前言

本文将介绍如何使用 Ansible 编写角色，在分布式环境下完成 LNMP（Linux、Nginx、MySQL、PHP）的自动化（编译）安装和配置，并验证 PHP 与 MySQL 数据联通性，实现博客和论坛页面的展示。

常规单机部署 LNMP 请参考：LNMP架构搭建-CSDN博客

Docker Dockerfile 单机部署 LNMP 请参考：Docker构建LNMP部署WordPress-CSDN博客

Docker Compose 单机编排部署 LNMP 请参考：Docker-Compose编排LNMP并部署WordPress-CSDN博客

目录

一、环境准备

1. 节点信息表

2. 防火墙以及地址解析

3. 管理节点安装 ansible

4. 免密管理 ssh-keygen 

5. 编辑主机清单

6. 测试联通性

二、准备 roles 模块

1. 创建 roles 以及项目目录

2. 编写 nginx 模块

2.1 准备 files 相关文件

2.1.1 准备 nginx、论坛、博客安装包

2.1.2 准备编译安装 nginx 脚本

2.1.3 创建共享目录脚本

2.2 准备 templates 相关文件

2.2.1 编辑 nginx 配置文件模板

2.3 编写 nginx 模块 task 任务文件

3. 编写 mysql 模块

3.1 准备 files 相关文件

3.1.1 准备 mysql 安装包

3.1.2 准备编译安装 mysql 脚本

3.1.3 创建共享目录脚本

3.2 编写 mysql 模块 task 任务文件

4. 编写 php 模块

4.1 准备 files 相关文件

4.1.1 准备 php 安装包

4.1.2 准备编译安装 php 脚本

4.1.3 编辑 php 主配置文件

4.1.4 编辑 php-fpm 主配置文件

4.1.5 编辑 php-fpm 进程池配置文件

4.2 准备 templates 相关文件

4.3 编写 php 模块 task 任务文件

5. 编写 roles 示例

三、执行角色剧本并验证

1. 查看目录

2. 执行剧本

3. 验证 Wordpress

3.1 创建一个新的配置文件 wp-config.php

3.2 浏览器访问 wordpress

4. 验证 Discuz

4.1 创建一个新的配置文件 config_global.php

4.2 浏览器访问 Discuz

---

一、环境准备

1. 节点信息表

节点名称	IP	是否安装Ansible	软件版本	配置
ansible 管理节点	192.168.190.103	是	ansible 2.9.27	2C2G
nginx 被管理节点	192.168.190.104	否	nginx-1.24.0	8C4G
mysql 被管理节点	192.168.190.105	否	mysql-boost-5.7.20	8C4G
php 被管理节点	192.168.190.106	否	php-7.1.10	8C4G

2. 防火墙以及地址解析

四台机器均需要操作：
systemctl stop firewalld.service 
setenforce 0

cat << eof >> /etc/hosts
192.168.190.103 ansible
192.168.190.104 nginx
192.168.190.105 mysql
192.168.190.106 php
eof

3. 管理节点安装 ansible

[root@ansible ~]# yum install -y epel-release
[root@ansible ~]# yum install -y ansible
[root@ansible ~]# ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

4. 免密管理 ssh-keygen 

生成 SSH 密钥对：
[root@ansible ~]# ssh-keygen -t rsa      # 一直回车
# rsa表示生成RSA密钥对，RSA是一种非对称加密算法
[root@control ~]# ls .ssh/
id_rsa  id_rsa.pub       # id_rsa 是私钥文件；id_rsa.pub 是公钥文件

将本地主机上的SSH公钥复制到远程主机：
[root@ansible ~]# ssh 192.168.190.104 # ssh root@192.168.190.104，默认root
[root@ansible ~]# ssh 192.168.190.105
[root@ansible ~]# ssh 192.168.190.106
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.104
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.105
[root@ansible ~]# sshpass -p '123' ssh-copy-id 192.168.190.106

