git地址
https://github.com/ansible/ansible-examples/tree/master/lamp_simple
目录结构:
[root@maple-c8-n1 lamp_simple]# tree
.
├── group_vars
│ ├── all
│ └── dbservers
├── hosts
├── LICENSE.md
├── README.md
├── roles
│ ├── common
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── ntp.conf.j2
│ ├── db
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── templates
│ │ └── my.cnf.j2
│ └── web
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ ├── copy_code.yml
│ │ ├── install_httpd.yml
│ │ └── main.yml
│ └── templates
│ └── index.php.j2
└── site.yml
14 directories, 17 files
主playbook文件
所有主机执行通用角色common,common对应的是配置ntp服务。然后一次配置web,db角色到对应主机。
[root@maple-c8-n1 lamp_simple]# cat site.yml
---
# This playbook deploys the whole application stack in this site.
- name: apply common configuration to all nodes
hosts: all
remote_user: root
roles:
- common
- name: configure and deploy the webservers and application code
hosts: webservers
remote_user: root
roles:
- web
- name: deploy MySQL and configure the databases
hosts: dbservers
remote_user: root
roles:
- db
common角色:
[root@maple-c8-n1 lamp_simple]# cat roles/common/tasks/main.yml
---
# This playbook contains common plays that will be run on all nodes.
- name: Install ntp
yum:
name: ntp
state: present
tags: ntp
- name: Configure ntp file
template:
src: ntp.conf.j2
dest: /etc/ntp.conf
tags: ntp
notify: restart ntp
- name: Start the ntp service
service:
name: ntpd
state: started
enabled: yes
tags: ntp
- name: test to see if selinux is running
command: getenforce
register: sestatus
changed_when: false
web角色
[root@maple-c8-n1 lamp_simple]# cat roles/web/tasks/main.yml
---
- include: install_httpd.yml
- include: copy_code.yml
[root@maple-c8-n1 lamp_simple]# cat roles/web/tasks/install_httpd.yml
---
# These tasks install http and the php modules.
- name: Install http and php etc
yum:
name: "{{ item }}"
state: present
with_items:
- httpd
- php
- php-mysql
- git
- libsemanage-python
- libselinux-python
- name: insert iptables rule for httpd
lineinfile:
dest: /etc/sysconfig/iptables
create: yes
state: present
regexp: "{{ httpd_port }}"
insertafter: "^:OUTPUT "
line: "-A INPUT -p tcp --dport {{ httpd_port }} -j ACCEPT"
notify: restart iptables
- name: http service state
service:
name: httpd
state: started
enabled: yes
- name: Configure SELinux to allow httpd to connect to remote database
seboolean:
name: httpd_can_network_connect_db
state: true
persistent: yes
when: sestatus.rc != 0
[root@maple-c8-n1 lamp_simple]# cat roles/web/tasks/copy_code.yml
---
# These tasks are responsible for copying the latest dev/production code from
# the version control system.
- name: Copy the code from repository
git:
repo: "{{ repository }}"
dest: /var/www/html/
- name: Creates the index.php file
template:
src: index.php.j2
dest: /var/www/html/index.php
db角色
[root@maple-c8-n1 lamp_simple]# cat roles/db/tasks/main.yml
---
# This playbook will install mysql and create db user and give permissions.
- name: Install Mysql package
yum:
name: "{{ item }}"
state: installed
with_items:
- mysql-server
- MySQL-python
- libselinux-python
- libsemanage-python
- name: Configure SELinux to start mysql on any port
seboolean:
name: mysql_connect_any
state: true
persistent: yes
when: sestatus.rc != 0
- name: Create Mysql configuration file
template:
src: my.cnf.j2
dest: /etc/my.cnf
notify:
- restart mysql
- name: Start Mysql Service
service:
name: mysqld
state: started
enabled: yes
- name: insert iptables rule
lineinfile:
dest: /etc/sysconfig/iptables
state: present
regexp: "{{ mysql_port }}"
insertafter: "^:OUTPUT "
line: "-A INPUT -p tcp --dport {{ mysql_port }} -j ACCEPT"
notify: restart iptables
- name: Create Application Database
mysql_db:
name: "{{ dbname }}"
state: present
- name: Create Application DB User
mysql_user:
name: "{{ dbuser }}"
password: "{{ upassword }}"
priv: "*.*:ALL"
host: '%'
state: present
mysql模块需要用到MySQL-python包,centos8yum源换成python3-mysql软件包即可。