ansible自动化运维工具上部署lamp
弄4台主机,其中一台装ansible,其余三台分别部署nginx、mysql、php,实现lamp架构。请合理分配主机资源,所有主机均给500M内存即可,若资源富裕多给些亦可。
环境说明:
| 主机IP | 需要安装的服务 | 系统平台 |
|---|---|---|
| 192.168.100.1 | ansible | redhat8 |
| 192.168.100.2 | httpd | redhat8 |
| 192.168.100.3 | mysql | redhat8 |
| 192.168.100.4 | php | redhat8 |
本次环境YUM源(centos和epel)为:"阿里云官方镜像站"
准备工作:
//主机名映射
[root@ansible ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.1 ansible
192.168.100.2 httpd
192.168.100.3 mysql
192.168.100.4 php
//配置centos源
[root@ansible ~]# rm -rf /etc/yum.repos.d/*
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo
//配置epel源
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache
//安装ansible
[root@ansible ~]# yum -y install ansible
//编写清单
[root@ansible ~]# vim /etc/ansible/inventory
httpd
mysql
php
//更改配置文件
[root@ansible ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/inventory //取消注释并把路径改成inventory
//使用ssh-keygen生成私钥和公钥
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): //直接回车
Enter passphrase (empty for no passphrase): //直接回车
Enter same passphrase again: //直接回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qJ9hviK9uNjD0UXMVI4t3K9p2kOvNQEd8g4kUAxXuW8 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
| oO=o=.. |
| o=B.+ . |
| .+ *.o |
| .o.= |
| . .. S.+ |
| . .. .oE. |
| . o. o.+oo |
| o+.o+ *.... |
|. ++.o*.oo |
+----[SHA256]-----+
//给httpd、mysql、php三台主机设置免密登录
[root@ansible ~]# ssh-copy-id root@192.168.100.2
[root@ansible ~]# ssh-copy-id root@192.168.100.3
[root@ansible ~]# ssh-copy-id root@192.168.100.4
//测试是否连通
[root@ansible ~]# ansible all -m ping
php | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
httpd | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
mysql | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
//配置httpd、mysql、php的centos源、epel源
[root@ansible ~]# ansible all -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d/'
php | CHANGED => {
"changed": true,
"dest": "/etc/yum.repos.d/",
"src": "/etc/yum.repos.d/"
}
httpd | CHANGED => {
"changed": true,
"dest": "/etc/yum.repos.d/",
"src": "/etc/yum.repos.d/"
}
mysql | CHANGED => {
"changed": true,
"dest": "/etc/yum.repos.d/",
"src": "/etc/yum.repos.d/"
}
[root@ansible ~]# ansible all -m shell -a 'yum clean all'
[root@ansible ~]# ansible all -m shell -a 'yum makecache'
[root@ansible ~]# ansible all -m copy -a 'src=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 dest=/etc/pki/rpm-gpg/'
php | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
"dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
"gid": 0,
"group": "root",
"md5sum": "6494b13311caf38e11eaa575a83c2c57",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:cert_t:s0",
"size": 1627,
"src": "/root/.ansible/tmp/ansible-tmp-1609954413.73779-6897-256153649461013/source",
"state": "file",
"uid": 0
}
httpd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
"dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
"gid": 0,
"group": "root",
"md5sum": "6494b13311caf38e11eaa575a83c2c57",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:cert_t:s0",
"size": 1627,
"src": "/root/.ansible/tmp/ansible-tmp-1609954413.7246325-6894-178599563950392/source",
"state": "file",
"uid": 0
}
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
"dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
"gid": 0,
"group": "root",
"md5sum": "6494b13311caf38e11eaa575a83c2c57",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:cert_t:s0",
"size": 1627,
"src": "/root/.ansible/tmp/ansible-tmp-1609954413.7136793-6895-138363780568116/source",
"state": "file",
"uid": 0
}
//关闭所有机器的防火墙和selinux
[root@ansible ~]# systemctl disable firewalld.service
[root@ansible ~]# systemctl stop firewalld.service
[root@ansible ~]# setenforce 0
[root@ansible ~]# vim /etc/selinux/config
SELINUX=disabled
[root@ansible ~]# ansible all -m shell -a 'systemctl disable firewalld'
[root@ansible ~]# ansible all -m shell -a 'systemctl stop firewalld'
[root@ansible ~]# ansible all -m shell -a 'setenforce 0'
[root@ansible ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line=SELINUX=disabled'
安装httpd
/安装开发工具包
[root@ansible ~]# ansible httpd -m yum -a 'name="@Development tools" state=present'
