基於ansible自動化部署nginx+mysl+php分離來實現lnmp

原創 上古傑作 2018-09-13 02:29

實驗說明:

服務角色 IP 系統 需安裝
主控機 192.168.24.128 centos7 ansible
A受控機 192.168.24.130 centos7 nginx
B受控機 192.168.24.131 centos7 mysql
C受控機 192.168.24.132 centos7 php-fpm

實驗需求:

在主控機上使用自動化運維工具ansible在A受控機上安裝nginx,在B受控機上安裝mysql,在C受控機上安裝php-fpm,實現lnmp構架

實驗步驟

在主控機上安裝ansible

安裝yum源

[root@linfan ~]# cd /etc/yum.repos.d/ 
root@linfan yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@linfan yum.repos.d]# sed -i 's/\$releasever/7/g' 163.repo
[root@linfan yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' 163.repo
[root@linfan yum.repos.d]#  yum -y install epel-release

安裝ansible

[root@linfan yum.repos.d]# yum -y install ansible ansible-doc

查看ansible的版本

[root@linfan ~]# ansible --version
ansible 2.6.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

建立ssh互信

[root@linfan ~]# ssh-keygen -t rsa //生成一對公鑰一對私鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1ZqK35+ZXS+tKY5n0iiHPE+jqFurMDuMP4R8z75Ibnw root@linfan
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          . .    |
|         . o     |
|..      S o      |
|....   . .       |
| +=.o o...oo   ..|
|. **.E +=++o==.oo|
| .+=**+ o=+**.+o.|
+----[SHA256]-----+
[root@linfan ~]# ssh-copy-id 192.168.24.130//與A受控機互信
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.130 (192.168.24.130)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.24.130'"
and check to make sure that only the key(s) you wanted were added.

[root@linfan ~]# ssh-copy-id 192.168.24.131 //與B受控機互信

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.131 (192.168.24.131)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.24.131'"
and check to make sure that only the key(s) you wanted were added.

[root@linfan ~]# ssh-copy-id 192.168.24.132
//與C受控機互信

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.24.132 (192.168.24.132)' can't be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.24.132'"
and check to make sure that only the key(s) you wanted were added.

將受控主機加入ansible清單

[root@linfan ~]# vim /etc/ansible/hosts
//添加以下內容
[web] 分組爲web,方便統一管理
192.168.24.130
192.168.24.131
192.168.24.132
//爲了方便後續操作簡單化 將IP用組名代替
[A] 
192.168.24.130

[B]
192.168.24.131

[C]
192.168.24.132

檢查機器節點是否連通

[root@linfan ~]# ansible web -m ping
192.168.24.132 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.24.131 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.24.130 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

所有服務器環境統一部署

安裝yum源

將剛創建好的163.repo模塊傳送給所有受控機

[root@linfan ~]# ansible web -m template -a 'src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo'
192.168.24.132 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.1-198245142401154/source",
    "state": "file",
    "uid": 0
}
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.08-3811360530584/source",
    "state": "file",
    "uid": 0
}
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.05-112239359043862/source",
    "state": "file",
    "uid": 0
}
[root@linfan ~]# ansible web -m yum -a 'name=epel-release  state=present' //安裝epel-release源

關閉防火牆以及SELINX

//關閉主控機防火牆以及SELINX
[root@linfan ~]# systemctl stop firewalld
[root@linfan ~]#  systemctl disable firewalld
[root@linfan ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config
[root@linfan ~]# setenforce 0
setenforce: SELinux is disabled

//關閉所有受控機防火牆以及SELINX
[root@linfan ~]# ansible web -m service -a 'name=firewalld state=stopped'
[root@linfan ~]# ansible web -m shell -a 'sed -ri "s/^(SELINUX=).*/\1disabled/g" /etc/selinux/config'
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.130 | SUCCESS | rc=0 >>

192.168.24.132 | SUCCESS | rc=0 >>

192.168.24.131 | SUCCESS | rc=0 >>

安裝nginx

安裝nginx

//在主控機上安裝nginx ,便於後續nginx配置文件模板傳送到受控主機
[root@linfan ~]# yum -y install nginx 
//在A受控主機上安裝nginx
[root@linfan ~]# ansible A -m yum -a 'name=nginx state=present'
192.168.24.130 | SUCCESS => {

