搭建四台主机。
192.168.170.120 ansible
192.168.170.155 apache
192.168.170.156 mysql
192.168.170.157 php
准备httpd源码包,二进制MySQL包 #下载httpd源码包以及apr,apr_util wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.gz wget http://mirrors.tuna.tsinghua.edu.cn/apache//apr/apr-1.7.0.tar.gz wget http://mirrors.hust.edu.cn/apache//apr/apr-util-1.6.1.tar.gz #下载二进制mysql包 wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz 安装ansible #配置yum源 [root@ansible ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo [root@ansible ~]# sed -i -e ‘/mirrors.cloud.aliyuncs.com/d‘ -e ‘/mirrors.aliyuncs.com/d‘ /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# sed -i ‘s#\$releasever#8#g‘ /etc/yum.repos.d/CentOS-Base.repo [root@ansible ~]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm [root@ansible ~]# sed -i ‘s|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|‘ /etc/yum.repos.d/epel* [root@ansible ~]# sed -i ‘s|^metalink|#metalink|‘ /etc/yum.repos.d/epel* [root@ansible ~]# sed -i ‘s#\$releasever#8#g‘ /etc/yum.repos.d/epel.repo #安装ansible [root@ansible ~]# yum -y install ansible #查看ansible版本 [root@ansible ~]# ansible --version ansible 2.9.16 config file = /etc/ansible/ansible.cfg configured module search path = [‘/root/.ansible/plugins/modules‘, ‘/usr/share/ansible/plugins/modules‘] ansible python module location = /usr/lib/python3.6/site-packages/ansible executable location = /usr/bin/ansible python version = 3.6.8 (default, Dec 5 2019, 15:45:45) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)] #ssh免密登录 [root@ansible lamp]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.170.155 node2192.168.170.156 node3 192.168.170.157 node4 [root@ansible ~]# ssh-keygen -t rsa [root@ansible ~]# ssh-copy-id root@node2 [root@ansible ~]# ssh-copy-id root@node3 [root@ansible ~]# ssh-copy-id root@node4 将被控机IP加入到主控机清单 #修改清单文件位置 [root@ansible ~]# vim /etc/ansible/ansible.cfg [defaults] # some basic default values... inventory = /etc/ansible/inventory #指定清单文件位置 #library = /usr/share/my_modules/ [root@ansible ~]# mkdir lamp [root@ansible ~]# cd lamp #创建清单文件 [root@localhost ~]# vim /etc/ansible/inventory
node2
node3
node4
运用ping模块检查节点机 [root@ansible lamp]# ansible all -m ping node3 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } node2 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong" } node4 | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong"
[root@localhost lamp]# tree
.
├── application
│ └── php
│ ├── depend
│ │ └── depend_php.yml
│ ├── files
│ │ ├── base_task.yml
│ │ ├── config_task.yml
│ │ ├── install_task.yml
│ │ └── start_task.yml
│ └── main.yml
├── base
│ ├── create_user_task.yml
│ └── yum.yml
├── databases
│ └── mysql
│ ├── depend
│ │ └── depend_mysql.yml
│ ├── files
│ │ ├── base_task.yml
│ │ ├── config_task.yml
│ │ ├── datadir_task.yml
│ │ └── uncompress_task.yml
│ ├── main.yml
│ ├── packages
│ │ └── mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
│ ├── passwd
│ │ └── passwd.yml
│ ├── scripts
│ │ └── install.sh
│ └── templates
│ └── my.j2
└── web
└── apache
├── depend
│ └── apache_depend.yml
├── files
│ ├── base_task.yml
│ ├── config_tasks.yml
│ └── depend_task.yml
├── main.yml
├── packages
│ ├── apr-1.7.0.tar.gz
│ ├── apr-util-1.6.1.tar.gz
│ └── httpd-2.4.46.tar.bz2
├── scripts
│ └── packages.sh
└── templates
└── httpd.j2
yum源playbook
[root@ansible lamp]# vim base/yum.yml
---
- hosts: all
tasks:
- name: yum warehouse
yum_repository:
name: "{{ item }}"
description: "{{ item }}"
file: "{{ item }}"
baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
gpgcheck: no
enabled: yes
loop:
- BaseOS
- AppStream
- name: epel
yum_repository:
name: epel
description: epel
file: epel
baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/
gpgcheck: no
enabled: yes
- name: stop firewalld
service:
name: firewalld
state: stopped
- name: disabled selinux
lineinfile:
path: /etc/selinux/config
regexp: ‘^SELINUX=‘
line: SELINUX=disabled
- name: stop selinux
shell: setenforce 0
