前言
本文将介绍如何使用 Ansible 编写角色,在分布式环境下完成 LNMP(Linux、Nginx、MySQL、PHP)的自动化(编译)安装和配置,并验证 PHP 与 MySQL 数据联通性,实现博客和论坛页面的展示。
常规单机部署 LNMP 请参考:LNMP架构搭建-CSDN博客
Docker Dockerfile 单机部署 LNMP 请参考:Docker构建LNMP部署WordPress-CSDN博客
Docker Compose 单机编排部署 LNMP 请参考:Docker-Compose编排LNMP并部署WordPress-CSDN博客
目录
[1. 节点信息表](#1. 节点信息表)
[2. 防火墙以及地址解析](#2. 防火墙以及地址解析)
[3. 管理节点安装 ansible](#3. 管理节点安装 ansible)
[4. 免密管理 ssh-keygen](#4. 免密管理 ssh-keygen)
[5. 编辑主机清单](#5. 编辑主机清单)
[6. 测试联通性](#6. 测试联通性)
[二、准备 roles 模块](#二、准备 roles 模块)
[1. 创建 roles 以及项目目录](#1. 创建 roles 以及项目目录)
[2. 编写 nginx 模块](#2. 编写 nginx 模块)
[2.1 准备 files 相关文件](#2.1 准备 files 相关文件)
[2.1.1 准备 nginx、论坛、博客安装包](#2.1.1 准备 nginx、论坛、博客安装包)
[2.1.2 准备编译安装 nginx 脚本](#2.1.2 准备编译安装 nginx 脚本)
[2.1.3 创建共享目录脚本](#2.1.3 创建共享目录脚本)
[2.2 准备 templates 相关文件](#2.2 准备 templates 相关文件)
[2.2.1 编辑 nginx 配置文件模板](#2.2.1 编辑 nginx 配置文件模板)
[2.3 编写 nginx 模块 task 任务文件](#2.3 编写 nginx 模块 task 任务文件)
[3. 编写 mysql 模块](#3. 编写 mysql 模块)
[3.1 准备 files 相关文件](#3.1 准备 files 相关文件)
[3.1.1 准备 mysql 安装包](#3.1.1 准备 mysql 安装包)
[3.1.2 准备编译安装 mysql 脚本](#3.1.2 准备编译安装 mysql 脚本)
[3.1.3 创建共享目录脚本](#3.1.3 创建共享目录脚本)
[3.2 编写 mysql 模块 task 任务文件](#3.2 编写 mysql 模块 task 任务文件)
[4. 编写 php 模块](#4. 编写 php 模块)
[4.1 准备 files 相关文件](#4.1 准备 files 相关文件)
[4.1.1 准备 php 安装包](#4.1.1 准备 php 安装包)
[4.1.2 准备编译安装 php 脚本](#4.1.2 准备编译安装 php 脚本)
[4.1.3 编辑 php 主配置文件](#4.1.3 编辑 php 主配置文件)
[4.1.4 编辑 php-fpm 主配置文件](#4.1.4 编辑 php-fpm 主配置文件)
[4.1.5 编辑 php-fpm 进程池配置文件](#4.1.5 编辑 php-fpm 进程池配置文件)
[4.2 准备 templates 相关文件](#4.2 准备 templates 相关文件)
[4.3 编写 php 模块 task 任务文件](#4.3 编写 php 模块 task 任务文件)
[5. 编写 roles 示例](#5. 编写 roles 示例)
[1. 查看目录](#1. 查看目录)
[2. 执行剧本](#2. 执行剧本)
[3. 验证 Wordpress](#3. 验证 Wordpress)
[3.1 创建一个新的配置文件 wp-config.php](#3.1 创建一个新的配置文件 wp-config.php)
[3.2 浏览器访问 wordpress](#3.2 浏览器访问 wordpress)
[4. 验证 Discuz](#4. 验证 Discuz)
[4.1 创建一个新的配置文件 config_global.php](#4.1 创建一个新的配置文件 config_global.php)
[4.2 浏览器访问 Discuz](#4.2 浏览器访问 Discuz)
一、环境准备
1. 节点信息表
|--------------|-----------------|-------------|--------------------|------|
| 节点名称 | IP | 是否安装Ansible | 软件版本 | 配置 |
| ansible 管理节点 | 192.168.190.103 | 是 | ansible 2.9.27 | 2C2G |
| nginx 被管理节点 | 192.168.190.104 | 否 | nginx-1.24.0 | 8C4G |
| mysql 被管理节点 | 192.168.190.105 | 否 | mysql-boost-5.7.20 | 8C4G |
| php 被管理节点 | 192.168.190.106 | 否 | php-7.1.10 | 8C4G |
2. 防火墙以及地址解析
bash
四台机器均需要操作:
systemctl stop firewalld.service
setenforce 0
cat << eof >> /etc/hosts
192.168.190.103 ansible
192.168.190.104 nginx
192.168.190.105 mysql
192.168.190.106 php
eof3. 管理节点安装 ansible
bash
[root@ansible ~]# yum install -y epel-release
[root@ansible ~]# yum install -y ansible
[root@ansible ~]# ansible --version
ansible 2.9.27
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]4. 免密管理 ssh-keygen
bash
生成 SSH 密钥对:
[root@ansible ~]# ssh-keygen -t rsa # 一直回车
# rsa表示生成RSA密钥对,RSA是一种非对称加密算法
[root@control ~]# ls .ssh/
id_rsa id_rsa.pub # id_rsa 是私钥文件;id_rsa.pub 是公钥文件
将本地主机上的SSH公钥复制到远程主机:
[root@ansible ~]# ssh 192.168.190.104 # ssh root@192.168.190.104,默认root
[root@ansible ~]# ssh 192.168.190.105
[root@ansible ~]# ssh 192.168.190.106
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.104
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.105
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.1065. 编辑主机清单
