Ansible部署LNMP


目录

  • Ansible部署LNMP
    • 基础准备工作
    • 管理nginx受管主机部署nginx服务
    • 管理mysql受管主机部署mysql服务
    • 管理php受管主机部署php服务

环境介绍:

系统ip主机名服务
centos8192.168.222.250ansibleansinle
ceotos8192.168.222.137nginxnginx
centos8192.168.222.138mysqlmysql
centos8192.168.222.139phpphp

nginx-1.22.0
mysql-8.0.30
php-8.1.11

基础准备工作

阿里云官网

[root@localhost ~]# hostnamectl set-hostname ansible[root@localhost ~]# bash//下载阿里源[root@ansible ~]# cd /etc/yum.repos.d/[root@ansible yum.repos.d]# rm -rf *[root@ansible yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current                                 Dload  Upload   Total   Spent    Left  Speed100  2495  100  2495    0     0   3574      0 --:--:-- --:--:-- --:--:--  3574[root@ansible yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo[root@ansible yum.repos.d]# cd//安装ansible[root@ansible ~]# dnf -y install platform-python[root@ansible ~]# dnf -y install centos-release-ansible-29[root@ansible ~]# dnf -y install ansible[root@ansible ~]# ansible --version    //查看版本ansible 2.9.27  config file = /etc/ansible/ansible.cfg  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']  ansible python module location = /usr/lib/python3.6/site-packages/ansible  executable location = /usr/bin/ansible  python version = 3.6.8 (default, Sep 10 2021, 09:13:53) [GCC 8.5.0 20210514 (Red Hat 8.5.0-3)][root@ansible ~]# ssh-keygen -t rsa    //生成一对公钥一对私钥Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:egpQ3eohggaGw65/rQd3/DVnLCKZwJr89+4VpC7obsU root@ansibleThe key's randomart image is:+---[RSA 3072]----+|                 ||o    . .         ||+o  ... .   .    ||+o .  o.   o     ||.oo..oo+So. ..   ||o  o=o.+E.. +.+  ||.   .=+ooo.o.=   || .  .o=o....     ||  ...=+. ++      |+----[SHA256]-----+[root@ansible ~]# ssh-copy-id 192.168.222.137  //与nginx受控机互信/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '192.168.222.137 (192.168.222.137)' can't be established.ECDSA key fingerprint is SHA256:jJ7HFCOrVQKPjfacavF08vxsn4hSKTG3q9SV78ApryQ.Are you sure you want to continue connecting (yes/no/[fingerprint])? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.222.137's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh '192.168.222.137'"and check to make sure that only the key(s) you wanted were added.[root@ansible ~]# ssh-copy-id 192.168.222.138  //与mysql受控机互信[root@ansible ~]# ssh-copy-id 192.168.222.139  //与php受控机互信//将受控主机加入ansible清单[root@ansible ~]# cd /etc/ansible/[root@ansible ansible]# lsansible.cfg  hosts  roles[root@ansible ansible]# touch inventory[root@ansible ansible]# lsansible.cfg  hosts  inventory  roles[root@ansible ansible]# vim ansible.cfg #inventory      = /etc/ansible/hosts    //取消注释并修改为下面这样inventory       = /etc/ansible/inventory[root@ansible ansible]# vim inventory [root@ansible ansible]# cat inventory [web]    //受控主机192.168.222.137192.168.222.138192.168.222.139[nginx]192.168.222.137[mysql]192.168.222.138[php]192.168.222.139[root@ansible ansible]# cd[root@ansible ~]# ansible all --list-hosts  hosts (3):    192.168.222.137    192.168.222.138    192.168.222.139//检查机器节点是否连通[root@ansible ~]# ansible web -m ping192.168.222.139 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "ping": "pong"}192.168.222.137 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "ping": "pong"}192.168.222.138 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "ping": "pong"}//将设置好的阿里源传到受控主机[root@ansible ~]# ansible nginx  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo'192.168.222.137 | CHANGED => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": true,    "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",    "dest": "/etc/yum.repos.d/CentOS-Base.repo",    "gid": 0,    "group": "root",    "md5sum": "ed031c350da2532e6a8d09a4d9b05278",    "mode": "0644",    "owner": "root",    "secontext": "system_u:object_r:system_conf_t:s0",    "size": 1653,    "src": "/root/.ansible/tmp/ansible-tmp-1666511143.7368824-130351-128775339422969/source",    "state": "file",    "uid": 0}[root@ansible ~]# ansible mysql  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo'192.168.222.138 | CHANGED => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": true,    "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",    "dest": "/etc/yum.repos.d/CentOS-Base.repo",    "gid": 0,    "group": "root",    "md5sum": "ed031c350da2532e6a8d09a4d9b05278",    "mode": "0644",    "owner": "root",    "secontext": "system_u:object_r:system_conf_t:s0",    "size": 1653,    "src": "/root/.ansible/tmp/ansible-tmp-1666511161.8907917-130929-57801171367377/source",    "state": "file",    "uid": 0}[root@ansible ~]# ansible php  -m template -a 'src=/etc/yum.repos.d/CentOS-Base.repo  dest=/etc/yum.repos.d/CentOS-Base.repo'192.168.222.139 | CHANGED => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": true,    "checksum": "8bbf30b2d80c3b97292ca7b32f33ef494269a5b8",    "dest": "/etc/yum.repos.d/CentOS-Base.repo",    "gid": 0,    "group": "root",    "md5sum": "ed031c350da2532e6a8d09a4d9b05278",    "mode": "0644",    "owner": "root",    "secontext": "system_u:object_r:system_conf_t:s0",    "size": 1653,    "src": "/root/.ansible/tmp/ansible-tmp-1666511167.7952082-131147-42422946741004/source",    "state": "file",    "uid": 0}//查看受控机上是否有阿里源[root@nginx ~]# ls /etc/yum.repos.d/CentOS-Base.repo[root@mysql ~]# ls /etc/yum.repos.d/CentOS-Base.repo[root@php ~]# ls /etc/yum.repos.d/CentOS-Base.repo//给受控主机安装epel源[root@ansible ~]# ansible web -m yum -a 'name=epel-release state=present' 192.168.222.137 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "msg": "Nothing to do",    "rc": 0,    "results": []}192.168.222.139 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "msg": "Nothing to do",    "rc": 0,    "results": []}192.168.222.138 | SUCCESS => {    "ansible_facts": {        "discovered_interpreter_python": "/usr/libexec/platform-python"    },    "changed": false,    "msg": "Nothing to do",    "rc": 0,    "results": []}//检查受控是否安装[root@nginx ~]# rpm -qa|grep epel-releaseepel-release-8-11.el8.noarch[root@mysql ~]# rpm -qa|grep epel-releaseepel-release-8-11.el8.noarch[root@php ~]# rpm -qa|grep epel-releaseepel-release-8-11.el8.noarch[root@ansible ~]# systemctl stop firewalld.service [root@ansible ~]# sed -ri 's/^(SELINUX=).*/\1disabled/g' /etc/selinux/config[root@ansible ~]# setenforce 0[root@ansible ~]# systemctl disable --now firewalld.service Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.//关闭受控主机的防火墙和selinux[root@ansible ~]# ansible web -m service -a 'name=firewalld state=stopped enabled=no'[root@ansible ~]# ansible web -m lineinfile -a "path=/etc/selinux/config regexp='SELINUX=.*' line='SELINUX=disabled'"[root@ansible ~]# ansible web -m reboot  //重启受控主机//检查防火墙是否关闭[root@nginx ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)   Active: inactive (dead)     Docs: man:firewalld(1)[root@mysql ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)   Active: inactive (dead)     Docs: man:firewalld(1)[root@php ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)   Active: inactive (dead)     Docs: man:firewalld(1)

