfg
....
inventory = /etc/ansible/inventory //修改配置文件将主机清单设置在这里
[root@ansible ~]# vim /etc/ansible/inventory
[root@ansible ~]# cat /etc/ansible/inventory
[nginx]
192.168.91.129
[mysql]
192.168.91.139
[php]
192.168.91.145
运用ping模块检查指定节点机器是否连接
[root@ansible ~]# ansible all -m ping
192.168.91.139 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.91.145 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.91.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
关闭主控机器的防火墙和selinux
[root@ansible ~]# systemctl stop firewalld.service
[root@ansible ~]# systemctl disable firewalld.service
[root@ansible ~]# setenforce 0
[root@ansible ~]# sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config
环境准备(使用ansible关闭三台主机的防火墙和selinux)
关闭防火墙和selinux
[root@ansible ~]# ansible all -m shell -a 'systemctl is-active firewalld'
192.168.91.145 | CHANGED | rc=0 >>
active
192.168.91.139 | CHANGED | rc=0 >>
active
192.168.91.129 | CHANGED | rc=0 >>
active
[root@ansible ~]# ansible all -m service -a 'name=firewalld state=stopped'
192.168.91.145 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "firewalld",
"state": "stopped",
[root@ansible ~]# ansible all -m service -a 'name=firewalld enabled=no'
192.168.91.145 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"enabled": false,
"name": "firewalld",
[root@ansible ~]# ansible all -a 'setenforce 0'
192.168.91.145 | CHANGED | rc=0 >>
192.168.91.139 | CHANGED | rc=0 >>
192.168.91.129 | CHANGED | rc=0 >>
[root@ansible ~]# ansible all -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
192.168.91.145 | CHANGED | rc=0 >>
192.168.91.139 | CHANGED | rc=0 >>
192.168.91.129 | CHANGED | rc=0 >>
部署nginx
//创建系统用户nginx
[root@ansible ~]# ansible nginx -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
[root@ansible ~]# ansible nginx -a 'id nginx'
192.168.91.129 | CHANGED | rc=0 >>
uid=975(nginx) gid=974(nginx) groups=974(nginx)
//创建日志存放目录
[root@ansible ~]# ansible nginx -m file -a 'path=/var/log/nginx state=directory owner=nginx group=nginx'
//安装依赖环境
[root@ansible ~]# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,wget,make'
//下载nginx
[root@ansible ~]# ansible nginx -m shell -a 'cd /usr/local/ && wget https://nginx.org/download/nginx-1.20.2.tar.gz'
[root@ansible ~]# ansible nginx -a 'ls /usr/local' -o
192.168.91.129 | CHANGED | rc=0 | (stdout) bin\netc\ngames\ninclude\nlib\nlib64\nlibexec\nnginx-1.20.2.tar.gz
//解压nginx
[root@ansible ~]# ansible nginx -m shell -a 'cd /usr/local/ && tar -xf nginx-1.20.2.tar.gz -C /usr/local/'
192.168.91.129 | CHANGED | rc=0 >>
//编译安装,写一个nginx编译安装的脚本
[root@ansible ~]# mkdir /scripts
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vi ng.sh
[root@ansible scripts]# cat ng.sh
#!/bin/bash
cd /usr/local/nginx-1.20.2
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log
[root@ansible ~]# chmod +x /scripts/ng.sh
[root@ansible ~]# ansible nginx -m script -a '/scripts/ng.sh'
[root@ansible ~]# ansible nginx -m shell -a 'cd /usr/local/nginx-1.20.2 && make && make install'
//配置环境变量
[root@ansible ~]# ansible nginx -m shell -a 'echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh '
192.168.91.129 | CHANGED | rc=0 >>
[root@ansible ~]# ansible nginx -m shell -a 'source /etc/profile.d/nginx.sh'
192.168.91.129 | CHANGED | rc=0 >>
//编写service文件
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vim ng.service
#!/bin/bash
cat > /usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp= true
[Install]
WantedBy=multi-user.target
EOF
[root@ansible scripts]# chmod +x ng.service
[root@ansible ~]# ansible nginx -m script -a '/scripts/ng.service'
//启动nginx服务,设置开机自启
