Ansible分离部署LAMP(playbook)"/>
Ansible分离部署LAMP(playbook)
Ansible分离部署LAMP(playbook)
文章目录
- Ansible分离部署LAMP(playbook)
- 环境说明
- 准备工作
- 1. 安装httpd
- 1.1 编写playbook
- 1.1.1 进入lamp/httpd目录创建一个名为httpd_install的yaml文件
- 1.1.2 执行这个playbook
- 1.2 关闭防火墙和selinux
- 1.2.1 编写playbook来配置防火墙和selinux
- 1.2.2 执行这个playbook
- 1.2.3 完成后访问node2的IP进行测试
- 2. 安装mysql
- 2.1 编写playbook
- 2.2 执行这个playbook
- 3. 安装php及常见组件
- 3.1 编写playbook
- 3.2 执行这个playbook
- 4. 配置httpd和php
- 4.1 配置httpd
- 4.1.1 编写httpd配置文件
- 4.1.2 编写修改httpd配置文件的playbook
- 4.1.3 执行修改httpd配置的playbook
- 4.2 配置php
- 4.2.1 编写php测试页
- 4.2.2 编写修改php配置的playbook
- 4.2.3 执行修改php配置的playbook
- 4.2.4 关闭防火墙和selinux
- 4.3 重启服务
- 4.3.1 编写重启httpd和php服务的playbook
- 4.3.2 执行playbook
- 5. 访问IP进行测试
环境说明
| 主机名 | IP | 备注 |
|---|---|---|
| node1 | 192.168.100.100 | ansible主机 |
| node2 | 192.168.100.110 | 部署httpd服务 |
| node3 | 192.168.100.120 | 部署MySQL数据库 |
| node4 | 192.168.100.130 | 部署php |
准备工作
- 在ansible主机上安装ansible
//安装epel扩展源
[root@node1]# yum -y install .noarch.rpm
......略
Installed:epel-next-release-8-11.el8.noarch epel-release-8-11.el8.noarch Complete!//安装ansible
[root@node1 ~]# yum -y install ansible
......略
Installed:ansible-2.9.23-1.el8.noarch libsodium-1.0.18-2.el8.x86_64 python3-babel-2.5.1-6.el8.noarch python3-bcrypt-3.1.6-2.el8.1.x86_64 python3-cffi-1.11.5-5.el8.x86_64 python3-cryptography-3.2.1-5.el8.x86_64 python3-jinja2-2.10.1-3.el8.noarch python3-jmespath-0.9.0-11.el8.noarch python3-markupsafe-0.23-19.el8.x86_64 python3-paramiko-2.4.3-1.el8.noarch python3-pip-9.0.3-20.el8.noarch python3-ply-3.9-9.el8.noarch python3-pyasn1-0.3.7-6.el8.noarch python3-pycparser-2.14-14.el8.noarch python3-pynacl-1.3.0-5.el8.x86_64 python3-pytz-2017.2-9.el8.noarch python3-pyyaml-3.12-12.el8.x86_64 python3-setuptools-39.2.0-6.el8.noarch python36-3.6.8-37.module_el8.5.0+771+e5d9a225.x86_64 sshpass-1.06-9.el8.x86_64 Complete!
- 在ansible主机的家目录下创建一个名为lamp的目录
[root@node1 ~]# mkdir lamp
[root@node1 ~]# ls
anaconda-ks.cfg lamp
- 进入lamp目录,分别创建名为httpd、mysql、php的目录
[root@node1 ~]# cd lamp/
[root@node1 lamp]# mkdir httpd
[root@node1 lamp]# mkdir mysql
[root@node1 lamp]# mkdir php
[root@node1 lamp]# ls
httpd mysql php
- 在lamp目录下构建主机清单
[root@node1 lamp]# vim inventory
[root@node1 lamp]# cat inventory
[httpd]
node2[mysql]
node3[php]
node4
- 添加hosts文件
//四台主机都做相同操作,这里只展示一台
[root@node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.100 node1
192.168.100.110 node2
192.168.100.120 node3
192.168.100.130 node4
- 配置免密登录
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rHdqJ6l+fGYrsriaXQSnOTfzN1CgpaV/p8EOd0RBWQY root@node1
The key's randomart image is:
+---[RSA 3072]----+
| + .E=o |
| * . ... |
| . = . . |
| = o o . |
| + = S = o |
| + = * = |
| o.o.* |
| o o..B+=. |
| o.+o+*.B.. |
+----[SHA256]-----+
[root@node1 ~]# ssh-copy-id root@192.168.100.110
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.110 (192.168.100.110)' can't be established.
