Ansible部署LNMP

  • Ansible部署LNMP已关闭评论
  • 118 次浏览
  • A+
所属分类:linux技术
摘要

环境介绍:nginx-1.22.0
mysql-8.0.30
php-8.1.11阿里云官网访问:


Ansible部署LNMP


环境介绍:

系统 ip 主机名 服务
centos8 192.168.222.250 ansible ansinle
ceotos8 192.168.222.137 nginx nginx
centos8 192.168.222.138 mysql mysql
centos8 192.168.222.139 php php

nginx-1.22.0
mysql-8.0.30
php-8.1.11

基础准备工作

阿里云官网

[root@localhost ~]# hostnamectl set-hostname ansible [root@localhost ~]# bash //下载阿里源 [root@ansible ~]# cd /etc/yum.repos.d/ [root@ansible yum.repos.d]# rm -rf * [root@ansible yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                  Dload  Upload   Total   Spent    Left  Speed 100  2495  100  2495    0     0   3574      0 --:--:-- --:--:-- --:--:--  3574 [root@ansible yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo [root@ansible yum.repos.d]# cd //安装ansible [root@ansible ~]# dnf -y install platform-python [root@ansible ~]# dnf -y install centos-release-ansible-29 [root@ansible ~]# ansible --version    //查看版本 ansible 2.9.27   config file = /etc/ansible/ansible.cfg   configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']   ansible python module location = /usr/lib/python3.6/site-packages/ansible   executable location = /usr/bin/ansible   python version = 3.6.8 (default, Sep 10 2021, 09:13:53) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)] [root@ansible ~]# ssh-keygen -t rsa    //生成一对公钥一对私钥 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):  Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase):  Enter same passphrase again:  Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:egpQ3eohggaGw65/rQd3/DVnLCKZwJr89+4VpC7obsU root@ansible The key's randomart image is: +---[RSA 3072]----+ |                 | |o    . .         | |+o  ... .   .    | |+o .  o.   o     | |.oo..oo+So. ..   | |o  o=o.+E.. +.+  | |.   .=+ooo.o.=   | | .  .o=o....     | |  ...=+. ++      | +----[SHA256]-----+ [root@ansible ~]# ssh-copy-id 192.168.222.137  //与nginx受控机互信 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.222.137 (192.168.222.137)' can't be established. ECDSA key fingerprint is SHA256:jJ7HFCOrVQKPjfacavF08vxsn4hSKTG3q9SV78ApryQ. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password:   Number of key(s) added: 1  Now try logging into the machine, with:   "ssh '192.168.222.137'" and check to make sure that only the key(s) you wanted were added. [root@ansible ~]# ssh-copy-id 192.168.222.138  //与mysql受控机互信 [root@ansible ~]# ssh-copy-id 192.168.222.139  //与php受控机互信 //将受控主机加入ansible清单 [root@ansible ~]# cd /etc/ansible/ [root@ansible ansible]# ls ansible.cfg  hosts  roles [root@ansible ansible]# touch inventory [root@ansible ansible]# ls ansible.cfg  hosts  inventory  roles [root@ansible ansible]# vim ansible.cfg  #inventory      = /etc/ansible/hosts    //取消注释并修改为下面这样 inventory       = /etc/ansible/inventory [root@ansible ansible]# vim inventory  [root@ansible ansible]# cat inventory  [web]    //受管主机 192.168.222.137 192.168.222.138 192.168.222.139   [nginx] 192.168.222.137 [mysql] 192.168.222.138 [php] 192.168.222.139 [root@ansible ansible]# cd [root@ansible ~]# ansible all --list-hosts   hosts (3):     192.168.222.137     192.168.222.138     192.168.222.139 //检查机器节点是否连通 [root@ansible ~]# ansible web -m ping 192.168.222.139 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "ping": "pong" } 192.168.222.137 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "ping": "pong" } 192.168.222.138 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "ping": "pong" } //将设置好的阿里源传到受控主机 [root@ansible ~]# ansible nginx  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo' 192.168.222.137 | CHANGED => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": true,     "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",     "dest": "/etc/yum.repos.d/CentOS-Base.repo",     "gid": 0,     "group": "root",     "md5sum": "ed031c350da2532e6a8d09a4d9b05278",     "mode": "0644",     "owner": "root",     "secontext": "system_u:object_r:system_conf_t:s0",     "size": 1653,     "src": "/root/.ansible/tmp/ansible-tmp-1666511143.7368824-130351-128775339422969/source",     "state": "file",     "uid": 0 } [root@ansible ~]# ansible mysql  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo' 192.168.222.138 | CHANGED => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": true,     "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",     "dest": "/etc/yum.repos.d/CentOS-Base.repo",     "gid": 0,     "group": "root",     "md5sum": "ed031c350da2532e6a8d09a4d9b05278",     "mode": "0644",     "owner": "root",     "secontext": "system_u:object_r:system_conf_t:s0",     "size": 1653,     "src": "/root/.ansible/tmp/ansible-tmp-1666511161.8907917-130929-57801171367377/source",     "state": "file",     "uid": 0 } [root@ansible ~]# ansible php  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo' 192.168.222.139 | CHANGED => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": true,     "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",     "dest": "/etc/yum.repos.d/CentOS-Base.repo",     "gid": 0,     "group": "root",     "md5sum": "ed031c350da2532e6a8d09a4d9b05278",     "mode": "0644",     "owner": "root",     "secontext": "system_u:object_r:system_conf_t:s0",     "size": 1653,     "src": "/root/.ansible/tmp/ansible-tmp-1666511167.7952082-131147-42422946741004/source",     "state": "file",     "uid": 0 } //查看受控机上是否有阿里源 [root@nginx ~]# ls /etc/yum.repos.d/ CentOS-Base.repo [root@mysql ~]# ls /etc/yum.repos.d/ CentOS-Base.repo [root@php ~]# ls /etc/yum.repos.d/ CentOS-Base.repo //给受控主机安装epel源 [root@ansible ~]# ansible web -m yum -a 'name=epel-release state=present'  192.168.222.137 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "msg": "Nothing to do",     "rc": 0,     "results": [] } 192.168.222.139 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "msg": "Nothing to do",     "rc": 0,     "results": [] } 192.168.222.138 | SUCCESS => {     "ansible_facts": {         "discovered_interpreter_python": "/usr/libexec/platform-python"     },     "changed": false,     "msg": "Nothing to do",     "rc": 0,     "results": [] } //检查受控是否安装 [root@nginx ~]# rpm -qa|grep epel-release epel-release-8-11.el8.noarch [root@mysql ~]# rpm -qa|grep epel-release epel-release-8-11.el8.noarch [root@php ~]# rpm -qa|grep epel-release epel-release-8-11.el8.noarch [root@ansible ~]# systemctl stop firewalld.service  [root@ansible ~]# sed -ri 's/^(SELINUX=).*/1disabled/g' /etc/selinux/config [root@ansible ~]# setenforce 0 [root@ansible ~]# systemctl disable --now firewalld.service  Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. //关闭受控主机的防火墙和selinux [root@ansible ~]# ansible web -m service -a 'name=firewalld state=stopped enabled=no' [root@ansible ~]# ansible web -m lineinfile -a "path=/etc/selinux/config regexp='SELINUX=.*' line='SELINUX=disabled'" [root@ansible ~]# ansible web -m reboot  //重启受控主机 //检查防火墙是否关闭 [root@nginx ~]# systemctl status firewalld.service  ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)    Active: inactive (dead)      Docs: man:firewalld(1) [root@mysql ~]# systemctl status firewalld.service  ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)    Active: inactive (dead)      Docs: man:firewalld(1) [root@php ~]# systemctl status firewalld.service  ● firewalld.service - firewalld - dynamic firewall daemon    Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)    Active: inactive (dead)      Docs: man:firewalld(1) 

