lamp

playbook部署lamp

环境

主机IP 需要安装的服务 name
192.168.23.132 ansible ansible
192.168.23.133 httpd httpd
192.168.23.134 mysql mysql
192.168.23.135 php php

项目结构

[root@ansible project]# tree
.
├── ansible.cfg
├── inventory
├── modules
│   ├── webservers
│   │   └── apache
│   │       ├── files
│   │       │   ├── apr-1.7.0.tar.gz
│   │       │   ├── apr-util-1.6.1.tar.gz
│   │       │   ├── httpd-2.4.46.tar.bz2
│   │       │   └── httpd.service
│   │       ├── install.yml
│   │       ├── scripts
│   │       │   └── install.sh
│   │       └── vars
│   │           └── var.yml
│   ├── databases
│   │   └── mysql
│   │       ├── files
│   │       │   └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│   │       ├── install.yml
│   │       ├── templates
│   │       │   ├── my.cnf.j2
│   │       │   └── mysqld.service.j2
│   │       └── vars
│   │           └── var.yml
│   ├── lamp
│   │   ├── main.yml
│   │   └── vars
│   │       └── mysql.yml
|   │—— apps
│   │   └── php
│   │       ├── install.yml
│   │       └── vars
│   │           └── var.yml
│   └── yum
│       ├── files
│       │   ├── centos6-base.repo
│       │   ├── centos7-base.repo
│       │   ├── centos8-base.repo
│       │   ├── epel-6.repo
│       │   ├── epel-7.repo
│       │   └── epel-8.repo
│       └── main.yml
└── project-1
    ├── main.yml
    └── secret.yml

19 directories, 27 files

准备工作:

//映射主机名
[root@ansible ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.23.132 ansible
192.168.23.133 httpd
192.168.23.134 mysql
192.168.23.135 php

//配置centos源
[root@ansible ~]# rm -rf /etc/yum.repos.d/*
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo

//配置epel源
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache
//安装ansible
[root@ansible ~]# yum -y install ansible

//创建项目目录
[root@ansible ~]# mkdir /project

//编写清单
[root@ansible ~]# vim /project/inventory
[webservers]
httpd

[databases]
mysql

[apps]
php


//更改配置文件
[root@yc ~]# vim /etc/ansible/ansible.cfg
inventory      = /etc/ansible/inventory			//取消注释并把路径改成inventory

//使用ssh-keygen生成私钥和公钥
[root@yc ~]# ssh-keygen -t rsa  //后面直接回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hOhPvjrJRzNg+zV3F2fi36lgiGltUl8wSxsmeKEzYg0 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|     E   .       |
|     .o.o .      |
|    .o.*.o *     |
|   .+ ..+ + * o o|
|   ..o. S. o o = |
|    .++ B + o o  |
|   . +oO * = . .o|
|    + +.o . .  .o|
|    .+.      ..  |
+----[SHA256]-----+

//给httpd、mysql、php三台主机设置免密登录
[root@yc1 ~]# ssh-copy-id root@192.168.23.133
[root@yc2 ~]# ssh-copy-id root@192.168.23.134
[root@yc2 ~]# ssh-copy-id root@192.168.23.135

//测试是否连通
[root@yc lamp]# ansible all -m ping
192.168.23.135 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.23.133 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
192.168.23.134 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
//创建项目结构目录
[root@ansible ~]# mkdir -p /project/modules/yum/files
[root@ansible ~]# mkdir -p /project/modules/webs/apache /project/modules/databases/mysql /project/modules/apps/php

yum源配置

//下载centos源
[root@ansible ~]# wget -O /project/modules/yum/files/centos6-base.repo https://mirrors.aliyun.com/repo/Centos-6.repo
[root@ansible ~]# wget -O /project/modules/yum/files/centos7-base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@ansible ~]# wget -O /project/modules/yum/files/centos8-base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /project/modules/yum/files/*.repo
[root@ansible ~]# sed -i 's|$releasever|6|' /project/modules/yum/files/centos6-base.repo
[root@ansible ~]# sed -i 's|$releasever|7|' /project/modules/yum/files/centos7-base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/centos8-base.repo

