ansible部署lnmp-allinone
技术栈 Linux Nginx mariadb PHP(wordpress) JINJA2
目录规则
yaml
roles/
└── 角色名/ # 角色根目录(如:mariadb、nginx、wordpress)
├── defaults/ # 角色的默认变量(优先级最低)
│ └── main.yml # 默认变量入口文件(必须命名为main.yml)
├── vars/ # 角色的自定义变量(优先级较高)
│ └── main.yml # 自定义变量入口文件(必须命名为main.yml)
├── tasks/ # 角色的任务列表(核心)
│ └── main.yml # 任务入口文件(必须命名为main.yml,可通过include引入其他任务文件)
├── handlers/ # 角色的处理器(用于触发服务重启等操作)
│ └── main.yml # 处理器入口文件(必须命名为main.yml)
├── templates/ # 模板文件(.j2格式,用于动态生成配置文件)
│ └── xxx.conf.j2 # 示例:Nginx配置模板、MySQL配置模板等
├── files/ # 静态文件(无需动态渲染,直接复制到目标节点)
│ └── xxx.tar.gz # 示例:应用安装包、静态配置文件等
├── meta/ # 角色的元数据(如角色依赖、作者、版本等)
│ └── main.yml # 元数据入口文件(必须命名为main.yml)
├── library/ # 角色专属的自定义模块(较少用)
├── module_utils/ # 角色专属的模块工具函数(较少用)
└── tests/ # 角色的测试文件(用于验证角色功能,如test.yml)TIPS
- roles角色中请按照ansible推荐目录拓扑创建
- 在使用roles角色编写变量时检查全局变量和局部变量
- roles角色中编写playbook请忽略顶层字段
- 定义变量时反复检查,不要引用混乱,debug很痛苦
环境准备
yaml
[phoenix@controller lnmp-allinone 03:01:38]$ tree
lnmp-allinone
├── ansible.cfg
├── deploy.yml
├── inventory
├── roles
│ ├── mariadb
│ │ ├── files
│ │ │ └── secret.txt
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── vars
│ │ └── vaults.yml
│ ├── nginx
│ │ └── tasks
│ │ └── main.yml
│ ├── php
│ │ ├── files
│ │ │ └── php.conf
│ │ └── tasks
│ │ └── main.yml
│ └── wordpress
│ ├── defaults
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── templates
│ └── wordpress.conf.j2
└── wordpress-4.9.4-zh_CN.zip全局文件 部署/变量
ansible.cfg
- inventory指定环境
- roles_path指定绝对路径
- become提权
bash
[phoenix@controller lnmp-allinone 03:14:27]$ cat ansible.cfg
[defaults]
remote_user = phoenix
inventory = ./inventory
#gathering = explicit
vault_password_file= /home/phoenix/lnmp-allinone/roles/mariadb/files/secret.txt
roles_path = /home/phoenix/lnmp-allinone/roles
#collections_paths = ./collections
[privilege_escalation]
become = True
become_user = root
become_method = sudo
become_ask_pass = Falsedeploy.yml
- vars_files单独指向加密文件vaults.yml
bash
[phoenix@controller lnmp-allinone 03:16:39]$ cat deploy.yml
---
- name: LNMP all in one
hosts: lnmp
become: yes
vars_files:
- "/home/phoenix/lnmp-allinone/roles/mariadb/vars/vaults.yml"
roles:
- nginx
- mariadb
- php
- wordpressinventory
- 组名要加s
- host指向node1
bash
[phoenix@controller lnmp-allinone 03:16:43]$ cat inventory
[lnmps]
lnmp ansible_host=node1
[controllers]
controller
[dev]
node1
[test]
node2
[prod]
node3
node4roles角色目录
mariadb
files/secret.txt
secret.txt为解密文件,包含解密的明文
执行deploy.yml参数
--vault-password-file roles/mariadb/files/secret.txt
- 代表使用解密文件执行,安全系数中等
- 生产环境等需求需要更高安全系数,可以对
secret.txt再次执行ansible-vault encrypt secret.txt
tasks/main.yml
bash
---
- name: file #声明环境var变量目录的vaults.yml
include_vars:
file: roles/mariadb/vars/vaults.yml
- name: create /etc/mysql #创建/etc/mysql目录 copy密钥key
file:
path: /etc/mysql
state: directory
mode: '0755'
- name: deploy database secret key #部署数据库密钥 授权0600
copy:
src: files/secret.txt
dest: /etc/mysql/secret.txt
mode: '0600'
- name: install mariadb-server #安装mariadb 启服
yum:
name:
- mariadb-server
- python2-PyMySQL
state: present
- name: enable and start mariadb
service:
name: mariadb
enabled: yes
state: started
- name: set root password using vault #通过使用加密文件登录设置root密码
mysql_user:
name: root
password: "{{ vault_mysql_password }}"
priv: "*.*:ALL,GRANT"
login_user: root
login_password: "{{ vault_mysql_password }}"
ignore_errors: yes
- name: set root password
mysql_user:
name: wordpress
password: "{{ mysql_root_password }}"
host: "{{ item }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
with_items:
- "{{ ansible_fqdn }}"
- 127.0.0.1
- ::1
- name: delete user anonymous #删除匿名用户
mysql_user:
name: ""
host_all: yes
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
#login_unix_socket: /var/lib/mysql/mysql.sock
- name: delete database test #删除演示用数据库
mysql_db:
name: test
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
- name: create user #初始化创建用户
mysql_user:
name: "{{ app_user }}"
password: "{{ app_password }}"
host: "{{ app_host }}"
