环境需求
- 四台主机
系统 | IP | 主机名 | 服务 |
---|---|---|---|
Redhat8 | 192.168.47.157 | marter | ansible |
Redhat8 | 192.168.47.159 | apache | httpd |
Redhat8 | 192.168.47.129 | php | php |
Redhat8 | 192.168.47.130 | mariadb | MySQL |
准备操作
1.在主机192.168.47.157上配置ansible自动化工具
[root@marter ~]# yum -y install epel-release
[root@marter ~]# yum -y install ansible
[root@marter ~]# mkdir lamp
[root@marter ~]# cd lamp/
[root@marter lamp]# cp /etc/ansible/ansible.cfg .
[root@marter lamp]# vim ansible.cfg
inventory = inventory
[root@marter lamp]# ansible --version
ansible 2.9.23
config file = /root/lamp/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
2.将各服务主机ip添加到ansible 清单文件中
[root@marter lamp]# vim inventory
[root@marter lamp]# cat inventory
192.168.47.159
192.168.47.129
192.168.47.130
3.在各服务主机上生成秘钥,并复制秘钥至192.168.47.157控制节点
- marter控制节点
[root@marter ~]# ssh-keygen -t rsa
[root@marter ~]# ssh-copy-id root@192.168.47.159
[root@marter ~]# ssh-copy-id root@192.168.47.129
[root@marter ~]# ssh-copy-id root@192.168.47.130
- apache主机
[root@apache ~]# ssh-keygen -t rsa
[root@apache ~]# ssh-copy-id root@192.168.47.157
- php主机
[root@php ~]# ssh-keygen -t rsa
[root@php ~]# ssh-copy-id root@192.168.47.157
- mariadb主机
[root@mariadb ~]# ssh-keygen -t rsa
[root@mariadb ~]# ssh-copy-id root@192.168.47.157
- 测试
[root@marter lamp]# ansible all -m ping
192.168.47.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.47.159 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.47.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
4.关闭防火墙
[root@marter lamp]# ansible all -m service -a "name=firewalld state=stopped"
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "firewalld",
"state": "stopped",
"status": {
"ActiveEnterTimestamp": "Mon 2021-07-19 15:25:11 CST",
"ActiveEnterTimestampMonotonic": "6161516703",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "sysinit.target basic.target dbus.service dbus.socket system.slice polkit.service",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
"AmbientCapabilities": "",
"AssertResult": "yes",
5.关闭selinux
[root@marter lamp]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line="SELINUX=disabled"'
192.168.47.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": false,
"msg": ""
}
192.168.47.159 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": false,
"msg": ""
}
192.168.47.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": false,
"msg": ""
}
[root@marter lamp]# ansible all -m command -a "getenforce"
192.168.47.130 | CHANGED | rc=0 >>
Disabled
192.168.47.159 | CHANGED | rc=0 >>
Disabled
192.168.47.129 | CHANGED | rc=0 >>
Disabled
6.配置yum源
[root@marter lamp]# ansible all -m command -a "curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo"
[WARNING]: Consider using the get_url or uri module rather than running 'curl'. If you need to use command because get_url or uri is insufficient you can add 'warn: false' to this
command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.47.130 | CHANGED | rc=0 >>
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2595 100 2595 0 0 4744 0 --:--:-- --:--:-- --:--:-- 4735
192.168.47.129 | CHANGED | rc=0 >>
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2595 100 2595 0 0 4744 0 --:--:-- --:--:-- --:--:-- 4735
192.168.47.159 | CHANGED | rc=0 >>
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2595 100 2595 0 0 4376 0 --:--:-- --:--:-- --:--:-- 4376
- 测试源是否可用
[root@marter lamp]# ansible all -m command -a "yum makecache"
[WARNING]: Consider using the yum module rather than running 'yum'. If you need to use command because yum is insufficient you can add 'warn: false' to this command task or set
'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.47.159 | CHANGED | rc=0 >>
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - Base - mirrors.aliyun.com 12 kB/s | 3.9 kB 00:00
CentOS-8 - Extras - mirrors.aliyun.com 5.6 kB/s | 1.5 kB 00:00
CentOS-8 - AppStream - mirrors.aliyun.com 6.2 kB/s | 4.3 kB 00:00
BaseOS 2.7 MB/s | 2.8 kB 00:00
元数据缓存已建立。Repository AppStream is listed more than once in the configuration
192.168.47.130 | CHANGED | rc=0 >>
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - Base - mirrors.aliyun.com 1.1 MB/s | 3.6 MB 00:03
CentOS-8 - Extras - mirrors.aliyun.com 14 kB/s | 9.8 kB 00:00
CentOS-8 - AppStream - mirrors.aliyun.com 686 kB/s | 8.1 MB 00:12
BaseOS 2.7 MB/s | 2.8 kB 00:00
元数据缓存已建立。Repository AppStream is listed more than once in the configuration
192.168.47.129 | CHANGED | rc=0 >>
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
CentOS-8 - Base - mirrors.aliyun.com 1.1 MB/s | 3.6 MB 00:03
CentOS-8 - Extras - mirrors.aliyun.com 13 kB/s | 9.8 kB 00:00
CentOS-8 - AppStream - mirrors.aliyun.com 672 kB/s | 8.1 MB 00:12
BaseOS 2.7 MB/s | 2.8 kB 00:00
元数据缓存已建立。Repository AppStream is listed more than once in the configuration
