ansible部署lnmp-allinone

ansible部署lnmp-allinone

技术栈 Linux Nginx mariadb PHP(wordpress) JINJA2

目录规则

yaml 复制代码
roles/
└── 角色名/          # 角色根目录(如:mariadb、nginx、wordpress)
    ├── defaults/    # 角色的默认变量(优先级最低)
    │   └── main.yml # 默认变量入口文件(必须命名为main.yml)
    ├── vars/        # 角色的自定义变量(优先级较高)
    │   └── main.yml # 自定义变量入口文件(必须命名为main.yml)
    ├── tasks/       # 角色的任务列表(核心)
    │   └── main.yml # 任务入口文件(必须命名为main.yml,可通过include引入其他任务文件)
    ├── handlers/    # 角色的处理器(用于触发服务重启等操作)
    │   └── main.yml # 处理器入口文件(必须命名为main.yml)
    ├── templates/   # 模板文件(.j2格式,用于动态生成配置文件)
    │   └── xxx.conf.j2 # 示例:Nginx配置模板、MySQL配置模板等
    ├── files/       # 静态文件(无需动态渲染,直接复制到目标节点)
    │   └── xxx.tar.gz # 示例:应用安装包、静态配置文件等
    ├── meta/        # 角色的元数据(如角色依赖、作者、版本等)
    │   └── main.yml # 元数据入口文件(必须命名为main.yml)
    ├── library/     # 角色专属的自定义模块(较少用)
    ├── module_utils/ # 角色专属的模块工具函数(较少用)
    └── tests/       # 角色的测试文件(用于验证角色功能,如test.yml)

TIPS

  • roles角色中请按照ansible推荐目录拓扑创建
  • 在使用roles角色编写变量时检查全局变量和局部变量
  • roles角色中编写playbook请忽略顶层字段
  • 定义变量时反复检查,不要引用混乱,debug很痛苦

环境准备

yaml 复制代码
[phoenix@controller lnmp-allinone 03:01:38]$ tree
lnmp-allinone
├── ansible.cfg
├── deploy.yml
├── inventory
├── roles
│   ├── mariadb
│   │   ├── files
│   │   │   └── secret.txt
│   │   ├── tasks
│   │   │   └── main.yml
│   │   └── vars
│   │       └── vaults.yml
│   ├── nginx
│   │   └── tasks
│   │       └── main.yml
│   ├── php
│   │   ├── files
│   │   │   └── php.conf
│   │   └── tasks
│   │       └── main.yml
│   └── wordpress
│       ├── defaults
│       │   └── main.yml
│       ├── tasks
│       │   └── main.yml
│       └── templates
│           └── wordpress.conf.j2
└── wordpress-4.9.4-zh_CN.zip

全局文件 部署/变量

ansible.cfg

  • inventory指定环境
  • roles_path指定绝对路径
  • become提权
bash 复制代码
[phoenix@controller lnmp-allinone 03:14:27]$ cat ansible.cfg 

[defaults]
remote_user = phoenix
inventory = ./inventory
#gathering = explicit
vault_password_file= /home/phoenix/lnmp-allinone/roles/mariadb/files/secret.txt
roles_path  = /home/phoenix/lnmp-allinone/roles
#collections_paths = ./collections

[privilege_escalation]
become = True
become_user = root
become_method = sudo
become_ask_pass = False

deploy.yml

  • vars_files单独指向加密文件vaults.yml
bash 复制代码
[phoenix@controller lnmp-allinone 03:16:39]$ cat deploy.yml 
---
- name: LNMP all in one
  hosts: lnmp 
  become: yes 
  vars_files:
    - "/home/phoenix/lnmp-allinone/roles/mariadb/vars/vaults.yml"
  roles:
    - nginx
    - mariadb
    - php
    - wordpress

inventory

  • 组名要加s
  • host指向node1
bash 复制代码
[phoenix@controller lnmp-allinone 03:16:43]$ cat inventory 
[lnmps]
lnmp ansible_host=node1

[controllers]
controller

[dev]
node1

[test]
node2

[prod]
node3
node4

roles角色目录

mariadb

files/secret.txt

secret.txt为解密文件,包含解密的明文

执行deploy.yml参数

--vault-password-file roles/mariadb/files/secret.txt

  • 代表使用解密文件执行,安全系数中等
  • 生产环境等需求需要更高安全系数,可以对secret.txt再次执行ansible-vault encrypt secret.txt
tasks/main.yml
bash 复制代码
---
- name: file                                      #声明环境var变量目录的vaults.yml
  include_vars:
    file: roles/mariadb/vars/vaults.yml  

- name: create /etc/mysql                         #创建/etc/mysql目录 copy密钥key
  file:
   path: /etc/mysql
   state: directory
   mode: '0755'

