Ansible常用模块
文章目录
ansible常用模块使用详解
ansible常用模块有:
- ping
- yum
- template
- copy
- user
- group
- service
- raw
- command
- shell
- script
- file
ansible常用模块raw、command、shell的区别:
- shell模块调用的/bin/sh指令执行
- command模块不是调用的shell指令,所以没有bash的环境变量
- raw很多地方和shell类似,更多的地方建议使用shell和command模块。但是如果是使用老版本python,需要用到raw,又或者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块。
Ansible常用模块之ping
ping模块常用语检查指定节点机器是否连通,用法很简单,不涉及参数,主机如果在线,则回复pong
[root@stream1 ansible]# ansible server -m ping
192.168.245.131 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.245.132 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.245.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
Ansible常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块。
command模块有一个缺陷就是不能使用管道符和重定向功能。
[root@stream1 ansible]# ansible server -m command -a "ls /root "
192.168.245.131 | CHANGED | rc=0 >>
anaconda-ks.cfg
to.sh
192.168.245.132 | CHANGED | rc=0 >>
anaconda-ks.cfg
to.sh
192.168.245.133 | CHANGED | rc=0 >>
anaconda-ks.cfg
to.sh
Ansible常用模块之raw
raw模块常用于远程主机上执行命令,其支持管道符与重定向
[root@stream1 ansible]# ansible all -m raw -a "ls /root"
192.168.245.131 | CHANGED | rc=0 >>
anaconda-ks.cfg to.sh
Shared connection to 192.168.245.131 closed.
192.168.245.132 | CHANGED | rc=0 >>
anaconda-ks.cfg to.sh
Shared connection to 192.168.245.132 closed.
192.168.245.133 | CHANGED | rc=0 >>
anaconda-ks.cfg to.sh
Shared connection to 192.168.245.133 closed.
Ansible常用模块之copy
copy模块用于复制文件至远程受控机
[root@stream1 ansible]# ansible server -m copy -a "src=/root/to.sh dest=/root/too.sh"
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "3fad6c45daf7e955e178ce89900da8cbfc524f6f",
"dest": "/root/too.sh",
"gid": 0,
"group": "root",
"md5sum": "ecb28841f6b71b63285d6d00aa392a96",
"mode": "0644",
"owner": "root",
"size": 30,
"src": "/root/.ansible/tmp/ansible-tmp-1666413670.168627-71865-207602351752556/source",
"state": "file",
"uid": 0
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "3fad6c45daf7e955e178ce89900da8cbfc524f6f",
"dest": "/root/too.sh",
"gid": 0,
Ansible常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,也可直接在受控机上执行命令。
shell模块亦支持管道符与重定向。
#这里执行的脚本时上一个copy模块传过去的文件
[root@stream1 ansible]# ansible server -m shell -a '/bin/bash /root/too.sh'
192.168.245.132 | CHANGED | rc=0 >>
hello tang
192.168.245.133 | CHANGED | rc=0 >>
hello tang
192.168.245.131 | CHANGED | rc=0 >>
hello tang
Ansible常用模块之script
script模块用于在受控机上执行主控机上的脚本
[root@stream1 ansible]# ansible all -m shell -a "cat /root/too.sh"
192.168.245.133 | CHANGED | rc=0 >>
#!/bin/bash
echo "hello tang"
192.168.245.131 | CHANGED | rc=0 >>
#!/bin/bash
echo "hello tang"
192.168.245.132 | CHANGED | rc=0 >>
#!/bin/bash
echo "hello tang"
[root@stream1 ansible]# ansible all -m shell -a "ls -l /root/ |grep too"
192.168.245.132 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 30 Oct 22 12:41 too.sh
192.168.245.131 | CHANGED | rc=0 >>
-rw-r--r-- 1 root root 30 Oct 22 12:41 too.sh
192.168.245.133 | CHANGED | rc=0 >>
-rw-r--r--. 1 root root 30 Oct 22 12:41 too.sh
[root@stream1 ansible]# ansible all -m script -a "/bin/bash /root/too.sh"
192.168.245.131 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.245.131 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.245.131 closed."
],
"stdout": "hello tang\r\n",
"stdout_lines": [
"hello tang"
]
}
192.168.245.132 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.245.132 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.245.132 closed."
],
"stdout": "hello tang\r\n",
"stdout_lines": [
"hello tang"
]
}
192.168.245.133 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.245.133 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.245.133 closed."