7.配置apache
-安装httpd
[root@marter ~]# ansible 192.168.47.159 -m yum -a "name=httpd state=latest"
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: apr-1.6.3-9.el8.x86_64",
"Installed: apr-util-1.6.1-6.el8.x86_64",
"Installed: redhat-logos-httpd-81.1-1.el8.noarch",
"Installed: apr-util-bdb-1.6.1-6.el8.x86_64",
"Installed: httpd-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: httpd-filesystem-2.4.37-21.module+el8.2.0+5008+cca404a3.noarch",
"Installed: httpd-tools-2.4.37-21.module+el8.2.0+5008+cca404a3.x86_64",
"Installed: mod_http2-1.11.3-3.module+el8.2.0+4377+dc421495.x86_64",
"Installed: apr-util-openssl-1.6.1-6.el8.x86_64"
]
}
- 开启服务,并设置开机自启
[root@marter ~]# ansible 192.168.47.159 -m service -a "name=httpd state=started enabled=yes"
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "nss-lookup.target systemd-journald.socket network.target tmp.mount basic.target remote-fs.target sysinit.target httpd-init.service systemd-tmpfiles-setup.service system.slice -.mount",
"AllowIsolate": "no",
"AllowedCPUs": "",
- 查看端口号
[root@marter lamp]# ansible 192.168.47.159 -m command -a "ss -anlit"
192.168.47.159 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
cubic cwnd:10
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
cubic cwnd:10
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
cubic cwnd:10
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
cubic cwnd:10
LISTEN 0 80 0.0.0.0:3306 0.0.0.0:*
cubic cwnd:10
LISTEN 0 128 [::]:111 [::]:*
cubic cwnd:10
LISTEN 0 128 *:80 *:*
cubic cwnd:10
LISTEN 0 128 [::]:22 [::]:*
cubic cwnd:10
LISTEN 0 5 [::1]:631 [::]:*
cubic cwnd:10
8.配置mariadb
- 安装服务
[root@marter lamp]# ansible 192.168.47.130 -m yum -a "name=mariadb state=latest"
192.168.47.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mariadb-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-backup-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-common-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-server-galera-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-connector-c-3.1.11-2.el8_3.x86_64",
"Installed: mariadb-connector-c-config-3.1.11-2.el8_3.noarch",
"Installed: mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-errmsg-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-gssapi-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Removed: mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-connector-c-3.0.7-1.el8.x86_64",
"Removed: mariadb-connector-c-config-3.0.7-1.el8.noarch",
"Removed: mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-galera-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64",
"Removed: mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84.x86_64"
]
}
- 开启服务,设置开启自启
[root@marter lamp]# ansible 192.168.47.130 -m service -a "name=mariadb state=started enabled=yes"
192.168.47.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"enabled": true,
"name": "mariadb",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Mon 2021-07-19 16:15:14 CST",
"ActiveEnterTimestampMonotonic": "9160211338",
"ActiveExitTimestamp": "Mon 2021-07-19 16:15:12 CST",
"ActiveExitTimestampMonotonic": "9158320968",
"ActiveState": "active",
"After": "basic.target systemd-tmpfiles-setup.service -.mount network.target tmp.mount systemd-journald.socket sysinit.target system.slice",
"AllowIsolate": "no",
"AllowedCPUs": "",
"AllowedMemoryNodes": "",
9.配置php
- 安装php服务
[root@marter lamp]# ansible 192.168.47.129 -m yum -a "name=php* state=latest"
192.168.47.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: unixODBC-2.3.7-1.el8.x86_64",
"Installed: libstdc++-8.4.1-1.el8.x86_64",
"Installed: cpp-8.4.1-1.el8.x86_64",
"Installed: m4-1.4.18-7.el8.x86_64",
"Installed: glibc-devel-2.28-101.el8.x86_64",
"Installed: net-snmp-1:5.8-20.el8.x86_64",
"Installed: autoconf-2.69-27.el8.noarch",
"Installed: net-snmp-agent-libs-1:5.8-20.el8.x86_64",
"Installed: glibc-headers-2.28-101.el8.x86_64",
"Installed: php-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
"Installed: kernel-headers-4.18.0-305.7.1.el8_4.x86_64",
"Installed: mod_http2-1.15.7-3.module_el8.4.0+778+c970deab.x86_64",
"Installed: php-bcmath-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
"Installed: php-cli-7.2.24-1.module_el8.2.0+313+b04d0a66.x86_64",
- 安装php-mysqlnd服务
[root@marter lamp]# ansible 192.168.47.129 -m yum -a 'name=php-mysqlnd state=latest'
192.168.47.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
10.配置apache和php
- 修改httpd的配置文件
[root@marter lamp]# ansible 192.168.47.159 -m shell -a 'sed -i "/DirectoryIndex/s/index.html/index.php index.html/g" /etc/httpd/conf/httpd.conf'
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If you need to use command because replace, lineinfile or template is insufficient
you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this message.
