實驗說明:
服務角色 | IP | 系統 | 需安裝 |
---|---|---|---|
主控機 | 192.168.24.128 | centos7 | ansible |
A受控機 | 192.168.24.130 | centos7 | nginx |
B受控機 | 192.168.24.131 | centos7 | mysql |
C受控機 | 192.168.24.132 | centos7 | php-fpm |
實驗需求:
在主控機上使用自動化運維工具ansible在A受控機上安裝nginx,在B受控機上安裝mysql,在C受控機上安裝php-fpm,實現lnmp構架
實驗步驟
在主控機上安裝ansible
安裝yum源
[root@linfan ~]# cd /etc/yum.repos.d/
root@linfan yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@linfan yum.repos.d]# sed -i 's/\$releasever/7/g' 163.repo
[root@linfan yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' 163.repo
[root@linfan yum.repos.d]# yum -y install epel-release
安裝ansible
[root@linfan yum.repos.d]# yum -y install ansible ansible-doc
查看ansible的版本
[root@linfan ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
建立ssh互信
[root@linfan ~]# ssh-keygen -t rsa //生成一對公鑰一對私鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1ZqK35+ZXS+tKY5n0iiHPE+jqFurMDuMP4R8z75Ibnw root@linfan
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| . . |
| . o |
|.. S o |
|.... . . |
| +=.o o...oo ..|
|. **.E +=++o==.oo|
| .+=**+ o=+**.+o.|
+----[SHA256]-----+
[root@linfan ~]# ssh-copy-id 192.168.24.130//與A受控機互信
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.130 (192.168.24.130)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.24.130'"
and check to make sure that only the key(s) you wanted were added.
[root@linfan ~]# ssh-copy-id 192.168.24.131 //與B受控機互信
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.131 (192.168.24.131)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.24.131'"
and check to make sure that only the key(s) you wanted were added.
[root@linfan ~]# ssh-copy-id 192.168.24.132
//與C受控機互信
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.132 (192.168.24.132)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.24.132'"
and check to make sure that only the key(s) you wanted were added.
將受控主機加入ansible清單
[root@linfan ~]# vim /etc/ansible/hosts
//添加以下內容
[web] 分組爲web,方便統一管理
192.168.24.130
192.168.24.131
192.168.24.132
//爲了方便後續操作簡單化 將IP用組名代替
[A]
192.168.24.130
[B]
192.168.24.131
[C]
192.168.24.132
檢查機器節點是否連通
[root@linfan ~]# ansible web -m ping
192.168.24.132 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.24.131 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.24.130 | SUCCESS => {
"changed": false,
"ping": "pong"
}
所有服務器環境統一部署
安裝yum源
將剛創建好的163.repo模塊傳送給所有受控機
[root@linfan ~]# ansible web -m template -a 'src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo'
192.168.24.132 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.1-198245142401154/source",
"state": "file",
"uid": 0
}
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.08-3811360530584/source",
"state": "file",
"uid": 0
}
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.05-112239359043862/source",
"state": "file",
"uid": 0
}
[root@linfan ~]# ansible web -m yum -a 'name=epel-release state=present' //安裝epel-release源
關閉防火牆以及SELINX
//關閉主控機防火牆以及SELINX
[root@linfan ~]# systemctl stop firewalld
[root@linfan ~]# systemctl disable firewalld
[root@linfan ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@linfan ~]# setenforce 0
setenforce: SELinux is disabled
//關閉所有受控機防火牆以及SELINX
[root@linfan ~]# ansible web -m service -a 'name=firewalld state=stopped'
[root@linfan ~]# ansible web -m shell -a 'sed -ri "s/^(SELINUX=).*/\1disabled/g" /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.24.130 | SUCCESS | rc=0 >>
192.168.24.132 | SUCCESS | rc=0 >>
192.168.24.131 | SUCCESS | rc=0 >>
安裝nginx
安裝nginx
//在主控機上安裝nginx ,便於後續nginx配置文件模板傳送到受控主機
[root@linfan ~]# yum -y install nginx
//在A受控主機上安裝nginx
[root@linfan ~]# ansible A -m yum -a 'name=nginx state=present'
192.168.24.130 | SUCCESS => {
創建系統用戶
[root@linfan ~]# ansible A -m group -a 'name=nginx state=present'
192.168.24.130 | SUCCESS => {
"changed": false,
"gid": 995,
"name": "nginx",
"state": "present",
"system": false
}
[root@linfan ~]# ansible A -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
192.168.24.130 | SUCCESS => {
"append": false,
"changed": false,
"comment": "Nginx web server",
"group": 995,
"home": "/var/lib/nginx",
"move_home": false,
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"uid": 997
}
給予網頁根目錄權限
[root@linfan ~]# ansible A -m shell -a 'chown -R nginx.nginx /usr/share/nginx/html/'
[WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.24.130 | SUCCESS | rc=0 >>