[root@ansible lamp]# ansible-playbook base/base.yml
创建用户playbook
[root@ansible lamp]# vim base/create_user_task.yml
- name: create user
user:
name: ‘{{ user }}‘
system: yes
create_home: no
shell: /sbin/nologin
state: present
apache安装配置
#yum安装包循环yml
[root@ansible lamp]# mkdir web/apache/depend/
[root@ansible lamp]# vim web/apache/depend/apache_depend.yml
packages:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
[root@ansible lamp]# vim web/apache/scripts/packages.sh
#!/bin/bash
#install apr
sed -i ‘s/\$RM "$cfgfile"/\#\$RM "$cfgfile"/‘ apr-1.7.0/configure
cd apr-1.7.0
./configure --prefix=/usr/local/apr
make && make install
cd
#install apr-util
cd /root/apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install
cd
#install apache
cd httpd-2.4.46
./configure --prefix=/usr/local/apache --sysconfdir=/etc/httpd24 --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/ --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
make && make install
cd
#variable
echo ‘export PATH=/usr/local/apache/bin:$PATH‘ > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
#include
ln -s /usr/local/apache/include/ /usr/include/httpd
#httpd.j2配置
[root@ansible lamp]# vim web/apache/templates/httpd.j2
#搜索AddType
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php #添加此行
AddType application/x-httpd-php-source .phps #添加此行
#搜索proxy.so
#LoadModule remoteip_module modules/mod_remoteip.so
LoadModule proxy_module modules/mod_proxy.so //取消注释
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so //取消注释
#搜索index.html
DirectoryIndex index.php index.html #添加index.php
#在配置文件的最后加入以下内容
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/"
ServerName www.meijianbiao.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://{{ hostvars[‘node4‘].ansible_default_ipv4.address }}:9000/var/www/html/$1
<Directory "/usr/local/apache/htdocs">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
#playbook
[root@ansible lamp]# vim web/apache/files/base_task.yml
- name: install httpd depend
yum:
name: ‘{{ item }}‘
state: present
loop: ‘{{ packages }}‘
- name: install development tools
yum:
name: ‘@Development tools‘
state: present
[root@ansible lamp]# cat web/apache/files/depend_task.yml
- name: copy depend packages
copy:
src: packages/
dest: /root/
- name: uncompress
shell: "tar xf /root/apr-1.7.0.tar.gz && tar xf /root/apr-util-1.6.1.tar.gz && tar xf /root/httpd-2.4.46.tar.bz2"
- name: install packages
script: scripts/packages.sh
[root@ansible lamp]# cat web/apache/files/config_tasks.yml
- name: config
template:
src: templates/httpd.j2
dest: /etc/httpd24/httpd.conf
- name: start httpd
shell: "/usr/local/apache/bin/apachectl start"
#导入playbook到main.yml
[root@ansible lamp]# vim web/apache/main.yml
---
- name: install depend
vars:
user: apache
hosts: node2
vars_files:
- depend/apache_depend.yml
tasks:
- include_tasks: files/base_task.yml
- include_tasks: /root/lamp/base/create_user_task.yml
- include_tasks: files/depend_task.yml
- hosts: all
tasks:
- include_tasks: files/config_tasks.yml
when: ansible_hostname == "node2"
#执行playbook
[root@ansible lamp]# ansible-playbook web/apache/main.yml
mysql配置
#编辑模板文件
[root@ansible lamp]# mkdir databases/mysql/templates
[root@ansible lamp]# vim databases/mysql/templates/my.j2
[mysqld]
basedir = /usr/local/mysql
datadir = {{ datadir }}
socket = /tmp/mysql.sock
port = 3306
pid-file = {{ datadir }}/mysql.pid
user = mysql
skip-name-resolve
#script
[root@ansible lamp]# mkdir databases/mysql/scripts
[root@ansible lamp]# vim databases/mysql/scripts/install.sh
#!/bin/bash
#variable
echo ‘export PATH=/usr/local/mysql/bin:$PATH‘ > /etc/profile.d/myslq.sh
source /etc/profile.d/myslq.sh
#lib
echo ‘/usr/local/mysql/lib‘ > /etc/ld.so.conf.d/msqly.conf
ldconfig
#initizlize mysql
/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/mydata > /root/password 2>&1
#start mysql
service mysqld start
#循环yml
[root@ansible lamp]# mkdir databases/mysql/depend
