Ansible运维实战-自动化安装nginx
Ansible运维实战1.Ansible自动化安装nginx
(1).情况预备
我们创建两台虚拟机分别为server节点、host1节点
两个节点根据节点规划来修改主机名
我们在server节点下安装ansible、其余节点不进行设置
节点
Ip地址
Server节点
192.168.77.171
Host1节点
192.168.77.172
我们先创建一个nginx脚色
# ansible-galaxy init /etc/ansible/roles/nginx 将在当前目次下创建一个名为 nginx 的新目次,并添补尺度的脚色布局。脚色布局如下:
# tree /etc/ansible/roles/nginx/
/etc/ansible/roles/nginx/
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ └── main.yml
├── templates
├── tests
│ ├── inventory
│ └── test.yml
└── vars
└── main.yml https://i-blog.csdnimg.cn/direct/3896e2d20bb4471c8faa355f5b023eb6.png
我们先用wget下令在server节点上拉取nginx-1.9.6.tar.gz压缩包然后解压压缩包进行编译安装
# wget http://mirrors.sohu.com/nginx/nginx-1.9.6.tar.gz
# tar -zxvf nginx-1.9.6.tar.gz
# cd nginx-1.9.6
# ./configure --prefix=/usr/local/nginx #编译安装
# make && make install
将nginx-1.9.6.tar.gz复制到/etc/ansible/roles/nginx/files目次下
# cp nginx-1.9.6.tar.gz /etc/ansible/roles/nginx/files/ (2).文件内容
定义设置文件
# vi /etc/ansible/roles/nginx/tasks/main.yml
# cat /etc/ansible/roles/nginx/tasks/main.yml
- name: 创建 Nginx 用户
user:
name: "{{ nginx_user }}"
system: yes
shell: /sbin/nologin
state: present
- name: 安装依赖包
yum:
name: zlib-devel,pcre-devel,gcc
state: present
- name: 复制nginx压缩包
copy:
src: "{{ nginx_package_path }}"
dest: /root/nginx-1.9.6.tar.gz
owner: root
group: root
mode: 0644
- name: 解压压缩包
unarchive:
src: "/root/nginx-1.9.6.tar.gz"
dest: "/root/"
remote_src: yes # 如果文件已经在远程主机上,则设置为 no
- name: 编译安装 Nginx
shell: >
cd /root/nginx-1.9.6 &&
./configure --prefix=/usr/local/nginx &&
make && make install
- name: 编写 Nginx 启动文件
template:
src: "{{ nginx_service_j2_file_path }}"
dest: /etc/systemd/system/nginx.service
owner: root
group: root
mode: '0755'
notify: daemon-reload
- name: 编写 Nginx 配置文件
template:
src: "{{ nginx_conf_j2_file_path }}"
dest: /usr/local/nginx/conf/nginx.conf
owner: root
group: root
mode: '0644'
notify: reload nginx
- name: 检查 Nginx 配置文件语法
command: /usr/local/nginx/sbin/nginx -t
register: nginx_test
changed_when: false
failed_when: "'test failed' in nginx_test.stdout"
- name: 启动 Nginx 服务并设置开机自启
systemd:
name: nginx
state: started
enabled: true
when: nginx_test is succeeded
- name: 删除 Nginx 压缩包
file:
path: /root/nginx-1.9.6.tar.gz
state: absent 定义templates天生设置文件
Nginx设置文件
# vi /etc/ansible/roles/nginx/templates/nginx.conf.j2
# cat /etc/ansible/roles/nginx/templates/nginx.conf.j2
user {{ nginx_user }}; # 设置 Nginx 服务使用的系统用户
worker_processes {{ ansible_processor_vcpus }}; # 工作进程数
error_log /usr/local/nginx/logs/error.log warn; # Nginx 的错误日志
pid /usr/local/nginx/logs/nginx.pid; # Nginx 启动时的 PID 文件
events {
worker_connections 1024; # 每个进程允许的最大连接数
}
http { # HTTP 请求配置,一个 http 可以包含多个 server
# 定义 Content-Type
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# 访问日志
access_log /usr/local/nginx/logs/access.log main;
# 高效文件传输
sendfile on;
keepalive_timeout 65;
server { # HTTP 服务配置
listen {{ nginxport }};
server_name localhost;
location / {
root /usr/local/nginx/html; # 页面存放目录
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/nginx/html;
}
}
include /usr/local/nginx/conf.d/*.conf;
} Nginx启动脚本
# vi /etc/ansible/roles/nginx/templates/nginx.service.j2
# cat /etc/ansible/roles/nginx/templates/nginx.service.j2
Description=A high performance web server and a reverse proxy server
After=network.target
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
WantedBy=multi-user.target 定义变量
# vi /etc/ansible/roles/nginx/vars/main.yml
# cat /etc/ansible/roles/nginx/vars/main.yml
nginx_user: qiu
nginx_package: nginx-1.9.6.tar.gz
nginx_package_path: /etc/ansible/roles/nginx/files/nginx-1.9.6.tar.gz
nginx_service_j2_file_path: /etc/ansible/roles/nginx/templates/nginx.service.j2
nginx_conf_j2_file_path: /etc/ansible/roles/nginx/templates/nginx.conf.j2
nginxport: 80 定义触发
由于上面通知已经定义,以是,还必要定义一个触发
# vi /etc/ansible/roles/nginx/handlers/main.yml
# cat /etc/ansible/roles/nginx/handlers/main.yml
- name: daemon-reload
systemd: daemon-reload=yes
- name: reload nginx
systemd: name=nginx state=reloaded 定义剧本文件
# vi /etc/ansible/roles/nginx/install.yml
# cat /etc/ansible/roles/nginx/install.yml
---
- hosts: host1
remote_user: root
roles:
- nginx 定义之后的脚色布局
# tree /etc/ansible/roles/nginx/
/etc/ansible/roles/nginx/
├── defaults
│?? └── main.yml
├── files
│?? └── nginx-1.9.6.tar.gz
├── handlers
│?? └── main.yml
├── install.yml
├── meta
│?? └── main.yml
├── README.md
├── tasks
│?? └── main.yml
├── templates
│?? ├── nginx.conf.j2
│?? └── nginx.service.j2
├── tests
│?? ├── inventory
│?? └── test.yml
└── vars