5. 编辑主机清单

[root@ansible ~]# vim /etc/ansible/hosts
[nginx]
192.168.190.104 php_server_ip=192.168.190.106 nginx_html_path=/usr/local/nginx/html

[mysql]
192.168.190.105

[php]
192.168.190.106 php_server_ip=192.168.190.106 nginx_server_ip=192.168.190.104

6. 测试联通性

[root@ansible ~]# ansible all -o -m ping
192.168.190.105 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.190.104 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}
192.168.190.106 | SUCCESS => {"ansible_facts": {"discovered_interpreter_python": "/usr/bin/python"}, "changed": false, "ping": "pong"}

二、准备 roles 模块

1. 创建 roles 以及项目目录

一般 roles 目录会默认存在：

[root@ansible ~]# mkdir /etc/ansible/roles/nginx/{files,templates,tasks,handlers,vars,defaults,meta} -p
[root@ansible ~]# mkdir /etc/ansible/roles/mysql/{files,templates,tasks,handlers,vars,defaults,meta} -p
[root@ansible ~]# mkdir /etc/ansible/roles/php/{files,templates,tasks,handlers,vars,defaults,meta} -p

[root@ansible ~]# touch /etc/ansible/roles/nginx/{defaults,vars,tasks,meta,handlers}/main.yml 
[root@ansible ~]# touch /etc/ansible/roles/mysql/{defaults,vars,tasks,meta,handlers}/main.yml 
[root@ansible ~]# touch /etc/ansible/roles/php/{defaults,vars,tasks,meta,handlers}/main.yml

2. 编写 nginx 模块

2.1 准备 files 相关文件

用来存放由 copy 模块或 script 模块调用的文件。

2.1.1 准备 nginx、论坛、博客安装包

[root@ansible ~]# cd /etc/ansible/roles/nginx/files/
[root@ansible files]# ls
Discuz_X3.4_SC_UTF8.zip  nginx-1.24.0.tar.gz  wordpress-4.9.4-zh_CN.tar.gz

2.1.2 准备编译安装 nginx 脚本

[root@ansible files]# vim lnmp.sh
#/bin/bash
nginx (){
nginxpath=`find / -name "*nginx*tar.gz" -exec dirname {} \; | sed -n '1p'`                #找到安装包路径
nginxapp=`find / -name "*nginx*tar.gz" 2> /dev/null |awk -F/ '{print $NF}' | sed -n '1p'` #打印安装包名称
systemctl status nginx.service > /dev/null
if [ $? -eq 0 ];then     #判断上一条命令返回值是否为真
echo  "nginx服务已安装"
else
useradd -M -s /sbin/nologin nginx  #创建用户
echo "正在安装nginx服务，请耐心等待"
tar xf  ${nginxpath}/${nginxapp} -C ${nginxpath} #解压安装包到其路径下
nginxd=`find  ${nginxpath} -maxdepth 1 -type d | grep  nginx- | awk -F/ '{print $NF}'` 
#只搜索当前目录，然后筛选出包含nginx- 字符串的目录，并打印这些目录的名称（去掉路径部分），-maxdepth 1表示只搜索当前目录，不搜索子目录
cd  ${nginxpath}/${nginxd}

yum -y install gcc pcre-devel openssl-devel zlib-devel openssl  openssl-devel  &>>/dev/null
./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module  > /dev/null
make -j `lscpu | sed -n '4p' | awk '{print $2}'`&> /dev/null
make  install  &> /dev/nullh
ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
cat >  /usr/lib/systemd/system/nginx.service  << EOF
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -1 $MAINPID
ExecStop=/bin/kill -3 $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
chown -R nginx.nginx  /usr/local/nginx
systemctl  daemon-reload  &> /dev/null