[root@ansible ~]# ansible nginx -m service -a 'name=nginx state=started'
[root@ansible ~]# ansible nginx -m service -a 'name=nginx enabled=yes'
[root@ansible ~]# ansible nginx -m shell -a 'systemctl status nginx'
192.168.91.129 | CHANGED | rc=0 >>
● nginx.service - nginx server daemon
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-10-23 12:13:28 CST; 9min ago
Main PID: 405888 (nginx)
Tasks: 2 (limit: 11045
安装mysql
//安装依赖包
[root@ansible ~]# ansible mysql -m yum -a 'name=vim,wget,ncurses-compat-libs'
//创建用户和组
[root@ansible ~]# ansible mysql -m user -a 'name=mysql system=yes shell=/sbin/nologin state=present'
[root@ansible ~]# ansible mysql -a 'id mysql'
192.168.91.139 | CHANGED | rc=0 >>
uid=995(mysql) gid=992(mysql) groups=992(mysql)
//下载二进制格式的mysql软件包
[root@ansible ~]# ansible mysql -m shell -a 'cd /usr/local/ && wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
//解压mysql包
[root@ansible ~]# ansible mysql -m shell -a 'cd /usr/local/ && tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ '
[root@ansible ~]# ansible mysql -m shell -a 'cd /usr/local && mv mysql-5.7.38-linux-glibc2.12-x86_64 mysql'
//修改目录/usr/local/mysql的属主属组
[root@ansible ~]# ansible mysql -m file -a 'path=/usr/local/mysql owner=mysql group=mysql'
//添加环境变量
[root@ansible ~]# ansible mysql -m shell -a 'echo "export PATH=$PATH:/usr/local/mysql/bin/" > /etc/profile.d/mysql.sh'
[root@ansible ~]# ansible mysql -m shell -a 'source /etc/profile.d/mysql.sh'
//设置头文件到系统里面,系统默认的头文件在/usr/include
[root@ansible ~]# ansible mysql -a 'ln -sv /usr/local/mysql/include/ /usr/include/mysql'
//添加lib
[root@ansible ~]# ansible mysql -m shell -a 'echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf'
//man文档
[root@ansible ~]# ansible mysql -a 'sed -i "22a MANDATORY_MANPATH /usr/local/mysql/man" /etc/man_db.conf'
//建立数据存放目录
[root@ansible ~]# ansible mysql -m file -a 'path=/opt/data state=directory owner=mysql group=mysql'
//初始化数据库
[root@ansible ~]# ansible mysql -a '/usr/local/mysql/bin/mysqld --initialize --user mysql --datadir /opt/data'
.......
led. Please use TLSv1.2 or higher.
2022-10-23T04:54:14.186345Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-23T04:54:14.307710Z 1 [Note] A temporary password is generated for root@localhost: ac%WaLhEG0ae
//写一个配置mysql的配置文件的脚本
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vi mysql.sh
#!/bin/bash
cat > /etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
[root@ansible ~]# chmod +x /scripts/mysql.sh
[root@ansible ~]# ansible mysql -m script -a /scripts/mysql.sh
//写一个配置启动服务的脚本
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vi mysql.service
#!/bin/bash
cat > /usr/lib/systemd/system/mysql.service << EOF
[Unit]
Description=mysql server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
[root@ansible scripts]# chmod +x mysql.service
[root@ansible ~]# ansible mysql -m script -a '/scripts/mysql.service'
//启动服务设置开机自启
[root@ansible ~]# ansible mysql -m service -a 'name=mysql state=started'
[root@ansible ~]# ansible mysql -m service -a 'name=mysql enabled=yes'
[root@ansible ~]# ansible mysql -a 'systemctl status mysql'
192.168.91.139 | CHANGED | rc=0 >>
● mysql.service - mysql server daemon
Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2022-10-23 13:08:38 CST; 1min 27s ago
Main PID: 459680 (mysqld_safe)
[root@ansible ~]# ansible mysql -a 'ss -anlt'
192.168.91.139 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
//修改密码
[root@ansible ~]# ansible mysql -m shell -a ' mysql -uroot -p"ac%WaLhEG0ae" --connect-expired-password -e "set password = password(\"123456\");" '
安装PHP
//下载php包