diff
[root@ansible ~]# vim /etc/ansible/hosts
[nginx]
192.168.190.104 php_server_ip=192.168.190.106 nginx_html_path=/usr/local/nginx/html
[mysql]
192.168.190.105
[php]
192.168.190.106 php_server_ip=192.168.190.106 nginx_server_ip=192.168.190.1046. 测试联通性
bash
[root@ansible ~]# ansible all -o -m ping
192.168.190.105 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.190.104 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.190.106 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}二、准备 roles 模块
1. 创建 roles 以及项目目录
一般 roles 目录会默认存在:
bash
[root@ansible ~]# mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta} -p
[root@ansible ~]# mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta} -p
[root@ansible ~]# mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta} -p
[root@ansible ~]# touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible ~]# touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
[root@ansible ~]# touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml2. 编写 nginx 模块
2.1 准备 files 相关文件
用来存放由 copy 模块或 script 模块调用的文件。
2.1.1 准备 nginx、论坛、博客安装包
bash
[root@ansible ~]# cd /etc/ansible/roles/nginx/files/
[root@ansible files]# ls
Discuz_X3.4_SC_UTF8.zip nginx-1.24.0.tar.gz wordpress-4.9.4-zh_CN.tar.gz2.1.2 准备编译安装 nginx 脚本
bash
[root@ansible files]# vim lnmp.sh
#/bin/bash
nginx (){
nginxpath=`find / -name "*nginx*tar.gz" -exec dirname {} \; | sed -n '1p'` #找到安装包路径
nginxapp=`find / -name "*nginx*tar.gz" 2> /dev/null |awk -F/ '{print $NF}' | sed -n '1p'` #打印安装包名称
systemctl status nginx.service > /dev/null
if [ $? -eq 0 ];then #判断上一条命令返回值是否为真
echo "nginx服务已安装"
else
useradd -M -s /sbin/nologin nginx #创建用户
echo "正在安装nginx服务,请耐心等待"
tar xf ${nginxpath}/${nginxapp} -C ${nginxpath} #解压安装包到其路径下
nginxd=`find ${nginxpath} -maxdepth 1 -type d | grep nginx- | awk -F/ '{print $NF}'`
#只搜索当前目录,然后筛选出包含nginx- 字符串的目录,并打印这些目录的名称(去掉路径部分),-maxdepth 1表示只搜索当前目录,不搜索子目录
cd ${nginxpath}/${nginxd}
yum -y install gcc pcre-devel openssl-devel zlib-devel openssl openssl-devel &>>/dev/null
./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module > /dev/null
make -j `lscpu | sed -n '4p' | awk '{print $2}'`&> /dev/null
make install &> /dev/nullh
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
cat > /usr/lib/systemd/system/nginx.service << EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -1 $MAINPID
ExecStop=/bin/kill -3 $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
chown -R nginx.nginx /usr/local/nginx
systemctl daemon-reload &> /dev/null
#准备安装论坛文件
discuz=`find / -name "*scuz*UTF*.zip" -exec dirname {} \; | sed -n '1p'`
discuzapp=`find / -name "*scuz*UTF*.zip" 2>>/dev/null |awk -F/ '{print $NF}' | sed -n '1p'`
unzip ${discuz}/${discuzapp} -d /usr/local/ >>/dev/null
discuzd=`find /usr/local -maxdepth 1 -type d |grep UTF|awk -F/ '{print $NF}' | sed -n '1p'`
cp -r /usr/local/${discuzd}/upload/ /usr/local/nginx/html/bbs/
chmod -R 777 /usr/local/nginx/html/bbs/config/
chmod -R 777 /usr/local/nginx/html/bbs/data/
chmod -R 777 /usr/local/nginx/html/bbs/uc_client/
chmod -R 777 /usr/local/nginx/html/bbs/uc_server/
ip=`ifconfig ens33|awk /netmask/'{print $2}'`
#准备安装博客文件"
