如何在Ubuntu 18.04上使用Ansible安装和设置LEMP

介绍 (Introduction)

Server automation now plays an essential role in systems administration, due to the disposable nature of modern application environments. Configuration management tools such as Ansible are typically used to streamline the process of automating server setup by establishing standard procedures for new servers while also reducing human error associated with manual setups.

由于现代应用程序环境具有可处理性，因此服务器自动化现在在系统管理中起着至关重要的作用。 配置管理工具(例如Ansible)通常用于通过为新服务器建立标准过程来简化服务器设置自动化的过程，同时还减少了与手动设置相关的人为错误。

Ansible offers a simple architecture that doesn’t require special software to be installed on nodes. It also provides a robust set of features and built-in modules which facilitate writing automation scripts.

Ansible提供了一种简单的体系结构，不需要在节点上安装特殊软件。 它还提供了一组功能强大的功能和内置模块，可帮助编写自动化脚本。

This guide explains how to use Ansible to automate the steps contained in our guide on How To Install Linux, Nginx, MySQL and PHP (LEMP) on Ubuntu 18.04. The LEMP software stack is a group of software that can be used to serve dynamic web pages and web applications. This is an acronym that describes a Linux operating system, with an Nginx (pronounced like “Engine-X”) web server. The backend data is stored in the MySQL database and the dynamic processing is handled by PHP.

本指南说明了如何使用Ansible来自动化我们的指南中有关如何在Ubuntu 18.04上安装Linux，Nginx，MySQL和PHP(LEMP)的步骤 。 LEMP软件堆栈是一组可用于提供动态网页和Web应用程序的软件。 这是一个首字母缩写词，用于描述L inux操作系统和Nginx(发音为“ E ngine-X”)Web服务器。 后端数据存储在M ySQL数据库中，动态处理由P HP处理。

先决条件 (Prerequisites)

In order to execute the automated setup provided by the playbook we’re discussing in this guide, you’ll need:

为了执行我们在本指南中讨论的剧本提供的自动设置，您需要：

• One Ansible control node: an Ubuntu 18.04 machine with Ansible installed and configured to connect to your Ansible hosts using SSH keys. Make sure the control node has a regular user with sudo permissions and a firewall enabled, as explained in our Initial Server Setup guide. To set up Ansible, please follow our guide on How to Install and Configure Ansible on Ubuntu 18.04.

  一个Ansible控制节点 ：安装了Ansible并配置为使用SSH密钥连接到您的Ansible主机的Ubuntu 18.04计算机。 确保控制节点具有sudo权限的常规用户并启用了防火墙，如“ 初始服务器设置”指南中所述。 要设置Ansible，请遵循有关如何在Ubuntu 18.04上安装和配置Ansible的指南。

• One or more Ansible Hosts: one or more remote Ubuntu 18.04 servers previously set up following the guide on How to Use Ansible to Automate Initial Server Setup on Ubuntu 18.04.

  一台或多台Ansible主机 ：一台或多台远程Ubuntu 18.04服务器以前是按照有关如何在Ubuntu 18.04上使用Ansible自动化初始服务器设置的指南进行设置的 。

Before proceeding, you first need to make sure your Ansible control node is able to connect and execute commands on your Ansible host(s). For a connection test, please check step 3 of How to Install and Configure Ansible on Ubuntu 18.04.

在继续之前，您首先需要确保Ansible控制节点能够在Ansible主机上连接并执行命令。 对于连接测试，请检查如何在Ubuntu 18.04上安装和配置Ansible的步骤3。

这本剧本做什么？ (What Does this Playbook Do?)

This Ansible playbook provides an alternative to manually running through the procedure outlined in our guide on How To Install Linux, Nginx, MySQL, PHP (LEMP stack) on Ubuntu 18.04.

这本Ansible剧本提供了一种替代方法，可以手动执行我们的指南中概述的步骤，该指南介绍了如何在Ubuntu 18.04上安装Linux，Nginx，MySQL，PHP(LEMP堆栈) 。

Running this playbook will perform the following actions on your Ansible hosts:

运行此剧本将在您的Ansible主机上执行以下操作：

1. Install aptitude, which is preferred by Ansible as an alternative to the apt package manager.

   安装aptitude ，这是Ansible首选的替代apt软件包管理器的工具。

2. Install the required LEMP packages.
   安装所需的LEMP软件包。
3. Set up the Nginx configuration file using the provided template.
   使用提供的模板设置Nginx配置文件。
4. Enable the new Nginx configuration and disable the default one.
   启用新的Nginx配置并禁用默认配置。

5. Set the password for the MySQL root user.

   设置MySQL root用户的密码。

6. Remove anonymous MySQL accounts and the test database.
   删除匿名MySQL帐户和测试数据库。

7. Set up UFW to allow HTTP traffic on the configured port (80 by default).

   设置UFW，以允许配置的端口上的HTTP通信(默认为80 )。

8. Set up a PHP test script using the provided template.
   使用提供的模板设置PHP测试脚本。

Once the playbook has finished running, you will have a web PHP environment running on top of Nginx, based on the options you defined within your configuration variables.

