playbook编写分布式lnmp

playbook安装分布式lnmp

搭建本地yum仓库,使用http发布

yum -y install httpd
systemctl start httpd
cd /var/www/html
mkdir myrepo

yum -y install createrepo
createrepo myrepo
[root@host103 html]# ls myrepo/repodata/

cd myrepo
#下载rpm 包
wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
rpm -Uvh http://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/l/libargon2-20161029-3.el7.x86_64.rpm
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

yum install --downloadonly --downloaddir=/var/www/html/myrepo \
php72w php72w-cli php72w-common php72w-devel php72w-embedded php72w-gd php72w-mbstring php72w-pdo php72w-xml php72w-fpm php72w-mysqlnd php72w-opcache pcre-devel


编写yum仓库配置

[root@host103 opt]# cat nginx.repo 
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=1

[root@host103 opt]# cat my.repo 
[myrepo]
name=myrepo
baseurl=http://192.168.23.103/myrepo
enabled=1
gpgcheck=0


配置nginx配置文件,设置nginx支持php解析

[root@host103 opt]# egrep -nv '^$|#' default.conf 
1:server {
2:    listen       80;
3:    server_name  localhost;
7:    location / {
8:        root   /usr/share/nginx/html;
         #修改 ,配置文首页文件
9:        index  index.html index.php;
10:    }
16:    error_page   500 502 503 504  /50x.html;
17:    location = /50x.html {
18:        root   /usr/share/nginx/html;
19:    }
       #修改
29:    location ~ \.php$ {
30:        root           html;
          #修改,配置php主机ip和默认端口
31:        fastcgi_pass   192.168.23.107:9000;
32:        fastcgi_index  index.php;
           #修改
33:        fastcgi_param  SCRIPT_FILENAME  /usr/share/nginx/html$fastcgi_script_name; 
34:        include        fastcgi_params;
35:    }
43:}


配置php首页文件

[root@host103 opt]# vim index.php 
<?php
#配置连接数据的 ip 地址,用户,密码
$link=mysqli_connect('192.168.23.106','root','Admin@123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>


配置nginx和mysql主机的nfs共享配置文件

[root@host103 opt]# cat nginx_exports 
/usr/share/nginx/html 192.168.23.0/24(rw,no_root_squash)

[root@host103 opt]# cat mysql_exports 
/var/lib/mysql/ 192.168.23.0/24(rw,no_root_squash)


[root@host103 opt]# cat www.conf | grep -v '^;' | grep -v '^$'
[www]
#修改,配置用户和组为nginx
user = nginx 
group = nginx
#修改,配置监听地址php的地址和端口
listen = 192.168.23.107:9000
#修改,设置为nginx主机的地址
listen.allowed_clients = 192.168.23.105
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache
[root@host103 opt]# cat /etc/php.ini | egrep 'mysqli.default_socket|date.timezone'
; http://php.net/date.timezone
#修改,设置时区
date.timezone = Asia/Shanghai
#修改,设置mysql的套接字文件路径
mysqli.default_socket = /var/lib/mysql/mysql.sock


编写playbook前准备

#先配置免密登录
ssh-keygen  
ssh-copy-id 192.168.23.105
ssh-copy-id 192.168.23.106
ssh-copy-id 192.168.23.107

#配置主机清单
[root@host103 opt]# egrep -v '^$|#'  /etc/ansible/hosts  | grep -A1 'servers'
[phpservers]
192.168.23.107
[webservers]
192.168.23.105 
[dbservers]
192.168.23.106 


playbook文件

- name: for all 
  gather_facts: false
  hosts: webservers dbservers phpservers
  remote_user: root
  tasks: 
    - name: stop  firewalld
      service: name=firewalld state=stopped enabled=no

    - name: stop selinux
      selinux:
        policy: targeted
        state:
          disabled

    - name: make yumrepo
      copy: src=/opt/my.repo dest=/etc/yum.repos.d/my.repo
    
- name: for nginx
  gather_facts: false
  hosts: webservers
  remote_user: root
  tasks: 

    - name: modify yum repository
      copy: src=/opt/nginx.repo dest=/etc/yum.repos.d/nginx.repo

