目录
lnmp 架构
LNMP是指一组通常一起使用来运行动态网站或者服务器的自由软件名称首字母缩写。L指Linux,N指Nginx,M一般指MySQL,也可以指MariaDB,P一般指PHP,也可以指Perl或Python。
Nginx是一个高性能的HTTP和反向代理服务器,也是一个IMAP 、 POP3、SMTP 代理服务器。
Mysql是一个小型关系型数据库管理系统
PHP是一种在服务器端执行的嵌入HTML文档的脚本语言
这四种软件均为免费开源软件,组合到一起,成为一个免费、高效、扩展性强的网站服务系统
部署lnmp 环境
系统平台 | IP | 部署服务 |
---|---|---|
centos8/redhat8 | 192.168.229.150 | lnmp nginx mysql PHP |
准备工作
## 配置 yum源[root@localhost ~]# cd /etc/yum.repos.d/[root@localhost yum.repos.d]# rm -rf *[root@localhost yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo[root@localhost yum.repos.d]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo## 清除 缓存[root@localhost yum.repos.d]# dnf clean all0 files removed## 建立缓存[root@localhost yum.repos.d]# dnf makecache[root@localhost yum.repos.d]# yum install -y https://mirrors.aliyun.com/epel/epel-release-latest-8.noarch.rpm[root@localhost yum.repos.d]# sed -i 's|^#baseurl=https://download.example/pub|baseurl=https://mirrors.aliyun.com|' /etc/yum.repos.d/epel*[root@localhost yum.repos.d]# sed -i 's|^metalink|#metalink|' /etc/yum.repos.d/epel*## 清除 缓存[root@localhost yum.repos.d]# dnf clean all0 files removed## 建立缓存[root@localhost yum.repos.d]# dnf makecache## 关闭防火墙跟SElinux[root@localhost ~]# sed -i '/SELINUX=enforcing/c SELINUX=disabled' /etc/selinux/config[root@localhost ~]# grep '^SELINUX=' /etc/selinux/configSELINUX=disabled[root@localhost ~]# systemctl disable --now firewalldRemoved /etc/systemd/system/multi-user.target.wants/firewalld.service.Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.## 重启[root@localhost ~]# reboot
部署nginx
## 下载 nginx[root@localhost ~]# cd /usr/src/[root@localhost src]# wget https://nginx.org/download/nginx-1.22.0.tar.gz## 下载 依赖包[root@localhost ~]# dnf -y install boost-devel --allowerasing pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make[root@localhost ~]# yum -y groups mark install 'Development Tools'## 创建系统用户[root@localhost ~]# useradd -r -M -s /sbin/nologin nginx[root@localhost ~]# id nginxuid=995(nginx) gid=992(nginx) groups=992(nginx) ## 创建日志存放目录[root@localhost ~]# mkdir -p /var/log/nginx[root@localhost ~]# chown -R nginx.nginx /var/log/nginx/[root@localhost ~]# ll -d /var/log/nginx/drwxr-xr-x 2 nginx nginx 6 Aug 31 10:21 /var/log/nginx/## 编译安装[root@localhost ~]# cd /usr/src/[root@localhost src]# lsdebug kernels nginx-1.22.0.tar.gz[root@localhost src]# tar xf nginx-1.22.0.tar.gz[root@localhost src]# cd nginx-1.22.0[root@localhost nginx-1.22.0]# ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-debug \ --with-http_ssl_module \ --with-http_realip_module \ --with-http_image_filter_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_stub_status_module \ --http-log-path=/var/log/nginx/access.log \ --error-log-path=/var/log/nginx/error.log[root@localhost nginx-1.22.0]# nproc ## 查看核心数2[root@localhost nginx-1.22.0]# make -j 2 && make install## 设置环境变量[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh[root@localhost ~]# source /etc/profile.d/nginx.sh[root@localhost ~]# which nginx/usr/local/nginx/sbin/nginx## 启动 nginx[root@localhost ~]# nginx[root@localhost ~]# ss -antlState Recv-Q Send-Q Local Address:Port Peer Address:Port ProcessLISTEN 0 128 0.0.0.0:80 0.0.0.0:*LISTEN 0 128 0.0.0.0:22 0.0.0.0:*LISTEN 0 128 [::]:22 [::]:*//服务控制方式,使用nginx命令 -t //检查配置文件语法 -v //输出nginx的版本 -c //指定配置文件的路径 -s //发送服务控制信号,可选值有{stop|quit|reopen|reload} #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #}// 还没有开启 反向代理之前## 开启反向代理[root@localhost ~]# sed -i '/pass the PHP/{N;/#/{n;s/#//g}}' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/^ location ~ \\.php/{N;s/#//g}' /usr/local/nginx/conf/nginx.conf [root@localhost ~]# sed -i '/fastcgi_pass/{s/#//g}' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/fastcgi_index/{s/#//g}' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/SCRIPT_FILENAME/c \ fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/fastcgi_params/{s/#//g}' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/fastcgi_params/{n;s/#//g}' /usr/local/nginx/conf/nginx.conf[root@localhost ~]# sed -i '/^ index/c \ index index.php index.html index.htm;' /usr/local/nginx/conf/nginx.conf### 修改之后的内容 location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name; include fastcgi_params; }配置 PHP 网页[root@localhost ~]# cd /usr/local/nginx/html/[root@localhost html]# cat index.php ## 停掉之后立马启动[root@localhost ~]# nginx -s stop;nginx[root@localhost ~]# nginx -s reload // 推荐使用## 设置开机自启[root@localhost ~]# cd /usr/lib/systemd/system[root@localhost system]# cp sshd.service nginxd.service[root@localhost system]# vim nginxd.service[Unit]Description=nginx server daemonAfter=network.target sshd-keygen.target[Service]Type=forkingExecStart=/usr/local/nginx/sbin/nginxExecStop=/usr/local/nginx/sbin/nginx -s stopExecReload=/bin/kill -HUP $MAINPID[Install]WantedBy=multi-user.target[root@localhost system]# systemctl daemon-reload[root@localhost ~]# systemctl enable --now nginxd
访问 nginx
部署 mysql
# 安装依赖包[root@localhost ~]# dnf -y install ncurses-compat-libs openssl-devel openssl cmake mariadb-devel# 创建mysql系统用户[root@localhost ~]# useradd -r -M -s /sbin/nologin mysql[root@localhost ~]# id mysqluid=994(mysql) gid=991(mysql) groups=991(mysql)# 下载二进制格式的mysql软件包[root@localhost ~]# cd /usr/src/[root@localhost src]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz[root@localhost src]# lsdebug kernels mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz nginx-1.22.0 nginx-1.22.0.tar.gz# 解压软件至/usr/local/[root@localhost src]# tar xf mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz -C /usr/local/[root@localhost src]# cd /usr/local/[root@localhost local]# mv mysql-5.7.37-linux-glibc2.12-x86_64 mysql # 重命名为 mysql[root@localhost local]# ll -d mysql/drwxr-xr-x 9 root root 129 Aug 31 12:49 mysql/ # 修改目录/usr/local/mysql的属主属组[root@localhost local]# chown -R mysql.mysql mysql/[root@localhost local]# ll -d mysql/drwxr-xr-x 9 mysql mysql 129 Aug 31 12:49 mysql/# 添加环境变量[root@localhost ~]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh[root@localhost ~]# . /etc/profile.d/mysql.sh[root@localhost ~]# which mysqld/usr/local/mysql/bin/mysqld# 配置include## 软链接到/usr/include/mysql,叫mysql[root@localhost ~]# ln -s /usr/local/mysql/include /usr/include/mysql# 配置 man 文档[root@localhost ~]# sed -i '/MANDATORY_MANPATH.*.\/local\/share\/man/a MANDATORY_MANPATH\t\t\t/usr/local/mysql/man' /etc/man_db.conf\t 表示一个tab# 映射库文件[root@localhost ~]# echo '/usr/local/mysql/lib' > /etc/ld.so.conf.d/mysql.conf[root@localhost ~]# ldconfig # 让其生效# 建立数据存放目录[root@localhost ~]# mkdir -p /opt/data[root@localhost ~]# chown -R mysql.mysql /opt/data/[root@localhost ~]# ll /opt/data/ -ddrwxr-xr-x 2 mysql mysql 6 Aug 31 12:59 /opt/data/# 初始化数据库[root@localhost ~]# /usr/local/mysql/bin/mysqld --initialize --user=mysql --datadir=/opt/data/......