└── main.yml https://i-blog.csdnimg.cn/direct/254ebf7468584f24b850d7de83486601.png
(3).实行文件
查抄yml文件语法是否正确
# ansible-playbook --syntax-check /etc/ansible/roles/nginx/install.yml
# 检查install.yml会自动去检查其他的yml文件的语法。 https://i-blog.csdnimg.cn/direct/051dd1865fa2431da2fcb836d9016278.png
实行roles.yml文件
# ansible-playbook /etc/ansible/roles/nginx/install.yml
PLAY *****************************************************************************************************************************
TASK *******************************************************************************************************************
ok:
TASK ***************************************************************************************************************
changed:
TASK *********************************************************************************************************************
changed:
TASK [复制nginx压缩包] ************************************************************************************************************************
changed:
TASK *********************************************************************************************************************
changed:
TASK ****************************************************************************************************************
changed:
TASK *************************************************************************************************************
changed:
TASK *************************************************************************************************************
changed:
TASK ***********************************************************************************************************
ok:
TASK ********************************************************************************************************
changed:
TASK **************************************************************************************************************
changed:
RUNNING HANDLER **************************************************************************************************
ok:
RUNNING HANDLER ***********************************************************************************************************
changed:
PLAY RECAP *******************************************************************************************************************************
192.168.77.172 : ok=13 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 https://i-blog.csdnimg.cn/direct/1bf28add912a4b9cadb843fc753a0d2c.png
检察服务启动状态
# systemctl status nginx https://i-blog.csdnimg.cn/direct/8338190f145a4a0db306b26f4288ad8d.png
2.管理设置文件
生产情况中大多时间是必要管理设置文件的,安装软件包只是在初始化情况的时间用一下。下面我们来写个管理nginx设置文件的playbook。
(1).情况预备
创建脚色目次布局
# mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks} https://i-blog.csdnimg.cn/direct/637ce8f5565446c1883c3d7c29a5077a.png
(2).文件内容
定义设置文件
new目次
# vi /etc/ansible/nginx_config/roles/new/tasks/main.yml
# cat /etc/ansible/nginx_config/roles/new/tasks/main.yml
- name: copy conf file
copy: src="{{ item.src }}" dest="{{ nginx_basedir }}/{{ item.dest }}" backup=yes owner=root group=root mode=0644
with_items:
- { src: '/etc/ansible/nginx_config/roles/new/files/nginx.conf' , dest: 'conf/nginx.conf' }
- { src: '/etc/ansible/nginx_config/roles/new/files/vhosts' , dest: 'conf/vhosts' }
notify: restart nginx https://i-blog.csdnimg.cn/direct/8d44549ba7c5434ea536f3d7edf99aca.png
old目次
# vi /etc/ansible/nginx_config/roles/old/tasks/main.yml
# cat /etc/ansible/nginx_config/roles/old/tasks/main.yml
- name: copy conf file
copy: src="{{ item.src }}" dest="{{ nginx_basedir }}/{{ item.dest }}" backup=yes owner=root group=root mode=0644
with_items:
- { src: '/etc/ansible/nginx_config/roles/old/files/nginx.conf' , dest: 'conf/nginx.conf' }
- { src: '/etc/ansible/nginx_config/roles/old/files/vhosts' , dest: 'conf/vhosts' }
notify: restart nginx https://i-blog.csdnimg.cn/direct/15b20494d82a4ecdac45d4a7a41d800d.png
定义files目次下内容
new目次和old目次都要设置
把nginx.conf和vhosts目次放到files目次下面
# cd /usr/local/nginx/conf/
# cp -r nginx.conf vhosts /etc/ansible/nginx_config/roles/new/files/
# ls /etc/ansible/nginx_config/roles/new/files/
nginx.conf vhosts https://i-blog.csdnimg.cn/direct/7fc8a98f2596498d8880c538eeeebe85.png
定义变量
new目次和old目次都要设置
# vi /etc/ansible/nginx_config/roles/new/vars/main.yml
# cat /etc/ansible/nginx_config/roles/new/vars/main.yml
nginx_basedir: /usr/local/nginx https://i-blog.csdnimg.cn/direct/3b435882cb184a909a6bfb9b00d7ed8f.png
定义触发
# vi /etc/ansible/nginx_config/roles/new/handlers/main.yml
# cat /etc/ansible/nginx_config/roles/new/handlers/main.yml
- name: restart nginx
