ansible自动化运维工具上部署lamp

ansible自动化运维工具上部署lamp

弄4台主机,其中一台装ansible,其余三台分别部署nginx、mysql、php,实现lamp架构。请合理分配主机资源,所有主机均给500M内存即可,若资源富裕多给些亦可。

环境说明:

主机IP 需要安装的服务 系统平台
192.168.100.1 ansible redhat8
192.168.100.2 httpd redhat8
192.168.100.3 mysql redhat8
192.168.100.4 php redhat8

本次环境YUM源(centos和epel)为:"阿里云官方镜像站"

准备工作:

//主机名映射
[root@ansible ~]# vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.1 ansible
192.168.100.2 httpd
192.168.100.3 mysql
192.168.100.4 php

//配置centos源
[root@ansible ~]# rm -rf /etc/yum.repos.d/*
[root@ansible ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@ansible ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/CentOS-Base.repo

//配置epel源
[root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@ansible ~]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@ansible ~]# sed -i 's|$releasever|8|' /etc/yum.repos.d/epel*
[root@ansible ~]# yum clean all
[root@ansible ~]# yum makecache

//安装ansible
[root@ansible ~]# yum -y install ansible

//编写清单
[root@ansible ~]# vim /etc/ansible/inventory
httpd
mysql
php

//更改配置文件
[root@ansible ~]# vim /etc/ansible/ansible.cfg
inventory      = /etc/ansible/inventory			//取消注释并把路径改成inventory

//使用ssh-keygen生成私钥和公钥
[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 		//直接回车
Enter passphrase (empty for no passphrase): 					//直接回车
Enter same passphrase again: 									//直接回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:qJ9hviK9uNjD0UXMVI4t3K9p2kOvNQEd8g4kUAxXuW8 root@ansible
The key's randomart image is:
+---[RSA 3072]----+
|    oO=o=..      |
|     o=B.+ .     |
|     .+ *.o      |
|      .o.=       |
|   . .. S.+      |
|  . ..  .oE.     |
| . o. o.+oo      |
| o+.o+ *....     |
|. ++.o*.oo       |
+----[SHA256]-----+


//给httpd、mysql、php三台主机设置免密登录
[root@ansible ~]# ssh-copy-id root@192.168.100.2
[root@ansible ~]# ssh-copy-id root@192.168.100.3
[root@ansible ~]# ssh-copy-id root@192.168.100.4

//测试是否连通
[root@ansible ~]# ansible all -m ping
php | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
httpd | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}
mysql | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "ping": "pong"
}

//配置httpd、mysql、php的centos源、epel源
[root@ansible ~]# ansible all -m copy -a 'src=/etc/yum.repos.d/ dest=/etc/yum.repos.d/'
php | CHANGED => {
    "changed": true,
    "dest": "/etc/yum.repos.d/",
    "src": "/etc/yum.repos.d/"
}
httpd | CHANGED => {
    "changed": true,
    "dest": "/etc/yum.repos.d/",
    "src": "/etc/yum.repos.d/"
}
mysql | CHANGED => {
    "changed": true,
    "dest": "/etc/yum.repos.d/",
    "src": "/etc/yum.repos.d/"
}

[root@ansible ~]# ansible all -m shell -a 'yum clean all'
[root@ansible ~]# ansible all -m shell -a 'yum makecache'

[root@ansible ~]# ansible all -m copy -a 'src=/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 dest=/etc/pki/rpm-gpg/'
php | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
    "dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
    "gid": 0,
    "group": "root",
    "md5sum": "6494b13311caf38e11eaa575a83c2c57",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:cert_t:s0",
    "size": 1627,
    "src": "/root/.ansible/tmp/ansible-tmp-1609954413.73779-6897-256153649461013/source",
    "state": "file",
    "uid": 0
}
httpd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
    "dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
    "gid": 0,
    "group": "root",
    "md5sum": "6494b13311caf38e11eaa575a83c2c57",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:cert_t:s0",
    "size": 1627,
    "src": "/root/.ansible/tmp/ansible-tmp-1609954413.7246325-6894-178599563950392/source",
    "state": "file",
    "uid": 0
}
mysql | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "checksum": "2d776ec5051cd8e37d6c29070cf78e649ce59ac1",
    "dest": "/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8",
    "gid": 0,
    "group": "root",
    "md5sum": "6494b13311caf38e11eaa575a83c2c57",
    "mode": "0644",
    "owner": "root",
    "secontext": "system_u:object_r:cert_t:s0",
    "size": 1627,
    "src": "/root/.ansible/tmp/ansible-tmp-1609954413.7136793-6895-138363780568116/source",
    "state": "file",
    "uid": 0
}

