ansible常用模块的使用

最新推荐文章于 2024-05-08 15:54:09 发布

暖春忽见

最新推荐文章于 2024-05-08 15:54:09 发布

阅读量592

点赞数

分类专栏： ansible 文章标签： ansible linux bash

本文链接：https://blog.csdn.net/nuanchunhujian/article/details/127466898

版权

ansible 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

ansible常用模块的使用

文章目录

ansible常用模块的使用
@[toc]
ansible常用模块
ansible常用模块之ping
ansible常用模块之command
ansible常用模块之raw
ansible常用模块之shell
ansible常用模块之script
ansible常用模块之copy
ansible常用模块之template
ansible常用模块之yum
ansible常用模块之group
ansible常用模块之user
ansible常用模块之service

用ansible在三台被管理主机上部署lnmp
ansible在被管理主机上部署nginx
ansible在被管理主机上部署mysql
ansible在被管理主机上部署php
部署php测试页面
部署nginx

访问测试

ansible常用模块

ansible常用模块有：

ping
yum
template
copy
user
group
service
raw
command
shell
script

ansible常用模块raw、command、shell的区别：

shell模块调用的/bin/sh指令执行
command模块不是调用的shell的指令，所以没有bash的环境变量
raw很多地方和shell类似，更多的地方建议使用shell和command模块。但是如果是使用老版本python，需要用到raw，又或者是客户端是路由器，因为没有安装python模块，那就需要使用raw模块了

ansible常用模块之ping

ping模块一般用于测试是否连接上主机清单内的主机的时候

//出现ping pong字样就表示连接成功。
[root@ansible ansible]# ansible all -m ping
192.168.171.150 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.171.133 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

ansible常用模块之command

command是ansible这个工具里面默认使用的模块，也就是说使用的时候不需要和别的模块一样带上-m的参数，但是此模块虽然是默认使用linux内部的模块，可这个模块它是不能使用交互式的命令的；如类似于top那种会持续刷新的、和类似于管道符过滤的命令是不可以用ansible的临时命令的。

//基本用法，不需要带-m指定模块的这个参数。
[root@ansible ansible]# ansible all -a 'ls /root'
192.168.171.133 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.171.150 | CHANGED | rc=0 >>
anaconda-ks.cfg
192.168.171.142 | CHANGED | rc=0 >>
anaconda-ks.cfg

//他是不支持top、管道符类似的交互式的命令的。
[root@ansible ansible]# ansible webservers -a 'ps -ef | grep vsftpd'
192.168.171.142 | FAILED | rc=1 >>
error: garbage option

Usage:
 ps [options]

 Try 'ps --help <simple|list|output|threads|misc|all>'
  or 'ps --help <s|l|o|t|m|a>'
 for additional help text.

ansible常用模块之raw

raw模块和command模块不一样的是他是支持管道符和重定向这些命令的，但他有个缺点，就是不支持多次使用。

//这个raw模块是同样的命令支持使用多次否则有可能会出问题
[root@ansible ansible]# ansible all -m raw -a 'echo "kk" >root'
192.168.171.142 | CHANGED | rc=0 >>
Shared connection to 192.168.171.142 closed.

192.168.171.150 | CHANGED | rc=0 >>
Shared connection to 192.168.171.150 closed.

192.168.171.133 | CHANGED | rc=0 >>
Shared connection to 192.168.171.133 closed.

ansible常用模块之shell

shell模块它是执行脚本用的，只能把脚本传到被管理的节点上才能使用。

//查看被管理主机上的脚本
[root@ansible ansible]# ansible 192.168.171.150 -a 'ls /root'
192.168.171.150 | CHANGED | rc=0 >>
abc
anaconda-ks.cfg
root
test.sh

//使用ansible 的shell模块执行被管理节点的脚本来控制被管理主机，这里执行脚本的时候需要加/bin/bash
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a '/bin/bash test.sh &>abc'
192.168.171.150 | CHANGED | rc=0 >>

[root@ansible ansible]# ansible 192.168.171.150 -m shell -a ' cat abc'
192.168.171.150 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
[root@ansible ansible]#

ansible常用模块之script

这个srcipt的模块功能比shell的功能更强大，因为这个模块不需要脚本在各个被管理主机上，只要管理主机上自己有这个脚本就可以在所有的被管理主机上执行，且执行的时候不需要添加/bin/bash

//查看被管理的各个主机上是否有脚本。
[root@ansible ansible]# ansible all -a 'ls /root/'
192.168.171.133 | CHANGED | rc=0 >>
anaconda-ks.cfg
root
192.168.171.150 | CHANGED | rc=0 >>
abc
anaconda-ks.cfg
root
192.168.171.142 | CHANGED | rc=0 >>
anaconda-ks.cfg
root

//在被管理主机上没有脚本的时候使用script模块也是可以执行的。
[root@ansible ansible]# ansible all -m script -a '/etc/ansible/srcipts/test.sh &>abc'
192.168.171.133 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.171.133 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.171.133 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}
...