//下载epel源
[root@ansible ~]# wget -O /project/modules/yum/files/epel-6.repo http://mirrors.aliyun.com/repo/epel-6.repo
[root@ansible ~]# wget -O /project/modules/yum/files/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@ansible ~]# wget -O /project/modules/yum/files/epel-release-latest-8.noarch.rpm https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm

//安装rpm包并提取repo源
[root@ansible ~]# rpm -ivh /project/modules/yum/files/epel-release-latest-8.noarch.rpm
[root@ansible ~]# mv /etc/yum.repos.d/epel.repo /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /project/modules/yum/files/epel-8.repo
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /project/modules/yum/files/epel-8.repo

//设置gpgcheck=0
[root@ansible ~]# sed -i 's|^gpgcheck=1|gpgcheck=0|' /project/modules/yum/files/*.repo

//yumt源的Playbook
[root@ansible ~]# vim /project/modules/yum/main.yml
---
- hosts: all
  tasks:
    - name: yum config for base
      copy:
        src: files/centos{{ ansible_facts['distribution_major_version'] }}-base.repo
        dest: /etc/yum.repos.d/centos-base.repo
      when: ansible_facts['distribution'] == 'RedHat'
      
    - name: yum config for epel
      copy:
        src: files/epel-{{ ansible_facts['distribution_major_version'] }}.repo
        dest: /etc/yum.repos.d/epel.repo

httpd的安装

//下载源码包
[root@ansible ~]# mkdir /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz /project/modules/webs/apache/files
[root@ansible ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2 /project/modules/webs/apache/files

//配置变量
[root@ansible ~]# mkdir /project/modules/webs/apache/vars
[root@ansible ~]# vim /project/modules/webs/apache/vars/var.yml
depend_pkg:
  - "@Development Tools"
  - openssl-devel
  - pcre-devel
  - expat-devel
  - libxml2-devel
  - libtool
  - gcc
  - gcc-c++
  - bzip2
  - make

//创建service文件
[root@ansible ~]# vim /project/modules/webs/apache/files/httpd.service
[Unit]
Description=Start httpd
[Service]
Type=simple
EnvironmentFile=/etc/httpd24/httpd.conf
ExecStart=/usr/local/apache/bin/httpd -k start -DFOREGROUND
ExecReload=/usr/local/apache/bin/httpd -k graceful
ExecStop=/bin/kill -WINCH ${MAINPID}
[Install]
WantedBy=multi-user.target

//配置脚本
[root@ansible ~]# mkdir /project/modules/webs/apache/scripts
[root@ansible ~]# vim /project/modules/webs/apache/scripts/install.sh
#!/bin/bash

if [ ! -d /usr/local/apache ];then
rm -rf /usr/local/apr*

cd /usr/src
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.46.tar.bz2
cd apr-1.7.0
sed -i '/$RM "$cfgfile"/d' configure
./configure --prefix=/usr/local/apr && make && make install && \
cd ../apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && \
make && make install && \
cd ../httpd-2.4.46
./configure --prefix=/usr/local/apache \
--sysconfdir=/etc/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork && \
make && make install
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/apache.sh

cd /usr/src
mv /usr/src/httpd.service /usr/lib/systemd/system/httpd.service
rm -rf apr-1.7.0 apr-util-1.6.1 httpd-2.4.46
fi

//编写playbook
[root@ansible ~] vim /project/modules/webservers/apache/install.yml
---
- hosts: webservers
  vars_files:
    - vars/var.yml
  tasks:
    - name: install depend on apache
      yum:
        name: "{{ depend_pkg }}"
        state: present
        
    - name: create user apache
      user:
        name: apache
        shell: /sbin/nologin
        create_home: false
        system: yes
        state: present
        
    - name: download packages
      copy:
        src: files/
        dest: /usr/src
        
    - name: install apache
      script: scripts/install.sh

    - name: reload daemon for httpd
      command: systemctl daemon-reload

mysql的安装

//下载源码包
[root@ansible ~]# mkdir /project/modules/databases/mysql/files
[root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz /project/modules/databases/mysql/files

//配置变量
[root@ansible ~]# mkdir /project/modules/databases/mysql/vars
[root@ansible ~]# vim /project/modules/databases/mysql/vars/var.yml
basedir: /usr/local
datadir: /opt/data
depend_pkg: ncurses-compat-libs

