Divide all deployed nginx hosts into nginx groups:
vim /etc/ansible/hosts [nginx] 192.168.200.102
• create management directory:
mkdir -p nginx/roles/nginx_install/ cd nginx/
explain:
Files: store source files and configuration files that need to be synchronized to remote servers; handlers: the operation to be performed when the resource changes. If there is no such directory, it can not be created or empty; meta: store description information, description role dependency and other information; can be left blank; tasks: the nginx installation process is the task to be executed; templates: template files used to execute nginx installation, usually scripts; vars: variables defined in this installation[root@localhost ~]# tree /etc/ansible/nginx/ /etc/ansible/nginx/ ├── nginx.yml └── roles └── nginx_install ├── files │ └── nginx-1.16.0.tar.gz ├── handlers ├── meta ├── tasks │ ├── copy.yml │ ├── install.yml │ ├── main.yml │ └── prepare.yml ├── templates │ ├── fastcgi_params │ ├── nginx.conf │ ├── nginx.service │ └── server.conf └── vars └── main.yml 8 directories, 11 files
Create nginx entry file to call nginx? Install:
[root@localhost nginx]# cat nginx.yml - hosts: nginx remote_user: root gather_facts: True roles: - nginx_install
• create variables:
[root@localhost nginx]# cat roles/nginx_install/vars/main.yml NGINX_VER: 1.16.0 NGINX_USER: nginx NGINX_PORT: 80 SOURCE_DIR: /software NGINX_DIR: /usr/local/nginx DATA_DIR: /data/nginx
• create template file:
Nginx main configuration file nginx.conf
[root@localhost nginx]# cat roles/nginx_install/templates/nginx.conf user nobody nobody; worker_processes 1; error_log {{ DATA_DIR }}/log/error.log crit; pid /run/nginx.pid; worker_rlimit_nofile 51200; events { use epoll; worker_connections 1024; } http { include mime.types; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log {{ DATA_DIR }}/log/access.log main; server_tokens off; sendfile on; send_timeout 3m; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_header_timeout 3m; client_body_timeout 3m; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 8 4k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; client_max_body_size 10m; client_body_buffer_size 256k; client_body_temp_path {{ NGINX_DIR }}/client_body_temp; proxy_temp_path {{ NGINX_DIR }}/proxy_temp; fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp; fastcgi_intercept_errors on; gzip on; gzip_min_length 1k; gzip_buffers 4 8k; gzip_comp_level 5; gzip_http_version 1.1; gzip_types text/plain application/x-javascript text/css text/htm application/xml; default_type application/octet-stream; include {{ NGINX_DIR }}/conf/vhost/*.conf; }
nginx vhost configuration file server.conf
[root@localhost nginx]# cat roles/nginx_install/templates/server.conf server { listen 80; server_name localhost; location / { root {{ NGINX_DIR }}/html; index index.php index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ \.php$ { root {{ NGINX_DIR }}/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
nginx extra configuration file fastcgi ﹣ params
[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name;
Nginx service file nginx.service
[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; [root@localhost nginx]# cat roles/nginx_install/templates/nginx.service [Unit] Description=The nginx HTTP and reverse proxy server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid # Nginx will fail to start if /run/nginx.pid already exists but has the wrong # SELinux context. This might happen when running `nginx -t` from the cmdline. # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 ExecStartPre=/usr/bin/rm -f /run/nginx.pid ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t ExecStart={{ NGINX_DIR }}/sbin/nginx ExecReload=/bin/kill -s HUP $MAINPID KillSignal=SIGQUIT TimeoutStopSec=5 KillMode=process PrivateTmp=true [Install] WantedBy=multi-user.target
• environment preparation.yml:
[root@localhost nginx]# cat roles/nginx_install/templates/server.conf server { listen 80; server_name localhost; location / { root {{ NGINX_DIR }}/html; index index.php index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location ~ \.php$ { root {{ NGINX_DIR }}/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } [root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; [root@localhost nginx]# cat roles/nginx_install/templates/nginx.service [Unit] Description=The nginx HTTP and reverse proxy server After=network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid # Nginx will fail to start if /run/nginx.pid already exists but has the wrong # SELinux context. This might happen when running `nginx -t` from the cmdline. # https://bugzilla.redhat.com/show_bug.cgi?id=1268621 ExecStartPre=/usr/bin/rm -f /run/nginx.pid ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t ExecStart={{ NGINX_DIR }}/sbin/nginx ExecReload=/bin/kill -s HUP $MAINPID KillSignal=SIGQUIT TimeoutStopSec=5 KillMode=process PrivateTmp=true [Install] WantedBy=multi-user.target [root@localhost nginx]# cat roles/nginx_install/tasks/prepare.yml - name: Close firewalld service: name=firewalld state=stopped enabled=no - name: Temporarily Closed selinux shell: "setenforce 0" failed_when: false - name: Permanent closure selinux lineinfile: dest: /etc/selinux/config regexp: "^SELINUX=" line: "SELINUX=disabled" - name: Add to EPEL Warehouse yum: name=epel-release state=latest - name: Install common packages yum: name: - vim - lrzsz - net-tools - wget - curl - bash-completion - rsync - gcc - gcc-c++ - unzip - git - autoconf - cmake - openssl - openssl-devel - pcre - pcre-devel - zlib - zlib-devel - gd-devel - libxml2-devel state: latest - name: Update system shell: "yum update -y" args: warn: False