管理nginx受管主机部署nginx服务

//创建系统用户nginx[root@ansible ansible]# ansible nginx -m user -a 'name=nginx system=yes shell=/sbin/nologin state=present'//安装依赖包[root@ansible ansible]# ansible nginx -m yum -a 'name=pcre-devel,openssl,openssl-devel,gd-devel,gcc,gcc-c++,make,wget state=present'//创建日志存放目录并修改目录所属主,组[root@ansible ansible]# ansible nginx -m file -a 'path=/var/log/nginx state=directory'[root@ansible ansible]# ansible nginx -m file -a 'path=/var/log/nginx state=directory owner=nginx group=nginx'//下载nginx包并解压[root@ansible ansible]# ansible nginx -a 'wget http://nginx.org/download/nginx-1.22.0.tar.gz'[root@ansible ansible]# ansible nginx -a 'tar xf nginx-1.22.0.tar.gz'//编写编译脚本,然后进行编译安装[root@ansible ansible]#  mkdir scripts/[root@ansible ansible]# vim scripts/nginx.sh[root@ansible ansible]# cat scripts/nginx.sh#!/bin/bashcd nginx-1.22.0./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-debug  --with-http_ssl_module --with-http_realip_module--with-http_gunzip_module --with-http_gzip_static_module --with-http_stub_status_module  [root@ansible ansible]# chmod +x scripts/nginx.sh [root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/nginx.sh'[root@ansible ansible]# ansible nginx -m shell -a 'cd nginx-1.22.0 && make && make install'//配置环境变量[root@ansible ansible]# ansible nginx -m shell -a 'echo "export PATH=/usr/local/nginx/sbin:$PATH" > /etc/profile.d/nginx.sh'[root@ansible ansible]# ansible nginx -m shell -a '. /etc/profile.d/nginx.sh'//开启服务[root@ansible ansible]# ansible nginx  -a 'nginx'//查看端口[root@ansible ansible]# ansible nginx  -a 'ss -antl'192.168.222.137 | CHANGED | rc=0 >>State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0      128          0.0.0.0:80        0.0.0.0:*          LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          LISTEN 0      128             [::]:22           [::]:*  //关闭服务        [root@ansible ansible]# ansible nginx  -a 'nginx -s stop'192.168.222.137 | CHANGED | rc=0 >>//查看端口[root@ansible ansible]# ansible nginx  -a 'ss -antl'192.168.222.137 | CHANGED | rc=0 >>State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0      128          0.0.0.0:22        0.0.0.0:*          LISTEN 0      128             [::]:22           [::]:*   //编写脚本将其加入systemd服务中       [root@ansible ansible]# vim scripts/systemd.sh[root@ansible ansible]# cat scripts/systemd.sh#!/bin/bashcat > /usr/lib/systemd/system/nginx.service <>State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0      128          0.0.0.0:80        0.0.0.0:*          LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          LISTEN 0      128             [::]:22           [::]:*   //脚本写入php网页信息[root@ansible ansible]# vim scripts/nginx.php.sh[root@ansible ansible]# cat scripts/nginx.php.sh#!/bin/bashcat > /usr/local/nginx/html/index.php <<EOFEOF[root@ansible ansible]# chmod +x scripts/nginx.php.sh//修改nginx服务的配置[root@ansible ansible]# ansible nginx -m script -a '/etc/ansible/scripts/nginx.php.sh'       

管理mysql受管主机部署mysql服务