[root@ansible lamp]# vim databases/mysql/depend/depend_mysql.yml
packages:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- ncurses-compat-libs
#playbook
[root@ansible lamp]# vim databases/mysql/files/base_task.yml
- name:
yum:
name: ‘{{ item }}‘
state: present
loop: ‘{{ packages }}‘
[root@ansible lamp]# vim databases/mysql/files/datadir_task.yml
- name: create datadir
file:
path: ‘{{ datadir }}‘
owner: ‘{{ user }}‘
group: ‘{{ user }}‘
state: directory
[root@ansible lamp]# vim databases/mysql/files/uncompress_task.yml
- name: uncompress
unarchive:
src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: /usr/local/
owner: mysql
group: mysql
- name: soft link
file:
src: /usr/local/mysql-5.7.31-linux-glibc2.12-x86_64
dest: /usr/local/mysql
state: link
[root@ansible lamp]# vim databases/mysql/files/config_task.yml
- name: copy start shell
shell: cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
- name: modify config
lineinfile:
path: /etc/init.d/mysqld
regexp: ‘^basedir=‘
line: basedir=/usr/loacl/mysql
- name: modify config
lineinfile:
path: /etc/init.d/mysqld
regexp: ‘^datadir=‘
line: datadir={{ datadir }}
- name: my.cnf
template:
src: templates/my.j2
dest: /etc/my.cnf
- name: path
script: scripts/install.sh
#修改密码playbook
[root@ansible lamp]# vim databases/mysql/passwd/passwd.yml
---
- hosts: mysql
tasks:
- name: change password
shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk ‘/password/{print$NF}‘ /root/password)" --connect-expired-password -e "set password = password(\"123\");"
#包含任务至main.yml
[root@ansible lamp]# vim databases/mysql/main.yml
- hosts: node3
vars_files:
- depend/depend_mysql.yml
vars:
- user: mysql
- datadir: /mydata
tasks:
- include_tasks: files/base_task.yml
- include_tasks: /root/lamp/base/create_user_task.yml
- include_tasks: files/datadir_task.yml
- include_tasks: files/uncompress_task.yml
- include_tasks: files/config_task.yml
#加密密码剧本
[root@ansible lamp]# ansible-vault encrypt databases/mysql/passwd/passwd.yml
New Vault password:
Confirm New Vault password:
Encryption successful
#记录密码
[root@ansible lamp]# echo ‘123456‘ > databases/mysql/.mysqlpasswd
#修改密码文件权限
[root@ansible lamp]# chmod 600 databases/mysql/.mysqlpasswd
#执行playbook
[root@ansible lamp]# ansible-playbook databases/mysql/main.yml
#执行修改密码playbook
[root@ansible lamp]# ansible-playbook --vault-password-file=databases/mysql/.mysqlpasswd databases/mysql/passwd/passwd.yml
php配置
#循环yml
[root@ansible lamp]# mkidr application/php/depend
[root@ansible lamp]# vim application/php/depend/depend_php.yml
packages:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg
- libjpeg-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
#playbook
[root@ansible lamp]# vim application/php/files/base_task.yml
- name: depend packages
yum:
name: ‘{{ item }}‘
state: present
loop: ‘{{ packages }}‘
[root@ansible lamp]# vim application/php/files/install_task.yml
- name: install php
yum:
name: php-*
state: present
[root@ansible lamp]# vim application/php/files/config_task.yml
- name: index.php
shell: ‘echo -e "<?php\n\tphpinfo();\n?>" > /var/www/html/index.php‘
- name: change owner
shell: ‘chown -R apache.apache /var/www/html/‘
- name: socket
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: ‘^listen =‘
line: listen = 0.0.0.0:9000
- name: conf client
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: ‘^listen.allowed_clients =‘
line: listen.allowed_clients = 192.168.170.155
[root@ansible lamp]# vim application/php/files/start_task.yml
- name: start php-fpm
service:
name: php-fpm
enabled: yes
state: started
#包含playbook至main.yml
[root@ansible lamp]# vim application/php/main.yml
---
- hosts: node4
vars_files:
- depend/depend_php.yml
tasks:
- include_tasks: files/base_task.yml
- include_tasks: files/install_task.yml
- include_tasks: files/config_task.yml
- include_tasks: files/start_task.yml
#执行main.yml
[root@ansible lamp]# ansible-playbook application/php/main.yml
原文:https://www.cnblogs.com/meijianbiao/p/14311232.html