循环、变量、机密部署lamp架构
1、编写playbook
---
- name: lamp架构
hosts: localhost
vars_files: //指定变量文件的位置
- /etc/ansible/vars/service.yml
tasks:
- name: stop firewalld
service: //关防火墙
name: firewalld
state: stopped
- name: stop selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX=' //关selinux
line: 'SELINUX=disable'
- name: install php,httpd,mariadb //安装PHP、mariadb、httpd
yum:
name: "{{ service }}" //设置一个变量,变量定义文件在vars_files中
state: present
- name: create index.php //创建一个存放测试网站的文件
file:
path: /var/www/html/index.php
state: touch
- name: restart service //启动httpd、PHP、mariadb服务。用循环的方式
service:
name: "{{ item }}"
state: started
loop:
- httpd.service
- php-fpm.service
- mariadb.service
2、创建定义变量文件
[root@localhost vars]# cat restart.yml
---
restart:
- httpd.service
- mariadb.service
- php-fpm.service
[root@localhost vars]# pwd
/etc/ansible/vars
[root@localhost vars]# pwd
/etc/ansible/vars
[root@localhost vars]# cat service.yml
---
service:
- httpd*
- mariadb*
- php*
3、给lamp加密。
给lamp.yml文件加密,密码文件设置成隐藏文件,放在当前目录。
[root@localhost ansible]# ls -a
.wjm
[root@localhost ansible]# ansible-vault encrypt lamp.yml --vault-password-file=.wjm
//对lamp进行加密,加密的密码在 .wjm文件中。--vault-password-file:指定加密文件位置
4、给站点添加测试文件
在playbook中创建的/var/www/html/index.php文件中编写一个测试网站,然后在浏览器上输入本机ip加index.php 即可
[root@localhost html]# cat index.php
<?php
phpinfo();
?>