管理nginx受管主机部署nginx服务

//创建系统用户nginx [root@ansible ansible]# ansible nginx -m user -a 'name=nginx system=yes shell=/sbin/nologin state=present' //安装依赖包 [root@ansible ansible]# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make,wget state=present' //创建日志存放目录并修改目录所属主,组 [root@ansible ansible]# ansible nginx -m file -a 'path=/var/log/nginx state=directory' [root@ansible ansible]# ansible nginx -m file -a 'path=/var/log/nginx state=directory owner=nginx group=nginx' //下载nginx包并解压 [root@ansible ansible]# ansible nginx -a 'wget http://nginx.org/download/nginx-1.22.0.tar.gz' [root@ansible ansible]# ansible nginx -a 'tar xf nginx-1.22.0.tar.gz' //编写编译脚本,然后进行编译安装 [root@ansible ansible]#  mkdir scripts/ [root@ansible ansible]# vim scripts/nginx.sh [root@ansible ansible]# cat scripts/nginx.sh #!/bin/bash  cd nginx-1.22.0 ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx  --with-debug  --with-http_ssl_module --with-http_realip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module   [root@ansible ansible]# chmod +x scripts/nginx.sh  [root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/nginx.sh' [root@ansible ansible]# ansible nginx -m shell -a 'cd nginx-1.22.0 && make && make install' //配置环境变量 [root@ansible ansible]# ansible nginx -m shell -a 'echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh' [root@ansible ansible]# ansible nginx -m shell -a '. /etc/profile.d/nginx.sh' //开启服务 [root@ansible ansible]# ansible nginx  -a 'nginx' //查看端口 [root@ansible ansible]# ansible nginx  -a 'ss -antl' 192.168.222.137 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0      128          0.0.0.0:80        0.0.0.0:*           LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           LISTEN 0      128             [::]:22           [::]:*   //关闭服务         [root@ansible ansible]# ansible nginx  -a 'nginx -s stop' 192.168.222.137 | CHANGED | rc=0 >> //查看端口 [root@ansible ansible]# ansible nginx  -a 'ss -antl' 192.168.222.137 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           LISTEN 0      128             [::]:22           [::]:*    //编写脚本将其加入systemd服务中        [root@ansible ansible]# vim scripts/systemd.sh [root@ansible ansible]# cat scripts/systemd.sh #!/bin/bash  cat > /usr/lib/systemd/system/nginx.service <<EOF [Unit] Description=nginx server daemon After=network.target sshd-keygen.target  [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecStop=/usr/local/nginx/sbin/nginx -s stop ExecReload=/usr/local/nginx/sbin/nginx -s reload PrivateTmp= true  [Install] WantedBy=multi-user.target EOF [root@ansible ansible]# chmod +x scripts/systemd.sh  //启动服务并设置开机自启 [root@ansible ansible]# ansible nginx -m service -a 'name=nginx state=started enabled=yes' //查看端口 [root@ansible ansible]# ansible nginx  -a 'ss -antl' 192.168.222.137 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0      128          0.0.0.0:80        0.0.0.0:*           LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           LISTEN 0      128             [::]:22           [::]:*    //脚本写入php网页信息 [root@ansible ansible]# vim scripts/nginx.php.sh [root@ansible ansible]# cat scripts/nginx.php.sh #!/bin/bash cat > /usr/local/nginx/html/index.php <<EOF <?php         phpinfo(); ?> EOF [root@ansible ansible]# chmod +x scripts/nginx.php.sh //修改nginx服务的配置 [root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/nginx.php.sh'         

