部署一个shopxo商城(ansible实现)
Posted givenchy_yzl
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了部署一个shopxo商城(ansible实现)相关的知识,希望对你有一定的参考价值。
环境准备:
在m01配置openvpn
#运行客户端脚本
[root@m01 ~]# sh openvpn_server.sh
echo "安装openvpn和证书工具"
yum -y install openvpn && yum -y install easy-rsa
echo "生成服务器配置文件"
cp /usr/share/doc/openvpn-2.4.11/sample/sample-config-files/server.conf /etc/openvpn/
echo "准备证书签发相关文件"
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-server
echo "准备签发证书相关变量的配置文件"
cp /usr/share/doc/easy-rsa-3.0.8/vars.example /etc/openvpn/easy-rsa-server/3/vars
echo "建议修改给CA和OpenVPN服务器颁发的证书的有效期,可适当加长"
echo "初始化服务端PKI生成PKI相关目录和文件"
cd /etc/openvpn/easy-rsa-server/3
./easyrsa init-pki
echo "创建CA证书"
./easyrsa build-ca nopass
cat pki/serial
echo "生成服务端证书"
./easyrsa gen-req server nopass
echo "签发服务端证书"
./easyrsa sign server server
echo "创建 Diffie-Hellman 密钥"
./easyrsa gen-dh
cat > /etc/openvpn/server.conf <<EOF
port 1194
proto tcp
dev tun
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/server.crt
key /etc/openvpn/certs/server.key # This file should be kept secret
dh /etc/openvpn/certs/dh.pem
server 10.8.0.0 255.255.255.0
push "route 172.16.1.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
max-clients 2048
user openvpn
group openvpn
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
mute 20
EOF
echo "openvpn 日志文件"
mkdir -p /var/log/openvpn
echo "openvpn 服务端文件"
mkdir -p /etc/openvpn/certs
cp /etc/openvpn/easy-rsa-server/3/pki/issued/server.crt /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/private/server.key /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt /etc/openvpn/certs/
cp /etc/openvpn/easy-rsa-server/3/pki/dh.pem /etc/openvpn/certs/
echo "修改内核参数"
echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf
sysctl -p
echo "安装IPtables-services"
yum install iptables-services -y
systemctl disable --now firewalld
systemctl start iptables
echo "清除防火墙默认规则"
iptables -F
echo "添加openVPN网络转发规则"
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
#service iptables save 永久生效
echo "查看iptables获取规则"
iptables -vnL -t nat
#2 104 MASQUERADE all -- * * 10.8.0.0/24 0.0.0.0/0
#有且只有此一行
echo "重启OpenVpn"
systemctl daemon-reload
systemctl enable --now openvpn@server
echo "查看路由规则"
route -n
#客户端脚本
[root@m01 ~]# sh openvpn_client.sh
read -p "请输入用户的姓名拼音(如:${NAME}): " NAME
read -p "请输入远程代理IP(如:${IP}): " IP
echo "客户端证书环境"
cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa-client
cp /usr/share/doc/easy-rsa-3.0.8/vars.example /etc/openvpn/easy-rsa-client/3/varsa
cd /etc/openvpn/easy-rsa-client/3
echo "初始化pki证书目录"
./easyrsa init-pki
echo "生成客户端证书"
./easyrsa gen-req ${NAME} nopass
echo "将客户端证书同步到服务端"
cd /etc/openvpn/easy-rsa-server/3
./easyrsa import-req /etc/openvpn/easy-rsa-client/3/pki/reqs/${NAME}.req ${NAME}
echo "查看客户端证书"
ll pki/reqs/${NAME}.req /etc/openvpn/easy-rsa-client/3/pki/reqs/${NAME}.req
echo "签发客户端证书,请输入:yes"
./easyrsa sign client ${NAME}
echo "查看证书"
cat pki/index.txt
ll pki/certs_by_serial/
cat pki/issued/${NAME}.crt
echo "创建客户端配置文件"
mkdir -p /etc/openvpn/client/${NAME}
cd /etc/openvpn/client/${NAME}
cat > /etc/openvpn/client/${NAME}/${NAME}.ovpn <<EOF
client
dev tun
proto tcp
remote ${IP} 1194
resolv-retry infinite
nobind
ca ca.crt
cert ${NAME}.crt
key ${NAME}.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
EOF
cp /etc/openvpn/easy-rsa-client/3/pki/private/${NAME}.key .
