Ansible安装

节点规划

IP	主机名	节点
192.168.1.10	ansible	master
192.168.1.11	node-1	node1
192.168.1.12	node-2	node2

环境设置

配置SSH密钥
所有节点做相同操作

[root@ansible ~]# cat /etc/hosts
······
192.168.1.10 ansible
192.168.1.11 node-1
192.168.1.12 node-2 

[root@ansible ~]# ssh-keygen -f /root/.ssh/id_rsa -N ''
[root@ansible ~]# for i in ansible node-1 node-2;do ssh-copy-id root@$i;done

部署软件

控制节点

要求Python2.6及以上

Python模块：paramiko、PyYAML、JinJa2······

[root@ansible ~]# tar xf ansible.tar.gz -C /opt/
[root@ansible ~]# vim /etc/yum.repos.d/local.repo
[ansible]
name=ansible
baseurl=file:///opt/ansible
gpgcheck=0

[root@ansible ~]# yum install ansible -y

Ansible基本配置

主配置文件

参考/etc/ansible/ansible.cfg

[root@ansible ~]# mkdir ansible
[root@ansible ~]# cp /etc/ansible/ansible.cfg ansible/
[root@ansible ~]# cd ansible/
[root@ansible ansible]# vim ansible.cfg
[defaults]
inventory=/root/ansible/hosts
remote_user=root
ask_pass=False

inventory主机清单文件

将被管理端主机写入一个主机列表文件

参考/etc/ansible/hosts

[root@ansible ansible]# vim hosts
[node]
node-1 
node-2

wordpress安装

拷贝wordpress配置文件

1
2
3

[root@ansible ansible]# unzip wordpress-6.1.1-zh_CN.zip 
[root@ansible ansible]# mkdir templates
[root@ansible ansible]# cp wordpress/wp-config-sample.php templates/wp-config.php.j2

配置wordpress

[root@ansible ansible]# vim templates/wp-config.php.j2
<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */

// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', '{{wp_connect_databases}}' );

/** Database username */
define( 'DB_USER', '{{wp_connect_user}}' );

/** Database password */
define( 'DB_PASSWORD', '{{wp_connect_password}}' );

/** Database hostname */
define( 'DB_HOST', '{{wp_connect_db_host}}' );

/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );

/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );

/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY',         ',+Alj/((ob161C|S`g0+>% C<,ZmPsS^)*YTU)KNx(z)N3%HR0RVGTmDQ;9 35n1');
define('SECURE_AUTH_KEY',  'y,~Q6BBT0W[>*gR+v`)lE43FY3~BcOgOD=$GwaQK$,r,n2ah|xZV8rXl>sG(V[+<');
define('LOGGED_IN_KEY',    '+8qmt/=g5D:A4f^+r8;.+9O#Fe<#A-qiuUO]c0z5&F+{C^3gLopfA+3+u,UJZ(i}');
define('NONCE_KEY',        'H[SSS|qyK/n]p$qmU>T:q=Op6{6m~S!ef>41.NR++bdv@zvN~+GH.{-S+Bf&+--,');
define('AUTH_SALT',        'N}~3a0b^_0DT2lF(s68;z0{93n9YP3IE`=mRtuIyj``C+7`bh>%sj$+=.IvP+^Ng');
define('SECURE_AUTH_SALT', '|_%$N!IQE:S+9MpMofqCH+F^m/]T3u_,36?A!+w=TA@,S2m21Wl-U-wK;;8v0sCj');
define('LOGGED_IN_SALT',   'K_CTr`H~$:=M?}j.b 3tq#d%xUA|U|^m,+U-#D::J:3mA{5:S-K@7|G#&;BDWe1@');
define('NONCE_SALT',       '+sH*4P>P(s0_prigkx+z~q {,&Rm48z6guJ1*m,:2dsl<%+z+g||vlhaE|)E^a)l');
/**#@-*/

/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';

/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );

/* Add any custom values between this line and the "stop editing" line. */



/* That's all, stop editing! Happy publishing. */

/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}

/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

编辑变量文件

安装包变量文件

[root@ansible ansible]# vim vars/vars.yml 
package_nginx:
  - unzip
  - gcc
  - pcre-devel
  - gcc-c++
  - openssl-devel
  - zlib-devel
  - zlib
package_php:
  - php
  - php-gd
  - libxml2-devel
  - bzip2-devel
  - libcurl-devel
package_mysql:
  - MySQL-python
  - php-mysql
  - mariadb

wordpress配置文件中的变量

[root@ansible ansible]# vim vars/default.yml 
db_root_password: "000000" #配置数据库密码
db_connect_host: localhost #配置连接地址

wp_databases: wordpress #定义MySQL要创建的数据库
wp_password: 123456 #定义MySQL要创建的数据库密码
wp_user: wordpress #定义MySQL要创建的用户
wp_db_host: "%" #定义MySQL远程地址

wp_connect_databases: wordpress #定义wordpress博客数据库名
wp_connect_user: wordpress #定义wordpress博客数据库用户名
wp_connect_password: 123456 #定义wordpress博客数据库密码
wp_connect_db_host: localhost #定义wordpress博客数据库地址

编写playbook-LAMP

[root@ansible ansible]# cat wordpress.yml
- hosts: node
  vars_files:
  - ./vars/vars.yml
  - ./vars/default.yml
  tasks:
  - name: 关闭firewalld
    service:
      name: firewalld
      state: stopped
      enabled: no
      