省略root@localhost: zzWcsjwx9:-B# 请注意,这个命令的最后会生成一个临时密码,此处密码是 zzWcsjwx9:-B# 再次注意,这个密码是随机的,你的不会跟我一样,一定要记住这个密码,因为一会登录时会用到# 生成配置文件[root@localhost ~]# cat /etc/my.cnf[mysqld]basedir = /usr/local/mysqldatadir = /opt/datasocket = /tmp/mysql.sockport = 3306pid-file = /opt/data/mysql.piduser = mysqlskip-name-resolve# 配置服务启动脚本[root@localhost ~]# cd /usr/local/mysql/support-files/[root@localhost support-files]# cp mysql.server /etc/init.d/mysqld[root@localhost support-files]# ll /etc/init.d/mysqld-rwxr-xr-x 1 root root 10576 Aug 31 13:04 /etc/init.d/mysqld# 设置所有者所属组为mysql[root@localhost support-files]# chown -R mysql.mysql /etc/init.d/mysqld[root@localhost support-files]# ll /etc/init.d/mysqld-rwxr-xr-x 1 mysql mysql 10576 Aug 31 13:04 /etc/init.d/mysqld[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqldbasedir= // 需要添加MySQL 路径[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqlddatadir= // 数据存放路径[root@localhost ~]# sed -i '/^basedir=/c basedir=/usr/local/mysql' /etc/init.d/mysqld[root@localhost ~]# sed -i '/^datadir=/c datadir=/opt/data' /etc/init.d/mysqld[root@localhost ~]# grep '^basedir=' /etc/init.d/mysqldbasedir=/usr/local/mysql[root@localhost ~]# grep '^datadir=' /etc/init.d/mysqlddatadir=/opt/data# 启动mysql 、 并开机自启[root@localhost ~]# chkconfig --add mysqld[root@localhost ~]# chkconfig mysqld on[root@localhost ~]# service mysqld start[root@localhost ~]# ss -antlState Recv-Q Send-Q Local Address:Port Peer Address:Port ProcessLISTEN 0 128 0.0.0.0:80 0.0.0.0:*LISTEN 0 128 0.0.0.0:22 0.0.0.0:*LISTEN 0 80 *:3306 *:*LISTEN 0 128 [::]:22 [::]:*[root@localhost ~]### 查看mysql 进程[root@localhost ~]# ps -ef | grep mysqldroot 33663 33589 0 13:06 pts/0 00:00:00 vim /etc/init.d/mysqldroot 33695 1 0 13:09 pts/2 00:00:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/opt/data --pid-file=/opt/data/mysql.pidmysql 33883 33695 0 13:09 pts/2 00:00:00 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/opt/data --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=localhost.localdomain.err --pid-file=/opt/data/mysql.pid --socket=/tmp/mysql.sock --port=3306root 33914 10200 0 13:09 pts/2 00:00:00 grep --color=auto mysqld[root@localhost ~]## 修改密码# 使用临时密码登录[root@localhost ~]# mysql -uroot -p'zzWcsjwx9:-B'mysql: [Warning] Using a password on the command line interface can be insecure.Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 2Server version: 5.7.37Copyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> set password = password('runtime123!'); # 设置新密码mysql> quitBye# 退出登录验证密码[root@localhost ~]# mysql -uroot -pruntime123!mysql: [Warning] Using a password on the command line interface can be insecure.Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 3Server version: 5.7.37 MySQL Community Server (GPL)Copyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql>
部署 PHP