ECDSA key fingerprint is SHA256:5ei7iLFV+3zEXwYhwEcHaL/2Gq6vSJC9FFUWlviGsng.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.110's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.100.110'"
and check to make sure that only the key(s) you wanted were added.[root@node1 ~]# ssh-copy-id root@192.168.100.120
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.120 (192.168.100.120)' can't be established.
ECDSA key fingerprint is SHA256:C+o4hw/oLQP/j3txuE/+BwatKh/6UqJE9F2VBmyvfno.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.120's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.100.120'"
and check to make sure that only the key(s) you wanted were added.[root@node1 ~]# ssh-copy-id root@192.168.100.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.100.130 (192.168.100.130)' can't be established.
ECDSA key fingerprint is SHA256:CHY8Sm54r0drHxbeRBFi4I9LGZWG7ccrLS0QeSW/ckk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.130's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.100.130'"
and check to make sure that only the key(s) you wanted were added.
- 修改ansible主机默认清单的位置
[root@node1 lamp]# cat /etc/ansible/ansible.cfg |grep inventory
#inventory = /etc/ansible/hosts
inventory = ~/lamp/inventory
- 测试ansible主机和受管主机之间是否互通
[root@node1 lamp]# ansible all -m ping
node3 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"ping": "pong"
}
node4 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"ping": "pong"
}
node2 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/libexec/platform-python"},"changed": false,"ping": "pong"
}
本次架构树状图如下
[root@node1 lamp]# tree
.
├── httpd
│ ├── hello.conf
│ ├── httpd_config.yml
│ ├── httpd_firewall.yml
│ └── httpd_install.yml
├── mysql
│ └── mysql_install.yml
├── php
│ ├── index.php
│ ├── php_config.yml
│ ├── php_firewall.yml
│ └── php_install.yml
└── restart.yml
至此,准备工作已经完成,下面来编写playbook
1. 安装httpd
1.1 编写playbook
1.1.1 进入lamp/httpd目录创建一个名为httpd_install的yaml文件
[root@node1 lamp]# cd httpd/
[root@node1 httpd]# vim httpd_install.yml
---
- name: install httpdhosts: node2gather_facts: notasks:- name: install httpd using yumyum:name: httpdstate: present- name: service is enabledservice:name: httpdstate: startedenabled: yes
1.1.2 执行这个playbook
[root@node1 httpd]# ansible-playbook httpd_install.yml PLAY [install httpd] *******************************************************************************************************TASK [Gathering Facts] *****************************************************************************************************
ok: [node2]TASK [install httpd using yum] *********************************************************************************************
^Lchanged: [node2]TASK [service is enabled] **************************************************************************************************
changed: [node2]PLAY RECAP *****************************************************************************************************************
node2 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2 关闭防火墙和selinux
1.2.1 编写playbook来配置防火墙和selinux
[root@node1 httpd]# vim httpd_firewall.yml
---
- name: firewalld stophosts: node2gather_facts: notasks:- name: firewall stop use serviceservice:name: firewalldstate: stoppedenabled: no- name: selinux disabledlineinfile:path: /etc/selinux/configregexp: '^SELINUX='line: SELINUX=disabled
1.2.2 执行这个playbook
[root@node1 httpd]# ansible-playbook httpd_firewall.yml
[root@node1 httpd]# ansible-playbook httpd_firewall.yml PLAY [firewalld stop] *************************************************************************************************************************TASK [firewall stop use service] **************************************************************************************************************
changed: [node2]TASK [selinux disabled] ***********************************************************************************************************************
changed: [node2]PLAY RECAP ************************************************************************************************************************************
node2 : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1.2.3 完成后访问node2的IP进行测试
2. 安装mysql
2.1 编写playbook
//进入~/lamp/mysql目录
[root@node1 ~]# cd ~/lamp/mysql/
[root@node1 mysql]#//编写playbook安装mysql
[root@node1 mysql]# vim mysql_install.yml
---
- name: install mysqlhosts: node3 gather_facts: notasks:- name: install mariadb yum:name: mariadbstate: present #使用yum模块安装mariadb- name: install mariadb-server yum:name: mariadb-serverstate: present #使用yum模块安装mariadb-server- name: mariadb startedhosts: node3tasks:- name: start mariadb use serviceservice:name: mariadb state: started #开启mariadb服务enabled: yes #将mariadb设置为开机自启