#准备安装论坛文件
discuz=`find / -name "*scuz*UTF*.zip" -exec dirname {} \; | sed -n '1p'`
discuzapp=`find  /  -name  "*scuz*UTF*.zip" 2>>/dev/null |awk  -F/ '{print $NF}' | sed -n '1p'`
unzip ${discuz}/${discuzapp}  -d /usr/local/  >>/dev/null
discuzd=`find /usr/local  -maxdepth 1  -type  d  |grep  UTF|awk  -F/  '{print $NF}' | sed -n '1p'`
cp -r /usr/local/${discuzd}/upload/  /usr/local/nginx/html/bbs/
chmod -R 777 /usr/local/nginx/html/bbs/config/
chmod -R 777 /usr/local/nginx/html/bbs/data/
chmod -R 777 /usr/local/nginx/html/bbs/uc_client/
chmod -R 777 /usr/local/nginx/html/bbs/uc_server/
ip=`ifconfig ens33|awk /netmask/'{print $2}'`

#准备安装博客文件"
discuzpath=`find / -name "*wordpress*" -exec dirname {} \; | sed -n '1p'`                   #找到安装包路径
discuzapp=`find / -name "*wordpress*" 2> /dev/null | awk  -F/ '{print $NF}' | sed -n '1p'`  #打印安装包名称
tar xf ${discuzpath}/${discuzapp} -C /usr/local/nginx/html/ > /dev/null
chmod 777 -R /usr/local/nginx/html/
fi
}


mysql (){
mysqlpath=`find / -name "*mysql*tar.gz" -exec dirname {} \; | sed -n '1p'`
mysqlapp=`find / -name *mysql*tar.gz 2> /dev/null |awk  -F/ '{print $NF}' | sed -n '1p'`
#准备安装MySQL
systemctl start mysqld.service &> /dev/null
if [ $? -eq 0 ];then
echo "mysql is exist"
else
#安装Mysql环境依赖包
yum -y install gcc gcc-c++ cmake bison bison-devel zlib-devel libcurl-devel libarchive-devel boost-devel ncurses-devel gnutls-devel libxml2-devel openssl-devel libevent-devel libaio-devel &> /dev/null
#创建运行用户
useradd -M -s /sbin/nologin  mysql

#编译安装
#解压mysql源码包
tar xf ${mysqlpath}/${mysqlapp} -C ${mysqlpath}
mysqld=`find  ${mysqlpath} -maxdepth 1 -type d | grep mysql- | awk -F/ '{print $NF}'`
cd  ${mysqlpath}/${mysqld}

#执行cmake命令
cmake \
-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_UNIX_ADDR=/usr/local/mysql/mysql.sock \
-DSYSCONFDIR=/etc \
-DSYSTEMD_PID_DIR=/usr/local/mysql \
-DDEFAULT_CHARSET=utf8  \
-DDEFAULT_COLLATION=utf8_general_ci \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DMYSQL_DATADIR=/usr/local/mysql/data \
-DWITH_BOOST=boost \
-DWITH_SYSTEMD=1   &>>/dev/null

#执行make命令
make  -j `lscpu|sed -n '4p'|awk '{print $2}'` &>>/dev/null
make install > /dev/null

#修改mysql 配置文件
cat > /etc/my.cnf <<EOF
[client]
port = 3306
socket=/usr/local/mysql/mysql.sock
 
[mysqld]
user = mysql
basedir=/usr/local/mysql
datadir=/usr/local/mysql/data
port = 3306
character-set-server=utf8
pid-file = /usr/local/mysql/mysqld.pid
socket=/usr/local/mysql/mysql.sock
bind-address = 0.0.0.0
skip-name-resolve
max_connections=2048
default-storage-engine=INNODB
max_allowed_packet=16M
server-id = 1
 
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,PIPES_AS_CONCAT,ANSI_QUOTES
EOF

#更改mysql安装目录和配置文件的属主属组
chown -R mysql:mysql /usr/local/mysql/
chown mysql:mysql /etc/my.cnf

#初始化数据库
cd /usr/local/mysql/bin/
./mysqld \
--initialize-insecure \
--user=mysql \
--basedir=/usr/local/mysql \
--datadir=/usr/local/mysql/data  &> /dev/null

