ansible-playbook批量部署Nginx

通过ansible-playbook，以源码编译方式部署Nginx。

• 将所有部署Nginx主机分为webserver组：

# vim /etc/ansible/hosts
[webserver]
192.168.30.128
192.168.30.129
192.168.30.130

• 创建管理目录：

#  mkdir -p Nginx/roles/Nginx_install/{files,handlers,Meta,tasks,templates,vars}

# cd Nginx/

说明：

files：存放需要同步到异地服务器的源码文件及配置文件； 
handlers：当资源发生变化时需要进行的操作，若没有此目录可以不建或为空； 
Meta：存放说明信息、说明角色依赖等信息，可留空； 
tasks：Nginx安装过程成需要进行的执行的任务； 
templates：用于执行Nginx安装的模板文件，一般为脚本； 
vars：本次安装定义的变量

# tree .
.
├── Nginx.yml
└── roles
    └── Nginx_install
        ├── files
        │   └── Nginx-1.15.0.tar.gz             #可提前下载好Nginx包放到files下
        ├── handlers
        ├── Meta
        ├── tasks
        │   ├── copy.yml
        │   ├── install.yml
        │   ├── main.yml
        │   └── prepare.yml
        ├── templates
        │   ├── fastcgi_params
        │   ├── Nginx.conf
        │   ├── Nginx.service
        │   └── server.conf
        └── vars
            └── main.yml

8 directories, 11 files

• 创建Nginx入口文件，用来调用Nginx_install：

# vim Nginx.yml 

#用于批量安装Nginx
- hosts: webserver
  remote_user: root
  gather_facts: True

  roles:
    - Nginx_install

• 创建变量：

# vim roles/Nginx_install/vars/main.yml

#定义Nginx安装中的变量
Nginx_VER: 1.15.0
DOWNLOAD_URL: http://Nginx.org/download/Nginx-{{ Nginx_VER }}.tar.gz
Nginx_USER: Nginx
Nginx_PORT: 80
SOURCE_DIR: /software
Nginx_DIR: /usr/local/Nginx
data_dir: /data/Nginx

• 创建模板文件：

Nginx主配置文件Nginx.conf

# vim roles/Nginx_install/templates/Nginx.conf

user nobody nobody;	
worker_processes  1;
error_log {{ data_dir }}/log/error.log crit;
pid /run/Nginx.pid;
worker_rlimit_nofile 51200;

events {
	use epoll;
    worker_connections  1024;
}

http {
    include       mime.types;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  {{ data_dir }}/log/access.log  main;

    server_tokens       off;
    sendfile        	on;
    send_timeout        3m;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    client_header_timeout 3m;
    client_body_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path {{ Nginx_DIR }}/client_body_temp;
    proxy_temp_path {{ Nginx_DIR }}/proxy_temp;
    fastcgi_temp_path {{ Nginx_DIR }}/fastcgi_temp;
    fastcgi_intercept_errors on;    

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;

    default_type  application/octet-stream;
    include  {{ Nginx_DIR }}/conf/vhost/*.conf;
}

Nginx vhost配置文件server.conf

# vim roles/Nginx_install/templates/server.conf

server {
	listen       80;
	server_name  localhost;
	location / {
		root   {{ Nginx_DIR }}/html;
		index  index.PHP index.html index.htm;
	}
	
	error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        	root   html;
        }	

	location ~ \.PHP$ {
	root   {{ Nginx_DIR }}/html;
	fastcgi_pass   127.0.0.1:9000;
	fastcgi_index  index.PHP;
	fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
	include        fastcgi_params;
	}
}

Nginx额外配置文件fastcgi_params

# vim roles/Nginx_install/templates/fastcgi_params

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    Nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

Nginx服务文件Nginx.service

# vim roles/Nginx_install/templates/Nginx.service

[Unit]
Description=The Nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/Nginx.pid
# Nginx will fail to start if /run/Nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `Nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/Nginx.pid
ExecStartPre={{ Nginx_DIR }}/sbin/Nginx -t
ExecStart={{ Nginx_DIR }}/sbin/Nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target

• 环境准备prepare.yml：

# vim roles/Nginx_install/tasks/prepare.yml

- name: 关闭firewalld
  service: name=firewalld state=stopped enabled=no

- name: 临时关闭 selinux
  shell: "setenforce 0"
  Failed_when: false

- name: 永久关闭 selinux
  lineinfile:
    dest: /etc/selinux/config
    regexp: "^SELINUX="
    line: "SELINUX=disabled"