啓動nginx
[root@linfan ~]# ansible A -m service -a 'name=nginx state=started'
192.168.24.130 | SUCCESS => {
[root@linfan ~]# ansible A -m shell -a 'ss -natl'
192.168.24.130 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
安裝mysql
創建系統用戶和組
[root@linfan ~]# ansible B -m group -a 'name=mysql state=absent'
192.168.24.131 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
[root@linfan ~]# ansible B -m user -a 'name=mysql system=yes uid=306 create_home=no shell=/sbin/nologin state=present'
192.168.24.131 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 100,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
安裝mysql
//在主控制機上安裝mysql以便於mysql配置文件以模塊模式傳輸到受控機
[root@linfan ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel //安裝依賴包
//下載二進制格式的mysql軟件包
root@linfan ~]# cd /usr/src/
[root@linfan src]# wget https://downloads.mysql.com/archives/get/file/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
//解壓軟件至/usr/local/
[root@linfan src]# ls
apr-1.6.3 apr-util-1.6.1 debug mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 kernels
[root@linfan src]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@linfan src]# ls /usr/local/
apache apr-util etc include lib64 mysql-5.7.22-linux-glibc2.12-x86_64 share
apr bin games lib libexec sbin src
//將壓縮包傳輸到B受控機上並解壓
[root@linfan src]# ansible B -m copy -a 'src=/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz dest=/usr/src/'
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "c03a71bcc83c5b338e322564826d151fd5fd1ea8",
"dest": "/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9ef7a05695f8b4ea29f8d077c3b415e2",
"mode": "0644",
"owner": "root",
"size": 643790848,
"src": "/root/.ansible/tmp/ansible-tmp-1536631037.53-191843998587658/source",
"state": "file",
"uid": 0
}
[root@linfan src]# ansible B -m shell -a 'cd /usr/src && tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
192.168.24.131 | SUCCESS | rc=0 >>
//在B受控機上安裝mysql
//安裝依賴包
[root@linfan ~]# ansible B -m yum -a 'name=ncurses-devel state=present'
[root@linfan ~]# ansible B -m yum -a 'name=openssl-devel state=present'
[root@linfan ~]# ansible B -m yum -a 'name=openssl state=present'
[root@linfan ~]# ansible B -m yum -a 'name=cmake state=present'
[root@linfan ~]# ansible B -m yum -a 'name=mariadb-devel state=present'
//創建用戶和組
[root@linfan ~]# ansible B -m group -a 'name=mysql system=yes gid=306 state=present'
192.168.24.131 | SUCCESS => {
"changed": false,
"gid": 306,
"name": "mysql",
"state": "present",
"system": true
}
[root@linfan src]# ansible B -m user -a 'name=mysql system=yes uid=306 group=306 create_home=no shell=/sbin/nologin state=present'
192.168.24.131 | SUCCESS => {
"append": false,
"changed": false,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 306
}
//將剛剛解壓的文件進行軟連接
[root@linfan ~]# ansible B -m shell -a 'cd /usr/local && ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql'
192.168.24.131 | SUCCESS | rc=0 >>
‘mysql’ -> ‘mysql-5.7.22-linux-glibc2.12-x86_64/’
//修改目錄/usr/locaal/mysql的屬主屬組
[root@linfan ~]# ansible B -m shell -a 'chown -R mysql.mysql /usr/local/mysql'
[WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.24.131 | SUCCESS | rc=0 >>
//添加環境變量
[root@linfan ~]# ansible B -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible B -m shell -a 'source /etc/profile.d/mysql.sh'
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible B -m shell -a 'echo $PATH'
192.168.24.131 | SUCCESS | rc=0 >>
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
//建立數據存放目錄
[root@linfan ~]# ansible B -m shell -a 'mkdir /opt/data'
[WARNING]: Consider using the file module with state=directory rather than running mkdir. If you need to use command
because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible B -m shell -a ' chown -R mysql.mysql /opt/data/'
[WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.24.131 | SUCCESS | rc=0 >>
//初始化數據庫
[root@linfan ~]# ansible B -m shell -a 'cd /usr/local/mysql/bin/ && mysqld --initialize --user=mysql --datadir=/opt/data/'
192.168.24.131 | SUCCESS | rc=0 >>
2018-09-11T02:13:56.009758Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-09-11T02:13:56.214610Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-09-11T02:13:56.256571Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-09-11T02:13:56.338850Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5644fdde-b568-11e8-8524-000c29b6713b.
