ansible分离部署LNMP架构
ansible分离部署LNMP环境说明:
系统主机名IP服务centos8ansible192.168.111.141ansible主控机centos8nginx192.168.111.142nginx受控机centos8mysql192.168.111.143mysql受控机centos8php192.168.111.144php受控机1.准备工作
修改默认清单文件位置,构建清单
# vim /etc/ansible/ansible.cfg
inventory = /etc/ansible/inventory
# cd /etc/ansible/
# touch inventory
# vim inventory
nginx ansible_user=root ansible_password=123456
mysql ansible_user=root ansible_password=123456
php ansible_user=root ansible_password=123456
# vim /etc/hosts
192.168.111.142 nginx
192.168.111.143 mysql
192.168.111.144 php
//列出主机
# ansible lnmp --list-hosts
hosts (3):
nginx
mysql
php
//设置密钥连接
# ssh nginx
# exit
logout
# ssh mysql
# exit
logout
# ssh php
# exit
logout
#
//测试连通性
# ansible lnmp -m ping
nginx | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
php | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
mysql | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}2.部署nginx
//关闭selinux和防火墙
# ansible nginx -m service -a 'name=firewalld state=stopped enabled=no'
# ansible nginx -a 'setenforce 0'
# ansible nginx -a "sed -ri 's/^(SELINUX=).*/\1disabled/g'/etc/selinux/config"
//创建用户
# ansible nginx -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
//安装依赖包
# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make state=present'
//下载软件包并解压
# ansible nginx -a 'wget http://nginx.org/download/nginx-1.20.2.tar.gz'
# ansible nginx -a 'tar -xf nginx-1.20.2.tar.gz'
//进入目录编译安装
# mkdir -p /etc/ansible/scripts/
# cd /etc/ansible/scripts/
# vim configure.sh
#!/bin/bash
cd nginx-1.20.2
./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module && \
make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
root@ansible scripts]# ll
total 4
-rw-r--r-- 1 root root 470 Oct 23 22:04 configure.sh
# ansible nginx -m script -a '/etc/ansible/scripts/configure.sh'
//安装完成
# ansible nginx -a 'ls /usr/local/nginx'
nginx | CHANGED | rc=0 >>
conf
html
logs
sbin
//配置环境变量
# ansible nginx -m shell -a 'echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh'
# ansible nginx -a 'which nginx'
nginx | CHANGED | rc=0 >>
/usr/local/nginx/sbin/nginx
//启动服务
# vim /etc/ansible/scripts/nginx_service.sh
#!/bin/bash
cat > /usr/lib/systemd/system/nginx.service << EOF
Description=nginx server daemon
After=network.target
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecStop=/usr/local/nginx/sbin/nginx -s stop
ExecReload=/bin/kill -HUP \$MAINPID
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now nginx
# ansible nginx -m script -a '/etc/ansible/scripts/nginx_service.sh'
# ansible nginx -a 'ss -antl'
nginx | CHANGED | rc=0 >>
StateRecv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* 3.部署mysql
//关闭防火墙和selinux
# ansible mysql -m service -a 'name=firewalld state=stopped enabled=no'
# ansible mysql -a 'setenforce 0'
# ansible mysql -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
//创建用户
# ansible mysql -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'
//安装依赖包
# ansible mysql -m yum -a 'name=ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
//下载软件包解压重命名
# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
# ansible mysql -a 'tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
# ansible mysql -a 'mv /usr/local/mysql-5.7.38-linux-glibc2.12-x86_64 /usr/local/mysql'
//修改属主属组
# ansible mysql -a 'chown -R mysql.mysql /usr/local/mysql'
//配置环境
# ansible mysql -a 'ln -s /usr/local/mysql/include /usr/include/mysql'
# ansible mysql -m shell -a "echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf"
# ansible mysql -a "sed -i '22a MANDATORY_MANPATH /usr/local/mysql/man' /etc/man_db.conf"
# ansible mysql -m shell -a "echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh"
# ansible mysql -a 'which mysql'
# ansible mysql -a 'which mysql'
mysql | CHANGED | rc=0 >>
/usr/local/mysql/bin/mysql
//建立数据存放目录
# ansible mysql -a 'mkdir /opt/data'
# ansible mysql -a 'chown -R mysql.mysql /opt/data'
//初始化数据库
# ansible mysql -a 'mysqld --initialize --user mysql --datadir /opt/data'
mysql | CHANGED | rc=0 >>
2022-10-23T14:24:07.127784Z 0 TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2022-10-23T14:24:07.286100Z 0 InnoDB: New log files created, LSN=45790
2022-10-23T14:24:07.314541Z 0 InnoDB: Creating foreign key constraint system tables.
2022-10-23T14:24:07.383098Z 0 No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5a8e11ea-52de-11ed-b270-000c29c34b3e.
2022-10-23T14:24:07.383794Z 0 Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2022-10-23T14:24:07.600947Z 0 A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T14:24:07.600960Z 0 A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2022-10-23T14:24:07.601238Z 0 CA certificate ca.pem is self signed.
2022-10-23T14:24:07.640229Z 1 A temporary password is generated for root@localhost: y*rou<U9Om.c
# ansible mysql -m shell -a "echo 'y*rou<U9Om.c' > pass"
//生成配置文件启动服务
# vim /etc/ansible/scripts/mysql_service.sh
#!/bin/bash
cat >> /etc/my.cnf <<EOF
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
EOF
cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
cat > /usr/lib/systemd/system/mysqld.service <<EOF
Description=mysqld server daemon
After=network.target
Type=forking
ExecStart=/etc/init.d/mysqld start
ExecStop=/etc/init.d/mysqld stop
ExecReload=/bin/kill -HUP \$MAINPID
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now mysqld
# ansible mysql -m script -a '/etc/ansible/scripts/mysql_service.sh'
# ansible mysql -a 'ss -antl'
mysql | CHANGED | rc=0 >>
StateRecv-Q Send-Q Local Address:Port Peer Address:PortProcess
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:* 5.配置LNMP界面
//修改nginx配置文件# vim /etc/ansible/scripts/nginxconf.sh#!/bin/bashsed -i "45c indexindex.php index.html index.htm;" /usr/local/nginx/conf/nginx.confsed -i "65c location ~ \.php$ {" /usr/local/nginx/conf/nginx.confsed -i "66c root /var/www/html;" /usr/local/nginx/conf/nginx.confsed -i "67c fastcgi_pass 192.168.111.144:9000;" /usr/local/nginx/conf/nginx.confsed -i "68c fastcgi_indexindex.php;" /usr/local/nginx/conf/nginx.confsed -i "69c fastcgi_paramSCRIPT_FILENAME\$document_root\$fastcgi_script_name;" /usr/local/nginx/conf/nginx.confsed -i "70c include fastcgi_params;" /usr/local/nginx/conf/nginx.confsed -i "71c }" /usr/local/nginx/conf/nginx.conf# ansible nginx -m script -a '/etc/ansible/scripts/nginxconf.sh'# ansible nginx -a 'touch /usr/local/nginx/html/index.php'//在php端上配置网站# vim /etc/ansible/scripts/phpindex.sh#!/bin/bashmkdir -p /var/www/htmlcat > /var/www/html/index.php
页:
[1]