],
"stdout": "hello tang\r\n",
"stdout_lines": [
"hello tang"
]
}
Ansible常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上。
#下载一个阿里的源
[root@stream1 ansible]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
#将阿里源传到受控机
[root@stream1 ansible]# ansible all -m template -a "src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/Centos-AL.repo"
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "42cd41801c59a7d62b8d936249817bb29c66c9aa",
"dest": "/etc/yum.repos.d/Centos-AL.repo",
"gid": 0,
"group": "root",
"md5sum": "3861ff439b02834d39b225045a5b0f97",
"mode": "0644",
"owner": "root",
"size": 2495,
"src": "/root/.ansible/tmp/ansible-tmp-1666415015.9611342-125140-82096422392102/source",
"state": "file",
"uid": 0
}
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "42cd41801c59a7d62b8d936249817bb29c66c9aa",
"dest": "/etc/yum.repos.d/Centos-AL.repo",
"gid": 0,
"group": "root",
"md5sum": "3861ff439b02834d39b225045a5b0f97",
"mode": "0644",
"owner": "root",
"size": 2495,
"src": "/root/.ansible/tmp/ansible-tmp-1666415015.9611106-125142-233325183851710/source",
"state": "file",
"uid": 0
}
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "42cd41801c59a7d62b8d936249817bb29c66c9aa",
"dest": "/etc/yum.repos.d/Centos-AL.repo",
"gid": 0,
"group": "root",
"md5sum": "3861ff439b02834d39b225045a5b0f97",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 2495,
"src": "/root/.ansible/tmp/ansible-tmp-1666415015.9807403-125144-168093679371753/source",
"state": "file",
"uid": 0
}
#查看结果
[root@stream1 ansible]# ansible all -m shell -a "ls /etc/yum.repos.d/ |grep Centos-AL"
192.168.245.131 | CHANGED | rc=0 >>
Centos-AL.repo
192.168.245.132 | CHANGED | rc=0 >>
Centos-AL.repo
192.168.245.133 | CHANGED | rc=0 >>
Centos-AL.repo
Ansible常用模块之yum
yum模块用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
- name:要管理的包名
- state:要进行的操作
- state常用的值
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常。
#在ansible主机上使用yum模块在受控机上安装vsftpd
[root@stream1 ansible]# ansible all -m yum -a 'name=vsftpd state=present'
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-35.el8.x86_64"
]
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-35.el8.x86_64"
]
}
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: vsftpd-3.0.3-35.el8.x86_64"
]
}
Ansible常用模块之group
group模块用于在受控机上添加或删除组
[root@stream1 ansible]# ansible all -m group -a 'name=mysql state=absent'
192.168.245.132 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"name": "mysql",
"state": "absent"
}
192.168.245.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"name": "mysql",
"state": "absent"
}
192.168.245.131 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"name": "mysql",
"state": "absent"
}
Ansible常用模块之user
user模块用于管理受控机的用户账号
#在受控机上添加一个系统用户,用户名为mysql,uid为306,设置其shell为/sbin/nologin,无家目录
[root@stream1 ansible]# ansible all -m user -a 'name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
#修改mysql用户的uid为366
[root@stream1 ansible]# ansible all -m user -a 'name=mysql uid=366 '
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
#删除用户mysql
[root@stream1 ansible]# ansible all -m user -a 'name=mysql state=absent'
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
Ansible常用模块之service
service模块常用于管理受控主机上的服务
#查看受控机上的vsftpd服务是否启动
[root@stream1 ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.245.132 | FAILED | rc=3 >>
inactivenon-zero return code
192.168.245.131 | FAILED | rc=3 >>
inactivenon-zero return code
192.168.245.133 | FAILED | rc=3 >>
inactivenon-zero return code
#启动受控机上的vsftpd服务
[root@stream1 ansible]# ansible all -m service -a 'name=vsftpd state=started'
省略
#查看状态
[root@stream1 ansible]# ansible all -m shell -a 'systemctl is-active vsftpd'
192.168.245.132 | CHANGED | rc=0 >>
