配置四台虚拟机
192.168.170.120  安装ansible主控机
192.168.170.155  安装httpd
192.168.170.156  安装mysql
192.168.170.157  安装php





#下载httpd源码包以及apr,apr_util
 wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.gz
 wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz
 wget http://mirrors.hust.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
 
#下载二进制mysql包
wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
 安装ansible

#配置yum源
[root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed  -i 's#\$releasever#8#g'  /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed  -i 's#\$releasever#8#g'  /etc/yum.repos.d/epel.repo
 
#安装ansible
[root@ansible ~]# yum -y install ansible
 
#查看ansible版本
[root@ansible ~]#  ansible  --version
ansible 2.9.16
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Dec  5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
 
#ssh免密登录
[root@ansible lamp]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.170.155 node1
192.168.170.156 node2
192.168.248.157 node3

[root@ansible ~]# ssh-keygen -t rsa
[root@ansible ~]# ssh-copy-id  root@httpd
[root@ansible ~]# ssh-copy-id  root@mysql
[root@ansible ~]# ssh-copy-id  root@php





  将被控机IP加入到主控机清单

#修改清单文件位置
[root@ansible ~]# vim /etc/ansible/ansible.cfg
[defaults]
 
# some basic default values...
 
inventory      = /etc/ansible/inventory   
#library        = /usr/share/my_modules/
 
[root@ansible ~]# mkdir lamp
[root@ansible ~]# cd lamp
[root@ansible lamp]# cp /etc/ansible/ansible.cfg  .
 
#创建清单文件
[root@ansible lamp]# vim inventory
[group_apache]
httpd
 
[group_mysql]
mysql
 
[group_php]
php
 
运用ping模块检查节点机
[root@ansible lamp]# ansible all -m ping
nide2 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node1 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
node3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
目录结构

[root@ansible lamp]# tree
.
├── ansible.cfg
├── application
│   └── php
│       ├── depend
│       │   └── depend_php.yml
│       ├── php.yml
│       ├── scripts
│       └── templates
├── base
│   └── base.yml
├── databases
│   └── mysql
│       ├── depend
│       │   └── depend_mysql.yml
│       ├── mysql.yml
│       ├── packages
│       │   └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│       ├── passwd.yml
│       ├── scripts
│       │   └── install.sh
│       └── templates
│           └── my.j2
├── group_vars
│   ├── group_apache
│   └── group_mysql
├── host_vars
├── inventory
└── web
    └── apache
        ├── depend
        │   └── apache_depend.yml
        ├── httpd.yml
        ├── packages
        │   ├── apr-1.7.0.tar.bz2
        │   ├── apr-util-1.6.1.tar.gz
        │   └── httpd-2.4.46.tar.gz
        ├── scripts
        │   └── packages.sh
        └── templates
            └── httpd.j2
yum源playbook

[root@ansible lamp]# vim base/base.yml
---
- hosts: all
  tasks:
    - name: yum warehouse
      yum_repository:
        name: "{{ item }}"
        description: "{{ item }}"
        file: "{{ item }}"
        baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
        gpgcheck: no
        enabled: yes
      loop:
        - BaseOS
        - AppStream
 
    - name: epel
      yum_repository:
        name: epel
        description: epel
        file: epel
        baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/
        gpgcheck: no
        enabled: yes
 
    - name: stop firewalld
      service:
        name: firewalld
        state: stopped
      
    - name: disabled selinux
      lineinfile:
        path: /etc/selinux/config
        regexp: '^SELINUX='
        line: SELINUX=disabled
    - name: stop selinux
      shell: setenforce 0 
[root@ansible lamp]# ansible-playbook   base/base.yml










 apache配置

#yum安装包循环yml
[root@ansible lamp]# mkdir web/apache/depend/
[root@ansible lamp]# vim web/apache/depend/apache_depend.yml
packages:
  - openssl-devel
  - pcre-devel
  - expat-devel
  - libtool
  - gcc
  - gcc-c++
  - make
 
[root@ansible lamp]# vim  web/apache/scripts/packages.sh
#!/bin/bash
#install apr
sed -i 's/\$RM "$cfgfile"/\#\$RM "$cfgfile"/'  apr-1.7.0/configure
cd apr-1.7.0
./configure  --prefix=/usr/local/apr
make && make install
cd
 
#install apr-util
cd /root/apr-util-1.6.1
./configure  --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
cd
 
#install apache
cd httpd-2.4.46
./configure --prefix=/usr/local/apache \
    --sysconfdir=/etc/httpd24 \
    --enable-so \
    --enable-ssl \
    --enable-cgi \
    --enable-rewrite \
    --with-zlib \
    --with-pcre \
    --with-apr=/usr/local/apr \
    --with-apr-util=/usr/local/apr-util/ \
    --enable-modules=most \
    --enable-mpms-shared=all \
    --with-mpm=prefork
make && make install
cd
 
#variable
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
#include
ln -s /usr/local/apache/include/ /usr/include/httpd
 
#playbook
[root@ansible lamp]# vim web/apache/httpd.yml
---
- hosts: node1
  vars:
    php_ip: 192.168.170.157   
  vars_files:
    - depend/apache_depend.yml     
  tasks:
    - name: install
      yum:
        name: '{{ item }}'
        state: present
      loop: '{{ packages }}'
    - name: package group
      yum:
        name: "@Development tools"
        state: present
    - name: create user
      user:
        name: '{{ user }}'
        system: yes
        create_home: no
        shell: /sbin/nologin
        state: present
 
