Playbook分离部署lamp
1环境部署
1.1安装四台主机
主机名 IP ansible 192.168.25.128 node1 192.168.25.130 node2 192.168.25.140 node3 192.168.25.142
1.2首先将另外三台主机IP写入ansible管理主机的清单文件
[root@localhost ansible]# vim inventory
[root@localhost ansible]# cat inventory
[webservers]
192.168.25.130 ansible_user=root ansible_password=1
192.168.25.140 ansible_user=root ansible_password=1
192.168.25.142 ansible_user=root ansibel_password=1
1.3给另外三台主机做免密登录并测试是否能ping通
[root@localhost ansible]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vwTYVhpdEagFVrTJFdeIqwoKH/x3bzzGR1/xl6gS/Fc root@localhost
The key's randomart image is:
+---[RSA 3072]----+
| o+o.*=.o |
| . oo=... .|
| .o* . |
| o.+ . . |
| . . S . . +|
| . o .. =. ..E+|
| o + . .=o....o|
| o . oo.+*.. .|
| . .o+oo |
+----[SHA256]-----+
[root@localhost ansible]# ssh-copy-id 192.168.25.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.25.140 (192.168.25.140)' can't be established.
ECDSA key fingerprint is SHA256:/SJbOLoOuH3estBrdxUtlQ56iKPhVSYumEVNVXmOye0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.25.140's password:
Number of key(s) added: 1
[root@localhost ansible]# ansible 192.168.25.130 -m ping
192.168.25.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ansible]# ssh-copy-id 192.168.25.140
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.25.140 (192.168.25.140)' can't be established.
ECDSA key fingerprint is SHA256:/SJbOLoOuH3estBrdxUtlQ56iKPhVSYumEVNVXmOye0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.25.140's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.25.140'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ansible]# ansible 192.168.25.140 -m ping
192.168.25.140 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
[root@localhost ansible]# ssh-copy-id 192.168.25.142
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.25.142 (192.168.25.142)' can't be established.
ECDSA key fingerprint is SHA256:/SJbOLoOuH3estBrdxUtlQ56iKPhVSYumEVNVXmOye0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.25.142's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.25.142'"
and check to make sure that only the key(s) you wanted were added.
2在node1,node2,node3上安装服务
2.1安装服务的playbook
[root@localhost install]# cat install.yml
---
- name: install httpd
hosts: 192.168.25.130
tasks:
- name: httpd
yum:
name: httpd*
state: present
- name: httpd service
service:
name: httpd
state: started
enabled: yes
- name: install mariadb
hosts: 192.168.25.140
tasks:
- name: mariadb
yum:
name: mariadb*
state: present
- name: mariadb service
service:
name: mariadb
state: started
enabled: yes
- name: install php
hosts: 192.168.25.142
tasks:
- name: php
yum:
name: php*
state: present
- name: php-fpm service
service:
name: php-fpm
state: started
enabled: yes
2.2检查语法
[root@localhost ansible]# ansible-playbook --syntax-check playdemo/install/install.yml
playbook: playdemo/install/install.yml
2.3模拟执行playbook
[root@localhost ansible]# ansible-playbook -C playdemo/install/install.yml
PLAY [install httpd] ****************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.130]
TASK [httpd] ************************************************************************************
ok: [192.168.25.130]
TASK [httpd service] ****************************************************************************
ok: [192.168.25.130]
PLAY [install mariadb] **************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.140]
TASK [mariadb] **********************************************************************************
ok: [192.168.25.140]
TASK [mariadb service] **************************************************************************
ok: [192.168.25.140]
PLAY [install php] ******************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.142]
TASK [php] **************************************************************************************
ok: [192.168.25.142]
TASK [php-fpm service] **************************************************************************
ok: [192.168.25.142]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.140 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.142 : ok=3 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
2.4运行安装服务的playbook
[root@localhost ansible]# ansible-playbook playdemo/install/install.yml
PLAY [install httpd] ****************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.130]
TASK [httpd] ************************************************************************************
changed: [192.168.25.130]
TASK [httpd service] ****************************************************************************
changed: [192.168.25.130]
PLAY [install mariadb] **************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.140]
TASK [mariadb] **********************************************************************************
changed: [192.168.25.140]
TASK [mariadb service] **************************************************************************
changed: [192.168.25.140]
PLAY [install php] ******************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.142]
TASK [php] **************************************************************************************
changed: [192.168.25.142]
TASK [php-fpm service] **************************************************************************
changed: [192.168.25.142]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.140 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.142 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3配置httpd
3.1http-playbook文件
[root@localhost httpd]# cat conf.yml
---
- name: change httpd.conf
hosts: 192.168.25.130
tasks:
- name: httpd.conf
lineinfile:
path: /etc/httpd/conf/httpd.conf
line: |
<VirtualHost :80>
DocumentRoot "/web/www/html"
ServerName www.jiejie.com
ProxyRequests off
ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.25.142:9000/web/www/html/$1
<Directory "/web/www/html">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
- name: http.cnf
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^AddType"
insertafter: "^AddType application/x-"
line: |
AddType application/x-httpd-php .php
AddType application/x-httpd-php-soure .phps
- name: httpd.conf
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: "^DirectoryIndx "
line: "DirectortIndx index.html index.php"
3.2检查语法