cp /etc/openvpn/easy-rsa-server/3/pki/issued/${NAME}.crt .
cp /etc/openvpn/easy-rsa-server/3/pki/ca.crt .
echo "打包用户证书"
tar -czvf ${NAME}.tar.gz ./
echo "重启OpenVpn"
systemctl daemon-reload
systemctl enable --now openvpn@server
#如果已经配好openvpn,运行以下脚本开启路由转发
[root@m01 ~]# sh start_route.sh
systemctl stop iptables && systemctl start iptables
iptables -F
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -vnL -t nat
systemctl daemon-reload
做免密
[root@m01 ~]# sh ssh.sh
ssh-keygen -R 172.16.1.5
ssh-keygen -R 172.16.1.6
ssh-keygen -R 172.16.1.7
ssh-keygen -R 172.16.1.8
ssh-keygen -R 172.16.1.9
ssh-keygen -R 172.16.1.31
ssh-keygen -R 172.16.1.41
ssh-keygen -R 172.16.1.51
ssh-keygen -R 172.16.1.71
yum install expect -y
for ip in ‘lb01’ ‘lb02’ ‘web01’ ‘web02’ ‘web03’ ‘backup’ ‘nfs’ ‘db’ ‘m01’ ‘prometheus’
do
expect -c "
spawn ssh-copy-id -i root@$ip
expect {
“(yes/no)” {send “yes\\r”;exp_continue}
“password” {send “1\\r”;exp_continue}
} "
done
配置主机清单
[root@m01 ~]# vim /etc/ansible/hosts
[lb]
172.16.1.5
172.16.1.6
[web]
172.16.1.7
172.16.1.8
172.16.1.9
[nfs]
172.16.1.31
[backup]
172.16.1.41
[db]
172.16.1.51
[m01]
172.16.1.61
[prometheus]
172.16.1.71
安装ansible、并创建角色
#安装ansible
[root@m01 ~]# yum install -y ansible
#创建backup角色
[root@m01 ~]# ansible-galaxy init backup
#创建nfs角色
[root@m01 ~]# ansible-galaxy init nfs
#创建mariadb角色
[root@m01 ~]# ansible-galaxy init maria
#创建nginx角色
[root@m01 ~]# ansible-galaxy init nginx
#创建php角色
[root@m01 ~]# ansible-galaxy init php
#创建package角色
[root@m01 ~]# ansible-galaxy init package
#创建prometheus角色
[root@m01 ~]# ansible-galaxy init prometheus
#创建prometheus-db角色
[root@m01 ~]# ansible-galaxy init prometheus-db
#创建prometheus-web角色
[root@m01 ~]# ansible-galaxy init prometheus-web
#创建负载均衡角色
[root@m01 ~]# ansible-galaxy init lb
配置backup角色
#编辑任务清单
[root@m01 tasks]# vim main.yml
- include: create_user.yml
- include: install.yml
- include: rsync_conf.yml
- include: rsync_passwd.yml
- include: create_dir.yml
- include: start.yml
#创建用户
[root@m01 tasks]# vim create_user.yml
- name: create user
user:
name: www
uid: 1000
#安装rsync
[root@m01 tasks]# vim install.yml
- name: install rsync
yum:
name: rsync
state: installed
#编辑rsync配置文件
[root@m01 tasks]# vim rsync_conf.yml
- name: write rsync conf
template:
src: rsync.conf.j2
dest: /etc/rsyncd.conf
#下面为rsync配置文件内容
[root@m01 ansible]# vim roles/backup/templates/rsync.conf.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = yzl
secrets file = /etc/rsync.passwd
log file = /var/log/rsyncd.log
[database]
comment = welcome to oldboyedu database!