active
192.168.245.131 | CHANGED | rc=0 >>
active
192.168.245.133 | CHANGED | rc=0 >>
active
Ansible常用模块之file
在之前ansible命令行的时候有copy模块,在playbook的时代自然也有一个模块专门负责文件的拷贝,当然这个时代它不仅仅是文件拷贝那么简单。
来自官方的解释:file模块它包含了文件、文件夹、超级链接类的创立、拷贝、移动、删除操作
常用参数
| 参数名 | 是否必须 | 默认值 | 选项 | 说明 |
|---|---|---|---|---|
| follow | no | no | yes/no | 如果原来的文件是link,拷贝后依旧是link |
| force | no | no | yes/no | 强制执行,没说的 |
| group | no | 设定一个群组拥有拷贝到远程节点的文件权限 | ||
| mode | no | 等同于chmod,参数可以为“u+rwx or u=rw,g=r,o=r” | ||
| owner | no | 设定一个用户拥有拷贝到远程节点的文件权限 | ||
| path | yes | 目标路径,也可以用dest,name代替 | ||
| src | yes | 待拷贝文件/文件夹的原始位置。 | ||
| state | no | file | file/link/directory/hard/touch/absent | file代表拷贝后是文件;link代表最终是个软链接;directory代表文件夹;hard代表硬链接;touch代表生成一个空文件;absent代表删除 |
#在当前使用的hosts文件中所包含的所有主机的/root/下创建tooo.sh,如果有就更新时间戳
[root@stream1 ansible]# ansible all -m file -a 'path=/root/tooo.sh state=touch'
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/root/tooo.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"size": 0,
"state": "file",
"uid": 0
}
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/root/tooo.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"dest": "/root/tooo.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
使用常用模块+shell脚本部署lnpm
| 名称 | ip | 部署服务 |
|---|---|---|
| stream1 | 192.168.245.131 | nginx |
| stream2 | 192.168.245.132 | mysql |
| stream3 | 192.168.245.133 | php |
lnmp的部署可以直接使用脚本跑完,但是这里会尽量使用lamp中的模块,帮助尽快熟悉ansible中的常用模块。
#先创建以项目为题的目录,方便后面管理
[root@stream1 ~]# mkdir /nginx
[root@stream1 ~]# mkdir /mysql
[root@stream1 ~]# mkdir /php
[root@stream1 ~]# cp /etc/ansible/ansible.cfg /nginx/
[root@stream1 ~]# cp /etc/ansible/ansible.cfg /mysql/
[root@stream1 ~]# cp /etc/ansible/ansible.cfg /php/
部署nginx
[root@stream1 nginx]# pwd
/nginx
[root@stream1 nginx]# ls
ansible.cfg
#创建默认的配置文件中的hosts文件,如需改名也可以去ansible.cfg中改
[root@stream1 nginx]# touch hosts
[root@stream1 nginx]# vim hosts
[root@stream1 nginx]# cat hosts
[nginx]
192.168.245.131
#如果条件支持,可以同时在这个主机组中加入N台主机,可以同时在这个以nginx命名的主机中部署相同的nginx
#hosts文件位置可以通过修改配置文件来确定,也可以在命令后面带上-i来指定
[root@stream1 nginx]# ssh-keygen
----
[root@stream1 nginx]# ssh-copy-id root@192.168.245.131
Now try logging into the machine, with: "ssh 'root@192.168.245.131'"
and check to make sure that only the key(s) you wanted were added.
#验证连接
[root@stream1 nginx]# ansible nginx -m ping
192.168.245.131 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
开始部署
#创建系统用户nginx
[root@stream1 nginx]# ansible nginx -m user -a 'name=nginx uid=80 system=yes create_home=no shell=/sbin/nologin state=present'
#因为没有写playbook,这里yum装依赖就使用脚本的方式安装了,如果就使用命令行的输入方式会很浪费时间。
[root@stream1 nginx]# touch install_nginx.sh
[root@stream1 nginx]# cat install_nginx.sh
#!/bin/bash
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make
#将脚本送到受控节点
[root@stream1 nginx]# ansible nginx -m copy -a'src=/nginx/install_nginx.sh dest=/root/install_nginx.sh'
#在受控节点执行脚本
[root@stream1 nginx]# ansible nginx -m shell -a'/bin/bash /root/install_nginx.sh'
#创建目录,并设置权限,关于file模块的详解文章中有
[root@stream1 nginx]# ansible nginx -m file -a 'name=/var/log/nginx owner=nginx group=nginx state=directory'
#下载源码包
[root@stream1 nginx]# ansible nginx -m shell -a 'wget -O /usr/src/nginx-1.22.0.tar.gz https://nginx.org/download/nginx-1.22.0.tar.gz'
#编译安装
##先解压文件
[root@stream1 nginx]# ansible nginx -m unarchive -a 'src=/usr/src/nginx-1.22.0.tar.gz dest=/usr/src copy=no '
##执行编译脚本,并安装
[root@stream1 nginx]# ansible nginx -m shell -a'cd /usr/src/nginx-1.22.0;./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log'
[root@stream1 nginx]# ansible nginx -m shell -a'cd /usr/src/nginx-1.22.0;make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install'
#环境变量配置
