ansible自动化运维工具上部署lnmp架构,ansiblelnmp
ansible自动化运维工具上部署lnmp架构,ansiblelnmp
- ansible自动化运维工具上部署lnmp架构
- ansible安装
- 通过ansible连接到192.168.228.20配置nginx安装(本地也要安装nginx,步骤略)
- 安装mysql
- 安装PHP
ansible自动化运维工具上部署lnmp架构
准备四台服务器,一台安装ansible,进行管理与控制;一台安装mysql,存放数据;一台安装nginx,实现反向代理;最后安装php。
| CentOS7 | IP | 运用 |
|---|---|---|
| 192.168.228.20 | nginx | |
| 192.168.228.21 | mysql数据库 | |
| 192.168.228.23 | php | |
| 192.168.228.30 | ansible运维工具 |
ansible安装
yum源安装
[root@arongya ~]# cd /etc/yum.repos.d/
[root@arongya yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:-100 1572 100 1572 0 0 5815 0 --:--:-- --:--:-- --:--:-- 5865
[root@arongya yum.repos.d]# rm -rf CentOS-*
[root@arongya yum.repos.d]# ls
CentOS7-Base-163.repo
[root@arongya yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@arongya yum.repos.d]# sed -i 's/^enable=.*/enable=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@arongya yum.repos.d]# yum -y install epel-release
安装ansible
[root@arongya ~]# yum -y install ansible ansible-doc
查看ansible的版本
[root@arongya ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
配置ssh
[root@arongya ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WOMTPDiX24K9QKRWBRl9mTwXah1/3GisIwy2c23lXmk root@arongya
The key's randomart image is:
+---[RSA 2048]----+
| =*.. oo. |
| +.o..*o.+ o.|
| o + @.oo. * +|
| . . X @ . = ..|
| + S = = .E.|
| . * o o.. |
| . . |
| |
| |
+----[SHA256]-----+
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.20
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.21
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.23将要配置nginx、mysql、php的被控主机的IP添加到ansible主机清单
[root@arongya ~]# vim /etc/ansible/hosts
[root@arongya ~]# tail -8 /etc/ansible/hosts
[nginx]
192.168.228.20
[mysql]
192.168.228.21
[php]
192.168.228.23运用ping模块检查指定节点机器是否连接
[root@arongya ~]# ansible all -m ping
192.168.228.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.228.23 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.228.21 | SUCCESS => {
"changed": false,
"ping": "pong"
}关闭主控机器的防火墙和selinux
[root@arongya ~]# systemctl stop firewalld
[root@arongya ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@arongya ~]# setenforce 0
[root@arongya ~]# sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config
通过ansible连接到192.168.228.20配置nginx安装(本地也要安装nginx,步骤略)
环境准备
关闭防火墙和selinux
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'systemctl is-active firewalld'
192.168.228.20 | SUCCESS | rc=0 >>
active
[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld state=stopped'
192.168.228.20 | SUCCESS => {
"changed": true,
"name": "firewalld",
"state": "stopped",
"status": {
...以下内容略
[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld enabled=no'
192.168.228.20 | SUCCESS => {
"changed": true,
"enabled": false,
"name": "firewalld",
[root@arongya ~]# ansible 192.168.228.20 -a 'setenforce 0'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
创建系统组和用户
[root@arongya ~]# ansible 192.168.228.20 -m group -a 'name=nginx system=yes state=present'
192.168.228.20 | SUCCESS => {
"changed": true,
"gid": 996,
"name": "nginx",
"state": "present",
"system": true
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/group'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:
[root@arongya ~]# ansible 192.168.228.20 -m user -a 'name=nginx group=996 uid=996 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.228.20 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 996,
"home": "/home/nginx",
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 996
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/passwd'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:996::/home/nginx:/sbin/nologin安装依赖环境
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y install pcre-devel openssl openssl-devel gd-devel'
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y groups mark install "Development Tools" '
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum grouplist'
创建日志存放目录以及更改存放日志目录属组和属主
[root@arongya ~]# ansible 192.168.228.20 -a 'mkdir -p /var/log/nginx'
[WARNING]: Consider using the file module with state=directory rather than