path = /backup/database
#创建rsync服务端密码文件
[root@m01 tasks]# vim rsync_passwd.yml
- name: create rsync passwd
copy:
content: yzl:123
dest: /etc/rsync.passwd
mode: 0600
#创建模块目录
[root@m01 roles]# vim backup/tasks/create_dir.yml
- name: create database directory
file:
path: /backup/database
state: directory
owner: www
#启动rsync
[root@m01 tasks]# vim start.yml
- name: start rsyncd
service:
name: rsyncd
state: started
配置nfs角色
#编辑任务清单
[root@m01 ansible]# vim roles/nfs/tasks/main.yml
- include: create_user.yml
- include: install.yml
- include: create_passwd.yml
- include: write_exports.yml
- include: create_dir.yml
- include: unarchive_niushop.yml
- include: chown.yml
- include: start.yml
- include: showmount.yml
- include: unarchive.yml
- include: write_confxml.yml
- include: run_sersync.yml
#创建用户
[root@m01 tasks]# vim create_user.yml
- name: Create User
user:
name: "{{ USER_NAME }}"
uid: "{{ UID }}"
#定义变量
[root@m01 roles]# vim nfs/defaults/main.yml
USER_NAME: www
UID: 1000
#安装rsync
[root@m01 tasks]# vim install.yml
- name: install rsync
yum:
name: rsync,nfs-utils,rpcbind
state: installed
#创建rsync客户端软件
[root@m01 tasks]# vim create_passwd.yml
- name: create rsync.passwd
copy:
content: 123
dest: /etc/rsync.passwd
mode: 0600
#编辑创建挂载点的文件
[root@m01 tasks]# vim write_exports.yml
- name: write exports
template:
src: exports.j2
dest: /etc/exports
#创建挂载点
[root@m01 roles]# vim nfs/templates/exports.j2
/nfs/web 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)
/nfs/datase 172.16.1.0/24(rw,sync,all_squash,anonuid=1000,anongid=1000)
#创建目录
[root@m01 tasks]# vim create_dir.yml
- name: create dir
file:
path: "{{ item }}"
state: directory
with_items:
- /nfs
- /nfs/web
- /nfs/database
#解压项目包
[root@m01 tasks]# vim unarchive_shopxo.yml
- name: unzip niushop
unarchive:
src: zongzhige-shopxo-master.zip
dest: /nfs/web
copy: yes
#授权目录
[root@m01 tasks]# vim chown.yml
- name: chown www
shell:
cmd: "chown -R www.www /nfs"
#开启nfs服务
[root@m01 tasks]# vim start.yml
- name: start nfs rpcbind service
shell:
cmd: "systemctl start nfs rpcbind"
#查看挂载点(此步可省略)
[root@m01 tasks]# vim showmount.yml
- name: showmount point
shell:
cmd: "showmount -e"
#解压sersync (此处opt可去掉,将压缩包放入角色的file文件下即可)
[root@m01 tasks]# vim unarchive.yml
- name: unarchive sersync
unarchive:
src: /opt/sersync.gz
dest: /nfs
#编写sersync配置文件
[root@m01 tasks]# vim write_confxml.yml
- name: write confxml.xml
template:
src: confxml.j2
dest: /nfs/GNU-Linux-x86/confxml.xml
#sersync配置内容
[root@m01 roles]# vim nfs/templates/confxml.j2
<?xml version="1.0" encoding="ISO-8859-1"?>
<head version="2.5">
<host hostip="localhost" port="8008"></host>
<debug start="false"/>
<fileSystem xfs="false"/>
<filter start="false">
<exclude expression="(.*)\\.svn"></exclude>
<exclude expression="(.*)\\.gz"></exclude>
<exclude expression="^info/*"></exclude>
<exclude expression="^static/*"></exclude>
</filter>
<inotify>
<delete start="true"/>
<createFolder start="true"/>
<createFile start="true"/>
<closeWrite start="true"/>
<moveFrom start="true"/>
<moveTo start="true"/>
<attrib start="true"/>
<modify start="true"/>
</inotify>
<sersync>
<localpath watch="/nfs/database">
<remote ip="172.16.1.41" name="database"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="yzl" passwordfile="/etc/rsync.passwd"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
<failLog path="/tmp/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->
<crontab start="false" schedule="600"><!--600mins-->
<crontabfilter start="false">
