ansible分离部署LNMP架构

金飞

ansible分离部署LNMP

环境说明：
系统主机名IP服务centos8ansible192.168.111.141ansible主控机centos8nginx192.168.111.142nginx受控机centos8mysql192.168.111.143mysql受控机centos8php192.168.111.144php受控机1.准备工作

修改默认清单文件位置，构建清单

1. [root@ansible ~]# vim /etc/ansible/ansible.cfg
2. inventory = /etc/ansible/inventory
3. [root@ansible ~]# cd /etc/ansible/
4. [root@ansible ansible]# touch inventory
5. [root@ansible ansible]# vim inventory
6. [lnmp]
7. nginx ansible_user=root ansible_password=123456
8. mysql ansible_user=root ansible_password=123456
9. php ansible_user=root ansible_password=123456
11. [root@ansible ~]# vim /etc/hosts
12. 192.168.111.142 nginx
13. 192.168.111.143 mysql
14. 192.168.111.144 php
16. //列出主机
17. [root@ansible ~]# ansible lnmp --list-hosts
18.   hosts (3):
19.     nginx
20.     mysql
21.     php
23. //设置密钥连接
24. [root@ansible ~]# ssh nginx
25. [root@nginx ~]# exit
26. logout
27. [root@ansible ~]# ssh mysql
28. [root@mysql ~]# exit
29. logout
30. [root@ansible ~]# ssh php
31. [root@php ~]# exit
32. logout
33. [root@ansible ~]#
35. //测试连通性
36. [root@ansible ~]# ansible lnmp -m ping
37. nginx | SUCCESS => {
38.     "ansible_facts": {
39.         "discovered_interpreter_python": "/usr/libexec/platform-python"
40.     },
41.     "changed": false,
42.     "ping": "pong"
43. }
44. php | SUCCESS => {
45.     "ansible_facts": {
46.         "discovered_interpreter_python": "/usr/libexec/platform-python"
47.     },
48.     "changed": false,
49.     "ping": "pong"
50. }
51. mysql | SUCCESS => {
52.     "ansible_facts": {
53.         "discovered_interpreter_python": "/usr/libexec/platform-python"
54.     },
55.     "changed": false,
56.     "ping": "pong"
57. }