wordpresspath=`find / -name "*wordpress*" -exec dirname {} \; | sed -n '1p'` #找到安装包路径
wordpressapp=`find / -name "*wordpress*" 2> /dev/null | awk -F/ '{print $NF}' | sed -n '1p'` #打印安装包名称
tar xf ${wordpresspath}/${wordpressapp} -C /usr/local/nginx/html/ > /dev/null
chmod 777 -R /usr/local/nginx/html/
fi
}
mysql (){
mysqlpath=`find / -name "*mysql*tar.gz" -exec dirname {} \; | sed -n '1p'`
mysqlapp=`find / -name *mysql*tar.gz 2> /dev/null |awk -F/ '{print $NF}' | sed -n '1p'`
#准备安装MySQL
systemctl start mysqld.service &> /dev/null
if [ $? -eq 0 ];then
echo "mysql is exist"
else
#安装Mysql环境依赖包
yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel &> /dev/null
#创建运行用户
useradd -M -s /sbin/nologin mysql
#编译安装
#解压mysql源码包
tar xf ${mysqlpath}/${mysqlapp} -C ${mysqlpath}
mysqld=`find ${mysqlpath} -maxdepth 1 -type d | grep mysql- | awk -F/ '{print $NF}'`
cd ${mysqlpath}/${mysqld}
#执行cmake命令
cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1 &>>/dev/null
#执行make命令
make -j `lscpu|sed -n '4p'|awk '{print $2}'` &>>/dev/null
make install > /dev/null
#修改mysql 配置文件
cat > /etc/my.cnf <<EOF
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
EOF
#更改mysql安装目录和配置文件的属主属组
chown -R mysql:mysql /usr/local/mysql/
chown mysql:mysql /etc/my.cnf
#初始化数据库
cd /usr/local/mysql/bin/
./mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data &> /dev/null
#添加mysqld系统服务
cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
systemctl daemon-reload &> /dev/null
systemctl start mysqld.service
systemctl enable mysqld &> /dev/null
echo "5.----mysql服务已开启----"
ln -s /usr/local/mysql/bin/mysql /usr/bin/
echo "正在创建bbs数据库,并授权用户"
/usr/local/mysql/bin/mysql -uroot -e "set password for 'root'@'localhost' = password ('123456');"
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'create database bbs;' &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e "grant all on bbs.* to 'bbsuser'@'%' identified by '123456';" &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e "grant all on bbs.* to 'bbsuser'@'localhost' identified by '123456';" &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'flush privileges;' &> /dev/null
echo "正在创建wordpress数据库,并授权用户"
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'create database wordpress;' &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'grant all privileges on wordpress.* to 'wordpress'@'%' identified by '123456';' &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'grant all privileges on *.* to 'root'@'%' identified by '123456';' &> /dev/null
/usr/local/mysql/bin/mysql -uroot -p'123456' -e 'flush privileges;' &> /dev/null
fi
}
php (){
phppath=`find / -name *php*tar* -exec dirname {} \; | sed -n '1p'`
phpapp=`find / -name *php*tar* 2> /dev/null |awk -F/ '{print $NF}' | sed -n '1p'`
#安装编译环境
systemctl start php-fpm.service &> /dev/null
if [ $? -eq 0 ];then
echo "php服务已安装"
else
echo "安装PHP服务"
#安装编译环境"
yum -y install gd libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel bison re2c libxml2 libxml2-devel zlib zlib-devel curl curl-devel gcc gcc-c++ openssl openssl-devel &> /dev/null
#编译安装
useradd -M -s /sbin/nologin nginx
#解压源码包
tar xf ${phppath}/${phpapp} -C ${phppath}
phpd=`find ${phppath} -maxdepth 1 -type d |grep php-|awk -F/ '{print $NF}'`