創建系統用戶

[root@linfan ~]# ansible A -m group -a 'name=nginx state=present'
192.168.24.130 | SUCCESS => {
    "changed": false,
    "gid": 995,
    "name": "nginx",
    "state": "present",
    "system": false
}
[root@linfan ~]# ansible A -m user -a 'name=nginx system=yes create_home=no shell=/sbin/nologin state=present'
192.168.24.130 | SUCCESS => {
    "append": false,
    "changed": false,
    "comment": "Nginx web server",
    "group": 995,
    "home": "/var/lib/nginx",
    "move_home": false,
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 997
}

給予網頁根目錄權限

[root@linfan ~]# ansible A -m shell -a 'chown -R nginx.nginx /usr/share/nginx/html/'
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.130 | SUCCESS | rc=0 >>

啓動nginx

[root@linfan ~]# ansible A -m service -a 'name=nginx state=started'
192.168.24.130 | SUCCESS => { 

[root@linfan ~]# ansible A -m shell -a 'ss -natl'
192.168.24.130 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:80                       *:*
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128         :::80                      :::*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*

安裝mysql

創建系統用戶和組

[root@linfan ~]# ansible B -m group -a 'name=mysql state=absent'
192.168.24.131 | SUCCESS => {
    "changed": true,
    "name": "mysql",
    "state": "absent"
} 
[root@linfan ~]# ansible B -m user -a 'name=mysql system=yes uid=306  create_home=no shell=/sbin/nologin state=present'
192.168.24.131 | SUCCESS => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 100,
    "home": "/home/mysql",
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 306
}

安裝mysql

//在主控制機上安裝mysql以便於mysql配置文件以模塊模式傳輸到受控機
[root@linfan ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel             //安裝依賴包

//下載二進制格式的mysql軟件包
root@linfan ~]# cd /usr/src/
[root@linfan src]# wget https://downloads.mysql.com/archives/get/file/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz  

//解壓軟件至/usr/local/
[root@linfan src]# ls
apr-1.6.3          apr-util-1.6.1          debug    mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
apr-1.6.3.tar.bz2  apr-util-1.6.1.tar.bz2  kernels
[root@linfan src]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@linfan src]# ls  /usr/local/
apache  apr-util  etc    include  lib64    mysql-5.7.22-linux-glibc2.12-x86_64  share
apr     bin       games  lib      libexec  sbin                                 src

//將壓縮包傳輸到B受控機上並解壓

[root@linfan src]# ansible B -m copy -a 'src=/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz dest=/usr/src/'
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "c03a71bcc83c5b338e322564826d151fd5fd1ea8",
    "dest": "/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz",
    "gid": 0,
    "group": "root",
    "md5sum": "9ef7a05695f8b4ea29f8d077c3b415e2",
    "mode": "0644",
    "owner": "root",
    "size": 643790848,
    "src": "/root/.ansible/tmp/ansible-tmp-1536631037.53-191843998587658/source",
    "state": "file",
    "uid": 0
}
[root@linfan src]# ansible B -m shell  -a 'cd /usr/src && tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/'
192.168.24.131 | SUCCESS | rc=0 >>

//在B受控機上安裝mysql
//安裝依賴包
[root@linfan ~]# ansible B -m yum -a 'name=ncurses-devel state=present'
[root@linfan ~]# ansible B -m yum -a 'name=openssl-devel  state=present'
[root@linfan ~]# ansible B -m yum -a 'name=openssl  state=present'
[root@linfan ~]# ansible B -m yum -a 'name=cmake  state=present'
[root@linfan ~]# ansible B -m yum -a 'name=mariadb-devel  state=present'  