复制代码

2.部署nginx

1. //关闭selinux和防火墙
2. [root@ansible ~]# ansible nginx -m service -a 'name=firewalld state=stopped enabled=no'
3. [root@ansible ~]# ansible nginx -a 'setenforce 0'
4. [root@ansible ~]# ansible nginx -a "sed -ri 's/^(SELINUX=).*/\1disabled/g'/etc/selinux/config"
6. //创建用户
7. [root@ansible ~]# ansible nginx -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
9. //安装依赖包
10. [root@ansible ~]# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make state=present'
12. //下载软件包并解压
13. [root@ansible ~]# ansible nginx -a 'wget http://nginx.org/download/nginx-1.20.2.tar.gz'
14. [root@ansible ~]# ansible nginx -a 'tar -xf nginx-1.20.2.tar.gz'
16. //进入目录编译安装
17. [root@ansible ~]# mkdir -p /etc/ansible/scripts/
18. [root@ansible ~]# cd /etc/ansible/scripts/
19. [root@ansible scripts]# vim configure.sh
20. #!/bin/bash
22. cd nginx-1.20.2
24. ./configure \
25. --prefix=/usr/local/nginx \
26. --user=nginx \
27. --group=nginx \
28. --with-debug \
29. --with-http_ssl_module \
30. --with-http_realip_module \
31. --with-http_image_filter_module \
32. --with-http_gunzip_module \
33. --with-http_gzip_static_module \
34. --with-http_stub_status_module && \
36. make -j $(grep 'processor' /proc/cpuinfo | wc -l) && make install
38. root@ansible scripts]# ll
39. total 4
40. -rw-r--r-- 1 root root 470 Oct 23 22:04 configure.sh
41. [root@ansible scripts]# ansible nginx -m script -a '/etc/ansible/scripts/configure.sh'
43. //安装完成
44. [root@ansible ~]# ansible nginx -a 'ls /usr/local/nginx'
45. nginx | CHANGED | rc=0 >>
46. conf
47. html
48. logs
49. sbin
51. //配置环境变量
52. [root@ansible ~]# ansible nginx -m shell -a 'echo "export PATH=$PATH:/usr/local/nginx/sbin" > /etc/profile.d/nginx.sh'
53. [root@ansible ~]# ansible nginx -a 'which nginx'
54. nginx | CHANGED | rc=0 >>
55. /usr/local/nginx/sbin/nginx
57. //启动服务
58. [root@ansible ~]# vim /etc/ansible/scripts/nginx_service.sh
59. #!/bin/bash
61. cat > /usr/lib/systemd/system/nginx.service << EOF
62. [Unit]
63. Description=nginx server daemon
64. After=network.target
66. [Service]
67. Type=forking
68. ExecStart=/usr/local/nginx/sbin/nginx
69. ExecStop=/usr/local/nginx/sbin/nginx -s stop
70. ExecReload=/bin/kill -HUP \$MAINPID
72. [Install]
73. WantedBy=multi-user.target
74. EOF
76. systemctl daemon-reload
77. systemctl enable --now nginx
79. [root@ansible ~]# ansible nginx -m script -a '/etc/ansible/scripts/nginx_service.sh'
80. [root@ansible ~]# ansible nginx -a 'ss -antl'
81. nginx | CHANGED | rc=0 >>
82. State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
83. LISTEN 0      128          0.0.0.0:80        0.0.0.0:*         
84. LISTEN 0      128          0.0.0.0:22        0.0.0.0:*         
85. LISTEN 0      128             [::]:22           [::]:*         