[root@stream1 nginx]# ansible nginx -m shell -a "echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh"
192.168.245.131 | CHANGED | rc=0 >>
[root@stream1 nginx]# ansible nginx -m shell -a "source /etc/profile.d/nginx.sh"
192.168.245.131 | CHANGED | rc=0 >>
[root@stream1 nginx]# ansible nginx -m shell -a "which nginx"
192.168.245.131 | CHANGED | rc=0 >>
/usr/local/nginx/sbin/nginx
#写个service文件
[root@stream1 nginx]# vim service
[root@stream1 nginx]# ansible nginx -m template -a 'src=/nginx/service dest=/usr/lib/systemd/system/nginx.service'
[root@stream1 nginx]# ansible nginx -a 'cat /usr/lib/systemd/system/nginx.service'
192.168.245.131 | CHANGED | rc=0 >>
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@stream1 nginx]# ansible nginx -m shell -a 'systemctl daemon-reload;systemctl restart nginx.service;systemctl enable nginx.service; ss -antl'
192.168.245.131 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service -> /usr/lib/systemd/system/nginx.service.
部署mysql
[root@stream1 mysql]# ansible mysql -m user -a 'name=mysql uid=336 system=yes create_home=no shell=/sbin/nologin state=present'
[root@stream1 mysql]# vim hosts
[root@stream1 mysql]# cat hosts
[mysql]
192.168.245.132
[root@stream1 mysql]# sshpass -p123.com ssh-copy-id root@192.168.245.132
[root@stream1 mysql]# ansible mysql -m ping
192.168.245.132 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
#安装依赖包
[root@stream1 mysql]# vim install_mysql.sh
[root@stream1 mysql]# cat install_mysql.sh
#!/bin/bash
yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel
[root@stream1 mysql]# ansible mysql -m copy -a 'src=/mysql/install_mysql.sh dest=/root/install_mysql.sh'
192.168.245.132 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "cb19fca3c5020f7fb7b568205e8e0808394677d9",
"dest": "/root/install_mysql.sh",
"gid": 0,
"group": "root",
"md5sum": "b07eb3036415b0e6057f7fc1f0d3ac40",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:admin_home_t:s0",
"size": 83,
"src": "/root/.ansible/tmp/ansible-tmp-1666424923.8079948-508186-155331034385042/source",
"state": "file",
"uid": 0
}
[root@stream1 mysql]# ansible mysql -m shell -a '/bin/bash /root/install_mysql.sh'
#下载源码包
[root@stream1 mysql]# ansible mysql -m shell -a 'wget -O /root/mysql https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
#解压
[root@stream1 mysql]# ansible mysql -m unarchive -a 'src=/root/mysql dest=/usr/local/ copy=no mode=755 '
#创建软连接
[root@stream1 mysql]# ansible all -m file -a "path=/usr/local/mysql state=link src=/usr/local/mysql-5.7.38-linux-glibc2.12-x86_64"
#属主和属组
[root@stream1 mysql]# ansible all -m file -a "path=/usr/local/mysql-5.7.38-linux-glibc2.12-x86_64 state=directory owner=mysql group=mysql"
#添加环境变量
[root@stream1 mysql]# ansible mysql -m shell -a"echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh;. /etc/profile.d/mysql.sh;which mysql"
192.168.245.132 | CHANGED | rc=0 >>
/usr/local/mysql/bin/mysql
#建立数据存放目录,这些操作其实用file模块也可以完成
[root@stream1 mysql]# ansible mysql -m shell -a' mkdir /opt/data; chown -R mysql.mysql /opt/data/;'
#初始化数据库后面的就用脚本完成,之前的nginx以及演示了一遍了
[root@stream1 mysql]# vim install_mysql.sh
[root@stream1 mysql]# cat install_mysql.sh
#!/bin/bash
#下面可以用shell模块执行
mysql --initialize-insecure --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data/
#下面可以用file模块执行
chown -R mysql.mysql /usr/local/mysql/
#可以选择先写好,再复制过去
cat > /etc/my.cnf <<EOF
[mysqld]
user=mysql
port=3306
bind-address=0.0.0.0
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
socket=/tmp/mysql.sock
server_id=1
[mysql]
socket=/tmp/mysql.sock
EOF
#下面的同样用ansible可以先写好模板文件,再发送到受控机
cat > /etc/systemd/system/mysql.service <<EOF
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
ExecStart=/usr/local/mysql/bin/mysqld --defaults-file=/etc/my.cnf
