基于ansible自动化部署nginx+mysl+php分离来实现lnmp

实验说明:

服务角色 IP 系统 需安装
主控机 192.168.24.128 centos7 ansible
A受控机 192.168.24.130 centos7 nginx
B受控机 192.168.24.131 centos7 mysql
C受控机 192.168.24.132 centos7 php-fpm

实验需求:

在主控机上使用自动化运维工具ansible在A受控机上安装nginx,在B受控机上安装mysql,在C受控机上安装php-fpm,实现lnmp构架

实验步骤

在主控机上安装ansible

安装yum源

[[email protected] ~]# cd /etc/yum.repos.d/
[email protected] yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ 163.repo
[[email protected] yum.repos.d]# sed -i ‘s/^enabled=.*/enabled=1/g‘ 163.repo
[[email protected] yum.repos.d]#  yum -y install epel-release

安装ansible

[[email protected] yum.repos.d]# yum -y install ansible ansible-doc

查看ansible的版本

[[email protected] ~]# ansible --version
ansible 2.6.3
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘]
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

建立ssh互信

[[email protected] ~]# ssh-keygen -t rsa //生成一对公钥一对私钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1ZqK35+ZXS+tKY5n0iiHPE+jqFurMDuMP4R8z75Ibnw [email protected]
The key‘s randomart image is:
+---[RSA 2048]----+
|                 |
|           .     |
|          . .    |
|         . o     |
|..      S o      |
|....   . .       |
| +=.o o...oo   ..|
|. **.E +=++o==.oo|
| .+=**+ o=+**.+o.|
+----[SHA256]-----+
[[email protected] ~]# ssh-copy-id 192.168.24.130//与A受控机互信
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.24.130 (192.168.24.130)‘ can‘t be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘192.168.24.130‘"
and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]# ssh-copy-id 192.168.24.131 //与B受控机互信

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.24.131 (192.168.24.131)‘ can‘t be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘192.168.24.131‘"
and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]# ssh-copy-id 192.168.24.132
//与C受控机互信

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.24.132 (192.168.24.132)‘ can‘t be established.
ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0.
ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘192.168.24.132‘"
and check to make sure that only the key(s) you wanted were added.

将受控主机加入ansible清单

[[email protected] ~]# vim /etc/ansible/hosts
//添加以下内容
[web] 分组为web,方便统一管理
192.168.24.130
192.168.24.131
192.168.24.132
//为了方便后续操作简单化 将IP用组名代替
[A]
192.168.24.130

[B]
192.168.24.131

[C]
192.168.24.132

检查机器节点是否连通

[[email protected] ~]# ansible web -m ping
192.168.24.132 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.24.131 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
192.168.24.130 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

所有服务器环境统一部署

安装yum源

将刚创建好的163.repo模块传送给所有受控机

[[email protected] ~]# ansible web -m template -a ‘src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo‘
192.168.24.132 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.1-198245142401154/source",
    "state": "file",
    "uid": 0
}
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.08-3811360530584/source",
    "state": "file",
    "uid": 0
}
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
    "dest": "/etc/yum.repos.d/163.repo",
    "gid": 0,
    "group": "root",
    "md5sum": "5a3e688854d9ceccf327b953dab55b21",
    "mode": "0644",
    "owner": "root",
    "size": 1462,
    "src": "/root/.ansible/tmp/ansible-tmp-1536562774.05-112239359043862/source",
    "state": "file",
    "uid": 0
}
[[email protected] ~]# ansible web -m yum -a ‘name=epel-release  state=present‘ //安装epel-release源

关闭防火墙以及SELINX

//关闭主控机防火墙以及SELINX
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]#  systemctl disable firewalld
[[email protected] ~]# sed -ri ‘s/^(SELINUX=).*/\1disabled/g‘ /etc/selinux/config
[[email protected] ~]# setenforce 0
setenforce: SELinux is disabled

//关闭所有受控机防火墙以及SELINX
[[email protected] ~]# ansible web -m service -a ‘name=firewalld state=stopped‘
[[email protected] ~]# ansible web -m shell -a ‘sed -ri "s/^(SELINUX=).*/\1disabled/g" /etc/selinux/config‘
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.130 | SUCCESS | rc=0 >>