管理mysql受管主机部署mysql服务

//创建系统用户msyql [root@ansible ansible]# ansible mysql -m user -a 'name=mysql system=yes shell=/sbin/nologin state=present' //安装依赖包 [root@ansible ansible]# ansible mysql -m yum -a 'name=ncurses-compat-libs,perl,ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel state=present' //下载mysql包并解压 [root@ansible ansible]# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-8.0.30-linux-glibc2.12-x86_64.tar.xz' [root@ansible ansible]# ansible mysql -a  'tar xf mysql-8.0.30-linux-glibc2.12-x86_64.tar.xz ' //修改mysql数据库名称 ansible mysql -a 'mv mysql-8.0.30-linux-glibc2.12-x86_64 mysql' [root@ansible ansible]# ansible mysql -a 'mv mysql /usr/local/' //修改目录/usr/local/mysql的属主属组 [root@ansible ansible]# ansible mysql -m file -a 'path=/usr/local/mysql owner=mysql group=mysql' //配置环境变量 [root@ansible ansible]# ansible mysql -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh' [root@ansible ansible]# ansible mysql -m shell -a 'source /etc/profile.d/mysql.sh' //做头文件 [root@ansible ansible]# ansible mysql -a 'ln -sv /usr/local/mysql/include/ /usr/include/mysql' 192.168.222.138 | CHANGED | rc=0 >> '/usr/include/mysql/include' -> '/usr/local/mysql/include/' //配置lib库文件 [root@ansible ansible]# ansible mysql -m shell -a 'echo "/usr/local/mysql/lib/" > /etc/ld.so.conf.d/mysql.conf' //编辑man文档 [root@ansible ansible]# ansible mysql -a 'sed -i "22a MANDATORY_MANPATH                         /usr/local/mysql/man" /etc/man_db.conf' //建立数据存放目录 [root@ansible ansible]# ansible mysql -m file -a 'path=/opt/data state=directory owner=mysql group=mysql' //初始化数据库 [root@ansible ansible]# ansible mysql -m shell -a '/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/' 192.168.222.138 | CHANGED | rc=0 >> 2022-10-23T12:55:05.564725Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.30) initializing of server in progress as process 529198 2022-10-23T12:55:05.577111Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started. 2022-10-23T12:55:06.494304Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended. 2022-10-23T12:55:08.076144Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: :rg0o-At;Vop //配置服务启动脚本 [root@ansible ansible]# ansible mysql -a 'cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld' [root@ansible ansible]# ansible mysql -a 'sed  -i "46cbasedir=/usr/local/mysql" /etc/init.d/mysqld' [root@ansible ansible]# ansible mysql -a 'sed  -i "47cdatadir=/opt/data" /etc/init.d/mysqld' //编写脚本添加mysql配置文件和mysql的service文件 [root@ansible ansible]# vim scripts/mysql.sh [root@ansible ansible]# cat scripts/mysql.sh #!/bin/bash  cat > /etc/my.cnf <<EOF [mysqld] basedir = /usr/local/mysql datadir = /opt/data socket = /tmp/mysql.sock port = 3306 pid-file = /opt/data/mysql.pid user = mysql skip-name-resolve EOF  cat > /usr/lib/systemd/system/mysqld.service <<EOF [Unit] Description=mysql server daemon After=network.target sshd-keygen.target  [Service] Type=forking ExecStart=/usr/local/mysql/support-files/mysql.server start ExecStop=/usr/local/mysql/support-files/mysql.server stop ExecReload=/bin/kill -HUP $MAINPID  [Install] WantedBy=multi-user.target EOF [root@ansible ansible]# chmod +x scripts/mysql.sh [root@ansible ansible]# ansible mysql -m script -a '/etc/ansible/scripts/mysql.sh' //重新加载配置 [root@ansible ansible]# ansible mysql -a 'systemctl daemon-reload' //开启服务并设置开机自启 [root@ansible ansible]# ansible mysql -m service -a 'name=mysqld state=started enabled=yes' //查看端口 [root@ansible ansible]# ansible mysql -a 'ss -antl' 192.168.222.138 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess        LISTEN 0      128          0.0.0.0:22         0.0.0.0:*                  LISTEN 0      128             [::]:22            [::]:*           LISTEN 0      70                 *:33060            *:*           LISTEN 0      128                *:3306             *:*           //修改数据库密码 [root@ansible ansible]# ansible mysql -a 'mysqladmin -uroot -p":rg0o-At;Vop" password 123456' 192.168.222.138 | CHANGED | rc=0 >> mysqladmin: [Warning] Using a password on the command line interface can be insecure. Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety. //重启mysql服务 [root@ansible ansible]# ansible mysql -m service -a 'name=mysqld state=restarted' //查看端口 [root@ansible ansible]# ansible mysql -a 'ss -antl' 192.168.222.138 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess LISTEN 0      128          0.0.0.0:22         0.0.0.0:*             LISTEN 0      128             [::]:22            [::]:*           LISTEN 0      70                 *:33060            *:*           LISTEN 0      128                *:3306             *:*           

