LAMP分离部署
环境准备
| 系统 | IP | 名称 |
|---|
| RedHat 8 | 192.168.159.5 | master |
| RedHat 8 | 192.168.159.3 | apache |
| RedHat 8 | 192.168.159.6 | mysql |
| RedHat 8 | 192.168.159.7 | php |
安装过程
主机配置
下载httpd源码包以及apr,apr-util工具
wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.48.tar.gz
wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.gz
wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz
下载MySQL包
wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
配置yum
[root@master lamp]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-8.repo
[root@master lamp]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@master lamp]# sed -i 's#\$releasever#8#g' /etc/yum.repos.d/CentOS-Base.repo
[root@master lamp]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm
[root@master lamp]# sed -i 's|^#baseurl=https://download.fedoraproject.org/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*
[root@master lamp]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*
[root@master lamp]# sed -i 's#\$releasever#8#g' /etc/yum.repos.d/epel.repo
做SSH免密登录
[root@master ~]# vim /etc/hosts
[root@master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.159.3 httpd
192.168.159.6 mysql
192.168.159.7 php
[root@master ~]# ssh-keygen -t rsa //获取秘钥
[root@master ~]# ssh-copy-id root@httpd //将秘钥copy到HTTPD主机上
[root@master ~]# ssh-copy-id root@mysql //将秘钥copy到MySQL主机上
[root@master ~]# ssh-copy-id root@php //将秘钥copy到PHP主机上
将node1、node2、node3加入主机Ansible清单里
[root@master ~]# vim /etc/ansible/ansible.cfg
[defaults]
# some basic default values...
#inventory = /etc/ansible/hosts
inventory = /etc/ansible/inventory //修改清单地址
[root@master ~]# mkdir lamp
[root@master ~]# cd lamp
[root@master lamp]# cp /etc/ansible/ansible.cfg .
[root@master lamp]# vim inventory
[root@master lamp]# cat inventory
[apache]
192.168.159.3
[mysql]
192.168.159.6
[php]
192.168.159.7
检测节点机连接是否正常
[root@master lamp]# ansible all -m ping
192.168.159.7 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.159.6 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
192.168.159.3 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
yum源Playbook
[root@master lamp]# vim base/base.yml
[root@master lamp]# cat base/base.yml
---
- hosts: all
tasks:
- name: yum warehouse
yum_repository:
name: "{{ item }}"
description: "{{ item }}"
file: "{{ item }}"
baseurl: https://mirrors.aliyun.com/centos/8/{{ item }}/x86_64/os/
gpgcheck: no
enabled: yes
loop:
- BaseOS
- AppStream
- name: epel
yum_repository:
name: epel
description: epel
file: epel
baseurl: https://mirrors.aliyun.com/epel/8/Everything/x86_64/
gpgcheck: no
enabled: yes
- name: stop firewalld
service:
name: firewalld
state: stopped
- name: disabled selinux
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=disabled
- name: stop selinux
shell: setenforce 0
[root@master lamp]# ansible-playbook base/base.yml
PLAY [all] *************************************************************************************************************************************************************************
TASK [Gathering Facts] *************************************************************************************************************************************************************
ok: [192.168.159.3]
ok: [192.168.159.6]
ok: [192.168.159.7]
TASK [yum warehouse] ***************************************************************************************************************************************************************
changed: [192.168.159.3] => (item=BaseOS)
changed: [192.168.159.7] => (item=BaseOS)
changed: [192.168.159.6] => (item=BaseOS)
changed: [192.168.159.3] => (item=AppStream)
changed: [192.168.159.7] => (item=AppStream)
changed: [192.168.159.6] => (item=AppStream)
TASK [epel] ************************************************************************************************************************************************************************
changed: [192.168.159.6]
changed: [192.168.159.3]
changed: [192.168.159.7]
TASK [stop firewalld] **************************************************************************************************************************************************************
changed: [192.168.159.7]
changed: [192.168.159.3]
changed: [192.168.159.6]
TASK [disabled selinux] ************************************************************************************************************************************************************
changed: [192.168.159.7]
changed: [192.168.159.3]
changed: [192.168.159.6]
TASK [stop selinux] ****************************************************************************************************************************************************************
changed: [192.168.159.6]
changed: [192.168.159.7]
changed: [192.168.159.3]
PLAY RECAP *************************************************************************************************************************************************************************
192.168.159.3 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.159.6 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.159.7 : ok=6 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
//执行成功
Apache配置
yum安装包循环yml
[root@master lamp]# mkdir web/apache/depend/
[root@master lamp]# vim web/apache/depend/apache_depend.yml
[root@master lamp]# cat web/apache/depend/apache_depend.yml
packages:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
[root@master lamp]# vim web/apache/scripts/packeages.sh
[root@master lamp]# cat web/apache/scripts/packeages.sh
#! /bin/bash
#install apr
sed -i 's/\$RM "$cfgfile"/\#\$RM "$cfgfile"/' apr-1.7.0/configure
