搭建思路
- 准备基础环境
- 准备服务端
- 准备项目端
ps:服务器尽量使用内网ip连接
服务器准备
使用阿里云,其他服务器同理
系统优化
管理机
- 配置yum源,
cat >/etc/yum.repos.d/nginx.repo<<EOF [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true EOF
cat >/etc/yum.repos.d/php.repo<<EOF [webtatic-php] name = php Repository baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/ enabled = 1 gpgcheck = 0 EOF
检查
yum repolist
2. 安装基础软件- ansible- sshpass- 以及其他常用的```bashyum install -y vim tree wget bash-completion bash-completion-extras ntpdate lrzsz net-tools sysstat iotop iftop htop unzip nc nmap telnet bc psmisc httpd-tools bind-utils nethogs expect ansible sshpass
- 关闭防火墙、selinux( 阿里云已关闭
- systemctl stop firewalld
- vi /etc/selinux/config”,然后将SELINUX的值改为“disabled”
- ssh优化(阿里云已做,具体配置见sshd
- 配置hosts文件 ```bash vim /etc/hosts
lb01 lb02 web01 web02 redis01 db01 nfs01 backup01 m01 127.0.0.1 localhost
6. 密钥分发
```bash
#!/bin/bash
#author: Rdymy
#desc 一键自动化创建和分发公钥
ip_list="lb01 db01 nfs01 backup web01 web02 web03 lb02 m01"
ssh_root_pass="root"
echo '--------------------------------------------'
echo '1. 创建 key'
echo '--------------------------------------------'
# 创建密钥对并指定私钥路径和使用私钥时的密码短语
ssh-keygen -f ~/.ssh/id_rsa -P ''
echo '--------------------------------------------'
echo '2. 分发 pub key'
echo '--------------------------------------------'
for ip in $ip_list
do
# ssh填密码的工具sshpass,需yum下载 指定公钥地址 暂时停止主机验证 连接的ip
sshpass -p$ssh_root_pass ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@$ip
done
sh /server/scripts/fenfa.sh
[lb] lb01 hostname=lb01 lb02 hostname=lb02 [web] web01 hostname=web01 web02 hostname=web2 [redis] redis01 hostname=redis01 [db] db01 hostname=db01 [nfs] nfs01 hostname=nfs01 [backup] backup01 hostname=backup01 [m] m01 hostname=m01
测试
ansible all -a ‘hostname’
8. 配置定时任务(北京时间同步)
```bash
crontab -e
# sync time
*/2 * * * * /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null
- 创建并进入roles
```bash
mkdir -p /server/ansible/{roles,playbook}
创建变量文件
mkdir -p /server/ansible/roles/group_vars/all cp /etc/ansible/hosts /server/ansible/roles cd /server/ansible/roles/
10. 修改主机清单默认位置
```bash
vim /etc/ansible/ansible.cfg
inventory = ./hosts
# 写入环境变量永久生效
echo 'export ANSIBLE_INVENTORY=./hosts' >>/etc/profile
source /etc/profile
- 变量文件书写处,这个代码块需要结合下面的roles代码书写 ```bash vim /server/ansible/roles/group_vars/all/vars.yml
db
db_user_root: root db_root_pass: root db_allow: 172.31.32.%
nfs
web_user_group: www web_user_uid: 1086 web_user_gid: 1086 vpc_net: 172.31.32.0/24
blog、phpshe
web_host: oldboylinux.cn
keep
keep_vip: 10.0.0.3
12. 创建所有文件,这个代码块需要在所有roles完成后写
```bash
mkdir -p {baseconf}/{files,templates,tasks,handlers}
被管理机 ( 写roles
baseconf(对所有机器进行优化
# 创建roles,
# 新知识:ansible默认连的是22 端口的 root,因为我的管理机连不上自己,改了5999端口也不行。
mkdir -p /server/ansible/roles/baseconf/{files,templates,tasks,handlers}
# 写files/templates,一个是关闭selinux,一个是优化ssh,云可以不做所以注释了
#vim /server/ansible/roles/baseconf/files/config
#
#SELINUX=disabled
#SELINUXTYPE=targeted
#
#vim /server/ansible/roles/baseconf/files/sshd_config
#
## 指定端口号
#Port 22
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
#AuthorizedKeysFile .ssh/authorized_keys
#ChallengeResponseAuthentication no
## 是否开启GSSAPI认证
#GSSAPIAuthentication no
#GSSAPICleanupCredentials no