# 下载 PHP[root@localhost ~]# cd /usr/src/[root@localhost src]# wget https://www.php.net/distributions/php-7.4.29.tar.xz........省略[root@localhost src]# lsdebug mysql-5.7.37-linux-glibc2.12-x86_64.tar.gz nginx-1.22.0.tar.gzkernels nginx-1.22.0 php-7.4.29.tar.xz[root@localhost src]# tar xf php-7.4.29.tar.xz # 解压# 这是查找MySQL跟PHP打交道的包名[root@localhost ~]# dnf list all | grep mysql | grep phpphp-mysqlnd.x86_64 7.2.24-1.module_el8.2.0+313+b04d0a66 AppStream# 安装依赖包[root@localhost ~]# dnf -y install libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd安装过程略....# 安装 oniguruma 包[root@localhost ~]# dnf -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm# 编译安装php[root@localhost ~]# cd /usr/src/php-7.4.29[root@localhost php-7.4.29]# ./configure --prefix=/usr/local/php7 \--with-config-file-path=/etc \--enable-fpm \--enable-inline-optimization \--disable-debug \--disable-rpath \--enable-shared \--enable-soap \--with-openssl \--enable-bcmath \--with-iconv \--with-bz2 \--enable-calendar \--with-curl \--enable-exif \--enable-ftp \--enable-gd \--with-jpeg \--with-zlib-dir \--with-freetype \--with-gettext \--enable-json \--enable-mbstring \--enable-pdo \--with-mysqli=mysqlnd \--with-pdo-mysql=mysqlnd \--with-readline \--enable-shmop \--enable-simplexml \--enable-sockets \--with-zip \--enable-mysqlnd-compression-support \--with-pear \--enable-pcntl \--enable-posix# make[root@localhost php-7.4.29]# make编译过程略[root@localhost php-7.4.29]# make install安装过程略# 安装后配置[root@localhost ~]# echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh[root@localhost ~]# source /etc/profile.d/php7.sh[root@localhost ~]# which php/usr/local/php7/bin/php# 配置头文件[root@localhost ~]# ln -s /usr/local/php7/include /usr/include/php7# 配置库文件[root@localhost ~]# echo '/usr/local/php7/lib' > /etc/ld.so.conf.d/php7.conf[root@localhost ~]# ldconfig# 查看版本[root@localhost ~]# php -vPHP 7.4.29 (cli) (built: Jul 4 2022 21:07:32) ( NTS )Copyright (c) The PHP GroupZend Engine v3.4.0, Copyright (c) Zend Technologies# 配置php-fpm[root@localhost ~]# cd /usr/src/php-7.4.29[root@localhost php-7.4.29]# \cp php.ini-production /etc/php.ini # 这个文件已存在所以要加上\表示覆盖[root@localhost php-7.4.29]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm-rw-r--r-- 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm[root@localhost php-7.4.29]# chmod +x /etc/init.d/php-fpm[root@localhost php-7.4.29]# ll -d /etc/init.d/php-fpm-rwxr-xr-x 1 root root 2402 Aug 31 13:41 /etc/init.d/php-fpm[root@localhost ~]# cd /usr/local/php7/etc[root@localhost etc]# cp php-fpm.conf.default php-fpm.conf[root@localhost etc]# cd php-fpm.d[root@localhost php-fpm.d]# cp www.conf.default www.conf[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.confuser = nobody[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.confgroup = nobody[root@localhost ~]# sed -i '/^user = nobody/c user = nginx' /usr/local/php7/etc/php-fpm.d/www.conf[root@localhost ~]# sed -i '/^group = nobody/c group = nginx' /usr/local/php7/etc/php-fpm.d/www.conf[root@localhost ~]# grep '^user =' /usr/local/php7/etc/php-fpm.d/www.confuser = nginx[root@localhost ~]# grep '^group =' /usr/local/php7/etc/php-fpm.d/www.confgroup = nginx# 编辑php-fpm的配置文件(/usr/local/php7/etc/php-fpm.conf):# 配置fpm的相关选项为你所需要的值:[root@localhost ~]# vim /usr/local/php7/etc/php-fpm.conf..........pm.max_children = 50 ;最多同时提供50个进程提供50个并发服务pm.start_servers = 5 ;启动时启动5个进程pm.min_spare_servers = 2 ;最小空闲进程数pm.max_spare_servers = 8 ;最大空闲进程数[root@localhost ~]# tail /usr/local/php7/etc/php-fpm.conf; file.; Relative path can also be used. They will be prefixed by:; - the global prefix if it's been set (-p argument); - /usr/local/php7 otherwiseinclude=/usr/local/php7/etc/php-fpm.d/ 到zabbix 查看是否能用新密码登录。不登录的情况下查看里面的数据库[root@zabbix ~]# /usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || sys |+--------------------+#### 2> /dev/null 意思是把错误的输出丢到黑洞里// 也可以在控制主机上查看[root@ansible zabbix]# ansible zabbix -m shell -a "/usr/local/mysql/bin/mysql -uroot -p'runtime123' -e 'show databases' 2> /dev/null"zabbix | CHANGED | rc=0 >>Databaseinformation_schema // 跟第一个数据库是一样的mysqlperformance_schemasys// 查看的内容是一样的
部署PHP