<exclude expression="*.php"></exclude>
<exclude expression="info/*"></exclude>
</crontabfilter>
</crontab>
<plugin start="false" name="command"/>
</sersync>
<plugin name="command">
<param prefix="/bin/sh" suffix="" ignoreError="true"/> <!--prefix /opt/tongbu/mmm.sh suffix-->
<filter start="false">
<include expression="(.*)\\.php"/>
<include expression="(.*)\\.sh"/>
</filter>
</plugin>
<plugin name="socket">
<localpath watch="/opt/tongbu">
<deshost ip="192.168.138.20" port="8009"/>
</localpath>
</plugin>
<plugin name="refreshCDN">
<localpath watch="/data0/htdocs/cms.xoyo.com/site/">
<cdninfo domainname="ccms.chinacache.com" port="80" username="xxxx" passwd="xxxx"/>
<sendurl base="http://pic.xoyo.com/cms"/>
<regexurl regex="false" match="cms.xoyo.com/site([/a-zA-Z0-9]*).xoyo.com/images"/>
</localpath>
</plugin>
</head>
[root@m01 tasks]# vim run_sersync.yml
- name: run sersync
shell:
cmd: "/nfs/GNU-Linux-x86/sersync2 -dro /nfs/GNU-Linux-x86/confxml.xml"
配置数据库角色
#编辑任务清单
[root@m01 roles]# vim mariadb/tasks/main.yml
- include: install.yml
- include: start.yml
- include: creat.passwd.yml
- include: copy.sh.yml
- include: run.yml
- include: create_database.yml
- include: permission.yml
- include: remove_user.yml
- include: shuaxin.yml
#安装数据库
[root@m01 roles]# vim mariadb/tasks/install.yml
- name: Install MariaDB Service
yum:
name: mariadb,mariadb-server
state: installed
#启动数据库服务
[root@m01 roles]# vim mariadb/tasks/start.yml
- name: Start MariaDB Service
service:
name: mariadb
state: started
#推送检测脚本(因为数据库起来以后,可能会有延迟,)
[root@m01 roles]# vim mariadb/tasks/copy.sh.yml
- name: create jiance.sh
template:
src: jiance.sh.j2
dest: /root/jiance.sh
#检测数据库的脚本
[root@m01 roles]# vim mariadb/templates/jiance.sh.j2
#!/bin/bash
while true;
do
mysql -uroot -p123 -e "show databases;" > /dev/null
if [ $? -eq 0 ];then
break;
fi
done
#运行数据库脚本
[root@m01 roles]# vim mariadb/tasks/run.yml
- name: run check.sh
shell:
cmd: "sh /root/jiance.sh"
#创建数据库root用户的密码
[root@m01 roles]# vim mariadb/tasks/creat.passwd.yml
- name: create mysql_user
shell:
cmd: "mysqladmin -uroot password '123'"
#创建数据库
[root@m01 roles]# vim mariadb/tasks/create_database.yml
- name: create database
shell:
cmd: 'mysql -uroot -p123 -e "create database shopxo;"'
#授权root用户远程登录(默认情况下root用户不能远程登录,此处关系到能否监控到mysql,项目能否安装成功)
[root@m01 roles]# vim mariadb/tasks/permission.yml
- name: permission user
shell:
cmd: "mysql -root -p123 -e \\"GRANT ALL PRIVILEGES ON shopxo.* TO 'root'@'%' IDENTIFIED BY '123' WITH GRANT OPTION;\\""
#刷新权限(不刷新的话上面的授权不一定成立)
[root@m01 roles]# vim mariadb/tasks/shuaxin.yml
- name: shuaxin permission
shell:
cmd: "mysql -root -p123 -e \\"FLUSH PRIVILEGES;\\""
配置lb角色
#编辑任务清单
[root@m01 roles]# vim lb/tasks/main.yml
- include: create_repo.yaml
- include: install_nginx.yaml
- include: vhost.yaml
- include: restart.yaml
- include: install_keepalived.yaml
- include: create_config__keepalived.yaml
- include: create_check_keepalived.yaml
- include: restart_keepalived.yaml
#创建nginx-yum源
[root@m01 roles]# vim lb/tasks/create_repo.yaml
- name: create nginx repo
template:
src: nginx.repo.j2
dest: /etc/yum.repos.d/nginx.repo
#nginx-yum源文件内容
[root@m01 roles]# vim lb/templates/nginx.repo.j2
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
module_hotfixes=true
#安装nginx
[root@m01 roles]# vim lb/tasks/install_nginx.yaml
- name: Install Nginx
yum:
name: nginx
state: installed
#编辑nginx配置文件
[root@m01 roles]# vim lb/tasks/vhost.yaml
- name: Create Nginx Vhost Config
template:
src: lb.conf.j2