//創建用戶和組
[root@linfan ~]#  ansible B -m group -a 'name=mysql system=yes gid=306 state=present'
192.168.24.131 | SUCCESS => {
    "changed": false,
    "gid": 306,
    "name": "mysql",
    "state": "present",
    "system": true
}
[root@linfan src]# ansible B -m user -a 'name=mysql system=yes uid=306 group=306 create_home=no shell=/sbin/nologin state=present'
192.168.24.131 | SUCCESS => {
    "append": false,
    "changed": false,
    "comment": "",
    "group": 306,
    "home": "/home/mysql",
    "move_home": false,
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 306
}
//將剛剛解壓的文件進行軟連接
[root@linfan ~]# ansible B -m shell -a 'cd /usr/local && ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql'
192.168.24.131 | SUCCESS | rc=0 >>
‘mysql’ -> ‘mysql-5.7.22-linux-glibc2.12-x86_64/’

//修改目錄/usr/locaal/mysql的屬主屬組
[root@linfan ~]# ansible B -m shell -a 'chown -R mysql.mysql /usr/local/mysql'
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.131 | SUCCESS | rc=0 >>

//添加環境變量
[root@linfan ~]# ansible B -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'
192.168.24.131 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible B -m shell -a  'source /etc/profile.d/mysql.sh'
192.168.24.131 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible B -m shell -a  'echo $PATH'
192.168.24.131 | SUCCESS | rc=0 >>
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

//建立數據存放目錄
[root@linfan ~]# ansible B -m shell -a  'mkdir /opt/data'
 [WARNING]: Consider using the file module with state=directory rather than running mkdir.  If you need to use command
because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible B -m shell -a  ' chown -R mysql.mysql /opt/data/'
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.131 | SUCCESS | rc=0 >>
//初始化數據庫
[root@linfan ~]#  ansible B -m shell -a  'cd /usr/local/mysql/bin/ && mysqld --initialize --user=mysql --datadir=/opt/data/'
192.168.24.131 | SUCCESS | rc=0 >>
2018-09-11T02:13:56.009758Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-09-11T02:13:56.214610Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-09-11T02:13:56.256571Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-09-11T02:13:56.338850Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5644fdde-b568-11e8-8524-000c29b6713b.
2018-09-11T02:13:56.340672Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2018-09-11T02:13:56.341847Z 1 [Note] A temporary password is generated for root@localhost: %+lyG?lVa8fn
//最後會生成一個臨時密碼,要記住

//配置mysql
[root@linfan ~]# ansible B -m shell -a 'ln -sv /usr/local/mysql/include/ /usr/local/include/mysql'
 [WARNING]: Consider using the file module with state=link rather than running ln.  If you need to use command because
file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid
of this message.

192.168.24.131 | SUCCESS | rc=0 >>
‘/usr/local/include/mysql’ -> ‘/usr/local/mysql/include/’

[root@linfan ~]# ansible B -m shell -a 'echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf'
192.168.24.131 | SUCCESS | rc=0 >>
//編輯主控機配置文件
[root@linfan ~]# cat > /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//將配置文件的模塊傳送到B受控機中
[root@linfan ~]# ansible B -m template -a 'src=/etc/my.cnf dest=/etc/my.cnf'
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "a17bddfa7c1b91f52710851a083cdda7437f8e61",
    "dest": "/etc/my.cnf",
    "gid": 0,
    "group": "root",
    "md5sum": "e3fb34377666720e10989c97ef42c5d9",
    "mode": "0644",
    "owner": "root",
    "size": 155,
    "src": "/root/.ansible/tmp/ansible-tmp-1536574676.28-205852628899885/source",
    "state": "file",
    "uid": 0
}
//配置服務啓動腳本
[root@linfan ~]# ansible  B -m shell -a ' cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'
192.168.24.131 | SUCCESS | rc=0 >>
[root@linfan ~]#  ansible  B -m shell -a  'sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /etc/init.d/mysqld'
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

[root@linfan ~]#  ansible  B -m shell -a  'sed -ri "s#^(datadir=).*#\1/opt/data#g" /etc/init.d/mysqld '
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

//啓動mysql

[root@linfan ~]# ansible B -m shell -a 'service mysqld start'
 [WARNING]: Consider using the service module rather than running service.  If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.

192.168.24.131 | SUCCESS | rc=0 >>
Starting MySQL. SUCCESS! Logging to '/opt/data/linfan.err'.

