准备4台主机,其中一台装ansible,其余三台分别部署apache、mysql、php,实现lamp架构
主控机ip:192.168.170.20 wang ansible
受控机ip:192.168.170.134 apache apache
192.168.170.135 mysql mysql
192.168.170.136 php php
[root@wang lamp]# tree ..
├── app
│ ├── host_vars
│ │ └── php
│ ├── php.sh
│ └── php.yml
├── databases
│ ├── host_vars
│ │ └── mysql
│ ├── mysql.sh
│ ├── mysql.yml
│ └── password.yml
├── hosts
├── inventory
└── web
├── apache.sh
├── apache.yml
└── host_vars
└── apache 6 directories, 12 files
安装apache
[root@wang web]# cat apache.yml
---
- hosts: apache
gather_facts: no
tasks:
- name: create {{ create_user }}
user:
name: "{{ create_user }}"
state: present
- name: install
dnf:
name: "@Development tools"
state: present
- name: install
dnf:
name: bzip2,make,openssl-devel,pcre-devel,expat-devel,libtool,gcc,gcc-c++,libxml2-devel
state: present
- name: bash
script: /etc/lamp/web/apache.sh
[root@wang web]# cat apache.sh
#!/bin/bash
#下载
wget http://mirror.bit.edu.cn/apache/apr/apr-1.6.5.tar.gz /root
wget http://mirror.bit.edu.cn/apache/apr/apr-util-1.6.1.tar.gz /root
#配置apr脚本
tar xf apr-1.6.5.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.46.tar.gz
cd apr-1.6.5/
sed -i 's|$RM "$cfgfile"|# $RM "$cfgfile"|' /root/apr-1.6.5/configure
./configure --prefix=/usr/local/apr
make && make install
#配置apr-util脚本
cd
cd apr-util-1.6.1 && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
#配置apache脚本
cd
cd httpd-2.4.46 && ./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
#配置httpd的config文件c
cd
cd httpd-2.4.46
#设置环境变量
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
#映射文件
ln -s /usr/local/apache/include/ /usr/include/httpd
#设置帮助文档
echo 'MANPATH /usr/local/apache/man' >> /etc/man.config
#关闭警告信息
sed -i '/#ServerName/s/#//g' /etc/httpd24/httpd.conf
#启动模块
sed -i '/proxy_module/s/#//g' /etc/httpd24/httpd.conf
sed -i '/proxy_fcgi_module/s/#//g' /etc/httpd24/httpd.conf
#编辑配置文件
sed -i '/ DirectoryIndex/s/index.html/index.php index.html/g' /etc/httpd24/httpd.conf
sed -i 's|AddType application/x-gzip .gz .tgz|AddType application/x-gzip .gz .tgz\n AddType application/x-httpd-php .php\n AddType application/x-httpd-php-source .phps|' /etc/httpd24/httpd.conf
#加入文件内容
echo -e '<VirtualHost *:80>\n DocumentRoot "/usr/local/apache/htdocs/"\n ServerName www.wangming.com\n ProxyRequests Off\n ProxyPassMatch ^/(.*\.php)$ fcgi://192.168.170.136:9000/var/www/html/$1\n <Directory "/usr/local/apache/htdocs/">\n Options none\n AllowOverride none\n Require all granted\n </Directory>\n</VirtualHost>' >> /etc/httpd24/httpd.conf
#启动服务
apachectl restart
#关闭防火墙
systemctl stop firewalld.service
setenforce 0
[root@apache ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN0 128 0.0.0.0:22 0.0.0.0:*
LISTEN0 128 [::]:22 [::]:*
LISTEN0 128 *:80 *:*
安装mysql
[root@wang databases]# cat mysql.yml
---
- hosts: mysql
tasks:
- name: create {{ create_user }}
user:
name: "{{ create_user }}"
shell: /bin/nologin
create_home: no
state: present
- name: install {{pack}}
dnf:
name: "{{ pack }}"
state: present
- name: copy
copy:
src: /root/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: /root/
- name: man
lineinfile:
path: /etc/man_db.conf
line: 'MANDATORY_MANPATH /usr/local/mysql/man'
- name: bash
script: /etc/lamp/databases/mysql.sh
[root@wang databases]# cat mysql.sh
#/bin/bash
cd
tar xf 'mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz'
#添加映射文件
ln -s mysql-5.7.31-linux-glibc2.12-x86_64 mysql
#修改属主属组
chown -R mysql.mysql /root/mysql*
#设置环境变量
echo 'export PATH=/root/mysql/bin:$PATH' >/etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
#创建MySQL文件目录,修改属性
mkdir /opt/data
chown -R mysql.mysql /opt/data
#初始化数据库
/root/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/ > /root/sqlpass 2>&1
#添加映射文件
echo '/root/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
ldconfig
#启动服务脚本
cp -a /root/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/root/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
#启动服务
service mysqld start
#关闭防火墙
systemctl stop firewalld.service
setenforce 0
#提取并修改密码
/root/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/sqlpass)" --connect-expired-password -e "set password = password(\"123456\");"
加密文件
[root@wang databases]# ansible-vault create password.yml
New Vault password:
Confirm New Vault password:
[root@wang databases]# ls .mypass
.mypass
[root@wang databases]# echo '990304' > .mypass
[root@wang databases]# chmod 600 .mypass
[root@wang databases]# ll .mypass
-rw------- 1 root root 7 1月 12 06:20 .mypass
[root@wang databases]# ansible-vault view password.yml
Vault password:
mysqlpassword=123456
[root@wang databases]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN0 128 0.0.0.0:22 0.0.0.0:*
LISTEN0 128 [::]:22 [::]:*
LISTEN0 80 *:3306 *:*
安装php
[root@wang app]# cat php.yml
---
- hosts: php
gather_facts: no
tasks:
- name: install
yum:
name: php-*
state: present
- name: install
yum:
name: "Development Tools"
state: present
- name: install
yum:
name: Package readline-7.0-10.el8.x86_64 is already installed, Package libxslt-1.1.32-3.el8.x86_64 is already installed,Package libxml2-2.9.7-5.el8.x86_64 is already installed,Package openssl-1:1.1.1-8.el8.x86_64 is already installed,Package libcurl-7.61.1-8.el8.x86_64 is already installed,Package libjpeg-turbo-1.5.3-7.el8.x86_64 is already installed,Package libpng-2:1.6.34-5.el8.x86_64 is already installed,Package pcre-devel-8.42-4.el8.x86_64 is already installed,Package freetype-2.9.1-4.el8.x86_64 is already installed, Package gmp-1:6.1.2-8.el8.x86_64 is already installed
state: present
- name: config
script: /etc/lamp/app/php.sh
- name: start php
service:
name: php-fpm
state: restarted
[root@wang app]# cat php.sh
#!/bin/bash
#创建测试页面
echo -e "<?php\n\tphpinfo();\n?>" > /var/www/html/index.php
chown -R apache.apache /var/www/html/
#修改配置文件 ,设置所有端口可访问,并加入apacheip
sed -i 's|listen = /run/php-fpm/www.sock|listen=0.0.0.0:9000|' /etc/php-fpm.d/www.conf
sed -i 's|127.0.0.1|192.168.170.134|' /etc/php-fpm.d/www.conf
#关闭防火墙
systemctl stop firewalld.service
setenforce 0
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN0 128 0.0.0.0:22 0.0.0.0:*
LISTEN0 128 0.0.0.0:9000 0.0.0.0:*
LISTEN0 128 [::]:22 [::]:*