Ansible playbook搭建lamp架构

Ansible playbook搭建lamp架构

1.环境准备

ansible	192.168.200.142
httpd	192.168.200.147
mysql	192.168.200.145
php	192.168.200.146

2.创建清单文件

//在opt下创建一个inventory的主机清单
[root@localhost opt]# vim inventory
[httpd]
192.168.200.147

[mysql]
192.168.200.145

[php]
192.168.200.146

//使absible主机能ping通这三台被控主机
//生成密钥
[root@localhost opt]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):          
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KjMrbnZ0/ldh0KsKmPrMMXeNMODdbqiq12bSgMqcI04 root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|           .     |
|          . .    |
|    .      . .   |
|   . o .    +    |
| .  .o+ S  o .   |
|. . + o* o. .    |
|+E.**o+.=...     |
|+=Bo*X.o. .      |
|+B+O*  ...       |
+----[SHA256]-----+
//传递密钥
[root@localhost opt]# ssh-copy-id root@192.168.200.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.147's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.200.147'"
and check to make sure that only the key(s) you wanted were added.
.......

//使用平模块看是否能ping通
[root@localhost opt]# ansible all -m ping
192.168.200.145 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.200.146 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.200.147 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
//三台主机全部ping通

3.在ansible这台主机上搭建lamp架构

//拉取一个网络仓库
[root@localhost opt]# wget -o CentOS8-Base-163.repo http://mirrors.163.com/.help/CentOS8-Base-163.repo
//安装httpd
[root@localhost opt]# yum -y install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查：9:45:23 前，执行于 2021年07月19日 星期一 00时07分08秒。
依赖关系解决。
========================================================
 软件包             架构   版本         仓库       大小
========================================================
安装:
 httpd              x86_64 2.4.37-39.module_el8.4.0+778+c970deab
 
.........

[root@localhost opt]# systemctl enable --now httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.


//编写httpd的服务文件
[root@www conf]# vim httpd.conf
<VirtualHost *:9000>
DocumentRoot "/var/www/html/"
ServerName www.192.168.200.147.com
 ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.200.146:9000/var/www/html/$1
<Directory "/var/www/html/">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
 AddType application/x-httpd-php .php .phtml .php3
SetHandler application/x-httpd-php
DirectoryIndex index.html index.php


//安装mysql
[root@localhost opt]# yum -y install mariadb mariadb-server
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查：9:46:13 前，执行于 2021年07月19日 星期一 00时07分08秒。
依赖关系解决。
========================================================
 软件包           架构   版本           仓库       大小
========================================================
安装:
 mariadb          x86_64 3:10.3.28-1.module_el8.3.0+757+d382997d
                                        AppStream 6.0 M
........ 
[root@localhost opt]# chown -R mysql:mysql /var/lib/mysql/
[root@localhost opt]# systemctl start mariadb

//安装php
[root@localhost opt]# yum -y install php php-mysqlnd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查：9:48:45 前，执行于 2021年07月19日 星期一 00时07分08秒。
依赖关系解决。
========================================================
 软件包           架构   版本           仓库       大小
========================================================
安装:
 php              x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66
                                        AppStream 1.5 M
 php-mysqlnd      x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66

//编写配置文件
[root@localhost opt]# echo "<?php phpinfo();?>" > /var/www/html/index.php
[root@localhost fpm-d]# vim www.conf
listen = 192.168.58.40:9000
listen.allowed_clients = 192.168.58.40