#添加mysqld系统服务
cp /usr/local/mysql/usr/lib/systemd/system/mysqld.service /usr/lib/systemd/system/
systemctl daemon-reload  &> /dev/null
systemctl start mysqld.service
systemctl enable mysqld &> /dev/null
echo  "5.----mysql服务已开启----"

ln -s /usr/local/mysql/bin/mysql /usr/bin/
echo   "正在创建bbs数据库，并授权用户"
/usr/local/mysql/bin/mysql  -uroot  -e "set password for 'root'@'localhost' = password ('123456');"
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'create database bbs;' &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e "grant all on bbs.* to 'bbsuser'@'%' identified by '123456';" &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e "grant all on bbs.* to 'bbsuser'@'localhost' identified by '123456';" &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'flush privileges;' &> /dev/null
		
echo   "正在创建wordpress数据库，并授权用户"
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'create database wordpress;' &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'grant all privileges on wordpress.* to 'wordpress'@'%' identified by '123456';' &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'grant all privileges on *.* to 'root'@'%' identified by '123456';' &> /dev/null
/usr/local/mysql/bin/mysql  -uroot  -p'123456' -e 'flush privileges;' &> /dev/null
fi
}


php (){
phppath=`find / -name *php*tar* -exec dirname {} \; | sed -n '1p'`
phpapp=`find / -name *php*tar* 2> /dev/null |awk -F/ '{print $NF}' | sed -n '1p'`
#安装编译环境
systemctl start php-fpm.service &> /dev/null
if [ $? -eq 0 ];then
echo "php服务已安装"
else
echo "安装PHP服务"
#安装编译环境"
yum -y install gd libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel bison re2c libxml2 libxml2-devel zlib zlib-devel curl curl-devel gcc gcc-c++ openssl openssl-devel &> /dev/null
#编译安装
useradd -M -s /sbin/nologin nginx

#解压源码包
tar xf ${phppath}/${phpapp} -C ${phppath}
phpd=`find  ${phppath} -maxdepth 1 -type d |grep  php-|awk  -F/  '{print  $NF}'`
cd  /${phppath}/${phpd}

#检测编译环境，并生成Makefile文件
./configure  --prefix=/usr/local/php --with-mysql-sock=/usr/local/mysql/mysql.sock --with-mysqli --with-zlib --with-curl --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-openssl --enable-fpm --enable-mbstring --enable-xml --enable-session --enable-ftp --enable-pdo --enable-tokenizer --enable-zip &>>/dev/null 

#环境检测完成，正在执行make命令，进行编译
make -j `lscpu|sed -n '4p'|awk '{print $2}'` &> /dev/null

#执行make install命令,将生成的程序或库文件复制到系统指定的位置进行安装
make install > /dev/null
ln -s /usr/local/php/bin/* /usr/local/bin/
ln -s /usr/local/php/sbin/* /usr/local/sbin/
cp /${phppath}/${phpd}/sapi/fpm/php-fpm.service /usr/lib/systemd/system/php-fpm.service
systemctl daemon-reload  > /dev/null
fi
}
$1

2.1.3 创建共享目录脚本

[root@ansible files]# vim nginx_nfs.sh
#!/bin/bash
echo "/usr/local/nginx/html *(rw)" > /etc/exports
# *(rw)表示所有主机都可以以读写模式访问该共享目录
# /etc/exports是NFS（Network File System）服务器的配置文件
chmod -R 777 /usr/local/nginx/html/
systemctl start rpcbind
systemctl start nfs

[root@ansible files]# ls
Discuz_X3.4_SC_UTF8.zip  lnmp.sh  nginx-1.24.0.tar.gz  nginx_nfs.sh  wordpress-4.9.4-zh_CN.tar.gz

2.2 准备 templates 相关文件

用来存放 jinjia2 模板，template 模块会自动在此目录中寻找 jinjia2 模板文件

2.2.1 编辑 nginx 配置文件模板

注意两个变量：php_server_ip，nginx_html_path

[root@ansible files]# cd ../templates/
[root@ansible templates]# vim nginx.conf.j2
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        charset utf-8;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.php;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
            root           html;
            fastcgi_pass   {{php_server_ip}}:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  {{nginx_html_path}}$fastcgi_script_name;
            include        fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