[root@ansible ~]# ansible php -m shell -a 'cd /usr/local/ && wget https://www.php.net/distributions/php-8.1.11.tar.gz'
//解压php
[root@ansible ~]# ansible php -m shell -a 'cd /usr/local/ && tar -xf php-8.1.11.tar.gz -C /usr/local/'
//安装依赖包,编译php,由于依赖包太多所以使用脚本
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vi php.sh
#!/bin/bash
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make --allowerasing
yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libxml2-devel sqlite-devel https://vault.centos.org/centos/8/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm https://vault.centos.org/centos/8/AppStream/x86_64/os/Packages/libzip-devel-1.5.1-2.module_el8.2.0+313+b04d0a66.x86_64.rpm --nobest
cd /usr/local/php-8.1.11/
./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --enable-fpm --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-json --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix
[root@ansible scripts]# chmod +x php.sh
//安装php
[root@ansible ~]# ansible php -m shell -a 'cd /usr/local/php-8.1.11/ && make && make install'
//设置环境变量
[root@ansible ~]# ansible php -m shell -a 'echo "export PATH=/usr/local/php8/bin:$PATH" > /etc/profile.d/php8.sh'
[root@ansible ~]# ansible php -m shell -a ' . /etc/profile.d/php8.sh'
//配置php-fpm
[root@ansible ~]# ansible php -a 'cp /usr/local/php-8.1.11/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'
[root@ansible ~]# ansible php -m file -a 'path=/etc/init.d/php-fpm mode=655'
[root@ansible ~]# ansible php -a 'cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf'
[root@ansible ~]# ansible php -a 'cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf'
//启动php-fpm
[root@ansible ~]# ansible php -a 'service php-fpm start'
[root@ansible ~]# ansible php -a 'ss -anlt'
192.168.91.145 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
部署完成之后连接nginx和php
//在php上创建虚拟主机目录并生成php测试页面
[root@ansible ~]# ansible php -m file -a 'path=/www state=directory'
[root@ansible ~]# cd /scripts/
[root@ansible scripts]# vim php-2.sh
#!/bin/bash
cat > /www/index.php << EOF
<?php
phpinfo();
?>
EOF
[root@ansible scripts]# chmod +x php-2.sh
[root@ansible ~]# ansible php -m script -a '/scripts/php-2.sh '
//修改nginx.conf配置文件
[root@ansible ~]# ansible nginx -a 'sed -i "45c index index.php index.html index.htm;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ~]# ansible nginx -a 'sed -i "65c location ~ \.php$ {" /usr/local/nginx/conf/nginx.conf'
[root@ansible ~]# ansible nginx -a 'sed -i "66c root /www;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ~]# ansible nginx -a 'sed -i "67c fastcgi_pass 192.168.91.145:9000;" /usr/local/nginx/conf/nginx.conf '
[root@ansible ~]# ansible nginx -a 'sed -i "68c fastcgi_index index.php;" /usr/local/nginx/conf/nginx.conf '
[root@ansible ~]# ansible nginx -a 'sed -i "69c fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ~]# ansible nginx -a 'sed -i "70c include fastcgi_params;" /usr/local/nginx/conf/nginx.conf'
[root@ansible ~]# ansible nginx -a 'sed -i "71c } " /usr/local/nginx/conf/nginx.conf'
//修改php的配置文件
[root@ansible ~]# ansible php -a ' sed -i "s/listen = 127.0.0.1:9000/listen = 192.168.91.145:9000/" /usr/local/php8/etc/php-fpm.d/www.conf '
[root@ansible ~]# ansible php -a 'sed -i "s/;listen.allowed_clients = 127.0.0.1/listen.allowed_clients = 192.168.91.129/" /usr/local/php8/etc/php-fpm.d/www.conf'
[root@ansible ~]# ansible php -a 'service php-fpm restart'
[root@ansible ~]# ansible php -a 'ss -anlt'
192.168.91.145 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 192.168.91.145:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@ansible ~]# ansible nginx -m service -a 'name=nginx state=restarted'
访问测试