LimitNOFILE = 5000
EOF
#shell模块一起执行下面的命令
systemctl daemon-reload
systemctl start mysql.service
systemctl enable mysql.service
mysqladmin -uroot -S /tmp/mysql.sock passwod "000000"
[root@stream1 mysql]# ansible mysql -m shell -a 'ss -antl'
192.168.245.132 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 0.0.0.0:3306 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
部署php
[root@stream1 mysql]# cd /php/
[root@stream1 php]# vim install_php.sh
[root@stream1 php]# vim hosts
[root@stream1 php]# cat hosts
[php]
192.168.245.133
[root@stream1 php]# sshpass -p123.com ssh-copy-id root@192.168.245.133
[root@stream1 php]# ansible php -m ping
192.168.245.133 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
#写安装依赖的脚本以及获取源码包
[root@stream1 php]# vim install_php.sh
[root@stream1 php]# cat install_php.sh
#!/bin/bash
wget https://www.php.net/distributions/php-8.1.11.tar.gz
dnf -y install sqlite-devel make wget libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel php-mysqlnd --allowerasing oniguruma --skip-broken --nobest
yum -y install libsqlite3x-devel libxml2-devel libzip-devel
dnf -y --enablerepo=powertools install oniguruma-devel
#脚本传到受控端
[root@stream1 php]# ansible php -m copy -a'src=/php/install_php.sh dest=/root/install_php.sh'
#执行脚本
[root@stream1 php]# ansible php -m shell -a'/bin/bash /root/install_php.sh'
#解压源码包
[root@stream1 php]# ansible php -m unarchive -a'src=php-8.1.11.tar.gz dest=/root/ copy=no mode=755'
#开始编译
[root@stream1 php]# ansible php -m shell -a "cd /root/php-8.1.11;./configure --prefix=/usr/local/php8 --with-config-file-path=/etc --enable-fpm --enable-inline-optimization --disable-debug --disable-rpath --enable-shared --enable-soap --with-openssl --enable-bcmath --with-iconv --with-bz2 --enable-calendar --with-curl --enable-exif --enable-ftp --enable-gd --with-jpeg --with-zlib-dir --with-freetype --with-gettext --enable-json --enable-mbstring --enable-pdo --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-readline --enable-shmop --enable-simplexml --enable-sockets --with-zip --enable-mysqlnd-compression-support --with-pear --enable-pcntl --enable-posix && make &&make install"
#设置环境变量
[root@stream1 php]# ansible php -m shell -a"echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.sh ;source /etc/profile.d/php8.sh;which php"
192.168.245.133 | CHANGED | rc=0 >>
/usr/local/php8/bin/php
#配置php-fpm
[root@stream1 php]# ansible php -m shell -a"cd /root/php-8.1.11 ;\cp -f php.ini-production /etc/php.ini;cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm ;chmod +x /etc/init.d/php-fpm; cp /usr/local/php8/etc/php-fpm.conf.default /usr/local/php8/etc/php-fpm.conf; cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf"
#编写service文件启动服务并设为开机自启
[root@stream1 php]# vim php.service
[root@stream1 php]# cat php.service
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
#上面已经编辑好了模板文件,直接传到受控端
[root@stream1 php]# ansible php -m template -a"src=/php/php.service dest=/usr/lib/systemd/system/php.service"
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "5f1f7ee0af05c064c70473135b08aadd8b6e04fb",
"dest": "/usr/lib/systemd/system/php.service",
"gid": 0,
"group": "root",
"md5sum": "3b8a14a90bfd20a9fbe7ff7ed62adbe6",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:systemd_unit_file_t:s0",
"size": 225,
"src": "/root/.ansible/tmp/ansible-tmp-1666451465.9226317-193663-13793390648935/source",
"state": "file",
"uid": 0
}
[root@stream1 php]# ansible php -m shell -a"systemctl daemon-reload;systemctl enable --now php;ss -antl"
192.168.245.133 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* Created symlink /etc/systemd/system/multi-user.target.wants/php.service -> /usr/lib/systemd/system/php.service.
