Ansible 部署源码nginx

标签：git   url   redhat   ble   error   log   usr   server   nofile   

vim /etc/ansible/hosts
[nginx]
192.168.200.102

?创建管理目录：

mkdir -p nginx/roles/nginx_install/{files,handlers,meta,tasks,templates,vars}

cd nginx/

说明：

files：存放需要同步到异地服务器的源码文件及配置文件； 
handlers：当资源发生变化时需要进行的操作，若没有此目录可以不建或为空； 
meta：存放说明信息、说明角色依赖等信息，可留空； 
tasks：nginx安装过程成需要进行的执行的任务； 
templates：用于执行nginx安装的模板文件，一般为脚本； 
vars：本次安装定义的变量

[root@localhost ~]# tree /etc/ansible/nginx/
/etc/ansible/nginx/
├── nginx.yml
└── roles
    └── nginx_install
        ├── files
        │?? └── nginx-1.16.0.tar.gz
        ├── handlers
        ├── meta
        ├── tasks
        │?? ├── copy.yml
        │?? ├── install.yml
        │?? ├── main.yml
        │?? └── prepare.yml
        ├── templates
        │?? ├── fastcgi_params
        │?? ├── nginx.conf
        │?? ├── nginx.service
        │?? └── server.conf
        └── vars
            └── main.yml

8 directories, 11 files

?创建nginx入口文件，用来调用nginx_install：

[root@localhost nginx]# cat nginx.yml 
- hosts: nginx
  remote_user: root
  gather_facts: True

  roles:
    - nginx_install

?创建变量：

[root@localhost nginx]# cat roles/nginx_install/vars/main.yml
NGINX_VER: 1.16.0
NGINX_USER: nginx
NGINX_PORT: 80
SOURCE_DIR: /software
NGINX_DIR: /usr/local/nginx
DATA_DIR: /data/nginx

?创建模板文件：

nginx主配置文件nginx.conf

[root@localhost nginx]# cat roles/nginx_install/templates/nginx.conf
user nobody nobody; 
worker_processes  1;
error_log {{ DATA_DIR }}/log/error.log crit;
pid /run/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections  1024;
}

http {
    include       mime.types;
    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  {{ DATA_DIR }}/log/access.log  main;

    server_tokens       off;
    sendfile            on;
    send_timeout        3m;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    client_header_timeout 3m;
    client_body_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path {{ NGINX_DIR }}/client_body_temp;
    proxy_temp_path {{ NGINX_DIR }}/proxy_temp;
    fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp;
    fastcgi_intercept_errors on;    

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;

    default_type  application/octet-stream;
    include  {{ NGINX_DIR }}/conf/vhost/*.conf;
}

nginx vhost配置文件server.conf

[root@localhost nginx]# cat roles/nginx_install/templates/server.conf
server {
    listen       80;
    server_name  localhost;
    location / {
        root   {{ NGINX_DIR }}/html;
        index  index.php index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }   

    location ~ \.php$ {
    root   {{ NGINX_DIR }}/html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
}

nginx额外配置文件fastcgi_params

[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

nginx服务文件nginx.service

[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
[root@localhost nginx]# cat roles/nginx_install/templates/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t
ExecStart={{ NGINX_DIR }}/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target

?环境准备prepare.yml：

[root@localhost nginx]# cat roles/nginx_install/templates/server.conf
server {
    listen       80;
    server_name  localhost;
    location / {
        root   {{ NGINX_DIR }}/html;
        index  index.php index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }   

    location ~ \.php$ {
    root   {{ NGINX_DIR }}/html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
}
[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
[root@localhost nginx]# cat roles/nginx_install/templates/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t
ExecStart={{ NGINX_DIR }}/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target
[root@localhost nginx]# cat roles/nginx_install/tasks/prepare.yml
- name: 关闭firewalld
  service: name=firewalld state=stopped enabled=no

- name: 临时关闭 selinux
  shell: "setenforce 0"
  failed_when: false

- name: 永久关闭 selinux
  lineinfile:
    dest: /etc/selinux/config
    regexp: "^SELINUX="
    line: "SELINUX=disabled"

- name: 添加EPEL仓库
  yum: name=epel-release state=latest

- name: 安装常用软件包
  yum:
    name:
      - vim
      - lrzsz
      - net-tools
      - wget
      - curl
      - bash-completion
      - rsync
      - gcc
      - gcc-c++
      - unzip
      - git
      - autoconf
      - cmake
      - openssl
      - openssl-devel
      - pcre 
      - pcre-devel 
      - zlib
      - zlib-devel
      - gd-devel
      - libxml2-devel
    state: latest

- name: 更新系统
  shell: "yum update -y"
  args:
    warn: False

?文件拷贝copy.yml：

[root@localhost nginx]# cat roles/nginx_install/tasks/copy.yml
- name: 创建nginx用户组
  group: name={{ NGINX_USER }}  state=present

- name: 创建nginx用户
  user: name={{ NGINX_USER }}  group={{ NGINX_USER }}  state=present create_home=Fal
se shell=/sbin/nologin
- name: 创建software目录
  file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes

- name: 创建日志目录
  file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }
} mode=0755 recurse=yes  with_items:
  - "{{ DATA_DIR }}"
  - "{{ DATA_DIR }}/log"

- name: 创建日志文件
  file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mo
de=0644  with_items:
  - "{{ DATA_DIR }}/log/access.log"
  - "{{ DATA_DIR }}/log/error.log"

##当前主机下没有nginx包
#- name: 下载nginx包
#  get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} grou
p={{ NGINX_USER }}
  #当前主机file目录下已有nginx包
- name: 拷贝现有nginx包到所有主机
  copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }
} group={{ NGINX_USER }}
- name: 解压nginx包
  unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }}
 owner={{ NGINX_USER }} group={{ NGINX_USER }}
    #复制nginx服务文件
- name: 拷贝nginx服务文件
  template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root 
group=root

?编译安装install.yml：

[root@localhost nginx]#vim  roles/nginx_install/tasks/install.yml
1
#编译nginx
- name: 编译nginx
  shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module"

#安装nginx
- name: 安装nginx
  shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install"

#复制nginx主配置文件
- name: 拷贝nginx主配置文件
  template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }}

- name: 创建vhost配置文件目录
  file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes

#复制nginx vhost配置文件
- name: 拷贝nginx vhost配置文件
  template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644

#复制nginx额外配置文件
- name: 拷贝nginx额外配置文件
  template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644

- name: 配置环境变量
  shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi"

- name: 启动nginx并开机启动
  shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx"

?引用文件main.yml：

[root@localhost nginx]# cat roles/nginx_install/tasks/main.yml
- include: prepare.yml
- include: copy.yml
- include: install.yml

?执行安装：

# ansible-playbook nginx.yml
1
# netstat -lntp |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      48931/nginx: master

测试结果：

[root@localhost nginx]# ansible-playbook nginx.yml 

PLAY [nginx] **********************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [192.168.200.103]

TASK [nginx_install : 关闭firewalld] **********************************************************************************************************************************
**ok: [192.168.200.103]

TASK [nginx_install : 临时关闭 selinux] *******************************************************************************************************************************
****changed: [192.168.200.103]

TASK [nginx_install : 永久关闭 selinux] *******************************************************************************************************************************
****ok: [192.168.200.103]

TASK [nginx_install : 添加EPEL仓库] ***********************************************************************************************************************************
****ok: [192.168.200.103]

TASK [nginx_install : 创建nginx用户组] ********************************************************************************************************************************
*****ok: [192.168.200.103]

TASK [nginx_install : 创建nginx用户] **********************************************************************************************************************************
.........

Ansible 部署源码nginx

标签：git   url   redhat   ble   error   log   usr   server   nofile   

原文地址：https://blog.51cto.com/14801922/2493973