//在各个被管理主机上查看abc文件里面是否有东西
[root@ansible ansible]# ansible all -a 'cat abc'
192.168.171.133 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
192.168.171.150 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10
192.168.171.142 | CHANGED | rc=0 >>
1
2
3
4
5
6
7
8
9
10

ansible常用模块之copy

copy模块其实很简单，就是将管理主机上的文件cp到被管理的各个主机上面

//先在管理主机上随便创建一个文件。
[root@ansible ~]# touch 123
[root@ansible ~]# ls
123  anaconda-ks.cfg

//然后把目录123使用copy模块这个目录
[root@ansible ansible]# ansible all -m copy -a 'src=/root/123 dest=/root/'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/root/123",
    "gid": 0,
    "group": "root",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:admin_home_t:s0",
    "size": 0,
    "src": "/root/.ansible/tmp/ansible-tmp-1666418511.0779111-229460-206440547291802/source",
    "state": "file",
    "uid": 0
}
...

//查看文件是否传过去
[root@ansible ansible]# ansible all -a 'ls /root/'
192.168.171.150 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
root
192.168.171.133 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
root

ansible常用模块之template

template这个模块你暂时可以理解为跟copy是差不多的一个使用方式，但是这个模块是可以传送模板的。

//src表示的是管理主机上的文件也就是源文件需要写绝对路径，而dest是表示目标文件，就是传到被管理主机的那个位置，也需要绝对路径
[root@ansible ansible]# ansible all -m template -a 'src=/root/123 dest=/opt/'
192.168.171.133 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
    "dest": "/opt/123",
    "gid": 0,
    "group": "root",
    "md5sum": "d41d8cd98f00b204e9800998ecf8427e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:usr_t:s0",
    "size": 0,
    "src": "/root/.ansible/tmp/ansible-tmp-1666418756.5842128-246043-233561179254967/source",
    "state": "file",
    "uid": 0
}

//查看
[root@ansible ansible]# ansible 192.168.171.133 -a 'ls /opt/'
192.168.171.133 | CHANGED | rc=0 >>
123
myrepo

ansible常用模块之yum

yum模块用于在指定节点机器上通过yum管理软件，其支持的参数主要有两个

name：要管理的包名
state：要进行的操作

state常用的值：

latest：安装软件
installed：安装软件
present：安装软件
removed：卸载软件
absent：卸载软件

若想使用yum来管理软件，请确保受控机上的yum源无异常。

//先查看被管理主机上有没有服务
[root@localhost ~]# rpm -qa | grep vsftpd
[root@localhost ~]# 

//在用yum模块来在被管理主机上安装服务
[root@ansible ansible]# ansible 192.168.171.150 -m yum -a 'name=vsftpd state=present'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: vsftpd-3.0.3-35.el8.x86_64"
    ]
}

//可以查看被管理主机的服务有没有安装
[root@localhost ~]# rpm -qa | grep vsftpd
vsftpd-3.0.3-35.el8.x86_64
[root@localhost ~]#

ansible常用模块之group

group模块用于创建组和删除组，并且可以设置组的gid

name：要创建的组名
state：要进行的操作
present：创建组
removed：删除组
absent：删除组
gid：创建组的gid

//可以在被管理主机上创建一个叫mysql的用户，并使它的gid为306
[root@ansible ansible]# ansible 192.168.171.150 -m group -a 'name=mysql gid=306 state=present'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "gid": 306,
    "name": "mysql",
    "state": "present",
    "system": false
}
[root@ansible ansible]# 

//看组有没有创建
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep mysql /etc/group'
192.168.171.150 | CHANGED | rc=0 >>
mysql:x:306:
[root@ansible ansible]# 

//删除组
[root@ansible ansible]# ansible 192.168.171.150 -m group -a 'name=mysql gid=306 state=absent'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "name": "mysql",
    "state": "absent"
}

//在过滤一下组
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep mysql /etc/group'
192.168.171.150 | FAILED | rc=1 >>
non-zero return code

ansible常用模块之user

user模块可以在被管理的各个主机上创建用户，删除用户、设置用户的uid、设置其shell为/sbin/nologin，无家目录等

//在被管理的主机上创建一个wtk用户，uid为2020 设置shell为/sbin/nologin无家目录、系统用户
[root@ansible ansible]# ansible 192.168.171.150 -m user -a 'name=wtk system=yes uid=2020 create_home=no shell=/sbin/nologin state=present'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 991,
    "home": "/home/wtk",
    "name": "wtk",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 2020
}