• file copy.yml:
[root@localhost nginx]# cat roles/nginx_install/tasks/copy.yml - name: Establish nginx User groups group: name={{ NGINX_USER }} state=present - name: Establish nginx user user: name={{ NGINX_USER }} group={{ NGINX_USER }} state=present create_home=Fal se shell=/sbin/nologin - name: Establish software Catalog file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes - name: Create log directory file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER } } mode=0755 recurse=yes with_items: - "{{ DATA_DIR }}" - "{{ DATA_DIR }}/log" - name: Create log file file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mo de=0644 with_items: - "{{ DATA_DIR }}/log/access.log" - "{{ DATA_DIR }}/log/error.log" ##There is no nginx package under the current host #-name: Download nginx package # get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} grou p={{ NGINX_USER }} #There are nginx packages in the current host file directory - name: Copy existing nginx Package to all hosts copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER } } group={{ NGINX_USER }} - name: decompression nginx package unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} group={{ NGINX_USER }} #Copying nginx service files - name: Copy nginx Service Documents template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root group=root
• compile and install install.yml:
[root@localhost nginx]#vim roles/nginx_install/tasks/install.yml 1 #Compiling nginx - name: Compile nginx shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module" #Install nginx - name: install nginx shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install" #Copy nginx master profile - name: Copy nginx Master profile template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} - name: Establish vhost Profile directory file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes #Copy nginx vhost configuration file - name: Copy nginx vhost configuration file template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 #Copy nginx extra profile - name: Copy nginx Additional profile template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644 - name: Configure environment variables shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi" - name: start-up nginx And start up shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx"
• reference file main.yml:
[root@localhost nginx]# cat roles/nginx_install/tasks/main.yml - include: prepare.yml - include: copy.yml - include: install.yml
• perform installation:
# ansible-playbook nginx.yml 1 # netstat -lntp |grep 80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 48931/nginx: master
Test results:
[root@localhost nginx]# ansible-playbook nginx.yml PLAY [nginx] ********************************************************************************************************************************************************** TASK [Gathering Facts] ************************************************************************************************************************************************ ok: [192.168.200.103] TASK [nginx_install : Close firewalld] ********************************************************************************************************************************** **ok: [192.168.200.103] TASK [nginx_install : Temporarily Closed selinux] ******************************************************************************************************************************* ****changed: [192.168.200.103] TASK [nginx_install : Permanent closure selinux] ******************************************************************************************************************************* ****ok: [192.168.200.103] TASK [nginx_install : Add to EPEL Warehouse] *********************************************************************************************************************************** ****ok: [192.168.200.103] TASK [nginx_install : Establish nginx User groups] ******************************************************************************************************************************** *****ok: [192.168.200.103] TASK [nginx_install : Establish nginx user] ********************************************************************************************************************************** .........