//关闭所有机器的防火墙和selinux
[root@ansible ~]# systemctl disable firewalld.service 
[root@ansible ~]# systemctl stop firewalld.service 
[root@ansible ~]# setenforce 0
[root@ansible ~]# vim /etc/selinux/config 
SELINUX=disabled
[root@ansible ~]# ansible all -m shell -a 'systemctl disable firewalld'
[root@ansible ~]# ansible all -m shell -a 'systemctl stop firewalld'
[root@ansible ~]# ansible all -m shell -a 'setenforce 0'
[root@ansible ~]# ansible all -m lineinfile -a 'path=/etc/selinux/config regexp="^SELINUX=" line=SELINUX=disabled'

安装httpd

/安装开发工具包
[root@ansible ~]# ansible httpd -m yum -a 'name="@Development tools" state=present'
httpd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Group development installed.",
        "Installed: mcpp-2.7.2-20.el8.x86_64",
        "Installed: bzip2-1.0.6-26.el8.x86_64",
        "Installed: libICE-1.0.9-15.el8.x86_64",
        "Installed: libSM-1.2.3-1.el8.x86_64",
        "Installed: gd-2.2.5-7.el8.x86_64",
        "Installed: m4-1.4.18-7.el8.x86_64",
        "Installed: libX11-1.6.8-3.el8.x86_64",
        "Installed: libX11-common-1.6.8-3.el8.noarch",
        "Installed: make-1:4.2.1-10.el8.x86_64",
        "Installed: gdb-8.2-12.el8.x86_64",
······

//创建apache服务的用户和组
[root@ansible ~]# ansible httpd -m user -a 'name=apache system=yes create_home=no shell=/sbin/nologin state=present'
httpd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 990,
    "home": "/home/apache",
    "name": "apache",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 993
}

//安装依赖包
[root@ansible ~]# ansible httpd -m yum -a 'name=bzip2,make,openssl-devel,pcre-devel,expat-devel,libtool,gcc,gcc-c++,libxml2-devel state=present'
httpd | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: pcre-devel-8.42-4.el8.x86_64",
        "Installed: expat-2.2.5-4.el8.x86_64",
        "Installed: pcre-utf16-8.42-4.el8.x86_64",
        "Installed: expat-devel-2.2.5-4.el8.x86_64",
        "Installed: pcre-utf32-8.42-4.el8.x86_64",
        "Installed: pcre2-10.32-2.el8.x86_64",
        "Installed: pcre2-devel-10.32-2.el8.x86_64",
        "Installed: pcre2-utf16-10.32-2.el8.x86_64",
        "Installed: pcre2-utf32-10.32-2.el8.x86_64",
        "Installed: cmake-filesystem-3.11.4-7.el8.x86_64",
        "Installed: python3-libselinux-2.9-4.el8_3.x86_64",
        "Installed: python3-libxml2-2.9.7-8.el8.x86_64",
        "Installed: xz-devel-5.2.4-3.el8.x86_64",
······

//下载源码包
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg  apr-1.7.0.tar.gz  apr-util-1.6.1.tar.gz  httpd-2.4.46.tar.bz2

//把下载好的包传给httpd主机
[root@ansible ~]# scp httpd* apr* httpd:/root

//安装apr
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/apr-1.7.0.tar.gz'
[root@ansible ~]# tar xf apr-1.7.0.tar.gz 
[root@ansible ~]# sed -i 's|$RM "$cfgfile"|#$RM "$cfgfile"|' /root/apr-1.7.0/configure
[root@ansible ~]# scp /root/apr-1.7.0/configure httpd:/root/apr-1.7.0/configure
[root@ansible ~]# mkdir /root/httpd
[root@ansible ~]# vim /root/httpd/apr.sh
#!/bin/bash
 
cd /root/apr-1.7.0 && ./configure --prefix=/usr/local/apr && make && make install
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/apr.sh'

//安装apr-util
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/apr-util-1.6.1.tar.gz'
[root@ansible ~]# vim /root/httpd/apr-util.sh
#!/bin/bash
 
cd /root/apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
[root@ansible ~]# ansible httpd -m script -a '/root/httpd/apr-util.sh'

//安装httpd
[root@ansible ~]# ansible httpd -m shell -a 'tar xf /root/httpd-2.4.46.tar.bz2'
[root@ansible ~]# vim /root/httpd/httpd.sh
#!/bin/bash

cd /root/httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork && make && make install