## 开启PAM认证
#UsePAM yes
#X11Forwarding yes
#AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
#AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
#AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
#AcceptEnv XMODIFIERS
#Subsystem sftp /usr/libexec/openssh/sftp-server
## 是否开启DNS反向解析
#UseDNS no
#AddressFamily inet
#SyslogFacility AUTHPRIV
## 是否允许root远程登陆
#PermitRootLogin yes
## 是否允许密码登录
#PasswordAuthentication yes
## 指定本地那块网卡连接,默认全部
##ListenAddress 0.0.0.0
##ListenAddress ::
# 写tasks
vim /server/ansible/roles/baseconf/tasks/main.yml
---
- name: 安装常用工具
yum:
name:
- tree
- wget
- bash-completion
- bash-completion-extras
- lrzsz
- net-tools
- sysstat
- iotop
- iftop
- htop
- unzip
- nc
- nmap
- telnet
- bc
- psmisc
- httpd-tools
- bind-utils
- nethogs
- expect
state: installed
- name: 全体时间同步
cron:
name: sync the time
minute: "*/2"
job: /usr/sbin/ntpdate ntp1.aliyun.com &>/dev/null
state: present
- name: 创建www用户组
group:
name: "{{ web_user_group }}"
gid: "{{ web_user_gid }}"
state: present
- name: 创建www用户
user:
name: "{{ web_user_group }}"
uid: "{{ web_user_uid }}"
group: "{{ web_user_group }}"
shell: /sbin/nologin
create_home: no
state: present
#- name: 关闭防火墙,云可以不做
# systemd:
# state: stopped
# name: firewalld
#
#- name: 分发selinux配置文件用来关闭selinux,云可以不做
# copy:
# src: config
# dest: /etc/selinux/config
# backup: yes
#
#- name: shell echo的两种写法展示
# shell:
# cmd: echo 写法一
# shell: echo 写法二
# shell:
# cmd: |
# lalala
# lalala 写法三
#
#- name: 分发优化后的ssh, 云可以跳过
# copy:
# src: sshd_config
# dest: /etc/ssh/sshd_config
# backup: yes
- name: 为每台机器设置主机名,这一步也可以直接在创建云服务器的时候执行
hostname:
name: "{{ hostname }}"
- name: 追加被管理机的hosts文件
lineinfile:
line: "{{ item }}"
path: /etc/hosts
with_items:
- 47.111.174.189 web02
- 118.31.55.218 db01
- 116.62.212.248 nfs01
- 47.110.82.86 backup01
- 47.111.112.208 web01
#其他的还有改ens33为eth0之类的。
# 写top.yml,这里的hosts是可以指定为
# 多个单独的机器的,用空格或者逗号分割都可以,
# 指定多个组用:分割
vim top.yml
- hosts: all
roles:
- role: baseconf
服务配置
nfs安装启动(存储服务器
# 创建roles
mkdir -p /server/ansible/roles/nfs/{files,templates,tasks,handlers}
# 写files/templates
vim /server/ansible/roles/nfs/templates/exports.j2
{%for name in [ "blog","shop" ] %}
/data/{{ name }} {{vpc_net}}(rw,all_squash,anonuid={{web_user_uid}},anongid={{web_user_gid}})
{%endfor%}
# 写tasks
vim /server/ansible/roles/nfs/tasks/main.yml
---
- name: 安装rpcbind,nfs-utils
yum:
name:
- nfs-utils
state: installed
- name: 启动nfs,rpcbind
systemd:
# systemd这小子和yum不一样,不能用逗号连着写,没试过-写法,老实循环吧
name: "{{ item }}"
enabled: yes
state: started
with_items:
- rpcbind
- nfs
- name: "发送配置文件"
copy:
src: exports.j2
dest: /etc/exports
backup: yes
- name: 创建共享目录
file:
state: directory
path: "{{ item }}"
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
with_items:
- /nfsdata/blog
- /nfsdata/phpshe
- name: 重启nfs
systemd:
state: reloaded
name: nfs
# 写top.yml
vim top.yml
- hosts: nfs
roles:
- role: nfs
nginx安装启动(所有web、lb服务器
# 创建roles
mkdir -p /server/ansible/roles/nginx/{files,templates,tasks,handlers}
# 写files/templates,把你的ssl证书也放在这个目录
vim /server/ansible/roles/nginx/files/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
vim /server/ansible/roles/nginx/templates/default.conf.j2
server {
