部署LAMP架构
LAMP分离部署
主机 | IP | 描述 |
---|---|---|
client | 192.168.8.129 | ansible管理机 |
node1 | 192.168.8.130 | 安装httpd服务 |
node2 | 192.168.8.131 | 安装mysql服务 |
node3 | 192.168.8.132 | 安装PIP服务 |
ansible远程控制node1节点安装httpd服务
#安装httpd服务
[root@client ansible]# ansible 192.168.8.130 -m dnf -a "name=httpd state=latest"
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: apr-1.6.3-11.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-39.module_el8.4.0+778+c970deab.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: centos-logos-httpd-85.8-1.el8.noarch",
"Installed: httpd-filesystem-2.4.37-39.module_el8.4.0+778+c970deab.noarch",
"Installed: httpd-tools-2.4.37-39.module_el8.4.0+778+c970deab.x86_64"
]
}
#设置服务开机自启并启动服务
[root@client ansible]# ansible 192.168.8.130 -m service -a "name=httpd enabled=yes state=started"
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
···略
[root@client ansible]# ansible 192.168.8.130 -m shell -a "systemctl status httpd"
192.168.8.130 | CHANGED | rc=0 >>
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-07-17 21:15:54 CST; 13min ago
Docs: man:httpd.service(8)
ansible控制node2节点安装mysql服务
#安装mariadb服务
[root@client ansible]# ansible 192.168.8.131 -m dnf -a "name=mariadb state=latest"
192.168.8.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mariadb-common-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-connector-c-3.1.11-2.el8_3.x86_64",
"Installed: mariadb-connector-c-config-3.1.11-2.el8_3.noarch"
]
}
[root@client ansible]# ansible 192.168.8.131 -m dnf -a "name=mariadb-server state=latest"
192.168.8.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mariadb-gssapi-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-backup-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-DBD-MySQL-4.046-3.module_el8.1.0+203+e45423dc.x86_64",
"Installed: mariadb-errmsg-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64"
]
}
#将mysql设置开机自启
[root@client ansible]# ansible 192.168.8.131 -m service -a "name=mariadb enabled=yes state=started"
192.168.8.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "mariadb",
"state": "started",
···略
#修改mysql密码
[root@client ansible]# cat /root/test.sh
#!/bin/bash
mysqladmin -u root password "1"
[root@client ansible]# ansible 192.168.8.131 -m copy -a "src=/root/test.sh dest=/tmp/testmysql.sh"
192.168.8.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "8250c1ba42e16b71f8fbc9e167d5d1bca9c91d2e",
"dest": "/tmp/testmysql.sh",
"gid": 0,
"group": "root",
"md5sum": "3b081631229c53c2df46086175512765",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 46,
"src": "/root/.ansible/tmp/ansible-tmp-1626580404.4844007-2396-132064161483891/source",
"state": "file",
"uid": 0
}
[root@client ansible]# ansible 192.168.8.131 -m shell -a "chmod +x /tmp/testmysql.sh"
[WARNING]: Consider using the file module with mode rather than running 'chmod'. If you need
to use command because file is insufficient you can add 'warn: false' to this command task or
set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.8.131 | CHANGED | rc=0 >>
[root@client ansible]#
[root@client ansible]# ansible 192.168.8.131 -m shell -a "/tmp/testmysql.sh"
192.168.8.131 | CHANGED | rc=0 >>
ansible控制node3节点安装PHP
#安装php
[root@client ansible]# ansible 192.168.8.132 -m dnf -a "name=php state=latest"
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: php-cli-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
"Installed: apr-1.6.3-11.el8.x86_64",
"Installed: php-common-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-39.module_el8.4.0+778+c970deab.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64",
"Installed: centos-logos-httpd-85.8-1.el8.noarch",
"Installed: httpd-filesystem-2.4.37-39.module_el8.4.0+778+c970deab.noarch",
"Installed: httpd-tools-2.4.37-39.module_el8.4.0+778+c970deab.x86_64",
"Installed: nginx-filesystem-1:1.14.1-9.module_el8.0.0+184+e34fea82.noarch",
"Installed: php-fpm-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
"Installed: php-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64"
]
}
#设置php开机自启
[root@client ansible]# ansible 192.168.8.132 -m service -a "name=php-fpm enabled=yes state=started"
