playbooks 是一种简单的配置管理系统与多机器部署系统的基础。与现有的其他系统有不同之处,且非常适合于复杂应用的批量部署
这里讲述的是使用ansible-playbooks的roles安装PHP应用
结构目录 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [root@Ansible ~]# tree /etc/ansible/ /etc/ansible/ ├── ansible.cfg ├── hosts ├── roles │ └── yum_php │ ├── files │ │ └── yum.repo │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── www.conf.j2 │ └── vars │ └── main.yml └── site.yml 7 directories, 8 files [root@Ansible ~]#
Ansible之Yum安装PHP 环境:
1 2 3 4 5 6 7 8 [root@Ansible ~]# cd /etc/ansible/ [root@Ansible ansible]# cat site.yml - hosts: test_hosts user: root roles: - yum_php [root@Ansible ansible]#
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 [root@Ansible ansible]# cat roles/yum_php/tasks/main.yml - name: Install libselinux-python package yum: name=libselinux-python state=installed - name: Check whether yum.repo file exist shell: ls /etc/yum.repos.d/yum.repo register: result ignore_errors: True - name: Copy yum.repo file copy: src=yum.repo dest=/etc/yum.repos.d/ mode=0644 owner=root group=root when: result|failed - name: Rebuild the yum cache shell: yum clean all && yum makecache when: result|failed - name: Check whether nginx users exist shell: id nginx register: result ignore_errors: True - name: The nginx user does not exist, so we need to create it.[The nginx user's password is 123456] user: name=nginx createhome=yes home=/home/nginx shell=/bin/bash password="$1$K28XAyId$YUKHvYzbbO9C8RkzGIzNo1" state=present when: result|failed - name: Install PHP packages yum: name={{item.name}} state={{item.state|default("installed")}} with_items: - name: "php*" state: "absent" - name: "php70w" - name: "php70w-gd" - name: "libjpeg*" - name: "php70w-imap" - name: "php70w-ldap" - name: "php70w-odbc" - name: "php70w-pear" - name: "php70w-xml" - name: "php70w-xmlrpc" - name: "php70w-mbstring" - name: "php70w-mcrypt" - name: "php70w-bcmath" - name: "libmcrypt" - name: "libmcrypt-devel" - name: "php70w-fpm" - name: "php70w-cli" - name: "php70w-pdo" - name: "php70w-tidy" - name: "php70w-mysql" - name: Configure PHP template: src="templates/www.conf.j2" dest="/etc/php-fpm.d/www.conf" owner=root group=root mode=0644 - name: Modify file permissions file: path="{{item.path}}" state="{{item.state|default("directory")}}" owner={{php_user}} group={{php_group}} with_items: - path: "/etc/httpd/conf.d/php.conf" state: "file" - path: "/var/lib/php/session" - path: "/var/lib/php/wsdlcache" notify: restart php-fpm [root@Ansible ansible]#
1 2 3 4 5 [root@Ansible ansible]# cat roles/yum_php/handlers/main.yml - name: restart php-fpm service: name="php-fpm" state=restarted enabled=yes [root@Ansible ansible]#
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 root@Ansible ~]# ansible-playbook /etc/ansible/site.yml PLAY [test_hosts] ************************************************************** TASK [setup] ******************************************************************* ok: [192.168.31.110] TASK [yum_php : Install libselinux-python package] ***************************** changed: [192.168.31.110] TASK [yum_php : Check whether yum.repo file exist] ***************************** fatal: [192.168.31.110]: FAILED! => {"changed" : true , "cmd" : "ls /etc/yum.repos.d/yum.repo" , "delta" : "0:00:00.004034" , "end" : "2017-03-20 10:01:53.732814" , "failed" : true , "rc" : 2, "start" : "2017-03-20 10:01:53.728780" , "stderr" : "ls: cannot access /etc/yum.repos.d/yum.repo: No such file or directory" , "stdout" : "" , "stdout_lines" : [], "warnings" : []} ...ignoring TASK [yum_php : Copy yum.repo file] ******************************************** changed: [192.168.31.110] TASK [yum_php : Rebuild the yum cache] ***************************************** changed: [192.168.31.110] [WARNING]: Consider using yum module rather than running yum TASK [yum_php : Check whether nginx users exist] ******************************* fatal: [192.168.31.110]: FAILED! => {"changed" : true , "cmd" : "id nginx" , "delta" : "0:00:00.004049" , "end" : "2017-03-20 10:06:02.226964" , "failed" : true , "rc" : 1, "start" : "2017-03-20 10:06:02.222915" , "stderr" : "id: nginx: No such user" , "stdout" : "" , "stdout_lines" : [], "warnings" : []} ...ignoring TASK [yum_php : The nginx user does not exist, so we need to create it.