running mkdir. If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -a 'chown -R nginx.nginx /var/log/nginx'
[WARNING]: Consider using the file module with owner rather than running
chown. If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -a 'ls -ld /var/log/nginx'
192.168.228.20 | SUCCESS | rc=0 >>
drwxr-xr-x. 2 nginx nginx 6 Sep 10 14:53 /var/log/nginx下载nginx
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && yum -y install wget && wget http://nginx.org/download/nginx-1.12.0.tar.gz '编译安装
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && tar xf nginx-1.12.0.tar.gz -C /usr/src/'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'ls /usr/src/ -l'
192.168.228.20 | SUCCESS | rc=0 >>
total 960
drwxr-xr-x. 2 root root 6 Nov 5 2016 debug
drwxr-xr-x. 3 root root 35 Jul 12 19:54 kernels
drwxr-xr-x. 8 1001 1001 158 Apr 12 2017 nginx-1.12.0
-rw-r--r--. 1 root root 980831 Aug 27 18:08 nginx-1.12.0.tar.gz
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/nginx-1.12.0 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug --with-http_ssl_module --with-http_realip_module --with-http_image_filter_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log'
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/nginx-1.12.0 && make -j -2 && make install'
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/nginx-1.12.0 && make -j 2 && make install'配置环境变量
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'source /etc/profile.d/nginx.sh'
192.168.228.20 | SUCCESS | rc=0 >>启动nginx
[root@arongya ~]# ansible 192.168.228.20 -m shell -a '/usr/local/nginx/sbin/nginx'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'ss -antl'
192.168.228.20 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
安装mysql
关闭防火墙和selinux
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'setenforce 0'
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'systemctl is-active firewalld'
192.168.228.21 | SUCCESS | rc=0 >>
active
[root@arongya ~]# ansible 192.168.228.21 -m service -a 'name=firewalld state=stopped'
192.168.228.21 | SUCCESS => {
"changed": true,
"name": "firewalld",
"state": "stopped",
[root@arongya ~]# ansible 192.168.228.21 -m service -a 'name=firewalld enabled=no'
192.168.228.21 | SUCCESS => {
"changed": true,
"enabled": false,
"name": "firewalld", 安装依赖包
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel'
[WARNING]: Consider using the yum module rather than running yum. If you need
to use command because yum is insufficient you can add warn=False to this
command task or set command_warnings=False in ansible.cfg to get rid of this
message.
192.168.228.21 | SUCCESS | rc=0 >>
创建用户和组
[root@arongya ~]# ansible 192.168.228.21 -m group -a 'name=mysql gid=306 state=present'
192.168.228.21 | SUCCESS => {
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'grep mysql /etc/group'
192.168.228.21 | SUCCESS | rc=0 >>
mysql:x:306:
[root@arongya ~]# ansible 192.168.228.21 -m user -a 'name=mysql group=306 uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.228.21 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'grep mysql /etc/passwd'
192.168.228.21 | SUCCESS | rc=0 >>
mysql:x:306:100::/home/mysql:/sbin/nologin在主控机下载二进制包
[root@arongya ~]# cd /usr/src
[root@arongya src]# wget https://downloads.mysql.com/archives/get/file/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
将二进制包传到被控主机的192.168.228.21(或者使用这种方式:scp mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz 192.168.228.21:/root
)
[root@arongya src]# ansible 192.168.228.21 -m copy -a 'src=/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz dest=/usr/local/'
192.168.228.21 | SUCCESS => {
"changed": true,
"checksum": "c03a71bcc83c5b338e322564826d151fd5fd1ea8",
"dest": "/usr/local/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9ef7a05695f8b4ea29f8d077c3b415e2",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 643790848,
"src": "/root/.ansible/tmp/ansible-tmp-1536633783.41-73823558808107/source",
"state": "file",
"uid": 0
}将传过去的二进制包进行解压
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'tar xf /usr/local/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
[WARNING]: Consider using the unarchive module rather than running tar. If