//创建系统用户msyql[root@ansible ansible]# ansible mysql -m user -a 'name=mysql system=yes shell=/sbin/nologin state=present'//安装依赖包[root@ansible ansible]# ansible mysql -m yum -a 'name=ncurses-compat-libs,perl,ncurses-devel,openssl-devel,openssl,cmake,mariadb-devel state=present'//下载mysql包并解压[root@ansible ansible]# ansible mysql -a 'wget https://downloads.mysql.com/archives/get/p/23/file/mysql-8.0.30-linux-glibc2.12-x86_64.tar.xz'[root@ansible ansible]# ansible mysql -a  'tar xf mysql-8.0.30-linux-glibc2.12-x86_64.tar.xz '//修改mysql数据库名称ansible mysql -a 'mv mysql-8.0.30-linux-glibc2.12-x86_64 mysql'[root@ansible ansible]# ansible mysql -a 'mv mysql /usr/local/'//修改目录/usr/local/mysql的属主属组[root@ansible ansible]# ansible mysql -m file -a 'path=/usr/local/mysql owner=mysql group=mysql'//配置环境变量[root@ansible ansible]# ansible mysql -m shell -a 'echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh'[root@ansible ansible]# ansible mysql -m shell -a 'source /etc/profile.d/mysql.sh'//做头文件[root@ansible ansible]# ansible mysql -a 'ln -sv /usr/local/mysql/include/ /usr/include/mysql'192.168.222.138 | CHANGED | rc=0 >>'/usr/include/mysql/include' -> '/usr/local/mysql/include/'//配置lib库文件[root@ansible ansible]# ansible mysql -m shell -a 'echo "/usr/local/mysql/lib/" > /etc/ld.so.conf.d/mysql.conf'//编辑man文档[root@ansible ansible]# ansible mysql -a 'sed -i "22a MANDATORY_MANPATH                         /usr/local/mysql/man" /etc/man_db.conf'//建立数据存放目录[root@ansible ansible]# ansible mysql -m file -a 'path=/opt/data state=directory owner=mysql group=mysql'//初始化数据库[root@ansible ansible]# ansible mysql -m shell -a '/usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/'192.168.222.138 | CHANGED | rc=0 >>2022-10-23T12:55:05.564725Z 0 [System] [MY-013169] [Server] /usr/local/mysql/bin/mysqld (mysqld 8.0.30) initializing of server in progress as process 5291982022-10-23T12:55:05.577111Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.2022-10-23T12:55:06.494304Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.2022-10-23T12:55:08.076144Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: :rg0o-At;Vop//配置服务启动脚本[root@ansible ansible]# ansible mysql -a 'cp -a /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld'[root@ansible ansible]# ansible mysql -a 'sed  -i "46cbasedir=/usr/local/mysql" /etc/init.d/mysqld'[root@ansible ansible]# ansible mysql -a 'sed  -i "47cdatadir=/opt/data" /etc/init.d/mysqld'//编写脚本添加mysql配置文件和mysql的service文件[root@ansible ansible]# vim scripts/mysql.sh[root@ansible ansible]# cat scripts/mysql.sh#!/bin/bashcat > /etc/my.cnf < /usr/lib/systemd/system/mysqld.service <>State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcess       LISTEN 0      128          0.0.0.0:22         0.0.0.0:*                 LISTEN 0      128             [::]:22            [::]:*          LISTEN 0      70                 *:33060            *:*          LISTEN 0      128                *:3306             *:*          //修改数据库密码[root@ansible ansible]# ansible mysql -a 'mysqladmin -uroot -p":rg0o-At;Vop" password 123456'192.168.222.138 | CHANGED | rc=0 >>mysqladmin: [Warning] Using a password on the command line interface can be insecure.Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.//重启mysql服务[root@ansible ansible]# ansible mysql -m service -a 'name=mysqld state=restarted'//查看端口[root@ansible ansible]# ansible mysql -a 'ss -antl'192.168.222.138 | CHANGED | rc=0 >>State  Recv-Q Send-Q Local Address:Port  Peer Address:PortProcessLISTEN 0      128          0.0.0.0:22         0.0.0.0:*            LISTEN 0      128             [::]:22            [::]:*          LISTEN 0      70                 *:33060            *:*          LISTEN 0      128                *:3306             *:*          

