Ansible-playbook部署lnmp

ansible-playbook部署lnmp

虽然没有什么高超技术含量，但是是真的实用
ansible的yaml部署文档，自改编于apache章节lnmp部署文档。

##基本文件及模板准备

##所有文件存放目录展示
[root@yulong-member1 lnmp]# pwd
/root/lnmp

##nginx镜像文件展示
[root@yulong-member1 lnmp]# cat cangku.repo 
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key

##数据库初次更改密码脚本展示
[root@yulong-member1 lnmp]# cat mm.sh 
my=`grep 'temporary password' /var/log/mysqld.log`
mysqls=${my:0-12}
mysql -uroot -p${mysqls} --connect-expired-password -e "alter user 'root'@'localhost' identified by 'Com.123!';"

##php-fpm原文件展示
[root@yulong-member1 lnmp]# cat www.conf  | grep nginx
user = nginx    #两项改为nginx，其他的都是默认的，太多了不便展示
group = nginx   

##nginx主机配置模板展示
[root@yulong-member1 lnmp]# cat default.conf.j2 | grep  -v "#"
server {
    listen       80;
    server_name  localhost;


    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm index.php;
    }


    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }


    location ~ \.php$ {
        root           html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME /usr/share/nginx/html$fastcgi_script_name;
        include        fastcgi_params;
}      
}

##两个测试文件展示
[root@yulong-member1 lnmp]# cat index.php 
<?php
phpinfo();
?>
[root@yulong-member1 lnmp]# cat mysql_test.php 
<?PHP
    $conn=mysqli_connect("localhost","dbadmin","Com.123!");
    if($conn){
        echo"ok";
    }else{
        echo"error";    
    }
?>

##ansible脚本展示

[root@yulong-member1 lnmp]# cat lnmp.yaml 
---
- hosts: test
  remote_user: root       
  tasks:
    - name: "nginx仓库"
      copy: src=/root/lnmp/cangku.repo dest=/etc/yum.repos.d/nginx.repo 
    - name: "epel源安装"
      yum: name=epel-release state=installed
    - name: "nginx安装"
      yum: name=nginx state=installed
    - name: "导入并解压mysql仓库包"
      copy: src=/root/mysql80-community-release-el7-3.noarch.rpm  dest=/root/mysql.repo.rpm
    - name: "解压"
      yum: name=mysql.repo.rpm
    - name: "安装mysql"
      yum: name=mysql-community-server state=installed
    - name: "启动mysql"
      service: name=mysqld state=restarted enabled=true
    - name: "mysql初始密码过滤脚本拷贝"
      copy: src=/root/lnmp/mm.sh dest=/root/mm.sh mode=777
   #  - name: "安装脚本中需要的工具"
   #  yum: name=expect state=latest
   # - name: "执行脚本,变更初始密码(这个只能跑一次，若已经跑过，请注销)" 
   #  shell: /root/mm.sh
   # - name: "mysql创建授权用户(这个只能跑一次，若已经跑过，请注销)"
   #  shell: mysql -uroot -pCom.123! -e "create user 'dbadmin'@'%' identified with mysql_native_password by 'Com.123!'"
   # - name: "授权用户(1)(这个只能跑一次，若已经跑过，请注销)"
   #  shell: mysql -uroot -pCom.123! -e "grant all on *.* to 'dbadmin'@'%'"
   # - name: "授权用户(2)(这个只能跑一次，若已经跑过，请注销)"
   #  shell: mysql -uroot -pCom.123! -e "grant GRANT OPTION  on *.* to 'dbadmin'@'%'" 
    - name: "关闭防火墙"
      service: name=firewalld state=stopped enabled=false
    - name: "关闭seliux"
      shell: setenforce 0
    - name: "下载php7的yum源"
      get_url: url=https://mirror.webtatic.com/yum/el7/webtatic-release.rpm dest=/root/
    - name: "安装php7源"
      yum: name=webtatic-release.rpm
   # - name: "如果安装报错，可能是这个包导致，鉴于环境而非必要(下载)"
   #   get_url: url=http://rpmfind.net/linux/fedora/linux/releases/30/Everything/x86_64/os/Packages/l/libargon2-20161029-8.fc30.x86_64.rpm
   # - name: "如果安装报错，可能是这个包导致，鉴于环境而非必要(安装)"
   #   yum: name=libargon2-20161029-8.fc30.x86_64.rpm state=installed
    - name: "安装php7.2"
      yum: name=php72w,php72w-cli,php72w-common,php72w-gd,php72w-ldap,php72w-mbstring,php72w-mysql,php72w-pdo
    - name: "安装php-fpm"
      yum: name=php72w-fpm,php72w-opcache
    - name: "启动php-fpm"
      service: name=php-fpm state=restarted enabled=true    
    - name: "php-fpm配置文件"
      copy: src=/root/lnmp/www.conf dest=/etc/php-fpm.d/www.conf 
    - name: "nginx配置文件"
      template: src=/root/lnmp/default.conf.j2 dest=/etc/nginx/conf.d/default.conf
      notify: 
        - "更改配置文件触发重启nginx(同名)"
    - name: "启动nginx(注意端口冲突)"
      service: name=nginx state=restarted enabled=true
    - name: "写入测试nginx和php连接测试文件"
      copy: src=/root/lnmp/index.php dest=/usr/share/nginx/html/
    - name: "写入是否可以连接mysql数据库文件"
      copy: src=/root/lnmp/mysql_test.php dest=/usr/share/nginx/html/  
  handlers: #tasks结束时触发
    - name: "更改配置文件触发重启nginx(同名)"
      service: name=nginx state=restarted

##查看访问结果（可以看出LNMP环境已经就绪）测试与部署分开，一目了然。

[root@yulong-member1 lnmp]# ansible test -m shell -a 'curl -I -s  http://localhost/index.php | grep 200 warn=false'
192.168.136.112 | CHANGED | rc=0 >>
HTTP/1.1 200 OK
192.168.136.113 | CHANGED | rc=0 >>
HTTP/1.1 200 OK


[root@yulong-member1 lnmp]# ansible test -m shell -a 'curl -I -s  http://localhost/mysql_test.php | grep 200 warn=false'
192.168.136.113 | CHANGED | rc=0 >>
HTTP/1.1 200 OK
192.168.136.112 | CHANGED | rc=0 >>
HTTP/1.1 200 OK

[root@yulong-member1 lnmp]# ansible test -m shell -a ‘curl -I -s http://localhost/mysql_test.php | grep 200 warn=false’
192.168.136.113 | CHANGED | rc=0 >>
HTTP/1.1 200 OK
192.168.136.112 | CHANGED | rc=0 >>
HTTP/1.1 200 OK
``