192.168.24.132 | SUCCESS | rc=0 >>

192.168.24.131 | SUCCESS | rc=0 >>

安装nginx

安装nginx

//在主控机上安装nginx ,便于后续nginx配置文件模板传送到受控主机
[[email protected] ~]# yum -y install nginx
//在A受控主机上安装nginx
[[email protected] ~]# ansible A -m yum -a ‘name=nginx state=present‘
192.168.24.130 | SUCCESS => {

创建系统用户

[[email protected] ~]# ansible A -m group -a ‘name=nginx state=present‘
192.168.24.130 | SUCCESS => {
    "changed": false,
    "gid": 995,
    "name": "nginx",
    "state": "present",
    "system": false
}
[[email protected] ~]# ansible A -m user -a ‘name=nginx system=yes create_home=no shell=/sbin/nologin state=present‘
192.168.24.130 | SUCCESS => {
    "append": false,
    "changed": false,
    "comment": "Nginx web server",
    "group": 995,
    "home": "/var/lib/nginx",
    "move_home": false,
    "name": "nginx",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 997
}

给予网页根目录权限

[[email protected] ~]# ansible A -m shell -a ‘chown -R nginx.nginx /usr/share/nginx/html/‘
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.130 | SUCCESS | rc=0 >>

启动nginx

[[email protected] ~]# ansible A -m service -a ‘name=nginx state=started‘
192.168.24.130 | SUCCESS => { 

[[email protected] ~]# ansible A -m shell -a ‘ss -natl‘
192.168.24.130 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:80                       *:*
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128         :::80                      :::*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*

安装mysql

创建系统用户和组

[[email protected] ~]# ansible B -m group -a ‘name=mysql state=absent‘
192.168.24.131 | SUCCESS => {
    "changed": true,
    "name": "mysql",
    "state": "absent"
}
[[email protected] ~]# ansible B -m user -a ‘name=mysql system=yes uid=306  create_home=no shell=/sbin/nologin state=present‘
192.168.24.131 | SUCCESS => {
    "changed": true,
    "comment": "",
    "create_home": false,
    "group": 100,
    "home": "/home/mysql",
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "system": true,
    "uid": 306
}

安装mysql

//在主控制机上安装mysql以便于mysql配置文件以模块模式传输到受控机
[[email protected] ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel             //安装依赖包

//下载二进制格式的mysql软件包
[email protected] ~]# cd /usr/src/
[[email protected] src]# wget https://downloads.mysql.com/archives/get/file/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz  

//解压软件至/usr/local/
[[email protected] src]# ls
apr-1.6.3          apr-util-1.6.1          debug    mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
apr-1.6.3.tar.bz2  apr-util-1.6.1.tar.bz2  kernels
[[email protected] src]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[[email protected] src]# ls  /usr/local/
apache  apr-util  etc    include  lib64    mysql-5.7.22-linux-glibc2.12-x86_64  share
apr     bin       games  lib      libexec  sbin                                 src

//将压缩包传输到B受控机上并解压

[[email protected] src]# ansible B -m copy -a ‘src=/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz dest=/usr/src/‘
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "c03a71bcc83c5b338e322564826d151fd5fd1ea8",
    "dest": "/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz",
    "gid": 0,
    "group": "root",
    "md5sum": "9ef7a05695f8b4ea29f8d077c3b415e2",
    "mode": "0644",
    "owner": "root",
    "size": 643790848,
    "src": "/root/.ansible/tmp/ansible-tmp-1536631037.53-191843998587658/source",
    "state": "file",
    "uid": 0
}
[[email protected] src]# ansible B -m shell  -a ‘cd /usr/src && tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/‘
192.168.24.131 | SUCCESS | rc=0 >>

//在B受控机上安装mysql
//安装依赖包
[[email protected] ~]# ansible B -m yum -a ‘name=ncurses-devel state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=openssl-devel  state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=openssl  state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=cmake  state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=mariadb-devel  state=present‘  

