使用palybook部署lnmp
实验环境:
主机名 | ip | 服务 | 系统 |
---|---|---|---|
ansible | 192.168.171.141 | ansible(管理主机) | centos8 |
nginx | 192.168.171.150 | nginx-1.20.2 | centos8 |
mysql | 192.168.171.133 | mysql-5.7.39 | centos8 |
php8 | 192.168.171.142 | php-8.1.11 | centos8 |
除了一个管理主机其他的都是由ansible控制的被管理主机
准备工作
//关闭所有主机的防火墙和selinux
[root@localhost ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
[root@localhost ~]# systemctl disable --now firewalld.service
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# setenforce 0
//测试ansible主机清单内的各个节点是否互通
[root@ansible ansible]# ansible all --list-hosts
hosts (3):
192.168.171.133
192.168.171.150
192.168.171.142
[root@ansible ansible]# ansible all -m ping
192.168.171.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.171.150 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.171.142 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
编写playbook
//创建playbook的目录
[root@ansible ansible]# mkdir playbooks
[root@ansible ansible]# ls
ansible.cfg hosts inventory playbooks scripts
//创建nginx.conf配置文件playbook里面会用到。
[root@ansible ansible]# cat nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /opt;
index index.php index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /opt;
fastcgi_pass 192.168.171.142:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /opt$fastcgi_script_name;
include fastcgi_params;
}
}
}
//playbook里面用的变量
[root@ansible ansible]# mkdir vars
[root@ansible ansible]# cd vars/
//写nginx的要用的变量
[root@ansible vars]# vim nginx_test.yml
---
install_dir: /usr/local/nginx
package_nginx: nginx-1.20.2
//写mysql要用的变量
[root@ansible vars]# cat mysql_test.yml
---
package_mysql: mysql-5.7.39-linux-glibc2.12-x86_64
unzip_dir: /usr/local/
install_dir: /usr/local/mysql
data_dir: /opt/data
//写php要用的变量
[root@ansible vars]# cat php_test.yml
---
package_php: php-8.1.11
install_dir: /usr/local/php8
//进入playbooks目录开始编写
[root@ansible ansible]# vim playbooks/lnmp.yml
---
- name: install nginx
hosts: nginx
vars_files:
- /etc/ansible/vars/nginx_test.yml
tasks:
- name: create nginx
user:
name: nginx
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: create install directory
file:
path: "{{ install_dir }}"
state: directory
owner: nginx
group: nginx
recurse: yes
- name: xiazaiyilaibao
yum:
name: >
pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,vim,wget,make
state: present
- name: Download nginx
get_url:
url: http://nginx.org/download/{{ package_nginx }}.tar.gz
dest: /opt/
- name: jieyanginx
unarchive:
src: /opt/{{ package_nginx }}.tar.gz
dest: /opt/
remote_src: yes
- name: configure
shell:
cd /opt/{{ package_nginx }} && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log
- name: make make install
shell:
cd /opt/{{ package_nginx }} && make && make install
- name: zuohuanjingbianliang
copy:
dest: /etc/profile.d/nginx.sh
content: export PATH={{ install_dir }}/sbin:$PATH
- name: service file
copy:
dest: /usr/lib/systemd/system/nginx.service
content: |
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ install_dir }}/sbin/nginx
ExecStop={{ install_dir }}/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
- name: start nginx
service:
name: nginx
state: started
enabled: yes
- name: install mysql
hosts: mysql
vars_files:
- /etc/ansible/vars/mysql_test.yml
tasks:
- name: useradd mysql
user:
name: mysql
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: cp mysql
copy:
src: /opt/{{ package_mysql }}.tar.gz
dest: /opt/{{ package_mysql }}.tar.gz
#- name: downloads mysql
# get_url:
#url: https://downloads.mysql.com/archives/get/p/23/file/{{ package_mysql }}.tar.gz
#dest: /opt/
- name: tar xf mysql
unarchive:
src: /opt/{{ package_mysql }}.tar.gz
dest: "{{ unzip_dir }}"
remote_src: yes
- name: link mysql
file:
src: "{{ unzip_dir }}{{ package_mysql }}"
dest: "{{ install_dir }}"
state: link
- name: chown user group
file:
path: "{{ install_dir }}"
owner: mysql
group: mysql
state: directory
recurse: yes
- name: link include
file:
src: "{{ install_dir }}/include"
dest: /usr/include/mysql
state: link
- name: path mysql
copy:
dest: /etc/ld.so.conf.d/mysql.conf
content: "{{ install_dir }}/lib/"
- name: path mysql.sh
copy:
dest: /etc/profile.d/mysql.sh
content: export PATH={{ install_dir }}/bin:$PATH
- name: create {{ data_dir }} directory
file:
path: "{{ data_dir }}"
owner: mysql
group: mysql
state: directory
recurse: yes
- name: chushihua shujuku
shell:
cat /tmp/pass || mysqld --initialize --user mysql --datadir {{ data_dir }} &> /tmp/pass
- name: tian jia shu ju dao {{ data_dir }}
copy:
dest: /etc/my.cnf
content: |
[mysqld]
basedir = {{ install_dir }}
datadir = {{ data_dir }}
socket = /tmp/mysql.sock
port = 3306
pid-file = {{ data_dir }}/mysql.pid
user = mysql
skip-name-resolve
- name: service mysql
copy:
dest: /usr/lib/systemd/system/mysql.service
content: |
[Unit]
Description=mysql
After=network.target
[Service]
Type=forking
ExecStart={{ install_dir }}/support-files/mysql.server start