cd /${phppath}/${phpd}
#检测编译环境,并生成Makefile文件
./configure --prefix=/usr/local/php --with-mysql-sock=/usr/local/mysql/mysql.sock --with-mysqli --with-zlib --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-openssl --enable-fpm --enable-mbstring --enable-xml --enable-session --enable-ftp --enable-pdo --enable-tokenizer --enable-zip &>>/dev/null
#环境检测完成,正在执行make命令,进行编译
make -j `lscpu|sed -n '4p'|awk '{print $2}'` &> /dev/null
#执行make install命令,将生成的程序或库文件复制到系统指定的位置进行安装
make install > /dev/null
ln -s /usr/local/php/bin/* /usr/local/bin/
ln -s /usr/local/php/sbin/* /usr/local/sbin/
cp /${phppath}/${phpd}/sapi/fpm/php-fpm.service /usr/lib/systemd/system/php-fpm.service
systemctl daemon-reload > /dev/null
fi
}
$12.1.3 创建共享目录脚本
bash
[root@ansible files]# vim nginx_nfs.sh
#!/bin/bash
echo "/usr/local/nginx/html *(rw)" > /etc/exports
# *(rw)表示所有主机都可以以读写模式访问该共享目录
# /etc/exports是NFS(Network File System)服务器的配置文件
chmod -R 777 /usr/local/nginx/html/
systemctl start rpcbind
systemctl start nfs
[root@ansible files]# ls
Discuz_X3.4_SC_UTF8.zip lnmp.sh nginx-1.24.0.tar.gz nginx_nfs.sh wordpress-4.9.4-zh_CN.tar.gz2.2 准备 templates 相关文件
用来存放 jinjia2 模板,template 模块会自动在此目录中寻找 jinjia2 模板文件
2.2.1 编辑 nginx 配置文件模板
注意两个变量:php_server_ip,nginx_html_path
bash
[root@ansible files]# cd ../templates/
[root@ansible templates]# vim nginx.conf.j2
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.php;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass {{php_server_ip}}:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME {{nginx_html_path}}$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}2.3 编写 nginx 模块 task 任务文件
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件。
bash
[root@ansible templates]# cd ../tasks/
[root@ansible tasks]# vim main.yml
- name: copy nginx package
copy: src=/etc/ansible/roles/nginx/files/nginx-1.24.0.tar.gz dest=/opt
- name: copy wordpress package
copy: src=/etc/ansible/roles/nginx/files/Discuz_X3.4_SC_UTF8.zip dest=/opt
- name: copy Discuz package
copy: src=/etc/ansible/roles/nginx/files/wordpress-4.9.4-zh_CN.tar.gz dest=/opt
- name: install nginx shell
script: /etc/ansible/roles/nginx/files/lnmp.sh nginx
- name: copy conf.j2
template: src=/etc/ansible/roles/nginx/templates/nginx.conf.j2 dest=/usr/local/nginx/conf/nginx.conf owner=nginx group=nginx
- name: nfs shell
script: /etc/ansible/roles/nginx/files/nginx_nfs.sh
- name: start nginx service
service: enabled=true name=nginx state=started3. 编写 mysql 模块
3.1 准备 files 相关文件
3.1.1 准备 mysql 安装包
bash
[root@ansible tasks]# cd ../../mysql/files/
[root@ansible files]# ls
mysql-boost-5.7.20.tar.gz3.1.2 准备编译安装 mysql 脚本
同 2.1.2 脚本一致:
bash
[root@ansible files]# cp /etc/ansible/roles/nginx/files/lnmp.sh .3.1.3 创建共享目录脚本
bash
[root@ansible files]# vim mysql_nfs.sh
#!/bin/bash
echo "/usr/local/mysql *(rw)" > /etc/exports
chmod -R 777 /usr/local/mysql/
systemctl start rpcbind
systemctl start nfs3.2 编写 mysql 模块 task 任务文件
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件
bash
[root@ansible files]# cd ../tasks/
[root@ansible tasks]# vim main.yml
- name: copy package
copy: src=/etc/ansible/roles/mysql/files/mysql-boost-5.7.20.tar.gz dest=/opt/
- name: install mysql shell
