Ansible分离部署LAMP(playbook)
文章目录
环境说明
主机名 | IP | 备注 |
---|---|---|
node1 | 192.168.100.100 | ansible主机 |
node2 | 192.168.100.110 | 部署httpd服务 |
node3 | 192.168.100.120 | 部署MySQL数据库 |
node4 | 192.168.100.130 | 部署php |
准备工作
- 在ansible主机上安装ansible
//安装epel扩展源
[root@node1]# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
......略
Installed:
epel-next-release-8-11.el8.noarch
epel-release-8-11.el8.noarch
Complete!
//安装ansible
[root@node1 ~]# yum -y install ansible
......略
Installed:
ansible-2.9.23-1.el8.noarch
libsodium-1.0.18-2.el8.x86_64
python3-babel-2.5.1-6.el8.noarch
python3-bcrypt-3.1.6-2.el8.1.x86_64
python3-cffi-1.11.5-5.el8.x86_64
python3-cryptography-3.2.1-5.el8.x86_64
python3-jinja2-2.10.1-3.el8.noarch
python3-jmespath-0.9.0-11.el8.noarch
python3-markupsafe-0.23-19.el8.x86_64
python3-paramiko-2.4.3-1.el8.noarch
python3-pip-9.0.3-20.el8.noarch
python3-ply-3.9-9.el8.noarch
python3-pyasn1-0.3.7-6.el8.noarch
python3-pycparser-2.14-14.el8.noarch
python3-pynacl-1.3.0-5.el8.x86_64
python3-pytz-2017.2-9.el8.noarch
python3-pyyaml-3.12-12.el8.x86_64
python3-setuptools-39.2.0-6.el8.noarch
python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64
sshpass-1.06-9.el8.x86_64
Complete!
- 在ansible主机的家目录下创建一个名为lamp的目录
[root@node1 ~]# mkdir lamp
[root@node1 ~]# ls
anaconda-ks.cfg lamp
- 进入lamp目录,分别创建名为httpd、mysql、php的目录
[root@node1 ~]# cd lamp/
[root@node1 lamp]# mkdir httpd
[root@node1 lamp]# mkdir mysql
[root@node1 lamp]# mkdir php
[root@node1 lamp]# ls
httpd mysql php
- 在lamp目录下构建主机清单
[root@node1 lamp]# vim inventory
[root@node1 lamp]# cat inventory
[httpd]
node2
[mysql]
node3
[php]
node4
- 添加hosts文件
//四台主机都做相同操作,这里只展示一台
[root@node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.100 node1
192.168.100.110 node2
192.168.100.120 node3
192.168.100.130 node4
- 配置免密登录
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rHdqJ6l+fGYrsriaXQSnOTfzN1CgpaV/p8EOd0RBWQY root@node1
The key's randomart image is:
+---[RSA 3072]----+
| + .E=o |
| * . ... |
| . = . . |
| = o o . |
| + = S = o |
| + = * = |
| o.o.* |
| o o..B+=. |
| o.+o+*.B.. |
+----[SHA256]-----+
[root@node1 ~]# ssh-copy-id root@192.168.100.110
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.110 (192.168.100.110)' can't be established.
ECDSA key fingerprint is SHA256:5ei7iLFV+3zEXwYhwEcHaL/2Gq6vSJC9FFUWlviGsng.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.110's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.110'"
and check to make sure that only the key(s) you wanted were added.
[root@node1 ~]# ssh-copy-id root@192.168.100.120
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.120 (192.168.100.120)' can't be established.
ECDSA key fingerprint is SHA256:C+o4hw/oLQP/j3txuE/+BwatKh/6UqJE9F2VBmyvfno.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.120's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.120'"
and check to make sure that only the key(s) you wanted were added.
[root@node1 ~]# ssh-copy-id root@192.168.100.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.130 (192.168.100.130)' can't be established.
ECDSA key fingerprint is SHA256:CHY8Sm54r0drHxbeRBFi4I9LGZWG7ccrLS0QeSW/ckk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.130's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.130'"
and check to make sure that only the key(s) you wanted were added.
- 修改ansible主机默认清单的位置
[root@node1 lamp]# cat /etc/ansible/ansible.cfg |grep inventory
#inventory = /etc/ansible/hosts
inventory = ~/lamp/inventory
- 测试ansible主机和受管主机之间是否互通
[root@node1 lamp]# ansible all -m ping
node3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node4 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node2 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
本次架构树状图如下
[root@node1 lamp]# tree
.