剧本运行完毕后，将根据您在配置变量中定义的选项，在Nginx上运行一个Web PHP环境。

如何使用本手册 (How to Use this Playbook)

The first thing we need to do is obtain the LEMP playbook and its dependencies from the do-community/ansible-playbooks repository. We need to clone this repository to a local folder inside the Ansible Control Node.

我们需要做的第一件事是从do-community / ansible-playbooks存储库中获得LEMP剧本及其依赖项。 我们需要将此存储库克隆到Ansible控制节点内的本地文件夹。

In case you have cloned this repository before while following a different guide, access your existing ansible-playbooks copy and run a git pull command to make sure you have updated contents:

如果您在遵循其他指南之前已经克隆了此存储库，请访问现有的ansible-playbooks副本并运行git pull命令以确保已更新内容：

• cd ~/ansible-playbooks
  cd〜/ ansible-playbooks
• git pull
  git pull

If this is your first time using the do-community/ansible-playbooks repository, you should start by cloning the repository to your home folder with:

如果这是您第一次使用do-community/ansible-playbooks存储库，则应首先使用以下命令将存储库克隆到主文件夹中：

• cd ~
  光盘〜
• git clone https://github.com/do-community/ansible-playbooks.git
  git clone https://github.com/do-community/ansible-playbooks.git
• cd ansible-playbooks
  cd ansible-playbooks

The files we’re interested in are located inside the lemp_ubuntu1804 folder, which has the following structure:

我们感兴趣的文件位于lemp_ubuntu1804文件夹中，该文件夹具有以下结构：

lemp_ubuntu1804
├── files
│   ├── info.php.j2
│   └── nginx.conf.j2
├── vars
│   └── default.yml
├── playbook.yml
└── readme.md

Here is what each of these files are:

以下是每个文件的含义：

• files/info.php.j2: Template file for setting up a PHP test page on the web server’s root

  files/info.php.j2 ：用于在Web服务器的根目录上设置PHP测试页的模板文件

• files/nginx.conf.j2: Template file for setting up the Nginx server. directory.

  files/nginx.conf.j2 ：用于设置Nginx服务器的模板文件。 目录。

• vars/default.yml: Variable file for customizing playbook settings.

  vars/default.yml ：用于自定义剧本设置的变量文件。

• playbook.yml: The playbook file, containing the tasks to be executed on the remote server(s).

  playbook.yml ：剧本文件，包含要在远程服务器上执行的任务。

• readme.md: A text file containing information about this playbook.

  readme.md ：一个文本文件，包含有关此剧本的信息。

We’ll edit the playbook’s variable file to customize the configurations of both MySQL and Nginx. Access the lemp_ubuntu1804 directory and open the vars/default.yml file using your command line editor of choice:

我们将编辑剧本的变量文件，以自定义MySQL和Nginx的配置。 访问lemp_ubuntu1804目录，并使用选择的命令行编辑器打开vars/default.yml文件：

• cd lemp_ubuntu1804
  光盘lemp_ubuntu1804
• nano vars/default.yml
  纳米vars / default.yml

This file contains a few variables that require your attention:

该文件包含一些需要引起您注意的变量：

vars/default.yml

vars / default.yml

---
mysql_root_password: "mysql_root_password"
http_host: "your_domain"
http_conf: "your_domain.conf"
http_port: "80"

The following list contains a brief explanation of each of these variables and how you might want to change them:

以下列表简要说明了每个变量以及如何更改它们：

• mysql_root_password: The desired password for the root MySQL account.

  mysql_root_password ： 根 MySQL帐户的所需密码。

• http_host: The host name or IP address for this web server.

  http_host ：此Web服务器的主机名或IP地址。

• http_conf: The name of the configuration file to be created inside /etc/nginx/sites-available, typically set to the host or application name for easier identification.

  http_conf ：要在/etc/nginx/sites-available内部创建的配置文件的名称，通常设置为主机名或应用程序名，以便于识别。

• http_port: The port Nginx will use to serve this site. This is port 80 by default, but if you want to serve your site or application on a different port, enter it here.

  http_port ：Nginx将用于服务此站点的端口。 默认情况下，这是端口80 ，但是如果要在其他端口上服务站点或应用程序，请在此处输入。

Once you’re done updating the variables inside vars/default.yml, save and close this file. If you used nano, do so by pressing CTRL + X, Y, then ENTER.