script: /etc/ansible/roles/mysql/files/lnmp.sh mysql
- name: nfs shell
script: /etc/ansible/roles/mysql/files/mysql_nfs.sh4. 编写 php 模块
4.1 准备 files 相关文件
4.1.1 准备 php 安装包
bash
[root@ansible vars]# cd ../../php/files/
[root@ansible files]# ls
php-7.1.10.tar.bz24.1.2 准备编译安装 php 脚本
同 2.1.2 脚本一致:
bash
[root@ansible files]# cp /etc/ansible/roles/nginx/files/lnmp.sh .4.1.3 编辑 php 主配置文件
bash
[root@ansible files]# egrep -v "^;" php.ini | egrep -v "^$"
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = On
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Asia/Shanghai
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket = /usr/local/mysql/mysql.sock
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = On
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[Assertion]
zend.assertions = 1
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]4.1.4 编辑 php-fpm 主配置文件
bash
[root@ansible files]# egrep -v "^;" php-fpm.conf | egrep -v "^$"
[global]
pid = run/php-fpm.pid
include=/usr/local/php/etc/php-fpm.d/*.conf4.1.5 编辑 php-fpm 进程池配置文件
这步可选,如果直接复制配置文件至 templates 文件夹模板 .j2 文件自带变量会报错。
bash
[root@ansible files]# egrep -v "^;" www.conf | egrep -v "^$"
[www]
user = nginx
group = nginx
listen = 192.168.190.106:9000 # php 地址
listen.allowed_clients = 127.0.0.1,192.168.190.104 # nginx 地址
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 34.2 准备 templates 相关文件
bash
[root@ansible files]# cd ../templates/
[root@ansible templates]# vim www.conf.j2
[www]
user = nginx
group = nginx
listen = {{php_server_ip}}:9000
listen.allowed_clients = 127.0.0.1,{{nginx_server_ip}}
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 34.3 编写 php 模块 task 任务文件
此目录应当包含一个 main.yml 文件,用于定义此角色的任务列表,此文件可以使用 include 包含其它的位于此目录的 task 文件
bash
[root@ansible templates]# cd ../tasks/
[root@ansible tasks]# vim main.yml
- name: copy package
copy: src=/etc/ansible/roles/php/files/php-7.1.10.tar.bz2 dest=/opt/
- name: create mysql nfs path
file: path=/usr/local/mysql/ state=directory
- name: create nginx nfs path
file: path=/usr/local/nginx/html/ state=directory
- name: mount nfs mysql share
ansible.builtin.mount: src=192.168.190.105:/usr/local/mysql path=/usr/local/mysql fstype=nfs opts=defaults state=mounted
- name: mount nfs nginx share
ansible.builtin.mount: src=192.168.190.104:/usr/local/nginx/html path=/usr/local/nginx/html fstype=nfs opts=defaults state=mounted
- name: install php shell
script: /etc/ansible/roles/php/files/lnmp.sh php
- name: copy php-fpm.conf
copy: src=/etc/ansible/roles/php/files/php-fpm.conf dest=/usr/local/php/etc/php-fpm.conf
- name: copy php.ini
copy: src=/etc/ansible/roles/php/files/php.ini dest=/usr/local/php/lib/php.ini
- name: copy www.conf
template: src=/etc/ansible/roles/php/templates/www.conf.j2 dest=/usr/local/php/etc/php-fpm.d/www.conf
- name: start php-fpm server
service: name=php-fpm state=started5. 编写 roles 示例
bash
[root@ansible vars]# cd /etc/ansible/
[root@ansible ansible]# vim lnmp.yml
---
- hosts: nginx
remote_user: root
roles:
- nginx
- hosts: mysql
remote_user: root
roles:
- mysql
- hosts: php
remote_user: root
roles:
- php
...三、执行角色剧本并验证
1. 查看目录
bash
[root@ansible ansible]# ls
ansible.cfg hosts lnmp.yml roles
[root@ansible ansible]# tree
.