//创建用户和组
[[email protected] ~]#  ansible B -m group -a ‘name=mysql system=yes gid=306 state=present‘
192.168.24.131 | SUCCESS => {
    "changed": false,
    "gid": 306,
    "name": "mysql",
    "state": "present",
    "system": true
}
[[email protected] src]# ansible B -m user -a ‘name=mysql system=yes uid=306 group=306 create_home=no shell=/sbin/nologin state=present‘
192.168.24.131 | SUCCESS => {
    "append": false,
    "changed": false,
    "comment": "",
    "group": 306,
    "home": "/home/mysql",
    "move_home": false,
    "name": "mysql",
    "shell": "/sbin/nologin",
    "state": "present",
    "uid": 306
}
//将刚刚解压的文件进行软连接
[[email protected] ~]# ansible B -m shell -a ‘cd /usr/local && ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql‘
192.168.24.131 | SUCCESS | rc=0 >>
‘mysql’ -> ‘mysql-5.7.22-linux-glibc2.12-x86_64/’

//修改目录/usr/locaal/mysql的属主属组
[[email protected] ~]# ansible B -m shell -a ‘chown -R mysql.mysql /usr/local/mysql‘
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.131 | SUCCESS | rc=0 >>

//添加环境变量
[[email protected] ~]# ansible B -m shell -a ‘echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh‘
192.168.24.131 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible B -m shell -a  ‘source /etc/profile.d/mysql.sh‘
192.168.24.131 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible B -m shell -a  ‘echo $PATH‘
192.168.24.131 | SUCCESS | rc=0 >>
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin

//建立数据存放目录
[[email protected] ~]# ansible B -m shell -a  ‘mkdir /opt/data‘
 [WARNING]: Consider using the file module with state=directory rather than running mkdir.  If you need to use command
because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible B -m shell -a  ‘ chown -R mysql.mysql /opt/data/‘
 [WARNING]: Consider using the file module with owner rather than running chown.  If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.

192.168.24.131 | SUCCESS | rc=0 >>
//初始化数据库
[[email protected] ~]#  ansible B -m shell -a  ‘cd /usr/local/mysql/bin/ && mysqld --initialize --user=mysql --datadir=/opt/data/‘
192.168.24.131 | SUCCESS | rc=0 >>
2018-09-11T02:13:56.009758Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-09-11T02:13:56.214610Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-09-11T02:13:56.256571Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-09-11T02:13:56.338850Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5644fdde-b568-11e8-8524-000c29b6713b.
2018-09-11T02:13:56.340672Z 0 [Warning] Gtid table is not ready to be used. Table ‘mysql.gtid_executed‘ cannot be opened.
2018-09-11T02:13:56.341847Z 1 [Note] A temporary password is generated for [email protected]: %+lyG?lVa8fn
//最后会生成一个临时密码,要记住

//配置mysql
[[email protected] ~]# ansible B -m shell -a ‘ln -sv /usr/local/mysql/include/ /usr/local/include/mysql‘
 [WARNING]: Consider using the file module with state=link rather than running ln.  If you need to use command because
file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid
of this message.

192.168.24.131 | SUCCESS | rc=0 >>
‘/usr/local/include/mysql’ -> ‘/usr/local/mysql/include/’

[[email protected] ~]# ansible B -m shell -a ‘echo ‘/usr/local/mysql/lib‘ > /etc/ld.so.conf.d/mysql.conf‘
192.168.24.131 | SUCCESS | rc=0 >>
//编辑主控机配置文件
[[email protected] ~]# cat > /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//将配置文件的模块传送到B受控机中
[[email protected] ~]# ansible B -m template -a ‘src=/etc/my.cnf dest=/etc/my.cnf‘
192.168.24.131 | SUCCESS => {
    "changed": true,
    "checksum": "a17bddfa7c1b91f52710851a083cdda7437f8e61",
    "dest": "/etc/my.cnf",
    "gid": 0,
    "group": "root",
    "md5sum": "e3fb34377666720e10989c97ef42c5d9",
    "mode": "0644",
    "owner": "root",
    "size": 155,
    "src": "/root/.ansible/tmp/ansible-tmp-1536574676.28-205852628899885/source",
    "state": "file",
    "uid": 0
}
//配置服务启动脚本
[[email protected] ~]# ansible  B -m shell -a ‘ cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld‘
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]#  ansible  B -m shell -a  ‘sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /etc/init.d/mysqld‘
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

[[email protected] ~]#  ansible  B -m shell -a  ‘sed -ri "s#^(datadir=).*#\1/opt/data#g" /etc/init.d/mysqld ‘
 [WARNING]: Consider using the replace, lineinfile or template module rather than running sed.  If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

192.168.24.131 | SUCCESS | rc=0 >>

//启动mysql

[[email protected] ~]# ansible B -m shell -a ‘service mysqld start‘
 [WARNING]: Consider using the service module rather than running service.  If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.