更新完vars/default.yml的变量后，保存并关闭此文件。 如果您使用过nano ，请按CTRL + X ， Y ，然后按ENTER 。

You’re now ready to run this playbook on one or more servers. Most playbooks are configured to be executed on everyserver in your inventory, by default. We can use the-lflag to make sure that only a subset of servers, or a single server, is affected by the playbook. We can also use the-u` flag to specify which user on the remote server we’re using to connect and execute the playbook commands on the remote hosts.

现在，您可以在一个或多个服务器上运行此剧本。 server in your inventory, by default. We can use the大多数剧本配置为server in your inventory, by default. We can use the每台server in your inventory, by default. We can use the上执行server in your inventory, by default. We can use the server in your inventory, by default. We can use the -l flag to make sure that only a subset of servers, or a single server, is affected by the playbook. We can also use the flag to make sure that only a subset of servers, or a single server, is affected by the playbook. We can also use the -u`标志来指定用于连接和执行远程主机上的playbook命令的远程服务器上的哪个用户。

To execute the playbook only on server1, connecting as sammy, you can use the following command:

要仅在以sammy连接的server1上执行剧本，可以使用以下命令：

• ansible-playbook playbook.yml -l server1 -u sammy

  ansible-playbook playbook.yml -l server1 -u sammy

You will get output similar to this:

您将获得类似于以下的输出：

   
   

    
    Output
   
   
PLAY [all] *****************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [server1]

TASK [Install Prerequisites] ***********************************************************************************************************
changed: [server1] => (item=aptitude)

...

TASK [UFW - Allow HTTP on port 80] *****************************************************************************************************
changed: [server1]

TASK [Sets Up PHP Info Page] ***********************************************************************************************************
changed: [server1]

RUNNING HANDLER [Reload Nginx] *********************************************************************************************************
changed: [server1]

PLAY RECAP *****************************************************************************************************************************
server1         : ok=12   changed=9    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Note: For more information on how to run Ansible playbooks, check our Ansible Cheat Sheet Guide.

注意 ：有关如何运行Ansible剧本的更多信息，请参阅《 Ansible备忘单指南》 。

When the playbook is finished running, go to your web browser and access the host or IP address of the server, as configured in the playbook variables, followed by /info.php:

当剧本完成运行后，请转到您的网络浏览器，并按照剧本变量中的配置(然后是/info.php访问服务器的主机或IP地址：

http://server_host_or_IP/info.php

You will see a page like this:

您将看到如下页面：

Because this page contains sensitive information about your PHP environment, it is recommended that you remove it from the server by running an rm -f /var/www/info.php command once you have finished setting it up.

因为此页面包含有关您PHP环境的敏感信息，所以建议您在完成设置后通过运行rm -f /var/www/info.php命令将其从服务器中删除。

剧本内容 (The Playbook Contents)

You can find the LEMP server setup featured in this tutorial in the lemp_ubuntu1804 folder inside the DigitalOcean Community Playbooks repository. To copy or download the script contents directly, click the Raw button towards the top of each script.

您可以在DigitalOcean Community Playbooks存储库内的lemp_ubuntu1804文件夹中找到本教程中介绍的LEMP服务器设置。 要直接复制或下载脚本内容，请单击每个脚本顶部的Raw按钮。

The full contents of the playbook as well as its associated files are also included here for your convenience.

为了方便起见，此处也包含了剧本的完整内容及其相关文件。

vars / default.yml (vars/default.yml)

The default.yml variable file contains values that will be used within the playbook tasks, such as the password for the MySQL root account and the domain name to configure within Nginx.

default.yml变量文件包含将在剧本任务中使用的值，例如MySQL 根帐户的密码和要在Nginx中配置的域名。

vars/default.yml

vars / default.yml

---
mysql_root_password: "mysql_root_password"
http_host: "your_domain"
http_conf: "your_domain.conf"
http_port: "80"

文件/ nginx.conf.j2 (files/nginx.conf.j2)

The nginx.conf.j2 file is a Jinja 2 template file that configures the Nginx web server. The variables used within this template are defined in the vars/default.yml variable file.