listen 80 default_server;
server_name "";
location / {
default_type text/plain;
charset utf8;
return 200 "no the Host";
}
location /status {
stub_status;
allow {{vpc_net}} ;
deny all;
}
}
vim /server/ansible/roles/nginx/files/nginx.conf.j2
user {{ web_user_group }} {{ web_user_group }} ;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# 写tasks
vim /server/ansible/roles/nginx/tasks/main.yml
---
- name: 配置yum源
copy:
src: nginx.repo
dest: /etc/yum.repos.d/nginx.repo
backup: yes
- name: 安装nginx
yum:
name: nginx
state: installed
- name: 发送default.conf,这里默认配置放在负载还是web尚有疑问
templates:
src: default.conf.j2
dest: /etc/nginx/conf.d/default.conf
backup: yes
when: ansible_hostname is not match ("lb01|lb02")
- name: 发送nginx.conf
templates:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
backup: yes
- name: 创建ssl目录
file:
path: /etc/nginx/verify/
state: directory
- name: 分发ssl证书
copy:
src: "{{ item }}"
dest: /etc/nginx/verify/
with_items:
- 6710962_blog.oldboylinux.cn.pem
- 6710962_blog.oldboylinux.cn.key
- 6792020_phpshe.oldboylinux.cn.pem
- 6792020_phpshe.oldboylinux.cn.key
- name: 启动nginx
systemd:
name: nginx
state: started
enabled: yes
# 写top.yml
#和下面一起写
php安装启动(所有web服务器
egrep -v '^;|^$' /etc/php-fpm.d/www.conf获取并修改配置文件
# 创建roles
mkdir -p /server/ansible/roles/php/{files,templates,tasks,handlers}
# 写files/templaets,注意修改下面redis的ip,反转了,我填了主机名
vim /server/ansible/roles/php/files/php.repo
[webtatic-php]
name = php Repository
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
enabled = 1
gpgcheck = 0
vim /server/ansible/roles/php/templates/www.conf.j2
[www]
user = {{ web_user_group }}
group = {{ web_user_group }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
vim /server/ansible/roles/php/templates/phpshe.conf.j2
[phpshe]
user = {{ web_user_group }}
group = {{ web_user_group }}
listen = 127.0.0.1:9001
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = redis
php_value[session.save_path] = tcp://redis01:6379
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
# 写tasks
vim /server/ansible/roles/php/tasks/main.yml
---
- name: 分发php-yum源
copy:
src: php.repo
dest: /etc/yum.repos.d
backup: yes
- name: 安装php
yum:
name: php72w,php72w-cli,php72w-common,php72w-devel,php72w-embedded,php72w-gd,php72w-mbstring,php72w-pdo,php72w-xml,php72w-fpm,php72w-mysqlnd,php72w-opcache,php72w-pecl-memcached,php72w-pecl-redis,php72w-pecl-mongodb
state: installed
- name: 配置php用户和redis
copy:
src: "{{ item}}.j2"
dest: /etc/php-fpm.d/{{ item }}
backup: yes
with_items:
- www.conf
- phpshe.conf
- name: 启动php
systemd:
name: php-fpm
enabled: yes
state: started
# 写top.yml
vim top.yml
- hosts: web
roles:
- role: nginx
- role: php
- hosts: lb
roles:
- role: nginx
redis(redis服务器
获取ip时有多个ip的解决办法
https://www.cnblogs.com/morse/p/14036236.html
# 创建 roles
mkdir -p /server/ansible/roles/redis/{files,templates,tasks,handlers}
# 写 files
没有
# 写 tasks
vim /server/ansible/roles/redis/tasks/main.yml
---
- name: 安装redis
yum:
name: redis
state: installed
- name: 修改配置文件
lineinfile:
path:/etc/redis.conf
regexp: "^bind"
line: bind{{ ansible_default_ipv4.address }}
- name: 启动redis
systemd:
name: redis
enabled: yes
state: started
# 写 top.yml
vim top.yml
- hosts: redis
roles:
- role: redis
mariadb安装启动(db服务器
# 创建roles
mkdir -p /server/ansible/roles/db/{files,templates,tasks,handlers}
# 写files
# 写tasks,注意修改数据库远程主机,反转了,我填了主机名,又反转了,不能填写主机名,要填网段(%),不知道能不能一次性指定多个独立ip,不试了。
# priv: "blog.*:ALL", 用循环没加双引号,不知道行不行
vim /server/ansible/roles/db/tasks/main.yml
---
- name: 下载数据库
yum:
name: mariadb-server,MySQL-python
state: installed
- name: 启动数据库
systemd:
name: mariadb
state: started
enabled: yes
- name: 删除用户
mysql_user:
name: ""
host: "{{ item }}"
state: absent
ignore_errors: yes
with_items:
- {{ ansible_hostname }}
- localhost
- name: 删除test数据库
mysql_db:
name: test
state: absent
- name: 设置root密码
mysql_user:
name: root
host: localhost
password: "{{ db_root_pass }}"
state: present
update_password: always
ignore_errors: yes
# 写top.yml
vim top.yml
- hosts: db
roles:
- role: db
keep(负载均衡服务器
# 创建roles
mkdir -p /server/ansible/roles/keep/{files,templates,tasks,handlers}
vim /server/ansible/roles/keep/files/check_lb.sh
#!/bin/bash
#author: lidao996
#desc: check nginx port
#1.检查端口是否存在,个数
count=`ss -lntup|grep nginx |wc -l`
#2.如果端口数量为0,则关闭keepalived
if [ $count -eq 0 ];then
systemctl stop keepalived
fi
vim /server/ansible/roles/keep/templates/keepalived.conf.j2
! Configuration File for keepalived
global_defs {
router_id ha_{{ ansible_hostname }}
}
vrrp_script check_lb {
script /server/scripts/check_lb.sh
interval 1
timeout 30
weight 1
}
vrrp_instance lb_vip01 {
{% if ( ansible_hostname is match "lb01" ) %}
state MASTER
priority 150
{% elif ( ansible_hostname is match "lb02" ) %}
state BACKUP
priority 100
{% endif %}
interface eth0
virtual_router_id 51
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
{{ keep_vip }}
}
track_script {
check_lb
}
}
# 写tasks,lb部署以及高可用
vim /server/ansible/roles/keep/tasks/main.yml
---
- name: 安装keepalived
yum:
name: keepalived
state: installed
- name: 分发高可用配置文件
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
backup: yes
- name: 分发监控nginx脚本
copy:
src: check_lb.sh
dest: /server/scripts
backup: yes
mode: 755
when: ansible_hostname is match "lb01"
- name: 启动keepalived
systemd:
name: keepalived
state: started
enabled: yes
# 写top.yml
vim top.yml
---
- hosts: lb
roles:
- role: keep
rsyncd(backup服务器
项目端配置
web项目
blog(web01
部署web服务器的时候,如果是新网站还好,不然的话一定要复制旧服务器的代码。
否则安装的时候可能重写数据库。
# 创建roles
mkdir -p /server/ansible/roles/blog/{files,templates,tasks,handlers}
# 写tasks
vim /server/ansible/roles/blog/tasks/main.yml
- name: wp-db,这个正则是可以模糊匹配的,所以写主机名的一部分就可以
include_tasks: db.yml
when: ( ansible_hostname is match("db"))
- name: wp-web
include_tasks: web.yml
when: ( ansible_hostname is match("web"))
- name: wp-lb
include_tasks: lb.yml
when: ( ansible_hostname is match("lb"))
- name: wp-nfs
include_tasks: lb.yml
when: ( ansible_hostname is match("lb"))
# 写handlers
vim /server/ansible/roles/blog/handlers/main.yml
---
- name: reload nginx
systemd:
name: nginx
state: reloaded
# 写top.yml
vim top.yml
- hosts: web01
roles:
- role: blog
# 写tasks
vim /server/ansible/roles/blog/tasks/db.yml
- name: 创建数据库
mysql_db:
name: "{{ item }}"
state: present
login_user: "{{db_user_root}}"
login_password: "{{db_root_pass}}"
with_items:
- blog
- phpshe
- name: 创建用户
mysql_user:
name: "{{ item.name }}"
host: "{{ db_allow }}"