192.168.24.131 | SUCCESS | rc=0 >>
Starting MySQL. SUCCESS! Logging to ‘/opt/data/linfan.err‘.

[[email protected] ~]#  ansible B -m shell -a ‘ss -natl‘
192.168.24.131 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*
LISTEN     0      80          :::3306                    :::*

安装php

    //安装php
  //在主控机上安装
  //安装依赖包
  [[email protected] ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel
//下载php
 [email protected] ~]# cd /usr/src/
[[email protected] src]# wget http://cn.php.net/distributions/php-7.2.8.tar.xz
//编译安装

[[email protected] ~]#ls
[[email protected] ~]#tar xf php-7.2.8.tar.xz
[[email protected] ~]#cd php-7.2.8
 [[email protected] php-7.2.8]# ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip
 [[email protected] php-7.2.8]# make -j $(cat /proc/cpuinfo |grep processor|wc -l)
[[email protected] php-7.2.8]# make install
//安装后配置
[[email protected] ~]# echo ‘export PATH=/usr/local/php7/bin:$PATH‘ > /etc/profile.d/php7.sh
[[email protected] ~]# source /etc/profile.d/php7.sh
[[email protected] ~]# which php
/usr/local/php7/bin/php
[[email protected] ~]# php -v
PHP 7.2.8 (cli) (built: Aug 17 2018 16:27:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
//配置php-fpm
[[email protected] php-7.2.8]# cp php.ini-production /etc/php.ini
[[email protected] php-7.2.8]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[[email protected] php-7.2.8]# chmod +x /etc/rc.d/init.d/php-fpm
[[email protected] php-7.2.8]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[[email protected] php-7.2.8]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf  

//编辑php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf)
配置fpm的相关选项为你所需要的值:
[[email protected] ~]# vi /usr/local/php7/etc/php-fpm.conf
...
...
pm.max_children = 50 //最多同时50个进程提供50个并发服务
pm.start_servers = 5 //启动时启动5个进程
pm.min_spare_servers = 2 //最小空闲进程数
pm.max_spare_servers = 8  //最大空闲进程数
[[email protected] ~]# tail /usr/local/php7/etc/php-fpm.conf
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
;  - the global prefix if it‘s been set (-p argument)
;  - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8

//编辑/usr/local/php7/etc/php-fpm.d/www.conf
将listen = 127.0.0.1:9000改为listen = 192.168.24.132:9000(安装PHP受控主机的IP)

//将此行注释或删除
listen.allowed_clients = 127.0.0.1  

    //在C受控机上安装php
   //安装依赖包
   [[email protected] ~]# ansible C -m shell -a ‘yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel ‘
   //将主控机上的php包传送到C受控机上解压并安装
   [[email protected] ~]# ansible C -m copy -a ‘src=/usr/src/php-7.2.8.tar.xz dest=/usr/src/‘
192.168.24.132 | SUCCESS => {
    "changed": true,
    "checksum": "eb9afb42a1aaacdb22d7221416da4b524709c9ba",
    "dest": "/usr/src/php-7.2.8.tar.xz",
    "gid": 0,
    "group": "root",
    "md5sum": "ebf0d05fe3bf5b72f5d09c1174934b91",
    "mode": "0644",
    "owner": "root",
    "size": 12153548,
    "src": "/root/.ansible/tmp/ansible-tmp-1536653660.47-196576529236120/source",
    "state": "file",
    "uid": 0
}

[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/ && tar xf php-7.2.8.tar.xz‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 &&  ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip  ‘
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && make -j $(cat /proc/cpuinfo |grep processor|wc -l)‘
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && make install  ‘   

//安装后配置

[[email protected] ~]# ansible C -m shell -a ‘echo "export PATH=/usr/local/php7/bin:$PATH" > /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m shell -a ‘source /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>

//配置php-fpm
[[email protected] ~]# ansible C -m shell -a ‘source /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m  shell -a ‘cd /usr/src/php-7.2.8 && cp php.ini-production /etc/php.ini‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m  shell -a ‘cd /usr/src/php-7.2.8 && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m  shell -a ‘cd /usr/src/php-7.2.8 && chmod +x /etc/rc.d/init.d/php-fpm‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m  shell -a ‘cd /usr/src/php-7.2.8 &&  cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf‘
192.168.24.132 | SUCCESS | rc=0 >>

