实验说明: 服务角色 IP 系统 需安装 主控机 192.168.24.128 centos7 ansible A受控机 192.168.24.130 centos7 nginx B受控机 192.168.24.131 centos7 mysql C受控机 192.168.24.132 centos7 php-fpm 实验需求: 在主控机上
实验需求:
在主控机上使用自动化运维工具ansible在A受控机上安装nginx,在B受控机上安装mysql,在C受控机上安装php-fpm,实现lnmp构架
实验步骤
在主控机上安装ansible
安装yum源
[[email protected] ~]# cd /etc/yum.repos.d/ [email protected] yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo [[email protected] yum.repos.d]# sed -i ‘s/\$releasever/7/g‘ 163.repo [[email protected] yum.repos.d]# sed -i ‘s/^enabled=.*/enabled=1/g‘ 163.repo [[email protected] yum.repos.d]# yum -y install epel-release
安装ansible
[[email protected] yum.repos.d]# yum -y install ansible ansible-doc
查看ansible的版本
[[email protected] ~]# ansible --version ansible 2.6.3 config file = /etc/ansible/ansible.cfg configured module search path = [u‘/root/.ansible/plugins/modules‘, u‘/usr/share/ansible/plugins/modules‘] ansible python module location = /usr/lib/python2.7/site-packages/ansible executable location = /usr/bin/ansible python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
建立ssh互信
[[email protected] ~]# ssh-keygen -t rsa //生成一对公钥一对私钥 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory ‘/root/.ssh‘. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1ZqK35+ZXS+tKY5n0iiHPE+jqFurMDuMP4R8z75Ibnw [email protected] The key‘s randomart image is: +---[RSA 2048]----+ | | | . | | . . | | . o | |.. S o | |.... . . | | +=.o o...oo ..| |. **.E +=++o==.oo| | .+=**+ o=+**.+o.| +----[SHA256]-----+ [[email protected] ~]# ssh-copy-id 192.168.24.130//与A受控机互信 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host ‘192.168.24.130 (192.168.24.130)‘ can‘t be established. ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0. ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]‘s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘192.168.24.130‘" and check to make sure that only the key(s) you wanted were added. [[email protected] ~]# ssh-copy-id 192.168.24.131 //与B受控机互信 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host ‘192.168.24.131 (192.168.24.131)‘ can‘t be established. ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0. ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]‘s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘192.168.24.131‘" and check to make sure that only the key(s) you wanted were added. [[email protected] ~]# ssh-copy-id 192.168.24.132 //与C受控机互信 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host ‘192.168.24.132 (192.168.24.132)‘ can‘t be established. ECDSA key fingerprint is SHA256:w+sgREnQRuhBiqS0qL9wlAImCSmvSQ6KnNqW6N3znJ0. ECDSA key fingerprint is MD5:f0:fd:ea:c7:97:83:f0:b0:03:84:d2:a6:0a:23:12:e0. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]‘s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh ‘192.168.24.132‘" and check to make sure that only the key(s) you wanted were added.