├── httpd
│ ├── hello.conf
│ ├── httpd_config.yml
│ ├── httpd_firewall.yml
│ └── httpd_install.yml
├── mysql
│ └── mysql_install.yml
├── php
│ ├── index.php
│ ├── php_config.yml
│ ├── php_firewall.yml
│ └── php_install.yml
└── restart.yml
至此,准备工作已经完成,下面来编写playbook
1. 安装httpd
1.1 编写playbook
1.1.1 进入lamp/httpd目录创建一个名为httpd_install的yaml文件
[root@node1 lamp]# cd httpd/
[root@node1 httpd]# vim httpd_install.yml
---
- name: install httpd
hosts: node2
gather_facts: no
tasks:
- name: install httpd using yum
yum:
name: httpd
state: present
- name: service is enabled
service:
name: httpd
state: started
enabled: yes
1.1.2 执行这个playbook
[root@node1 httpd]# ansible-playbook httpd_install.yml
PLAY [install httpd] *******************************************************************************************************
TASK [Gathering Facts] *****************************************************************************************************
ok: [node2]
TASK [install httpd using yum] *********************************************************************************************
^Lchanged: [node2]
TASK [service is enabled] **************************************************************************************************
changed: [node2]
PLAY RECAP *****************************************************************************************************************
node2 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2 关闭防火墙和selinux
1.2.1 编写playbook来配置防火墙和selinux
[root@node1 httpd]# vim httpd_firewall.yml
---
- name: firewalld stop
hosts: node2
gather_facts: no
tasks:
- name: firewall stop use service
service:
name: firewalld
state: stopped
enabled: no
- name: selinux disabled
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
1.2.2 执行这个playbook
[root@node1 httpd]# ansible-playbook httpd_firewall.yml
[root@node1 httpd]# ansible-playbook httpd_firewall.yml
PLAY [firewalld stop] *************************************************************************************************************************
TASK [firewall stop use service] **************************************************************************************************************
changed: [node2]
TASK [selinux disabled] ***********************************************************************************************************************
changed: [node2]
PLAY RECAP ************************************************************************************************************************************
node2 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2.3 完成后访问node2的IP进行测试
2. 安装mysql
2.1 编写playbook
//进入~/lamp/mysql目录
[root@node1 ~]# cd ~/lamp/mysql/
[root@node1 mysql]#
//编写playbook安装mysql
[root@node1 mysql]# vim mysql_install.yml
---
- name: install mysql
hosts: node3
gather_facts: no
tasks:
- name: install mariadb
yum:
name: mariadb
state: present #使用yum模块安装mariadb
- name: install mariadb-server
yum:
name: mariadb-server
state: present #使用yum模块安装mariadb-server
- name: mariadb started
hosts: node3
tasks:
- name: start mariadb use service
service:
name: mariadb
state: started #开启mariadb服务
enabled: yes #将mariadb设置为开机自启
2.2 执行这个playbook
[root@node1 mysql]# ansible-playbook mysql_install.yml
PLAY [install mysql] **************************************************************************************************************************
TASK [install mariadb] ************************************************************************************************************************
changed: [node3]
TASK [install mariadb-server] *****************************************************************************************************************
changed: [node3]
PLAY [mariadb started] ************************************************************************************************************************
TASK [Gathering Facts] ************************************************************************************************************************
ok: [node3]
TASK [start mariadb use service] **************************************************************************************************************
changed: [node3]
PLAY RECAP ************************************************************************************************************************************
node3 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3. 安装php及常见组件
3.1 编写playbook
//进入php目录下
[root@node1 ~]# cd ~/lamp/php
[root@node1 php]#
//创建php_install.yml文件
[root@node1 php]# vim php_install.yml
---
- name: php install
hosts: node4
gather_facts: no
tasks:
- name: php_install
yum:
name: php
state: present #安装php
- name: php-*_install
yum:
name: php-*
state: present #安装php相关组件
- name: curl_install
yum:
name: curl
state: present
- name: curl-devel_install
yum:
name: curl
state: present #安装curl
- name: curl-devel
yum:
name: curl-devel
state: present #安装curl-devel
3.2 执行这个playbook
[root@node1 php]# ansible-playbook php_install.yml
PLAY [php install] ****************************************************************************************************************************
TASK [php_install] ****************************************************************************************************************************
changed: [node4]
TASK [php-*_install] **************************************************************************************************************************
changed: [node4]
TASK [curl_install] ***************************************************************************************************************************
ok: [node4]
TASK [curl-devel_install] *********************************************************************************************************************
ok: [node4]
TASK [curl-devel] *****************************************************************************************************************************
changed: [node4]
PLAY RECAP ************************************************************************************************************************************
node4 : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4. 配置httpd和php
4.1 配置httpd
