ansible自动化运维(四)——ansible分离部署lamp
文章目录
ansible自动化运维工具上部署lnmp架构
准备四台服务器,一台安装ansible,进行管理与控制;一台安装mysql,存放数据;一台安装nginx,实现反向代理;最后安装php。
主机 | ip地址 | 功能 |
---|---|---|
server | 192.168.58.10 | 控制主机(ansible) |
c1 | 192.168.58.20 | httpd |
c2 | 192.168.58.30 | mysql |
c3 | 192.168.58.40 | php |
一、安装ansible
[root@localhost ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo % Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2595 100 2595 0 0 3639 0 --:--:-- --:--:-- --:--:-- 3639
[root@localhost ~]# yum -y install epel-release
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查:0:04:14 前,执行于 2021年07月13日 星期二 16时17分02秒。
依赖关系解决。
===========================================================================================================
软件包 架构 版本 仓库 大小
1/1
Installed products updated.
已安装:
epel-release-8-11.el8.noarch
完毕!
[root@localhost ~]#
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Base.repo epel-playground.repo epel-testing-modular.repo redhat.repo
epel-modular.repo epel.repo epel-testing.repo
## 安装 ansible
yum -y install ansible
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Extra Packages for Enterprise Linux Modular 8 - x86_64 552017.2-9.el8.noarch
python3-setuptools-39.2.0-6.el8.noarch python36-3.6.8-2.module_el8.4.0+790+083e3d81.x86_64
sshpass-1.06-9.el8.x86_64
完毕!
##查看版本
[root@localhost ansible]# ansible --version
ansible 2.9.23
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
1.配置互信
[root@lc1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WOMTPDiX24K9QKRWBRl9mTwXah1/3GisIwy2c23lXmk root@arongya
The key's randomart image is:
+---[RSA 2048]----+
| =*.. oo. |
| +.o..*o.+ o.|
| o + @.oo. * +|
| . . X @ . = ..|
| + S = = .E.|
| . * o o.. |
| . . |
| |
| |
+----[SHA256]-----+
[root@c1t .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.58.20
[root@c1 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.58.30
[root@c1 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.58.40
2.将要配置httpd、mysql、php的被控主机的IP添加到ansible主机清单
[root@c1 ansible]# vim inventory
[root@c1 ansible]# cat inventory
[httpd]
192.168.58.20
[mysql]
192.168.58.30
[php]
192.168.58.40
3.运用ping模块检查指定节点机器是否连接
[root@c1 ansible]# ansible all -m ping
192.168.58.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.58.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.58.40 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
4.关闭主控机器的防火墙和selinux
[root@c1 ansible]# systemctl stop firewalld
[root@c1 ansible]# systemctl disable firewalld
[root@c1 ansible]# setenforce 0
[root@c1 ansible]# getenforce
Permissive
5.安装apache
1.安装apache
[root@c1 ~]# ansible 192.168.58.20 -m yum -a 'name=httpd state=present'
192.168.58.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
2.开启appche服务
[root@c1 ~]# ansible 192.168.58.20 -m service -a 'name=httpd state=started'
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "inactive",
"After": "tmp.mount systemd-tmpfiles-setup.service systemd-journald.socket basic.target remote-fs.target network.target system.slice -.mount sysinit.target httpd-init.service nss-lookup.target",
"AllowIsolate": "no",
略.....