httpd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Group development installed.",
"Installed: mcpp-2.7.2-20.el8.x86_64",
"Installed: bzip2-1.0.6-26.el8.x86_64",
"Installed: libICE-1.0.9-15.el8.x86_64",
"Installed: libSM-1.2.3-1.el8.x86_64",
"Installed: gd-2.2.5-7.el8.x86_64",
"Installed: m4-1.4.18-7.el8.x86_64",
"Installed: libX11-1.6.8-3.el8.x86_64",
"Installed: libX11-common-1.6.8-3.el8.noarch",
"Installed: make-1:4.2.1-10.el8.x86_64",
"Installed: gdb-8.2-12.el8.x86_64",
······
//创建apache服务的用户和组
[root@ansible ~]# ansible httpd -m user -a 'name=apache system=yes create_home=no shell=/sbin/nologin state=present'
httpd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 990,
"home": "/home/apache",
"name": "apache",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 993
}
//安装依赖包
[root@ansible ~]# ansible httpd -m yum -a 'name=bzip2,make,openssl-devel,pcre-devel,expat-devel,libtool,gcc,gcc-c++,libxml2-devel state=present'
httpd | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: pcre-devel-8.42-4.el8.x86_64",
"Installed: expat-2.2.5-4.el8.x86_64",
"Installed: pcre-utf16-8.42-4.el8.x86_64",
"Installed: expat-devel-2.2.5-4.el8.x86_64",
"Installed: pcre-utf32-8.42-4.el8.x86_64",
"Installed: pcre2-10.32-2.el8.x86_64",
"Installed: pcre2-devel-10.32-2.el8.x86_64",
"Installed: pcre2-utf16-10.32-2.el8.x86_64",
"Installed: pcre2-utf32-10.32-2.el8.x86_64",
"Installed: cmake-filesystem-3.11.4-7.el8.x86_64",
"Installed: python3-libselinux-2.9-4.el8_3.x86_64",
"Installed: python3-libxml2-2.9.7-8.el8.x86_64",
"Installed: xz-devel-5.2.4-3.el8.x86_64",
······
//下载源码包
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg apr-1.7.0.tar.gz apr-util-1.6.1.tar.gz httpd-2.4.46.tar.bz2
//把下载好的包传给httpd主机
[root@ansible ~]# scp httpd* apr* httpd:/root
//安装apr
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/apr-1.7.0.tar.gz'
[root@ansible ~]# tar xf apr-1.7.0.tar.gz
[root@ansible ~]# sed -i 's|$RM "$cfgfile"|#$RM "$cfgfile"|' /root/apr-1.7.0/configure
[root@ansible ~]# scp /root/apr-1.7.0/configure httpd:/root/apr-1.7.0/configure
[root@ansible ~]# mkdir /root/httpd
[root@ansible ~]# vim /root/httpd/apr.sh
#!/bin/bash
cd /root/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/apr.sh'
//安装apr-util
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/apr-util-1.6.1.tar.gz'
[root@ansible ~]# vim /root/httpd/apr-util.sh
#!/bin/bash
cd /root/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/apr-util.sh'
//安装httpd
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/httpd-2.4.46.tar.bz2'
[root@ansible ~]# vim /root/httpd/httpd.sh
#!/bin/bash
cd /root/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/httpd.sh'
//安装后配置
[root@ansible ~]# ansible httpd -m shell -a 'echo "export PATH=/usr/local/apache/bin:$PATH" > /etc/profile.d/httpd.sh'
httpd | CHANGED | rc=0 >>
[root@ansible ~]# ansible httpd -m shell -a 'source /etc/profile.d/httpd.sh'
httpd | CHANGED | rc=0 >>
[root@ansible ~]# ansible httpd -m shell -a 'which apachectl'
httpd | CHANGED | rc=0 >>
/usr/local/apache/bin/apachectl
[root@ansible ~]# ansible httpd -m shell -a 'cd /usr/local/apache/ && ln -s include apache'
httpd | CHANGED | rc=0 >>
[root@localhost ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/local/apache/man
[root@ansible ~]# scp /etc/man_db.conf httpd:/etc/man_db.conf
//启动apache
[root@ansible ~]# ansible httpd -m shell -a '/usr/local/apache/bin/apachectl start'
httpd | CHANGED | rc=0 >>
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:febc:a7b5%ens160. Set the 'ServerName' directive globally to suppress this message
[root@ansible ~]# ansible httpd -m shell -a 'ss -antl'
httpd | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*
安装mysql
//安装依赖包
[root@ansible ~]# ansible mysql -m yum -a 'name=ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Installed: e2fsprogs-1.45.6-1.el8.x86_64",
"Installed: libss-1.45.6-1.el8.x86_64",
"Installed: libuv-1:1.38.0-2.el8.x86_64",
"Installed: e2fsprogs-libs-1.45.6-1.el8.x86_64",
"Installed: libkadm5-1.18.2-5.el8.x86_64",
"Installed: libcom_err-1.45.6-1.el8.x86_64",
"Installed: libcom_err-devel-1.45.6-1.el8.x86_64",
"Installed: emacs-filesystem-1:26.1-5.el8.noarch",