[[email protected] ~]# ansible C -m  shell -a ‘cd /usr/src/php-7.2.8 &&   cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf  ‘
192.168.24.132 | SUCCESS | rc=0 >>
//将主控机修改后的配置文件发送到C受控机上
[[email protected] ~]# ansible C -m template -a ‘src=/usr/local/php7/etc/php-fpm.conf dest=/usr/local/php7/etc/php-fpm.conf‘

[[email protected] ~]#  ansible C -m template -a ‘src=/usr/local/php7/etc/php-fpm.d/www.conf  dest=/usr/local/php7/etc/php-fpm.d/www.conf ‘

//启动php
[[email protected] ~]# ansible C -m shell -a ‘service php-fpm start‘
 [WARNING]: Consider using the service module rather than running service.  If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.

192.168.24.132 | SUCCESS | rc=0 >>
Starting php-fpm  done

[[email protected] ~]# ansible C -m shell -a ‘ss -natl‘
192.168.24.132 | SUCCESS | rc=0 >>
State      Recv-Q Send-Q Local Address:Port               Peer Address:Port
LISTEN     0      128          *:22                       *:*
LISTEN     0      100    127.0.0.1:25                       *:*
LISTEN     0      128    127.0.0.1:9000                     *:*
LISTEN     0      128         :::22                      :::*
LISTEN     0      100        ::1:25                      :::*

编辑nginx配置文件

在主控机上编辑nginx配置文件

 vim /etc/nginx/nginx.conf
//编辑以下内容
 upstream php {
            server 192.168.24.132:9000;
         }
    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
        # location ~ \.php$ {
         #   proxy_pass   http://php;
        # }

         location ~ \.php$ {
             proxy_pass   http://php;
             root           /usr/share/nginx/html;
             fastcgi_pass   php;
             fastcgi_index  index.php;
             fastcgi_param  SCRIPT_FILENAME  $document_root/scripts$fastcgi_script_name;
             include        fastcgi_params;
        }

将修改后的文件传输到A主控机上

[[email protected] ~]# ansible A -m template -a ‘src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf‘
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "67b4dee474e0107264f56154aff59cd733cdb560",
    "dest": "/etc/nginx/nginx.conf",
    "gid": 0,
    "group": "root",
    "md5sum": "422e017798f0d2554e1f53412d253554",
    "mode": "0644",
    "owner": "root",
    "size": 2907,
    "src": "/root/.ansible/tmp/ansible-tmp-1536657003.52-201945158508709/source",
    "state": "file",
    "uid": 0
}

生成php测试页面

[[email protected] ~]# cd /usr/share/nginx/html
[[email protected] html]# cat > index.php << EOF
> <?php
>   phpinfo();
> ?>
> EOF   

[[email protected] ~]# ansible A -m template -a ‘src=/usr/share/nginx/html/index.php dest=/usr/share/nginx/html/‘
192.168.24.130 | SUCCESS => {
    "changed": true,
    "checksum": "26af88945e23289d15e128606a29932b3d78787c",
    "dest": "/usr/share/nginx/html/index.php",
    "gid": 0,
    "group": "root",
    "md5sum": "62210a938d0199092c2d3976a45bf86d",
    "mode": "0644",
    "owner": "root",
    "size": 22,
    "src": "/root/.ansible/tmp/ansible-tmp-1536657526.48-71308328197734/source",
    "state": "file",
    "uid": 0
}

验证:

原文地址:http://blog.51cto.com/13858192/2174448

时间: 2024-11-03 21:49:42

基于ansible自动化部署nginx+mysl+php分离来实现lnmp的相关文章

实战:ansible自动化部署nginx+keepalived+mysql负载均衡集群

一.目的 使用ansible自动化部署nginx+keepalived+mysql负载均衡集群. 二.拓扑规划 三.详细步骤 1.环境的搭建 (1).安装ansible,同时配置私钥免密码进行通信 [[email protected] ~]# ssh-keygen  -t rsa #-t表示使用的加密类型,其中rsa1表示version1版本,rsa.dsa.ecdsa的加密对于的是version2版本 Generating public/private rsa key pair. #这里询问你

ansible自动化部署nginx

1.ansible的安装(1)准备两台机器,分别 IP为114.67.232.214,主机名为centos100IP为114.67.233.22,主机名为centos101(2)需要在centos100上安装ansible,直接使用yum安装:yum install ansible(3)设置密钥认证在centos100上操作:ssh-keygenssh-copy-id -i /root/.ssh/id_rsa.pub 114.67.233.22测试成功:[[email protected] ~]

