playbook源码部署lamp使用变量，事实，机密，循环，判断，模板

1环境准备

主机	IP
ansible	192.168.25.128
apache	192.168.25.130
mariadb	192.168.25.140
php	192.168.25.142

2关闭防火墙

[root@ansible lamp]# cat firewalld.yml 
---
- hosts: webservers
  tasks:
    - name: stop firewalld
      service:
        name: firewalld
        state: stopped

    - name: selinux
      lineinfile:
          path: /etc/selinux/config
          regexp: '^SELINUX='
          line: 'SELINUX=disabled'

    - name:
      shell:
        setenforce 0

[root@ansible ansible]# ansible-playbook playbook/lamp/firewalld.yml 

PLAY [webservers] *****************************************************************

TASK [Gathering Facts] ************************************************************
ok: [192.168.25.140]
ok: [192.168.25.130]
ok: [192.168.25.142]

TASK [stop firewalld] *************************************************************
changed: [192.168.25.140]
changed: [192.168.25.130]
changed: [192.168.25.142]

TASK [selinux] ********************************************************************
changed: [192.168.25.130]
changed: [192.168.25.140]
changed: [192.168.25.142]

TASK [shell] **********************************************************************
changed: [192.168.25.142]
changed: [192.168.25.140]
changed: [192.168.25.130]

PLAY RECAP ************************************************************************
192.168.25.130             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.25.140             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.25.142             : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

3编译安装apache

---
- hosts: 192.168.25.130
  tasks:
    - name: create user
      user:
        name: httpd
        state: present

    - name: install http environment
      yum:
        name: "{{ item }}"
        state: present
      loop:
        - openssl-devel
        - pcre-devel
        - expat-devel
        - libtool
        - gcc
        - gcc-c++
        - make
        - pcre
        - perl-devel
        - perl
        - '@Development Tools'

    - name: uncompress apr
      unarchive:
        src: /root/apr-1.7.0.tar.gz/
        dest: /usr/src
        copy: yes

    - name: uncompress apr-util
      unarchive:
        src: /root/apr-util-1.6.1.tar.gz/
        dest: /usr/src
        copy: yes

    - name: uncompress httpd
      unarchive:
        src: /root/httpd-2.4.48.tar.gz/
        dest: /usr/src
        copy: yes

    - name: config
      lineinfile:
        path: /usr/src/apr-1.7.0/configure
        regexp: '^$RM "$cfgfile"'
        line: '#RM "$cfgfile"'

    - name: apache.sh
      script: /opt/apache.sh

    - name:
      script: /opt/path.sh
      ignore_errors: yes

    - name: start httpd
      service:
        name: httpd
        state: started
        enabled: yes

    - name: template httpd.conf
      template:
        src: /opt/httpd.conf
        dest: /usr/local/http/conf
      notify: restart httpd

  handlers:
    - name: restart httpd
      service:
        name: httpd
        state: restarted




[root@ansible ansible]# ansible-playbook  httpd.yml 

PLAY [192.168.25.130] *************************************************************

TASK [Gathering Facts] ************************************************************
ok: [192.168.25.130]

TASK [create user] ****************************************************************
changed: [192.168.25.130]

TASK [install http environment] ***************************************************
changed: [192.168.25.130] => (item=openssl-devel)
changed: [192.168.25.130] => (item=pcre-devel)
changed: [192.168.25.130] => (item=expat-devel)
changed: [192.168.25.130] => (item=libtool)
ok: [192.168.25.130] => (item=gcc)
changed: [192.168.25.130] => (item=gcc-c++)
changed: [192.168.25.130] => (item=make)
ok: [192.168.25.130] => (item=pcre)
changed: [192.168.25.130] => (item=perl-devel)
changed: [192.168.25.130] => (item=perl)
changed: [192.168.25.130] => (item=@Development Tools)

TASK [uncompress apr] *************************************************************
changed: [192.168.25.130]

TASK [uncompress apr-util] ********************************************************
changed: [192.168.25.130]

TASK [uncompress httpd] ***********************************************************
changed: [192.168.25.130]

TASK [config] *********************************************************************
changed: [192.168.25.130]

TASK [make] ***********************************************************************
changed: [192.168.25.130]

TASK [make2] **********************************************************************
changed: [192.168.25.130]

TASK [make3] **********************************************************************
changed: [192.168.25.130]

PLAY RECAP ************************************************************************
192.168.25.130             : ok=10   changed=9    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

3.1启动apache

[root@ansible ansible]# ansible 192.168.25.130 -a ' /usr/local/http/bin/apachectl start'
192.168.25.130 | CHANGED | rc=0 >>
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20a1:fdd5:36c5:6f01%ens160. Set the 'ServerName' directive globally to suppress this message

3.2访问

4yum安装mariadb

---
- hosts: 192.168.25.140
  tasks:
    - name: create user
      user:
        name: mysql
        state: present

    - name: install all server
      yum:
        name: "{{ item }}"
        state: present
      loop:
        - mariadb
        - mariadb-devel
        - mariadb-server
      notify: restart mariadb

  handlers:
    - name: restart mariadb
      service:
        name:  mariadb
        state: restarted
        enabled: yes

5编译安装php

---
- hosts: 192.168.25.142
  tasks:
    - name: install http environment
      yum:
        name: "{{ item }}"
        state: present
      loop:
        - libxml2
        - libxml2-devel
        - gcc
        - gcc-c++
        - make
        - openssl
        - openssl-devel
        - bzip2
        - bzip2-devel
        - curl
        - curl-devel
        - libjpeg
        - libjpeg-devel
        - libpng
        - libpng-devel
        - pcre
        - pcre-devel 
        - freetype 
        - freetype-devel
        - libxslt 
        - libxslt-devel
          
    - name: uncompress php
      unarchive:
        src: /root/php-7.2.8.tar.xz
        dest: /usr/src/
        copy: yes

    - name: make 
      script: /opt/php.sh

    - name: PATH
      script: /opt/echo.sh  

    - name: restart service
      service:
        name: php-fpm
        state: started
        enabled: yes

    - name: 
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regexp: " ^listen = " 
        line: " listen = 192.168.25.142:9000"

    - name: 
      lineinfile:
        path: /etc/php-fmp.d/www.conf
        regexp: " ^listen.allowed_clients = "
        line: " listen.allowed_clients = 192.168.25.130"
      notify: restart php-fpm

  handlers:
    - name: restart php-fpm
      service: 
        name: php-fpm
        state: restarted

6 访问