[root@ansible ~]# ansible httpd -m script -a '/root/httpd/httpd.sh'

//安装后配置
[root@ansible ~]# ansible httpd -m shell -a 'echo "export PATH=/usr/local/apache/bin:$PATH" > /etc/profile.d/httpd.sh'
httpd | CHANGED | rc=0 >>

[root@ansible ~]# ansible httpd -m shell -a 'source /etc/profile.d/httpd.sh'
httpd | CHANGED | rc=0 >>

[root@ansible ~]# ansible httpd -m shell -a 'which apachectl'
httpd | CHANGED | rc=0 >>
/usr/local/apache/bin/apachectl

[root@ansible ~]# ansible httpd -m shell -a 'cd /usr/local/apache/ && ln -s include apache'
httpd | CHANGED | rc=0 >>

[root@localhost ~]# vim /etc/man_db.conf 
MANDATORY_MANPATH                       /usr/local/apache/man
[root@ansible ~]# scp /etc/man_db.conf httpd:/etc/man_db.conf


//启动apache
[root@ansible ~]# ansible httpd -m shell -a '/usr/local/apache/bin/apachectl start'
httpd | CHANGED | rc=0 >>
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:febc:a7b5%ens160. Set the 'ServerName' directive globally to suppress this message

[root@ansible ~]# ansible httpd -m shell -a 'ss -antl'
httpd | CHANGED | rc=0 >>
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*       
LISTEN    0         128                   [::]:22                  [::]:*       
LISTEN    0         128                      *:80                     *:*  

安装mysql

//安装依赖包
[root@ansible ~]# ansible mysql -m yum -a 'name=ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
mysql | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "msg": "",
    "rc": 0,
    "results": [
        "Installed: e2fsprogs-1.45.6-1.el8.x86_64",
        "Installed: libss-1.45.6-1.el8.x86_64",
        "Installed: libuv-1:1.38.0-2.el8.x86_64",
        "Installed: e2fsprogs-libs-1.45.6-1.el8.x86_64",
        "Installed: libkadm5-1.18.2-5.el8.x86_64",
        "Installed: libcom_err-1.45.6-1.el8.x86_64",
        "Installed: libcom_err-devel-1.45.6-1.el8.x86_64",
        "Installed: emacs-filesystem-1:26.1-5.el8.noarch",
        "Installed: pcre2-10.32-2.el8.x86_64",
        "Installed: pcre2-devel-10.32-2.el8.x86_64",
······

//创建mysql的用户和组
[root@ansible ~]# ansible mysql -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'
mysql | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 991,
    "home": "/home/mysql",
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 994
}

//下载源码包
[root@ansible ~]# rm -rf apr*  httpd-2.4.46.tar.bz2
[root@ansible ~]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
[root@localhost ~]# ls
anaconda-ks.cfg  mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz

//把下载好的包传给mysql主机
[root@ansible ~]# scp mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz mysql:/root/

//解压mysql到/usr/local/
[root@ansible ~]# ansible mysql -m shell -a 'tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
mysql | CHANGED | rc=0 >>

//设置软链接并修改属主和属组
[root@ansible ~]# ansible mysql -m shell -a 'cd /usr/local/ && ln -s mysql-5.7.31-linux-glibc2.12-x86_64 mysql'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'chown -R mysql.mysql /usr/local/mysql*'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'ls -l /usr/local/'
mysql | CHANGED | rc=0 >>
total 0
drwxr-xr-x. 2 root  root    6 Aug 12  2018 bin
drwxr-xr-x. 2 root  root    6 Aug 12  2018 etc
drwxr-xr-x. 2 root  root    6 Aug 12  2018 games
drwxr-xr-x. 2 root  root    6 Aug 12  2018 include
drwxr-xr-x. 2 root  root    6 Aug 12  2018 lib
drwxr-xr-x. 2 root  root    6 Aug 12  2018 lib64
drwxr-xr-x. 2 root  root    6 Aug 12  2018 libexec
lrwxrwxrwx. 1 mysql mysql  35 Jan  6 23:43 mysql -> mysql-5.7.31-linux-glibc2.12-x86_64
drwxr-xr-x. 9 mysql mysql 129 Jun  2  2020 mysql-5.7.31-linux-glibc2.12-x86_64
drwxr-xr-x. 2 root  root    6 Aug 12  2018 sbin
drwxr-xr-x. 5 root  root   49 Jan  6 19:31 share
drwxr-xr-x. 2 root  root    6 Aug 12  2018 src


