1、环境配置
- ansible 服务器 192.168.10.10
- nginx 服务器 192.168.10.20
- mysql 服务器 192.168.10.21
- php 服务器 192.168.10.22
2、安装 ansble
#192.168.10.10节点
yum install -y epel-release #先安装 epel 源
yum install -y ansible
配置主机清单
cd /etc/ansible
vim hosts
[nginx]
192.168.10.20[mysql]
192.168.10.21[php]
192.168.10.22
设置免密登录
#3、ansible默认使用ssh连接,所以管理前要设置免密登录#配置密钥对验证ssh-keygen -t #一路回车,生成密钥文件vim /etc/ssh/ssh_config #修改ssh服务端和ssh客户端配置文件StrictHostKeyChecking no #35行,取消注释,将ask修改为no,开启免交互systemctl restart sshd #重启sshd//配置密钥对验证
ssh-keygen -t rsa #一路回车,使用免密登录
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.20
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.21
sshpass -p 'root的密码' ssh-copy-id root@192.168.10.223、配置安装nginx
配置nginx相关文件
#配置 nginx 支持 PHP 解析
vim nginx.conf.j2server {listen {{server_ip}}:{{http_port}};server_name {{host_name}};charset utf-8;#access_log logs/host.access.log main;location / {root html;index index.php index.html;}......location ~ \.php$ {root html;fastcgi_pass 192.168.10.22:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;include fastcgi_params;}
编写 lnmp.yaml 的 nginx 部分
- name: nginx playhosts: webserversremote_user: rootgather_facts: falsevars:- nginx_addr: 192.168.10.20- nginx_port: 80- nginx_hostname: www.xy101.com- root_dir: /var/www/html- php_addr: 192.168.10.22- php_port: 9000tasks:- name: disable firewalld- service: name=firewalld state=stopped enabled=no- name: disable selinuxcommand: 'setenforce 0'ignore_errors: true- name: copy nginx repocopy: src=/opt/nginx/nginx.repo dest=/etc/yum.repos.d/- name: install nginxyum: name=nginx state=latest- name: create root dirfile: path={{root_dir}} state=directory- name: copy nginx config template filetemplate: src=/opt/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.confnotify: 'reload nginx'- name: create nfs configcopy: content="{{root_dir}} 192.168.10.0/24(rw,rsync,no_root_squash)" dest=/etc/exports- name: restart rpcbind,nfs,nginxservice: name={{item}} state=restarted enabled=yeswith_items:- rpcbind- nfs- nginxhandlers:- name: reload nginxservice: name=nginx state=reloaded
测试nginx
#在ansible服务器运行
cd /etc/ansible/playbooks/
ansible-playbook lnmp.yaml --syntax-check #检查yaml文件的语法是否正确
ansible-playbook lnmp.yaml
#在 nginx 服务器查看
systemctl status nginx
netstat -lntp | grep nginx
4、安装 mysql
mysql相关文件配置
准备mysql初始化脚本文件
编写 lnmp.yaml 的 mysql 部分
- name: mysql playhosts: dbserversremote_user: rootgather_facts: falsetasks:- name: disable mysql_server firewalldsrvice: name=firewalld state=stopped enabled=no- name: disable mysql_server selinuxcommand: 'setenforce 0'ignore_errors: true- name: remove mariadbyum: name=mariadb* state=absent- name: copy mysql repocopy: src=/opt/mysql/mysql-community.repo dest=/etc/yum.repos.d/- name: modify mysql reporeplace: path=/etc/yum.repos.d/mysql-community.repo regexp="gpgcheck=1" replace="gpgcheck=0"- name: install mysqlyum: name=mysql-server state=present- name: start mysqlservice: name=mysql state=started enable=yes- name: init mysqlscript: '/opt/mysql/mysql-init.sh'
5、安装php
- name: php playhosts: phpserversremote_user: rootgather_facts: falsevars:- php_username: nginx- php_addr: 192.168.10.22:9000- nginx_addr: 192.168.10.20- root_dir: /var/www/htmltasks:- name: disable php_server firewalldservice: name=firewalld state=stopped- name: disable php_server selinuxcommand: 'setenforce 0'- name: unarchive php tar pkgunarchive: copy=yes src=/opt/php/php.tar.gz dest=/mnt/- name: copy local repocopy: src=/opt/php/local.repo dest=/etc/yum.repos.d/- name: create reposhell: 'createrepo /mnt && yum clean all && yum makecache'- name: install phpyum: name=php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-ldap,php72w-bcmath state=present- name: create php useruser: name={{php_username}} shell=/sbin/nologin create_home=no- name: modify php.inireplace: path=/etc/php.ini regexp=";date.timezone =" replace="date.timezone = Asia/Shanghai"- name: modify user and group in www.confreplace: path=/etc/php-fpm.d/www.conf regexp="127.0.0.1" replace="{{nginx_addr}}"notify: "reload php-fpm"- name: start php-fpmservice name=php-fpm state=started enabled=yes- name: create www root dirfile: path={{root_dir}} state=directory- name: mount nfsmount: src="{{nginx_addr}}:{{root_dir}}" path={{root_dir}} fstype=nfs state=mounted opts="defaults,_netdev"handlers:- name: reload php-fpmservice: name=php-fpm state=reloaded
访问测试
![[玄机]流量特征分析-常见攻击事件 tomcat](https://i-blog.csdnimg.cn/direct/4abf22f6cc72427c89cea0fb48651773.jpeg)