2.2 执行这个playbook
[root@node1 mysql]# ansible-playbook mysql_install.yml PLAY [install mysql] **************************************************************************************************************************TASK [install mariadb] ************************************************************************************************************************
changed: [node3]TASK [install mariadb-server] *****************************************************************************************************************
changed: [node3]PLAY [mariadb started] ************************************************************************************************************************TASK [Gathering Facts] ************************************************************************************************************************
ok: [node3]TASK [start mariadb use service] **************************************************************************************************************
changed: [node3]PLAY RECAP ************************************************************************************************************************************
node3 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3. 安装php及常见组件
3.1 编写playbook
//进入php目录下
[root@node1 ~]# cd ~/lamp/php
[root@node1 php]#//创建php_install.yml文件
[root@node1 php]# vim php_install.yml
---
- name: php installhosts: node4gather_facts: notasks:- name: php_installyum:name: phpstate: present #安装php- name: php-*_installyum:name: php-*state: present #安装php相关组件- name: curl_installyum:name: curlstate: present- name: curl-devel_installyum:name: curlstate: present #安装curl- name: curl-develyum:name: curl-develstate: present #安装curl-devel
3.2 执行这个playbook
[root@node1 php]# ansible-playbook php_install.yml PLAY [php install] ****************************************************************************************************************************TASK [php_install] ****************************************************************************************************************************
changed: [node4]TASK [php-*_install] **************************************************************************************************************************
changed: [node4]TASK [curl_install] ***************************************************************************************************************************
ok: [node4]TASK [curl-devel_install] *********************************************************************************************************************
ok: [node4]TASK [curl-devel] *****************************************************************************************************************************
changed: [node4]PLAY RECAP ************************************************************************************************************************************
node4 : ok=5 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4. 配置httpd和php
4.1 配置httpd
4.1.1 编写httpd配置文件
我们可以先在ansible主机上将配置文件写好,再通过copy模块将配置文件传输到node2上
//在ansible主机的httpd目录下创建一个hello.conf文件
[root@node1 httpd]# vim hello.conf
<VirtualHost 192.168.100.110:80>DocumentRoot "/etc/httpd/conf.d/"ServerName www.helloworldProxyRequests offProxyPassMatch ^/(.*\.php)$ fcgi://192.168.100.130:9000/var/www/html/$1<Directory "/var/www/html/">Options noneAllowOverride noneRequire all granted</Directory>
</VirtualHost>
4.1.2 编写修改httpd配置文件的playbook
[root@node1 httpd]# vim httpd_config.yml
---
- name: httpd confighosts: node2gather_facts: notasks:- name: copy filecopy:src: ~/lamp/httpd/hello.confdest: /etc/httpd/conf.d/mode: 0755- name: Modify configuration 1lineinfile:path: /etc/httpd/conf/httpd.confinsertafter: "^ AddType application/x-"line: " AddType application/x-httpd-php .php"- name: Modify configuation 2lineinfile:path: /etc/httpd/conf/httpd.confinsertafter: "^ AddType application/x-"line: " AddType application/x-httpd-php-source .phps"- name: Modify configuation 3lineinfile:path: /etc/httpd/conf/httpd.confregexp: "^ DirectoryIndex"line: " DirectoryIndex index.html index.php"
4.1.3 执行修改httpd配置的playbook
[root@node1 httpd]# ansible-playbook httpd_config.yml PLAY [httpd config] ***************************************************************************************************************************TASK [copy file] ******************************************************************************************************************************