//添加环境变量
[root@ansible ~]# ansible mysql -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'source /etc/profile.d/mysql.sh'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'which mysql'
mysql | CHANGED | rc=0 >>
/usr/local/mysql/bin/mysql

//建立数据存放目录
[root@ansible ~]# ansible mysql -m shell -a 'mkdir /opt/data'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'chown -R mysql.mysql /opt/data'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'ls -l /opt/'
mysql | CHANGED | rc=0 >>
total 0
drwxr-xr-x. 2 mysql mysql 6 Jan  6 23:49 data

//初始化数据库
[root@ansible ~]# ansible mysql -m shell -a 'mysqld --initialize --user=mysql --datadir=/opt/data'
mysql | CHANGED | rc=0 >>
2021-01-06T15:49:51.131368Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-01-06T15:49:51.300267Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-01-06T15:49:51.324731Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-01-06T15:49:51.381114Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: d00b9f8a-5036-11eb-b423-000c29569e92.
2021-01-06T15:49:51.381888Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-01-06T15:49:52.248563Z 0 [Warning] CA certificate ca.pem is self signed.
2021-01-06T15:49:52.324921Z 1 [Note] A temporary password is generated for root@localhost: n9)I*3</*5og

//记住密码
[root@ansible ~]# echo 'n9)I*3</*5og' > pass

//配置mysql
[root@ansible ~]# mkdir mysql
[root@ansible ~]# vim /root/mysql/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#

[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve

[client-server]

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

[root@ansible ~]# ansible mysql -m copy -a 'src=/root/mysql/my.cnf dest=/etc/'
mysql | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "checksum": "70df95046509bfcab4f56022286c45ff6f2e9686",
    "dest": "/etc/my.cnf",
    "gid": 0,
    "group": "root",
    "mode": "0644",
    "owner": "root",
    "path": "/etc/my.cnf",
    "secontext": "system_u:object_r:mysqld_etc_t:s0",
    "size": 358,
    "state": "file",
    "uid": 0
}

//配置服务启动脚本
[root@ansible ~]# ansible mysql -m shell -a 'cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m lineinfile -a 'path=/etc/init.d/mysqld regexp="^basedir=" line=basedir=/usr/local/mysql'
mysql | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "backup": "",
    "changed": true,
    "msg": "line replaced"
}
[root@ansible ~]# ansible mysql -m lineinfile -a 'path=/etc/init.d/mysqld regexp="^datadir=" line=datadir=/opt/data'
mysql | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "backup": "",
    "changed": true,
    "msg": "line replaced"
}


//启动mysql
[root@ansible ~]# ansible mysql -m shell -a 'service mysqld start'
mysql | CHANGED | rc=0 >>
Starting MySQL. SUCCESS! Logging to '/opt/data/mysql.err'.

[root@ansible ~]# ansible mysql -m shell -a 'ss -antl'
mysql | CHANGED | rc=0 >>
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*       
LISTEN    0         80                       *:3306                   *:*       
LISTEN    0         128                   [::]:22                  [::]:*    

//修改新密码
[root@ansible ~]# cat pass
n9)I*3</*5og

[root@ansible ~]# ansible mysql -m shell -a '/usr/local/mysql/bin/mysql -uroot -p"n9)I*3</*5og" --connect-expired-password -e "set password = password(\"123456\");" '
mysql | CHANGED | rc=0 >>
mysql: [Warning] Using a password on the command line interface can be insecure.

//安装后配置
[root@ansible ~]# vim /etc/man_db.conf
MANDATORY_MANPATH                       /usr/local/mysql/man
[root@ansible ~]# scp /etc/man_db.conf mysql:/etc/

[root@ansible ~]# ansible mysql -m shell -a 'echo "/usr/local/mysql/lib" > /etc/ld.so.conf.d/mysql.conf'
mysql | CHANGED | rc=0 >>

[root@ansible ~]# ansible mysql -m shell -a 'ldconfig'
mysql | CHANGED | rc=0 >>

安装php

//安装依赖包
[root@ansible ~]# ansible php -m yum -a 'name=libxml2,libxml2-devel,openssl,openssl-devel,bzip2,bzip2-devel,libcurl,libcurl-devel,libicu-devel,libjpeg,libjpeg-devel,libpng,libpng-devel,openldap-devel,pcre-devel,freetype,freetype-devel,gmp,gmp-devel,libmcrypt,libmcrypt-devel,readline,readline-devel,libxslt,libxslt-devel,mhash,mhash-devel,php-mysqlnd'
php | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    },
    "changed": false,
    "msg": "Nothing to do",
    "rc": 0,
    "results": []
}