[root@ansible ~]# cd zabbix/[root@ansible zabbix]# vim php.yml- name: provide software pkg // 提供软件包 copy: src: files/php-8.0.23.tar.gz dest: /usr/src/- name: exec script // 执行脚本 script: files/php.sh // 脚本内容[root@ansible ~]# cd zabbix/files/[root@ansible files]# vim php.sh#!/bin/bashdnf -y install libxml2-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel sqlite-devel libzip-devel php-mysqlnd http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm &> /dev/nullif [ ! -d /usr/local/php8 ];then cd /usr/src tar xf php-8.0.23.tar.gz cd /usr/src/php-8.0.23 ./configure --prefix=/usr/local/php8 \ --with-config-file-path=/etc \ --enable-fpm \ --enable-inline-optimization \ --disable-debug \ --disable-rpath \ --enable-shared \ --enable-soap \ --with-openssl \ --enable-bcmath \ --with-iconv \ --with-bz2 \ --enable-calendar \ --with-curl \ --enable-exif \ --enable-ftp \ --enable-gd \ --with-jpeg \ --with-zlib-dir \ --with-freetype \ --with-gettext \ --enable-json \ --enable-mbstring \ --enable-pdo \ --with-mysqli=mysqlnd \ --with-pdo-mysql=mysqlnd \ --with-readline \ --enable-shmop \ --enable-simplexml \ --enable-sockets \ --with-zip \ --enable-mysqlnd-compression-support \ --with-pear \ --enable-pcntl \ --enable-posix make && make installfiecho 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php8.shln -s /usr/local/php8/include /usr/include/php8 &> /dev/nullecho '/usr/local/php8/lib' > /etc/ld.so.conf.d/php8.confldconfigif [ ! -f /etc/init.d/php-fpm ];then cd /usr/src/php-8.0.23 \cp php.ini-production /etc/php.ini cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm chmod +x /etc/init.d/php-fpmfiif [ ! -f /usr/local/php7/etc/php-fpm.d/www.conf ];then cd /usr/local/php8/etc cp php-fpm.conf.default php-fpm.conf cd php-fpm.d cp www.conf.default www.conf sed -i '/^user = nobody/c user = nginx' /usr/local/php8/etc/php-fpm.d/www.conf sed -i '/^group = nobody/c group = nginx' /usr/local/php8/etc/php-fpm.d/www.conffiservice php-fpm startchkconfig --add php-fpmchkconfig php-fpm on[root@ansible files]# chmod +x php.sh[root@ansible zabbix]# vim mail.yml---- hosts: zabbix vars_files: - vars/nginx.yml - vars/mysql.yml tasks: - include_tasks: yum.yml - include_tasks: firewalld.yml - include_tasks: selinux.yml - include_tasks: nginx.yml - include_tasks: mysql.yml - include_tasks: php.yml // 引用// 执行playbook[root@ansible ~]# cd zabbix/[root@ansible zabbix]# ansible-playbook mail.yml...省略N// 验证[root@ansible zabbix]# ansible zabbix -m shell -a "ss -antl"zabbix | CHANGED | rc=0 >>State Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0 128 127.0.0.1:9000 0.0.0.0:* // 9000 端口已有LISTEN 0 128 0.0.0.0:80 0.0.0.0:*LISTEN 0 128 0.0.0.0:22 0.0.0.0:*LISTEN 0 70 *:33060 *:*LISTEN 0 128 *:3306 *:*LISTEN 0 128 [::]:22 [::]:*
现在把这几行的注释取消掉
