Ansible编写Lnmp的playbook

Ansible编写Lnmp的playbook

说明： 前提是其中控制节点上面是已经按照好了的ansible。

准备环境：

系统环境	ip	系统角色	部署的应用
centos8（computer）	192.168.136.139	被控制节点	python36
centos8 （control）	192.168.136.140	控制节点	ansible+python36 +nginx+mysql+php

部署lnmp

# 在控制节点
1.在control主机上
[root@control ~]# systemctl stop firewalld
[root@control ~]# systemctl disable firewalld
[root@control ~]# setenforce 0
[root@control ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

# 建议重启一下
[root@control ~]# reboot

以下操作在control控制节点上面部署

# 查看是否ping通被控制节点的主机
[root@control ansible]# ansible all -m ping
The authenticity of host 'compute (192.168.136.139)' can't be established.
ECDSA key fingerprint is SHA256:Py93yCzuqbbQA+WMYk25gKsl8c7gp+uNMr8tE+alshk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
compute | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"   （表示成功）
} 

# 先创建一些目录
[root@control ~]# mkdir /opt/moudule
[root@control ~]# mkdir /opt/LNMP
[root@control ~]# ll /opt
drwxr-xr-x  2 root root    6 Oct 22 05:31 LNMP
drwxr-xr-x  7 root root   78 Oct 22 05:26 moudule

[root@control ~]# cd /opt/moudule/
[root@control moudule]# mkdir files vars template application 
[root@control moudule]# mkdir -p files vars template application init 

# 查看结构
[root@control opt]# tree
.
├── LNMP
│   ├── ansible.cfg
│   ├── inventory
│   └── lnmp.yml
└── moudule
    ├── application
    │   └── php
    ├── databases
    │   └── mysql
    ├── files
    │   ├── CentOS-Base.repo
    │   ├── nginx-1.22.1.tar.gz
    │   ├── nginx.sh
    │   ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
    │   ├── php-8.2.9.tar.gz
    │   └── php.sh
    ├── init
    │   ├── firewalld.yml
    │   ├── main.yml
    │   ├── selinux.yml
    │   ├── software.yml
    │   └── yum.yml
    ├── template
    │   ├── index.php
    │   ├── nginx.conf
    │   ├── nginx.service
    │   └── php-fpm.service
    ├── vars
    │   └── package.yml
    └── webs
        └── nginx
            └── main.yml

12 directories, 20 files
[root@control opt]# 


# 创建目录及常用的放在init中
1 . 配置yum仓库
[root@control init]# cat yum.yml 
- name: ensure yum sources exist
  shell: ls /etc/yum.repos.d/* &> /dev/null
- name: remove /etc/yum.repos.d/*
  shell: rm -rf /etc/yum.repos.d/*
- name: copy yum source 
  copy:
    src: ../files/CentOS-Base.repo
    dest: /etc/yum.repos.d/
- name: clean cache
  shell: "yum clean all && yum makecache"

[root@control init]# 

2. 关闭防火墙
[root@control init]# cat firewalld.yml 
- name: close firewalld
  service: 
    name: firewalld
    state: stopped
    enabled: no
[root@control init]# 

3. 关闭selinux
[root@control init]# cat selinux.yml 
- name: permanent close selinux
  lineinfile:
    path: /etc/selinux/config
    regexp: '^SELINUX'
    line: 'SELINUX=disabled'
- name: close selinux temporarily
  shell: setenforce 0

[root@control init]# 

4. 配置安装常用的命令
[root@control init]# cat software.yml 
- name: install common software
  yum:
    name:
      - wget
      - tree
      - make 
      - vim
    state: present
  
5. 将上面的统一归纳到main.yml 文件中去
[root@control init]# vim main.yml 
[root@control init]# cat main.yml 
- import_tasks: yum.yml
- import_tasks: software.yml
- import_tasks: firewalld.yml
- import_tasks: selinux.yml

基础配置完成！

# 定义安装的依赖包的变量
[root@control vars]# cat package.yml 
pkgs:
  - pcre-devel
  - openssl-devel
  - gd-devel
  - libxml2-devel
  - sqlite-devel
  - libcurl-devel 
  - libcurl-devel 
  - readline-devel
[root@control vars]# 

# 在控制端下载好必要的软件包
[root@control files]# ll
total 18500
-rw-r--r-- 1 root root     1653 Oct 22 06:06 CentOS-Base.repo
-rw-r--r-- 1 root root  1073948 Oct 19  2022 nginx-1.22.1.tar.gz
-rwxr-xr-x 1 root root     1060 Oct 22 10:35 nginx.sh
-rw-r--r-- 1 root root 17858291 Oct 22 07:14 php-8.2.9.tar.gz
[root@control files]# 