//访问ansibel主机发现lamp架构已经搭建完成

4.传递yum源

//传递yum源给三台受控主机
[root@localhost opt]# ansible all -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo dest=/etc/yum.repos.d/163.repo'
192.168.200.146 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "d06fb7d5709727828bcaba7457ea673e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 2595,
    "src": "/root/.ansible/tmp/ansible-tmp-1626703255.6496172-1066780-198884668604717/source",
    "state": "file",
    "uid": 0
}
192.168.200.145 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "d06fb7d5709727828bcaba7457ea673e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 2595,
    "src": "/root/.ansible/tmp/ansible-tmp-1626703255.6536472-1066778-205701082826561/source",
    "state": "file",
    "uid": 0
}
192.168.200.147 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "4966466ad015ef3d2a3cc0b8252d43efbdcf2c94",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "d06fb7d5709727828bcaba7457ea673e",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:system_conf_t:s0",
    "size": 2595,
    "src": "/root/.ansible/tmp/ansible-tmp-1626703255.6412957-1066776-277569237848387/source",
    "state": "file",
    "uid": 0

5.编写playbook在受控主机上搭建lamp架构

//创建相对应的文件目录来编写playbook
[root@localhost opt]# mkdir lamp
[root@localhost opt]# ls
ansible.cfg  inventory  playbook
httpd.conf   lamp       www.conf
[root@localhost opt]# cd lamp/
[root@localhost lamp]# touch httpd.yml
[root@localhost lamp]# touch mysql.yml
[root@localhost lamp]# touch php.yml
[root@localhost lamp]# ls
httpd.yml  mysql.yml  php.yml

//构建httpd服务playbook
[root@localhost lamp]# vim httpd.yml
- hosts: httpd
  tasks:
    - name: install httpd  //安装httpd
      yum:
        name: httpd
        state: present
        
    - name: provide test page //传递网页文件
      copy:
        src: /var/www/html/index.php
        dest: /var/www/html/
        
    - name: delete httpd config //删除原来的配置文件
      shell:
        rm -rf /etc/httpd/conf/httpd.conf
        
    - name: provide configuration file //传递新的配置文件
      copy: 
        src: /opt/httpd.conf
        dest: /etc/httpd/conf/httpd.conf
        
    - name: enable httpd //重启httpd
      service:
        name: httpd
        state: started
        enabled: yes
//验证通过语法测试       
[root@localhost lamp]# ansible-playbook --syntax-check httpd.yml 
[WARNING]: Unable to parse /etc/ansible/inventory as an inventory source
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
[WARNING]: Could not match supplied host pattern, ignoring: httpd

playbook: httpd.yml

//运行playbook
[root@localhost opt]# ansible-playbook  lamp/httpd.yml
[root@localhost opt]# ansible-playbook  lamp/httpd.yml 
PLAY [httpd] *******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.147]

TASK [install httpd] ***********************************************************
ok: [192.168.200.147]

TASK [provide test page] *******************************************************
changed: [192.168.200.147]

TASK [delete httpd config] *****************************************************

TASK [provide configuration file] **********************************************
changed: [192.168.200.147]

TASK [enable httpd] ************************************************************
ok: [192.168.200.147]

PLAY RECAP *********************************************************************
192.168.200.147            : ok=6    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

//编写mysql的playbook
---
- hosts: mysql
  tasks:
    - name: install mysql
      yum:
        name: mariadb
        state: present
    - name: 
      yum: 
        name: mariadb-server
        state: present
                  
    - name: enable mariadb
      service:
        name: mariadb
        state: started
        enabled: yes

//测试语法
[root@localhost lamp]# ansible-playbook --syntax-check mysql.yml 


playbook: mysql.yml

//空运行
[root@localhost opt]# ansible-playbook -C lamp/mysql.yml 

PLAY [mysql] *******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.145]

TASK [install mysql] ***********************************************************
changed: [192.168.200.145]

TASK [provide configration file] ***********************************************
changed: [192.168.200.145]

TASK [enable mariadb] **********************************************************
changed: [192.168.200.145]

PLAY RECAP *********************************************************************
192.168.200.145            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

//运行mysql.yml
[root@localhost opt]# ansible-playbook  lamp/mysql.yml 
PLAY [mysql] *******************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.145]

TASK [install mysql] ***********************************************************
changed: [192.168.200.145]

TASK [provide configration file] ***********************************************
ok: [192.168.200.145]

TASK [enable mariadb] **********************************************************
changed: [192.168.200.145]

