Ansible playbook 部署lamp

准备4台服务器

安装的环境 IP/主机名
ansible 192.168.220.10/apache
apache 192.168.220.20/apache
mysql 192.168.220.30/mysql
php 192.168.220.40/php

 层级树

[root@RedHat lamp]# tree
.
├── ansible.cfg
├── application
│   └── php
│       ├── install.yml
│       └── vars
│           └── php.yml
├── base
│   └── yum.yml
├── database
│   ├── mysql
│   │   ├── install.yml
│   │   ├── packages
│   │   │   └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│   │   ├── templeates
│   │   │   ├── my.cnf.j2
│   │   │   └── my.service.j2
│   │   └── vars
│   │       └── mysql.yml
│   ├── templates
│   └── vars
├── hosts
├── inventory
├── lamp
│   └── main.yml
└── web
    └── apache
        ├── install.yml
        ├── packages
        │   ├── apr-1.7.0.tar.gz
        │   ├── apr-util-1.6.1.tar.gz
        │   └── httpd-2.4.46.tar.bz2
        ├── templates
        │   ├── httpd.j2
        │   └── httpd.service.j2
        └── vars
            └── httpd.yml

17 directories, 19 files

安装ansible:

//配置yum源
[root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed  -i 's#$releasever#8#g'  /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed  -i 's#$releasever#8#g'  /etc/yum.repos.d/epel.repo
 
//安装ansible
[root@ansible ~]# yum -y install ansible
 
//查看ansible版本
[root@ansible ~]#  ansible  --version
ansible 2.9.16
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
 
//ssh免密登录
[root@ansible lamp]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.220.10  ansible
192.168.220.20  apache
192.168.220.30  mysql
192.168.248.40  php
 
[root@ansible ~]# ssh-keygen -t rsa
[root@ansible ~]# ssh-copy-id  root@apache
[root@ansible ~]# ssh-copy-id  root@mysql
[root@ansible ~]# ssh-copy-id  root@php

 将被控机IP加入到主控机清单:

[root@ansible ~]# mkdir lamp
[root@ansible ~]# cd lamp
[root@ansible lamp]# cp /etc/ansible/ansible.cfg  .
 //创建清单文件
[root@ansible lamp]# vim inventory
[group_apache]
apache
 
[group_mysql]
mysql
 
[group_php]
php

//测试
[root@ansible lamp]# ansible all -m ping
php | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
apache | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
mysql | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

yum源配置和关闭防火墙,selinux

[root@RedHat lamp]# cat base/yum.yml 
---
- hosts: all
  tasks:
    - name: yum to configure
      yum_repository:
        name: "{{ item }}"
        description: "{{ item }}"
        file: "{{ item }}"
        baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
        gpgcheck: no
        enabled: yes
        gpgcheck: no
        enabled: yes
      loop:
        - BaseOS
        - AppStream
          
    - name: epel
      yum_repository:
        name: epel 
        description: epel
        file: epel
        baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/
        gpgcheck: no
        enabled: yes

    - name: stop firewalld
      service:
        name: firewalld
        state: stopped 
        
    - name: disabled selinux
      lineinfile:
        path: /etc/selinux/config 
        regexp: '^SELINUX' 
        line: SELINUX=disable

    - name: stop selinux 
      shell: setenforce 0

apache配置:

//变量
[root@RedHat lamp]# cat web/apache/vars/httpd.yml 
packages:
  - openssl-devel
  - pcre-devel
  - expat-devel
  - libtool
  - gcc
  - gcc-c++
  - make 
  - '@development tools'    

user: apache

php_ip: 192.168.220.40

//使用httpd.j2作为模板文件配置
[root@ansible lamp]# vim  web/apache/templates/httpd.j2
#搜索AddType
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php          #添加此行
    AddType application/x-httpd-php-source .phps      #添加此行
  
//搜索proxy.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so                  //取消注释
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so      //取消注释
  
