ansible-playbook批量部署nginx，nginx

ansible-playbook批量部署nginx，nginx

一．Ansible

ansible是新出现的运维工具是基于Python研发的糅合了众多老牌运维工具的优点实现了批量操作系统配置、批量程序的部署、批量运行命令等功能。

yun install -y ansible

二．Playbook编写

首先，ansible主机要和部署的主机要免密钥通讯

ssh-keygen
ssh-copyid 192.168.37.26

定义主机组

[root@w5 ~]# vim /etc/ansible/hosts
[webserver]
192.168.37.26

创建目录结构

cd /etc/ansible/roles/
mkdir nginx/{files,templates,vars,handlers,meta,default,tasks} -pv

files/：存储由copy或script等模块调用的文件；

wget http://nginx.org/download/nginx-1.13.6.tar.gz

tasks/：此目录中至少应该有一个名为main.yml的文件，用于定义各task；其它的文件需要由main.yml进行“包含”调用；

cat main.yml

- name: copy package
  copy: src=nginx-1.13.6.tar.gz dest=/usr/local/src/nginx-1.13.6.tar.gz
  tags: cppkg

- name: tar nginx
  shell: cd /usr/local/src;tar -xf nginx-1.13.6.tar.gz

- name: yum install
  yum: name={{ item }} state=latest
  with_items:
    - openssl-devel
    - pcre-devel
    - gcc

- name: install nginx
  shell: useradd nginx;cd /usr/local/src/nginx-1.13.6;./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module  --with-pcre;make && make install

- name: copy conf file
  template: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf

- name: systemctl init
  template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service

- name: start nginx service
  service: name=nginx state=started enabled=true

handlers/：此目录中至少应该有一个名为main.yml的文件，用于定义各handler；其它的文件需要由main.yml进行“包含”调用；

vars/：此目录中至少应该有一个名为main.yml的文件，用于定义各variable；其它的文件需要由main.yml进行“包含”调用；

vim main.yml

nginxport: "8080"
server_name: "web.wsl.com"
root_dir: "/web"

templates/：存储由template模块调用的模板文本；

[root@w5 templates]# cat nginx.conf

user  nginx;
worker_processes  {{ ansible_processor_vcpus }};

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  65535;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       {{ nginxport }};
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

[root@w5 templates]# cat nginx.service

[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=process
KillSignal=SIGQUIT
TimeoutStopSec=5
PrivateTmp=true

[Install]
WantedBy=multi-user.target

meta/：此目录中至少应该有一个名为main.yml的文件，定义当前角色的特殊设定及其依赖关系；其它的文件需要由main.yml进行“包含”调用；

default/：此目录中至少应该有一个名为main.yml的文件，用于设定默认变量；

三．定义一个主调用文件

[root@w5 ansible]# pwd
/etc/ansible
[root@w5 ansible]# cat nginx.yaml 
- hosts: webserver
  remote_user: root
  roles:
  - nginx

四．检测语法

[root@w5 ansible]# ansible-playbook --syntax-check /etc/ansible/nginx.yaml 

playbook: /etc/ansible/nginx.yaml

##语法没有问题

五．测设部署

[root@w5 ansible]# ansible-playbook -C  /etc/ansible/nginx.yaml

##可以通过-C先测试一下，我测试过，这里就不再试一遍直接开始

[root@w5 ansible]# ansible-playbook  /etc/ansible/nginx.yaml 

PLAY [webserver] **********************************************************************

TASK [Gathering Facts] ****************************************************************
ok: [192.168.37.26]

TASK [nginx : copy package] ***********************************************************
changed: [192.168.37.26]

TASK [nginx : tar nginx] **************************************************************
changed: [192.168.37.26]

TASK [nginx : yum install] ************************************************************
changed: [192.168.37.26] => (item=[u'openssl-devel', u'pcre-devel', u'gcc'])

TASK [nginx : install nginx] **********************************************************
changed: [192.168.37.26]

TASK [nginx : copy conf file] *********************************************************
changed: [192.168.37.26]

TASK [nginx : systemctl init] *********************************************************
changed: [192.168.37.26]

TASK [nginx : start nginx service] ****************************************************
changed: [192.168.37.26]

PLAY RECAP ****************************************************************************
192.168.37.26              : ok=8    changed=7    unreachable=0    failed=0  

我们直接去部署的那台主机看下

[root@w6 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-10-28 03:52:31 EDT; 1min 11s ago
  Process: 4389 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 4387 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 4385 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 4392 (nginx)
   CGroup: /system.slice/nginx.service
           ├─4392 nginx: master process /usr/local/nginx/sbin/nginx
           └─4393 nginx: worker process

Oct 28 03:52:31 w6 systemd[1]: Starting The nginx HTTP and reverse proxy server...
Oct 28 03:52:31 w6 nginx[4387]: nginx: the configuration file /usr/local/nginx/co... ok
Oct 28 03:52:31 w6 nginx[4387]: nginx: configuration file /usr/local/nginx/conf/n...ful
Oct 28 03:52:31 w6 systemd[1]: Failed to read PID from file /usr/local/nginx/logs...ent
Oct 28 03:52:31 w6 systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.

##nginx启动了，也可以通过systemctl控制。

##现在测下能否访问到nginx的网页

##nginx页面访问成功，部署成功