- name: deploy database secret key                 #部署数据库密钥 授权0600
  copy:
    src: files/secret.txt
    dest: /etc/mysql/secret.txt
    mode: '0600'
- name: install mariadb-server                     #安装mariadb 启服
  yum:
    name: 
      - mariadb-server
      - python2-PyMySQL
    state: present    
- name: enable and start mariadb
  service:
    name: mariadb
    enabled: yes
    state: started
- name: set root password using vault         #通过使用加密文件登录设置root密码
  mysql_user:
    name: root
    password: "{{ vault_mysql_password }}"
    priv: "*.*:ALL,GRANT"
    login_user: root
    login_password: "{{ vault_mysql_password }}"
  ignore_errors: yes
- name: set root password
  mysql_user:
    name: wordpress
    password: "{{ mysql_root_password }}"
    host: "{{ item }}"
    state: present
    login_user: root
    login_password: "{{ mysql_root_password }}"
  with_items:
    - "{{ ansible_fqdn }}"
    - 127.0.0.1
    - ::1
- name: delete user anonymous                    #删除匿名用户
  mysql_user:
    name: ""
    host_all: yes
    state: absent
    login_user: root
    login_password: "{{ mysql_root_password }}"
   #login_unix_socket: /var/lib/mysql/mysql.sock



- name: delete database test                    #删除演示用数据库
  mysql_db:
    name: test
    state: absent
    login_user: root
    login_password: "{{ mysql_root_password }}"


- name: create user                              #初始化创建用户
  mysql_user:
    name: "{{ app_user }}"
    password: "{{ app_password }}"
    host: "{{ app_host }}"
    priv: "{{ app_priv }}"
    state: present
    login_user: root
    login_password: "{{ mysql_root_password }}"

- name: create database db_name
  mysql_db:
    name: "{{ db_name }}"
    state: present
    login_user: root
    login_password: "{{ mysql_root_password }}"
vars/vaults.yml
bash 复制代码
#已经加密
[phoenix@controller lnmp-allinone 03:25:24]$ cat roles/mariadb/vars/vaults.yml 
$ANSIBLE_VAULT;1.1;AES256
33373039643838353461623731626130343533326233323233643637656634333738373466646232
3264326661303532313964386432376131313631336637610a306634336664363238616230623432
39663931383437326562643635616331646462666638373332323465393433613732643933373663
3032333434613462660a316631346639303231386438386265323062623865653530343363656664
36333437666537636531363061333234353733393030623034396536346332326161323931363334
65366464333239333062343861656238393432373366323035316530366137636665306237313732
36393731653866373430626539613038303266343761393934623532383534356661386233666235
65303064393039306631623831316533653564663537316464393035633764386232633430363161
61383037663031366466653964653334333838373336643864636266336361666332303135383162
33363364633862313136663433353166323134613362393330663762386161633132316638643065
31326162666138616131633235653662646134626532653733343761663434653938633834383664
33303730343130613561623365643862626666653863613262636163343434633866306563613032
64396363656630626166343732613862346433636335316364623738326130343631

[phoenix@controller lnmp-allinone 03:31:10]$ ansible-vault view roles/mariadb/vars/vaults.yml 
 vault_mysql_password: "1"  
 mysql_root_password: "{{ vault_mysql_password }}"
 db_name: "webapp"
 app_user: "wordpress"
 app_host: "%"
 app_password: "1"  
 app_priv: "webapp.*:ALL"

nginx

tasks/main.yml
bash 复制代码
[phoenix@controller lnmp-allinone 03:31:33]$ cat roles/nginx/tasks/main.yml 

---
- name: install nginx
  yum:
    name: nginx
    state: present 

- name: enable and start nginx
  service:
    name: nginx
    enabled: yes
    state: started

- name: prepare test file for web server
  copy:
    content: hello world from nginx
    dest: /usr/share/nginx/html/index.html

php

files/php.conf
bash 复制代码
#php默认配置 
#inclue fastcgi_params 非常重要
[phoenix@controller roles 03:35:59]$ cat php/files/php.conf
location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}
tasks/main.yml
bash 复制代码
[phoenix@controller roles 03:36:03]$ cat php/tasks/main.yml
---
- name: install php
  yum:
    name: php,php-fpm,php-mysqlnd
    state: present
- name: modify running user for php           #loop循环 修改php默认运行为nginx
  lineinfile:
    path: /etc/php-fpm.d/www.conf
    regexp: "{{ item}} = "
    line: "{{ item }} = nginx"
  loop:
    - user
    - group

- name: enable and start php-fpm.service        #启服
  service:
   name: php-fpm
   enabled: yes
   state: restarted
- name: config php for nginx
  copy:
    src: php.conf
    dest: /etc/nginx/default.d/php.conf
- name: restart nginx
  service:
   name: nginx
   state: restarted

