Ansible编写Lnmp的playbook
说明: 前提是其中控制节点上面是已经按照好了的ansible。
准备环境:
系统环境 ip 系统角色 部署的应用 centos8(computer) 192.168.136.139 被控制节点 python36 centos8 (control) 192.168.136.140 控制节点 ansible+python36 +nginx+mysql+php
部署lnmp
# 在控制节点
1.在control主机上
[root@control ~]# systemctl stop firewalld
[root@control ~]# systemctl disable firewalld
[root@control ~]# setenforce 0
[root@control ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
# 建议重启一下
[root@control ~]# reboot
以下操作在control控制节点上面部署
# 查看是否ping通被控制节点的主机
[root@control ansible]# ansible all -m ping
The authenticity of host 'compute (192.168.136.139)' can't be established.
ECDSA key fingerprint is SHA256:Py93yCzuqbbQA+WMYk25gKsl8c7gp+uNMr8tE+alshk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
compute | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong" (表示成功)
}
# 先创建一些目录
[root@control ~]# mkdir /opt/moudule
[root@control ~]# mkdir /opt/LNMP
[root@control ~]# ll /opt
drwxr-xr-x 2 root root 6 Oct 22 05:31 LNMP
drwxr-xr-x 7 root root 78 Oct 22 05:26 moudule
[root@control ~]# cd /opt/moudule/
[root@control moudule]# mkdir files vars template application
[root@control moudule]# mkdir -p files vars template application init
# 查看结构
[root@control opt]# tree
.
├── LNMP
│ ├── ansible.cfg
│ ├── inventory
│ └── lnmp.yml
└── moudule
├── application
│ └── php
├── databases
│ └── mysql
├── files
│ ├── CentOS-Base.repo
│ ├── nginx-1.22.1.tar.gz
│ ├── nginx.sh
│ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ ├── php-8.2.9.tar.gz
│ └── php.sh
├── init
│ ├── firewalld.yml
│ ├── main.yml
│ ├── selinux.yml
│ ├── software.yml
│ └── yum.yml
├── template
│ ├── index.php
│ ├── nginx.conf
│ ├── nginx.service
│ └── php-fpm.service
├── vars
│ └── package.yml
└── webs
└── nginx
└── main.yml
12 directories, 20 files
[root@control opt]#
# 创建目录及常用的放在init中
1 . 配置yum仓库
[root@control init]# cat yum.yml
- name: ensure yum sources exist
shell: ls /etc/yum.repos.d/* &> /dev/null
- name: remove /etc/yum.repos.d/*
shell: rm -rf /etc/yum.repos.d/*
- name: copy yum source
copy:
src: ../files/CentOS-Base.repo
dest: /etc/yum.repos.d/
- name: clean cache
shell: "yum clean all && yum makecache"
[root@control init]#
2. 关闭防火墙
[root@control init]# cat firewalld.yml
- name: close firewalld
service:
name: firewalld
state: stopped
enabled: no
[root@control init]#
3. 关闭selinux
[root@control init]# cat selinux.yml
- name: permanent close selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX'
line: 'SELINUX=disabled'
- name: close selinux temporarily
shell: setenforce 0
[root@control init]#
4. 配置安装常用的命令
[root@control init]# cat software.yml
- name: install common software
yum:
name:
- wget
- tree
- make
- vim
state: present
5. 将上面的统一归纳到main.yml 文件中去
[root@control init]# vim main.yml
[root@control init]# cat main.yml
- import_tasks: yum.yml
- import_tasks: software.yml
- import_tasks: firewalld.yml
- import_tasks: selinux.yml
基础配置完成!
