Ansible自动化编译安装Nginx服务
Ansible自动化编译安装Nginx服务
老七Linux
发布于 2018-05-31 12:43:53
发布于 2018-05-31 12:43:53
文章被收录于专栏:Laoqi's Linux运维专列
企业的生意是越来越NB,咱运维也不能落下。部署了那么多线上服务器,80%以上几乎都是脚本搞定,自动化的今天我可能有点土逼了。。 说搞就搞~~
Ansible 这款软件简直是太灵巧了。如下分享是经过实操的,也就是真正应用在了线上。后期的可扩展性极强!
- 充分利用现有设施。使用 Ansible 无需安装服务端和客户端,只要 SSH 即可。这意味着,任何一台装有 Ansible 的机器都可以成为强大的管理端。我觉得,这种去中心化的思路显得更为灵活。可能有人会担心 SSH 的效率,Ansible 的并行执行及加速模式或许可以打消你的顾虑。
- 使用简单,快速上手相当容易。Ansible 上手十分快,用 Ad-Hoc 可以应付简单的管理任务,麻烦点的也可以定义 Playbook 文件来搞定。
- 采用人类易读的格式。Ansible 的主机定义文件使用 INI 格式,支持分组,能够指定模式;此外也能动态生成,这对管理云主机应当很有用。而 Playbook 则是 YAML 格式。
- 能够使用你熟悉的语言来编写模块。虽然 Ansible 是使用 Python 开发的,但它不会将你限制到某种具体的编程语言,Bash、Python、Perl、Ruby 等等都可以,你擅长什么就用什么。
我们企业的区域主框架图和这个类似:
mark
- 定义主机组:
[[email protected] ~]# cd /etc/ansible/
[[email protected] ansible]# vim hosts
[webserver]
192.168.5.102
192.168.5.104- 先来看下目录结构:
[[email protected] roles]# tree
.
├── nginx_config
│ ├── default
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ │ └── temp_server.conf
│ └── vars
│ └── main.yml
└── nginx_install
├──default
├──files
│ └── nginx-1.12.0.tar.gz
├──handlers
│ └── main.yml
├──meta
├──tasks
│ └── main.yml
├──templates
│ └── nginx.conf
└── vars
[[email protected] roles]# cd nginx_install/
[[email protected] nginx_install]# ls
default files handlers meta tasks templates vars- task定义开始任务:
[[email protected] nginx_install]# cd tasks/
[[email protected] tasks]# cat main.yml
- name: copynginx package to remote host
copy: src=nginx-1.12.0.tar.gz dest=/tmp/nginx-1.12.0.tar.gz ##拉取nginx解压吧
tags: cppkg
- name: tarnginx
shell: cd /tmp;tar -xf nginx-1.12.0.tar.gz ##解压nginx包
- name: installpakger
yum: name={{ item }} state=latest ##安装依赖包
with_items:
- openssl-devel
- pcre-devel
- gcc
- name: install nginx
shell: cd /tmp/nginx-1.12.0;./configure--user=nginx --group=nginx --prefix=/usr/local/nginx--with-http_stub_status_module --with-http_ssl_module --with-pcre;make&& make install ####编译安装
- name: copy conf file nginx.conf
template: src=nginx.confdest=/usr/local/nginx/conf/nginx.conf ###复制在template目录下的配置文件
tags: ngxconf
- name: copy shell
copy: src=/opt/create_users.shdest=/tmp/create_users.sh ##拉取创建用户的shell脚本
- name: create user nginx
shell: /bin/bash /tmp/create_users.sh
tags: addnginx
notify: start nginx service为什么要写这个脚本?因为加入有些主机创建的用户已存在就会报错
[[email protected] tasks]# cat /opt/create_users.sh
#!/bin/bash
a=`cat /etc/passwd | awk -F ':' '{print $1}'|grep nginx | wc -l`
if [ $a == 0];then
useradd nginx
fi- 第二行copy对应file目录:
[root@zhdy01 nginx_install]# cd files/
[root@zhdy01 files]# ls
nginx-1.12.0.tar.gz- template这一行对应的是template这个目录和主服务端定义的变量:
[[email protected] nginx_install]# cd templates/
[[email protected] templates]# ls
nginx.conf
[[email protected] templates]# cat nginx.conf
user nginx;
worker_processes {{ ansible_processor_vcpus }};
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user[$time_local] "$request" '
# '$status $body_bytes_sent"$http_referer" '
# '"$http_user_agent""$http_x_forwarded_for"';
log_format zhdy01 '$remote_addr -$remote_user [$time_local] '
'"$request" $status$body_bytes_sent '
'"$http_referer" "$http_user_agent" ';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen {{ ngxport }};
server_name www.zhdy01.com
access_log logs/www.zhdy01.com zhdy01;
#location / {
# proxy_pass http://192.168.5.101;
#}
#error_page 404 /404.html;
# redirect server error pages to thestatic page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apachelistening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGIserver listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /web;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME$document_root$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, ifApache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
include vhosts/*.conf;
}##需要注意的就是模板变量(客户端自动采集)、和在服务端定义的变量{{ngx_port}}- 在vars定义变量:
[root@zhdy01 nginx_install]# cd vars/
[root@zhdy01 vars]# cat main.yml
ngxport:"8080"- 定义触发器:
[[email protected] nginx_install]# cd handlers/
[[email protected] handlers]# cat main.yml
- name: startnginx service
shell: /usr/loal/nginx/sbin/nginx- 在nginx_config目录加入我们经常要增加nginx站点,直接写好模板推送到vhos目录:
[[email protected] roles]# cd nginx_config/
[[email protected] nginx_config]# ls
default files handlers meta tasks templates vars
[[email protected] nginx_config]# cd templates/
[[email protected] templates]# ls
temp_server.conf
[[email protected] templates]# cat temp_server.conf
server
{
listen 80;
server_name {{server_name }};
index index.phpindex.html;
root {{root_dir }};
}
###在var定义变量:
[[email protected] templates]# cd ../vars/
[[email protected] vars]# cat main.yml
server_name: "www.zhdy01.com"
root_dir:"/web"- 写配置nginx的tasks步骤:
[[email protected] nginx_config]# cd tasks/
[[email protected] tasks]# ls
main.yml
[[email protected] tasks]# cat main.yml
- name: createvhosts
shell: mkdir -p /usr/local/nginx/conf/vhosts/
tags: create_dir
- name: copyconf file nginx.conf # 调用templates模块
template: src=temp_server.confdest=/usr/local/nginx/conf/vhosts/{{ server_name }}.conf
tags: ngxconf
notify: reload nginx service
###定义重启触发器:
[[email protected] tasks]# cd ../handlers/
You have newmail in /var/spool/mail/root
[[email protected] handlers]# cat main.yml
- name: reloadnginx service
shell: /usr/local/nginx/sbin/nginx-t;/usr/local/nginx/sbin/nginx -s reload- 最终定义下入口:
[[email protected] ~]# cat /etc/ansible/nginx.yaml
- hosts: 192.168.5.102
remote_user: root
roles:
-nginx_install ###roles目录下的nginx_install目录
-nginx_config ###roles目录下的nginx_config目录- 测试:
[[email protected] ansible]# ansible-playbook -C nginx.yaml
PLAY[192.168.5.104] **********************************************************
GATHERING FACTS***************************************************************
ok:[192.168.5.104]
TASK:[nginx_install | copy nginx package to remote host] *********************
changed:[192.168.5.104]
TASK:[nginx_install | tar nginx] *********************************************
skipping:[192.168.5.104]
ok:[192.168.5.104]
TASK:[nginx_install | install pakger] ****************************************
changed: [192.168.5.104]=> (item=openssl-devel,pcre-devel,gcc)
TASK:[nginx_install | install nginx] *****************************************
skipping:[192.168.5.104]
ok:[192.168.5.104]
TASK:[nginx_install | copy conf file nginx.conf] *****************************
changed:[192.168.5.104]
TASK:[nginx_install | copy shell] ********************************************
changed:[192.168.5.104]
TASK:[nginx_install | create user nginx] *************************************
skipping:[192.168.5.104]
ok: [192.168.5.104]
TASK:[nginx_config | create vhosts] ******************************************
skipping:[192.168.5.104]
ok:[192.168.5.104]
TASK:[nginx_config | copy conf file nginx.conf] ******************************
changed:[192.168.5.104]
NOTIFIED:[nginx_config | reload nginx service] *******************************
skipping:[192.168.5.104]
ok:[192.168.5.104]
PLAY RECAP********************************************************************
192.168.5.104 : ok=6 changed=5 unreachable=0 failed=0[[email protected] ansible]# ansible-playbook nginx.yaml
PLAY [192.168.5.104] **********************************************************
GATHERING FACTS ***************************************************************
ok: [192.168.5.104]
TASK: [nginx_install | copy nginx package to remote host] *********************
ok: [192.168.5.104]
TASK: [nginx_install | tar nginx] *********************************************
changed: [192.168.5.104]
TASK: [nginx_install | install pakger] ****************************************
ok: [192.168.5.104] => (item=openssl-devel,pcre-devel,gcc)
TASK: [nginx_install | install nginx] *****************************************
changed: [192.168.5.104]
TASK: [nginx_install | copy conf file nginx.conf] *****************************
ok: [192.168.5.104]
TASK: [nginx_install | copy shell] ********************************************
ok: [192.168.5.104]
TASK: [nginx_install | create user nginx] *************************************
changed: [192.168.5.104]
TASK: [nginx_config | create vhosts] ******************************************
changed: [192.168.5.104]
TASK: [nginx_config | copy conf file nginx.conf] ******************************
ok: [192.168.5.104]
NOTIFIED: [nginx_install | start nginx service] *******************************
changed: [192.168.5.104]
PLAY RECAP ********************************************************************
192.168.5.104 : ok=11 changed=5 unreachable=0 failed=0[[email protected] ~]# ifconfig
ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.5.104 netmask 255.255.255.0 broadcast 192.168.5.255
[[email protected] ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 29264/nginx: master
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 29264/nginx: master 本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2017/12/18,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
相关产品与服务
云服务器
云服务器(Cloud Virtual Machine,CVM)提供安全可靠的弹性计算服务。 您可以实时扩展或缩减计算资源,适应变化的业务需求,并只需按实际使用的资源计费。使用 CVM 可以极大降低您的软硬件采购成本,简化 IT 运维工作。
腾讯云开发者
