feat: 一键安装LNMP

一键安装LNMP

LICENSE.md

@@ -0,0 +1,4 @@
+Copyright (C) 2013 AnsibleWorks, Inc.
+
+This work is licensed under the Creative Commons Attribution 3.0 Unported License. 
+To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. 

README.md

@@ -0,0 +1,57 @@
+# 使用Ansible自动部署LNMP
+
+使用Ansible自动化部署 MySQL-8, WordPress-6.4.1, Nginx-1.14, 和 PHP-8
+
+## Requires
+
+### 管理端
+
+- Ansible 2.16
+
+### 被控制的服务器
+
+- 操作系统：Centos stream/RHEL 8.x
+- Python 3.0 (默认已安装) 验证是否安装： `python3 -V`
+- 具有root权限的用户，且已添加public-key
+
+## 如何运行
+
+### a. 管理端本地执行
+
+1. 配置服务器地址到 **inventory.ini**； 配置用户到 **site.yml** 中的 **remote_user**
+
+2. 添加SSH秘钥：
+
+      ```bash
+      eval "$(ssh-agent -s)"
+      ssh-add ~/.ssh/private-key-file
+      ```
+
+3. 一键部署：
+
+      ```bash
+      ansible-playbook -i inventory.ini site.yml
+      ```
+
+4. 执行成功后，就可以访问你的wordpress了
+
+### b. 或者GitHub Action 执行
+
+ 通过Github action 自动部署。
+
+## 参考
+
+  1. Ansible playbook 参照：[ansible-examples/wordpress-nginx](https://github.com/ansible/ansible-examples/tree/master/wordpress-nginx)
+
+      修改点:
+
+      + 删除了 selinux，iptables，firewall 相关配置
+      + PHP 升级到8.0，调整 PHP-FPM 所需的模块[参照文档](https://cloud.tencent.com/document/product/213/49304)
+      + wordpress 升级到6.4.1，删除自动更新等配置
+      + ansible-lint 问题修改
+
+  2. [Ansible: **managed-node-requirements**](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#managed-node-requirements)
+
+  3. [Ansible collections: **builtin**](<https://docs.ansible.com/ansible/latest/collections/ansible/builtin/index.html>)
+
+  4. [How to build your inventory](https://docs.ansible.com/ansible/latest/inventory_guide/intro_inventory.html#how-to-build-your-inventory)

group_vars/all

@@ -0,0 +1,37 @@
+---
+
+# Which version of WordPress to deploy
+
+wp_version: 6.4.1
+
+# These are the WordPress database settings
+
+wp_db_name: wordpress
+wp_db_user: wordpress
+wp_db_password: secret
+
+# You shouldn't need to change this
+
+mysql_port: 3306
+
+# This is used for the nginx server configuration, but access to the
+
+# WordPress site is not restricted by a named host
+
+server_hostname: <www.example.com>
+
+# Disable All Updates
+
+# By default automatic updates are enabled, set this value to true to disable all automatic updates
+
+auto_up_disable: false
+
+# Define Core Update Level
+
+# true  = Development, minor, and major updates are all enabled
+
+# false = Development, minor, and major updates are all disabled
+
+# minor = Minor updates are enabled, development, and major updates are disabled
+
+core_update_level: true

inventory.ini

@@ -0,0 +1,2 @@
+[wordpress-server]
+your-server-ip-or-domain

roles/common/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Reload ansible_facts
+  ansible.builtin.setup:
+
+- name: Intall the EPEL repository
+  ansible.builtin.dnf:
+    name: epel-release
+    state: present
+    enablerepo: epel
+    update_cache: true

roles/mysql/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart mysql
+  ansible.builtin.service:
+    name: mysqld
+    state: restarted

roles/mysql/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Install Mysql package
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - mysql-server
+    - python3-mysql
+
+- name: Create Mysql configuration file
+  ansible.builtin.template:
+    src: my.cnf.j2
+    dest: /etc/my.cnf
+    group: root
+    owner: root
+    mode: "0644"
+  notify:
+    - Restart mysql
+
+- name: Start Mysql Service
+  ansible.builtin.service:
+    name: mysqld
+    state: started

roles/mysql/templates/my.cnf.j2

@@ -0,0 +1,11 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Disabling symbolic-links is recommended to prevent assorted security risks
+symbolic-links=0
+port={{ mysql_port }}
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid

roles/nginx/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart nginx
+  ansible.builtin.service:
+    name: nginx
+    state: restarted