you need to use command because unarchive is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -a 'ls /usr/local/'
192.168.228.21 | SUCCESS | rc=0 >>
bin
etc
games
include
lib
lib64
libexec
mysql-5.7.22-linux-glibc2.12-x86_64
mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
sbin
share
src
创建软链接
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'cd /usr/local && ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql'
192.168.228.21 | SUCCESS | rc=0 >>
‘mysql’ -> ‘mysql-5.7.22-linux-glibc2.12-x86_64/’
[root@arongya src]# ansible 192.168.228.21 -a 'ls /usr/local -l'
192.168.228.21 | SUCCESS | rc=0 >>
total 628704
drwxr-xr-x. 2 root root 6 Nov 5 2016 bin
drwxr-xr-x. 2 root root 6 Nov 5 2016 etc
drwxr-xr-x. 2 root root 6 Nov 5 2016 games
drwxr-xr-x. 2 root root 6 Nov 5 2016 include
drwxr-xr-x. 2 root root 6 Nov 5 2016 lib
drwxr-xr-x. 2 root root 6 Nov 5 2016 lib64
drwxr-xr-x. 2 root root 6 Nov 5 2016 libexec
lrwxrwxrwx. 1 root root 36 Sep 11 11:00 mysql -> mysql-5.7.22-linux-glibc2.12-x86_64/
drwxr-xr-x. 9 root root 129 Sep 11 10:51 mysql-5.7.22-linux-glibc2.12-x86_64
-rw-r--r--. 1 root root 643790848 Sep 11 10:44 mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
drwxr-xr-x. 2 root root 6 Nov 5 2016 sbin
drwxr-xr-x. 5 root root 49 Jul 12 22:45 share
drwxr-xr-x. 2 root root 6 Nov 5 2016 src
修改目录/usr/local/mysql的属主属组
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'chown -R mysql.mysql /usr/local/mysql'
[WARNING]: Consider using the file module with owner rather than running
chown. If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'ls /usr/local/mysql -ld'
192.168.228.21 | SUCCESS | rc=0 >>
lrwxrwxrwx. 1 mysql mysql 36 Sep 10 18:14 /usr/local/mysql -> mysql-5.7.22-linux-glibc2.12-x86_64/添加环境变量
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'source /etc/profile.d/mysql.sh'
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'echo $PATH'
192.168.228.21 | SUCCESS | rc=0 >>
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin建立数据存放目录
[root@arongya src]# ansible 192.168.228.21 -a 'mkdir /opt/data'
[WARNING]: Consider using the file module with state=directory rather than
running mkdir. If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -a 'chown -R mysql.mysql /opt/data'
[WARNING]: Consider using the file module with owner rather than running
chown. If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -a 'ls /opt/ -l'
192.168.228.21 | SUCCESS | rc=0 >>
total 0
drwxr-xr-x. 2 mysql mysql 6 Sep 10 18:35 data
初始化数据库
[root@arongya src]# ansible 192.168.228.21 -a '/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/'
192.168.228.21 | SUCCESS | rc=0 >>
2018-09-11T03:07:34.227011Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-09-11T03:07:37.416985Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-09-11T03:07:37.755879Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-09-11T03:07:37.827116Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: d66d14d8-b56f-11e8-b237-000c29686768.
2018-09-11T03:07:37.829919Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2018-09-11T03:07:37.831788Z 1 [Note] A temporary password is generated for root@localhost: e(9l1EM1g.oW
配置mysql
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'ln -sv /usr/local/mysql/include/ /usr/local/include/mysql'
[WARNING]: Consider using the file module with state=link rather
ln. If you need to use command because file is insufficient you c
warn=False to this command task or set command_warnings=False in a
get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
‘/usr/local/include/mysql’ -> ‘/usr/local/mysql/include/’
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf'
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya src]# ansible 192.168.228.21 -m shell -a 'ldconfig -v'
192.168.228.21 | SUCCESS | rc=0 >>
/usr/lib64/dyninst:
libsymtabAPI.so.9.3 -> libsymtabAPI.so.9.3.1
libsymLite.so.9.3 -> libsymLite.so.9.3.1
libstackwalk.so.9.3 -> libstackwalk.so.9.3.1
libpcontrol.so.9.3 -> libpcontrol.so.9.3.1
libpatchAPI.so.9.3 -> libpatchAPI.so.9.3.1
libparseAPI.so.9.3 -> libparseAPI.so.9.3.1
libinstructionAPI.so.9.3 ->
...