├── ansible.cfg
├── hosts
├── lnmp.yml
└── roles
├── mysql
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── lnmp.sh
│ │ ├── mysql-boost-5.7.20.tar.gz
│ │ └── mysql_nfs.sh
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
├── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ │ ├── Discuz_X3.4_SC_UTF8.zip
│ │ ├── lnmp.sh
│ │ ├── nginx-1.24.0.tar.gz
│ │ ├── nginx_nfs.sh
│ │ └── wordpress-4.9.4-zh_CN.tar.gz
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── nginx.conf.j2
│ └── vars
│ └── main.yml
└── php
├── defaults
│ └── main.yml
├── files
│ ├── lnmp.sh
│ ├── php-7.1.10.tar.bz2
│ ├── php-fpm.conf
│ ├── php.ini
│ └── www.conf
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
├── templates
│ └── www.conf.j2
└── vars
└── main.yml2. 执行剧本
bash
[root@ansible ansible]# ansible-playbook lnmp.yml
PLAY [nginx] **************************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.104]
TASK [copy nginx package] *************************************************************************
changed: [192.168.190.104]
TASK [nginx : copy wordpress package] *************************************************************
changed: [192.168.190.104]
TASK [nginx : copy Discuz dpackage] ***************************************************************
changed: [192.168.190.104]
TASK [install nginx shell] ************************************************************************
changed: [192.168.190.104]
TASK [nginx : copy conf.j2] ***********************************************************************
changed: [192.168.190.104]
TASK [nginx : nfs shell] **************************************************************************
changed: [192.168.190.104]
TASK [start nginx service] ************************************************************************
changed: [192.168.190.104]
PLAY [mysql] **************************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.105]
TASK [mysql : copy package] ***********************************************************************
changed: [192.168.190.105]
TASK [install mysql shell] ******************************************************************************
changed: [192.168.190.105]
TASK [mysql : nfs shell] **************************************************************************
changed: [192.168.190.105]
PLAY [php] ****************************************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.106]
TASK [php : copy package] *************************************************************************
changed: [192.168.190.106]
TASK [php : create mysql nfs path] ****************************************************************
changed: [192.168.190.106]
TASK [php : create nginx nfs path] ****************************************************************
changed: [192.168.190.106]
TASK [php : mount nfs mysql share] ****************************************************************
changed: [192.168.190.106]
TASK [php : mount nfs nginx share] ****************************************************************
changed: [192.168.190.106]
TASK [install php shell] ********************************************************************************
changed: [192.168.190.106]
TASK [copy php-fpm.conf] **************************************************************************
changed: [192.168.190.106]
TASK [copy php.ini] *******************************************************************************
changed: [192.168.190.106]
TASK [php : copy www.conf] ************************************************************************
changed: [192.168.190.106]
TASK [start php-fpm server] ***********************************************************************
changed: [192.168.190.106]
PLAY RECAP ****************************************************************************************
192.168.190.104 : ok=8 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.190.105 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.190.106 : ok=11 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 3. 验证 Wordpress
3.1 创建一个新的配置文件 wp-config.php
bash
[root@nginx ~]# cd /usr/local/nginx/html/wordpress
[root@nginx wordpress]# cp wp-config-sample.php wp-config.php
[root@nginx wordpress]# vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'wordpress');
/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');
/** MySQL主机 */
define('DB_HOST', '192.168.190.105:3306');3.2 浏览器访问 wordpress
访问192.168.190.104/wordpress/index.php
4. 验证 Discuz
4.1 创建一个新的配置文件 config_global.php
bash
[root@nginx ~]# cd /usr/local/nginx/html/bbs/config
[root@nginx config]# cp config_global_default.php config_global.php
[root@nginx config]# chmod 777 config_global.php
[root@nginx config]# vim config_global.php
// ---------------------------- CONFIG DB ----------------------------- //
$_config['db']['1']['dbhost'] = '192.168.190.105:3306'; # 数据库地址端口
$_config['db']['1']['dbuser'] = 'bbsuser'; # 用户名
$_config['db']['1']['dbpw'] = '123456'; # 密码4.2 浏览器访问 Discuz
访问192.168.190.104/bbs/install/index.php