[root@localhost ansible]# ansible-playbook --syntax-check playdemo/httpd/httpd.yml
playbook: playdemo/httpd/httpd.yml
3.3 模拟执行playbook
[root@localhost ansible]# ansible-playbook -C playdemo/httpd/httpd.yml
PLAY [change httpd.conf] ************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.130]
TASK [httpd.conf] *******************************************************************************
changed: [192.168.25.130]
TASK [http.cnf] *********************************************************************************
changed: [192.168.25.130]
TASK [httpd.conf] *******************************************************************************
changed: [192.168.25.130]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3.4运行httpd-playbook文件
[root@localhost ansible]# ansible-playbook playdemo/httpd/conf.yml
PLAY [change httpd.conf] ************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.130]
TASK [httpd.conf] *******************************************************************************
changed: [192.168.25.130]
TASK [http.conf] ********************************************************************************
changed: [192.168.25.130]
TASK [httpd.conf] *******************************************************************************
changed: [192.168.25.130]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4配置php
4.1php-playbook文件
[root@localhost php]# cat php.yml
---
- name: create index
hosts: 192.168.25.142
tasks:
- name: crete directory /web/www/html
file:
path: /web/www/html
state: directory
mode: 0775
- name: create a file it does not exist
file:
path: /web/www/html/index.php
state: touch
mode: 0775
- name: lineinfile index.php
lineinfile:
path: /web/www/html/index.php
line: |
<?php
phpinfo();
?>
- name: listen
tasks:
- name: config php
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen ='
line: listen = 192.168.72.142:9000
- name: listen apache
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients ='
line: listen.allowed_clients = 192.168.72.130
4.2检查语法
[root@localhost ansible]# ansible-playbook --syntax-check playdemo/php/php.yml
playbook: playdemo/php/php.yml
4.3 模拟执行playbook
[root@localhost ansible]# ansible-playbook -C playdemo/php/php.yml
PLAY [create index] *****************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.142]
TASK [crete directory /web/www/html] ************************************************************
ok: [192.168.25.142]
TASK [create a file it does not exist] **********************************************************
ok: [192.168.25.142]
TASK [lineinfile index.php] *********************************************************************
changed: [192.168.25.142]
TASK [listen] ***********************************************************************************
changed: [192.168.25.142]
TASK [listen apache] ****************************************************************************
ok: [192.168.25.142]
PLAY RECAP **************************************************************************************
192.168.25.142 : ok=6 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.4运行php-playbook文件
[root@localhost ansible]# ansible-playbook playdemo/php/php.yml
PLAY [create index] *****************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.142]
TASK [crete directory /web/www/html] ************************************************************
changed: [192.168.25.142]
TASK [create a file it does not exist] **********************************************************
changed: [192.168.25.142]
TASK [lineinfile index.php] *********************************************************************
changed: [192.168.25.142]
PLAY RECAP **************************************************************************************
192.168.25.142 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
5关闭防火墙
5.1防火墙playbook
[root@localhost ansible]# cat playdemo/firewalld.yml
---
- hosts: all
tasks:
- name: stop firewalld
service:
name: firewalld
state: stoped
- name: selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name:
shell:
setenforce 0
5.2检查语法
[root@localhost ansible]# ansible-playbook --syntax-check playdemo/firewalld.yml
playbook: playdemo/firewalld.yml
5.3模拟运行playbook
[root@localhost ansible]# ansible-playbook -C playdemo/firewalld.yml
PLAY [all] **************************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.140]
ok: [192.168.25.142]
ok: [192.168.25.130]
TASK [stop firewalld] ***************************************************************************
ok: [192.168.25.140]
ok: [192.168.25.142]
ok: [192.168.25.130]
TASK [selinux] **********************************************************************************
ok: [192.168.25.142]
ok: [192.168.25.130]
ok: [192.168.25.140]
TASK [shell] ************************************************************************************
skipping: [192.168.25.130]
skipping: [192.168.25.140]
skipping: [192.168.25.142]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=3 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
192.168.25.140 : ok=3 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
192.168.25.142 : ok=3 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
5.4运行防火墙playbook
[root@localhost ansible]# ansible-playbook playdemo/firewalld.yml
PLAY [all] **************************************************************************************
TASK [Gathering Facts] **************************************************************************
ok: [192.168.25.140]
ok: [192.168.25.130]
ok: [192.168.25.142]
TASK [stop firewalld] ***************************************************************************
ok: [192.168.25.130]
ok: [192.168.25.140]
ok: [192.168.25.142]
TASK [selinux] **********************************************************************************
ok: [192.168.25.130]
ok: [192.168.25.142]
ok: [192.168.25.140]
TASK [shell] ************************************************************************************
changed: [192.168.25.130]
changed: [192.168.25.142]
changed: [192.168.25.140]
PLAY RECAP **************************************************************************************
192.168.25.130 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.140 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.25.142 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
6 IP访问