nginx.conf.j2文件是用于配置Nginx Web服务器的Jinja 2模板文件。 在vars/default.yml变量文件中定义了此模板中使用的变量。

files/nginx.conf.j2

文件/ nginx.conf.j2

server {
       listen {{ http_port }};
       root /var/www/html;
       index index.php index.html index.htm index.nginx-debian.html;
       server_name {{ http_host }};

       location / {
               try_files $uri $uri/ =404;
       }

       location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
       }

       location ~ /\.ht {
               deny all;
       }
}

文件/ info.php.j2 (files/info.php.j2)

The info.php.j2 file is another Jinja template, used to set up a test PHP script in the document root of the newly configured LEMP server.

info.php.j2文件是另一个Jinja模板，用于在新配置的LEMP服务器的文档根目录中设置测试PHP脚本。

files/info.php.j2

文件/ info.php.j2

<?php
phpinfo();

playbook.yml (playbook.yml)

The playbook.yml file is where all tasks from this setup are defined. It starts by defining the group of servers that should be the target of this setup (all), after which it uses become: true to define that tasks should be executed with privilege escalation (sudo) by default. Then, it includes the vars/default.yml variable file to load configuration options.

在playbook.yml文件中，定义了此设置中的所有任务。 它首先定义应作为此设置目标的服务器组( all )，然后使用become: true定义默认情况下应以特权升级( sudo )执行任务。 然后，它包含vars/default.yml变量文件以加载配置选项。

playbook.yml

playbook.yml

---
- hosts: all
  become: true
  vars_files:
   - vars/default.yml

 tasks:
   - name: Install Prerequisites
     apt: name={{ item }} update_cache=yes state=latest force_apt_get=yes
     loop: [ 'aptitude' ]

   - name: Install LEMP Packages
     apt: name={{ item }} update_cache=yes state=latest
     loop: [ 'nginx', 'mysql-server', 'python3-pymysql', 'php-fpm', 'php-mysql' ]

# Nginx Configuration

   - name: Sets Nginx conf file
     template:
       src: "files/nginx.conf.j2"
       dest: "/etc/nginx/sites-available/{{ http_conf }}"

   - name: Enables new site
     file:
       src: "/etc/nginx/sites-available/{{ http_conf }}"
       dest: "/etc/nginx/sites-enabled/{{ http_conf }}"
       state: link
     notify: Reload Nginx

   - name: Removes "default" site
     file:
       path: "/etc/nginx/sites-enabled/default"
       state: absent
     notify: Reload Nginx

# MySQL Configuration

   - name: Sets the root password
     mysql_user:
       name: root
       password: "{{ mysql_root_password }}"
       login_unix_socket: /var/run/mysqld/mysqld.sock

   - name: Removes all anonymous user accounts
     mysql_user:
       name: ''
       host_all: yes
       state: absent
       login_user: root
       login_password: "{{ mysql_root_password }}"

   - name: Removes the MySQL test database
     mysql_db:
       name: test
       state: absent
       login_user: root
       login_password: "{{ mysql_root_password }}"

# UFW Configuration

   - name: "UFW - Allow HTTP on port {{ http_port }}"
     ufw:
       rule: allow
       port: "{{ http_port }}"
       proto: tcp

# Sets Up PHP Info Page

   - name: Sets Up PHP Info Page
     template:
       src: "files/info.php.j2"
       dest: "/var/www/html/info.php"

# Handlers

 handlers:
   - name: Reload Nginx
     service:
       name: nginx
       state: reloaded

   - name: Restart Nginx
     service:
       name: nginx
       state: restarted

Feel free to modify these files to best suit your individual needs within your own workflow.

随意修改这些文件以最适合您自己的工作流程中的个性化需求。

结论 (Conclusion)

In this guide, we used Ansible to automate the process of installing and setting up a LEMP environment on a remote server. Because each individual typically has different needs when working with MySQL databases and users, we encourage you to check out the official Ansible documentation for more information and use cases of the mysql_user Ansible module.

在本指南中，我们使用Ansible自动化了在远程服务器上安装和设置LEMP环境的过程。 由于使用MySQL数据库和用户时每个人通常都有不同的需求，因此我们建议您查阅官方的Ansible文档 ，以获取mysql_user Ansible模块的更多信息和用例。

If you’d like to include other tasks in this playbook to further customize your server setup, please refer to our introductory Ansible guide Configuration Management 101: Writing Ansible Playbooks.

如果您想在本手册中包括其他任务以进一步自定义服务器设置，请参阅我们的Ansible入门指南Configuration Management 101：编写Ansible手册 。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-use-ansible-to-install-and-set-up-lemp-on-ubuntu-18-04