"Installed: pcre2-10.32-2.el8.x86_64",
"Installed: pcre2-devel-10.32-2.el8.x86_64",
······
//创建mysql的用户和组
[root@ansible ~]# ansible mysql -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": true,
"comment": "",
"create_home": false,
"group": 991,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 994
}
//下载源码包
[root@ansible ~]# rm -rf apr* httpd-2.4.46.tar.bz2
[root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
//把下载好的包传给mysql主机
[root@ansible ~]# scp mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz mysql:/root/
//解压mysql到/usr/local/
[root@ansible ~]# ansible mysql -m shell -a 'tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
mysql | CHANGED | rc=0 >>
//设置软链接并修改属主和属组
[root@ansible ~]# ansible mysql -m shell -a 'cd /usr/local/ && ln -s mysql-5.7.31-linux-glibc2.12-x86_64 mysql'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'chown -R mysql.mysql /usr/local/mysql*'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'ls -l /usr/local/'
mysql | CHANGED | rc=0 >>
total 0
drwxr-xr-x. 2 root root 6 Aug 12 2018 bin
drwxr-xr-x. 2 root root 6 Aug 12 2018 etc
drwxr-xr-x. 2 root root 6 Aug 12 2018 games
drwxr-xr-x. 2 root root 6 Aug 12 2018 include
drwxr-xr-x. 2 root root 6 Aug 12 2018 lib
drwxr-xr-x. 2 root root 6 Aug 12 2018 lib64
drwxr-xr-x. 2 root root 6 Aug 12 2018 libexec
lrwxrwxrwx. 1 mysql mysql 35 Jan 6 23:43 mysql -> mysql-5.7.31-linux-glibc2.12-x86_64
drwxr-xr-x. 9 mysql mysql 129 Jun 2 2020 mysql-5.7.31-linux-glibc2.12-x86_64
drwxr-xr-x. 2 root root 6 Aug 12 2018 sbin
drwxr-xr-x. 5 root root 49 Jan 6 19:31 share
drwxr-xr-x. 2 root root 6 Aug 12 2018 src
//添加环境变量
[root@ansible ~]# ansible mysql -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'source /etc/profile.d/mysql.sh'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'which mysql'
mysql | CHANGED | rc=0 >>
/usr/local/mysql/bin/mysql
//建立数据存放目录
[root@ansible ~]# ansible mysql -m shell -a 'mkdir /opt/data'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'chown -R mysql.mysql /opt/data'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'ls -l /opt/'
mysql | CHANGED | rc=0 >>
total 0
drwxr-xr-x. 2 mysql mysql 6 Jan 6 23:49 data
//初始化数据库
[root@ansible ~]# ansible mysql -m shell -a 'mysqld --initialize --user=mysql --datadir=/opt/data'
mysql | CHANGED | rc=0 >>
2021-01-06T15:49:51.131368Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-01-06T15:49:51.300267Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-01-06T15:49:51.324731Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-01-06T15:49:51.381114Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: d00b9f8a-5036-11eb-b423-000c29569e92.
2021-01-06T15:49:51.381888Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-01-06T15:49:52.248563Z 0 [Warning] CA certificate ca.pem is self signed.
2021-01-06T15:49:52.324921Z 1 [Note] A temporary password is generated for root@localhost: n9)I*3</*5og
//记住密码
[root@ansible ~]# echo 'n9)I*3</*5og' > pass
//配置mysql
[root@ansible ~]# mkdir mysql
[root@ansible ~]# vim /root/mysql/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[client-server]
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
[root@ansible ~]# ansible mysql -m copy -a 'src=/root/mysql/my.cnf dest=/etc/'
mysql | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"checksum": "70df95046509bfcab4f56022286c45ff6f2e9686",
"dest": "/etc/my.cnf",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/etc/my.cnf",
"secontext": "system_u:object_r:mysqld_etc_t:s0",
"size": 358,
"state": "file",
"uid": 0
}
//配置服务启动脚本
[root@ansible ~]# ansible mysql -m shell -a 'cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m lineinfile -a 'path=/etc/init.d/mysqld regexp="^basedir=" line=basedir=/usr/local/mysql'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
[root@ansible ~]# ansible mysql -m lineinfile -a 'path=/etc/init.d/mysqld regexp="^datadir=" line=datadir=/opt/data'
mysql | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"backup": "",
"changed": true,
"msg": "line replaced"
}
//启动mysql
[root@ansible ~]# ansible mysql -m shell -a 'service mysqld start'
mysql | CHANGED | rc=0 >>
Starting MySQL. SUCCESS! Logging to '/opt/data/mysql.err'.
