【自动化运维系列教程】Ansible Playbook剧本部署LNMP环境+WordPress博客
关于
Ansible Playbook教程:https://www.wsjj.top/archives/116
关于Ansible基本模块的使用教程:https://www.wsjj.top/archives/115
关于LNMP环境部署教程:https://www.wsjj.top/archives/88
一、编写Playbook
[root@zabbix_server ansible]# vim /root/ansible/work/LNMP.yaml
- hosts: dbserver #指定安装主机组
user: root #指定用户
gather_facts: false #不调用setup模块中的数据
tasks:
- name: install wget #安装必要的组件
yum: name={{ item }} state=present
loop:
- wget
- net-tools
- name: install yum #配置国内yum源和epel源
shell: |
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
yum clean all && yum makecache fast
- name: Download Nginx #下载Nginx
shell: chdir=/root wget http://nginx.org/download/nginx-1.20.2.tar.gz
- name: tar Nginx #解压Nginx
shell: chdir=/root tar xf nginx-1.20.2.tar.gz
- name: install Nginx Software Dependency #安装Nginx需要的依赖
yum: name={{ item }} state=present
loop:
- gcc
- openssl-devel
- pcre-devel
- zlib-devel
- name: mkdir Nginx dir #创建Nginx需要的临时数据目录
shell: mkdir -p /var/tmp/nginx/{client,proxy,fastcgi,uwsgi,scgi}
- name: useradd Nginx #创建Nginx用户
user: name=nginx shell=/sbin/nologin
- name: Make Nginx #编译
shell: chdir=/root/nginx-1.20.2 ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-stream --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-file-aio --with-http_secure_link_module --with-threads --http-client-body-temp-path=/var/tmp/nginx/client/ --http-proxy-temp-path=/var/tmp/nginx/proxy/ --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi/ --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi/ --http-scgi-temp-path=/var/tmp/nginx/scgi/
- name: Install Nginx #编译安装
shell: |
chdir=/root/nginx-1.20.2
make
make install
- name: Start Nginx #启动Nginx
shell:
/usr/local/nginx/sbin/nginx;
- name: Enable Nginx #设置Nginx开机自启动
lineinfile:
path: "/etc/rc.d/rc.local"
line: "/usr/local/nginx/sbin/nginx"
mode: '0777'
- name: Download PHP7.4 #下载PHP网络源
shell: yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
- name: Install yum-utils #安装依赖
yum: name=yum-utils state=present
- name: Enable remi-php74 #启用源
shell: yum-config-manager --enable remi-php74
- name: Install PHP Software Dependency #安装PHP
yum: name={{ item }} state=present
loop:
- php
- php-cli
- php-fpm
- php-mysqlnd
- php-zip
- php-devel
- php-gd
- php-mcrypt
- php-mbstring
- php-curl
- php-xml
- php-pear
- php-bcmath
- php-json
- php-redis
- name: PHP User #修改PHP运行用户为Nginx
shell: |
sed -ri 's|user = apache|user = nginx|' /etc/php-fpm.d/www.conf
sed -ri 's|group = apache|group = nginx|' /etc/php-fpm.d/www.conf
- name: Start PHP7.4 #启动PHP服务
service: name=php-fpm state=started enabled=yes
- name: Install MariaDB #安装MriaDB数据库
yum: name=mariadb-server state=present
- name: Start MariaDB #设置MariaDB服务开机自启动
service: name=mariadb state=started enabled=yes
- name: MKdir Nginx and www and log #创建用到的目录
file: path={{ item["path"] }} state=directory
loop:
- {"path":"/usr/local/nginx/conf.d"}
- {"path":"/www/wwwroot/blog.wsjj.com"}
- {"path":"/var/log/nginx"}
- name: Download WordPress #下载Wordpress
shell: chdir=/root wget https://cn.wordpress.org/latest-zh_CN.tar.gz
- name: tar WordPress #解压Wordpress
shell: chdir=/root tar xf latest-zh_CN.tar.gz
- name: copy WordPress #复制Wordpress文件到网页目录
shell: cp -r /root/wordpress/* /www/wwwroot/blog.wsjj.com/
- name: Permissions #设置网页目录权限
shell: |
chmod -R 0775 /www/wwwroot/blog.wsjj.com
chown -R nginx.nginx /www/wwwroot/blog.wsjj.com
- name: copy Nginx.conf #复制Nginx需要的配置文件
copy: src={{ item["src"] }} dest={{ item["dest"] }} owner=nginx group=nginx mode=0775
loop:
- {"src":"/root/ansible/work/nginx.conf","dest":"/usr/local/nginx/conf/"}
- {"src":"/root/ansible/work/blog.conf","dest":"/usr/local/nginx/conf.d/"}
- name: Restart Nginx #重新加载Nginx配置文件
shell: /usr/local/nginx/sbin/nginx -s reload
- name: Create WordPress database and users; #创建Wordpress用到的数据库和用户
shell: |
mysql -uroot -e "create database wordpress charset utf8mb4"
mysql -uroot -e "grant all on wordpress.* to 'wordpress'@'localhost' identified by 'WWW.1.com'"
二、用到的Nginx配置文件
1.主配置文件
[root@zabbix_server ansible]# vim /root/ansible/work/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
include /usr/local/nginx/conf.d/*.conf;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
2.子配置文件
[root@zabbix_server ansible]# vim /root/ansible/work/blog.conf
server {
listen 80;
server_name blog.wsjj.com;
access_log /var/log/nginx/blog_access.log main;
error_log /var/log/nginx/blog_error.log error;
location / {
root /www/wwwroot/blog.wsjj.com;
index index.html index.php;
}
location ~ \.php$ {
root /www/wwwroot/blog.wsjj.com;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}