Ansible deployment source code nginx

Divide all deployed nginx hosts into nginx groups:

vim /etc/ansible/hosts
[nginx]
192.168.200.102

• create management directory:

mkdir -p nginx/roles/nginx_install/{files,handlers,meta,tasks,templates,vars}

cd nginx/

explain:

Files: store source files and configuration files that need to be synchronized to remote servers; 
handlers: the operation to be performed when the resource changes. If there is no such directory, it can not be created or empty; 
meta: store description information, description role dependency and other information; can be left blank; 
tasks: the nginx installation process is the task to be executed; 
templates: template files used to execute nginx installation, usually scripts; 
vars: variables defined in this installation
[root@localhost ~]# tree /etc/ansible/nginx/
/etc/ansible/nginx/
├── nginx.yml
└── roles
    └── nginx_install
        ├── files
        │   └── nginx-1.16.0.tar.gz
        ├── handlers
        ├── meta
        ├── tasks
        │   ├── copy.yml
        │   ├── install.yml
        │   ├── main.yml
        │   └── prepare.yml
        ├── templates
        │   ├── fastcgi_params
        │   ├── nginx.conf
        │   ├── nginx.service
        │   └── server.conf
        └── vars
            └── main.yml

8 directories, 11 files

Create nginx entry file to call nginx? Install:

[root@localhost nginx]# cat nginx.yml 
- hosts: nginx
  remote_user: root
  gather_facts: True

  roles:
    - nginx_install

• create variables:

[root@localhost nginx]# cat roles/nginx_install/vars/main.yml
NGINX_VER: 1.16.0
NGINX_USER: nginx
NGINX_PORT: 80
SOURCE_DIR: /software
NGINX_DIR: /usr/local/nginx
DATA_DIR: /data/nginx

• create template file:

Nginx main configuration file nginx.conf

[root@localhost nginx]# cat roles/nginx_install/templates/nginx.conf
user nobody nobody; 
worker_processes  1;
error_log {{ DATA_DIR }}/log/error.log crit;
pid /run/nginx.pid;
worker_rlimit_nofile 51200;

events {
    use epoll;
    worker_connections  1024;
}

http {
    include       mime.types;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  {{ DATA_DIR }}/log/access.log  main;

    server_tokens       off;
    sendfile            on;
    send_timeout        3m;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    client_header_timeout 3m;
    client_body_timeout 3m;
    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 8 4k;
    request_pool_size 4k;
    output_buffers 4 32k;
    postpone_output 1460;
    client_max_body_size 10m;
    client_body_buffer_size 256k;
    client_body_temp_path {{ NGINX_DIR }}/client_body_temp;
    proxy_temp_path {{ NGINX_DIR }}/proxy_temp;
    fastcgi_temp_path {{ NGINX_DIR }}/fastcgi_temp;
    fastcgi_intercept_errors on;    

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 8k;
    gzip_comp_level 5;
    gzip_http_version 1.1;
    gzip_types text/plain application/x-javascript text/css text/htm 
    application/xml;

    default_type  application/octet-stream;
    include  {{ NGINX_DIR }}/conf/vhost/*.conf;
}

nginx vhost configuration file server.conf

[root@localhost nginx]# cat roles/nginx_install/templates/server.conf
server {
    listen       80;
    server_name  localhost;
    location / {
        root   {{ NGINX_DIR }}/html;
        index  index.php index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }   

    location ~ \.php$ {
    root   {{ NGINX_DIR }}/html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
}

nginx extra configuration file fastcgi ﹣ params

[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

Nginx service file nginx.service

[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
[root@localhost nginx]# cat roles/nginx_install/templates/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t
ExecStart={{ NGINX_DIR }}/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target

• environment preparation.yml:

[root@localhost nginx]# cat roles/nginx_install/templates/server.conf
server {
    listen       80;
    server_name  localhost;
    location / {
        root   {{ NGINX_DIR }}/html;
        index  index.php index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }   

    location ~ \.php$ {
    root   {{ NGINX_DIR }}/html;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
    }
}
[root@localhost nginx]# cat roles/nginx_install/templates/fastcgi_params
fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx;
fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;
[root@localhost nginx]# cat roles/nginx_install/templates/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre={{ NGINX_DIR }}/sbin/nginx -t
ExecStart={{ NGINX_DIR }}/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true

[Install]
WantedBy=multi-user.target
[root@localhost nginx]# cat roles/nginx_install/tasks/prepare.yml
- name: Close firewalld
  service: name=firewalld state=stopped enabled=no

- name: Temporarily Closed selinux
  shell: "setenforce 0"
  failed_when: false

- name: Permanent closure selinux
  lineinfile:
    dest: /etc/selinux/config
    regexp: "^SELINUX="
    line: "SELINUX=disabled"

- name: Add to EPEL Warehouse
  yum: name=epel-release state=latest

- name: Install common packages
  yum:
    name:
      - vim
      - lrzsz
      - net-tools
      - wget
      - curl
      - bash-completion
      - rsync
      - gcc
      - gcc-c++
      - unzip
      - git
      - autoconf
      - cmake
      - openssl
      - openssl-devel
      - pcre 
      - pcre-devel 
      - zlib
      - zlib-devel
      - gd-devel
      - libxml2-devel
    state: latest