将受控主机加入ansible清单
[[email protected] ~]# vim /etc/ansible/hosts //添加以下内容 [web] 分组为web,方便统一管理 192.168.24.130 192.168.24.131 192.168.24.132 //为了方便后续操作简单化 将IP用组名代替 [A] 192.168.24.130 [B] 192.168.24.131 [C] 192.168.24.132
检查机器节点是否连通
[[email protected] ~]# ansible web -m ping
192.168.24.132 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.24.131 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.24.130 | SUCCESS => {
"changed": false,
"ping": "pong"
}
所有服务器环境统一部署
安装yum源
将刚创建好的163.repo模块传送给所有受控机
[[email protected] ~]# ansible web -m template -a ‘src=/etc/yum.repos.d/163.repo dest=/etc/yum.repos.d/163.repo‘
192.168.24.132 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.1-198245142401154/source",
"state": "file",
"uid": 0
}
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.08-3811360530584/source",
"state": "file",
"uid": 0
}
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536562774.05-112239359043862/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible web -m yum -a ‘name=epel-release state=present‘ //安装epel-release源
关闭防火墙以及SELINX
//关闭主控机防火墙以及SELINX [[email protected] ~]# systemctl stop firewalld [[email protected] ~]# systemctl disable firewalld [[email protected] ~]# sed -ri ‘s/^(SELINUX=).*/\1disabled/g‘ /etc/selinux/config [[email protected] ~]# setenforce 0 setenforce: SELinux is disabled //关闭所有受控机防火墙以及SELINX [[email protected] ~]# ansible web -m service -a ‘name=firewalld state=stopped‘ [[email protected] ~]# ansible web -m shell -a ‘sed -ri "s/^(SELINUX=).*/\1disabled/g" /etc/selinux/config‘ [WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. 192.168.24.130 | SUCCESS | rc=0 >> 192.168.24.132 | SUCCESS | rc=0 >> 192.168.24.131 | SUCCESS | rc=0 >>
安装nginx
安装nginx
//在主控机上安装nginx ,便于后续nginx配置文件模板传送到受控主机
[[email protected] ~]# yum -y install nginx
//在A受控主机上安装nginx
[[email protected] ~]# ansible A -m yum -a ‘name=nginx state=present‘
192.168.24.130 | SUCCESS => {
创建系统用户
[[email protected] ~]# ansible A -m group -a ‘name=nginx state=present‘
192.168.24.130 | SUCCESS => {
"changed": false,
"gid": 995,
"name": "nginx",
"state": "present",
"system": false
}
[[email protected] ~]# ansible A -m user -a ‘name=nginx system=yes create_home=no shell=/sbin/nologin state=present‘
192.168.24.130 | SUCCESS => {
"append": false,
"changed": false,
"comment": "Nginx web server",
"group": 995,
"home": "/var/lib/nginx",
"move_home": false,
"name": "nginx",
"shell": "/sbin/nologin",
"state": "present",
"uid": 997
}
给予网页根目录权限
[[email protected] ~]# ansible A -m shell -a ‘chown -R nginx.nginx /usr/share/nginx/html/‘ [WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this message. 192.168.24.130 | SUCCESS | rc=0 >>
启动nginx
[[email protected] ~]# ansible A -m service -a ‘name=nginx state=started‘
192.168.24.130 | SUCCESS => {
[[email protected] ~]# ansible A -m shell -a ‘ss -natl‘
192.168.24.130 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
安装mysql
创建系统用户和组
[[email protected] ~]# ansible B -m group -a ‘name=mysql state=absent‘
192.168.24.131 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
[[email protected] ~]# ansible B -m user -a ‘name=mysql system=yes uid=306 create_home=no shell=/sbin/nologin state=present‘
192.168.24.131 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 100,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
安装mysql
//在主控制机上安装mysql以便于mysql配置文件以模块模式传输到受控机
[[email protected] ~]# yum -y install ncurses-devel openssl-devel openssl cmake mariadb-devel //安装依赖包
//下载二进制格式的mysql软件包
[email protected] ~]# cd /usr/src/
[[email protected] src]# wget https://downloads.mysql.com/archives/get/file/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
//解压软件至/usr/local/
[[email protected] src]# ls
apr-1.6.3 apr-util-1.6.1 debug mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz
apr-1.6.3.tar.bz2 apr-util-1.6.1.tar.bz2 kernels
[[email protected] src]# tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[[email protected] src]# ls /usr/local/
apache apr-util etc include lib64 mysql-5.7.22-linux-glibc2.12-x86_64 share
apr bin games lib libexec sbin src
//将压缩包传输到B受控机上并解压
[[email protected] src]# ansible B -m copy -a ‘src=/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz dest=/usr/src/‘
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "c03a71bcc83c5b338e322564826d151fd5fd1ea8",
"dest": "/usr/src/mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz",
"gid": 0,
"group": "root",
"md5sum": "9ef7a05695f8b4ea29f8d077c3b415e2",
"mode": "0644",
"owner": "root",
"size": 643790848,
"src": "/root/.ansible/tmp/ansible-tmp-1536631037.53-191843998587658/source",
"state": "file",
"uid": 0
}
[[email protected] src]# ansible B -m shell -a ‘cd /usr/src && tar xf mysql-5.7.22-linux-glibc2.12-x86_64.tar.gz -C /usr/local/‘
192.168.24.131 | SUCCESS | rc=0 >>
