Ansible 部署LNMP
1.环境准备
[wsh@controller ~ ?]$ mkdir LNMP
[wsh@controller ~ ?]$ ls
ansible LNMP
[wsh@controller ~ ?]$ cp ansible/ansible.cfg ansible/inventory LNMP/
[wsh@controller ~ ?]$ cd LNMP/
[wsh@controller LNMP ?]$ ls
ansible.cfg inventory
[wsh@controller LNMP ✔]$ rz -E
rz waiting to receive.
[wsh@controller LNMP ✔]$ ls
ansible.cfg inventory wordpress-4.9.4-zh_CN.zip
#主机清单
[wsh@controller LNMP ✔]$ cat inventory
[lnmps]
lnmp ansible_host=node1
[controllers]
controller
[dev]
node1
[test]
node2
[prod]
node3
node4
# ansible 配置
[wsh@controller LNMP ✔]$ cat ansible.cfg
[defaults]
inventory = ./inventory
remote_user = wsh
vault_password_file=./secret.txt
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
[wsh@controller LNMP ✔]$ cat secret.txt
redhat
2.准备Maria DB
1.变量配置
[wsh@controller LNMP ✔]$ mkdir -p host_vars/lnmp
[wsh@controller LNMP ✔]$ cat host_vars/lnmp/vars.yml
db_name: webapp
[wsh@controller LNMP ✔]$ ansible-vault view host_vars/lnmp/vaults.yml
mysql_root_password: wsh@123
app_user: wordpress
app_password: wsh@123
app_host: '%'
app_priv: '*.*:ALL'
[wsh@controller LNMP ✔]$ vim LNMP-playbook.yml
2.服务的安装启动与安全初始化
---
- name: deploy mariadb
hosts: lnmp
tasks:
#安装
- name: install mariadb
yum:
name:
- mariadb-server
- python2-PyMySQL
state: present
# 启动
- name: enabled and start db
service:
name: mariadb
enabled: yes
state: started
# 设置 root 密码
- name: set root@localhost password
shell: mysqladmin password {{ mysql_root_password }}
ignore_errors: yes
- name: set root password
mysql_user:
name: root
password: "{{ mysql_root_password }}"
host: "{{ item }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
with_items:
- "{{ ansible_fqdn }}"
- 127.0.0.1
- ::1
# 删除匿名用户
- name: delete user anonymous
mysql_user:
name: ""
host_all: yes
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
#login_unix_socket: /var/lib/mysql/mysql.sock
# 删除测试数据库
- name: delete database test
mysql_db:
name: test
state: absent
login_user: root
login_password: "{{ mysql_root_password }}"
3.创建用户与数据库
#创建新用户和库
- name: prepare db for webapp
hosts: lnmp
tasks:
# 创建新用户
- name: create user {{ user }}
mysql_user:
name: "{{ app_user }}"
password: "{{ app_password }}"
host: "{{ app_host }}"
priv: "{{ app_priv }}"
state: present
login_user: root
login_password: "{{ mysql_root_password }}"
# 创建新库
- name: create database db_name
mysql_db:
name: "{{ db_name }}"
state: present
login_user: root
3.准备nginx
安装和启动服务器
#准备web服务器
- name: deploy web server
hosts: lnmp
tasks:
- name: install nginx
yum:
name: nginx
state: present
#启动服务
- name: enabled and started nginx
services:
name: nginx
state: started
enabled: yes
- name: prepare test page
copy:
content: hello world from nginx
dest: /usr/share/nginx/html/index.html
4.准备php
1.准备配置文档
[wsh@controller LNMP ✔]$ vim php.conf
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
2.安装与启动php
#准备php服务
- name: php
hosts: lnmp
tasks:
- name: install php
yum:
name: php,php-fpm,php-mysqlnd
state: present
#准备配置文件
- name: modify running user for php
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: "{{ item }} = "
line: "{{ item }} = nginx"
loop:
- user
- group
#启动php服务
- name: enabled and start php
services:
name: php-fpm
state: started
enabled: yes
#为nginx配置php
- name: config php for nginx
copy:
src: php.conf
dest: /etc/nginx/default.d/php.conf
- name: restart nginx
service: nginx
state: restarted
5.准备webapp文件
1.准备配置文档
[wsh@controller LNMP ✔]$ vim vhost-wordpress.conf.j2
server {
listen 80;
server_name {{ blog_vhost }};
root /usr/share/nginx/html/{{ blog_vhost }}/wordpress;
index index.php;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# log file
access_log /var/log/nginx/access-{{ blog_vhost }}.log;
error_log /var/log/nginx/error-{{ blog_vhost }}.log;
}
2.准备文件
#准备webapp文件