wordpress

defaults/main.yml
bash 复制代码
#wordpress的host地址
[phoenix@controller wordpress 03:38:54]$ cat defaults/main.yml
blog_vhost: blog.phoenix.cloud
tasks/main.yml
bash 复制代码
[phoenix@controller wordpress 03:39:03]$ cat tasks/main.yml 
---
- name: prepare vhost for wordpress                     #source指向j2模板
  template:
    src: wordpress.conf.j2
    dest: /etc/nginx/conf.d/wordpress.conf
- name: create /usr/share/nginx/html/{{ blog_vhost }}   #创建目录 引用在defaults目录中
  file:
    path: /usr/share/nginx/html/{{ blog_vhost }}
    state: directory
- name: Unarchive a wordpress file                     #source指向项目根目录的zip文件
  unarchive:
    src: wordpress-4.9.4-zh_CN.zip
    dest: /usr/share/nginx/html/{{ blog_vhost }}/
    owner: nginx
    group: nginx
- name: restart nginx
  service:
   name: nginx
   state: restarted
templates/wordpress.conf.j2
  • 监听80端口
  • server的变量定义在defaults/main.yml
  • include声明配置文件引用
bash 复制代码
server {
     listen       80;
     server_name  {{ blog_vhost }};
     root         /usr/share/nginx/html/{{ blog_vhost }}/wordpress;
     index index.php;
 
     # Load configuration files for the default server block.
     include /etc/nginx/default.d/*.conf;
     
     # log file
     access_log  /var/log/nginx/access-{{ blog_vhost }}.log;
     error_log /var/log/nginx/error-{{ blog_vhost }}.log;
 }

执行deploy.yml

bash 复制代码
[phoenix@controller lnmp-allinone 02:57:30]$ ansible-playbook deploy.yml --vault-password-file roles/mariadb/files/secret.txt

PLAY [LNMP all in one] **************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************
ok: [lnmp]

TASK [install nginx] ****************************************************************************************************************
ok: [lnmp]

TASK [enable and start nginx] *******************************************************************************************************
ok: [lnmp]

TASK [nginx : prepare test file for web server] *************************************************************************************
ok: [lnmp]

TASK [mariadb : file] ***************************************************************************************************************
ok: [lnmp]

TASK [mariadb : create /etc/mysql] **************************************************************************************************
ok: [lnmp]

TASK [mariadb : deploy database secret key] *****************************************************************************************
ok: [lnmp]

TASK [install mariadb-server] *******************************************************************************************************
ok: [lnmp]

TASK [enable and start mariadb] *****************************************************************************************************
ok: [lnmp]

TASK [mariadb : set root password using vault] **************************************************************************************
[WARNING]: Module did not set no_log for update_password
ok: [lnmp]

TASK [mariadb : set root password] **************************************************************************************************
ok: [lnmp] => (item=node1.phoenix.cloud)
ok: [lnmp] => (item=127.0.0.1)
ok: [lnmp] => (item=::1)

TASK [mariadb : delete user anonymous] **********************************************************************************************
ok: [lnmp]

TASK [mariadb : delete database test] ***********************************************************************************************
ok: [lnmp]

TASK [mariadb : create user] ********************************************************************************************************
ok: [lnmp]

TASK [mariadb : create database db_name] ********************************************************************************************
ok: [lnmp]

TASK [install php] ******************************************************************************************************************
ok: [lnmp]

TASK [modify running user for php] **************************************************************************************************
ok: [lnmp] => (item=user)
ok: [lnmp] => (item=group)

TASK [enable and start php-fpm.service] *********************************************************************************************
changed: [lnmp]

TASK [config php for nginx] *********************************************************************************************************
ok: [lnmp]

TASK [php : restart nginx] **********************************************************************************************************
changed: [lnmp]

TASK [prepare vhost for wordpress] **************************************************************************************************
ok: [lnmp]

TASK [wordpress : create /usr/share/nginx/html/blog.phoenix.cloud] ******************************************************************
ok: [lnmp]

TASK [Unarchive a wordpress file] ***************************************************************************************************
ok: [lnmp]

TASK [wordpress : restart nginx] ****************************************************************************************************
changed: [lnmp]

PLAY RECAP **************************************************************************************************************************
lnmp                       : ok=24   changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

测试

windows

bash 复制代码
#编辑hosts文件
10.1.8.11 blog.phoenix.cloud

浏览器



相关推荐
kjl5365662 小时前
docker命令
运维·docker·容器
野熊佩骑2 小时前
CentOS7二进制安装包方式部署K8S集群之ETCD集群部署
运维·数据库·云原生·容器·kubernetes·centos·etcd
大白的编程日记.6 小时前
【Linux学习笔记】线程概念和控制(二)
linux·笔记·学习
jerryinwuhan6 小时前
VIM和Linux命令速查表
linux·编辑器·vim
小白银子6 小时前
零基础从头教学Linux(Day 45)
linux·运维·junit·openresty
穷人小水滴6 小时前
笔记本 光驱 的内部结构及用法: 应急系统启动 (恢复) 光盘 (DVD+R/RW)
linux
半梦半醒*7 小时前
nginx反向代理和负载均衡
linux·运维·nginx·centos·tomcat·负载均衡
喜欢你,还有大家7 小时前
集群的概述和分类和负载均衡集群
运维·负载均衡
liu****7 小时前
负载均衡式的在线OJ项目编写(六)
运维·c++·负载均衡·个人开发
青草地溪水旁8 小时前
pthread_create详解:打开多线程编程的大门
linux·c/c++