password: "{{ item.pass }}"
priv: "{{ item.priv }}"
login_user: "{{db_user_root}}"
login_password: "{{db_root_pass}}"
state: present
with_items:
- { name:'blog', pass:'blog', priv:'blog.*:ALL'}
- { name:'phpshe', pass:'phpshe', priv:'phpshe.*:ALL'}
# 写files/templates
blog的压缩包
ssl证书文件
vim /server/ansible/roles/blog/templates/blog.oldboylinux.cn.conf.j2
server{
listen 443 ssl;
server_name blog.{{ web_host }};
root /app/code/blog;
access_log /var/log/nginx/blog.{{ web_host }}-access.log main;
error_log /var/log/nginx/blog.{{ web_host }}-error.log notice;
ssl_certificate /etc/nginx/verify/blog.{{ web_host }}.pem;
ssl_certificate_key /etc/nginx/verify/blog.{{ web_host }}.key;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 写tasks
vim /server/ansible/roles/blog/tasks/web.yml
---
- name: 创建站点目录
file:
path: /app/code/
state: directory
- name: 解压分发一步到位
unarchive:
src: wordpress-5.9.3-zh_CN.zip
dest: /app/code/
- name: 重命名wordpress
shell:
mv: /app/code/wordpress /app/code/blog
- name: 分发nginx子配置文件
templates:
src: blog.oldboylinux.cn.conf.j2
dest: /etc/nginx/conf.d/blog.{{ web_host }}.conf
backup: yes
notify:
- rload nginx
- name: 创建挂载点,设置用户为www
file:
path: /app/code/blog/wp-content/uploads
state: directory
onwer: "{{ web_user_group }}"
group: "{{ web_user_group }}"
- name: 安装nfs
yum:
name: nfs-utils
state: installed
- name: nfs挂载
mount:
fstype: nfs
src: nfs:/nfsdata/blog
path: /app/code/blog/wp-content/uploads
state: mounted
# 写top.yml
# 和phpshe一起写
# 写files/templates
ssl证书
vim /server/ansible/roles/blog/templates/lb-blog.oldboylinux.cn.conf.j2
upstream default_pools {
least_conn;
{% for ip in groups['web'] %}
server {{ ip }}:443 weight=1 max_fails=3 fail_timeout=15;
{% endfor %}
}
server {
listen 80;
server_name blog.{{ web_host }};
return 301 https://blog.{{ web_host }};
}
server{
listen 443 ssl;
server_name blog.{{ web_host }};
access_log /var/log/nginx/blog.{{ web_host }}-access.log main;
error_log /var/log/nginx/blog.{{ web_host }}-error.log notice;
ssl_certificate /etc/nginx/verify/blog.{{ web_host }}.pem;
ssl_certificate_key /etc/nginx/verify/blog.{{ web_host }}.key;
location / {
proxy_pass https://default_pools;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# 静态资源缓存是应该放在负载还是web,放在web的话就不用写下面的了
expires 10d;
}
location ~*\.(jsp|php)$ {
proxy_pass https://default_pools;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
# 写tasks
vim /server/ansible/roles/blog/tasks/lb.yml
---
- name: 分发负载配置文件
copy:
src: "{{ item }}.j2"
dest: /etc/nginx/conf.d/{{ item }}
backup: yes
with_items:
- { src: "blog.{{ web_host }}.pem", dest: "/etc/nginx/ssl/" }
- { src: "blog.{{ web_host }}.key", dest: "/etc/nginx/ssl/" }
- { src: "lb-blog.oldboylinux.cn.conf.j2", dest: "/etc/nginx/conf.d/lb-blog.{{ web_host }}.conf" }
- name: 重启nginx
systemd:
name: nginx
state: reloaded
原来的
# 写tasks
vim /server/ansible/roles/blog/tasks/main.yml
---
- name: 创建站点目录
file:
path: /app/code/
state: directory
- name: 解压分发一步到位
unarchive:
src: wordpress-5.9.3-zh_CN.zip
dest: /app/code/
- name: 重命名wordpress
shell:
mv: /app/code/wordpress /app/code/blog
- name: 分发nginx子配置文件
copy:
src: blog.oldboylinux.cn.conf
dest: /etc/nginx/conf.d/
backup: yes
notify:
