ansible自动化运维工具上部署lnmp架构

最新推荐文章于 2024-05-10 08:00:00 发布

阿爃呀的小窝

最新推荐文章于 2024-05-10 08:00:00 发布

阅读量7.3k

点赞数 5

本文链接：https://blog.csdn.net/zzs183yxr_zzs/article/details/82702330

版权

ansible自动化运维工具上部署lnmp架构

ansible自动化运维工具上部署lnmp架构

准备四台服务器，一台安装ansible,进行管理与控制；一台安装mysql，存放数据；一台安装nginx,实现反向代理；最后安装php。

CentOS7	IP	运用
	192.168.228.20	nginx
	192.168.228.21	mysql数据库
	192.168.228.23	php
	192.168.228.30	ansible运维工具

ansible安装

yum源安装
[root@arongya ~]# cd /etc/yum.repos.d/
[root@arongya yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:-100  1572  100  1572    0     0   5815      0 --:--:-- --:--:-- --:--:--  5865
[root@arongya yum.repos.d]# rm -rf CentOS-*
[root@arongya yum.repos.d]# ls
CentOS7-Base-163.repo
[root@arongya yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo 
[root@arongya yum.repos.d]# sed -i 's/^enable=.*/enable=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo 
[root@arongya yum.repos.d]# yum -y install epel-release

安装ansible
[root@arongya ~]# yum -y install ansible ansible-doc

查看ansible的版本
[root@arongya ~]# ansible --version
ansible 2.6.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

配置ssh

[root@arongya ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WOMTPDiX24K9QKRWBRl9mTwXah1/3GisIwy2c23lXmk root@arongya
The key's randomart image is:
+---[RSA 2048]----+
|      =*.. oo.   |
|     +.o..*o.+ o.|
|    o + @.oo. * +|
|   . . X @ . = ..|
|      + S = = .E.|
|       . * o o.. |
|        .     .  |
|                 |
|                 |
+----[SHA256]-----+
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.20
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.21
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.23

将要配置nginx、mysql、php的被控主机的IP添加到ansible主机清单

[root@arongya ~]# vim /etc/ansible/hosts 
[root@arongya ~]# tail -8 /etc/ansible/hosts 
[nginx]
192.168.228.20

[mysql]
192.168.228.21

[php]
192.168.228.23

运用ping模块检查指定节点机器是否连接

[root@arongya ~]# ansible all -m ping
192.168.228.20 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.228.23 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
192.168.228.21 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

关闭主控机器的防火墙和selinux

[root@arongya ~]# systemctl stop firewalld
[root@arongya ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@arongya ~]# setenforce 0
[root@arongya ~]# sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config

通过ansible连接到192.168.228.20配置nginx安装（本地也要安装nginx,步骤略）

环境准备

关闭防火墙和selinux
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'systemctl is-active firewalld'
192.168.228.20 | SUCCESS | rc=0 >>
active

[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld state=stopped'
192.168.228.20 | SUCCESS => {
    "changed": true, 
    "name": "firewalld", 
    "state": "stopped", 
    "status": {
...以下内容略

[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld enabled=no'
192.168.228.20 | SUCCESS => {
    "changed": true, 
    "enabled": false, 
    "name": "firewalld", 

[root@arongya ~]# ansible 192.168.228.20 -a 'setenforce 0'
192.168.228.20 | SUCCESS | rc=0 >>

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.228.20 | SUCCESS | rc=0 >>

创建系统组和用户

[root@arongya ~]# ansible 192.168.228.20 -m group -a 'name=nginx system=yes state=present'
192.168.228.20 | SUCCESS => {
    "changed": true, 
    "gid": 996, 
    "name": "nginx", 
    "state": "present", 
    "system": true
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/group'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:

[root@arongya ~]# ansible 192.168.228.20 -m user -a 'name=nginx group=996  uid=996 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.228.20 | SUCCESS => {
    "changed": true, 
    "comment": "", 
    "create_home": false, 
    "group": 996, 
    "home": "/home/nginx", 
    "name": "nginx", 
    "shell": "/sbin/nologin", 
    "state": "present", 
    "system": true, 
    "uid": 996
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/passwd'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:996::/home/nginx:/sbin/nologin

安装依赖环境

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y install pcre-devel openssl openssl-devel gd-devel'

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y groups mark install "Development Tools" '

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum grouplist'

创建日志存放目录以及更改存放日志目录属组和属主

[root@arongya ~]# ansible 192.168.228.20 -a 'mkdir -p /var/log/nginx'
 [WARNING]: Consider using the file module with state=directory rather than
running mkdir.  If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.

192.168.228.20 | SUCCESS | rc=0 >>


[root@arongya ~]# ansible 192.168.228.20 -a 'chown -R nginx.nginx /var/log/nginx'
 [WARNING]: Consider using the file module with owner rather than running
chown.  If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.

192.168.228.20 | SUCCESS | rc=0 >>


[root@arongya ~]# ansible 192.168.228.20 -a 'ls -ld /var/log/nginx'
192.168.228.20 | SUCCESS | rc=0 >>
drwxr-xr-x. 2 nginx nginx 6 Sep 10 14:53 /var/log/nginx

下载nginx

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && yum -y install wget && wget http://nginx.org/download/nginx-1.12.0.tar.gz '

编译安装

[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && tar xf nginx-1.12.0.tar.gz -C /usr/src/'
192.168.228.20 | SUCCESS | rc=0 >>


[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'ls /usr/src/ -l'
192.168.228.20 | SUCCESS | rc=0 >>
total 960
drwxr-xr-x. 2 root root      6 Nov  5  2016 debug
drwxr-xr-x. 3 root root     35 Jul 12 19:54 kernels
drwxr-xr-x. 8 1001 1001    158 Apr 12  2017 nginx-1.12.0
-rw-r--r

最低0.47元/天解锁文章

阿爃呀的小窝

关注

5
点赞
踩
15

收藏

觉得还不错? 一键收藏
0
评论
ansible自动化运维工具上部署lnmp架构

ansible自动化运维工具上部署lnmp架构ansible安装通过ansible连接到192.168.228.20配置nginx安装（本地也要安装nginx,步骤略）安装mysql安装PHPansible自动化运维工具上部署lnmp架构准备四台服务器，一台安装ansible,进行管理与控制；一台安装mysql，存放数据；一台安装nginx,实现反向代理；最后安...
复制链接

扫一扫