管理php受管主机部署php服务

//编写脚本安装依赖包 [root@ansible ansible]# vim scripts/php_install.sh [root@ansible ansible]# cat scripts/php_install.sh #!/bin/bash yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make --allowerasing yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libxml2-devel sqlite-devel https://vault.centos.org/centos/8/PowerTools/x86_64/os/Packages/onigurumadevel-6.8.2-2.el8.x86_64.rpm yum -y install https://vault.centos.org/centos/8/AppStream/x86_64/os/Packages/libzip-devel1.5.1-2.module_el8.2.0+313+b04d0a66.x86_64.rpm --nobest yum install libxml2-devel -y yum install sqlite-devel  -y yum -y install libcurl-devel yum -y install gmp-devel yum  install net-snmp-devel -y wget https://libzip.org/download/libzip-1.3.2.tar.gz yum -y install libzip libzip-devel [root@ansible ansible]# chmod +x scripts/php_install.sh  [root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php_install.sh' //下载PHP并解压 [root@ansible ansible]# ansible php -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz' [root@ansible ansible]# ansible php -a 'tar xf php-8.1.11.tar.gz -C /usr/src' //编写脚本编译安装php root@ansible ansible]# vim scripts/php.sh  [root@ansible ansible]# cat scripts/php.sh  #!/bin/bash  cd /usr/src/php-8.1.11/  ./configure --prefix=/usr/local/php8 --with-config-file-path=/usr/local/php8/etc --enable-fpm --enable-mysqlnd --with-mysqli --with-pdo-mysql --enable-gd --with-jpeg --with-freetype --with-gettext --with-curl --with-openssl --enable-sockets --enable-mbstring --enable-xml --with-zip --with-zlib --with-snmp --with-mhash --enable-ftp --enable-bcmath --enable-soap --enable-shmop --enable-sysvsem --enable-pcntl --with-gmp [root@ansible ansible]# chmod +x scripts/php.sh  [root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php.sh' ...  "+--------------------------------------------------------------------+",         "| License:                                                           |",         "| This software is subject to the PHP License, available in this     |",         "| distribution in the file LICENSE. By continuing this installation  |",         "| process, you are bound by the terms of this license agreement.     |",         "| If you do not agree with the terms of this license, you must abort |",         "| the installation process at this point.                            |",         "+--------------------------------------------------------------------+",         "",         "Thank you for using PHP.",         ""     ] } [root@ansible ansible]# ansible php -m shell -a 'cd /usr/src/php-8.1.11/ && make && make install' //安装后配置环境变量 [root@ansible ansible]# ansible php -m shell -a 'echo "export PATH=/usr/local/php8/bin/:$PATH" > /etc/profile.d/php8.sh' [root@ansible ansible]# ansible php -m shell -a 'source /etc/profile.d/php8.sh' //查看版本 [root@ansible ansible]# ansible php -a 'php -v' 192.168.222.139 | CHANGED | rc=0 >> PHP 8.1.11 (cli) (built: Oct 24 2022 00:39:21) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.11, Copyright (c) Zend Technologies //配置php-fpm [root@ansible ansible]# ansible php -a 'cp /usr/src/php-8.1.11/php.ini-production /etc/php.ini' [root@ansible ansible]# ansible php -a 'cp /usr/src/php-8.1.11/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm' [root@ansible ansible]# ansible php -m file -a 'path=/etc/init.d/php-fpm