/lib/sse2: (hwcap: 0x0000000004000000)
/lib64/sse2: (hwcap: 0x0000000004000000)
/lib64/tls: (hwcap: 0x8000000000000000)ldconfig: Can't stat /libx32: No such file or directory
ldconfig: Path `/usr/lib' given more than once
ldconfig: Path `/usr/lib64' given more than once
ldconfig: Can't stat /usr/libx32: No such file or directory
ldconfig: /usr/local/mysql/lib/libmysqlclient.so.20 is not a symbolic link生成配置文件
[root@arongya ~]# cat > /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
[root@arongya ~]# ansible 192.168.228.21 -m copy -a 'src=/etc/my.cnf dest=/etc/'
192.168.228.21 | SUCCESS => {
"changed": true,
"checksum": "a17bddfa7c1b91f52710851a083cdda7437f8e61",
"dest": "/etc/my.cnf",
"gid": 0,
"group": "root",
"md5sum": "e3fb34377666720e10989c97ef42c5d9",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:mysqld_etc_t:s0",
"size": 155,
"src": "/root/.ansible/tmp/ansible-tmp-1536576677.15-187247125
"state": "file",
"uid": 0
}
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'cat /etc/my.cnf'
192.168.228.21 | SUCCESS | rc=0 >>
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
配置服务启动脚本
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /etc/init.d/mysqld'
[WARNING]: Consider using the replace, lineinfile or template module rather
than running sed. If you need to use command because replace, lineinfile or
template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'sed -ri "s#^(datadir=).*#\1/opt/data#g" /etc/init.d/mysqld'
[WARNING]: Consider using the replace, lineinfile or template module rather
than running sed. If you need to use command because replace, lineinfile or
template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>启动mysql
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'service mysqld start'
[WARNING]: Consider using the service module rather than running service. If
you need to use command because service is insufficient you can add warn=False
to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.228.21 | SUCCESS | rc=0 >>
Starting MySQL... SUCCESS! Logging to '/opt/data/yaoxiaorong.err'.
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'ps -ef | grep mysql'
192.168.228.21 | SUCCESS | rc=0 >>
root 20379 1 0 11:24 ? 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/opt/data --pid-file=/opt/data/mysql.pid
mysql 20557 20379 4 11:24 ? 00:00:01 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/opt/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=yaoxiaorong.err --pid-file=/opt/data/mysql.pid --socket=/tmp/mysql.sock --port=3306
root 20639 20638 0 11:24 pts/2 00:00:00 /bin/sh -c ps -ef | grep mysql
root 20641 20639 0 11:24 pts/2 00:00:00 grep mysql
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'ss -antl'
192.168.228.21 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 80 :::3306 :::* 修改密码,将随机密码贴在此处,进行修改新密码
[root@arongya ~]# ansible 192.168.228.21 -m shell -a '/usr/local/mysql/bin/mysql -uroot -p"e(9l1EM1g.oW" --connect-expired-password -e "set password = password(\"yaoxiaorong\");" '
192.168.228.21 | SUCCESS | rc=0 >>
mysql: [Warning] Using a password on the command line interface can be insecure.安装PHP
在本地安装PHP
安装依赖包
[root@arongya ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel
在主控主机下载php
[root@arongya ~]# cd /usr/src/
[root@arongya src]# wget http://cn.php.net/distributions/php-7.2.8.tar.xz
[root@arongya src]# ls
debug mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
kernels php-7.2.8.tar.xz
编译安装php
[root@arongya src]# tar xf php-7.2.8.tar.xz
[root@arongya php-7.2.8]# cd php-7.2.8
[root@arongya php-7.2.8]# ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip
[root@arongya php-7.2.8]# make -j 2 && make install
安装后配置
[root@arongya php-7.2.8]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
[root@arongya php-7.2.8]# source /etc/profile.d/php7.sh
[root@arongya php-7.2.8]# php -v
PHP 7.2.8 (cli) (built: Sep 11 2018 17:58:52) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
配置php-fpm
[root@arongya php-7.2.8]# cp php.ini-production /etc/php.ini
[root@arongya php-7.2.8]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@arongya php-7.2.8]# chmod +x /etc/rc.d/init.d/php-fpm
[root@arongya php-7.2.8]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[root@arongya php-7.2.8]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
修改/usr/local/php7/etc/php-fpm.d/www.conf配置文件
[root@arongya php-7.2.8]# vim /usr/local/php7/etc/php-fpm.d/www.conf
...
