[PHP知识库] playbook部署lamp（循环、事实、机密）

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> PHP知识库 -> playbook部署lamp（循环、事实、机密） -> 正文阅读

[PHP知识库]playbook部署lamp（循环、事实、机密）

playbook部署lamp（循环、事实、机密）

- 一、环境准备
- 二、实验步骤

一、环境准备

主机	IP
ansible	192.168.47.128
node	192.168.47.129

二、实验步骤

开始之前先关闭防火墙和selinux

创建项目文件夹

[root@ansible ansible]# cd lamp/
[root@ansible lamp]# tree
.
├── conf
│   ├── httpd.conf
│   ├── httpd-vhosts.conf
│   ├── index.php
│   └── www.conf
├── install
│   └── index.php
└── vars
    ├── packages.yml
    ├── pa.yml
    ├── service.yml
    └── user.yml

3 directories, 9 files

把虚拟站点文件传输到node服务器上

[root@ansible lamp]# cat conf/httpd-vhosts.conf 
<VirtualHost *:80>
    DocumentRoot "/var/www/html"
    ServerName www.wjj.com
    ProxyRequests Off
    ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/var/www/html/$1 
    <Directory "/var/www/html">      
        Options none
        AllowOverride none
        Require all granted
    </Directory>
</VirtualHost>

编写需要传到部署机器的index.php文件

[root@ansible lamp]# cat conf/index.php 
<?php
    phpinfo();
?>

编写需要安装的服务的安装包文件、用户文件、服务文件

[root@ansible lamp]# cat vars/service.yml 
service:
  - httpd
  - mariadb
  - php-fpm
[root@ansible lamp]# cat vars/user.yml 
name:
 - apache
 - mysql
 - php

[root@ansible lamp]# cat vars/packages.yml 
tools:
  - httpd*
  - mariadb*
  - php*

编写部署lamp的lamp.yml

[root@ansible lamp]# cat install/lamp.yml 
---
- name: "install httpd* mariadb* php* service"
  hosts: 192.168.47.129
  gather_facts: no
  vars_files:
    - /etc/ansible/lamp/vars/packages.yml
    - /etc/ansible/lamp/vars/user.yml
    - /etc/ansible/lamp/vars/service.yml  
  tasks:
    - name: "install"
      yum: 
        name: "{{ item }}"
        state: present
      loop: "{{ tools }}"

    - name: "create user"
      user:
        name: "{{ item }}"
        state: present
        system: yes
        create_home: no
        shell: /sbin/nologin
      loop: "{{ name }}"  

    - name: "copy is httpd.conf "
      copy:
        src: /etc/ansible/lamp/conf/httpd.conf 
        dest: /etc/httpd/conf/httpd.conf

    - name: "copy is vhosts.conf"
      copy:
        src: /etc/ansible/lamp/conf/httpd-vhosts.conf
        dest: /etc/httpd/conf.d/httpd-vhosts.conf

    - name: "copy is index.php"
      copy:
        src: /etc/ansible/lamp/conf/index.php
        dest: /var/www/html/index.php

    - name: "copy is www.conf"
      copy:
        src: /etc/ansible/lamp/conf/www.conf
        dest: /etc/php-fpm.d/www.conf  

    - name: "stopped is firewalld"
      service: 
        name: firewalld
        state: stopped
        enabled: no
    - name: "setenforce 0"
      shell: "setenforce 0"

    - name: "httpd mariadb php is enabled"
      service:
        name: "{{ item }}"
        state: started
        enabled: yes
      loop: "{{ server }}"

运行结果

[root@ansible ansible]# ansible-playbook lamp/tasks/lamp.yml 
[WARNING]: Found variable using reserved name: name

PLAY [install httpd* mariadb* php* service] *******************************************************************************

TASK [install] ************************************************************************************************************
ok: [192.168.47.129] => (item=httpd*)
ok: [192.168.47.129] => (item=mariadb*)
ok: [192.168.47.129] => (item=php*)

TASK [create user] ********************************************************************************************************
ok: [192.168.47.129] => (item=apache)
ok: [192.168.47.129] => (item=mysql)
ok: [192.168.47.129] => (item=php)

TASK [copy is httpd.conf] *************************************************************************************************
changed: [192.168.47.129]

TASK [copy is vhosts.conf] ************************************************************************************************
changed: [192.168.47.129]

TASK [copy is index.php] **************************************************************************************************
changed: [192.168.47.129]

TASK [copy is www.conf] ***************************************************************************************************
changed: [192.168.47.129]

TASK [stopped is firewalld] ***********************************************************************************************
ok: [192.168.47.129]

TASK [setenforce 0] *******************************************************************************************************
changed: [192.168.47.129]

TASK [httpd mariadb php is enabled] ***************************************************************************************
changed: [192.168.47.129] => (item=httpd)
changed: [192.168.47.129] => (item=mariadb)
changed: [192.168.47.129] => (item=php-fpm)

PLAY RECAP ****************************************************************************************************************
192.168.47.129             : ok=9    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

给packages.yml加密

[root@ansible lamp]# ansible-vault encrypt vars/packages.yml
New Vault password: 
Confirm New Vault password: 
Encryption successful
[root@ansible lamp]# cat vars/packages.yml 
$ANSIBLE_VAULT;1.1;AES256
34366132373330363064316461396430333537373239633437663936343739323039393064326537
3538326134666537616331653337323536366262396635640a373437336436386237333535313866
66663361376631623532666438393039353335663462396538386636316435653861373965383962
3038323266313962610a393635303837386533653630376531633732653630376566323464616639
38333764333861373233613139363036363864386638633563356561343536306632616466376437
6261646436363864396139323362643931653361376539623532

//创建一个文件存放加密文件密码
[root@ansible lamp]# cat vars/pa.yml 
.pass=wangjingjing!