ExecStop={{ install_dir }}/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
- name: start mysql
service:
name: mysql
state: started
enabled: yes
- name: install php
hosts: php8
vars_files:
- /etc/ansible/vars/php_test.yml
tasks:
- name: download {{ package_php }}
get_url:
url: https://www.php.net/distributions/{{ package_php }}.tar.gz
dest: /opt/
- name: unarchive php
unarchive:
src: /opt/{{ package_php }}.tar.gz
dest: /opt/
remote_src: yes
- name: install yilaibao
yum:
name: >
make,libxml2-devel,openssl-devel,curl-devel,libjpeg-devel,libpng-devel,libicu-devel,freetype-devel,openldap-devel,openldap,openldap-devel,gcc,gcc-c++,sqlite-devel,libzip-devel,http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm,openssl,libcurl-devel.x86_64,libpng.x86_64,libpng-devel.x86_64,freetype-devel
- name: configure php
shell:
cd /opt/{{ package_php }} && ./configure --prefix=/usr/local/php8 --with-config-file-path=/usr/local/php/etc --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-fpm --enable-static --enable-sockets --with-zip --enable-calendar --enable-bcmath --enable-mbstring --with-zlib --with-iconv=/usr/local/libiconv --enable-gd --enable-mbstring --with-curl --with-freetype --disable-ipv6 --disable-debug --with-openssl --enable-intl --enable-opcach --with-iconv
- name: make make install
shell:
cd /opt/{{ package_php }} && make && make install
- name: path php
copy:
dest: /etc/profile.d/php8.sh
content: export PATH={{ install_dir }}/bin:$PATH
- name: cp peizhiwenjian
copy:
src: "{{ install_dir }}/etc/php-fpm.conf.default"
dest: "{{ install_dir }}/etc/php-fpm.conf"
remote_src: yes
- name: cp peizhiwenjian
copy:
src: "{{ install_dir }}/etc/php-fpm.d/www.conf.default"
dest: "{{ install_dir }}/etc/php-fpm.d/www.conf"
remote_src: yes
- name: service php
copy:
dest: /usr/lib/systemd/system/php8.service
content: |
[Unit]
Description=php
After=network.target
[Service]
Type=forking
ExecStart={{ install_dir }}/sbin/php-fpm
ExecStop=ps -ef |grep php|grep -v grep|awk '{print $2}' |xargs kill -9
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
- name: start php
service:
name: php8
state: started
enabled: yes
- name: mkdir index.php
copy:
dest: /opt/index.php
content: |
<?php
phpinfo();
?>
- name: xiugai phppeizhiwenjian
lineinfile:
path: "{{ install_dir }}/etc/php-fpm.d/www.conf"
regexp: '^listen = '
line: listen = 192.168.171.142:9000
- name: xiugao php
lineinfile:
path: "{{ install_dir }}/etc/php-fpm.d/www.conf"
regexp: '^;listen.allowed_clients = '
line: listen.allowed_clients = 192.168.171.150
- name: restart php
service:
name: php8
state: restarted
- name: nginx index.php
hosts: nginx
vars_files:
- /etc/ansible/vars/nginx_test.yml
tasks:
- name: cretae index.php
copy:
dest: /opt/index.php
content: |
<?php
phpinfo();
?>
- name: nginx.conf xiugai
copy:
src: "{{install_dir}}/conf/nginx.conf"
dest: "{{ install_dir }}/conf/nginx.conf-bek"
remote_src: yes
- name: php lianjie nginx
copy:
src: /etc/ansible/nginx.conf
dest: "{{ install_dir }}/conf/nginx.conf"
- name: restarted nginx
service:
name: nginx
state: restarted
//检测语法有没有问题
[root@ansible ansible]# ansible-playbook --syntax-check playbooks/lnmp.yml
playbook: playbooks/lnmp.yml
//用ansible运行playbook
[root@ansible ansible]# ansible-playbook playbooks/lnmp.yml
访问测试
加密数据库的密码
//先查看控制节点上的密码
[root@ansible ansible]# ansible mysql -a 'cat /tmp/pass'
192.168.171.133 | CHANGED | rc=0 >>
2022-10-25T10:44:36.459535Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-25T10:44:36.636628Z 0 [Warning] InnoDB: New log files created, LSN=45790
2022-10-25T10:44:36.666575Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2022-10-25T10:44:36.671109Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 05066857-5452-11ed-8198-000c2984ee47.
2022-10-25T10:44:36.672236Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-25T10:44:36.822975Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-25T10:44:36.822986Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-25T10:44:36.823400Z 0 [Warning] CA certificate ca.pem is self signed.
2022-10-25T10:44:36.928259Z 1 [Note] A temporary password is generated for root@localhost: ok(6x<QbSUfL
//可以看到数据库的密码就在这里是ok(6x<QbSUfL,现在来给他进行加密
[root@ansible ansible]# echo "mysql_pass=ok(6x<QbSUfL" >mysql_pass.yml
[root@ansible ansible]# ansible-vault encrypt mysql_pass.yml
New Vault password:
Confirm New Vault password:
Encryption successful
//此时是看不到密码的
[root@ansible ansible]# cat mysql_pass.yml
$ANSIBLE_VAULT;1.1;AES256
61666235376666393231393236393065363233633839633463383366346335333166386664623063
3261323164303965323938346430643134616465386337320a346563633939646336663236326564
38636263366264316464326137663361653464396635643539376235353538336164646133656565
3231626335346566620a346432653163613231656639653563633731643065313763386566616261
30396236616439316336643039613766383930376265396438346365316665343738
//使用查看加密文件的命令就可以看到密码了
[root@ansible ansible]# ansible-vault view mysql_pass.yml
Vault password:
mysql_pass=ok(6x<QbSUfL