192.168.47.159 | CHANGED | rc=0 >>
[root@marter lamp]# ansible 192.168.47.159 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="AddType application/x-gzip.gz.tgz" line="AddType application x-httpd-php .php"'
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@marter lamp]# ansible 192.168.47.159 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="AddType application/x-gzip .gz.tgz" line="AddType application x-httpd-php-source.phps"'
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@marter lamp]# ansible 192.168.47.159 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="# LoadModule foo_module modules/mod_foo.so" line="LoadModule proxy_module modules/mod_proxy.so"'
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@marter lamp]# ansible 192.168.47.159 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf insertafter="# LoadModule foo_module modules/mod_foo.so" line="LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so"'
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@marter lamp]# vim httpd-vhosts.conf
[root@marter lamp]# cat httpd-vhosts.conf
<VirtualHost *:80>
DocumentRoot "/var/www/html/"
ServerName example.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.47.129:9000/var/www/html/$1
<Directory "/var/www/html/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
[root@marter lamp]# ansible 192.168.47.159 -m copy -a "src=/root/lamp/index.php dest=/var/www/html/"
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "012ee25cceff745e681fbb3697a06f3712f55554",
"dest": "/var/www/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "9dccf462d245f55ac3e0cdb0e5401f5b",
"mode": "0644",
"owner": "root",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1626882441.7565823-401276-268491353138478/source",
"state": "file",
"uid": 0
}
[root@apache conf.d]# vim /etc/httpd/conf/httpd.conf
LoadModule proxy_module modules/mod_proxy.so //短的在前
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
- 使用lineinfile模块来修改php的配置文件
[root@marter lamp]# ansible 192.168.47.129 -m lineinfile -a 'path=/etc/php-fpm.d/www.conf regexp="listen = /usr" line="listen = 0.0.0.0:9000"'
192.168.47.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@marter lamp]# ansible 192.168.47.129 -m lineinfile -a 'path=/etc/php-fpm.d/www.conf regexp="listen.allowed_clients = 127.0.0.1" line="listen.allowed_clients = 192.168.47.159"'
192.168.47.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@marter lamp]#
- 把php测试文件index.php放到php服务器上
[root@marter lamp]# vim index.php
[root@marter lamp]# cat index.php
<?php
phpinfo();
?>
[root@marter lamp]# ansible 192.168.47.129 -m copy -a 'src=/root/lamp/index.php dest=/var/www/html/'
192.168.47.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "012ee25cceff745e681fbb3697a06f3712f55554",
"dest": "/var/www/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "9dccf462d245f55ac3e0cdb0e5401f5b",
"mode": "0644",
"owner": "root",
"size": 20,
"src": "/root/.ansible/tmp/ansible-tmp-1626709252.4352973-237373-212317606799500/source",
"state": "file",
"uid": 0
}
- 修改php服务监听方式
```python
[root@php html]# vim /etc/php-fpm.d/www.conf
; Note: This value is mandatory.
;listen = /run/php-fpm/www.sock
listen = 9000
; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511
11.重启服务
[root@marter lamp]# ansible 192.168.47.159 -m service -a 'name=httpd state=restarted'
192.168.47.159 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2021-07-20 00:19:51 CST",
"ActiveEnterTimestampMonotonic": "9665164420",
"ActiveExitTimestamp": "Tue 2021-07-20 00:19:50 CST",
"ActiveExitTimestampMonotonic": "9664100421",
"ActiveState": "active",
"After": "tmp.mount remote-fs.target network.target systemd-journald.socket sysinit.target systemd-tmpfiles-setup.service basic.target httpd-init.service system.slice nss-lookup.target -.mount",
[root@marter lamp]# ansible 192.168.47.129 -m service -a 'name=php-fpm state=restarted'
192.168.47.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "php-fpm",
"state": "started",
"status": {
"ActiveEnterTimestamp": "Tue 2021-07-20 00:15:02 CST",
"ActiveEnterTimestampMonotonic": "9375241500",
"ActiveExitTimestamp": "Tue 2021-07-20 00:15:02 CST",
"ActiveExitTimestampMonotonic": "9375171370",
"ActiveState": "active",
"After": "sysinit.target tmp.mount systemd-journald.socket network.target system.slice syslog.target -.mount systemd-tmpfiles-setup.service basic.target",
"AllowIsolate": "no",