2.3 编写 nginx 模块 task 任务文件

此目录应当包含一个 main.yml 文件，用于定义此角色的任务列表，此文件可以使用 include 包含其它的位于此目录的 task 文件。

[root@ansible templates]# cd ../tasks/
[root@ansible tasks]# vim main.yml
- name: copy nginx package
  copy: src=/etc/ansible/roles/nginx/files/nginx-1.24.0.tar.gz dest=/opt
- name: copy wordpress package
  copy: src=/etc/ansible/roles/nginx/files/Discuz_X3.4_SC_UTF8.zip dest=/opt
- name: copy Discuz package
  copy: src=/etc/ansible/roles/nginx/files/wordpress-4.9.4-zh_CN.tar.gz dest=/opt
- name: install nginx shell
  script: /etc/ansible/roles/nginx/files/lnmp.sh nginx
- name: copy conf.j2
  template: src=/etc/ansible/roles/nginx/templates/nginx.conf.j2 dest=/usr/local/nginx/conf/nginx.conf owner=nginx group=nginx
- name: nfs shell
  script: /etc/ansible/roles/nginx/files/nginx_nfs.sh
- name: start nginx service
  service: enabled=true name=nginx state=started

3. 编写 mysql 模块

3.1 准备 files 相关文件

3.1.1 准备 mysql 安装包

[root@ansible tasks]# cd ../../mysql/files/
[root@ansible files]# ls
mysql-boost-5.7.20.tar.gz

3.1.2 准备编译安装 mysql 脚本

同 2.1.2 脚本一致：

[root@ansible files]# cp /etc/ansible/roles/nginx/files/lnmp.sh .

3.1.3 创建共享目录脚本

[root@ansible files]# vim mysql_nfs.sh
#!/bin/bash
echo "/usr/local/mysql  *(rw)" > /etc/exports
chmod -R 777 /usr/local/mysql/
systemctl start rpcbind
systemctl start nfs

3.2 编写 mysql 模块 task 任务文件

此目录应当包含一个 main.yml 文件，用于定义此角色的任务列表，此文件可以使用 include 包含其它的位于此目录的 task 文件 

[root@ansible files]# cd ../tasks/
[root@ansible tasks]# vim main.yml
- name: copy package
  copy: src=/etc/ansible/roles/mysql/files/mysql-boost-5.7.20.tar.gz dest=/opt/
- name: install mysql shell
  script: /etc/ansible/roles/mysql/files/lnmp.sh mysql
- name: nfs shell
  script: /etc/ansible/roles/mysql/files/mysql_nfs.sh

4. 编写 php 模块

4.1 准备 files 相关文件

4.1.1 准备 php 安装包

[root@ansible vars]# cd ../../php/files/
[root@ansible files]# ls
php-7.1.10.tar.bz2

4.1.2 准备编译安装 php 脚本

同 2.1.2 脚本一致：

[root@ansible files]# cp /etc/ansible/roles/nginx/files/lnmp.sh .

4.1.3 编辑 php 主配置文件

[root@ansible files]# egrep -v "^;" php.ini | egrep -v "^$"
[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
disable_functions =
disable_classes =
zend.enable_gc = On
expose_php = On
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
track_errors = On
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Asia/Shanghai
[filter]
[iconv]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.cache_size = 2000
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = On
[SQL]
sql.safe_mode = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.cache_size = 2000
mysqli.default_port = 3306
mysqli.default_socket = /usr/local/mysql/mysql.sock
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = On
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[Assertion]
zend.assertions = 1
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]
[opcache]
[curl]
[openssl]

4.1.4 编辑 php-fpm 主配置文件

[root@ansible files]# egrep -v "^;" php-fpm.conf | egrep -v "^$"
[global]
pid = run/php-fpm.pid
include=/usr/local/php/etc/php-fpm.d/*.conf