//在B受控机上安装mysql
//安装依赖包
[[email protected] ~]# ansible B -m yum -a ‘name=ncurses-devel state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=openssl-devel state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=openssl state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=cmake state=present‘
[[email protected] ~]# ansible B -m yum -a ‘name=mariadb-devel state=present‘
//创建用户和组
[[email protected] ~]# ansible B -m group -a ‘name=mysql system=yes gid=306 state=present‘
192.168.24.131 | SUCCESS => {
"changed": false,
"gid": 306,
"name": "mysql",
"state": "present",
"system": true
}
[[email protected] src]# ansible B -m user -a ‘name=mysql system=yes uid=306 group=306 create_home=no shell=/sbin/nologin state=present‘
192.168.24.131 | SUCCESS => {
"append": false,
"changed": false,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 306
}
//将刚刚解压的文件进行软连接
[[email protected] ~]# ansible B -m shell -a ‘cd /usr/local && ln -sv mysql-5.7.22-linux-glibc2.12-x86_64/ mysql‘
192.168.24.131 | SUCCESS | rc=0 >>
‘mysql’ -> ‘mysql-5.7.22-linux-glibc2.12-x86_64/’
//修改目录/usr/locaal/mysql的属主属组
[[email protected] ~]# ansible B -m shell -a ‘chown -R mysql.mysql /usr/local/mysql‘
[WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.24.131 | SUCCESS | rc=0 >>
//添加环境变量
[[email protected] ~]# ansible B -m shell -a ‘echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh‘
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible B -m shell -a ‘source /etc/profile.d/mysql.sh‘
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible B -m shell -a ‘echo $PATH‘
192.168.24.131 | SUCCESS | rc=0 >>
/usr/local/mysql/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
//建立数据存放目录
[[email protected] ~]# ansible B -m shell -a ‘mkdir /opt/data‘
[WARNING]: Consider using the file module with state=directory rather than running mkdir. If you need to use command
because file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to
get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible B -m shell -a ‘ chown -R mysql.mysql /opt/data/‘
[WARNING]: Consider using the file module with owner rather than running chown. If you need to use command because file
is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of
this message.
192.168.24.131 | SUCCESS | rc=0 >>
//初始化数据库
[[email protected] ~]# ansible B -m shell -a ‘cd /usr/local/mysql/bin/ && mysqld --initialize --user=mysql --datadir=/opt/data/‘
192.168.24.131 | SUCCESS | rc=0 >>
2018-09-11T02:13:56.009758Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2018-09-11T02:13:56.214610Z 0 [Warning] InnoDB: New log files created, LSN=45790
2018-09-11T02:13:56.256571Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2018-09-11T02:13:56.338850Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 5644fdde-b568-11e8-8524-000c29b6713b.
2018-09-11T02:13:56.340672Z 0 [Warning] Gtid table is not ready to be used. Table ‘mysql.gtid_executed‘ cannot be opened.
2018-09-11T02:13:56.341847Z 1 [Note] A temporary password is generated for [email protected]: %+lyG?lVa8fn
//最后会生成一个临时密码,要记住
//配置mysql
[[email protected] ~]# ansible B -m shell -a ‘ln -sv /usr/local/mysql/include/ /usr/local/include/mysql‘
[WARNING]: Consider using the file module with state=link rather than running ln. If you need to use command because
file is insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid
of this message.
192.168.24.131 | SUCCESS | rc=0 >>
‘/usr/local/include/mysql’ -> ‘/usr/local/mysql/include/’
[[email protected] ~]# ansible B -m shell -a ‘echo ‘/usr/local/mysql/lib‘ > /etc/ld.so.conf.d/mysql.conf‘
192.168.24.131 | SUCCESS | rc=0 >>
//编辑主控机配置文件
[[email protected] ~]# cat > /etc/my.cnf <<EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//将配置文件的模块传送到B受控机中
[[email protected] ~]# ansible B -m template -a ‘src=/etc/my.cnf dest=/etc/my.cnf‘
192.168.24.131 | SUCCESS => {
"changed": true,
"checksum": "a17bddfa7c1b91f52710851a083cdda7437f8e61",
"dest": "/etc/my.cnf",
"gid": 0,
"group": "root",
"md5sum": "e3fb34377666720e10989c97ef42c5d9",
"mode": "0644",
"owner": "root",
"size": 155,
"src": "/root/.ansible/tmp/ansible-tmp-1536574676.28-205852628899885/source",
"state": "file",
"uid": 0
}
//配置服务启动脚本
[[email protected] ~]# ansible B -m shell -a ‘ cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld‘
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible B -m shell -a ‘sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /etc/init.d/mysqld‘
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible B -m shell -a ‘sed -ri "s#^(datadir=).*#\1/opt/data#g" /etc/init.d/mysqld ‘
[WARNING]: Consider using the replace, lineinfile or template module rather than running sed. If you need to use
command because replace, lineinfile or template is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.