dest: /etc/nginx/conf.d/lb.conf
#nginx配置文件内容
[root@m01 roles]# vim lb/templates/lb.conf.j2
upstream discuz {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name www.shopxo.com;
location / {
proxy_pass http://discuz;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
}
}
#重启nginx服务
[root@m01 roles]# vim lb/tasks/restart.yaml
- name: Restart Nginx Service
service:
name: nginx
state: restarted
#安装keepalived
[root@m01 roles]# vim lb/tasks/install_keepalived.yaml
- name: Install Keepalived
yum:
name: keepalived
state: installed
#编辑keepalived配置文件
[root@m01 roles]# vim lb/tasks/create_config__keepalived.yaml
- name: Create Keepalived Config
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
#keepalived配置文件内容
[root@m01 roles]# vim lb/templates/keepalived.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
#设置自定化检测脚本
vrrp_script check_web {
script "{{ CHECK_WEB_SHELL }}"
interval 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 100
nopreempt
advert_int 3
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.16.1.3
}
# 调用脚本
track_script {
check_web
}
}
#推送检测nginx心跳的脚本
[root@m01 roles]# vim lb/tasks/create_check_keepalived.yaml
- name: Create Test Shell File
template:
src: check_web.sh.j2
dest: "{{ CHECK_WEB_SHELL }}"
#检测nginx心跳的脚本文件
[root@m01 ~]# cat /etc/ansible/roles/lb/templates/check_web.sh.j2
#!/bin/bash
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl start nginx
sleep 3
nginxnum=`ps -ef | grep [n]ginx | wc -l`
if [ $nginxnum -eq 0 ];then
systemctl stop keepalived.service
fi
fi
#定义变量
[root@m01 ansible]# vim roles/lb/defaults/main.yml
CHECK_WEB_SHELL: /etc/keepalived/check_web.sh
#重启keepalived服务
[root@m01 roles]# vim lb/tasks/restart_keepalived.yaml
- name: Start Keepalived Service
service:
name: keepalived
state: restarted
配置nginx角色
#编辑任务清单
[root@m01 roles]# vim nginx/tasks/main.yml
- include: create_user.yml
- include: create_repo.yml
- include: install.yml
- include: nginx.conf.yml
- include: start.yml
#创建用户
[root@m01 roles]# vim nginx/tasks/create_user.yml
- name: Create User
user:
name: "{{ USER_NAME }}"
uid: "{{ UID }}"
#定义变量
[root@m01 roles]# vim nginx/defaults/main.yml
USER_NAME: www
UID: 1000
#创建nginx-yum源
[root@m01 roles]# vim nginx/tasks/create_repo.yml
- name: create nginx repo
template:
src: nginx.repo.j2
dest: /etc/yum.repos.d/nginx.repo
#编写nginx源
[root@m01 roles]# vim nginx/templates/nginx.repo.j2
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
module_hotfixes=true
#安装nginx
[root@m01 roles]# vim nginx/tasks/install.yml
- name: Install Nginx Service
yum:
name: nginx
state: installed
#推送nginx配置文件
[root@m01 roles]# vim nginx/tasks/nginx.conf.yml
- name: change nginx.conf
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
#nginx配置文件内容
[root@m01 roles]# cat nginx/templates/nginx.conf.j2
user {{ USER_NAME }};
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
#启动服务
[root@m01 roles]# vim nginx/tasks/start.yml
- name: Start Nginx Server
service:
name: nginx
state: started
配置package
#编辑任务清单
[root@m01 roles]# vim package/tasks/main.yml
- include: create_dir.yml
- include: shopxo.yml
- include: permission.yml
- include: mount.yml
- include: remove.yml
- include: restart.yml
#创建挂载目录
[root@m01 roles]# vim package/tasks/create_dir.yml
- name: Create Dir
file:
name: "{{ ROOT_PATH }}"
state: directory
#定义变量
[root@m01 roles]# vim package/defaults/main.yml
ROOT_PATH: /www/shopxo/public/
#编辑站点目录
[root@m01 roles]# vim package/tasks/shopxo.yml
- name: Create discuz Config
template:
src: shopxo.conf.j2
dest: /etc/nginx/conf.d/shopxo.conf
#此步骤是因为程序里用的是apace用户,与我们自己定义的www用户不一致
[root@m01 roles]# vim package/tasks/permission.yml
- name: permisson
shell:
cmd: "chown -R www.www /var/lib/php"
#挂载目录
[root@m01 roles]# vim package/tasks/mount.yml
- name: mount dir
shell:
cmd: "mount -t nfs 172.16.1.31:/nfs/web /www/"
#删除nginx默认站点文件
[root@m01 roles]# vim package/tasks/remove.yml
- name: remove default.conf
file:
path: /etc/nginx/conf.d/default.conf
state: absent
#重启
[root@m01 roles]# vim package/tasks/restart.yml
- name: Restart Nginx Service
service:
name: nginx
state: restarted
配置PHP角色
#编辑PHP任务清单
[root@m01 roles]# vim php/tasks/main.yml
- include: php.repo.yml
- include: install.yml
- include: www.conf.yml
- include: start.yml
#创建PHPyum源
[root@m01 roles]# vim php/tasks/php.repo.yml
- name: create PHP Yum Repo
template:
src: php.repo.j2
dest: /etc/yum.repos.d/php.repo
#编辑PHP-yum源文件
[root@m01 roles]# cat php/templates/php.repo.j2
[php-webtatic]
name = PHP Repo
baseurl = http://us-east.repo.webtatic.com/yum/el7/x86_64/
gpgcheck = 0
#安装PHP
[root@m01 roles]# vim php/tasks/install.yml
- name: Install PHP Service
yum:
name: php71w,php71w-cli,php71w-common,php71w-devel,php71w-embedded,php71w-gd,php71w-mcrypt,php71w-mbstring,php71w-pdo,php71w-xml,php71w-fpm,php71w-mysqlnd,php71w-opcache,php71w-pecl-memcached,php71w-pecl-redis,php71w-pecl-mongodb,php71w-bcmath
state: installed
notify: Start_PHP_Serivice
#编辑PHP配置文件
[root@m01 roles]# vim php/tasks/www.conf.yml
- name: Copy PHP Config
template:
src: www.conf.j2
dest: /etc/php-fpm.d/www.conf
#编辑文件内容
[root@m01 roles]# cat php/templates/www.conf.j2
[www]
user = {{ USER_NAME }}
group = {{ USER_NAME }}
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
#开启PHP服务
[root@m01 roles]# vim php/tasks/start.yml
- name: start php server
service:
name: php-fpm
state: started
配置prometheus角色
#编写prometheus任务清单
[root@m01 roles]# vim prometheus/tasks/main.yml
#运行prometheus脚本
- name: script prometheus.sh
script: prometheus.sh
#复制grafana压缩包
- name: config grafana-7.3.6-1.x86_64.rpm
copy:
src: grafana-7.3.6-1.x86_64.rpm
dest: /opt/
#安装grafana压缩包
- name: install grafana-7.3.6-1.x86_64.rpm
shell: yum install -y /opt/grafana-7.3.6-1.x86_64.rpm
#配置prometheus文件
- name: config prometheus.yml
copy:
src: prometheus.yml
dest: /usr/local/prometheus/
#prometheus脚本
[root@m01 roles]# vim prometheus/files/prometheus.sh
echo "1.下载"
cd /opt/ &&\\
wget https://github.com/prometheus/prometheus/releases/download/v2.27.1/prometheus-2.27.1.linux-amd64.tar.gz &&\\
echo "2.解压"
tar -xf /opt/prometheus-2.27.1.linux-amd64.tar.gz -C /usr/local/ &&\\
echo "3. 建立超链接"
ln -s /usr/local/prometheus-2.27.1.linux-amd64 /usr/local/prometheus &&\\
echo "4.创建环境变量"
echo "export PATH=$PATH:/usr/local/prometheus/" >> /etc/profile.d/prometheus.sh &&\\
echo "5.加载环境变量"
source /etc/profile &&\\
echo "6.创建promethets的systemd启动文件"
cat >>/usr/lib/systemd/system/prometheus.service <<EOF
[Unit]
Description=https://prometheus.io
[Service]
Restart=on-failure
ExecStart=/usr/local/prometheus/prometheus --config.file=/usr/local/prometheus/prometheus.yml
[Install]
WantedBy=multi-user.target
EOF
echo "7.启动promethets"
systemctl daemon-reload &&\\
systemctl enable --now prometheus.service
#prometheus配置文件内容
[root@m01 roles]# cat prometheus/files/prometheus.yml
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Alertmanager configuration
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093以上是关于部署一个shopxo商城(ansible实现)的主要内容,如果未能解决你的问题,请参考以下文章