- name: deploy web app
hosts: lnmp
vars:
blog_vhost: blog.wsh.cloud
tasks:
#准备虚拟主机
- name: prepare vhost
template:
src: vhost-wordpress.conf.j2
dest: /etc/nginx/conf.d/vhost-wordpress.conf
#准备虚拟主机目录
- name: create /usr/share/nginx/html/{{ blog_vhost }}
file:
path: /usr/share/nginx/html/{{ blog_vhost }}
state: directory
#准备webapp文件
- name: Unarchive a worepress file
unarchive:
src: wordpress-4.9.4-zh_CN.zip
dest: /usr/share/nginx/html/{{ blog_vhost }}/
owner: nginx
group: nginx
#重启nginx
- name: restart nginx
service:
name: nginx
state: restarted
6.执行ansible
1.测试playbook
[wsh@controller LNMP ✔]$ ansible-playbook LNMP-playbook.yml --syntax-check
playbook: LNMP-playbook.yml
2.执行测试
[wsh@controller LNMP ✔]$ ansible-playbook LNMP-playbook.yml
PLAY [deploy mariadb] *******************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [lnmp]
TASK [install mariadb] ******************************************************************
changed: [lnmp]
TASK [enabled and start db] *************************************************************
changed: [lnmp]
TASK [set root@localhost password] ******************************************************
changed: [lnmp]
TASK [set root password] ****************************************************************
changed: [lnmp] => (item=node1.wsh.cloud)
changed: [lnmp] => (item=127.0.0.1)
changed: [lnmp] => (item=::1)
[WARNING]: Module did not set no_log for update_password
TASK [delete user anonymous] ************************************************************
changed: [lnmp]
TASK [delete database test] *************************************************************
changed: [lnmp]
PLAY [prepare db for webapp] ************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [lnmp]
TASK [create user {{ user }}] ***********************************************************
changed: [lnmp]
TASK [create database db_name] **********************************************************
changed: [lnmp]
PLAY [deploy web server] ****************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [lnmp]
TASK [install nginx] ********************************************************************
changed: [lnmp]
TASK [enabled and started nginx] ********************************************************
changed: [lnmp]
TASK [prepare test page] ****************************************************************
changed: [lnmp]
PLAY [php] ******************************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [lnmp]
TASK [install php] **********************************************************************
changed: [lnmp]
TASK [modify running user for php] ******************************************************
changed: [lnmp] => (item=user)
changed: [lnmp] => (item=group)
TASK [enabled and start php] ************************************************************
changed: [lnmp]
TASK [config php for nginx] *************************************************************
changed: [lnmp]
TASK [restart nginx] ********************************************************************
changed: [lnmp]
PLAY [deploy web app] *******************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [lnmp]
TASK [prepare vhost] ********************************************************************
changed: [lnmp]
TASK [create /usr/share/nginx/html/blog.wsh.cloud] **************************************
changed: [lnmp]
TASK [Unarchive a worepress file] *******************************************************
changed: [lnmp]
TASK [restart nginx] ********************************************************************
changed: [lnmp]
PLAY RECAP ******************************************************************************
lnmp : ok=25 changed=20 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
3.结果验证