- rload nginx
- name: 创建挂载点,设置用户为nginx
file:
path: /app/code/blog/wp-content/uploads
state: directory
onwer: nginx
group: nginx
- name: 安装nfs
yum:
name: nfs-utils
state: installed
- name: nfs挂载
mount:
fstype: nfs
src: nfs:/nfsdata/blog
path: /app/code/blog/wp-content/uploads
state: mounted
# 写top.yml
# 和下面一起写
phpshe(web01
# 创建roles
mkdir -p /server/ansible/roles/phpshe/{files,templates,tasks,handlers}
# 写files/templates
phpshe的压缩包
ssl证书文件
vim /server/ansible/roles/blog/templates/phpshe.oldboylinux.cn.conf.j2
server{
listen 443 ssl;
server_name phpshe.{{ web_host }};
root /app/code/phpshe;
access_log /var/log/nginx/phpshe.{{ web_host }}-access.log main;
error_log /var/log/nginx/phpshe.{{ web_host }}-error.log notice;
ssl_certificate /etc/nginx/verify/phpshe.{{ web_host }}.pem;
ssl_certificate_key /etc/nginx/verify/phpshe.{{ web_host }}.key;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9001;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 写tasks
vim /server/ansible/roles/blog/tasks/main.yml
- name: phpshe-db,这个正则是可以模糊匹配的,所以写主机名的一部分就可以
include_tasks: db.yml
when: ( ansible_hostname is match("db"))
- name: phpshe-web
include_tasks: web.yml
when: ( ansible_hostname is match("web"))
- name: phpshe-lb
include_tasks: lb.yml
when: ( ansible_hostname is match("lb"))
- name: phpshe-nfs
include_tasks: nfs.yml
when: ( ansible_hostname is match("nfs"))
# 写handlers
vim /server/ansible/roles/blog/handlers/main.yml
---
- name: reload nginx
systemd:
name: nginx
state: reloaded
# 写top.yml
vim top.yml
- hosts: web01
roles:
- role: phpshe
# 写tasks
vim /server/ansible/roles/phpshe/tasks/main.yml
---
- name: 解压分发一步到位
unarchive:
src: phpshe1.8-v2-lidao.zip
dest: /app/code/
- name: 重命名phpshe1.8
shell:
mv: /app/code/phpshe1.8 /app/code/phpshe
- name: 分发nginx子配置文件
copy:
src: phpshe.oldboylinux.cn.conf.j2
dest: /etc/nginx/conf.d/phpshe.{{ web_host }}.conf
backup: yes
notify:
- reload nginx
- name: 设置用户为www
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: "{{ web_user_group }}"
group: "{{ web_user_group }}"
with_items:
- {path:'/app/code/phpshe/config.php', state:'file'}
- {path:'/app/code/phpshe/install/', state:'directory'}
- {path:'/app/code/phpshe/data/', state:'directory'}
# 写files/templates
cp /server/ansible/roles/blog/templates/blog.oldboylinux.cn.conf.j2 /server/ansible/roles/blog/templates/phpshe.oldboylinux.cn.conf.j2
sed -i "s#blog#phpshe#g" /server/ansible/roles/lb/templates/phpshe.oldboylinux.cn.conf.j2
---
- name: 分发负载配置文件
copy:
src: "{{ item }}.j2"
dest: /etc/nginx/conf.d/{{ item }}
backup: yes
with_items:
- { src: "phpshe.{{ web_host }}.pem", dest: "/etc/nginx/ssl/" }
- { src: "phpshe.{{ web_host }}.key", dest: "/etc/nginx/ssl/" }
- { src: "lb-phpshe.oldboylinux.cn.conf.j2", dest: "/etc/nginx/conf.d/lb-phpshe.{{ web_host }}.conf" }
- name: 重启nginx
systemd:
name: nginx
state: reloaded
# 创建roles
mkdir -p /server/ansible/roles/phpshe/{files,templates,tasks,handlers}
# 写files
phpshe的解压包
ssl证书
vim /server/ansible/roles/blog/files/phpshe.oldboylinux.cn.conf
server{
listen 443 ssl;
server_name phpshe.oldboylinux.cn;
root /app/code/phpshe;
access_log /var/log/nginx/phpshe.oldboylinux.cn-access.log main;