//查看用户
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'grep wtk /etc/passwd'
192.168.171.150 | CHANGED | rc=0 >>
wtk:x:2020:991::/home/wtk:/sbin/nologin

//删除的操作和删除组是一样的用法，这里就不过多阐述

ansible常用模块之service

service模块是可以实现在被管理主机上启动、关闭和设置开机自启服务的。

name：要控制的服务

state：控制服务的状态

服务状态的参数

started：启动服务

restarted：重启服务

stoped：停止服务

reloaded：重载服务

enabled=yes :服务开机自启

//启动被管理主机上的httpd服务并设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=httpd state=started enabled=yes'
192.168.171.150 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "enabled": true,
    "name": "httpd",
    "state": "started",
    "status": {
        "ActiveEnterTimestampMonotonic": "0",
        "ActiveExitTimestampMonotonic": "0",
        "ActiveState": "inactive",
        "After": "httpd-init.service sysinit.target system.slice network.target -.mount systemd-journald.socket remote-fs.target tmp.mount nss-lookup.target systemd-tmpfiles-setup.service basic.target",
        "AllowIsolate": "no",
        "AllowedCPUs": "",
        "AllowedMemoryNodes": "",
        "AmbientCapabilities": "",
        "AssertResult": "no",
        "AssertTimestampMonotonic": "0",
        "Before": "shutdown.target",
...

//在被管理主机上查看服务
[root@localhost ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2022-10-22 02:45:51 EDT; 30s ago
     Docs: man:httpd.service(8)
 Main PID: 161865 (httpd)
   Status: "Running, listening on: port 80"
    Tasks: 213 (limit: 23460)
   Memory: 37.0M
   CGroup: /system.slice/httpd.service
           ├─161865 /usr/sbin/httpd -DFOREGROUND

//关闭被管理主机上的httpd服务
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=httpd state=stopped'
192.168.171.150 | CHANGED => {
...

//查看被管理主机上的httpd服务状态，注意这里用的模块是shell
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'systemctl is-active httpd'
192.168.171.150 | FAILED | rc=3 >>
inactivenon-zero return code

用ansible在三台被管理主机上部署lnmp

弄4台主机，其中一台装ansible，其余三台分别部署nginx、mysql、php，实现lnmp架构

实验环境：

系统	主机ip	服务
centos8	192.168.171.141	ansible
centos8	192.168.171.133	nginx1.20.2(被管理主机)
centos8	192.168.171.142	mysql5.7.39(被管理主机)
centos8	192.168.171.150	php8.1.11(被管理主机)

准备工作：

//关闭133、142、150、三台主机的防火墙和selinux，并且确保三台主机的yum可以正常使用
[root@localhost ~]# systemctl disable --now firewalld.service 
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
[root@localhost ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

ansible在被管理主机上部署nginx

//用管理主机在被管理主机上创建用户
[root@ansible ansible]# ansible 192.168.171.133 -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'

//创建nginx的安装目录，然后修改nginx安装目录的属主属组
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/usr/local/nginx state=directory'
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/usr/local/nginx state=directory owner=nginx group=nginx recurse=yes'

//在管理主机上创建一个nginx的安装脚本
[root@ansible ansible]# ls
ansible.cfg  hosts  inventory  scripts
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# cat nginx_install.sh 
#!/bin/bash

yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ vim wget make
if [ ! -d  nginx-1.20.2 ];then
    wget http://nginx.org/download/nginx-1.20.2.tar.gz
    tar xf nginx-1.20.2.tar.gz 
fi
cd nginx-1.20.2
./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
make && make install
echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
cat >/usr/lib/systemd/system/nginx.service <<EOF
[Unit]
Description=nginx server daemon
After=network.target

[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx 
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
EOF

//用scripts模块执行脚本，在被管理主机上安装nginx
[root@ansible ansible]# ansible 192.168.171.133 -m script -a './scripts/nginx_install.sh &>root'
192.168.171.133 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.171.133 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.171.133 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}

//在管理主机上用service模块启动nginx并设置开机自启
[root@ansible ansible]# ansible 192.168.171.133 -m service -a 'name=nginx state=started enabled=yes'

//查看被管理主机是否启动服务
[root@ansible ansible]# ansible 192.168.171.133 -m shell -a 'systemctl is-enabled nginx'
192.168.171.133 | CHANGED | rc=0 >>
enabled