//搜索index.html
 DirectoryIndex index.php  index.html #添加index.php
  
#在配置文件的最后加入以下内容
<VirtualHost *:80>
        DocumentRoot "/usr/local/apache/htdocs/"
        ServerName  www.xixi.com
        ProxyRequests   Off
        ProxyPassMatch ^/(.*.php)$ fcgi://{{ php_ip }}:9000/var/www/html/$1  
        <Directory "/usr/local/apache/htdocs">
                Options none
                AllowOverride none
                Require all granted
        </Directory>
</VirtualHost>
 
//httpd.service.j2文件作为模板
[root@ansible modules]# vim web/apache/templates/httpd.service.j2
[Unit]
Description = The httpd process manager
 
[Service]
Type = forking
ExecStart = /usr/local/apache/bin/apachectl
ExecReload = /usr/local/apache/bin/apachectl -s reload
ExecStop = /usr/local/apache/apachectl -s stop
 
[Install]
WantedBy = multi-user.target

//playbook
[root@RedHat lamp]# cat web/apache/install.yml 
---
- hosts: apache
  vars_files:
    - vars/httpd.yml
  tasks:
    - name: create user
      user:
        name: "{{ user }}"
        system: yes
        create_home: no
        shell: /sbin/nologin
        state: present

    - name: install base packages
      yum:
        name: "{{ item }}"
        state: present
      loop: "{{ packages }}" 

    - name: uncompress apr
      unarchive:
        src: packages/apr-1.7.0.tar.gz
        dest: /opt/

    - name: uncompress apr-util
      unarchive:
        src: packages/apr-util-1.6.1.tar.gz
        dest: /opt/

    - name: uncompress httpd
      unarchive:
        src: packages/httpd-2.4.46.tar.bz2
        dest: /opt/

    - name: install apr
      shell: sed -i 's/$RM "$cfgfile"/#$RM "$cfgfile"/' /opt/apr-1.7.0/configure && cd /opt/apr-1.7.0 && ./configure  --prefix=/usr/local/apr && make && make install 

    - name: install apr-util 
      shell: cd /opt/apr-util-1.6.1 && ./configure  --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install 
    
    - name: install httpd
      shell: cd /opt/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24  --enable-so  --enable-ssl  --enable-cgi  --enable-rewrite  --with-zlib  --with-pcre --with-apr=/usr/local/apr  --with-apr-util=/usr/local/apr-util/  --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install

    - name: create export path
      shell: echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh && source /etc/profile.d/httpd.sh

    - name: systemctl httpd
      template:
        src: templates/httpd.service.j2
        dest: /usr/lib/systemd/system/httpd.service

    - name:
      shell: systemctl daemon-reload  

mysql安装:

//变量
[root@RedHat lamp]# cat database/mysql/vars/mysql.yml 
packages:
  - ncurses-devel
  - openssl-devel
  - openssl
  - cmake
  - mariadb-devel
  - ncurses-compat-libs 

datadir: /mydata

basedir: /usr/local

user: mysql

#创建my.cnf.j2文件做为模板
[root@ansible modules]# vim databases/mysql/templates/my.cnf.j2
[mysqld]
basedir = {{ basedir }}/mysql
datadir = {{ datadir }}
socket = /tmp/mysql.sock
port = 3306
pid-file = {{ datadir }}/mysql.pid
user = mysql
skip-name-resolve
 
//创建mysqld.servicej2文件做为模板
[root@ansible modules]# vim databases/mysql/templates/mysqld.service.j2
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
 
[Install]
WantedBy=multi-user.target
 
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile={{ datadir }}/mysql.pid
TimeoutSec=0
PermissionsStartOnly=true
ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir}}/mysql.pid $MYSQLD_OPTS
LimitNOFILE = 5000
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false

//playbook
[root@RedHat lamp]# cat database/mysql/install.yml 
---
- hosts: mysql
  vars_files:
    - vars/mysql.yml
  tasks:
    - name: base packages
      yum:
        name: "{{ item }}"
        state: present
      loop: "{{ packages }}"