    - name: copy packages
      copy:
        src: packages/
        dest: /root/
    - name: uncompress
      shell: "tar xf apr-1.7.0.tar.bz2 && tar xf apr-util-1.6.1.tar.gz && tar xf httpd-2.4.46.tar.gz"   
         
    - name: install packages
      script: scripts/packages.sh
    - name: httpd.conf
      template:
        src: templates/httpd.j2
        dest: /etc/httpd24/httpd.conf
    - name: start httpd
      shell: "/usr/local/apache/bin/apachectl start"
 
[root@ansible lamp]# ansible-playbook  web/apache/httpd.yml





mysql配置

#编辑模板文件
[root@ansible lamp]# mkdir databases/mysql/templates
[root@ansible lamp]# vim databases/mysql/templates/my.j2
[mysqld]
basedir = /usr/local/mysql
datadir = /mydata
socket = /tmp/mysql.sock
port = 3306
pid-file = /mydata/mysql.pid
user = mysql
skip-name-resolve
 
#script
[root@ansible lamp]# mkdir databases/mysql/scripts
[root@ansible lamp]# vim databases/mysql/scripts/install.sh
#!/bin/bash
#uncompress
tar  -xf /root/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
#link
ln -s /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64/  /usr/local/mysql
#chown
chown -R mysql.mysql /usr/local/mysql*
#variable
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/myslq.sh
source /etc/profile.d/myslq.sh
#include
ln -s /usr/local/mysql/include/  /usr/include/mysql
#lib
echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/msqly.conf
ldconfig
#initizlize mysql
/usr/local/mysql/bin/mysqld  --initialize  --user=mysql   --datadir=/mydata > /root/password 2>&1
#start script
cp /usr/local/mysql/support-files/mysql.server  /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/mydata#g' /etc/init.d/mysqld
#start mysql
service mysqld start
 
#循环yml
[root@ansible lamp]# mkdir databases/mysql/depend
[root@ansible lamp]# vim databases/mysql/depend/depend_mysql.yml
packages:
  - ncurses-devel
  - openssl-devel
  - openssl
  - cmake
  - mariadb-devel
  - ncurses-compat-libs
 
#playbook
[root@ansible lamp]# vim databases/mysql/mysql.yml
---
- hosts: node2
  vars_files:
    - depend/depend_mysql.yml
  tasks:
    - name: install package
      yum:
        name: '{{ item }}'
        state: present
      loop: '{{ packages }}'
    - name: copy mysql
      copy:
        src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
        dest: /root/
    - name: create user
      user:
        name: '{{ user }}'
        system: yes
        create_home: no
        shell: /sbin/nologin
        state: present
    - name: create datadir
      file:
        path: /mydata
        owner: '{{ user }}'
        group: '{{ user }}'
        state: directory
    - name: my.cnf
      template:
        src: templates/my.j2
        dest: /etc/my.cnf
    - name: script
      script: scripts/install.sh
 
#修改密码playbook
[root@ansible lamp]# vim databases/mysql/passwd.yml
---
- hosts: mysql
  tasks:
    - name: change password
      shell: /usr/local/mysql/bin/mysql  -uroot -p"$(awk  '/password/{print$NF}' /root/password)"  --connect-expired-password -e "set password = password(\"123456\");"
 
#加密密码剧本
[root@ansible lamp]# ansible-vault encrypt databases/mysql/passwd.yml
New Vault password:
Confirm New Vault password:
Encryption successful
 
#记录密码
[root@ansible lamp]# echo '123456' > databases/mysql/.mysqlpasswd
#修改密码文件权限
[root@ansible lamp]# chmod 600 databases/mysql/.mysqlpasswd
 
#执行playbook
[root@ansible lamp]# ansible-playbook databases/mysql/mysql.yml
#执行修改密码playbook
[root@ansible lamp]# ansible-playbook  --vault-password-file=databases/mysql/.mysqlpasswd  databases/mysql/passwd.yml












 php配置

#循环yml
[root@ansible lamp]# mkidr application/php/depend
[root@ansible lamp]# vim application/php/depend/depend_php.yml
packages:
  - libxml2
  - libxml2-devel
  - openssl
  - openssl-devel
  - bzip2
  - bzip2-devel
  - libcurl
  - libcurl-devel
  - libicu-devel
  - libjpeg
  - libjpeg-devel
  - libpng
  - libpng-devel
  - openldap-devel
  - pcre-devel
  - freetype
  - freetype-devel
  - gmp
  - gmp-devel
  - libmcrypt
  - libmcrypt-devel
  - readline
  - readline-devel
  - libxslt
  - libxslt-devel
  - mhash
  - mhash-devel
  - php-mysqlnd
 
#playbook
[root@ansible lamp]# vim   application/php/php.yml
---
- hosts: node3
  vars:
    httpd_ip: 192.168.170.155     
  vars_files:
    - ./depend/depend_php.yml
  tasks:
    - name: install depend
      yum:
        name: '{{ item }}'
        state: present
      loop: '{{ packages }}'
    - name: install php
      yum:
        name: php-*
        state: present
    - name: modify socket
      lineinfile:
        path: /etc/php-fpm.d/www.conf
 
#执行playbook
[root@ansible lamp]# ansible-playbook  application/php/php.yml
 
 
        regexp: '^listen ='
        line: listen = 0.0.0.0:9000
    - name: conf
      lineinfile:
        path: /etc/php-fpm.d/www.conf
        regexp: '^listen.allowed_clients ='
        line: listen.allowed_clients = 192.168.170.155
    - name: index.php
      shell: 'echo -e "<?php\n\tphpinfo();\n?>" > /var/www/html/index.php'
    - name: start php-fpm
      service:
        name: php-fpm
        state: started