//在被管理主机上查看端口是否启动
[root@ansible ansible]# ansible 192.168.171.133 -m shell -a 'ss -antl'
192.168.171.133 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:80        0.0.0.0:*          
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:*

ansible在被管理主机上部署mysql

//在被管理主机上创建mysql用户。
[root@ansible ansible]# ansible 192.168.171.142 -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'

//在被管理主机上下载wget命令，然后下载mysql的二进制包
[root@ansible ansible]# ansible 192.168.171.142 -m yum -a 'name=wget state=present'
[root@ansible ansible]# ansible 192.168.171.142 -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz'

//查看是否下载好
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls'
192.168.171.142 | CHANGED | rc=0 >>
123
abc
anaconda-ks.cfg
mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz
root
wget-log
wget-log.1

//然后解压mysql到安装目录
[root@ansible ansible]# ansible 192.168.171.142 -a 'tar xf mysql-5.7.39-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls /usr/local'
192.168.171.142 | CHANGED | rc=0 >>
bin
etc
games
include
lib
lib64
libexec
mysql-5.7.39-linux-glibc2.12-x86_64
sbin
share
src

//把mysql的名字修改一下
[root@ansible ansible]# ansible 192.168.171.142  -a 'mv /usr/local/mysql-5.7.39-linux-glibc2.12-x86_64 /usr/local/mysql'
[root@ansible ansible]# ansible 192.168.171.142 -a 'ls /usr/local/'
192.168.171.142 | CHANGED | rc=0 >>
bin
etc
games
include
lib
lib64
libexec
mysql
sbin
share
src

//修改mysql的属主属组
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/usr/local/mysql state=directory owner=mysql group=mysql recurse=yes'

//做一下环境变量
[root@ansible ansible]# ansible 192.168.171.142 -a 'mv /usr/local/mysql/include /usr/include/mysql'
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'echo '/usr/local/mysql/lib/' > /etc/ld.so.conf.d/mysql.conf'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'sed -i "22a MANDATORY_MANPATH          /usr/local/mysql/man"  /etc/man_db.conf'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
192.168.171.142 | CHANGED | rc=0 >>
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'source /etc/profile.d/mysql.sh'
192.168.171.142 | CHANGED | rc=0 >>

//创建mysql的数据目录然后初始化 ，数据库初始化的时候会生成一个密码
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/opt/data/ state=directory'

//修改属主属组为mysql
[root@ansible ansible]# ansible 192.168.171.142 -m file -a 'path=/opt/data state=directory owner=mysql group=mysql recurse=yes'

//格式化数据库，并且随机密码在最后一行的localhost后面
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'mysqld --initialize --user mysql --datadir /opt/data/'
192.168.171.142 | CHANGED | rc=0 >>
2022-10-22T09:40:48.676773Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-22T09:40:49.724077Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-22T09:40:49.831009Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-22T09:40:49.848497Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 9cd25e11-51ed-11ed-8136-000c29bab644.
2022-10-22T09:40:49.849525Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-22T09:40:50.039842Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-22T09:40:50.039870Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-22T09:40:50.040305Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-22T09:40:50.113475Z 1 [Note] A temporary password is generated for root@localhost: HfE*u7=aLco4

//写一个脚本给数据目录传配置文件，编写service启动文件
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# vi mysql_install.sh
#!/bin/bash
cat >/etc/my.cnf <<EOF
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF

cat > /usr/lib/systemd/system/mysql.service <<EOF
[Unit]
Description=mysql 
After=network.target 

[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload 

//用script模块启动脚本
[root@ansible ansible]# ansible 192.168.171.142 -m script -a './scripts/mysql_install.sh '
192.168.171.142 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.171.142 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.171.142 closed."
    ],
    "stdout": "",
    "stdout_lines": []
}

//启动mysql并设开机自启
[root@ansible ansible]# ansible 192.168.171.142 -m service -a 'name=mysql state=started enabled=yes'

//查看是否开机自启，并看3306端口起来没
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'systemctl is-enabled mysql'
192.168.171.142 | CHANGED | rc=0 >>
enabled
[root@ansible ansible]# ansible 192.168.171.142 -m shell -a 'ss -antl'
192.168.171.142 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:*          
LISTEN 0      80                 *:3306            *:*

ansible在被管理主机上部署php

//在网上下载php的源码包
[root@ansible ansible]# ansible 192.168.171.150 -m yum -a 'name=wget state=present'
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz'
[root@ansible ansible]# ansible 192.168.171.150 -a 'ls'
192.168.171.150 | CHANGED | rc=0 >>
anaconda-ks.cfg
php-8.1.11.tar.gz
wget-log