//安装php
[root@ansible ~]# ansible php -m yum -a 'name=php-*'

[root@ansible ~]# ansible php -m shell -a 'which php'
php | CHANGED | rc=0 >>
/usr/bin/php

[root@ansible ~]# ansible php -m shell -a 'php -v'
php | CHANGED | rc=0 >>
PHP 7.2.24 (cli) (built: Oct 22 2019 08:28:36) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.24, Copyright (c) 1999-2018, by Zend Technologies

//启动php
[root@ansible ~]# ansible php -m shell -a 'systemctl start php-fpm'
php | CHANGED | rc=0 >>

配置apache

//启用代理模块
[root@ansible ~]# vim /root/httpd/module.sh
#!/bin/bash

sed -i '/proxy_module/s/#//g' /etc/httpd24/httpd.conf && sed -i '/proxy_fcgi_module/s/#//g' /etc/httpd24/httpd.conf

[root@ansible ~]# ansible httpd -m script -a '/root/httpd/module.sh'
httpd | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to httpd closed.\r\n",
    "stderr_lines": [
        "Shared connection to httpd closed."
    ],
    "stdout": "",
    "stdout_lines": []
}

//注释listen = /run/php-fpm/www.sock新加本机加端口号
[root@ansible ~]# mkdir php
[root@ansible ~]# vim /root/php/php.sh
#!/bin/bash

sed -i 's|listen = /run/php-fpm/www.sock|listen=192.168.100.2:9000|' /etc/php-fpm.d/www.conf

[root@ansible ~]# ansible php -m script -a '/root/php/php.sh'
php | CHANGED => {
    "changed": true,
    "rc": 0,
    "stderr": "Shared connection to php closed.\r\n",
    "stderr_lines": [
        "Shared connection to php closed."
    ],
    "stdout": "",
    "stdout_lines": []
}

[root@ansible ~]# ansible php -m shell -a 'systemctl restart php-fpm'
php | CHANGED | rc=0 >>
[root@ansible ~]# ansible php -m shell -a 'ss -antl'
php | CHANGED | rc=0 >>
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*       
LISTEN    0         128              127.0.0.1:9000             0.0.0.0:*       
LISTEN    0         128                   [::]:22                  [::]:*   


//创建虚拟主机目录并生成php测试页面
[root@ansible ~]# ansible httpd -m shell -a 'mkdir /usr/local/apache/htdocs/test'
httpd | CHANGED | rc=0 >>

[root@ansible ~]# vim /root/httpd/index.php
<?php
    phpinfo();
?>

[root@ansible ~]# scp /root/httpd/index.php httpd:/usr/local/apache/htdocs/test/

[root@ansible ~]# ansible httpd -m shell -a 'chown -R apache.apache /usr/local/apache/htdocs/'
httpd | CHANGED | rc=0 >>

[root@ansible ~]# ansible httpd -m shell -a 'ls -l /usr/local/apache/htdocs/'
httpd | CHANGED | rc=0 >>
total 4
-rw-r--r--. 1 apache apache 45 Jun 12  2007 index.html
drwxr-xr-x. 2 apache apache 23 Jan  7 00:55 test

//配置虚拟主机
[root@httpd ~]# vim /etc/httpd24/httpd.conf
<VirtualHost *:80>
    DocumentRoot "/usr/local/apache/htdocs/test"
    ServerName www.yuqinghao.com
    ProxyRequests Off
    ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/test/$1
    <Directory "/usr/local/apache/htdocs/test">
        Options none
        AllowOverride none
        Require all granted
    </Directory>
</VirtualHost>

//搜索AddType,添加以下内容
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php              #添加此行
    AddType application/x-httpd-php-source .phps	  #添加此行
    
//搜索index.html,修改成以下内容
<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>

//重启apache服务
[root@ansible ~]# ansible httpd -m shell -a 'apachectl restart'
httpd | CHANGED | rc=0 >>

[root@ansible ~]# ansible httpd -m shell -a 'ss -antl'
httpd | CHANGED | rc=0 >>
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port    
LISTEN    0         128                0.0.0.0:22               0.0.0.0:*       
LISTEN    0         128                   [::]:22                  [::]:*       
LISTEN    0         128                      *:80                     *:*    

验证

ansible自动化运维工具上部署lamp

上一篇:LAMP源码包搭建


下一篇:LAMP 概述,及源码安装apache(附带安装脚本)