[root@ansible ~]# ansible mysql -m shell -a 'ss -antl'
mysql | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
//修改新密码
[root@ansible ~]# cat pass
n9)I*3</*5og
[root@ansible ~]# ansible mysql -m shell -a '/usr/local/mysql/bin/mysql -uroot -p"n9)I*3</*5og" --connect-expired-password -e "set password = password(\"123456\");" '
mysql | CHANGED | rc=0 >>
mysql: [Warning] Using a password on the command line interface can be insecure.
//安装后配置
[root@ansible ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/local/mysql/man
[root@ansible ~]# scp /etc/man_db.conf mysql:/etc/
[root@ansible ~]# ansible mysql -m shell -a 'echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf'
mysql | CHANGED | rc=0 >>
[root@ansible ~]# ansible mysql -m shell -a 'ldconfig'
mysql | CHANGED | rc=0 >>
安装php
//安装依赖包
[root@ansible ~]# ansible php -m yum -a 'name=libxml2,libxml2-devel,openssl,openssl-devel,bzip2,bzip2-devel,libcurl,libcurl-devel,libicu-devel,libjpeg,libjpeg-devel,libpng,libpng-devel,openldap-devel,pcre-devel,freetype,freetype-devel,gmp,gmp-devel,libmcrypt,libmcrypt-devel,readline,readline-devel,libxslt,libxslt-devel,mhash,mhash-devel,php-mysqlnd'
php | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"msg": "Nothing to do",
"rc": 0,
"results": []
}
//安装php
[root@ansible ~]# ansible php -m yum -a 'name=php-*'
[root@ansible ~]# ansible php -m shell -a 'which php'
php | CHANGED | rc=0 >>
/usr/bin/php
[root@ansible ~]# ansible php -m shell -a 'php -v'
php | CHANGED | rc=0 >>
PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.24, Copyright (c) 1999-2018, by Zend Technologies
//启动php
[root@ansible ~]# ansible php -m shell -a 'systemctl start php-fpm'
php | CHANGED | rc=0 >>
配置apache
//启用代理模块
[root@ansible ~]# vim /root/httpd/module.sh
#!/bin/bash
sed -i '/proxy_module/s/#//g' /etc/httpd24/httpd.conf && sed -i '/proxy_fcgi_module/s/#//g' /etc/httpd24/httpd.conf
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/module.sh'
httpd | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to httpd closed.\r\n",
"stderr_lines": [
"Shared connection to httpd closed."
],
"stdout": "",
"stdout_lines": []
}
//注释listen = /run/php-fpm/www.sock新加本机加端口号
[root@ansible ~]# mkdir php
[root@ansible ~]# vim /root/php/php.sh
#!/bin/bash
sed -i 's|listen = /run/php-fpm/www.sock|listen=192.168.100.2:9000|' /etc/php-fpm.d/www.conf
[root@ansible ~]# ansible php -m script -a '/root/php/php.sh'
php | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to php closed.\r\n",
"stderr_lines": [
"Shared connection to php closed."
],
"stdout": "",
"stdout_lines": []
}
[root@ansible ~]# ansible php -m shell -a 'systemctl restart php-fpm'
php | CHANGED | rc=0 >>
[root@ansible ~]# ansible php -m shell -a 'ss -antl'
php | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
//创建虚拟主机目录并生成php测试页面
[root@ansible ~]# ansible httpd -m shell -a 'mkdir /usr/local/apache/htdocs/test'
httpd | CHANGED | rc=0 >>
[root@ansible ~]# vim /root/httpd/index.php
<?php
phpinfo();
?>
[root@ansible ~]# scp /root/httpd/index.php httpd:/usr/local/apache/htdocs/test/
[root@ansible ~]# ansible httpd -m shell -a 'chown -R apache.apache /usr/local/apache/htdocs/'
httpd | CHANGED | rc=0 >>
[root@ansible ~]# ansible httpd -m shell -a 'ls -l /usr/local/apache/htdocs/'
httpd | CHANGED | rc=0 >>
total 4
-rw-r--r--. 1 apache apache 45 Jun 12 2007 index.html
drwxr-xr-x. 2 apache apache 23 Jan 7 00:55 test
//配置虚拟主机
[root@httpd ~]# vim /etc/httpd24/httpd.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/test"
ServerName www.yuqinghao.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/test/$1
<Directory "/usr/local/apache/htdocs/test">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
//搜索AddType,添加以下内容
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php #添加此行
AddType application/x-httpd-php-source .phps #添加此行
//搜索index.html,修改成以下内容
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
//重启apache服务
[root@ansible ~]# ansible httpd -m shell -a 'apachectl restart'
httpd | CHANGED | rc=0 >>
[root@ansible ~]# ansible httpd -m shell -a 'ss -antl'
httpd | CHANGED | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 128 *:80 *:*