systemd:
name: nginx
state: restarted https://i-blog.csdnimg.cn/direct/f3e236ea67dc4d4c903954a85646790a.png
定义剧本文件
new目次
# vi /etc/ansible/nginx_config/update.yml
# cat /etc/ansible/nginx_config/update.yml
---
- hosts: host1
remote_user: root
roles:
- new https://i-blog.csdnimg.cn/direct/b97dc2a199c640fc93edac4bfd222f41.png
old目次
# vi /etc/ansible/nginx_config/backup.yml
# cat /etc/ansible/nginx_config/backup.yml
---
- hosts: host1
remote_user: root
roles:
- old https://i-blog.csdnimg.cn/direct/55cf5fb0130945cfb81697fb23306048.png
定义之后的脚色布局
# tree /etc/ansible/nginx_config/
/etc/ansible/nginx_config/
├── backup.yml
├── roles
│ ├── new
│ │ ├── files
│ │ │ ├── nginx.conf
│ │ │ └── vhosts
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ └── main.yml
│ │ └── vars
│ │ └── main.yml
│ └── old
│ ├── files
│ │ ├── nginx.conf
│ │ └── vhosts
│ ├── handlers
│ │ └── main.yml
│ ├── tasks
│ │ └── main.yml
│ └── vars
│ └── main.yml
└── update.yml https://i-blog.csdnimg.cn/direct/5cebcca7867c4a92be9313486d20fa16.png
其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目次,handlers为重启nginx服务的下令,tasks为实行的使命,vars为定义的变量。
(3).实行文件
在实行update.yml前,应备份当前设置文件,当实行之后发现错误,则进行回滚操纵。下令如下:
实行update.yml文件之前一定要使用rsync下令备份设置文件
回滚操纵就是把旧的设置覆盖,然后重新加载nginx服务, 每次改动nginx设置文件之前先备份到old里,对应目次为/etc/ansible/nginx_config/roles/old/files。
# rsync -av /etc/ansible/nginx_config/roles/new/files/ /etc/ansible/nginx_config/roles/old/files/
sending incremental file list
./
nginx.conf
sent 2,807 bytes received 39 bytes 5,692.00 bytes/sec
total size is 2,655 speedup is 0.93 https://i-blog.csdnimg.cn/direct/d3bbd222efc14b079d268028a8345d65.png
修改new/files目次下的nginx.conf设置文件内容为123
# echo "123" > /etc/ansible/nginx_config/roles/new/files/nginx.conf
# cat /etc/ansible/nginx_config/roles/new/files/nginx.conf
123 https://i-blog.csdnimg.cn/direct/cbcc6f943dfa4158a00d01ec95db1275.png
然后实行update.yml文件
# ansible-playbook /etc/ansible/nginx_config/update.yml
PLAY ************************************************************************************************************************
TASK **************************************************************************************************************
ok:
TASK *********************************************************************************************************
changed: => (item={u'dest': u'conf/nginx.conf', u'src': u'/etc/ansible/nginx_config/roles/new/files/nginx.conf'})
ok: => (item={u'dest': u'conf/vhosts', u'src': u'/etc/ansible/nginx_config/roles/new/files/vhosts'})
RUNNING HANDLER ***********************************************************************************************
fatal: : FAILED! => {"changed": false, "msg": "Unable to restart service nginx: Job for nginx.service failed because the control process exited with error code. See \"systemctl status nginx.service\" and \"journalctl -xe\" for details.\n"}
NO MORE HOSTS LEFT ******************************************************************************************************************
PLAY RECAP **************************************************************************************************************************
192.168.77.172 : ok=2 changed=1 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 https://i-blog.csdnimg.cn/direct/4b1dd8a16e294a2fbf42e19aef6559ea.png
由于设置了错误的nginx设置文件以是nginx服务重启不了报错了,我们这时间想把设置文件还原必要实行backup.yml文件
# ansible-playbook /etc/ansible/nginx_config/backup.yml
PLAY ************************************************************************************************************************
TASK **************************************************************************************************************
ok:
TASK *********************************************************************************************************
changed: => (item={u'dest': u'conf/nginx.conf', u'src': u'/etc/ansible/nginx_config/roles/old/files/nginx.conf'})
ok: => (item={u'dest': u'conf/vhosts', u'src': u'/etc/ansible/nginx_config/roles/old/files/vhosts'})
RUNNING HANDLER ***********************************************************************************************
changed:
PLAY RECAP **************************************************************************************************************************
192.168.77.172 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 https://i-blog.csdnimg.cn/direct/af17f3922cc8405c8a66c2c24053e98b.png
我们这样就把设置文件还原到实行update.yml文件之前的样子了。
至此Ansible-运维实战部门结束。
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]