    - name: create user
      user:
        name: "{{ user }}"
        create_home: no
        system: yes
        shell: /sbin/nologin
        state: present

    - name: uncompress mysql
      unarchive:
        src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
        dest: "{{ basedir }}/"
        owner: mysql
        group: mysql

    - name: soft link
      file: 
        src: "{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64"
        dest: "{{ basedir }}/mysql"
        state: link

    - name: create export mysql
      shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/myslq.sh && source /etc/profile.d/myslq.sh
    
    - name: create datadir
      file:
        path: "{{ datadir }}"
        owner: mysql
        group: mysql
        state: directory

    - name: initialize mysql
      shell: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}'    
      ignore_errors: yes

    - name: config file
      template:
        src: templeates/my.cnf.j2
        dest: /etc/my.cnf
      
    - name: systemctl mysqld
      template:
        src: templeates/my.service.j2
        dest: /usr/lib/systemd/system/mysqld.service

    - name: reload
      shell: systemctl daemon-reload 

php安装:

//变量
[root@RedHat lamp]# cat application/php/vars/php.yml 
packages:
  - libxml2
  - libxml2-devel
  - openssl
  - openssl-devel
  - bzip2
  - bzip2-devel
  - libcurl
  - libcurl-devel
  - libicu-devel
  - libjpeg
  - libjpeg-devel
  - libpng
  - libpng-devel
  - openldap-devel
  - pcre-devel
  - freetype
  - freetype-devel
  - gmp
  - gmp-devel
  - libmcrypt
  - libmcrypt-devel
  - readline
  - readline-devel
  - libxslt
  - libxslt-devel
  - mhash
  - mhash-devel
  - php-mysqlnd
  - php-*

//playbook
[root@RedHat lamp]# cat application/php/install.yml 
---
- hosts: php
  vars_files:
    - vars/php.yml
  tasks:
    - name: base packages
      yum:
        name: "{{ item }}"
        state: present
      loop: "{{ packages }}"

    - name: config php socket
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regexp: '^listen ='
        line: listen = 0.0.0.0:9000 

 lamp:

[root@RedHat lamp]# cat lamp/main.yml 
---
- name: conf yum.repo                                       //导入操作
  import_playbook: ../base/yum.yml
 
- name: httpd  
  import_playbook: ../web/apache/install.yml
 
- name: mysql 
  import_playbook: ../database/mysql/install.yml
 
- name: php 
  import_playbook: ../application/php/install.yml
 
- hosts: apache                                             //替换模板
  vars_files:
    - ../web/apache/vars/httpd.yml
  tasks:
    - name: httpd config file
      template:
        src: ../web/apache/templates/httpd.j2
        dest: /etc/httpd24/httpd.conf
 
    - name: start httpd                                     //启动服务
      service:
        name: httpd
        enabled: yes
        state: started    
         
- hosts: mysql                                             //启动服务
  vars_files:
    - ../database/mysql/vars/mysql.yml     
  tasks:
    - name: start mysql
      service:
        name: mysqld
        enabled: yes
        state: started    
 
    - name: set passwd                                    //修改密码
      shell: '{{ basedir }}/mysql/bin/mysql -uroot -e "set password = password("123")"' 
      ignore_errors: yes
 
- hosts: php                                             //创建测试页面文件
  tasks:
    - name: index.php
      file:
        path: /var/www/html/index.php
        owner: apache
        group: apache
        state: touch
      
    - name: test index                                   //写入测试内容
      lineinfile:
        path: /var/www/html/index.php
        line: |
            <?php
            phpinfo();
            ?>
        state: present   
 
    - name: allow access to IP                            //修改监听IP
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regexp: '^listen.allowed_clients ='
        line: listen.allowed_clients = 192.168.220.20      
     
    - name: start php                                     //启动服务
      service:
        name: php-fpm
        state: started
        enabled: yes

测试:

 

原文地址:https://www.cnblogs.com/lichouluoyu/p/14259483.html