[root@linfan ~]#  ansible B -m shell -a 'ss -natl'
192.168.24.131 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*
LISTEN     0      80          :::3306                    :::*

安裝php

    //安裝php
  //在主控機上安裝
  //安裝依賴包
  [root@linfan ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel   
//下載php
 root@linfan ~]# cd /usr/src/
[root@linfan src]# wget http://cn.php.net/distributions/php-7.2.8.tar.xz
//編譯安裝

[root@linfan ~]#ls
[root@linfan ~]#tar xf php-7.2.8.tar.xz
[root@linfan ~]#cd php-7.2.8 
 [root@linfan php-7.2.8]# ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip    
 [root@linfan php-7.2.8]# make -j $(cat /proc/cpuinfo |grep processor|wc -l)
[root@linfan php-7.2.8]# make install  
//安裝後配置
[root@linfan ~]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
[root@linfan ~]# source /etc/profile.d/php7.sh
[root@linfan ~]# which php
/usr/local/php7/bin/php
[root@linfan ~]# php -v
PHP 7.2.8 (cli) (built: Aug 17 2018 16:27:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
//配置php-fpm
[root@linfan php-7.2.8]# cp php.ini-production /etc/php.ini
[root@linfan php-7.2.8]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@linfan php-7.2.8]# chmod +x /etc/rc.d/init.d/php-fpm
[root@linfan php-7.2.8]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[root@linfan php-7.2.8]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf  

//編輯php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf)
配置fpm的相關選項爲你所需要的值:
[root@linfan ~]# vi /usr/local/php7/etc/php-fpm.conf
...
...
pm.max_children = 50 //最多同時50個進程提供50個併發服務
pm.start_servers = 5 //啓動時啓動5個進程
pm.min_spare_servers = 2 //最小空閒進程數
pm.max_spare_servers = 8  //最大空閒進程數
[root@linfan ~]# tail /usr/local/php7/etc/php-fpm.conf
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
;  - the global prefix if it's been set (-p argument)
;  - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8

//編輯/usr/local/php7/etc/php-fpm.d/www.conf 
將listen = 127.0.0.1:9000改爲listen = 192.168.24.132:9000(安裝PHP受控主機的IP)

//將此行註釋或刪除
listen.allowed_clients = 127.0.0.1  

    //在C受控機上安裝php
   //安裝依賴包
   [root@linfan ~]# ansible C -m shell -a 'yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel ' 
   //將主控機上的php包傳送到C受控機上解壓並安裝
   [root@linfan ~]# ansible C -m copy -a 'src=/usr/src/php-7.2.8.tar.xz dest=/usr/src/'
192.168.24.132 | SUCCESS => {
    "changed": true,
    "checksum": "eb9afb42a1aaacdb22d7221416da4b524709c9ba",
    "dest": "/usr/src/php-7.2.8.tar.xz",
    "gid": 0,
    "group": "root",
    "md5sum": "ebf0d05fe3bf5b72f5d09c1174934b91",
    "mode": "0644",
    "owner": "root",
    "size": 12153548,
    "src": "/root/.ansible/tmp/ansible-tmp-1536653660.47-196576529236120/source",
    "state": "file",
    "uid": 0
}

[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/ && tar xf php-7.2.8.tar.xz'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 &&  ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip  '
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && make -j $(cat /proc/cpuinfo |grep processor|wc -l)' 
[root@linfan ~]# ansible C -m shell -a 'cd /usr/src/php-7.2.8 && make install  '   

//安裝後配置

[root@linfan ~]# ansible C -m shell -a 'echo "export PATH=/usr/local/php7/bin:$PATH" > /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m shell -a 'source /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>

//配置php-fpm
[root@linfan ~]# ansible C -m shell -a 'source /etc/profile.d/php7.sh'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m  shell -a 'cd /usr/src/php-7.2.8 && cp php.ini-production /etc/php.ini'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m  shell -a 'cd /usr/src/php-7.2.8 && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m  shell -a 'cd /usr/src/php-7.2.8 && chmod +x /etc/rc.d/init.d/php-fpm'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m  shell -a 'cd /usr/src/php-7.2.8 &&  cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf'
192.168.24.132 | SUCCESS | rc=0 >>