# 开启反向代理#sed -i '/pass the PHP/{N;/#/{n;s/#//g}}' $nginx_install_dir/conf/nginx.conf#sed -i '/^ location ~ \\.php/{N;s/#//g}' $nginx_install_dir/conf/nginx.conf#sed -i '/fastcgi_pass/{s/#//g}' $nginx_install_dir/conf/nginx.conf#sed -i '/fastcgi_index/{s/#//g}' $nginx_install_dir/conf/nginx.conf#sed -i '/SCRIPT_FILENAME/c \ fastcgi_param SCRIPT_FILENAME /$document_root$fastcgi_script_name;' $nginx_install_dir/conf/nginx.conf#sed -i '/fastcgi_params/{s/#//g}' $nginx_install_dir/conf/nginx.conf#sed -i '/fastcgi_params/{n;s/#//g}' $nginx_install_dir/conf/nginx.conf#sed -i '/^ index/c \ index index.php index.html index.htm;' $nginx_install_dir/conf/nginx.conf// 把注释取消后执行 playbook[root@ansible zabbix]# ansible-playbook mail.yml.... 省略N// 如果访问不到是因为你还没有让其的nginx.conf 配置文件没有生效
访问 192.168.229.148
部署zabbix
在上面的基础上部署zabbix6.0版本
环境
系统平台 | IP | 主机名 | |
---|---|---|---|
centos8/ redhat8 | 192.168.229.152 | ansible | 控制主机 |
centos8/ redhat8 | 192.168.229.148 | zabbix | 服务端 |
centos8/ redhat8 | 192.168.229.150 | zabbix_slave | 客户端 |
部署zabbix服务端
[root@ansible ~]# cd zabbix/[root@ansible zabbix]# cat zabbix_server.yml- name: create user zabbix user: name: zabbix state: present create_home: no system: yes shell: /sbin/nologin- name: copy software zabbix-6.0.8.tar.gz copy: src: files/zabbix-6.0.8.tar.gz dest: /usr/src/- name: exec script script: files/zabbix_server.sh[root@ansible ~]# cd zabbix/files/[root@ansible files]# vim zabbix_server.sh#!/bin/bashdnf -y install net-snmp-devel libevent-devel &> /dev/nullif [ ! -d /usr/local/zabbix ];then cd /usr/src/ tar xf zabbix-6.0.8.tar.gz mv zabbix-6.0.8 /usr/local/zabbixfiif [ ! -d /usr/lib/zabbix ];then mkdir -p /usr/lib/zabbix chmod 770 /usr/lib/zabbix chown -R zabbix.zabbix /usr/lib/zabbix/fi/usr/local/mysql/bin/mysql -uroot -pruntime123 -e "show databases;" 2> /dev/null|grep 'zabbix'if [ $? -ne 0 ];then /usr/local/mysql/bin/mysql -uroot -pruntime123 -e "create database zabbix character set utf8mb4 collate utf8mb4_bin;create user 'zabbix'@'localhost' identified by 'zabbix123';grant all privileges on zabbix.* to 'zabbix'@'localhost';flush privileges;" 2> /dev/nullfizabbix_result=$(/usr/local/mysql/bin/mysql -uzabbix -pzabbix123 -e "use zabbix;show tables;")if [ $zabbix_result -lt 2 ];then cd /usr/local/zabbix/database/mysql/ /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < schema.sql 2> /dev/null /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < images.sql 2> /dev/null /usr/local/mysql/bin/mysql -uzabbix -pzabbix123 zabbix < data.sql 2> /dev/null cd /usr/local/zabbix ./configure --enable-server --enable-agent --with-mysql --with-net-snmp --with-libcurl --with-libxml2 --with-openipmi make installfised -i '/^DBUser=/c DBUser=zabbix' /usr/local/etc/zabbix_server.confsed -i '/DBPassword=/c DBPassword=zabbix123' /usr/local/etc/zabbix_server.confsed -i '/DBSocket=/c DBSocket=/tmp/mysql.sock' /usr/local/etc/zabbix_server.confsed -i '/post_max_size =/s/8M/16M/g' /etc/php.inised -i '/max_execution_time/c max_execution_time = 300' /etc/php.inised -i '/max_input_time =/c max_input_time = 300' /etc/php.inigrep 'Asia/Shanghai' /etc/php.iniif [ $? -ne 0 ];then sed -i '/;date.timezone/a date.timezone = Asia/Shanghai' /etc/php.inifiif [ ! -f /usr/local/nginx/html/conf ];then cd /usr/local/nginx/html rm -rf * cp -a /usr/local/zabbix/ui/ 服务端已开机自启[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-server'zabbix | CHANGED | rc=0 >>● zabbix-server.service - zabbix-server server daemon Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-09-04 20:25:49 CST; 1min 25s ago Process: 2173 ExecStart=/usr/local/sbin/zabbix_server (code=exited, status=0/SUCCESS)....省略N// 客户端已开机自启[root@ansible zabbix]# ansible zabbix -m shell -a 'systemctl status zabbix-agentd'zabbix | CHANGED | rc=0 >>● zabbix-agentd.service - zabbix-server server daemon Loaded: loaded (/usr/lib/systemd/system/zabbix-agentd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2022-09-04 20:19:38 CST; 8min ago....省略N
访问验证 192.168.229.148
部署客户端
// 设置免密登录[root@ansible ~]# ssh-copy-id root@slave/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host 'slave (192.168.229.150)' can't be established.ECDSA key fingerprint is SHA256:BSCsrBDXmOy0vQCzkxthvFwA+8EIkoMVyeVV45QrFdM.Are you sure you want to continue connecting (yes/no/[fingerprint])? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@slave's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@slave'"and check to make sure that only the key(s) you wanted were added.// 清单文件[root@ansible ~]# cd zabbix/[root@ansible zabbix]# cat inventory[web]zabbix[slave]slave// 测试[root@ansible zabbix]# ansible slave -m pingslave | SUCCESS => { "ansible_facts": { "discovered_interpreter_python": "/usr/libexec/platform-python" }, "changed": false, "ping": "pong"}// 查看对面受控主机是否有 yum源[root@ansible zabbix]# ansible slave -m shell -a 'ls /etc/yum.repos.d/' 2> /dev/nullslave | CHANGED | rc=0 >>CentOS-Stream-AppStream.repoCentOS-Stream-BaseOS.repoCentOS-Stream-Debuginfo.repoCentOS-Stream-Extras.repoCentOS-Stream-HighAvailability.repoCentOS-Stream-Media.repoCentOS-Stream-NFV.repoCentOS-Stream-PowerTools.repoCentOS-Stream-RealTime.repoCentOS-Stream-ResilientStorage.repoCentOS-Stream-Sources.repo[root@ansible zabbix]# vim zabbix_slave.yml- name: create user zabbix user: name: zabbix state: present create_home: no system: yes shell: /sbin/nologin- name: copy software pkg copy: src: files/zabbix-6.0.8.tar.gz dest: /usr/src/- name: exec script script: files/zabbix_slave.sh // 脚本内容[root@ansible ~]# cd zabbix/files/[root@ansible files]# cat zabbix_slave.sh#!/bin/bashdnf -y install gcc gcc-c++ make vim wget pcre-devel &> /dev/nullif [ ! -d /usr/local/zabbix ];then cd /usr/src tar xf /usr/src/zabbix-6.0.8.tar.gz mv zabbix-6.0.8 /usr/local/zabbix cd /usr/local/zabbix ./configure --enable-agent make installfised -i "/^Server=/c Server=192.168.229.152" /usr/local/etc/zabbix_agentd.confsed -i "/^ServerActive=/c ServerActive=192.168.229.152" /usr/local/etc/zabbix_agentd.confsed -i "/^Hostname=/c Hostname=zabbix_slave" /usr/local/etc/zabbix_agentd.confcat > /usr/lib/systemd/system/zabbix_agentd.service < /dev/nullslave | CHANGED | rc=0 >>State Recv-Q Send-Q Local Address:Port Peer Address:PortProcessLISTEN 0 128 0.0.0.0:22 0.0.0.0:*LISTEN 0 128 0.0.0.0:10050 0.0.0.0:*LISTEN 0 128 [::]:22 [::]:*// 已开机自启[root@ansible zabbix]# ansible slave -m shell -a 'systemctl status zabbix_agentd' 2> /dev/nullslave | CHANGED | rc=0 >>● zabbix_agentd.service - zabbix_agentd server daemon Loaded: loaded (/usr/lib/systemd/system/zabbix_agentd.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2022-09-05 21:26:06 CST; 2min 4s ago Process: 20730 ExecStart=/usr/local/sbin/zabbix_agentd (code=exited, status=0/SUCCESS) Main PID: 20732 (zabbix_agentd)
来源地址:https://blog.csdn.net/m0_58805648/article/details/126736325