changed: [node2]TASK [Modify configuration 1] *****************************************************************************************************************
changed: [node2]TASK [Modify configuation 2] ******************************************************************************************************************
changed: [node2]TASK [Modify configuation 2] ******************************************************************************************************************
changed: [node2]PLAY RECAP ************************************************************************************************************************************
node2 : ok=4 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.2 配置php
4.2.1 编写php测试页
[root@node1 php]# vim index.php
<?phpphpinfo();
?>
4.2.2 编写修改php配置的playbook
[root@node1 php]# vim php_config.yml
---
- name: php confighosts: node4gather_facts: notasks:- name: mkdir dirfile:path: /var/www/htmlmode: 0777- name: copy filecopy:src: ~/lamp/php/index.phpdest: /var/www/htmlmode: 0777- name: Modify configuration 1lineinfile:path: /etc/php-fpm.d/www.confregexp: "^listen ="line: listen = 192.168.100.130:9000- name: Modify configuration 2lineinfile:path: /etc/php-fpm.d/www.confregexp: "^listen.allowed_clients ="line: listen.allowed_clients = 192.168.100.110
4.2.3 执行修改php配置的playbook
[root@node1 php]# ansible-playbook php_config.yml PLAY [php config] *****************************************************************************************************************************TASK [mkdir dir] ******************************************************************************************************************************
ok: [node4]TASK [copy file] ******************************************************************************************************************************
ok: [node4]TASK [Modify configuration 1] *****************************************************************************************************************
ok: [node4]TASK [Modify configuration 2] *****************************************************************************************************************
ok: [node4]PLAY RECAP ************************************************************************************************************************************
node4 : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.2.4 关闭防火墙和selinux
[root@node1 php]# vim php_firewall.yml
---
- name: stop firewallhosts: node4gather_facts: notasks:- name: modify firewallservice:name: firewalldstate: stoppedenabled: no- name: modify selinuxlineinfile:path: /etc/selinux/configregexp: "^SELINUX="line: SELINUX=disabled//执行这个playbook
[root@node1 php]# ansible-playbook php_firewall.yml PLAY [stop firewall] **************************************************************************************************************************TASK [modify firewall] ************************************************************************************************************************
ok: [node4]TASK [modify selinux] *************************************************************************************************************************
ok: [node4]PLAY RECAP ************************************************************************************************************************************
node4 : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 4.3 重启服务
4.3.1 编写重启httpd和php服务的playbook
[root@node1 lamp]# vim restart.yml
---
- name: restart httpdhosts: node2gather_facts: notasks:- name: restart httpdservice:name: httpdstate: restarted- name: restart phphosts: node4gather_facts: notasks:- name: restart phpservice:name: php-fpmstate: restarted
4.3.2 执行playbook
[root@node1 lamp]# ansible-playbook restart.yml PLAY [restart httpd] **************************************************************************************************************************TASK [restart httpd] **************************************************************************************************************************
changed: [node2]PLAY [restart php] ****************************************************************************************************************************TASK [restart php] ****************************************************************************************************************************
changed: [node4]PLAY RECAP ************************************************************************************************************************************
node2 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
node4 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
5. 访问IP进行测试
更多推荐
Ansible分离部署LAMP(playbook)
发布评论