cd apr-1.7.0
./configure --prefix=/usr/local/apr
mkae $$ make install
cd
#install apr-util
cd /root/apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make $$ make install
cd
#install apache
cd httpd-2.4.46
./configure --prefix=/usr/local/apache \
--sysconfdir=/etc/httpd24 \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
make $$ make install
cd
#variable
echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
#include
ln -s /usr/local/apache/include/ /usr/include/httpd
#playbook
[root@master lamp]# vim web/apache/httpd.yml
---
- hosts: node1
vars:
php_ip: 192.168.159.7
vars_files:
- depend/apache_depend.yml
tasks:
- name: install
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: package group
yum:
name: "@Development tools"
state: present
- name: create user
user:
name: user
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: copy packages
copy:
src: packages/
dest: /root/
- name: uncompress
shell: "tar xf apr-1.7.0.tar.bz2 && tar xf apr-util-1.6.1.tar.gz && tar xf httpd-2.4.48.tar.gz"
- name: install packages
script: scripts/packages.sh
- name: start httpd
shell: "/usr/local/httpd/bin/apachectl start"
[root@master lamp]# ansible-playbook web/apache/httpd.yml
MySQL配置
编辑模板文件
[root@master lamp]# mkdir databases/mysql/templates
[root@master lamp]# vim databases/mysql/templates/my.j2
[root@master lamp]# cat databases/mysql/templates/my.j2
[mysqld]
basedir = /usr/local/mysql
datadir = /mydata
socket = /tmp/mysql.sock
port = 3306
pid-file = /mydata/mysql.pid
user = mysql
skip-name-resolve
#script
[root@master lamp]# mkdir databases/mysql/scripts
[root@master lamp]# vim databases/mysql/scripts/install.sh
#! /bin/bash
# uncompress
tar -xf /root/ mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
# link
ln -s /usr/local/ mysql-5.7.31-linux-glibc2.12-x86_64/ /usr/local/mysql
# chown
chown -R mysql.mysql /usr/local/mysql*
# variable
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
# include
ln -s /usr/local/mysql/include/ /usr/local/mysql
# lib
echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf
ldconfig
#initizlize mysql
/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/mydata > /root/password 2>&1
# start script
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#^(basedir=).*#\1/usr/local/mysql#g' /etc/init.d/mysqld
sed -ri 's#^(datadir=).*#\1/mydata#g' /etc/init.d/mysqld
# start mysql
service mysqld start
循环yml
[root@master lamp]# mkdir databases/mysql/depend
[root@master lamp]# vim databases/mysql/depend/depend_mysql.yml
[root@master lamp]# cat databases/mysql/depend/depend_mysql.yml
packages:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- ncurses-compat-libs
#playbook
[root@master lamp]# vim databases/mysql/mysql.yml
[root@master lamp]# cat databases/mysql/mysql.yml
---
- hosts: mysql
vars_files:
- depend/depend_mysql.yml
tasks:
- name: install packages
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: copy mysql
copy:
src: packages/mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
dest: /root/
- name: create user
user:
name: '{{ user }}'
system: yes
create_home: no
shell: /sbin/nologin
state: present
- name: create datadir
file:
path: /mydata
owner: '{{ user }}'
group: '{{ user }}'
state: directory
- name: my.cnf
template:
src: templates/my.j2
dest: /etc/my.cnf
- name: script
script: scripts/install.sh
修改密码playbook
[root@master lamp]# vim databases/mysql/passwd.yml
[root@master lamp]# cat databases/mysql/passwd.yml
---
- hosts: mariadb
tasks:
- name: change password
shell: /usr/local/mysql/bin/mysql -uroot -p"$(awk '/password/{print$NF}' /root/password)" --connect-expired-password -e "set password = password(\"123456\");"
加密密码剧本
[root@master lamp]# ansible-vault encrypt databases/mysql/passwd.yml
New Vault password:
Confirm New Vault password:
Encryption successful
记录密码
[root@master lamp]# echo '123456' > databases/mysql/.mysqlpasswd
修改密码文件权限
[root@master lamp]# chmod 600 databases/mysql/.mysqlpasswd
执行playbook
[root@master lamp]# ansible-playbook databases/mysql/mysql.yml
PHP配置
循环yml
root@master lamp]# mkdir application/php/depend
[root@master lamp]# vim application/php/depend/depend_php.yml
[root@master lamp]# cat application/php/depend/depend_php.yml
packages:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-dedvel
- libjpeq
- libjpeq-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
#playbook
[root@master lamp]# vim application/php/php.yml
[root@master lamp]# cat application/php/php.yml
---
- hosts: php
vars:
httpd_ip: 192.168.159.3
vars_files:
- ./depend/depend_php.yml
tasks:
- name: install depend
yum:
name: '{{ item }}'
state: present
loop: '{{ packages }}'
- name: install php
yum:
name: php-*
state: present
- name: modify socket
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen='
line: listen = 0.0.0.0:9000
- name: conf
lineinfile:
path: /etc/php-fpm.d/www.conf
regexp: '^listen.allowed_clients ='
line: listen.allowed_clients = 192.168.159.3
- name: index.php
shell: 'echo -e "<?php\n\tphpinfo();\n?>" > /vat/www/html/index.php'
- name: start php-fpm
service:
name: php-fpm
state: started
执行playbook
ansible-playbook application/php/php.yml
目录结构
[root@master lamp]# tree
.
├── ansible.cfg
├── application
│ └── php
│ ├── depend
│ │ └── depend_php.yml
│ └── php.yml
├── base
│ └── base.yml
├── databases
│ └── mysql
│ ├── depend
│ │ └── depend_mysql.yml
│ ├── mysql.yml
│ ├── passwd.yml
│ ├── scripts
│ │ └── install.sh
│ └── templates
│ └── my.j2
├── inventory
└── web
└── apache
├── depend
│ └── apache_depend.yml
├── httpd.yml
└── scripts
└── packeages.sh
-e5651c91ea8f4875ab4272337398cabe.JPG)
评论区