[root@linfan ~]# ansible C -m  shell -a 'cd /usr/src/php-7.2.8 &&   cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf  '
192.168.24.132 | SUCCESS | rc=0 >>
//將主控機修改後的配置文件發送到C受控機上
[root@linfan ~]# ansible C -m template -a 'src=/usr/local/php7/etc/php-fpm.conf dest=/usr/local/php7/etc/php-fpm.conf'

[root@linfan ~]#  ansible C -m template -a 'src=/usr/local/php7/etc/php-fpm.d/www.conf  dest=/usr/local/php7/etc/php-fpm.d/www.conf '

//啓動php
[root@linfan ~]# ansible C -m shell -a 'service php-fpm start'
 [WARNING]: Consider using the service module rather than running service.  If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.

192.168.24.132 | SUCCESS | rc=0 >>
Starting php-fpm  done

[root@linfan ~]# ansible C -m shell -a 'ss -natl'
192.168.24.132 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128    127.0.0.1:9000                     *:*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*

編輯nginx配置文件

在主控機上編輯nginx配置文件

 vim /etc/nginx/nginx.conf
//編輯以下內容
 upstream php {
            server 192.168.24.132:9000;
         }
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        # location ~ \.php$ {
         #   proxy_pass   http://php;
        # }

         location ~ \.php$ {
             proxy_pass   http://php;
             root           /usr/share/nginx/html;
             fastcgi_pass   php;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root/scripts$fastcgi_script_name;
             include        fastcgi_params;
        }

將修改後的文件傳輸到A主控機上

[root@linfan ~]# ansible A -m template -a 'src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf'
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "67b4dee474e0107264f56154aff59cd733cdb560",
    "dest": "/etc/nginx/nginx.conf",
    "gid": 0,
    "group": "root",
    "md5sum": "422e017798f0d2554e1f53412d253554",
    "mode": "0644",
    "owner": "root",
    "size": 2907,
    "src": "/root/.ansible/tmp/ansible-tmp-1536657003.52-201945158508709/source",
    "state": "file",
    "uid": 0
}

生成php測試頁面

[root@linfan ~]# cd /usr/share/nginx/html
[root@linfan html]# cat > index.php << EOF
> <?php
>   phpinfo();
> ?>
> EOF   

[root@linfan ~]# ansible A -m template -a 'src=/usr/share/nginx/html/index.php dest=/usr/share/nginx/html/'
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "26af88945e23289d15e128606a29932b3d78787c",
    "dest": "/usr/share/nginx/html/index.php",
    "gid": 0,
    "group": "root",
    "md5sum": "62210a938d0199092c2d3976a45bf86d",
    "mode": "0644",
    "owner": "root",
    "size": 22,
    "src": "/root/.ansible/tmp/ansible-tmp-1536657526.48-71308328197734/source",
    "state": "file",
    "uid": 0
}

驗證:

基於ansible自動化部署nginx+mysl+php分離來實現lnmp

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

ansible

Vincent一馬 2019-02-23 00:34:23

LAMP環境搭建

圓圓喜團圓 2019-02-23 00:24:42

ansible簡單使用

cppking 2019-02-23 00:10:31

ansible 清單文件定義方法

redhat180402 2019-02-23 00:06:17

Ansible11:變量詳解

20406 2019-02-23 00:03:35

Ansible10:Playbook的角色與包含

20406 2019-02-23 00:03:31

Ansible4:Ad-hoc與命令執行模塊

20406 2019-02-23 00:03:31

Ansible7:Playbook常用模塊

20406 2019-02-23 00:03:30

Ansible3:ansible.cfg配置說明

20406 2019-02-23 00:03:30

Ansible5:常用模塊

20406 2019-02-23 00:03:29

Ansible8:Playbook循環

20406 2019-02-23 00:03:29

Ansible6:Playbook簡單使用

20406 2019-02-23 00:03:29

Ansible9:條件語句

20406 2019-02-23 00:03:28

Ansible2:主機清單

20406 2019-02-23 00:03:28

Ansible1:簡介與基本安裝

20406 2019-02-23 00:03:28