在docker中使用ansible来源码编译nginx服务
说明: 1)在VM上装了一个4核8G的centos7.5系统 2)docker版本为 18.06.0-ce docker的安装不再讲述
1、创建一个带有含有ssh的镜像,通过编写Dockerfile
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | # Set the base image to centos FROM centos:latest MAINTAINER fei #mount volume VOLUME ["/root/docker/ansible-demo/volume2"] ################## BEGIN INSTALLATION ###################### #install EPEL RUN rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm \ && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 \ && yum install -y yum-priorities RUN yum install -y sudo RUN yum install -y \ net-tools \ openssh-clients \ openssh-server \ ansible \ vim ################## END INSTALLATION ###################### # 将sshd的UsePAM参数设置成no,优化ssh连接 RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config # 修改root用户密码,这里密码为:devilf RUN echo "root:devilf"|chpasswd RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key # 启动sshd服务并且暴露22端口 RUN mkdir /var/run/sshd EXPOSE 22 ENTRYPOINT ["/usr/sbin/sshd","-D"] |
|---|
2、开始构建镜像
1 | docker build --no-cache -t fei/centos:ssh_ansible . |
|---|
3、启动容器(需要开启特权模式,否则会报错:Failed to get D-Bus connection: Operation not permitted)
1 2 3 | docker run -itd -p 20021:22 --privileged=true --name node1 fei/centos:ssh_ansible docker run -itd -p 20022:22 --privileged=true --name node2 fei/centos:ssh_ansible docker run -itd -p 20020:22 --privileged=true --name ansible_server fei/centos:ssh_ansible |
|---|
4、配置ansible主机清单,并建立互信关系 修改ansible.cfg文件,将默认的hosts文件改为一个目录,修改为:
1 | inventory = /etc/ansible/conf.d |
|---|
设置清单
1 2 3 4 5 6 7 | # cat conf.d/docker [nodes] 172.17.0.2 172.17.0.3 172.17.0.4 172.17.0.5 |
|---|
生成密钥
1 | ssh-keygen |
|---|
下发密钥
1 | ssh-copy-id root@172.17.0.2 |
|---|
5、测试
1 | ansible nodes -m ping |
|---|
注意: 查看容器IP的方法:
1 | docker inspect --format '{{ .NetworkSettings.IPAddress }}' container_id |
|---|
停止容器:
1 | docker stop container_id |
|---|
删除容器:
1 | docker container rm container_id |
|---|
下面就要开始通过playbook来源码编译安装nginx
可以针对所有的服务安装创建一个专门的目录,例如这里安装nginx,可以创建一个目录,目录结构为:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | tree roles/ roles/ ├── conf │ ├── default │ ├── files │ ├── handlers │ │ └── main.yml │ ├── meta │ ├── tasks │ │ └── main.yml │ ├── templates │ │ └── temp_server.conf │ └── vars │ └── main.yml ├── install │ ├── default │ ├── files │ │ └── nginx-1.12.0.tar.gz │ ├── handlers │ │ └── main.yml │ ├── meta │ ├── tasks │ │ └── main.yml │ ├── templates │ │ ├── nginx.conf │ │ ├── web1.conf │ │ └── web2.conf │ └── vars │ └── main.yml ├── nginx.retry ├── nginx.yaml └── site.yml |
|---|
分为两部分,conf目录主要是方便增加站点,存放配置文件;install目录主要是为了安装nginx,该目录下会存放安装所用的源码包,配置文件等 install目录下定义一个任务:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | # cat tasks/main.yml - name: cp nginx package to remote host copy: src=nginx-1.12.0.tar.gz dest=/tmp/nginx-1.12.0.tar.gz #去files目录中拉取源码包 tags: cp-nginx-pkg - name: tar nginx package shell: cd /tmp; tar zxf nginx-1.12.0.tar.gz - name: install nginx depend pkg yum: name={{ item }} state=latest #item是一个变量,用来指定下面的一些依赖包名 with_items: - openssl-devel - pcre-devel - gcc - gcc-c++ - autoconf - automake - libtool - make - cmake - zlib - zlib-devel - openssl - pcre-devel - libxslt-devel - name: install nginx shell: cd /tmp/nginx-1.12.0; ./configure --user=www --group=www --prefix=/usr/local/nginx \ --with-http_stub_status_module \ --with-http_ssl_module \ --with-pcre && make && make install - name: cp conf template: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf #这个是去templates目录中拉取配置文件 tags: nginx-conf - name: cp shell copy: src=/ansible/script/create_users.sh dest=/tmp/create_users.sh #这个脚本的目的是检测目标机器是否已经存在所建的用户,如果存在机会创建用户会报错 - name: create nginx user shell: /bin/bash /tmp/create_users.sh tags: add-nginx notify: start nginx service |
|---|
上面脚本内容:
1 2 3 4 5 6 7 8 9 10 | # cat /ansible/script/create_users.sh #!/bin/bash name="www" num=$(grep -c $name /etc/passwd) if [ $num -eq 0 ];then groupadd $name useradd -g $name $name -s /sbin/nologin fi |
|---|
1 2 | # cat vars/main.yml ngxport: "8080" |
|---|
主配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | # cat templates/nginx.conf user www; worker_processes {{ ansible_processor_vcpus }}; events { worker_connections 65535; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user[$time_local] "$request" ' '$status $body_bytes_sent"$http_referer" ' '"$http_user_agent""$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; keepalive_timeout 65; server { listen {{ ngxport }}; server_name www.a.com; access_log logs/a.com; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } include conf.d/*.conf; } |
|---|
定义触发器
1 2 3 | # cat handlers/main.yml - name: start nginx service shell: /usr/local/nginx/sbin/nginx |
|---|
我们这里要新增一个站点做测试,需要修改的目录(需要切换到conf目录中)有: 定义变量,用于配置文件的引用:
1 2 3 | # cat vars/main.yml server_name: "www.a.com" #每次新增站点时,可以修改此域名 root_dir: "/data/web" |
|---|
因为新增站点时,是基于域名的虚拟主机,所以端口均为默认的80端口 编写新增站的配置文件:
1 2 3 4 5 6 7 8 | # cat templates/temp_server.conf server { listen 80; server_name {{server_name}}; index index.php index.html; root {{root_dir}}; } |
|---|
在var目录中定义变量:
1 2 3 4 | cat main.yml server_name: "www.a.com" root_dir: "/data/web" |
|---|
编写配置nginx的tasks步骤哦:
1 2 3 4 5 6 7 8 9 10 11 | cd tasks cat main.yml - name: create vhosts shell: mkdir -p /usr/local/nginx/conf/conf.d/ tags: create_dir - name: cp file nginx.conf template: src=temp_server.conf dest=/usr/local/nginx/conf/conf.d/{{server_name}}.conf tags: ngxconf notify: reload nginx service |
|---|
定义角色路径
1 2 3 4 5 6 7 8 9 | #回到roles的上级目录下 cat nginx.yaml - hosts: web1 remote_user: root roles: - install - conf |
|---|
测试:
1 | ansible-playbook -C nginx.yaml |
|---|
测试通过后可以真正去执行
1 | ansible-playbook nginx.yaml |
|---|
腾讯云开发者