//创建模板文件
[root@ansible ~]# mkdir /project/modules/databases/mysql/templates
[root@ansible ~]# vim /project/modules/databases/mysql/templates/my.cnf.j2
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve

//创建service文件
[root@ansible ~]# vim /project/modules/databases/mysql/templates/mysqld.service.j2
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target
[Install]
WantedBy=multi-user.target
[Service]
User=mysql
Group=mysql
Type=forking
PIDFile={{ datadir }}/mysqld.pid
TimeoutSec=0
PermissionsStartOnly=true
ExecStart={{ basedir }}/mysql/bin/mysqld --daemonize --pid-file={{ datadir }}/mysqld.pid $MYSQLD_OPTS
LimitNOFILE = 5000
Restart=on-failure
RestartPreventExitStatus=1
PrivateTmp=false

//编写playbook
[root@ansible ~] vim /project/modules/databases/mysql/install.yml
---
- hosts: databases
  ignore_errors: yes
  vars_files:
    - vars/var.yml
  tasks:
    - name: install depemd packages for mysql
      yum:
        name: "{{ depend_pkg }}"
        state: present
    
    - name: create user mysql
      user:
        name: mysql
        system: yes
        create_home: false
        shell: /sbin/nologin
        state: present
           
    - name: unpack mysql
      unarchive:
        src: files/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
        dest: '{{ basedir }}/'
        owner: mysql
        group: mysql
        
    - name: create env for mysql
      shell: echo 'export PATH={{ basedir }}/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
     
    - name: create soft link
      file:
        src: '{{ basedir }}/mysql-5.7.31-linux-glibc2.12-x86_64'
        dest: '{{ basedir }}/mysql'
        owner: mysql
        group: mysql
        state: link
        
    - name: crete datadir
      file:
        path: '{{ datadir }}'
        owner: mysql
        group: mysql
        state: directory
        
    - name: initialize mysql
      command: '{{ basedir }}/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir={{ datadir }}/'
         
    - name: probides config file
      template:
        src: templates/my.cnf.j2
        dest: /etc/my.cnf
         
    - name: probides service file
      template:
        src: templates/mysqld.service.j2
        dest: /usr/lib/systemd/system/mysqld.service

    - name: reload daemon for mysql
      command: systemctl daemon-reload

phpd的安装

//配置变量
[root@ansible ~]# mkdir /project/modules/apps/php/vars
[root@ansible ~]# vim /project/modules/apps/php/vars/var.yml
packages:
  - '@Development Tools'
  - libxml2
  - libxml2-devel
  - openssl
  - openssl-devel
  - bzip2 
  - bzip2-devel
  - libcurl
  - libcurl-devel
  - libicu-devel
  - libjpeg
  - libjpeg-devel
  - libpng 
  - libpng-devel
  - openldap-devel
  - pcre-devel
  - freetype 
  - freetype-devel
  - gmp
  - gmp-devel
  - libmcrypt
  - libmcrypt-devel
  - readline 
  - readline-devel
  - libxslt
  - libxslt-devel 
  - mhash 
  - mhash-devel
  - php-mysqlnd
  - 'php-*'

//编写playbook
[root@ansible ~] vim /project/modules/apps/php/install.yml
---
- hosts: apps
  vars_files:
    - vars/var.yml
  tasks:
    - name: install php
      yum:
        name: "{{ packages }}"
        state: present

    - name: config php-fpm
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regex: '^listen = /run/php-fpm/www.sock'
        line: 'listen=0.0.0.0:9000'
        state: present

创建lamp项目模板

//配置变量
[root@ansible ~] mkdir -p /project/modules/lamp/vars
[root@ansible ~] vim /project/modules/lamp/vars/mysql.yml
depend_mysql_on_lamp:
  - ncurses-devel 
  - openssl-devel 
  - openssl
  - cmake
  - mariadb-devel

//创建lamp模板
[root@ansible ~] vim /project/modules/lamp/main.yml
---
- name: import yum
  import_playbook: ../yum/main.yml
  