priv: "{{ app_priv }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
- name: create database db_name
mysql_db:
name: "{{ db_name }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"vars/vaults.yml
bash
#已经加密
[phoenix@controller lnmp-allinone 03:25:24]$ cat roles/mariadb/vars/vaults.yml
$ANSIBLE_VAULT;1.1;AES256
33373039643838353461623731626130343533326233323233643637656634333738373466646232
3264326661303532313964386432376131313631336637610a306634336664363238616230623432
39663931383437326562643635616331646462666638373332323465393433613732643933373663
3032333434613462660a316631346639303231386438386265323062623865653530343363656664
36333437666537636531363061333234353733393030623034396536346332326161323931363334
65366464333239333062343861656238393432373366323035316530366137636665306237313732
36393731653866373430626539613038303266343761393934623532383534356661386233666235
65303064393039306631623831316533653564663537316464393035633764386232633430363161
61383037663031366466653964653334333838373336643864636266336361666332303135383162
33363364633862313136663433353166323134613362393330663762386161633132316638643065
31326162666138616131633235653662646134626532653733343761663434653938633834383664
33303730343130613561623365643862626666653863613262636163343434633866306563613032
64396363656630626166343732613862346433636335316364623738326130343631
[phoenix@controller lnmp-allinone 03:31:10]$ ansible-vault view roles/mariadb/vars/vaults.yml
vault_mysql_password: "1"
mysql_root_password: "{{ vault_mysql_password }}"
db_name: "webapp"
app_user: "wordpress"
app_host: "%"
app_password: "1"
app_priv: "webapp.*:ALL"nginx
tasks/main.yml
bash
[phoenix@controller lnmp-allinone 03:31:33]$ cat roles/nginx/tasks/main.yml
---
- name: install nginx
yum:
name: nginx
state: present
- name: enable and start nginx
service:
name: nginx
enabled: yes
state: started
- name: prepare test file for web server
copy:
content: hello world from nginx
dest: /usr/share/nginx/html/index.htmlphp
files/php.conf
bash
#php默认配置
#inclue fastcgi_params 非常重要
[phoenix@controller roles 03:35:59]$ cat php/files/php.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}tasks/main.yml
bash
[phoenix@controller roles 03:36:03]$ cat php/tasks/main.yml
---
- name: install php
yum:
name: php,php-fpm,php-mysqlnd
state: present
- name: modify running user for php #loop循环 修改php默认运行为nginx
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: "{{ item}} = "
line: "{{ item }} = nginx"
loop:
- user
- group
- name: enable and start php-fpm.service #启服
service:
name: php-fpm
enabled: yes
state: restarted
- name: config php for nginx
copy:
src: php.conf
dest: /etc/nginx/default.d/php.conf
- name: restart nginx
service:
name: nginx
state: restartedwordpress
defaults/main.yml
bash
#wordpress的host地址
[phoenix@controller wordpress 03:38:54]$ cat defaults/main.yml
blog_vhost: blog.phoenix.cloudtasks/main.yml
bash
[phoenix@controller wordpress 03:39:03]$ cat tasks/main.yml
---
- name: prepare vhost for wordpress #source指向j2模板
template:
src: wordpress.conf.j2
dest: /etc/nginx/conf.d/wordpress.conf
- name: create /usr/share/nginx/html/{{ blog_vhost }} #创建目录 引用在defaults目录中
file:
path: /usr/share/nginx/html/{{ blog_vhost }}
state: directory
- name: Unarchive a wordpress file #source指向项目根目录的zip文件
unarchive:
src: wordpress-4.9.4-zh_CN.zip
dest: /usr/share/nginx/html/{{ blog_vhost }}/
owner: nginx
group: nginx
- name: restart nginx
service:
name: nginx
state: restartedtemplates/wordpress.conf.j2
- 监听80端口
- server的变量定义在defaults/main.yml
- include声明配置文件引用
bash
server {
listen 80;
server_name {{ blog_vhost }};
root /usr/share/nginx/html/{{ blog_vhost }}/wordpress;
index index.php;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# log file
access_log /var/log/nginx/access-{{ blog_vhost }}.log;
error_log /var/log/nginx/error-{{ blog_vhost }}.log;
}执行deploy.yml
bash
[phoenix@controller lnmp-allinone 02:57:30]$ ansible-playbook deploy.yml --vault-password-file roles/mariadb/files/secret.txt