# 编写nginx的脚本
[root@control files]# vim nginx.sh
[root@control files]# cat nginx.sh
#!/bin/bash

cd /usr/src
tar -xf nginx-1.22.1.tar.gz
cd nginx-1.22.1
./configure --prefix=/usr/local/nginx --user=nginx > --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log && \
	make && make install && \
echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
source /etc/profile.d/nginx.sh
[root@control files]# chmod +x nginx.sh 
[root@control files]# 

# 设置nginx开机自启配置文件
[root@control template]# vim nginx.service
[root@control template]# cat nginx.service
[Unit]
Description=nginx server daemon
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/usr/local/nginx/sbin/nginx -s reload

[Install]
WantedBy=multi-user.target
[root@control template]# 

# 编写php脚本
[root@control files]# cat php.sh 
#!/bin/bash
cd /usr/src
tar -xf php-8.2.9.tar.gz
cd php-8.2.9
./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --enable-fpm --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --disable-debug && \
	 make && make install && \
echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
source /etc/profile.d/php8.sh
cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf
[root@control files]# 

# 设置php配置开机自启
[root@control template]# cat php-fpm.service 
[Unit]
Description=php-fpm server daemon
After=network.targe

[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/php-fpm start
ExecStop=/etc/rc.d/init.d/php-fpm stop
ExecReload=/bin/kill -HUP \$MAINPID

[Install]
WantedBy=multi-user.target
[root@control template]# 

让nginx支持php功能

# 编写nginx主配置文件
可以在被控制节点先编辑好，传给控制节点
[root@control template]# scp root@192.168.136.139:/usr/local/nginx/conf/nginx.conf .
nginx.conf    
 65         location ~ \.php$ {
 66             root           html;
 67             fastcgi_pass   127.0.0.1:9000;
 68             fastcgi_index  index.php;
 69             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
 70             include        fastcgi_params;
 71         }
 
[root@control template]# ll
total 12
-rw-r--r-- 1 root root 2659 Oct 22 11:52 nginx.conf
-rw-r--r-- 1 root root  254 Oct 22 10:48 nginx.service
-rw-r--r-- 1 root root  239 Oct 22 11:28 php-fpm.service
[root@control template]# 

# 写一个php文件

[root@control template]# vim index.php
[root@control template]# cat index.php
<?php
phpinfo();
?>
[root@control template]# 

playbook的部署

[root@control LNMP]# cat lnmp.yml 
- name: build lnmp
  hosts: compute
  ignore_errors: yes
  vars_files:
    ../moudule/vars/package.yml
  tasks:
   - name: init system 
     import_tasks: ../moudule/init/main.yml
   - name: create system user
     user:
       name: nginx
       system: yes
       create_home: no
       shell: /sbin/nologin
       state: present
   - name: install need packages
     shell: yum -y install gcc gcc-c++ --allowerasing
   - name: install dependent pkgs
     yum:
       name: "{{ pkgs }}"
       state: present
   - name: copy download package
     copy:
       src: ../moudule/files/{{ item }}
       dest: /usr/src
     loop:
       - nginx-1.22.1.tar.gz
       - php-8.2.9.tar.gz
   - name: configure and install
     script: ../moudule/files/nginx.sh
   - name: copy config file for nginx
     template: 
       src: ../moudule/template/nginx.service
       dest: /usr/lib/systemd/system/nginx.service
   - name: set enable for nginx
     service:
       name: nginx
       state: started
       enabled: yes
   - name: install mysql
     yum:
       name: "{{ item }}"
       state: present
     loop:
       - mariadb
       - mariadb-server
   - name: start mariadb
     service:
       name: mariadb
       state: started
   - name: set password for mariadb
     shell: mysql -e 'set password = password("123456")'
   - name: install oniguruma-devel
     shell: yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
   - name: configure install for php
     script: ../moudule/files/php.sh
   - name: copy enable config file for php
     template:
       src: ../moudule/template/php-fpm.service
       dest: /usr/lib/systemd/system/php-fpm.service
   - name: set enable for php
     service:
       name: php-fpm
       state: started
       enabled: yes
   - name: support php function for nginx
     template:
       src: ../moudule/template/nginx.conf
       dest: /usr/local/nginx/conf/
   - name: write php file
     template:
       src: ../moudule/template/index.php
       dest: /usr/local/nginx/html/
   - name: restart nginx service
     service:
       name: nginx
       state: restarted 
[root@control LNMP]# 

效果！