2018-09-11T02:13:56.340672Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2018-09-11T02:13:56.341847Z 1 [Note] A temporary password is generated for root@localhost: %+lyG?lVa8fn
//最後會生成一個臨時密碼,要記住
//配置mysql
[root@linfan ~]# ansible B -m shell -a 'ln -sv /usr/local/mysql/include/ /usr/local/include/mysql'
[WARNING]: Consider using the file module with state=link rather than running ln. If you need to use command because
file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid
of this message.
192.168.24.131 | SUCCESS | rc=0 >>
‘/usr/local/include/mysql’ -> ‘/usr/local/mysql/include/’
[root@linfan ~]# ansible B -m shell -a 'echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf'
192.168.24.131 | SUCCESS | rc=0 >>
//編輯主控機配置文件
[root@linfan ~]# cat > /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//將配置文件的模塊傳送到B受控機中
[root@linfan ~]# ansible B -m template -a 'src=/etc/my.cnf dest=/etc/my.cnf'
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "a17bddfa7c1b91f52710851a083cdda7437f8e61",
"dest": "/etc/my.cnf",
"gid": 0,
"group": "root",
"md5sum": "e3fb34377666720e10989c97ef42c5d9",
"mode": "0644",
"owner": "root",
"size": 155,
"src": "/root/.ansible/tmp/ansible-tmp-1536574676.28-205852628899885/source",
"state": "file",
"uid": 0
}
//配置服務啓動腳本
[root@linfan ~]# ansible B -m shell -a ' cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible B -m shell -a 'sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /etc/init.d/mysqld'
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible B -m shell -a 'sed -ri "s#^(datadir=).*#\1/opt/data#g" /etc/init.d/mysqld '
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
//啓動mysql
[root@linfan ~]# ansible B -m shell -a 'service mysqld start'
[WARNING]: Consider using the service module rather than running service. If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.
192.168.24.131 | SUCCESS | rc=0 >>
Starting MySQL. SUCCESS! Logging to '/opt/data/linfan.err'.
[root@linfan ~]# ansible B -m shell -a 'ss -natl'
192.168.24.131 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 80 :::3306 :::*
安裝php
//安裝php
//在主控機上安裝
//安裝依賴包
[root@linfan ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel
//下載php
root@linfan ~]# cd /usr/src/
[root@linfan src]# wget http://cn.php.net/distributions/php-7.2.8.tar.xz
//編譯安裝
[root@linfan ~]#ls
[root@linfan ~]#tar xf php-7.2.8.tar.xz
[root@linfan ~]#cd php-7.2.8
[root@linfan php-7.2.8]# ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip
[root@linfan php-7.2.8]# make -j $(cat /proc/cpuinfo |grep processor|wc -l)
[root@linfan php-7.2.8]# make install
//安裝後配置
[root@linfan ~]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
[root@linfan ~]# source /etc/profile.d/php7.sh
[root@linfan ~]# which php
/usr/local/php7/bin/php
[root@linfan ~]# php -v
PHP 7.2.8 (cli) (built: Aug 17 2018 16:27:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
//配置php-fpm
[root@linfan php-7.2.8]# cp php.ini-production /etc/php.ini
[root@linfan php-7.2.8]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@linfan php-7.2.8]# chmod +x /etc/rc.d/init.d/php-fpm
[root@linfan php-7.2.8]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[root@linfan php-7.2.8]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
//編輯php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf)
配置fpm的相關選項爲你所需要的值:
[root@linfan ~]# vi /usr/local/php7/etc/php-fpm.conf
...