# 定义安装的依赖包的变量
[root@control vars]# cat package.yml
pkgs:
- pcre-devel
- openssl-devel
- gd-devel
- libxml2-devel
- sqlite-devel
- libcurl-devel
- libcurl-devel
- readline-devel
[root@control vars]#
# 在控制端下载好必要的软件包
[root@control files]# ll
total 18500
-rw-r--r-- 1 root root 1653 Oct 22 06:06 CentOS-Base.repo
-rw-r--r-- 1 root root 1073948 Oct 19 2022 nginx-1.22.1.tar.gz
-rwxr-xr-x 1 root root 1060 Oct 22 10:35 nginx.sh
-rw-r--r-- 1 root root 17858291 Oct 22 07:14 php-8.2.9.tar.gz
[root@control files]#
# 编写nginx的脚本
[root@control files]# vim nginx.sh
[root@control files]# cat nginx.sh
#!/bin/bash
cd /usr/src
tar -xf nginx-1.22.1.tar.gz
cd nginx-1.22.1
./configure --prefix=/usr/local/nginx --user=nginx > --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log && \
make && make install && \
echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
source /etc/profile.d/nginx.sh
[root@control files]# chmod +x nginx.sh
[root@control files]#
# 设置nginx开机自启配置文件
[root@control template]# vim nginx.service
[root@control template]# cat nginx.service
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/usr/local/nginx/sbin/nginx -s reload
[Install]
WantedBy=multi-user.target
[root@control template]#
# 编写php脚本
[root@control files]# cat php.sh
#!/bin/bash
cd /usr/src
tar -xf php-8.2.9.tar.gz
cd php-8.2.9
./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --disable-debug && \
make && make install && \
echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
source /etc/profile.d/php8.sh
cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf
[root@control files]#
# 设置php配置开机自启
[root@control template]# cat php-fpm.service
[Unit]
Description=php-fpm server daemon
After=network.targe
[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/php-fpm start
ExecStop=/etc/rc.d/init.d/php-fpm stop
ExecReload=/bin/kill -HUP \$MAINPID
[Install]
WantedBy=multi-user.target
[root@control template]#
让nginx支持php功能
# 编写nginx主配置文件
可以在被控制节点先编辑好,传给控制节点
[root@control template]# scp root@192.168.136.139:/usr/local/nginx/conf/nginx.conf .
nginx.conf
65 location ~ \.php$ {
66 root html;
67 fastcgi_pass 127.0.0.1:9000;
68 fastcgi_index index.php;
69 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
70 include fastcgi_params;
71 }
[root@control template]# ll
total 12
-rw-r--r-- 1 root root 2659 Oct 22 11:52 nginx.conf
-rw-r--r-- 1 root root 254 Oct 22 10:48 nginx.service
-rw-r--r-- 1 root root 239 Oct 22 11:28 php-fpm.service
[root@control template]#
# 写一个php文件
[root@control template]# vim index.php
[root@control template]# cat index.php
<?php
phpinfo();
?>
[root@control template]#
playbook的部署
[root@control LNMP]# cat lnmp.yml
- name: build lnmp
hosts: compute
ignore_errors: yes
vars_files:
../moudule/vars/package.yml
tasks:
- name: init system
import_tasks: ../moudule/init/main.yml
- name: create system user
user:
name: nginx
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: install need packages
shell: yum -y install gcc gcc-c++ --allowerasing
- name: install dependent pkgs
yum:
name: "{{ pkgs }}"
state: present
- name: copy download package
copy:
src: ../moudule/files/{{ item }}
dest: /usr/src
loop:
- nginx-1.22.1.tar.gz
- php-8.2.9.tar.gz
- name: configure and install
script: ../moudule/files/nginx.sh
- name: copy config file for nginx
template:
src: ../moudule/template/nginx.service
dest: /usr/lib/systemd/system/nginx.service
- name: set enable for nginx
service:
name: nginx
state: started
enabled: yes
- name: install mysql
yum:
name: "{{ item }}"
state: present
loop:
- mariadb
- mariadb-server
- name: start mariadb
service:
name: mariadb
state: started
- name: set password for mariadb
shell: mysql -e 'set password = password("123456")'
- name: install oniguruma-devel
shell: yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- name: configure install for php
script: ../moudule/files/php.sh
- name: copy enable config file for php
template:
src: ../moudule/template/php-fpm.service
dest: /usr/lib/systemd/system/php-fpm.service
- name: set enable for php
service:
name: php-fpm
state: started
enabled: yes
- name: support php function for nginx
template:
src: ../moudule/template/nginx.conf
dest: /usr/local/nginx/conf/
- name: write php file
template:
src: ../moudule/template/index.php
dest: /usr/local/nginx/html/
- name: restart nginx service
service:
name: nginx
state: restarted
[root@control LNMP]#
效果!