//解压php的源码包
[root@ansible ansible]# ansible 192.168.171.150 -a ' tar -xf php-8.1.11.tar.gz '
192.168.171.150 | CHANGED | rc=0 >>

//编写脚本安装依赖包和编译安装php
[root@ansible ansible]# cd scripts/
[root@ansible scripts]# ls
mysql_install.sh  nginx_install.sh
[root@ansible scripts]# vi php_install.sh
#!/bin/bash

yum -y install make libxml2-devel openssl-devel curl-devel libjpeg-devel libpng-devel libicu-devel freetype-devel openldap-devel openldap openldap-devel gcc gcc-c++ sqlite-devel libzip-devel http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm openssl libcurl-devel.x86_64 libpng.x86_64 libpng-devel.x86_64 freetype-devel --allowerasing

cd php-8.1.11/
if [ ! -d /usr/local/php8 ];then
    ./configure --prefix=/usr/local/php8 --with-config-file-path=/usr/local/php/etc --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-fpm --enable-static --enable-sockets --with-zip --enable-calendar --enable-bcmath --enable-mbstring --with-zlib --with-iconv=/usr/local/libiconv --enable-gd --enable-mbstring --with-curl --with-freetype --disable-ipv6 --disable-debug --with-openssl --enable-intl --enable-opcach --with-iconv
fi

make && make install
echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh
cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf
cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf

cat >/usr/lib/systemd/system/php8.service <<EOF
[Unit]
Description=php 
After=network.target 

[Service]
Type=forking
ExecStart=/usr/local/php8/sbin/php-fpm 
ExecStop=ps -ef |grep php|grep -v grep|awk '{print $2}' |xargs kill -9
ExecReload=/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target
EOF

//启动安装脚本
[root@ansible ansible]# ansible 192.168.171.150 -m script -a './scripts/php_install.sh'
...

//启动php并且设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m service -a 'name=php8 state=started enabled=yes'

//查看端口是否起来，和服务是否设置开机自启
[root@ansible ansible]# ansible 192.168.171.150 -m shell -a 'systemctl is-enabled php8'
192.168.171.150 | CHANGED | rc=0 >>
enabled
[root@ansible ansible]# ansible 192.168.171.150 -a 'ss -antl'
192.168.171.150 | CHANGED | rc=0 >>
State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0      128        127.0.0.1:9000      0.0.0.0:*          
LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          
LISTEN 0      128             [::]:22           [::]:*

部署php测试页面

//配置php，生成php测试页面
[root@ansible ansible]# ansible 192.168.171.150  -a 'mkdir /www/abc'
[root@ansible ansible]# cat scripts/web_php.sh
#!/bin/bash

cat >/www/abc/index.php <<EOF
<?php
    phpinfo();
?>
EOF

sed -i 's/listen =.*/listen = 192.168.171.150:9000/' /usr/local/php8/etc/php-fpm.d/www.conf

sed -i 's/;listen.allowed_clients.*/;listen.allowed_clients = 192.168.171.133/' /usr/local/php8/etc/php-fpm.d/www.conf 

systemctl restart php8.service 


//启动脚本
[root@ansible ansible]# ansible 192.168.171.150 -m script -a './scripts/web_php.sh'
192.168.171.150 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.171.150 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.171.150 closed."
    ],
    "stdout": "",
    "stdout_lines": []

}

部署nginx

//创建测试测试页面目录
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/www/ state=directory'
[root@ansible ansible]# ansible 192.168.171.133 -m file -a 'path=/www/abc state=directory'

//编写脚本配置nginx配置文件
[root@ansible ansible]# cat scripts/web_nginx.sh 
#!/bin/bash

cat  >/www/abc/index.php <<EOF
<?php
    phpinfo();
?>
EOF

chown -R nginx.nginx /www/abc/
cat > /usr/local/nginx/conf/nginx.conf <<EOF
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   /www/abc;
            index  index.php index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        location ~ \.php$ {
            root           /www/abc;
            fastcgi_pass   192.168.171.150:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /www/abc$fastcgi_script_name;
            include        fastcgi_params;
        }
    }
}
EOF


//启动脚本
[root@ansible ansible]# ansible 192.168.171.133 -m script -a './scripts/web_nginx.sh'
192.168.171.133 | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to 192.168.171.133 closed.\r\n",
    "stderr_lines": [
        "Shared connection to 192.168.171.133 closed."
    ],
    "stdout": "",
    "stdout_lines": []

//重启nginx服务
[root@ansible ansible]# ansible 192.168.171.133 -m service -a 'name=nginx state=restarted'