项目部署与ansible自动化部署

目录 项目部署与ansible自动化部署 一.项目部署 二.ansible自动化部署(python自动化运维) 1.安装ansible 2.ansible例子 3.ansible自动化部署nginx 项目部署与ansible自动化部署 一.项目部署 # 1.将项目的压缩包拖入xshell # 2.从数据库中导出sql文件,拖入xshell # 3.启动数据库服务,进入mysql数据库 # 4.在Linux中建立数据库 mysql> create database bbs charset utf8

ansible 发部署nginx以及更新、回滚

ansible 发部署nginx以及更新.回滚 ansible 和 saltstack 一样都是基于 Python 开发的,是比 puppet 和 saltstack 更轻量级的运维自动化工具. 一:安装ansible  开启俩台centos Master 192.168.0.6 Slave 192.168.0.8 二:编辑vim /etc/hosts 三:安装 ansible [[email protected] /]# yum install -y epel-release [[email 

Ansible自动化部署corosync+pacemaker高可用实现httpd

一.ansible简介 ansible是2012年出现的自动运维工具,基于python开发,集合了众多工具的优点,可以实现批量系统配置.批量程序部署.批量运行命令.批量配置文件修改等功能.最主要的是ansible是基于多模块工作的,而且ansible是无需客户端安装就可以基于ssh实现管理节点的,是轻量级的自动化运维工具,ansible是个框架,主要包括以下几个组件: (1).连接插件connection plugins:负责和被监控端实现通信: (2).host inventory:设置管理的

Jenkins+Gitlab+Ansible自动化部署(六)

Pipeline Job实现Nginix+MySQL+PHP+Wordpress实现自动化部署交付(Jenkins+Gitlab+Ansible自动化部署(五)https://www.cnblogs.com/zd520pyx1314/p/10249094.html) 环境准备 编写ansible playbook脚本实现Wordpress远程部署 将wordpress源码与playbook部署脚本提交到gitlab仓库 编写pipeline job脚本实现Jenkins流水线持续交付流程 Jen

Ansible自动化部署k8s-1.16.0版集群

Ansible自动化部署k8s二进制集群 Ansible是一种IT自动化工具.它可以配置系统,部署软件以及协调更高级的IT任务,例如持续部署,滚动更新.Ansible适用于管理企业IT基础设施. 这里我通过Ansible来实现Kubernetes v1.16 高可用集群自动部署(离线版) (但是还是需要网络,因为这里需要去部署flannel,coredns,ingress,dashboard插件,需要拉取镜像 Ansible自动化部署k8s-1.16.0版集群介绍 使用ansible自动化部署k

Ansible自动化部署之ROLES

一.ROLES 角色 1.目录层级结构 2.角色调用 3.层级结构展示 示例1:利用ansible角色安装nginx 示例2:变量调用 示例3:在playbook调用角色方法:传递变量给角色 示例4:条件测试角色调用 示例5:角色安装 示例6:角色变量调整memcached内存大小 一.ROLES 角色 对于以上所有的方式有个弊端就是无法实现复用假设在同时部署Web.db.ha 时或不同服务器组合不同的应用就需要写多个yml文件.很难实现灵活的调用.. roles 用于层次性.结构化地组织pla

部署Nginx+Apache动静分离

Nginx动静分离介绍Nginx的静态处理能力很强,但是动态处理能力不足,因此,在企业中常用动静分离技术针对PHP的动静分离 静态页面交给Nginx处理 动态页面交给PHP-FPM模块或Apache处理在Nginx的配置中,是通过location配置段配合正则匹配实现静态与动态页面的不同处理方式反向代理原理Nginx不仅能作为Web服务器,还具有反向代理.负载均衡和缓存的功能Nginx通过proxy模块实现将客户端的请求代理至上游服务器,此时nginx与上游服务器的连接是通过http协议进行的N