    - name: install nginx
      yum: name=nginx state=latest 

    - name: start nginx
      service: name=nginx state=started enabled=yes

    - name: install nfs
      yum: 
        name:
          - rpcbind
          - nfs-utils
   
    - name: chmod 
      file: path=/usr/share/nginx/html mode=0777
 
    - name: modify share directory
      copy: src=/opt/nginx_exports dest=/etc/exports
  
    - name: start nfs
      service: 
        name: "{{item}}"
        state: started
        enabled: yes
      with_items:
        - rpcbind
        - nfs

    - name: modify index.php
      copy: src=/opt/index.php dest=/usr/share/nginx/html/index.php

    - name: for nginx  support  php 
      copy: src=/opt/default.conf dest=/etc/nginx/conf.d/default.conf
      notify: restart nginx

  handlers: 
    - name: restart nginx
      service: name=nginx state=restarted
 
- name: for mysql
  gather_facts: false
  hosts: dbservers
  remote_user: root
  tasks:

    - name: remove mariadb and 
      yum: name=mariadb*  state=absent
    
    - name: install mysql57
      yum: name=mysql57-community-release-el7-10.noarch

    - name: install mysql
      yum: name=mysql-community-server

    - name: start mysqld
      service: name=mysqld state=started enabled=yes

    - name: initialize mysql
      shell: a=$(grep "password" /var/log/mysqld.log | awk 'NR==1{print $NF}') &&  mysqladmin -u root -p"$a" password 'Admin@123' || echo 'OK'
       
    - name: Configuring Authorized Users 
      shell: mysql -uroot -p'Admin@123' -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;" -e "flush privileges;"  || echo 'OK'

    - name: remove mysql57-community
      yum: name=mysql57-community-release-el7-10.noarc state=absent

    - name: install nfs
      yum:
        name:
          - rpcbind
          - nfs-utils

    - name: modify share directory
      copy: src=/opt/mysql_exports dest=/etc/exports

    - name: start nfs
      service:
        name: "{{item}}"
        state: started
        enabled: yes
      with_items:
        - rpcbind
        - nfs
          
          
- name: for php
  gather_facts: false
  hosts: phpservers
  remote_user: root
  tasks: 
    - name: stop  firewalld
      service: name=firewalld state=stopped enabled=no

    - name: stop selinux
      shell: setenforce 0
      ignore_errors: yes
    - name: make yumrepo for php
      copy: src=/opt/my.repo  dest=/etc/yum.repos.d/my.repo

    - name: useradd nginx
      user: name=nginx state=present

    - name: install nfs
      yum:
        name: 
          - rpcbind
          - nfs-utils
    - name: start nfs
      service: name=rpcbind state=started enabled=yes

    - name: make dir for nginx
      shell: ls /usr/share/nginx/html || mkdir -p /usr/share/nginx/html
  
    - name: make dir for mysql.sock
      shell: ls /var/lib/mysql/ || mkdir -p /var/lib/mysql

    - name: mount nfs for nginx
      mount:
        path: /usr/share/nginx/html
        src: 192.168.23.105:/usr/share/nginx/html
        fstype: nfs
        state: mounted

    - name: mount nfs for mysql
      mount:
        path: /var/lib/mysql
        src: 192.168.23.106:/var/lib/mysql
        fstype: nfs
        state: mounted

    - name: download libargon2 epel webtatic-release
      yum:
        name:
          - libargon2
          - epel-release 
          - webtatic-release

    - name: install php
      yum: 
        name:
          - php72w
          - php72w-cli
          - php72w-common
          - php72w-devel
          - php72w-embedded
          - php72w-gd
          - php72w-mbstring
          - php72w-pdo
          - php72w-xml
          - php72w-fpm
          - php72w-mysqlnd
          - php72w-opcache

    - name: modify php.ini
      copy: src=/opt/php.ini dest=/etc/php.ini

    - name: modify www.conf
      copy: src=/opt/www.conf dest=/etc/php-fpm.d/www.conf


    - name: start php
      service: name=php-fpm state=started enabled=yes      


playbook编写分布式lnmp

上一篇:OSCP Security Technology - Netcat


下一篇:OpenTEKr