...
pm.max_children = 50 //最多同時50個進程提供50個併發服務
pm.start_servers = 5 //啓動時啓動5個進程
pm.min_spare_servers = 2 //最小空閒進程數
pm.max_spare_servers = 8 //最大空閒進程數
[root@linfan ~]# tail /usr/local/php7/etc/php-fpm.conf
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it's been set (-p argument)
; - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8
//編輯/usr/local/php7/etc/php-fpm.d/www.conf
將listen = 127.0.0.1:9000改爲listen = 192.168.24.132:9000(安裝PHP受控主機的IP)
//將此行註釋或刪除
listen.allowed_clients = 127.0.0.1
//在C受控機上安裝php
//安裝依賴包
[root@linfan ~]# ansible C -m shell -a 'yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel '
//將主控機上的php包傳送到C受控機上解壓並安裝
[root@linfan ~]# ansible C -m copy -a 'src=/usr/src/php-7.2.8.tar.xz dest=/usr/src/'
192.168.24.132 | SUCCESS => {
"changed": true,
"checksum": "eb9afb42a1aaacdb22d7221416da4b524709c9ba",
"dest": "/usr/src/php-7.2.8.tar.xz",
"gid": 0,
"group": "root",
"md5sum": "ebf0d05fe3bf5b72f5d09c1174934b91",
"mode": "0644",
"owner": "root",
"size": 12153548,
"src": "/root/.ansible/tmp/ansible-tmp-1536653660.47-196576529236120/source",
"state": "file",
"uid": 0
}
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/ && tar xf php-7.2.8.tar.xz'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip '
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && make -j $(cat /proc/cpuinfo |grep processor|wc -l)'
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && make install '
//安裝後配置
[root@linfan ~]# ansible C -m shell -a 'echo "export PATH=/usr/local/php7/bin:$PATH" > /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'source /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>
//配置php-fpm
[root@linfan ~]# ansible C -m shell -a 'source /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && cp php.ini-production /etc/php.ini'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && chmod +x /etc/rc.d/init.d/php-fpm'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf'
192.168.24.132 | SUCCESS | rc=0 >>
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf '
192.168.24.132 | SUCCESS | rc=0 >>
//將主控機修改後的配置文件發送到C受控機上
[root@linfan ~]# ansible C -m template -a 'src=/usr/local/php7/etc/php-fpm.conf dest=/usr/local/php7/etc/php-fpm.conf'
[root@linfan ~]# ansible C -m template -a 'src=/usr/local/php7/etc/php-fpm.d/www.conf dest=/usr/local/php7/etc/php-fpm.d/www.conf '
//啓動php
[root@linfan ~]# ansible C -m shell -a 'service php-fpm start'
[WARNING]: Consider using the service module rather than running service. If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.
192.168.24.132 | SUCCESS | rc=0 >>
Starting php-fpm done
[root@linfan ~]# ansible C -m shell -a 'ss -natl'
192.168.24.132 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
編輯nginx配置文件
在主控機上編輯nginx配置文件
vim /etc/nginx/nginx.conf
//編輯以下內容
upstream php {
server 192.168.24.132:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# location ~ \.php$ {
# proxy_pass http://php;
# }
location ~ \.php$ {
proxy_pass http://php;
root /usr/share/nginx/html;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/scripts$fastcgi_script_name;
include fastcgi_params;
}
將修改後的文件傳輸到A主控機上
[root@linfan ~]# ansible A -m template -a 'src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf'
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "67b4dee474e0107264f56154aff59cd733cdb560",
"dest": "/etc/nginx/nginx.conf",
"gid": 0,
"group": "root",
"md5sum": "422e017798f0d2554e1f53412d253554",
"mode": "0644",
"owner": "root",
"size": 2907,
"src": "/root/.ansible/tmp/ansible-tmp-1536657003.52-201945158508709/source",
"state": "file",
"uid": 0
}
生成php測試頁面
[root@linfan ~]# cd /usr/share/nginx/html
[root@linfan html]# cat > index.php << EOF
> <?php
> phpinfo();
> ?>
> EOF
[root@linfan ~]# ansible A -m template -a 'src=/usr/share/nginx/html/index.php dest=/usr/share/nginx/html/'
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "26af88945e23289d15e128606a29932b3d78787c",
"dest": "/usr/share/nginx/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "62210a938d0199092c2d3976a45bf86d",
"mode": "0644",
"owner": "root",
"size": 22,
"src": "/root/.ansible/tmp/ansible-tmp-1536657526.48-71308328197734/source",
"state": "file",
"uid": 0
}
驗證: