ansible-playbook批量部署nginx

一．Ansible

ansible是新出现的运维工具是基于Python研发的糅合了众多老牌运维工具的优点实现了批量操作系统配置、批量程序的部署、批量运行命令等功能。

yun install -y ansible

二．Playbook编写

首先，ansible主机要和部署的主机要免密钥通讯

ssh-keygenssh-copyid 192.168.37.26

定义主机组

[root@w5 ~]# vim /etc/ansible/hosts[webserver]192.168.37.26

创建目录结构

cd /etc/ansible/roles/mkdir nginx/{files,templates,vars,handlers,meta,default,tasks} -pv

files/：存储由copy或script等模块调用的文件；

wget http://nginx.org/download/nginx-1.13.6.tar.gz

tasks/：此目录中至少应该有一个名为main.yml的文件，用于定义各task；其它的文件需要由main.yml进行“包含”调用；

cat main.yml- name: copy package  copy: src=nginx-1.13.6.tar.gz dest=/usr/local/src/nginx-1.13.6.tar.gz  tags: cppkg- name: tar nginx  shell: cd /usr/local/src;tar -xf nginx-1.13.6.tar.gz- name: yum install  yum: name={{ item }} state=latest  with_items:    - openssl-devel    - pcre-devel    - gcc- name: install nginx  shell: useradd nginx;cd /usr/local/src/nginx-1.13.6;./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_flv_module --with-http_stub_status_module --with-http_gzip_static_module  --with-pcre;make && make install- name: copy conf file  template: src=nginx.conf dest=/usr/local/nginx/conf/nginx.conf- name: systemctl init  template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service- name: start nginx service  service: name=nginx state=started enabled=true

handlers/：此目录中至少应该有一个名为main.yml的文件，用于定义各handler；其它的文件需要由main.yml进行“包含”调用；

vars/：此目录中至少应该有一个名为main.yml的文件，用于定义各variable；其它的文件需要由main.yml进行“包含”调用；

vim main.ymlnginxport: "8080"server_name: "web.wsl.com"root_dir: "/web"

templates/：存储由template模块调用的模板文本；

[root@w5 templates]# cat nginx.confuser  nginx;worker_processes  {{ ansible_processor_vcpus }};#error_log  logs/error.log;#error_log  logs/error.log  notice;#error_log  logs/error.log  info;#pid        logs/nginx.pid;events {    worker_connections  65535;}http {    include       mime.types;    default_type  application/octet-stream;    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '    #                  '$status $body_bytes_sent "$http_referer" '    #                  '"$http_user_agent" "$http_x_forwarded_for"';    #access_log  logs/access.log  main;    sendfile        on;    #tcp_nopush     on;    #keepalive_timeout  0;    keepalive_timeout  65;    #gzip  on;    server {        listen       {{ nginxport }};        server_name  localhost;        #charset koi8-r;        #access_log  logs/host.access.log  main;        location / {            root   html;            index  index.html index.htm;        }        #error_page  404              /404.html;        # redirect server error pages to the static page /50x.html        #        error_page   500 502 503 504  /50x.html;        location = /50x.html {            root   html;        }        # proxy the PHP scripts to Apache listening on 127.0.0.1:80        #        #location ~ \.php$ {        #    proxy_pass   http://127.0.0.1;        #}        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000        #        #location ~ \.php$ {        #    root           html;        #    fastcgi_pass   127.0.0.1:9000;        #    fastcgi_index  index.php;        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;        #    include        fastcgi_params;        #}        # deny access to .htaccess files, if Apache's document root        # concurs with nginx's one        #        #location ~ /\.ht {        #    deny  all;        #}    }    # another virtual host using mix of IP-, name-, and port-based configuration    #    #server {    #    listen       8000;    #    listen       somename:8080;    #    server_name  somename  alias  another.alias;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}    # HTTPS server    #    #server {    #    listen       443 ssl;    #    server_name  localhost;    #    ssl_certificate      cert.pem;    #    ssl_certificate_key  cert.key;    #    ssl_session_cache    shared:SSL:1m;    #    ssl_session_timeout  5m;    #    ssl_ciphers  HIGH:!aNULL:!MD5;    #    ssl_prefer_server_ciphers  on;    #    location / {    #        root   html;    #        index  index.html index.htm;    #    }    #}}

[root@w5 templates]# cat nginx.service[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target remote-fs.target nss-lookup.target[Service]Type=forkingPIDFile=/usr/local/nginx/logs/nginx.pidExecStartPre=/usr/bin/rm -f /run/nginx.pidExecStartPre=/usr/local/nginx/sbin/nginx -tExecStart=/usr/local/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDKillMode=processKillSignal=SIGQUITTimeoutStopSec=5PrivateTmp=true[Install]WantedBy=multi-user.target

meta/：此目录中至少应该有一个名为main.yml的文件，定义当前角色的特殊设定及其依赖关系；其它的文件需要由main.yml进行“包含”调用；

default/：此目录中至少应该有一个名为main.yml的文件，用于设定默认变量；

三．定义一个主调用文件

[root@w5 ansible]# pwd/etc/ansible[root@w5 ansible]# cat nginx.yaml - hosts: webserver  remote_user: root  roles:  - nginx

四．检测语法

[root@w5 ansible]# ansible-playbook --syntax-check /etc/ansible/nginx.yaml playbook: /etc/ansible/nginx.yaml

##语法没有问题

五．测设部署

[root@w5 ansible]# ansible-playbook -C  /etc/ansible/nginx.yaml

##可以通过-C先测试一下，我测试过，这里就不再试一遍直接开始

[root@w5 ansible]# ansible-playbook  /etc/ansible/nginx.yaml PLAY [webserver] **********************************************************************TASK [Gathering Facts] ****************************************************************ok: [192.168.37.26]TASK [nginx : copy package] ***********************************************************changed: [192.168.37.26]TASK [nginx : tar nginx] **************************************************************changed: [192.168.37.26]TASK [nginx : yum install] ************************************************************changed: [192.168.37.26] => (item=[u'openssl-devel', u'pcre-devel', u'gcc'])TASK [nginx : install nginx] **********************************************************changed: [192.168.37.26]TASK [nginx : copy conf file] *********************************************************changed: [192.168.37.26]TASK [nginx : systemctl init] *********************************************************changed: [192.168.37.26]TASK [nginx : start nginx service] ****************************************************changed: [192.168.37.26]PLAY RECAP ****************************************************************************192.168.37.26              : ok=8    changed=7    unreachable=0    failed=0  

我们直接去部署的那台主机看下

[root@w6 ~]# systemctl status nginx● nginx.service - The nginx HTTP and reverse proxy server   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)   Active: active (running) since Sat 2017-10-28 03:52:31 EDT; 1min 11s ago  Process: 4389 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)  Process: 4387 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, status=0/SUCCESS)  Process: 4385 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 4392 (nginx)   CGroup: /system.slice/nginx.service           ├─4392 nginx: master process /usr/local/nginx/sbin/nginx           └─4393 nginx: worker processOct 28 03:52:31 w6 systemd[1]: Starting The nginx HTTP and reverse proxy server...Oct 28 03:52:31 w6 nginx[4387]: nginx: the configuration file /usr/local/nginx/co... okOct 28 03:52:31 w6 nginx[4387]: nginx: configuration file /usr/local/nginx/conf/n...fulOct 28 03:52:31 w6 systemd[1]: Failed to read PID from file /usr/local/nginx/logs...entOct 28 03:52:31 w6 systemd[1]: Started The nginx HTTP and reverse proxy server.Hint: Some lines were ellipsized, use -l to show in full.

##nginx启动了，也可以通过systemctl控制。

##现在测下能否访问到nginx的网页

##nginx页面访问成功，部署成功