  - name: 关闭SELinux
    lineinfile:
      path: /etc/selinux/config
      regexp: '^SELINUX='
      line: "SELINUX=permissive"
      
  - name: 安装http环境软件包
    yum:
      name: "{{item}}"
      state: present
    loop: "{{package_nginx}}"
    
  - name: 安装php环境软件包
    yum:
      name: "{{item}}"
      state: present
    loop: "{{package_php}}"
    
  - name: 安装mariadb辅助软件包
    yum: 
      name: "{{item}}"
      state: present
    loop: "{{package_mysql}}"
    
  - name: 安装mariadb
    yum:
      name: mariadb-server
      state: present
      
  - name: 启动mariadb
    service:
      name: mariadb
      state: started
      enabled: yes
      
  - name: 初始化数据库
    mysql_user:
      name: root
      password: "{{db_root_password}}"
    ignore_errors: yes
    
  - name: 在数据库中创建wordpress数据库
    mysql_db:
      login_host: "{{db_connect_host}}"
      login_user: root
      login_password: "{{db_root_password}}"
      name: "{{wp_databases}}"
      state: present
      
  - name: 创建授权用户
    mysql_user:
      login_host: "{{db_connect_host}}"
      login_user: root
      login_password: "{{db_root_password}}"
      name: "{{wp_user}}"
      password: "{{wp_password}}"
      priv: "{{wp_databases}}.*:ALL"
      state: present
      host: "{{item}}"
    loop:
     - "{{db_connect_host}}"
     - "{{wp_db_host}}"
     
  - name: 拷贝wordpress压缩包
    copy: 
      src: ./wordpress-6.1.1-zh_CN.zip
      dest: /root/
      
  - name: 解压
    shell: "unzip -o -d /var/www/html /root/wordpress-6.1.1-zh_CN.zip"
    
  - name: 拷贝wordpress文件
    template: 
      src: ./templates/wp-config.php.j2
      dest: /var/www/html/wordpress/wp-config.php
      
  - name: 启动httpd
    service:
      name: httpd
      state: started
      enabled: yes
      
      
[root@ansible ansible]# ansible-playbook wordpress.yml
#浏览器访问
192.168.1.11/wordpress

编写playbook-LNMP

编写nginx配置文件模板文件

[root@ansible ansible]# ansible all -m service -a "name=httpd state=stopped enabled=no"
[root@ansible ansible]# cat templates/nginx.conf.j2 
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;


    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.php index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
        
        location ~ \.php$ {
            root           html;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include        fastcgi.conf;
        }

    }

}

playbook

[root@ansible ansible]# cat wordpress.yaml
- hosts: node
  vars_files:
  - ./vars/vars.yml
  - ./vars/default.yml
  tasks:
  - name: 关闭firewalld
    service:
      name: firewalld
      state: stopped
      enabled: no
      
  - name: 关闭SELinux
    lineinfile:
      path: /etc/selinux/config
      regexp: '^SELINUX='
      line: "SELINUX=permissive"
      
  - name: 安装http环境软件包
    yum:
      name: "{{item}}"
      state: present
    loop: "{{package_nginx}}"
    
  - name: 安装php环境软件包
    yum:
      name: "{{item}}"
      state: present
    loop: "{{package_php}}"
    
  - name: 安装mariadb辅助软件包
    yum: 
      name: "{{item}}"
      state: present
    loop: "{{package_mysql}}"
    
  - name: 安装mariadb
    yum:
      name: mariadb-server
      state: present
      
  - name: 启动mariadb
    service:
      name: mariadb
      state: started
      enabled: yes
      
  - name: 初始化数据库
    mysql_user:
      name: root
      password: "{{db_root_password}}"
    ignore_errors: yes
    
  - name: 在数据库中创建wordpress数据库
    mysql_db:
      login_host: "{{db_connect_host}}"
      login_user: root
      login_password: "{{db_root_password}}"
      name: "{{wp_databases}}"
      state: present
      
  - name: 创建授权用户
    mysql_user:
      login_host: "{{db_connect_host}}"
      login_user: root
      login_password: "{{db_root_password}}"
      name: "{{wp_user}}"
      password: "{{wp_password}}"
      priv: "{{wp_databases}}.*:ALL"
      state: present
      host: "{{item}}"
    loop:
     - "{{db_connect_host}}"
     - "{{wp_db_host}}"
     
  - name: 拷贝nginx压缩包
    copy:
      src: ./nginx-1.22.1.tar.gz
      dest: /root/
      
  - name: 解压nginx
    shell: "tar xf /root/nginx-1.22.1.tar.gz"
    
  - name: 编译nginx
    shell: "cd /root/nginx-1.22.1 && ./configure --with-http_ssl_module && make && make install"
    
  - name: 拷贝nginx配置文件
    copy: 
      src: ./templates/nginx.conf.j2
      dest: /usr/local/nginx/conf/nginx.conf
      
  - name: 拷贝wordpress压缩包
    copy: 
      src: ./wordpress-6.1.1-zh_CN.zip
      dest: /root/
      
  - name: 解压
    shell: "unzip -o -d /usr/local/nginx/html/ /root/wordpress-6.1.1-zh_CN.zip"
    
  - name: 拷贝wordpress文件
    template: 
      src: ./templates/wp-config.php.j2
      dest: /usr/local/nginx/html/wordpress/wp-config.php
      
  - name: 启动nginx
    shell: "/usr/local/nginx/sbin/nginx -s reload"
    
    
[root@ansible ansible]# ansible-playbook wordpress.yaml