4.1.5 编辑 php-fpm 进程池配置文件

这步可选，如果直接复制配置文件至 templates 文件夹模板 .j2 文件自带变量会报错。

[root@ansible files]# egrep -v "^;" www.conf | egrep -v "^$"
[www]
user = nginx
group = nginx
listen = 192.168.190.106:9000      # php 地址
listen.allowed_clients = 127.0.0.1,192.168.190.104  # nginx 地址
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

4.2 准备 templates 相关文件

[root@ansible files]# cd ../templates/
[root@ansible templates]# vim www.conf.j2
[www]
user = nginx
group = nginx
listen = {{php_server_ip}}:9000
listen.allowed_clients = 127.0.0.1,{{nginx_server_ip}}
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

4.3 编写 php 模块 task 任务文件

此目录应当包含一个 main.yml 文件，用于定义此角色的任务列表，此文件可以使用 include 包含其它的位于此目录的 task 文件 

[root@ansible templates]# cd ../tasks/
[root@ansible tasks]# vim main.yml 
- name: copy package
  copy: src=/etc/ansible/roles/php/files/php-7.1.10.tar.bz2 dest=/opt/
- name: create mysql nfs path
  file: path=/usr/local/mysql/ state=directory
- name: create nginx nfs path
  file: path=/usr/local/nginx/html/ state=directory
- name: mount nfs mysql share
  ansible.builtin.mount: src=192.168.190.105:/usr/local/mysql path=/usr/local/mysql fstype=nfs opts=defaults state=mounted
- name: mount nfs nginx share 
  ansible.builtin.mount: src=192.168.190.104:/usr/local/nginx/html path=/usr/local/nginx/html fstype=nfs opts=defaults state=mounted
- name: install php shell
  script: /etc/ansible/roles/php/files/lnmp.sh php
- name: copy php-fpm.conf
  copy: src=/etc/ansible/roles/php/files/php-fpm.conf dest=/usr/local/php/etc/php-fpm.conf
- name: copy php.ini
  copy: src=/etc/ansible/roles/php/files/php.ini dest=/usr/local/php/lib/php.ini
- name: copy www.conf
  template: src=/etc/ansible/roles/php/templates/www.conf.j2 dest=/usr/local/php/etc/php-fpm.d/www.conf
- name: start php-fpm server
  service: name=php-fpm state=started

5. 编写 roles 示例

[root@ansible vars]# cd /etc/ansible/
[root@ansible ansible]# vim lnmp.yml
---
- hosts: nginx
  remote_user: root
  roles:
     - nginx
- hosts: mysql
  remote_user: root
  roles:
     - mysql
- hosts: php
  remote_user: root
  roles:
     - php
...

三、执行角色剧本并验证

1. 查看目录

[root@ansible ansible]# ls
ansible.cfg  hosts  lnmp.yml  roles
[root@ansible ansible]# tree
.
├── ansible.cfg
├── hosts
├── lnmp.yml
└── roles
    ├── mysql
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   ├── lnmp.sh
    │   │   ├── mysql-boost-5.7.20.tar.gz
    │   │   └── mysql_nfs.sh
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── tasks
    │   │   └── main.yml
    │   ├── templates
    │   └── vars
    │       └── main.yml
    ├── nginx
    │   ├── defaults
    │   │   └── main.yml
    │   ├── files
    │   │   ├── Discuz_X3.4_SC_UTF8.zip
    │   │   ├── lnmp.sh
    │   │   ├── nginx-1.24.0.tar.gz
    │   │   ├── nginx_nfs.sh
    │   │   └── wordpress-4.9.4-zh_CN.tar.gz
    │   ├── handlers
    │   │   └── main.yml
    │   ├── meta
    │   │   └── main.yml
    │   ├── tasks
    │   │   └── main.yml
    │   ├── templates
    │   │   └── nginx.conf.j2
    │   └── vars
    │       └── main.yml
    └── php
        ├── defaults
        │   └── main.yml
        ├── files
        │   ├── lnmp.sh
        │   ├── php-7.1.10.tar.bz2
        │   ├── php-fpm.conf
        │   ├── php.ini
        │   └── www.conf
        ├── handlers
        │   └── main.yml
        ├── meta
        │   └── main.yml
        ├── tasks
        │   └── main.yml
        ├── templates
        │   └── www.conf.j2
        └── vars
            └── main.yml

2. 执行剧本

[root@ansible ansible]# ansible-playbook lnmp.yml

PLAY [nginx] **************************************************************************************

TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.104]

TASK [copy nginx package] *************************************************************************
changed: [192.168.190.104]

TASK [nginx : copy wordpress package] *************************************************************
changed: [192.168.190.104]

TASK [nginx : copy Discuz dpackage] ***************************************************************
changed: [192.168.190.104]

TASK [install nginx shell] ************************************************************************
changed: [192.168.190.104]

TASK [nginx : copy conf.j2] ***********************************************************************
changed: [192.168.190.104]

TASK [nginx : nfs shell] **************************************************************************
changed: [192.168.190.104]

TASK [start nginx service] ************************************************************************
changed: [192.168.190.104]

PLAY [mysql] **************************************************************************************

TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.105]

TASK [mysql : copy package] ***********************************************************************
changed: [192.168.190.105]

TASK [install mysql shell] ******************************************************************************
changed: [192.168.190.105]

TASK [mysql : nfs shell] **************************************************************************
changed: [192.168.190.105]

PLAY [php] ****************************************************************************************

TASK [Gathering Facts] ****************************************************************************
ok: [192.168.190.106]

TASK [php : copy package] *************************************************************************
changed: [192.168.190.106]

TASK [php : create mysql nfs path] ****************************************************************
changed: [192.168.190.106]

TASK [php : create nginx nfs path] ****************************************************************
changed: [192.168.190.106]

TASK [php : mount nfs mysql share] ****************************************************************
changed: [192.168.190.106]

TASK [php : mount nfs nginx share] ****************************************************************
changed: [192.168.190.106]

TASK [install php shell] ********************************************************************************
changed: [192.168.190.106]

TASK [copy php-fpm.conf] **************************************************************************
changed: [192.168.190.106]

TASK [copy php.ini] *******************************************************************************
changed: [192.168.190.106]

TASK [php : copy www.conf] ************************************************************************
changed: [192.168.190.106]

TASK [start php-fpm server] ***********************************************************************
changed: [192.168.190.106]

PLAY RECAP ****************************************************************************************
192.168.190.104            : ok=8    changed=7    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.190.105            : ok=4    changed=3    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.190.106            : ok=11   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0 

3. 验证 Wordpress

3.1 创建一个新的配置文件 wp-config.php

[root@nginx ~]# cd /usr/local/nginx/html/wordpress
[root@nginx wordpress]# cp wp-config-sample.php wp-config.php
[root@nginx wordpress]# vim wp-config.php
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');

/** MySQL数据库用户名 */
define('DB_USER', 'wordpress');

/** MySQL数据库密码 */
define('DB_PASSWORD', '123456');

/** MySQL主机 */
define('DB_HOST', '192.168.190.105:3306');

3.2 浏览器访问 wordpress

访问192.168.190.104/wordpress/index.php

4. 验证 Discuz

4.1 创建一个新的配置文件 config_global.php

[root@nginx ~]# cd /usr/local/nginx/html/bbs/config
[root@nginx config]# cp config_global_default.php config_global.php
[root@nginx config]# chmod 777 config_global.php
[root@nginx config]# vim config_global.php
// ----------------------------  CONFIG DB  ----------------------------- //
$_config['db']['1']['dbhost'] = '192.168.190.105:3306';  # 数据库地址端口
$_config['db']['1']['dbuser'] = 'bbsuser';               # 用户名
$_config['db']['1']['dbpw'] = '123456';                  # 密码

4.2 浏览器访问 Discuz

访问192.168.190.104/bbs/install/index.php