ansible自动化运维工具上部署lnmp架构
准备四台服务器,一台安装ansible,进行管理与控制;一台安装mysql,存放数据;一台安装nginx,实现反向代理;最后安装php。
CentOS7 |
IP |
运用 |
|
192.168.228.20 |
nginx |
|
192.168.228.21 |
mysql数据库 |
|
192.168.228.23 |
php |
|
192.168.228.30 |
ansible运维工具 |
ansible安装
yum源安装
[root@arongya ~]# cd /etc/yum.repos.d/
[root@arongya yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:-100 1572 100 1572 0 0 5815 0 --:--:-- --:--:-- --:--:-- 5865
[root@arongya yum.repos.d]# rm -rf CentOS-*
[root@arongya yum.repos.d]# ls
CentOS7-Base-163.repo
[root@arongya yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@arongya yum.repos.d]# sed -i 's/^enable=.*/enable=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@arongya yum.repos.d]# yum -y install epel-release
安装ansible
[root@arongya ~]# yum -y install ansible ansible-doc
查看ansible的版本
[root@arongya ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
配置ssh
[root@arongya ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:WOMTPDiX24K9QKRWBRl9mTwXah1/3GisIwy2c23lXmk root@arongya
The key's randomart image is:
+---[RSA 2048]----+
| =*.. oo. |
| +.o..*o.+ o.|
| o + @.oo. * +|
| . . X @ . = ..|
| + S = = .E.|
| . * o o.. |
| . . |
| |
| |
+----[SHA256]-----+
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.20
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.21
[root@arongya .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.228.23
将要配置nginx、mysql、php的被控主机的IP添加到ansible主机清单
[root@arongya ~]# vim /etc/ansible/hosts
[root@arongya ~]# tail -8 /etc/ansible/hosts
[nginx]
192.168.228.20
[mysql]
192.168.228.21
[php]
192.168.228.23
运用ping模块检查指定节点机器是否连接
[root@arongya ~]# ansible all -m ping
192.168.228.20 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.228.23 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.228.21 | SUCCESS => {
"changed": false,
"ping": "pong"
}
关闭主控机器的防火墙和selinux
[root@arongya ~]# systemctl stop firewalld
[root@arongya ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@arongya ~]# setenforce 0
[root@arongya ~]# sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config
通过ansible连接到192.168.228.20配置nginx安装(本地也要安装nginx,步骤略)
环境准备
关闭防火墙和selinux
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'systemctl is-active firewalld'
192.168.228.20 | SUCCESS | rc=0 >>
active
[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld state=stopped'
192.168.228.20 | SUCCESS => {
"changed": true,
"name": "firewalld",
"state": "stopped",
"status": {
...以下内容略
[root@arongya ~]# ansible 192.168.228.20 -m service -a 'name=firewalld enabled=no'
192.168.228.20 | SUCCESS => {
"changed": true,
"enabled": false,
"name": "firewalld",
[root@arongya ~]# ansible 192.168.228.20 -a 'setenforce 0'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'sed -i "/^SELINUX/s/enforcing/disabled/g" /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
创建系统组和用户
[root@arongya ~]# ansible 192.168.228.20 -m group -a 'name=nginx system=yes state=present'
192.168.228.20 | SUCCESS => {
"changed": true,
"gid": 996,
"name": "nginx",
"state": "present",
"system": true
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/group'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:
[root@arongya ~]# ansible 192.168.228.20 -m user -a 'name=nginx group=996 uid=996 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.228.20 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 996,
"home": "/home/nginx",
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 996
}
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'grep nginx /etc/passwd'
192.168.228.20 | SUCCESS | rc=0 >>
nginx:x:996:996::/home/nginx:/sbin/nologin
安装依赖环境
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y install pcre-devel openssl openssl-devel gd-devel'
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum -y groups mark install "Development Tools" '
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'yum grouplist'
创建日志存放目录以及更改存放日志目录属组和属主
[root@arongya ~]# ansible 192.168.228.20 -a 'mkdir -p /var/log/nginx'
[WARNING]: Consider using the file module with state=directory rather than
running mkdir. If you need to use command because file is insufficient you can
add warn=False to this command task or set command_warnings=False in
ansible.cfg to get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -a 'chown -R nginx.nginx /var/log/nginx'
[WARNING]: Consider using the file module with owner rather than running
chown. If you need to use command because file is insufficient you can add
warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -a 'ls -ld /var/log/nginx'
192.168.228.20 | SUCCESS | rc=0 >>
drwxr-xr-x. 2 nginx nginx 6 Sep 10 14:53 /var/log/nginx
下载nginx
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && yum -y install wget && wget http://nginx.org/download/nginx-1.12.0.tar.gz '
编译安装
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'cd /usr/src/ && tar xf nginx-1.12.0.tar.gz -C /usr/src/'
192.168.228.20 | SUCCESS | rc=0 >>
[root@arongya ~]# ansible 192.168.228.20 -m shell -a 'ls /usr/src/ -l'
192.168.228.20 | SUCCESS | rc=0 >>
total 960
drwxr-xr-x. 2 root root 6 Nov 5 2016 debug
drwxr-xr-x. 3 root root 35 Jul 12 19:54 kernels
drwxr-xr-x. 8 1001 1001 158 Apr 12 2017 nginx-1