PLAY RECAP *********************************************************************
192.168.200.145            : ok=4    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

//编写php.yml
---
- hosts: php
  tasks:
    - name: install php
      yum:
        name: php*
        state: present

    - name: install php-mysql*
      yum:
        name: php-mysql*
        state: present

    - name: delete php config
      shell:
        rm -rf /etc/php-fpm.d/www.conf

    - name:
      copy:
        src: /opt/www.conf
        dest: /etc/php-fpm.d/www.conf

    - name:
      service:
        name: php-fpm
        state: started
        enabled: yes

//验证语法
[root@localhost lamp]# ansible-playbook --syntax-check php.yml 
playbook: php.yml

//运行空环境
[root@localhost opt]# ansible-playbook -C lamp/php.yml 

PLAY [php] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.146]

TASK [install php] *************************************************************
changed: [192.168.200.146]

TASK [install php-mysql*] ******************************************************
changed: [192.168.200.146]

TASK [delete php config] *******************************************************
skipping: [192.168.200.146]

TASK [copy] ********************************************************************
changed: [192.168.200.146]

TASK [service] *****************************************************************
changed: [192.168.200.146]

PLAY RECAP *********************************************************************
192.168.200.146            : ok=5    changed=4    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

//运行
[root@localhost opt]# ansible-playbook  lamp/php.yml 

PLAY [php] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.146]

TASK [install php] *************************************************************
changed: [192.168.200.146]

TASK [install php-mysql*] ******************************************************
changed: [192.168.200.146]

TASK [delete php config] *******************************************************

TASK [copy] ********************************************************************
changed: [192.168.200.146]

TASK [service] *****************************************************************
changed: [192.168.200.146]

PLAY RECAP *********************************************************************
192.168.200.146            : ok=6    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

6.关闭防火墙

//编写firewalld的playbook
---
- hosts: all
  tasks:
    - name: stop firewalld
      service:
        name: firewalld
        state: stopped

    - name:
      lineinfile:
        path: /etc/selinux/config
        regexp: "^SELINUX="
        line: "SELINUX=disabled"

    - name:
      shell:
        setenforce 0

//验证语法
[root@localhost lamp]# ansible-playbook --syntax-check firewalld.yml 
playbook: firewalld.yml

//空运行
[root@localhost opt]# ansible-playbook -C lamp/firewalld.yml 

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.147]
ok: [192.168.200.145]
ok: [192.168.200.146]

TASK [stop firewalld] **********************************************************
changed: [192.168.200.145]
changed: [192.168.200.146]
changed: [192.168.200.147]

TASK [lineinfile] **************************************************************
changed: [192.168.200.147]
changed: [192.168.200.146]
changed: [192.168.200.145]

TASK [shell] *******************************************************************
skipping: [192.168.200.146]
skipping: [192.168.200.145]
skipping: [192.168.200.147]

PLAY RECAP *********************************************************************
192.168.200.145            : ok=3    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
192.168.200.146            : ok=3    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
192.168.200.147            : ok=3    changed=2    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   

//运行
[root@localhost opt]# ansible-playbook  lamp/firewalld.yml 

PLAY [all] *********************************************************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.200.147]
ok: [192.168.200.145]
ok: [192.168.200.146]

TASK [stop firewalld] **********************************************************
changed: [192.168.200.145]
changed: [192.168.200.146]
changed: [192.168.200.147]

TASK [lineinfile] **************************************************************
changed: [192.168.200.146]
changed: [192.168.200.145]
changed: [192.168.200.147]

TASK [shell] *******************************************************************
changed: [192.168.200.146]
changed: [192.168.200.145]
changed: [192.168.200.147]

PLAY RECAP *********************************************************************
192.168.200.145            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.200.146            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.200.147            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
ged: [192.168.200.145]
changed: [192.168.200.147]

PLAY RECAP *********************************************************************
192.168.200.145            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.200.146            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.200.147            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

7.访问