playbook部署lamp架构
准备4台主机,其中一台装ansible,其余三台分别部署apache、mysql、php,实现lamp架构
环境介绍
| 系统版本 | 主机IP | 用途 | 名称 |
|---|---|---|---|
| CentOS8.2 | 192.168.102.135 | ansible主控机 | cst |
| CentOS8.2 | 192.168.102.136 | apache服务器 | a136 |
| CentOS8.2 | 192.168.102.137 | mysql服务器 | a137 |
| CentOS8.2 | 192.168.102.138 | php服务器 | a138 |
环境部署
配置主控机
//建立项目结构
[root@cst ~]# yum -y install ansible
[root@cst ~]# cd /opt
[root@cst opt]# mkdir -p lamp/{app/php,databases/mysql,web/apache,vars,packages,files}
[root@cst opt]# cd lamp/
[root@cst lamp]# cp /etc/ansible/ansible.cfg .
[root@cst lamp]# ls
ansible.cfg app databases files packages vars web
//下载要用的安装包并放入packages文件夹
由于mysql安装包较大且下载速度慢,此处已提前准备
[root@cst lamp]# cd packages
[root@cst packages]# wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.4.46.tar.bz2
[root@cst packages]# wget http://mirror.bit.edu.cn/apache/apr/apr-1.7.0.tar.bz2
[root@cst packages]# wget http://mirror.bit.edu.cn/apache/apr/apr-util-1.6.1.tar.bz2
[root@cst packages]# ls
apr-1.7.0.tar.bz2 httpd-2.4.46.tar.bz2
apr-util-1.6.1.tar.bz2 mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
//修改ansible配置文件,使用自定义清单文件
[root@cst ~]# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/inventory
//为其他三台主机写映射,方便操作
[root@cst ~]# vim /etc/hosts
192.168.102.136 a136
192.168.102.137 a137
192.168.102.138 a138
//配置清单文件
[root@cst lamp]# vim inventory
[apache]
a136
[mysql]
a137
[php]
a138
//为另外三台主机做ssh连接
[root@cst lamp]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/R2+HQoA9/6D7NUkIFC/I1QC3zpg4IyOdFZydfYUcek root@cst
The key's randomart image is:
+---[RSA 3072]----+
| . +.+o= =o.. |
| B . = B .. |
| . + o + = =. |
|. = . =.+ oE |
| . . S=.+ ... |
| =..o+. |
| .oo.oo |
| o+..o.|
| .. oo .|
+----[SHA256]-----+
[root@cst lamp]# ssh-copy-id root@a136
[root@cst lamp]# ssh-copy-id root@a137
[root@cst lamp]# ssh-copy-id root@a138
[root@cst lamp]# ansible all -m ping
a136 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
a137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
a138 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
编写yum源的playbook
[root@cst lamp]# mkdir files
[root@cst lamp]# cd files
[root@cst files]# vim repo.yml
---
- hosts: all
tasks:
- name: yum factory
yum_repository:
description: "{{ item }}"
name: "{{ item }}"
baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
gpgcheck: no
enabled: yes
mode: 0644
file: "{{ item }}"
state: present
loop:
- BaseOS
- AppStream
when: >
( ansible_facts["distribution"] == "RedHat" and
ansible_facts["distribution_major_version"] == "8" )
- name: epel
yum_repository:
baseurl: https://mirrors.aliyun.com/epel/8/Modular/x86_64/
description: epel
name: epel
enable: yes
gpgcheck: no
file: epel
mode: 0644
state: present
- name: close selinux(1)
shell: setenforce 0
- name: close selinux(2)
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: 'SELINUX=disabled'
- name: close firewalld(1)
service:
name: firewalld
state: stopped
- name: close firewalld(2)
shell: systemctl disable firewalld