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "php-fpm",
"state": "started",
···略
修改配置文件
配置php文件
#注释listen = /run/php-fpm/www.sock
[root@client ansible]# ansible 192.168.8.132 -m lineinfile -a "dest=/etc/php-fpm.d/www.conf regex='^listen = /run/php-fpm/www.sock' line=';listen = /run/php-fpm/www.sock' "
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
#修改php监听ip
[root@client ansible]# ansible 192.168.8.132 -m lineinfile -a "dest=/etc/php-fpm.d/www.conf insertafter=';listen = /run/php-fpm/www.sock' line='listen = 192.168.8.132:9000'"
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
#重启php服务
[root@client ansible]# ansible 192.168.8.132 -m service -a "name=php-fpm state=reloaded"
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "php-fpm",
"state": "started",
···略
[root@client ansible]# ansible 192.168.8.132 -m shell -a "ss -antl |grep 9000"
192.168.8.132 | CHANGED | rc=0 >>
LISTEN 0 128 0.0.0.0:9000 0.0.0.0:*
#添加监听apache主机的IP
[root@client ansible]# ansible 192.168.8.132 -m lineinfile -a "dest=/etc/php-fpm.d/www.conf regex='^listen.allowed_clients = 127.0.0.1' line='listen.allowed_clients = 192.168.8.130' "
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
编辑php测试页面
[root@client ansible]# cat /root/index.php
<?php
phpinfo();
?>
[root@client ansible]# ansible 192.168.8.132 -a "mkdir -p /var/www/ "
[WARNING]: Consider using the file module with state=directory rather than running 'mkdir'.
If you need to use command because file is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.8.132 | CHANGED | rc=0 >>
[root@client ansible]# ansible 192.168.8.132 -m copy -a "src=/root/index.php dest=/var/www/html/ "
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "a940ecb1e2c223626741ac5748748de6d8e5f0b7",
"dest": "/var/www/html/index.html",
"gid": 0,
"group": "root",
"md5sum": "9518fb2dbca812662f00e4ffa7fcb695",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:httpd_sys_content_t:s0",
"size": 23,
"src": "/root/.ansible/tmp/ansible-tmp-1626592944.7702785-4770-244392601106307/source",
"state": "file",
"uid": 0
}
修改http配置文件,使httpd与php联动
#添加此内容
[root@client ansible]# ansible 192.168.8.130 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf line="<VirtualHost 192.168.8.130:80>\nDocumentRoot "var/www/html"\nServerName www.node1.com\nProxyRequests off\nProxyPassMatch ^/(.*\.php)$ fcgi://192.168.8.132:9000/var/www/$1\n<Directory "/var/www/">\nOptions None\nAllowOverride None\nOrder allow,deny\nAllow from all\n</Directory>\n</VirtualHost>"'
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@client ansible]#ansible 192.168.8.130 -m command -a "cat /etc/httpd/conf/httpd.conf"
···
<VirtualHost *:80>
DocumentRoot "/var/www/html" #网址路径
ServerName www.node1.com #域名
ProxyRequests Off #关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.8.132:9000/var/www/$1
<Directory "/var/www">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
···
#添加此内容
[root@client ansible]# ansible 192.168.8.130 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="^ AddType application/x-gzip .gz .tgz" line="AddType application/x-httpd-php .php"'
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
#添加内容
[root@client ansible]# ansible 192.168.8.130 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="^ AddType application/x-gzip .gz .tgz" line="AddType application/x-httpd-php-source .phps"'
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
#添加内容
[root@client ansible]# ansible 192.168.8.130 -m lineinfile -a "dest=/etc/httpd/conf/httpd.conf regexp='^ DirectoryIndex index.html' line='DirectoryIndex index.html index.php' "
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
#重启httpd服务
[root@client ansible]# ansible 192.168.8.130 -m service -a 'name=httpd state=reloaded'
192.168.8.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "started",
#重启php服务
[root@client ansible]# ansible 192.168.8.132 -m service -a 'name=php-fpm state=reloaded'
192.168.8.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "php-fpm",
"state": "started",
访问网页
使用playbook部署lamp架构
结构
[root@client lamp]tree
.