- name: 添加EPEL仓库
  yum: name=epel-release state=latest

- name: 安装常用软件包
  yum:
    name:
      - vim
      - lrzsz
      - net-tools
      - wget
      - curl
      - bash-completion
      - rsync
      - gcc
      - gcc-c++
      - unzip
      - git
      - autoconf
      - cmake
      - openssl
      - openssl-devel
      - pcre 
      - pcre-devel 
      - zlib
      - zlib-devel
      - gd-devel
      - libxml2-devel
    state: latest

- name: 更新系统
  shell: "yum update -y"
  args:
    warn: False

• 文件拷贝copy.yml：

# vim roles/Nginx_install/tasks/copy.yml

- name: 创建Nginx用户组
  group: name={{ Nginx_USER }}  state=present

- name: 创建Nginx用户
  user: name={{ Nginx_USER }}  group={{ Nginx_USER }}  state=present create_home=False shell=/sbin/nologin

- name: 创建software目录
  file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes
  
- name: 创建日志目录
  file: name={{ item }} state=directory owner={{ Nginx_USER }} group={{ Nginx_USER }} mode=0755 recurse=yes
  with_items:
  - "{{ data_dir }}"
  - "{{ data_dir }}/log"
  
- name: 创建日志文件
  file: name={{ item }} state=touch owner={{ Nginx_USER }} group={{ Nginx_USER }} mode=0644
  with_items:
  - "{{ data_dir }}/log/access.log"
  - "{{ data_dir }}/log/error.log"

#当前主机下没有Nginx包
- name: 下载Nginx包
  get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ Nginx_USER }} group={{ Nginx_USER }}

#当前主机file目录下已有Nginx包
#- name: 拷贝现有Nginx包到所有主机
#  copy: src=Nginx-{{ Nginx_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ Nginx_USER }} group={{ Nginx_USER }}

- name: 解压Nginx包
  unarchive: src={{ SOURCE_DIR }}/Nginx-{{ Nginx_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ Nginx_USER }} group={{ Nginx_USER }}

#复制Nginx服务文件
- name: 拷贝Nginx服务文件
  template: src=Nginx.service dest=/usr/lib/systemd/system/Nginx.service owner=root group=root

• 编译安装install.yml：

# vim roles/Nginx_install/tasks/install.yml

#编译Nginx
- name: 编译Nginx
  shell: "cd {{ SOURCE_DIR }}/Nginx-{{ Nginx_VER }} && ./configure --prefix={{ Nginx_DIR }} --user={{ Nginx_USER }} --group={{ Nginx_USER }} --http-log-path={{ data_dir }}/log/access.log --error-log-path={{ data_dir }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module"
  
#安装Nginx
- name: 安装Nginx
  shell: "cd {{ SOURCE_DIR }}/Nginx-{{ Nginx_VER }} && make && make install"
  
#复制Nginx主配置文件
- name: 拷贝Nginx主配置文件
  template: src=Nginx.conf dest={{ Nginx_DIR }}/conf/Nginx.conf owner={{ Nginx_USER }} group={{ Nginx_USER }}

- name: 创建vhost配置文件目录
  file: name={{ Nginx_DIR }}/conf/vhost state=directory owner={{ Nginx_USER }} group={{ Nginx_USER }} mode=0755 recurse=yes

#复制Nginx vhost配置文件
- name: 拷贝Nginx vhost配置文件
  template: src=server.conf dest={{ Nginx_DIR }}/conf/vhost/server.conf owner={{ Nginx_USER }} group={{ Nginx_USER }} mode=0644
  
#复制Nginx额外配置文件
- name: 拷贝Nginx额外配置文件
  template: src=fastcgi_params dest={{ Nginx_DIR }}/conf/fastcgi_params owner={{ Nginx_USER }} group={{ Nginx_USER }} mode=0644

- name: 配置环境变量
  shell: " if [ `grep {{ Nginx_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ Nginx_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi"

- name: 启动Nginx并开机启动
  shell: "systemctl daemon-reload && systemctl enable Nginx && systemctl start Nginx"

• 引用文件main.yml：

# vim roles/Nginx_install/tasks/main.yml

#引用prepare、copy、install模块
- include: prepare.yml
- include: copy.yml
- include: install.yml

• 执行安装：

# ansible-playbook Nginx.yml

# netstat -lntp |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      48931/Nginx: master

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 [email protected] 举报，一经查实，本站将立刻删除。