提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
文章目录
- 前言
- 一、环境准备
-
- [1.1 主机规划](#1.1 主机规划)
- [1.2 主机清单配置](#1.2 主机清单配置)
- [1.3 创建角色目录结构](#1.3 创建角色目录结构)
- 二、编写Nginx角色
-
- [2.1 任务(Tasks)配置](#2.1 任务(Tasks)配置)
-
- [2.1.1 初始化任务](#2.1.1 初始化任务)
- [2.1.2 主任务文件](#2.1.2 主任务文件)
- [2.2 变量(Vars)定义](#2.2 变量(Vars)定义)
- [2.3 处理程序(Handlers)](#2.3 处理程序(Handlers))
- [2.4 配置文件](#2.4 配置文件)
- 三、编写MySQL角色
-
- [3.1 任务(Tasks)配置](#3.1 任务(Tasks)配置)
- [3.2 变量(Vars)定义](#3.2 变量(Vars)定义)
- 四、编写PHP角色
-
- [4.1 任务(Tasks)配置](#4.1 任务(Tasks)配置)
- [4.2 变量(Vars)定义](#4.2 变量(Vars)定义)
- [4.3 处理程序(Handlers)](#4.3 处理程序(Handlers))
- [4.4 配置文件](#4.4 配置文件)
-
- [4.4.1 PHP测试页面](#4.4.1 PHP测试页面)
- [4.4.2 PHP-FPM配置文件](#4.4.2 PHP-FPM配置文件)
- 五、编写主剧本
- 运行剧本
- 总结
前言
使用Ansible角色(Roles)来自动化部署LNMP(Linux + Nginx + MySQL + PHP)环境,实现一键式部署
一、环境准备
1.1 主机规划
在本实践中,我们使用以下主机环境:
192.168.10.22 - Ansible控制节点
192.168.10.14 - Web服务器,准备安装Nginx
192.168.10.15 - 数据库服务器,准备安装MySQL
192.168.10.16 - PHP服务器,准备安装PHP
1.2 主机清单配置
首先需要在Ansible控制节点上配置主机清单文件:
bash
vim /etc/ansible/hosts
[webservers]
192.168.10.14
[dbservers]
192.168.10.15
[phpservers]
192.168.10.161.3 创建角色目录结构
Ansible角色采用标准的目录结构,便于管理和维护:
bash
# 创建nginx角色目录
mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta} -p
# 创建mysql角色目录
mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta} -p
# 创建php角色目录
mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta} -p
# 创建各角色的主配置文件
touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml二、编写Nginx角色
2.1 任务(Tasks)配置
2.1.1 初始化任务
创建初始化任务文件,包含系统基础配置:
bash
vim /etc/ansible/roles/nginx/tasks/init.yml
- name: disable selinux
command: '/usr/sbin/setenforce 0'
ignore_errors: true
- name: disable firewalld
service:
name: firewalld
state: stopped
enabled: no2.1.2 主任务文件
定义Nginx安装和配置的主要任务:
bash
vim /etc/ansible/roles/nginx/tasks/main.yml
- include: init.yml
- name: install nginx repo
yum:
name: "{{ repo }}"
- name: install nginx
yum:
name: "{{ app }}"
state: latest
- name: prepare httpd configuration file
copy:
src: default.conf
dest: /etc/nginx/conf.d/default.conf
notify:
- restart nginx
- name: start nginx
service:
name: "{{ svc }}"
state: started
enabled: yes2.2 变量(Vars)定义
定义Nginx角色使用的变量:
bash
vim /etc/ansible/roles/nginx/vars/main.yml
repo: http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
app: nginx
svc: nginx2.3 处理程序(Handlers)
定义Nginx服务重启的处理程序:
bash
vim /etc/ansible/roles/nginx/handlers/main.yml
- name: restart nginx
service:
name: "{{ svc }}"
state: restarted2.4 配置文件
准备Nginx的配置文件:
bash
vim /etc/ansible/roles/nginx/files/default.conf
server {
listen 80;
server_name www.simoncwh.com;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
root /www;
fastcgi_pass 192.168.10.16:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}三、编写MySQL角色
3.1 任务(Tasks)配置
bash
定义MySQL安装和配置任务