- name: import apache
  import_playbook: ../webservers/apache/install.yml
  
- name: import mysql
  import_playbook: ../databases/mysql/install.yml
  
- name: import php
  import_playbook: ../apps/php/install.yml

- name: config apache for lamp
  hosts: webservers
  tasks:
    - name: enable module(1)
      lineinfile:
        path: /etc/httpd24/httpd.conf
        regexp: '^#LoadModule proxy_module'
        line: LoadModule proxy_module modules/mod_proxy.so

    - name: enable module(2)
      lineinfile:
        path: /etc/httpd24/httpd.conf
        regexp: '^#LoadModule proxy_fcgi_module'
        line: LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so

    - name: add index.php
      lineinfile:
        path: /etc/httpd24/httpd.conf
        regexp: '^    DirectoryIndex'
        line: '    DirectoryIndex index.php index.html'
        
    - name: add type
      lineinfile:
        path: /etc/httpd24/httpd.conf
        regexp: '^    AddType application/x-gzip .gz .tgz'
        line: "    AddType application/x-gzip .gz .tgz\n    AddType application/x-httpd-php .php\n    AddType application/x-httpd-php-source .phps\n"

    - name: add virtualhost
      lineinfile:
        path: /etc/httpd24/httpd.conf
        regexp: '<VirtualHost *:80>'
        line: |
          <VirtualHost *:80>
              DocumentRoot "/usr/local/apache/htdocs/"
              ServerName yuqinghao.com
              ProxyRequests Off
              ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.100.4:9000/var/www/html/$1
              <Directory "/usr/local/apache/htdocs/">
                  Options none
                  AllowOverride none
                  Require all granted
              </Directory>
          </VirtualHost>
        state: present

- name: config mysql for lamp
  hosts: databases
  vars_files:
    - vars/mysql.yml
  tasks:
    - name: install depend mysql on lamp
      yum: 
        name: "{{ depend_mysql_on_lamp }}"
        state: present
        
- name: config php for lamp
  hosts: apps
  tasks:
    - name: mkdir index.php
      file:
        path: /var/www/html/index.php
        owner: apache
        group: apache
        state: touch 
        
    - name: index.php config
      lineinfile:
        path: /var/www/html/index.php
        line: "<?php\n\tphpinfo();\n?>"
        state: present
        
    - name: change web address
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regexp: '^listen.allowed_clients = 127.0.0.1'
        line: "listen.allowed_clients = 192.168.100.2"

搭建lamp

//创建项目文件夹
[root@ansible ~] mkdir -p /project/project-1

//在项目yuqinghao中搭建lamp
[root@ansible ~] vim /project/project-1/main.yml
---
- name: import lamp
  import_playbook: ../modules/lamp/main.yml
  
- name: config apache for lamp
  hosts: webservers
  tasks:      
    - name: start httpd service
      service:
        name: httpd
        state: started
        enabled: yes
  
- name: config mysql for lamp
  hosts: databases
  tasks:
    - name: start mysql on lamp
      service:
        name: mysqld
        state: started
        enabled: yes
        
    - name: set password for mysql
      import_playbook: ./secret.yml
      
- name: config php for lamp
  hosts: apps
  tasks:
    - name: start php service
      service:
        name: php-fpm
        state: started
        enabled: yes

设置并修改mysql的密码(需要加密)

//编写修改密码剧本
[root@ansible ~]# vim /project/project1/secret.yml
---
- name: config mysql for lamp
  hosts: databases
  tasks: vim        
    - name: set password for mysql
      shell: /usr/local/mysql/bin/mysql -uroot -e "set password = password(\"123456\");"
    
//加密修改密码剧本
[root@ansible ~]# ansible-vault encrypt /project/project1/secret.yml
New Vault password: yanchuang
Confirm New Vault password: yanchuang
Encryption successful

//记录加密密码
[root@ansible ~]# echo 'yanchuang' > /project/project1/.mypass

//修改权限只允许root读写
[root@ansible ~]# chmod 600 /project/project1/.mypass

//使用加密密码查看加密剧本
[root@ansible ~]# ansible-vault view --vault-password-file=/project/project1/.mypass /project/project1/secret.yml

执行剧本

[root@ansible ~]# cd /project/
[root@ansible project]# ansible-playbook --vault-password-file=project1/.mypass project-1/main.yml

验证
lamp

上一篇:委托和泛型


下一篇:LAMP环境的搭建和配置