管理php受管主机部署php服务

//编写脚本安装依赖包[root@ansible ansible]# vim scripts/php_install.sh[root@ansible ansible]# cat scripts/php_install.sh#!/bin/bashyum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ wget make--allowerasingyum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel readline readline-devel libxslt libxslt-devel php-mysqlnd libxml2-devel sqlite-devel https://vault.centos.org/centos/8/PowerTools/x86_64/os/Packages/onigurumadevel-6.8.2-2.el8.x86_64.rpmyum -y install https://vault.centos.org/centos/8/AppStream/x86_64/os/Packages/libzip-devel1.5.1-2.module_el8.2.0+313+b04d0a66.x86_64.rpm --nobestyum install libxml2-devel -yyum install sqlite-devel  -yyum -y install libcurl-develyum -y install gmp-develyum  install net-snmp-devel -ywget https://libzip.org/download/libzip-1.3.2.tar.gzyum -y install libzip libzip-devel[root@ansible ansible]# chmod +x scripts/php_install.sh [root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php_install.sh'//下载PHP并解压[root@ansible ansible]# ansible php -a 'wget https://www.php.net/distributions/php-8.1.11.tar.gz'[root@ansible ansible]# ansible php -a 'tar xf php-8.1.11.tar.gz -C /usr/src'//编写脚本编译安装phproot@ansible ansible]# vim scripts/php.sh [root@ansible ansible]# cat scripts/php.sh #!/bin/bashcd /usr/src/php-8.1.11/./configure --prefix=/usr/local/php8 --with-config-file-path=/usr/local/php8/etc --enable-fpm --enable-mysqlnd --with-mysqli --with-pdo-mysql --enable-gd --with-jpeg --with-freetype --with-gettext --with-curl --with-openssl --enable-sockets --enable-mbstring --enable-xml --with-zip --with-zlib --with-snmp --with-mhash --enable-ftp --enable-bcmath --enable-soap --enable-shmop --enable-sysvsem --enable-pcntl --with-gmp[root@ansible ansible]# chmod +x scripts/php.sh [root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php.sh'... "+--------------------------------------------------------------------+",        "| License:                                                           |",        "| This software is subject to the PHP License, available in this     |",        "| distribution in the file LICENSE. By continuing this installation  |",        "| process, you are bound by the terms of this license agreement.     |",        "| If you do not agree with the terms of this license, you must abort |",        "| the installation process at this point.                            |",        "+--------------------------------------------------------------------+",        "",        "Thank you for using PHP.",        ""    ]}[root@ansible ansible]# ansible php -m shell -a 'cd /usr/src/php-8.1.11/ && make && make install'//安装后配置环境变量[root@ansible ansible]# ansible php -m shell -a 'echo "export PATH=/usr/local/php8/bin/:$PATH" > /etc/profile.d/php8.sh'[root@ansible ansible]# ansible php -m shell -a 'source /etc/profile.d/php8.sh'//查看版本[root@ansible ansible]# ansible php -a 'php -v'192.168.222.139 | CHANGED | rc=0 >>PHP 8.1.11 (cli) (built: Oct 24 2022 00:39:21) (NTS)Copyright (c) The PHP GroupZend Engine v4.1.11, Copyright (c) Zend Technologies//配置php-fpm[root@ansible ansible]# ansible php -a '\cp /usr/src/php-8.1.11/php.ini-production /etc/php.ini'[root@ansible ansible]# ansible php -a '\cp /usr/src/php-8.1.11/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm'[root@ansible ansible]# ansible php -m file -a 'path=/etc/init.d/php-fpm mode=755'[root@ansible ansible]# ansible php -a '\cp /usr/local/php8/etc/php-fpm.conf.default  /usr/local/php8/etc/php-fpm.conf'[root@ansible ansible]# ansible php -a '\cp /usr/local/php8/etc/php-fpm.d/www.conf.default /usr/local/php8/etc/php-fpm.d/www.conf'//启动php-fpm[root@ansible ansible]# ansible php -a 'service php-fpm start'192.168.222.139 | CHANGED | rc=0 >>Starting php-fpm  done//查看端口[root@ansible ansible]# ansible php -a 'ss -anlt'192.168.222.139 | CHANGED | rc=0 >>State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0      128        127.0.0.1:9000      0.0.0.0:*          LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          LISTEN 0      128             [::]:22           [::]:*          //连接nginx和php,生成php测试页面[root@ansible ansible]# ansible php -m file -a 'path=/usr/local/nginx state=directory'[root@ansible ansible]# ansible php -m file -a 'path=/usr/local/nginx/html state=directory'//编写脚本添加php测试页面[root@ansible ansible]# vim scripts/php.nginx.sh[root@ansible ansible]# cat scripts/php.nginx.sh#!/bin/bashcat > /usr/local/nginx/html/index.php << EOFEOF[root@ansible ansible]# chmod +x scripts/php.nginx.sh[root@ansible ansible]# ansible php -m script -a '/etc/ansible/scripts/php.nginx.sh'//修改php/usr/local/php8/etc/php-fpm.d/www.conf文件的clisten和clisten.allowed_clients指向[root@ansible ansible]# ansible php -a 'sed -i "36clisten = 192.168.222.139:9000" /usr/local/php8/etc/php-fpm.d/www.conf'[root@ansible ansible]# ansible php -a 'sed -i "63clisten.allowed_clients = 192.168.222.137" /usr/local/php8/etc/php-fpm.d/www.conf'//修改nginx配置文件[root@ansible ansible]# ansible nginx -a 'sed -i "45c                   index  index.php index.html index.htm;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "65c     location ~ \.php$ {" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "66c     root           html;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "67c     fastcgi_pass   192.168.222.139:9000;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "68c     fastcgi_index  index.php;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "69c     fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "70c      include        fastcgi_params;" /usr/local/nginx/conf/nginx.conf'[root@ansible ansible]# ansible nginx -a 'sed -i "71c      }" /usr/local/nginx/conf/nginx.conf'//重启nginx和php服务[root@ansible ansible]# ansible nginx -m service -a 'name=nginx state=restarted'[root@ansible ansible]# ansible php -a 'service php-fpm restart'192.168.222.139 | CHANGED | rc=0 >>Gracefully shutting down php-fpm warning, no pid file found - php-fpm is not running ?Starting php-fpm  done//查看端口[root@ansible ansible]# ansible nginx -a 'ss -antl'192.168.222.137 | CHANGED | rc=0 >>State  Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0      128          0.0.0.0:80        0.0.0.0:*          LISTEN 0      128          0.0.0.0:22        0.0.0.0:*          LISTEN 0      128             [::]:22           [::]:*          [root@ansible ansible]# ansible php -a 'ss -antl'192.168.222.139 | CHANGED | rc=0 >>State  Recv-Q Send-Q   Local Address:Port Peer Address:PortProcessLISTEN 0      128    192.168.222.139:9000      0.0.0.0:*          LISTEN 0      128            0.0.0.0:22        0.0.0.0:*          LISTEN 0      128               [::]:22           [::]:*          

访问: