1、环境配置
- ansible 服务器 192.168.10.10
- nginx 服务器 192.168.10.20
- mysql 服务器 192.168.10.21
- php 服务器 192.168.10.22
2、安装 ansble
#192.168.10.10节点
yum install -y epel-release #先安装 epel 源
yum install -y ansible
配置主机清单
cd /etc/ansible
vim hosts
[nginx]
192.168.10.20
[mysql]
192.168.10.21
[php]
192.168.10.22
设置免密登录
#3、ansible默认使用ssh连接,所以管理前要设置免密登录
#配置密钥对验证
ssh-keygen -t #一路回车,生成密钥文件
vim /etc/ssh/ssh_config #修改ssh服务端和ssh客户端配置文件
StrictHostKeyChecking no #35行,取消注释,将ask修改为no,开启免交互
systemctl restart sshd #重启sshd
//配置密钥对验证
ssh-keygen -t rsa #一路回车,使用免密登录
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.20
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.21
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.22
3、配置安装nginx
配置nginx相关文件
#配置 nginx 支持 PHP 解析
vim nginx.conf.j2
server {
listen {{server_ip}}:{{http_port}};
server_name {{host_name}};
charset utf-8;
#access_log logs/host.access.log main;
location / {
root html;
index index.php index.html;
}
......
location ~ \.php$ {
root html;
fastcgi_pass 192.168.10.22:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
编写 lnmp.yaml 的 nginx 部分
- name: nginx play
hosts: webservers
remote_user: root
gather_facts: false
vars:
- nginx_addr: 192.168.10.20
- nginx_port: 80
- nginx_hostname: www.xy101.com
- root_dir: /var/www/html
- php_addr: 192.168.10.22
- php_port: 9000
tasks:
- name: disable firewalld
- service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: 'setenforce 0'
ignore_errors: true
- name: copy nginx repo
copy: src=/opt/nginx/nginx.repo dest=/etc/yum.repos.d/
- name: install nginx
yum: name=nginx state=latest
- name: create root dir
file: path={{root_dir}} state=directory
- name: copy nginx config template file
template: src=/opt/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: 'reload nginx'
- name: create nfs config
copy: content="{{root_dir}} 192.168.10.0/24(rw,rsync,no_root_squash)" dest=/etc/exports
- name: restart rpcbind,nfs,nginx
service: name={{item}} state=restarted enabled=yes
with_items:
- rpcbind
- nfs
- nginx
handlers:
- name: reload nginx
service: name=nginx state=reloaded
测试nginx
#在ansible服务器运行
cd /etc/ansible/playbooks/
ansible-playbook lnmp.yaml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook lnmp.yaml
#在 nginx 服务器查看
systemctl status nginx
netstat -lntp | grep nginx
4、安装 mysql
mysql相关文件配置
准备mysql初始化脚本文件
编写 lnmp.yaml 的 mysql 部分
- name: mysql play
hosts: dbservers
remote_user: root
gather_facts: false
tasks:
- name: disable mysql_server firewalld
srvice: name=firewalld state=stopped enabled=no
- name: disable mysql_server selinux
command: 'setenforce 0'
ignore_errors: true
- name: remove mariadb
yum: name=mariadb* state=absent
- name: copy mysql repo
copy: src=/opt/mysql/mysql-community.repo dest=/etc/yum.repos.d/
- name: modify mysql repo
replace: path=/etc/yum.repos.d/mysql-community.repo regexp="gpgcheck=1" replace="gpgcheck=0"
- name: install mysql
yum: name=mysql-server state=present
- name: start mysql
service: name=mysql state=started enable=yes
- name: init mysql
script: '/opt/mysql/mysql-init.sh'
5、安装php
- name: php play
hosts: phpservers
remote_user: root
gather_facts: false
vars:
- php_username: nginx
- php_addr: 192.168.10.22:9000
- nginx_addr: 192.168.10.20
- root_dir: /var/www/html
tasks:
- name: disable php_server firewalld
service: name=firewalld state=stopped
- name: disable php_server selinux
command: 'setenforce 0'
- name: unarchive php tar pkg
unarchive: copy=yes src=/opt/php/php.tar.gz dest=/mnt/
- name: copy local repo
copy: src=/opt/php/local.repo dest=/etc/yum.repos.d/
- name: create repo
shell: 'createrepo /mnt && yum clean all && yum makecache'
- name: install php
yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath state=present
- name: create php user
user: name={{php_username}} shell=/sbin/nologin create_home=no
- name: modify php.ini
replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
- name: modify user and group in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1" replace="{{nginx_addr}}"
notify: "reload php-fpm"
- name: start php-fpm
service name=php-fpm state=started enabled=yes
- name: create www root dir
file: path={{root_dir}} state=directory
- name: mount nfs
mount: src="{{nginx_addr}}:{{root_dir}}" path={{root_dir}} fstype=nfs state=mounted opts="defaults,_netdev"
handlers:
- name: reload php-fpm
service: name=php-fpm state=reloaded