[The nginx user's password is 123456]] *** changed: [192.168.31.110] TASK [yum_php : Install PHP packages] ****************************************** ok: [192.168.31.110] => (item={u' state': u' absent', u' name': u' php*'}) changed: [192.168.31.110] => (item={u' name': u' php70w'}) changed: [192.168.31.110] => (item={u' name': u' php70w-gd'}) ok: [192.168.31.110] => (item={u' name': u' libjpeg*'}) changed: [192.168.31.110] => (item={u' name': u' php70w-imap'}) changed: [192.168.31.110] => (item={u' name': u' php70w-ldap'}) changed: [192.168.31.110] => (item={u' name': u' php70w-odbc'}) changed: [192.168.31.110] => (item={u' name': u' php70w-pear'}) ok: [192.168.31.110] => (item={u' name': u' php70w-xml'}) changed: [192.168.31.110] => (item={u' name': u' php70w-xmlrpc'}) changed: [192.168.31.110] => (item={u' name': u' php70w-mbstring'}) changed: [192.168.31.110] => (item={u' name': u' php70w-mcrypt'}) changed: [192.168.31.110] => (item={u' name': u' php70w-bcmath'}) ok: [192.168.31.110] => (item={u' name': u' libmcrypt'}) changed: [192.168.31.110] => (item={u' name': u' libmcrypt-devel'}) changed: [192.168.31.110] => (item={u' name': u' php70w-fpm'}) ok: [192.168.31.110] => (item={u' name': u' php70w-cli'}) ok: [192.168.31.110] => (item={u' name': u' php70w-pdo'}) changed: [192.168.31.110] => (item={u' name': u' php70w-tidy'}) changed: [192.168.31.110] => (item={u' name': u' php70w-mysql'}) TASK [yum_php : Configure PHP] ************************************************* changed: [192.168.31.110] TASK [yum_php : Modify file permissions] *************************************** changed: [192.168.31.110] => (item={u' path': u' /etc/httpd/conf.d/php.conf', u' state': u' file'}) changed: [192.168.31.110] => (item={u' path': u' /var/lib/php/session'}) changed: [192.168.31.110] => (item={u' path': u' /var/lib/php/wsdlcache'}) RUNNING HANDLER [yum_php : restart php-fpm] ************************************ changed: [192.168.31.110] PLAY RECAP ********************************************************************* 192.168.31.110 : ok=11 changed=10 unreachable=0 failed=0 [root@Ansible ~]#
1 2 3 4 5 6 7 8 9 10 11 12 13 [root@Ansible ~]# ansible test_hosts -m shell -a 'netstat -tunlp | grep 9000' 192.168.31.110 | SUCCESS | rc=0 >> tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2197/php-fpm [root@Ansible ~]# ansible test_hosts -m shell -a 'ps -ef | grep php-fpm | grep -v grep' 192.168.31.110 | SUCCESS | rc=0 >> root 2197 1 0 17:22 ? 00:00:00 php-fpm: master process (/etc/php-fpm.conf) nginx 2198 2197 0 17:22 ? 00:00:00 php-fpm: pool www nginx 2199 2197 0 17:22 ? 00:00:00 php-fpm: pool www nginx 2200 2197 0 17:22 ? 00:00:00 php-fpm: pool www nginx 2201 2197 0 17:22 ? 00:00:00 php-fpm: pool www nginx 2203 2197 0 17:22 ? 00:00:00 php-fpm: pool www [root@Ansible ~]#
Template遇到特殊字符处理 注:如果推送的配置文件里含有特殊字符,如:”;” “#”等,是不能用Template模块直接推送的,因为这些不能被解析会报错,如下:
解决办法一 使用jinja2的Comments,注释掉那些特殊字符,语法:“”,参考:http://jinja.pocoo.org/docs/2.9/templates/#comments 1 2 sed -i '/^;/s/^;/{#;/g' www.conf.j2 sed -i '/^{#/s/$/#}/g' www.conf.j2
Jinja2分隔符配置如下:1 2 3 4 {% ... %} for Statements {{ ... }} for Expressions {# ... #} for Comments # ... ## for Line Statements
Statements Expressions to print to the template outputComments not included in the template outputLine Statements
效果图:
解决办法二 使用jinja2的Escaping,把这些特殊字符转义,语法:“ ... ”,参考:http://jinja.pocoo.org/docs/2.9/templates/#escaping 1 2 sed -i '/^;/s/^;/{% raw %};/g' www.conf.j2 sed -i '/^{% raw %}/s/$/{% endraw %}\n/g' www.conf.j2
Jinja2转义符:1 2 3 4 5 #被raw包含起来的部分被转义,不会被解析 {% raw %} ;aaa #bbb {% endraw %}
附件:ansible_yum_install_php.tar.gz
本作品采用知识共享署名 2.5 中国大陆许可协议 进行许可,欢迎转载,但转载请注明来自Jack Wang Blog ,并保持转载后文章内容的完整。本人保留所有版权相关权利。http://www.yfshare.vip/2017/03/15/Ansible-Playbooks%E4%B9%8B%E5%AE%89%E8%A3%85PHP/