roles/nginx/tasks/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Install nginx
+  ansible.builtin.dnf:
+    name: nginx
+    state: present
+
+- name: Copy nginx configuration default.confg
+  ansible.builtin.template:
+    src: nginx.conf
+    dest: /etc/nginx/nginx.conf
+    group: root
+    owner: root
+    mode: "0644"
+  notify: Restart nginx
+
+- name: Copy nginx configuration for wordpress
+  ansible.builtin.template:
+    src: wordpress.conf
+    dest: /etc/nginx/conf.d/wordpress.conf
+    group: root
+    owner: root
+    mode: "0644"
+  notify: Restart nginx

roles/nginx/templates/nginx.conf

@@ -0,0 +1,85 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    '$status $body_bytes_sent "$http_referer" '
+    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    # server {
+    #     listen       80 default_server;
+    #     listen       [::]:80 default_server;
+    #     server_name  _;
+    #     root         /usr/share/nginx/html;
+
+    #     # Load configuration files for the default server block.
+    #     include /etc/nginx/default.d/*.conf;
+    #     location / {
+    #     }
+    #     error_page 404 /404.html;
+    #         location = /40x.html {
+    #     }
+    #     error_page 500 502 503 504 /50x.html;
+    #         location = /50x.html {
+    #     }
+    # }
+    # Settings for a TLS enabled server.
+    #
+    #    server {
+    #        listen       443 ssl http2 default_server;
+    #        listen       [::]:443 ssl http2 default_server;
+    #        server_name  _;
+    #        root         /usr/share/nginx/html;
+    #
+    #        ssl_certificate "/etc/pki/nginx/server.crt";
+    #        ssl_certificate_key "/etc/pki/nginx/private/server.key";
+    #        ssl_session_cache shared:SSL:1m;
+    #        ssl_session_timeout  10m;
+    #        ssl_ciphers PROFILE=SYSTEM;
+    #        ssl_prefer_server_ciphers on;
+    #
+    #        # Load configuration files for the default server block.
+    #        include /etc/nginx/default.d/*.conf;
+    #
+    #        location / {
+    #        }
+    #
+    #        error_page 404 /404.html;
+    #            location = /40x.html {
+    #        }
+    #
+    #        error_page 500 502 503 504 /50x.html;
+    #            location = /50x.html {
+    #        }
+    #    }
+}
+

roles/nginx/templates/wordpress.conf

@@ -0,0 +1,31 @@
+server {
+        listen       80 default_server;
+        server_name  {{ server_hostname }};
+        root /srv/wordpress/ ;
+
+	client_max_body_size 64M;
+
+	# Deny access to any files with a .php extension in the uploads directory
+        location ~* /(?:uploads|files)/.*\.php$ {
+                deny all;
+        }
+
+        location / {
+                index index.php index.html index.htm;
+                try_files $uri $uri/ /index.php?$args;
+        }
+
+        location ~* \.(gif|jpg|jpeg|png|css|js)$ {
+                expires max;
+        }
+
+        location ~ \.php$ {
+                try_files $uri =404;
+                fastcgi_split_path_info ^(.+\.php)(/.+)$;
+                fastcgi_index index.php;
+                fastcgi_pass  unix:/var/run/php-fpm/wordpress.sock;
+                fastcgi_param   SCRIPT_FILENAME
+                                $document_root$fastcgi_script_name;
+                include       fastcgi_params;
+        }
+}

roles/php-fpm/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: Restart php-fpm
+  ansible.builtin.service:
+    name: php-fpm
+    state: restarted

roles/php-fpm/tasks/main.yml

@@ -0,0 +1,34 @@
+---
+- name: Install php-fpm and deps
+  ansible.builtin.dnf:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - "@php:8.0"
+    - php-curl
+    - php-dom
+    - php-exif
+    - php-fileinfo
+    - php-fpm
+    - php-gd
+    - php-hash
+    - php-json
+    - php-mbstring
+    - php-mysqli
+    - php-openssl
+    - php-pcre
+    - php-xml
+    - libsodium
+
+- name: Disable default pool
+  ansible.builtin.command: mv /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.disabled creates=/etc/php-fpm.d/www.disabled
+  notify: Restart php-fpm
+
+- name: Copy php-fpm configuration
+  ansible.builtin.template:
+    src: wordpress.conf
+    dest: /etc/php-fpm.d/
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart php-fpm

roles/php-fpm/templates/wordpress.conf

@@ -0,0 +1,15 @@
+[wordpress]
+listen = /var/run/php-fpm/wordpress.sock
+listen.owner = nginx
+listen.group = nginx
+listen.mode = 0660
+user = wordpress
+group = wordpress
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 1
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+pm.max_requests = 500
+chdir = /srv/wordpress/
+php_admin_value[open_basedir] = /srv/wordpress/:/tmp