192.168.24.131 | SUCCESS | rc=0 >>
//启动mysql
[[email protected] ~]# ansible B -m shell -a ‘service mysqld start‘
[WARNING]: Consider using the service module rather than running service. If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.
192.168.24.131 | SUCCESS | rc=0 >>
Starting MySQL. SUCCESS! Logging to ‘/opt/data/linfan.err‘.
[[email protected] ~]# ansible B -m shell -a ‘ss -natl‘
192.168.24.131 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 80 :::3306 :::*
安装php
//安装php
//在主控机上安装
//安装依赖包
[[email protected] ~]# yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel
//下载php
[email protected] ~]# cd /usr/src/
[[email protected] src]# wget http://cn.php.net/distributions/php-7.2.8.tar.xz
//编译安装
[[email protected] ~]#ls
[[email protected] ~]#tar xf php-7.2.8.tar.xz
[[email protected] ~]#cd php-7.2.8
[[email protected] php-7.2.8]# ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip
[[email protected] php-7.2.8]# make -j $(cat /proc/cpuinfo |grep processor|wc -l)
[[email protected] php-7.2.8]# make install
//安装后配置
[[email protected] ~]# echo ‘export PATH=/usr/local/php7/bin:$PATH‘ > /etc/profile.d/php7.sh
[[email protected] ~]# source /etc/profile.d/php7.sh
[[email protected] ~]# which php
/usr/local/php7/bin/php
[[email protected] ~]# php -v
PHP 7.2.8 (cli) (built: Aug 17 2018 16:27:08) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
//配置php-fpm
[[email protected] php-7.2.8]# cp php.ini-production /etc/php.ini
[[email protected] php-7.2.8]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[[email protected] php-7.2.8]# chmod +x /etc/rc.d/init.d/php-fpm
[[email protected] php-7.2.8]# cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
[[email protected] php-7.2.8]# cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
//编辑php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf)
配置fpm的相关选项为你所需要的值:
[[email protected] ~]# vi /usr/local/php7/etc/php-fpm.conf
...
...
pm.max_children = 50 //最多同时50个进程提供50个并发服务
pm.start_servers = 5 //启动时启动5个进程
pm.min_spare_servers = 2 //最小空闲进程数
pm.max_spare_servers = 8 //最大空闲进程数
[[email protected] ~]# tail /usr/local/php7/etc/php-fpm.conf
; files from a glob(3) pattern. This directive can be used everywhere in the
; file.
