1 roles角色
1.1 roles角色的作用?
可以把playbook剧本里的各个play看作为一个角色,将各个角色打的tasks任务、vars变量、template模版和copy、script模块使用的相关文件等内容放置在指定角色的目录里统一管理,在需要的时候可在playbook中使用roles角色直接调用即可。
1.2 roles的目录格式
roles/ #角色总目录,其每个子目录就是一个角色目录
nginx/ #相当于playbook中的每一个play主题,目录名就是角色名
files/ #存放copy、script模块调用的文件
templates/ #存放template模块调用的 XXX.j2 模板文件
tasks/main.yml #定义此角色的tasks普通任务列表
handlers/main.yml #定义此角色通过notify触发时执行的handlers处理器任务列表
vars/main.yml #定义此角色用的自定义变量
defaults/main.yml #定义此角色用的默认变量(一般不用)
meta/main.yml #定义此角色的元数据信息和依赖关系
mysql/
....
php/
....
![](https://img-blog.csdnimg.cn/direct/de74f751d85846729633496d9b229aeb.png)
![](https://img-blog.csdnimg.cn/direct/f927160d16b94b2f8e28bbd51cd1bcb8.png)
1.3 调用roles
vim XXX.yaml
- name:
hosts:
remote_user:
roles:
- nginx
- mysql
- php
ansible-playbook XXX.yaml
![](https://img-blog.csdnimg.cn/direct/cbbe91c101a048b98b5febc3e0456b29.png)
2 playbook调用roles分布式安装LNMP
2.1 管理端安装ansible并配置主机清单,与远程主机建立免交互
管理端安装 ansible
yum install -y epel-release //先安装 epel 源
yum install -y ansible
![](https://img-blog.csdnimg.cn/direct/46832470f67746488938358be42f0c44.png)
配置主机清单
cd /etc/ansible
vim hosts
[webservers] #配置组名
192.168.111.22 #组里包含的被管理的主机IP地址或主机名(主机名需要先修改/etc/hosts文件)
[dbservers]
192.168.111.33
[ccservers]
192.168.111.44
![](https://img-blog.csdnimg.cn/direct/f246484aef264c71be622b8ffbccb20b.png)
配置密钥对验证
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
yum install -y sshpass
sshpass -p '123' ssh-copy-id -o StrictHostKeyChecking=no root@192.168.111.22
sshpass -p '123' ssh-copy-id -o StrictHostKeyChecking=no root@192.168.111.33
sshpass -p '123' ssh-copy-id -o StrictHostKeyChecking=no root@192.168.111.44
![](https://img-blog.csdnimg.cn/direct/7ffb4f7e2aef4c3aa4c6e89912770e0b.png)
2.2 部署nginx主机配置
创建nginx主机目录和yml文件
在命名的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
mkdir /opt/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta}
在角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
touch /opt/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml
![](https://img-blog.csdnimg.cn/direct/43cdcda3628445a598ecf926829a82de.png)
配置tasks文件
vim /opt/ansible/roles/nginx/tasks/main.yml
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: '/usr/sbin/setenforce 0'
ignore_errors: true
- name: copy nginx repo
copy: src=nginx.repo dest=/etc/yum.repos.d/
- name: install nginx
yum: name={
{pkg}} state=present
- name: create root dir
file: path={
{root_dir}} state=directory
- name: prepare nginx config file
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: "reload nginx"
- name: start nginx
service: name={
{svc}} state=started enabled=yes
~
![](https://img-blog.csdnimg.cn/direct/bafa96be665846a8878007ac93274111.png)
配置vars文件
vim /opt/ansible/roles/nginx/vars/main.yml
nginx_addr: 192.168.111.22
nginx_port: 80
server_name: www.ky33.com
root_dir: /var/www/html
php_addr: 192.168.111.22
php_port: 9000
pkg: nginx
svc: nginx
![](https://img-blog.csdnimg.cn/direct/f75ff5ba2af940989a7a7f68cd46c604.png)
配置templates模版中nginx用于支持php服务的配置文件
vim /opt/ansible/roles/nginx/templates/nginx.conf.j2
worker_processes auto;
events {
use epoll;
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen {
{nginx_addr}}:{
{nginx_port}};
server_name {
{server_name}};
charset utf-8;
location / {
root {
{root_dir}};
index index.php index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root {
{root_dir}};
fastcgi_pass {
{php_addr}}:{
{php_port}};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
![](https://img-blog.csdnimg.cn/direct/85726bfadafe4bc689f746ed1841a993.png)
安装rpcbind和nfs并配置用于php挂载
yum -y install rpcbind nfs
vim /etc/exports
/usr/share/nginx/html 192.168.111.0/24(rw)
showmount -e
Export list for localhost.localdomain:
/usr/share/nginx/html 192.168.111.0/24
systemctl restart rpcbind nfs
![](https://img-blog.csdnimg.cn/direct/ef6efbed075e49abbcfbedd76c38f9ab.png)
配置php服务文件用于测试
cd /usr/share/nginx/html/
vim index.php
<?php
phpinfo;
?>
![](https://img-blog.csdnimg.cn/direct/d4fb0fe0d33e4b899d0102fe037d134f.png)
2.3 部署mysql主机配置
创建mysql主机目录和yml文件
在命名的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
mkdir /opt/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta}
在角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
touch /opt/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml
![](https://img-blog.csdnimg.cn/direct/3238f56720a544d89fdc13819ab984f6.png)
配置tasks文件
vim /opt/ansible/roles/mysql/tasks/main.yml
- include: "init.yml"
- name: remove mariadb
yum: name=mariadb* state=absent
- name: copy mysql repo
copy: src=mysql-community.repo dest=/etc/yum.repos.d/
- name: modify mysql repo
replace: path=/etc/yum.repos.d/mysql-community.repo regexp="gpgcheck=1" replace="gpgcheck=0"
- name: install mysql
yum: name={
{pkg}} state=present
- name: start mysql
service: name={
{svc}} state=started enabled=yes
- name: init mysql
shell: passd=$(grep "password" /var/log/mysqld.log | awk '{print $NF}') && mysql -uroot -p"$passd" --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'Admin@123';" && mysql -uroot -pAdmin@123 -e "grant all privileges on *.* to root@'%' identified by 'Admin@123' with grant option;"
ignore_errors: true
![](https://img-blog.csdnimg.cn/direct/4101e25b146142589b6cd34bb1871039.png)
配置防火墙文件
vim /opt/ansible/roles/mysql/tasks/init.yml
- name: disable firewalld
service: name=firewalld state=stopped enabled=no
- name: disable selinux
command: '/usr/sbin/setenforce 0'
ignore_errors: true
![](https://img-blog.csdnimg.cn/direct/4370f6ce990e4e81b5759361e6135579.png)
配置vars文件
vim /opt/ansible/roles/mysql/vars/main.yml
pkg: mysql-server
svc: mysqld
![](https://img-blog.csdnimg.cn/direct/c5e818befa234de0b9e76494a4c71da0.png)
2.4 部署php主机配置
创建php主机目录和yml文件
在命名的目录中分别创建files、handlers、tasks、templates、meta、defaults和vars目录,用不到的目录可以创建为空目录,也可以不创建
mkdir /opt/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta}
在角色的 handlers、tasks、meta、defaults、vars 目录下创建 main.yml 文件,千万不能自定义文件名
touch /opt/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml
![](https://img-blog.csdnimg.cn/direct/270e6f01d83f4a9ca39cb31b3314d528.png)
配置tasks文件
vim /opt/ansible/roles/php/tasks/main.yml
- name: install php
yum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache state=present
- name: create php user
user: name={
{user_name}} shell=/sbin/nologin create_home=no
- name: modify php config file
replace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"
notify: "reload php-fpm"
- name: modify user and group in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="apache" replace="{
{user_name}}"
notify: "reload php-fpm"
- name: modify listen addr in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1:9000" replace="{
{php_addr}}"
notify: "reload php-fpm"
- name: modify allowed_clients in www.conf
replace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1" replace="{
{nginx_addr}}"
notify: "reload php-fpm"
- name: start php-fpm
service: name={
{svc}} state=started enabled=yes
- name: create php root dir
file: path=/var/www/html state=directory
- name: mount nfs
mount: src="192.168.111.22:/usr/share/nginx/html" path=/var/www/html fstype=nfs state=mounted opts="defaults,_netdev"
![](https://img-blog.csdnimg.cn/direct/e61f7627cf054a959f6620107d5aa58f.png)
![](https://img-blog.csdnimg.cn/direct/ba3518cab38c439fb04be6521cc55ee6.png)
配置vars文件
vim /opt/ansible/roles/php/vars/main.yml
user_name: php
php_addr: 192.168.111.44:9000
nginx_addr: 192.168.111.22
svc: php-fpm
![](https://img-blog.csdnimg.cn/direct/a1f8e1a5435b43a2a2b542f6ba395059.png)
2.5 配置lnmp启动剧本
vim site.yml
- hosts: webservers
remote_user: root
roles:
- nginx
- hosts: dbservers
remote_user: root
roles:
- mysql
- hosts: ccservers
remote_user: root
roles:
- php
![](https://img-blog.csdnimg.cn/direct/2712cce198ef4a2696b39c6dfa805493.png)
执行脚本
![](https://img-blog.csdnimg.cn/direct/dc4525bd9d294caf94d3a5f656e60d15.png)
![](https://img-blog.csdnimg.cn/direct/758b36e77b844f4ba6671c75ae2cdb61.png)
![](https://img-blog.csdnimg.cn/direct/553699be8f9d42d0a7c27261e7e1a269.png)