PLAY [LNMP all in one] **************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************
ok: [lnmp]
TASK [install nginx] ****************************************************************************************************************
ok: [lnmp]
TASK [enable and start nginx] *******************************************************************************************************
ok: [lnmp]
TASK [nginx : prepare test file for web server] *************************************************************************************
ok: [lnmp]
TASK [mariadb : file] ***************************************************************************************************************
ok: [lnmp]
TASK [mariadb : create /etc/mysql] **************************************************************************************************
ok: [lnmp]
TASK [mariadb : deploy database secret key] *****************************************************************************************
ok: [lnmp]
TASK [install mariadb-server] *******************************************************************************************************
ok: [lnmp]
TASK [enable and start mariadb] *****************************************************************************************************
ok: [lnmp]
TASK [mariadb : set root password using vault] **************************************************************************************
[WARNING]: Module did not set no_log for update_password
ok: [lnmp]
TASK [mariadb : set root password] **************************************************************************************************
ok: [lnmp] => (item=node1.phoenix.cloud)
ok: [lnmp] => (item=127.0.0.1)
ok: [lnmp] => (item=::1)
TASK [mariadb : delete user anonymous] **********************************************************************************************
ok: [lnmp]
TASK [mariadb : delete database test] ***********************************************************************************************
ok: [lnmp]
TASK [mariadb : create user] ********************************************************************************************************
ok: [lnmp]
TASK [mariadb : create database db_name] ********************************************************************************************
ok: [lnmp]
TASK [install php] ******************************************************************************************************************
ok: [lnmp]
TASK [modify running user for php] **************************************************************************************************
ok: [lnmp] => (item=user)
ok: [lnmp] => (item=group)
TASK [enable and start php-fpm.service] *********************************************************************************************
changed: [lnmp]
TASK [config php for nginx] *********************************************************************************************************
ok: [lnmp]
TASK [php : restart nginx] **********************************************************************************************************
changed: [lnmp]
TASK [prepare vhost for wordpress] **************************************************************************************************
ok: [lnmp]
TASK [wordpress : create /usr/share/nginx/html/blog.phoenix.cloud] ******************************************************************
ok: [lnmp]
TASK [Unarchive a wordpress file] ***************************************************************************************************
ok: [lnmp]
TASK [wordpress : restart nginx] ****************************************************************************************************
changed: [lnmp]
PLAY RECAP **************************************************************************************************************************
lnmp : ok=24 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 测试
windows
bash
#编辑hosts文件
10.1.8.11 blog.phoenix.cloud浏览器