mode=755' [root@ansible ansible]# ansible php -a 'cp /usr/local/php8/etc/php-fpm.conf.default  /usr/local/php8/etc/php-fpm.conf' [root@ansible ansible]# ansible php -a 'cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf' //启动php-fpm [root@ansible ansible]# ansible php -a 'service php-fpm start' 192.168.222.139 | CHANGED | rc=0 >> Starting php-fpm  done //查看端口 [root@ansible ansible]# ansible php -a 'ss -anlt' 192.168.222.139 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0      128        127.0.0.1:9000      0.0.0.0:*           LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           LISTEN 0      128             [::]:22           [::]:*           //连接nginx和php,生成php测试页面 [root@ansible ansible]# ansible php -m file -a 'path=/usr/local/nginx state=directory' [root@ansible ansible]# ansible php -m file -a 'path=/usr/local/nginx/html state=directory' //编写脚本添加php测试页面 [root@ansible ansible]# vim scripts/php.nginx.sh [root@ansible ansible]# cat scripts/php.nginx.sh #!/bin/bash  cat > /usr/local/nginx/html/index.php << EOF <?php      phpinfo(); ?> EOF [root@ansible ansible]# chmod +x scripts/php.nginx.sh [root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php.nginx.sh' //修改php/usr/local/php8/etc/php-fpm.d/www.conf文件的clisten和clisten.allowed_clients指向 [root@ansible ansible]# ansible php -a 'sed -i "36clisten = 192.168.222.139:9000" /usr/local/php8/etc/php-fpm.d/www.conf' [root@ansible ansible]# ansible php -a 'sed -i "63clisten.allowed_clients = 192.168.222.137" /usr/local/php8/etc/php-fpm.d/www.conf' //修改nginx配置文件 [root@ansible ansible]# ansible nginx -a 'sed -i "45c                   index  index.php index.html index.htm;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "65c     location ~ .php$ {" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "66c     root           html;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "67c     fastcgi_pass   192.168.222.139:9000;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "68c     fastcgi_index  index.php;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "69c     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "70c      include        fastcgi_params;" /usr/local/nginx/conf/nginx.conf' [root@ansible ansible]# ansible nginx -a 'sed -i "71c      }" /usr/local/nginx/conf/nginx.conf' //重启nginx和php服务 [root@ansible ansible]# ansible nginx -m service -a 'name=nginx state=restarted' [root@ansible ansible]# ansible php -a 'service php-fpm restart' 192.168.222.139 | CHANGED | rc=0 >> Gracefully shutting down php-fpm warning, no pid file found - php-fpm is not running ? Starting php-fpm  done //查看端口 [root@ansible ansible]# ansible nginx -a 'ss -antl' 192.168.222.137 | CHANGED | rc=0 >> State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcess LISTEN 0      128          0.0.0.0:80        0.0.0.0:*           LISTEN 0      128          0.0.0.0:22        0.0.0.0:*           LISTEN 0      128             [::]:22           [::]:*           [root@ansible ansible]# ansible php -a 'ss -antl' 192.168.222.139 | CHANGED | rc=0 >> State  Recv-Q Send-Q   Local Address:Port Peer Address:PortProcess LISTEN 0      128    192.168.222.139:9000      0.0.0.0:*           LISTEN 0      128            0.0.0.0:22        0.0.0.0:*           LISTEN 0      128               [::]:22           [::]:*           

访问:
Ansible部署LNMP