vim /etc/ansible/roles/mysql/tasks/main.yml
- include: init.yml
- name: install mysql repo first
yum:
name: "{{ repo }}"
- name: install mysql repo second
replace:
path: /etc/yum.repos.d/mysql-community.repo
regexp: '^gpgcheck=1'
replace: 'gpgcheck=0'
- name: install mysql app
yum:
name: "{{ app }}"
state: latest
- name: mysql start
service:
name: "{{ svc }}"
state: started
enabled: yes
- name: first password
shell: mysql -uroot -p"{{ passwd }}" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';"
- name: sudo login
shell: mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"3.2 变量(Vars)定义
定义MySQL角色使用的变量:
bash
vim /etc/ansible/roles/mysql/vars/main.yml
repo: https://repo.mysql.com/mysql57-community-release-el7-11.noarch.rpm
passwd: $(grep "password" /var/log/mysqld.log | awk '{print $NF}')
app: mysql-server
svc: mysqld四、编写PHP角色
4.1 任务(Tasks)配置
bash
定义PHP安装和配置任务:
vim /etc/ansible/roles/php/tasks/main.yml
- include: init.yml
- name: install php repo
yum:
name: "{{ repo }}"
- name: install php app
yum:
name: "{{ app }}"
ignore_errors: true
- name: add php user
user:
name: php
shell: /sbin/nologin
- name: create /www dir
file:
path: /www
state: directory
- name: copy index.php
copy:
src: index.php
dest: /www/index.php
- name: copy configuration file
copy:
src: www.conf
dest: /etc/php-fpm.d/www.conf
notify:
- reload php-fpm
- name: modify php.ini
replace:
path: /etc/php.ini
regexp: ;date.timezone =
replace: date.timezone = Asia/shanghai
- name: start php-fpm
service:
name: "{{ svc }}"
state: started
enabled: yes4.2 变量(Vars)定义
定义PHP角色使用的变量:
bash
vim /etc/ansible/roles/php/vars/main.yml
app:
- php72w
- php72w-cli
- php72w-common
- php72w-devel
- php72w-embedded
- php72w-gd
- php72w-mbstring
- php72w-pdo
- php72w-xml
- php72w-fpm
- php72w-mysqlnd
- php72w-opcache
svc: php-fpm
repo:
- epel-release
- https://mirror.webtatic.com/yum/el7/webtatic-release.rpm4.3 处理程序(Handlers)
定义PHP-FPM服务重启的处理程序:
bash
vim /etc/ansible/roles/php/handlers/main.yml
- name: reload php-fpm
service:
name: "{{ svc }}"
state: restarted4.4 配置文件
4.4.1 PHP测试页面
创建PHP测试页面,用于验证PHP与MySQL的连接:
bash
vim /etc/ansible/roles/php/files/index.php
<?php
$link=mysqli_connect('192.168.10.15','root','Admin@123');
if($link) echo "<h1>Success!!</h1>";
else echo "Fail!!";
?>4.4.2 PHP-FPM配置文件
配置PHP-FPM服务,确保与Nginx正常通信
bash
vim /etc/ansible/roles/php/files/www.conf
; 精简后的关键配置
[www]
user = php
group = php
listen = 192.168.10.16:9000
listen.allowed_clients = 192.168.10.14
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35五、编写主剧本
创建主剧本文件,编排各个角色的执行顺序:
bash
# role_lnmp.yml
---
- hosts: webservers
remote_user: root
roles:
- nginx
- hosts: dbservers
remote_user: root
roles:
- mysql
- hosts: phpservers
remote_user: root
roles:
- php运行剧本
bash
cd /etc/ansible
ansible-playbook role_lnmp.yml