error_log /var/log/nginx/phpshe.oldboylinux.cn-error.log notice;
ssl_certificate /etc/nginx/verify/6792020_phpshe.oldboylinux.cn.pem;
ssl_certificate_key /etc/nginx/verify/6792020_phpshe.oldboylinux.cn.key;
location / {
index index.php;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9001;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 写tasks
vim /server/ansible/roles/phpshe/tasks/main.yml
---
- name: 解压分发一步到位
unarchive:
src: phpshe1.8-v2-lidao.zip
dest: /app/code/
- name: 重命名phpshe1.8
shell:
mv: /app/code/phpshe1.8 /app/code/phpshe
- name: 分发nginx子配置文件
copy:
src: phpshe.oldboylinux.cn.conf
dest: /etc/nginx/conf.d/
backup: yes
notify:
- reload nginx
- name: 设置用户为nginx
file:
path: "{{ item.path }}"
state: "{{ item.state }}"
owner: nginx
group: nginx
with_items:
- {path:'/app/code/phpshe/config.php', state:'file'}
- {path:'/app/code/phpshe/install/', state:'directory'}
- {path:'/app/code/phpshe/data/', state:'directory'}
# 写handlers
vim /server/ansible/roles/phpshe/handlers/main.yml
---
- name: reload nginx
systemd:
name: nginx
state: reloaded
# 写top.yml
vim top.yml
- hosts: web01
roles:
- role: blog
- role: phpshe
blog,phpshe(web02 以及其他
需要web01访问安装完数据库在执行这一步
# 创建roles
mkdir -p /server/ansible/roles/otherweb/{files,templates,tasks,handlers}
# 写files
# tar zcvf ./blog.tar.gz blog --exclude=blog/wp-content/uploads
phpshe、blog的压缩包
ssl证书文四个
phpshe.oldboylinux.cn.conf
blog.oldboylinux.cn.conf
# 写tasks
vim /server/ansible/roles/otherweb/tasks/main.yml
---
- name: 创建站点目录
file:
path: /app/code/
state: directory
when: ansible_hostname is not match "web01"
- name: 解压分发一步到位
unarchive:
src: "{{ item }}"
dest: /app/code/
with_items:
- blog.tar.gz
- phpshe.tar.gz
when: ansible_hostname is not match "web01"
- name: 分发nginx子配置文件
copy:
src: "{{ item }}"
dest: /etc/nginx/conf.d/
backup: yes
with_items:
- blog.oldboylinux.cn.conf
- phpshe.oldboylinux.cn.conf
notify:
- reload nginx
when: ansible_hostname is not match "web01"
- name: 安装nfs
yum:
name: nfs-utils
state: installed
when: ansible_hostname is not match "web01"
- name: nfs挂载
mount:
fstype: nfs
src: nfs:/nfsdata/blog
path: /app/code/blog/wp-content/uploads
state: mounted
when: ansible_hostname is not match "web01"
# 写handlers
vim /server/ansible/roles/otherweb/tasks/main.yml
---
- name: reload nginx
systemd:
name: nginx
state: reloaded
# 写top.yml
vim top.yml
- hosts: web
roles:
- role: otherweb
全网备份项目
rsyncd (backup服务器
# 创建roles
# 写tasks/templates
- name: 创建nfs备份目录
file:
path: /nfsbackup
state: directory
owner: rsync
group: rsync
# 写top.yml
sersync(nfs服务器
# 创建roles
mkdir -p /server/ansible/roles/sersync/{files,templates,tasks,handlers}
# 写files/templates
sersync二进制安装包
# 写tasks
- name: 发送二进制目录
copy:
src: GNU-Linux-x86
dest: /app/tools/
- name: 重命名和软连接
shell: mv /app/tools/GNU-Linux-x86 /app/tools/sersync
shell: mv /app/tools/sersync/sersync2 /app/tools/sersync/sersync
shell: ln -s /app/tools/sersync/sersync /bin/
- name: 发送sersync配置文件并改权限
copy:
src: confxml.xml
mode: 644
dest: /app/tools/sersync/confxml.xml
- name: rsyncd配置文件添加模块
lineinfile:
line: ""{{ item }}""
path: /etc/rsyncd.conf
with_items:
- comment = 'nfsbackup dir by Rdymy 2022/4/9'
- path = /nfsbackup
- name: 启动
# 写top.yml
若有收获,就点个赞吧
0 人点赞
