思路:先在一台机器上编译安装好nginx、打包,然后再用ansible去下发
• cd /etc/ansible 进入ansible配置文件目录
• mkdir nginx_install 创建一个nginx_install的目录,方便管理
• cd nginx_install
• mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
• 说明:roles目录下有两个角色,common为一些准备操作,install为安装nginx的操作。
每个角色下面又有几个目录,handlers下面是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。
files为安装时用到的一些文件
meta为说明信息,说明角色依赖等信息
tasks里面是核心的配置文件
templates通常存一些配置文件,启动脚本等模板文件
vars下为定义的变量
[root@harry-01 ansible]# cd nginx_install/
[root@harry-01 ansible]# cd nginx_install/
[root@harry-01 nginx_install]# ls
[root@harry-01 nginx_install]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
需要事先准备好安装用到的文件,具体如下:
• 在一台机器上事先编译安装好nginx,配置好启动脚本,配置好配置文件
• 安装好后,我们需要把nginx目录打包,并放到/etc/ansible/nginx_install/roles/install/files/下面,名字为nginx.tar.gz
[root@harry-01 local]# tar czvf nginx.tar.gz --exclude "nginx.conf" --exclude "conf/vhost" nginx/
nginx/
nginx/sbin/
nginx/sbin/nginx.old
nginx/sbin/nginx
nginx/conf/
nginx/conf/koi-win
nginx/conf/koi-utf
nginx/conf/win-utf
[root@harry-01 local]# mv nginx.tar.gz /etc/ansible/nginx_install/files
启动脚本、配置文件都要放到/etc/ansible/nginx_install/roles/install/templates下面
[root@harry-01 local]# cp nginx/conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
[root@harry-01 local]# cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
•cd /etc/ansible/nginx_install/roles
定义common的tasks,nginx是需要一些依赖包的
•vim ./common/tasks/main.yml //内容如下
[root@harry-01 nginx_install]# vim roles/common/tasks/main.yml
- name: Install initializtion require software
yum: name={{ item }} state=installed
with_items:
- zlib-devel
- pcre-devel
定义变量
•vim /etc/ansible/nginx_install/roles/install/vars/main.yml //内容如下
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx
把所有用到的文档拷贝到目标机器
vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml //内容如下
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
- name: Uncompression Nginx Software
shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
- name: Copy Nginx Start Script
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644
接下来会建立用户,启动服务,删除压缩包
vim /etc/ansible/nginx_install/roles/install/tasks/install.yml //内容如下
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
- name: Start Nginx Service
shell: /etc/init.d/nginx start
- name: Add Boot Start Nginx Service
shell: chkconfig --level 345 nginx on
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz
创建main.yml并且把copy和install调用
vim /etc/ansible/nginx_install/roles/install/tasks/main.yml //内容如下
- include: copy.yml
- include: install.yml
到此两个roles:common和install就定义完成了,接下来要定义一个入口配置文件
vim /etc/ansible/nginx_install/install.yml //内容如下
---
- hosts: harry-02
remote_user: root
gather_facts: True
roles:
- common
- install
执行: ansible-playbook /etc/ansible/nginx_install/install.yml
[root@harry-01 roles]# ansible-playbook /etc/ansible/nginx_install/install.yml
PLAY [harry-02] ****************************************************************
TASK [Gathering Facts] *********************************************************
ok: [harry-02]
TASK [common : Install initializtion require software] *************************
ok: [harry-02] => (item=[u'zlib-devel', u'pcre-devel'])
TASK [install : Copy Nginx Software] *******************************************
changed: [harry-02]
TASK [install : Uncompression Nginx Software] **********************************
[WARNING]: Consider using unarchive module rather than running tar
changed: [harry-02]
TASK [install : Copy Nginx Start Script] ***************************************
changed: [harry-02]
TASK [install : Copy Nginx Config] *********************************************
changed: [harry-02]
TASK [install : Create Nginx User] *********************************************
changed: [harry-02]
TASK [install : Start Nginx Service] *******************************************
changed: [harry-02]
TASK [install : Add Boot Start Nginx Service] **********************************
changed: [harry-02]
TASK [install : Delete Nginx compression files] ********************************
[WARNING]: Consider using file module with state=absent rather than running rm
changed: [harry-02]
PLAY RECAP *********************************************************************
harry-02 : ok=10 changed=8 unreachable=0 failed=0
[root@harry-02 conf]# netstat -lntp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6324/nginx: master
[root@harry-02 conf]# ps aux | grep nginx
root 6324 0.0 0.0 45832 1148 ? Ss 22:53 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 6328 0.0 0.2 48320 3788 ? S 22:53 0:00 nginx: worker process
nobody 6329 0.0 0.2 48320 3788 ? S 22:53 0:00 nginx: worker process
root 6344 0.0 0.0 112724 988 pts/1 S+ 22:54 0:00 grep --color=auto nginx
[root@harry-02 conf]#
管理配置文件
生产环境中大多时候是需要管理配置文件的,安装软件包只是在初始化环境的时候用一下。
管理nginx配置文件的playbook
•
mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
[root@harry-01 ~]# mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks}
[root@harry-01 ~]# cd /etc/ansible/nginx_config/
[root@harry-01 nginx_config]# ls
roles
[root@harry-01 nginx_config]# ls roles/
new old
[root@harry-01 nginx_config]#
• 其中new为更新时用到的,old为回滚时用到的,files下面为nginx.conf和vhosts目录,handlers为重启nginx服务的命令
• 关于回滚,需要在执行playbook之前先备份一下旧的配置,所以对于老配置文件的管理一定要严格,千万不能随便去修改线上机器的配置,并且要保证new/files下面的配置和线上的配置一致
•
先把nginx.conf和vhosts目录放到files目录下面
• cd /usr/local/nginx/conf/
• cp -r nginx.conf vhost /etc/ansible/nginx_config/roles/new/files/
vim /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量
nginx_basedir: /usr/local/nginx
vim /etc/ansible/nginx_config/roles/new/vars/main.yml // 定义重新加载nginx服务
- name: restart nginx
shell: /etc/init.d/nginx reload
vim /etc/ansible/nginx_config/roles/new/tasks/main.yml //这是核心的任务
- name: copy conf file
copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644
with_items:
- { src: nginx.conf, dest: conf/nginx.conf }
- { src: vhost, dest: conf/ }
notify: restart nginx
vim /etc/ansible/nginx_config/update.yml // 最后是定义总入口配置
---
- hosts: testhost
user: root
roles:
- new
执行: ansible-playbook /etc/ansible/nginx_config/update.yml
•
而回滚的backup.yml对应的roles为old
rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
[root@harry-01 conf]# rsync -av /etc/ansible/nginx_config/roles/new/ /etc/ansible/nginx_config/roles/old/
sending incremental file list
files/
files/nginx.conf
files/vhost/
files/vhost/harry.com.conf
handlers/
handlers/main.yml
tasks/
tasks/main.yml
sent 2,781 bytes received 109 bytes 5,780.00 bytes/sec
total size is 2,295 speedup is 0.79
[root@harry-01 conf]#
• 回滚操作就是把旧的配置覆盖,然后重新加载nginx服务, 每次改动nginx配置文件之前先备份到old里,对应目为/etc/ansible/nginx_config/roles/old/files
vim /etc/ansible/nginx_config/rollback.yml // 最后是定义总入口配置
---
- hosts: harry-02
user: root
roles:
- old