├── apache.sh
├── apache.yml
├── files
│ ├── httpd_conf.j2
│ └── test.fact
├── mysql.yml
├── php.yml
└── vars
└── vars_file.yml
2 directories, 7 files
编写apache安装playbook
[root@client ~]# vim apache.yml
---
- name: install apache
hosts: 192.168.8.130
vars_files:
- vars/vars_file.yml
tasks:
- name: create user
user:
name: apache
- name: install Package
dnf:
name: "{{ dependency_package }}"
state: latest
when: ansible_facts['distribution'] in platform
- name: tar packages
unarchive:
src: "{{ item }}"
copy: yes
dest: /usr/src/
mode: 0755
loop:
- /usr/src/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.48.tar.gz
#注释 $RM "$cfgfile"
- name: apr configure
copy:
src: /usr/src/apr-1.7.0/configure
dest: /usr/src/apr-1.7.0/
- name: copy script
copy:
src: /etc/ansible/playbook/apache.sh
dest: /root/
- name: mode
file:
path: /root/apache.sh
mode: 0655
- name: script
shell: "./apache.sh"
- name: mkdir
file:
path: /etc/ansible/facts.d
state: directory
- name: copy test.fact
copy:
src: /etc/ansible/playbook/files/test.fact
dest: /etc/ansible/facts.d/
- name: httpd configure
template:
src: /etc/ansible/playbook/files/httpd_conf.j2
dest: /usr/local/httpd/conf/httpd.conf
notify:
- restart httpd
handlers:
- name: restart httpd
shell: "/usr/local/httpd/bin/apachectl start"
编辑httpd文件
[root@client ~]# vim /etc/httpd/conf/httpd.conf
<IfModule dir_module>
DirectoryIndex index.html index.php #添加index.php
</IfModule>
······
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php #添加此行
AddType application/x-httpd-php-source .phps #添加此行
······
#在文件的最后添加此内容
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.node1.com
ProxyPassMatch ^/(.*\.php)$ fcgi://{{ ansible_local['test']['php_server']['ip'] }}/var/www/$1
<Directory "/var/www">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
编辑php文件
[root@client ~]# vim /etc/php-fpm.d/www.conf
;listen = /run/php-fpm/www.sock #注释此行
listen = 192.168.8.132:9000 #添加此行
listen.allowed_clients = 192.168.8.130 #apacheIP
编写php安装playbook
---
- name: install php
hosts: 192.168.8.132
vars_files:
- vars/vars_file.yml
gather_facts: no
tasks:
- name: install php
dnf:
name: php-fpm
state: latest
- name: copy www.conf
copy:
src: /etc/php-fpm.d/www.conf
dest: /etc/php-fpm.d/www.conf
- name: mkdir /var/www
file:
path: /var/www
state: directory
- name: copy index.php
copy:
src: /root/index.php
dest: /var/www/
- name: restart php
service:
name: php-fpm
state: restarted
编写mysql安装playbook
[root@client test]# cat mysql.yml
---
- name: install mysql
hosts: 192.168.8.131
gather_facts: no
vars_files:
- vars/vars_file.yml
tasks:
- name: install mysql
dnf:
name: mariadb*
state: latest
- name: enable mysql
service:
name: mariadb
enabled: true
state: started
- name: password
shell: "mysqladmin -u root password '1'"
访问页面