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 192.168.228.23:9000 修改成受控主机的IP
...
must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
#;listen.allowed_clients = 127.0.0.1 将这条注释掉或删除
[root@arongya ~]# vim /usr/local/php7/etc/php-fpm.conf
...
添加以下内容
; - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers =8将192.168.228.23的防火墙关闭
[root@arongya ~]# ansible 192.168.228.21 -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather
than running sed. If you need to use command because replace, lineinfile or
template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.21 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'setenforce 0'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'systemctl is-active firewalld'
192.168.228.23 | SUCCESS | rc=0 >>
active
[root@arongya ~]# ansible 192.168.228.23 -m service -a 'name=firewalld state=stopped'
192.168.228.23 | SUCCESS => {
"changed": true,
"name": "firewalld",
"state": "stopped",
[root@arongya ~]# ansible 192.168.228.23 -m service -a 'name=firewalld enabled=no'
192.168.228.23 | SUCCESS => {
"changed": true,
"enabled": false,
"name": "firewalld",将本地安装好163源传给被控主机
[root@arongya ~]# ansible 192.168.228.23 -m template -a 'src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo'
192.168.228.23 | SUCCESS => {
"changed": true,
"checksum": "435f37e8304487f9382057065921b4069645dc25",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "2afba28f61486c589b26afb6ab39ee93",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536640030.38-42486696233952/source",
"state": "file",
"uid": 0
}
[root@arongya ~]# ansible 192.168.228.23 -a 'ls /etc/yum.repos.d'
192.168.228.23 | SUCCESS | rc=0 >>
163.repo
CentOS-Base.repo
CentOS-CR.repo
CentOS-Debuginfo.repo
CentOS-fasttrack.repo
CentOS-Media.repo
CentOS-Sources.repo
CentOS-Vault.repo
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'rm -rf /etc/yum.repos.d/CentOS-*'
[WARNING]: Consider using the file module with state=absent rather than
running rm. If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -a 'ls /etc/yum.repos.d'
192.168.228.23 | SUCCESS | rc=0 >>
163.repo
[root@arongya ~]# ansible 192.168.228.23 -m yum -a 'name=epel-release state=present'
192.168.228.23 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"epel-release-7-11.noarch providing epel-release is already installed"
]
}下载php
[root@arongya ~]# ansible 192.168.228.23 -m shell -a ' yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel'将下载好的php传给被控主机192.168.228.23
[root@arongya src]# scp php-7.2.8.tar.xz 192.168.228.23:/usr/src
php-7.2.8.tar.xz 100% 12MB 11.6MB/s 00:01 解压
[root@arongya src]# ansible 192.168.228.23 -m shell -a 'tar xf /usr/src/php-7.2.8.tar.xz -C /usr/src/'
[WARNING]: Consider using the unarchive module rather than running tar. If
you need to use command because unarchive is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.23 | SUCCESS | rc=0 >>编译
[root@arongya src]# ansible 192.168.228.23 -m shell -a 'cd /usr/src/php-7.2.8 && ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip'
192.168.228.23 | SUCCESS | rc=0 >>
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for a sed that does not truncate output... /usr/bin/sed
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for cc... cc
[root@arongya src]# ansible 192.168.228.23 -m shell -a 'cd /usr/src/php-7.2.8/ && make -j 2 && make install '
安装后配置
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'echo "export PATH=/usr/local/php7/bin:$PATH" > /etc/profile.d/php7.sh'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'source /etc/profile.d/php7.sh'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya php-7.2.8]# ansible 192.168.228.23 -m shell -a '/usr/local/php7/bin/php -v'
192.168.228.23 | SUCCESS | rc=0 >>
PHP 7.2.8 (cli) (built: Sep 11 2018 16:03:20) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
配置php-fpm
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'cp /usr/src/php-7.2.8/php.ini-production /etc/php.ini'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'cp /usr/src/php-7.2.8/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'chmod +x /etc/rc.d/init.d/php-fpm'
[WARNING]: Consider using the file module with mode rather than running chmod.