- name: Update system
  shell: "yum update -y"
  args:
    warn: False

• file copy.yml:

[root@localhost nginx]# cat roles/nginx_install/tasks/copy.yml
- name: Establish nginx User groups
  group: name={{ NGINX_USER }}  state=present

- name: Establish nginx user
  user: name={{ NGINX_USER }}  group={{ NGINX_USER }}  state=present create_home=Fal
se shell=/sbin/nologin
- name: Establish software Catalog
  file: name={{ SOURCE_DIR }} state=directory mode=0755 recurse=yes

- name: Create log directory
  file: name={{ item }} state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }
} mode=0755 recurse=yes  with_items:
  - "{{ DATA_DIR }}"
  - "{{ DATA_DIR }}/log"

- name: Create log file
  file: name={{ item }} state=touch owner={{ NGINX_USER }} group={{ NGINX_USER }} mo
de=0644  with_items:
  - "{{ DATA_DIR }}/log/access.log"
  - "{{ DATA_DIR }}/log/error.log"

##There is no nginx package under the current host
#-name: Download nginx package
#  get_url: url={{ DOWNLOAD_URL }} dest={{ SOURCE_DIR }} owner={{ NGINX_USER }} grou
p={{ NGINX_USER }}
  #There are nginx packages in the current host file directory
- name: Copy existing nginx Package to all hosts
  copy: src=nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }} owner={{ NGINX_USER }
} group={{ NGINX_USER }}
- name: decompression nginx package
  unarchive: src={{ SOURCE_DIR }}/nginx-{{ NGINX_VER }}.tar.gz dest={{ SOURCE_DIR }}
 owner={{ NGINX_USER }} group={{ NGINX_USER }}
    #Copying nginx service files
- name: Copy nginx Service Documents
  template: src=nginx.service dest=/usr/lib/systemd/system/nginx.service owner=root 
group=root

• compile and install install.yml:

[root@localhost nginx]#vim  roles/nginx_install/tasks/install.yml
1
#Compiling nginx
- name: Compile nginx
  shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && ./configure --prefix={{ NGINX_DIR }} --user={{ NGINX_USER }} --group={{ NGINX_USER }} --http-log-path={{ DATA_DIR }}/log/access.log --error-log-path={{ DATA_DIR }}/log/error.log --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_stub_status_module"

#Install nginx
- name: install nginx
  shell: "cd {{ SOURCE_DIR }}/nginx-{{ NGINX_VER }} && make && make install"

#Copy nginx master profile
- name: Copy nginx Master profile
  template: src=nginx.conf dest={{ NGINX_DIR }}/conf/nginx.conf owner={{ NGINX_USER }} group={{ NGINX_USER }}

- name: Establish vhost Profile directory
  file: name={{ NGINX_DIR }}/conf/vhost state=directory owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0755 recurse=yes

#Copy nginx vhost configuration file
- name: Copy nginx vhost configuration file
  template: src=server.conf dest={{ NGINX_DIR }}/conf/vhost/server.conf owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644

#Copy nginx extra profile
- name: Copy nginx Additional profile
  template: src=fastcgi_params dest={{ NGINX_DIR }}/conf/fastcgi_params owner={{ NGINX_USER }} group={{ NGINX_USER }} mode=0644

- name: Configure environment variables
  shell: " if [ `grep {{ NGINX_DIR }}/sbin /etc/profile |wc -l` -eq 0 ]; then echo export PATH=$PATH:{{ NGINX_DIR }}/sbin >> /etc/profile && source /etc/profile; else source /etc/profile; fi"

- name: start-up nginx And start up
  shell: "systemctl daemon-reload && systemctl enable nginx && systemctl start nginx"

• reference file main.yml:

[root@localhost nginx]# cat roles/nginx_install/tasks/main.yml
- include: prepare.yml
- include: copy.yml
- include: install.yml

• perform installation:

# ansible-playbook nginx.yml
1
# netstat -lntp |grep 80
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      48931/nginx: master

Test results:

[root@localhost nginx]# ansible-playbook nginx.yml 

PLAY [nginx] **********************************************************************************************************************************************************

TASK [Gathering Facts] ************************************************************************************************************************************************
ok: [192.168.200.103]

TASK [nginx_install : Close firewalld] **********************************************************************************************************************************
**ok: [192.168.200.103]

TASK [nginx_install : Temporarily Closed selinux] *******************************************************************************************************************************
****changed: [192.168.200.103]

TASK [nginx_install : Permanent closure selinux] *******************************************************************************************************************************
****ok: [192.168.200.103]

TASK [nginx_install : Add to EPEL Warehouse] ***********************************************************************************************************************************
****ok: [192.168.200.103]

TASK [nginx_install : Establish nginx User groups] ********************************************************************************************************************************
*****ok: [192.168.200.103]

TASK [nginx_install : Establish nginx user] **********************************************************************************************************************************
.........

Tags: Linux Nginx SELinux shell PHP

Posted on Sun, 10 May 2020 10:28:18 -0400 by Andy17