4.1.1 编写httpd配置文件
我们可以先在ansible主机上将配置文件写好,再通过copy模块将配置文件传输到node2上
//在ansible主机的httpd目录下创建一个hello.conf文件
[root@node1 httpd]# vim hello.conf
<VirtualHost 192.168.100.110:80>
DocumentRoot "/etc/httpd/conf.d/"
ServerName www.helloworld.com
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.100.130:9000/var/www/html/$1
<Directory "/var/www/html/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
4.1.2 编写修改httpd配置文件的playbook
[root@node1 httpd]# vim httpd_config.yml
---
- name: httpd config
hosts: node2
gather_facts: no
tasks:
- name: copy file
copy:
src: ~/lamp/httpd/hello.conf
dest: /etc/httpd/conf.d/
mode: 0755
- name: Modify configuration 1
lineinfile:
path: /etc/httpd/conf/httpd.conf
insertafter: "^ AddType application/x-"
line: " AddType application/x-httpd-php .php"
- name: Modify configuation 2
lineinfile:
path: /etc/httpd/conf/httpd.conf
insertafter: "^ AddType application/x-"
line: " AddType application/x-httpd-php-source .phps"
- name: Modify configuation 3
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^ DirectoryIndex"
line: " DirectoryIndex index.html index.php"
4.1.3 执行修改httpd配置的playbook
[root@node1 httpd]# ansible-playbook httpd_config.yml
PLAY [httpd config] ***************************************************************************************************************************
TASK [copy file] ******************************************************************************************************************************
changed: [node2]
TASK [Modify configuration 1] *****************************************************************************************************************
changed: [node2]
TASK [Modify configuation 2] ******************************************************************************************************************
changed: [node2]
TASK [Modify configuation 2] ******************************************************************************************************************
changed: [node2]
PLAY RECAP ************************************************************************************************************************************
node2 : ok=4 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.2 配置php
4.2.1 编写php测试页
[root@node1 php]# vim index.php
<?php
phpinfo();
?>
4.2.2 编写修改php配置的playbook
[root@node1 php]# vim php_config.yml
---
- name: php config
hosts: node4
gather_facts: no
tasks:
- name: mkdir dir
file:
path: /var/www/html
mode: 0777
- name: copy file
copy:
src: ~/lamp/php/index.php
dest: /var/www/html
mode: 0777
- name: Modify configuration 1
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: "^listen ="
line: listen = 192.168.100.130:9000
- name: Modify configuration 2
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: "^listen.allowed_clients ="
line: listen.allowed_clients = 192.168.100.110
4.2.3 执行修改php配置的playbook
[root@node1 php]# ansible-playbook php_config.yml
PLAY [php config] *****************************************************************************************************************************
TASK [mkdir dir] ******************************************************************************************************************************
ok: [node4]
TASK [copy file] ******************************************************************************************************************************
ok: [node4]
TASK [Modify configuration 1] *****************************************************************************************************************
ok: [node4]
TASK [Modify configuration 2] *****************************************************************************************************************
ok: [node4]
PLAY RECAP ************************************************************************************************************************************
node4 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.2.4 关闭防火墙和selinux
[root@node1 php]# vim php_firewall.yml
---
- name: stop firewall
hosts: node4
gather_facts: no
tasks:
- name: modify firewall
service:
name: firewalld
state: stopped
enabled: no
- name: modify selinux
lineinfile:
path: /etc/selinux/config
regexp: "^SELINUX="
line: SELINUX=disabled
//执行这个playbook
[root@node1 php]# ansible-playbook php_firewall.yml
PLAY [stop firewall] **************************************************************************************************************************
TASK [modify firewall] ************************************************************************************************************************
ok: [node4]
TASK [modify selinux] *************************************************************************************************************************
ok: [node4]
PLAY RECAP ************************************************************************************************************************************
node4 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.3 重启服务
4.3.1 编写重启httpd和php服务的playbook
[root@node1 lamp]# vim restart.yml
---
- name: restart httpd
hosts: node2
gather_facts: no
tasks:
- name: restart httpd
service:
name: httpd
state: restarted
- name: restart php
hosts: node4
gather_facts: no
tasks:
- name: restart php
service:
name: php-fpm
state: restarted
4.3.2 执行playbook
[root@node1 lamp]# ansible-playbook restart.yml
PLAY [restart httpd] **************************************************************************************************************************
TASK [restart httpd] **************************************************************************************************************************
changed: [node2]
PLAY [restart php] ****************************************************************************************************************************
TASK [restart php] ****************************************************************************************************************************
changed: [node4]
PLAY RECAP ************************************************************************************************************************************
node2 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0