If you need to use command because file is insufficient you can add warn=False
to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf'
192.168.228.23 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf'
192.168.228.23 | SUCCESS | rc=0 >>
将修改的配置文件传到被控主机192.168.228.23
[root@arongya ~]# scp /usr/local/php7/etc/php-fpm.conf 192.168.228.23:/usr/local/php7/etc/
php-fpm.conf 100% 4560 856.2KB/s 00:00
[root@arongya ~]# ansible 192.168.228.23 -m copy -a 'src=/usr/local/php7/etc/php-fpm.d/www.conf dest=/usr/local/php7/etc/php-fpm.d/'
192.168.228.23 | SUCCESS => {
"changed": true,
"checksum": "48216f0d4fa1b8388514e055a4b96f702894cdd7",
"dest": "/usr/local/php7/etc/php-fpm.d/www.conf",
"gid": 0,
"group": "root",
"md5sum": "67e18a4397a5d466228d95529b7e1da6",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 18878,
"src": "/root/.ansible/tmp/ansible-tmp-1536664086.53-19278387612350/source",
"state": "file",
"uid": 0
}
启动php-fpm
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'service php-fpm start'
[WARNING]: Consider using the service module rather than running service. If
you need to use command because service is insufficient you can add warn=False
to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.228.23 | SUCCESS | rc=0 >>
Starting php-fpm done
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'ss -antl'
192.168.228.23 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 192.168.228.23:9000 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
在配置php的主机上创建存放index.php文件
[root@arongya ~]# ansible 192.168.228.23 -a 'mkdir /var/www/html -pv'
[WARNING]: Consider using the file module with state=directory rather than
running mkdir. If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.
192.168.228.23 | SUCCESS | rc=0 >>
mkdir: created directory ‘/var/www’
mkdir: created directory ‘/var/www/html’
[root@arongya ~]# ansible 192.168.228.23 -m copy -a 'src=/root/index.php dest=/var/www/html/'
192.168.228.23 | SUCCESS => {
"changed": true,
"checksum": "033c348b395b928e31403ba3bbf755e81ee73720",
"dest": "/var/www/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "7f42f80416d2ba7603c04b2dad9139ea",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:httpd_sys_content_t:s0",
"size": 21,
"src": "/root/.ansible/tmp/ansible-tmp-1536904352.27-31086393617617/source",
"state": "file",
"uid": 0
}重启php服务
[root@arongya ~]# ansible 192.168.228.23 -m shell -a 'service php-fpm restart'
[WARNING]: Consider using the service module rather than running service. If
you need to use command because service is insufficient you can add warn=False
to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.228.23 | SUCCESS | rc=0 >>
Gracefully shutting down php-fpm . done
Starting php-fpm done在主控主机修改/usr/local/nginx/conf/nginx.conf配置文件,然后传给被控主机192.168.228.20
[root@yaoxiaorong ~]# vim /usr/local/nginx/conf/nginx.conf
server {
listen 80;
server_name www.yxr.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
...取消从这行以下的所有注释,将/scripts修改成/var/www/html
location ~ \.php$ {
fastcgi_pass 192.168.228.23:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}重新加载nginx的配置文件
[root@arongya ~]# ansible 192.168.228.20 -m shell -a '/usr/local/nginx/sbin/nginx -t'
192.168.228.20 | SUCCESS | rc=0 >>
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@arongya ~]# ansible 192.168.228.20 -m shell -a '/usr/local/nginx/sbin/nginx -s reload'
192.168.228.20 | SUCCESS | rc=0 >>
验证,输入域名访问网页
评论暂时关闭