修改配置文件
#把远程主机的一份配置文件传回来,修改完成之后传到所有受控端,覆盖掉所有配置文件
#下面是修改php配置文件
[root@stream1 php]# ansible 192.168.245.133 -m fetch -a"src=/usr/local/php8/etc/php-fpm.d/www.conf dest=/php/ force=yes"
192.168.245.133 | CHANGED => {
"changed": true,
"checksum": "5cf15e808ec5ec01722b5f89b7b24e4de4de9db0",
"dest": "/php/192.168.245.133/usr/local/php8/etc/php-fpm.d/www.conf",
"md5sum": "281b0704db4c5c369c25588fb4c37756",
"remote_checksum": "5cf15e808ec5ec01722b5f89b7b24e4de4de9db0",
"remote_md5sum": null
}
[root@stream1 php]# mv /php/192.168.245.133/usr/local/php8/etc/php-fpm.d/www.conf www.conf
[root@stream1 php]# ls
192.168.245.133 ansible.cfg hosts install_php.sh php.service www.conf
[root@stream1 php]# vim www.conf
listen = 192.168.245.133:9000
listen.allowed_clients = 192.168.245.131 #允许nginx服务器进行访问
#记得输入覆盖原文件
[root@stream1 php]# ansible 192.168.245.133 -m copy -a"src=/php/www.conf dest=/usr/local/php8/etc/php-fpm.d/www.conf force=yes backup=yes"
[root@stream1 php]# ansible php -m shell -a"cat /usr/local/php8/etc/php-fpm.d/www.conf|grep 131"
192.168.245.133 | CHANGED | rc=0 >>
listen = 192.168.245.133:9000
;listen.allowed_clients =192.168.245.131
#创建index.php文件
[root@stream1 php]# ansible php -m file -a"path=/var/www state=directory"
192.168.245.133 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/var/www",
"secontext": "unconfined_u:object_r:var_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
[root@stream1 php]# vim index.php
[root@stream1 php]# cat index.php
<?php
phpinfo();
?>
[root@stream1 php]# ansible php -m template -a"src=/php/index.php dest=/var/www/index.php"
[root@stream1 php]# ansible php -m shell -a"systemctl restart php.service"
#nginx中配置
[root@stream1 php]# cd /nginx/
[root@stream1 nginx]# ls
ansible.cfg hosts install_nginx.sh service
[root@stream1 nginx]# ansible nginx -m fetch -a"src=//usr/local/nginx/conf/nginx.conf dest= force=yes"
192.168.245.131 | CHANGED => {
"changed": true,
"checksum": "d548a69f9775dd7bfe752b7ed9a43b6a2413eda9",
"dest": "/nginx/192.168.245.131/usr/local/nginx/conf/nginx.conf",
"md5sum": "3a0b1f2d0a5734fe3200a48703bafed2",
"remote_checksum": "d548a69f9775dd7bfe752b7ed9a43b6a2413eda9",
"remote_md5sum": null
}
[root@stream1 nginx]# mv /nginx/192.168.245.131/usr/local/nginx/conf/nginx.conf nginx.conf
[root@stream1 nginx]# vim nginx.conf
······
location / {
root html;
index index.php index.html index.htm; #添加index.php
}
······
location ~ \.php$ {
root html;
fastcgi_pass 192.168.245.133:9000; #改为php端ip
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name; //将$/scripts修改为根目录
include fastcgi_params;
}
[root@stream1 nginx]# ansible nginx -m template -a"src=/nginx/nginx.conf backup=yes dest=/usr/local/nginx/conf/nginx.conf "
#创建index.php
[root@stream1 nginx]# vim index.php
[root@stream1 nginx]# cat index.php
<?php
phpinfo();
?>
[root@stream1 nginx]# ansible nginx -m template -a"src=/nginx/index.php backup=yes dest=/usr/local/nginx/html/index.php"
192.168.245.131 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "9e5d7cd2f45cc3a092a0cb3e68184a5826310a28",
"dest": "/usr/local/nginx/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "231dda2188079d6e62e88482373b033f",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 24,
"src": "/root/.ansible/tmp/ansible-tmp-1666454954.4563806-328599-263613643771434/source",
"state": "file",
"uid": 0
}
[root@stream1 nginx]# ansible all -m shell -a"systemctl reload nginx.service"
192.168.245.131 | CHANGED | rc=0 >>
[root@stream1 nginx]# ansible all -m shell -a"ss -antl"
192.168.245.131 | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
902
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