3.设置Apache服务开机启动
[root@c1 ~]# ansible 192.168.58.20 -m service -a 'name=httpd enabled=yes'
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"enabled": true,
"name": "httpd",
"status": {
"ActiveEnterTimestamp": "Mon 2021-07-19 16:56:07 CST",
"ActiveEnterTimestampMonotonic": "329775854",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
4.开放http/https服务
[root@c1 ansible]# ansible 192.168.58.20 -m firewalld -a 'rich_rule="rule family=ipv4 source address=192.168.58.0/24 service name=http accept" permanent=yes state=enabled immediate=yes'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "Permanent and Non-Permanent(immediate) operation, Changed rich_rule rule family=ipv4 source address=192.168.72.0/24 service name=http accept to enabled"
}
5.访问
二、安装mysql
1.安装
[root@c1 ansible]# ansible 192.168.58.30 -m yum -a 'name=mariadb state=present'
192.168.58.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: perl-Mozilla-CA-20160104-7.module_el8.3.0+416+dee7bcef.noarch",
"Installed: perl-URI-1.73-3.el8.noarch",
"Installed: perl-Net-SSLeay-1.88-1.module_el8.3.0+410+ff426aa3.x86_64",
"Installed: perl-Carp-1.42-396.el8.noarch",
"Installed: perl-Data-Dumper-2.167-399.el8.x86_64",
"Installed: perl-Encode-4:2.97-3.el8.x86_64",
"Installed: perl-Errno-1.28-419.el8.x86_64",
"Installed: perl-Exporter-5.72-396.el8.noarch",
"Installed: perl-File-Path-2.15-2.el8.noarch",
"Installed: perl-File-Temp-0.230.600-1.el8.noarch",
"Installed: perl-Getopt-Long-1:2.50-4.el8.noarch",
"Installed: perl-HTTP-Tiny-0.074-1.el8.noarch",
安装mariadb-server
[root@c1 ansible]# ansible 192.168.58.30 -m yum -a 'name=mariadb-server state=present'
192.168.58.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-Math-BigInt-1:1.9998.11-7.el8.noarch",
"Installed: perl-Math-Complex-1.59-419.el8.noarch",
"Installed: mariadb-errmsg-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-DBD-MySQL-4.046-3.module_el8.1.0+203+e45423dc.x86_64",
"Installed: mariadb-gssapi-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-DBI-1.641-3.module_el8.1.0+199+8f0a6bbd.x86_64",
"Installed: mariadb-backup-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: mariadb-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64"
]
}
2.启动mysql设置开机自启
[root@c1 ansible]# ansible 192.168.58.30 -m yum -a 'name=mariadb-server state=present'
192.168.58.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: mariadb-server-utils-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-Math-BigInt-1:1.9998.11-7.el8.noarch",
"Installed: perl-Math-Complex-1.59-419.el8.noarch",
"Installed: mariadb-errmsg-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-DBD-MySQL-4.046-3.module_el8.1.0+203+e45423dc.x86_64",
"Installed: mariadb-gssapi-server-3:10.3.28-1.module_el8.3.0+757+d382997d.x86_64",
"Installed: perl-DBI-1.641-3.module_el8.1.0
略.....
三、php
1.安装
[root@c1 ansible]# ansible 192.168.58.40 -m yum -a 'name=php state=present'
192.168.58.40 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
2.安装php相关插件
[root@c1 ansible]# ansible 192.168.58.40 -m yum -a 'name=php-fpm state=present'
192.168.58.40 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
四、配置apache和php
1.http
[root@master ~]# ansible 192.168.58.20 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf line="<VirtualHost 192.168.58.20:80>\nDocumentRoot "/var/www/html/www1"\nServerName www.192.168.58.20.com\nProxyRequests off\nProxyPassMatch ^/(.*\.php)$ fcgi://192.168.58.20:9000/var/www/html/www1/$1\n<Directory "/var/www/html/www1">\nOptions None\nAllowOverride None\nOrder allow,deny\nAllow from all\n</Directory>\n</VirtualHost>"'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@master ~]# ansible 192.168.58.20 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf regexp="^AddType " insertafter="^AddType application/x-" line="AddType application/x-httpd-php .php"'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
[root@master ~]# ansible 192.168.58.20 -m lineinfile -a 'path=/etc/httpd/conf/httpd.conf regexp="^AddType " insertafter="^AddType application/x-" line="AddType application/x-httpd-php-source .phps"'
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@master ~]# ansible 192.168.58.20-m lineinfile -a 'path=/etc/httpd/conf/httpd.conf regexp="^DirectoryIndex" line="DirectoryIndex index.html index.php"'
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line added"
}
2.php
[root@master ~]# ansible 192.168.72.135 -m lineinfile -a 'path=/etc/php-fpm.d/www.conf regexp="^listen =" line="listen = 192.168.72.135:9000"'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.72.135 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@master ~]# ansible 192.168.58.40 -m lineinfile -a 'path=/etc/php-fpm.d/www.conf regexp="^listen.allowed_clients =" line="listen.allowed_clients = 192.168.58.20"'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.40 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@master ~]# ansible 192.168.58.40 -a 'mkdir /var/www/html/'
3.重启php服务和apache服务
[root@master ~]# ansible 192.168.58.20 -m service -a 'name=httpd state=restarted'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "httpd",
"state": "started",
"status": {
.......
[root@master ~]# ansible 192.168.58.40 -m service -a 'name=php-fpm state=restarted'
Enter passphrase for key '/root/.ssh/id_rsa':
192.168.58.40 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"name": "php-fpm",
"state": "started",
"status": {
"ActiveEnterTimestampMonotonic": "0",
"ActiveExitTimestampMonotonic": "0",
4.访问