复制代码

3.部署mysql

1. //关闭防火墙和selinux
2. [root@ansible ~]# ansible mysql -m service -a 'name=firewalld state=stopped enabled=no'
3. [root@ansible ~]# ansible mysql -a 'setenforce 0'
4. [root@ansible ~]# ansible mysql -a "sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config"
6. //创建用户
7. [root@ansible ~]# ansible mysql -m user -a 'name=mysql system=yes create_home=no shell=/sbin/nologin state=present'
9. //安装依赖包
10. [root@ansible ~]# ansible mysql -m yum -a 'name=ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel,ncurses-compat-libs state=present'
12. //下载软件包解压重命名
13. [root@ansible ~]# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz'
14. [root@ansible ~]# ansible mysql -a 'tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
15. [root@ansible ~]# ansible mysql -a 'mv /usr/local/mysql-5.7.38-linux-glibc2.12-x86_64 /usr/local/mysql'
17. //修改属主属组
18. [root@ansible ~]# ansible mysql -a 'chown -R mysql.mysql /usr/local/mysql'
20. //配置环境
21. [root@ansible ~]# ansible mysql -a 'ln -s /usr/local/mysql/include /usr/include/mysql'
22. [root@ansible ~]# ansible mysql -m shell -a "echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf"
23. [root@ansible ~]# ansible mysql -a "sed -i '22a MANDATORY_MANPATH    /usr/local/mysql/man' /etc/man_db.conf"
24. [root@ansible ~]# ansible mysql -m shell -a "echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh"
25. [root@ansible ~]# ansible mysql -a 'which mysql'
26. [root@ansible ~]# ansible mysql -a 'which mysql'
27. mysql | CHANGED | rc=0 >>
28. /usr/local/mysql/bin/mysql
30. //建立数据存放目录
31. [root@ansible ~]# ansible mysql -a 'mkdir /opt/data'
32. [root@ansible ~]# ansible mysql -a 'chown -R mysql.mysql /opt/data'
34. //初始化数据库
35. [root@ansible ~]# ansible mysql -a 'mysqld --initialize --user mysql --datadir /opt/data'
36. mysql | CHANGED | rc=0 >>
37. 2022-10-23T14:24:07.127784Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
38. 2022-10-23T14:24:07.286100Z 0 [Warning] InnoDB: New log files created, LSN=45790
39. 2022-10-23T14:24:07.314541Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
40. 2022-10-23T14:24:07.383098Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5a8e11ea-52de-11ed-b270-000c29c34b3e.
41. 2022-10-23T14:24:07.383794Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
42. 2022-10-23T14:24:07.600947Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
43. 2022-10-23T14:24:07.600960Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
44. 2022-10-23T14:24:07.601238Z 0 [Warning] CA certificate ca.pem is self signed.
45. 2022-10-23T14:24:07.640229Z 1 [Note] A temporary password is generated for root@localhost: y*rou<U9Om.c
46. [root@ansible ~]# ansible mysql -m shell -a "echo 'y*rou<U9Om.c' > pass"
48. //生成配置文件启动服务
49. [root@ansible ~]# vim /etc/ansible/scripts/mysql_service.sh
50. #!/bin/bash
52. cat >> /etc/my.cnf <<EOF
53. [mysqld]
54. basedir = /usr/local/mysql
55. datadir = /opt/data
56. socket = /tmp/mysql.sock
57. port = 3306
58. pid-file = /opt/data/mysql.pid
59. user = mysql
60. skip-name-resolve
61. EOF
63. cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
64. sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
65. sed -ri 's#^(datadir=).*#\1/opt/data#g' /etc/init.d/mysqld
66. chmod +x /etc/init.d/mysqld
68. cat > /usr/lib/systemd/system/mysqld.service <<EOF
69. [Unit]
70. Description=mysqld server daemon
71. After=network.target
73. [Service]
74. Type=forking
75. ExecStart=/etc/init.d/mysqld start
76. ExecStop=/etc/init.d/mysqld stop
77. ExecReload=/bin/kill -HUP \$MAINPID
79. [Install]
80. WantedBy=multi-user.target
81. EOF
83. systemctl daemon-reload
84. systemctl enable --now mysqld
86. [root@ansible ~]# ansible mysql -m script -a '/etc/ansible/scripts/mysql_service.sh'
87. [root@ansible ~]# ansible mysql -a 'ss -antl'
88. mysql | CHANGED | rc=0 >>
89. State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
90. LISTEN 0      128          0.0.0.0:22        0.0.0.0:*         
91. LISTEN 0      80                 *:3306            *:*         
92. LISTEN 0      128             [::]:22           [::]:*

复制代码

5.配置LNMP界面

[code]//修改nginx配置文件[root@ansible ~]# vim /etc/ansible/scripts/nginxconf.sh#!/bin/bashsed -i "45c                   index  index.php index.html index.htm;" /usr/local/nginx/conf/nginx.confsed -i "65c     location ~ \.php$ {" /usr/local/nginx/conf/nginx.confsed -i "66c     root      /var/www/html;" /usr/local/nginx/conf/nginx.confsed -i "67c     fastcgi_pass   192.168.111.144:9000;" /usr/local/nginx/conf/nginx.confsed -i "68c     fastcgi_index  index.php;" /usr/local/nginx/conf/nginx.confsed -i "69c     fastcgi_param  SCRIPT_FILENAME  \$document_root\$fastcgi_script_name;" /usr/local/nginx/conf/nginx.confsed -i "70c      include        fastcgi_params;" /usr/local/nginx/conf/nginx.confsed -i "71c      }" /usr/local/nginx/conf/nginx.conf[root@ansible ~]# ansible nginx -m script -a '/etc/ansible/scripts/nginxconf.sh'[root@ansible ~]# ansible nginx -a 'touch /usr/local/nginx/html/index.php'//在php端上配置网站[root@ansible ~]# vim /etc/ansible/scripts/phpindex.sh#!/bin/bashmkdir -p /var/www/htmlcat > /var/www/html/index.php