; Relative path can also be used. They will be prefixed by:
; - the global prefix if it‘s been set (-p argument)
; - /usr/local/php7 otherwise
include=/usr/local/php7/etc/php-fpm.d/*.conf
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8
//编辑/usr/local/php7/etc/php-fpm.d/www.conf
将listen = 127.0.0.1:9000改为listen = 192.168.24.132:9000(安装PHP受控主机的IP)
//将此行注释或删除
listen.allowed_clients = 127.0.0.1
//在C受控机上安装php
//安装依赖包
[[email protected] ~]# ansible C -m shell -a ‘yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel ‘
//将主控机上的php包传送到C受控机上解压并安装
[[email protected] ~]# ansible C -m copy -a ‘src=/usr/src/php-7.2.8.tar.xz dest=/usr/src/‘
192.168.24.132 | SUCCESS => {
"changed": true,
"checksum": "eb9afb42a1aaacdb22d7221416da4b524709c9ba",
"dest": "/usr/src/php-7.2.8.tar.xz",
"gid": 0,
"group": "root",
"md5sum": "ebf0d05fe3bf5b72f5d09c1174934b91",
"mode": "0644",
"owner": "root",
"size": 12153548,
"src": "/root/.ansible/tmp/ansible-tmp-1536653660.47-196576529236120/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/ && tar xf php-7.2.8.tar.xz‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && ./configure --prefix=/usr/local/php7 --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir=/usr --with-openssl --with-pcre-regex --with-pdo-sqlite --with-pear --with-jpeg-dir --with-png-dir --with-xmlrpc --with-xsl --with-zlib --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --with-bz2 --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-mbregex --enable-mbstring --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip ‘
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && make -j $(cat /proc/cpuinfo |grep processor|wc -l)‘
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && make install ‘
//安装后配置
[[email protected] ~]# ansible C -m shell -a ‘echo "export PATH=/usr/local/php7/bin:$PATH" > /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘source /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>
//配置php-fpm
[[email protected] ~]# ansible C -m shell -a ‘source /etc/profile.d/php7.sh‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && cp php.ini-production /etc/php.ini‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && chmod +x /etc/rc.d/init.d/php-fpm‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf‘
192.168.24.132 | SUCCESS | rc=0 >>
[[email protected] ~]# ansible C -m shell -a ‘cd /usr/src/php-7.2.8 && cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf ‘
192.168.24.132 | SUCCESS | rc=0 >>
//将主控机修改后的配置文件发送到C受控机上
[[email protected] ~]# ansible C -m template -a ‘src=/usr/local/php7/etc/php-fpm.conf dest=/usr/local/php7/etc/php-fpm.conf‘
[[email protected] ~]# ansible C -m template -a ‘src=/usr/local/php7/etc/php-fpm.d/www.conf dest=/usr/local/php7/etc/php-fpm.d/www.conf ‘
//启动php
[[email protected] ~]# ansible C -m shell -a ‘service php-fpm start‘
[WARNING]: Consider using the service module rather than running service. If you need to use command because service is
insufficient you can add warn=False to this command task or set command_warnings=False in ansible.cfg to get rid of this
message.
192.168.24.132 | SUCCESS | rc=0 >>
Starting php-fpm done
[[email protected] ~]# ansible C -m shell -a ‘ss -natl‘
192.168.24.132 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
编辑nginx配置文件
在主控机上编辑nginx配置文件
vim /etc/nginx/nginx.conf
//编辑以下内容
upstream php {
server 192.168.24.132:9000;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
# location ~ \.php$ {
# proxy_pass http://php;
# }
location ~ \.php$ {
proxy_pass http://php;
root /usr/share/nginx/html;
fastcgi_pass php;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/scripts$fastcgi_script_name;
include fastcgi_params;
}
将修改后的文件传输到A主控机上
[[email protected] ~]# ansible A -m template -a ‘src=/etc/nginx/nginx.conf dest=/etc/nginx/nginx.conf‘
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "67b4dee474e0107264f56154aff59cd733cdb560",
"dest": "/etc/nginx/nginx.conf",
"gid": 0,
"group": "root",
"md5sum": "422e017798f0d2554e1f53412d253554",
"mode": "0644",
"owner": "root",
"size": 2907,
"src": "/root/.ansible/tmp/ansible-tmp-1536657003.52-201945158508709/source",
"state": "file",
"uid": 0
}
生成php测试页面
[[email protected] ~]# cd /usr/share/nginx/html
[[email protected] html]# cat > index.php << EOF
> <?php
> phpinfo();
> ?>
> EOF
[[email protected] ~]# ansible A -m template -a ‘src=/usr/share/nginx/html/index.php dest=/usr/share/nginx/html/‘
192.168.24.130 | SUCCESS => {
"changed": true,
"checksum": "26af88945e23289d15e128606a29932b3d78787c",
"dest": "/usr/share/nginx/html/index.php",
"gid": 0,
"group": "root",
"md5sum": "62210a938d0199092c2d3976a45bf86d",
"mode": "0644",
"owner": "root",
"size": 22,
"src": "/root/.ansible/tmp/ansible-tmp-1536657526.48-71308328197734/source",
"state": "file",
"uid": 0
}
验证: