ansible-playbook编译安装nginx
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
首先本机ansible安装号LANM,文件和模板都是从本机复制到目标LANM
本机ansible:IP:192.168.0.250
目标LANM:IP:192.168.0.201
1、交互式expect 免密钥
pwd
/root/ansible/roles/sh
[root@bogon sh]# cat ip.txt #要同步免秘钥的ip地址
192.168.0.201
[root@bogon sh]# cat auto_ssh.sh
#!/usr/bin/expect
set timeout 10
set username [lindex $argv 0]
set password [lindex $argv 1]
set hostname [lindex $argv 2]
spawn ssh-copy-id -i /root/.ssh/id_dsa.pub $username@$hostname
expect {
#first connect, no public key in ~/.ssh/known_hosts
"Are you sure you want to continue connecting (yes/no)?" {
send "yes\r"
expect "password:"
send "$password\r"
}
#already has public key in ~/.ssh/known_hosts
"password:" {
send "$password\r"
}
"Now try logging into the machine" {
#it has authorized, do nothing!
}
}
expect eof
```bash
#!/bin/bash
/usr/bin/yum -y install expect > /dev/null 2>&1
rm -rf /root/.ssh/id_dsa
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
user="root"
password="123456"
ip="cat /root/ansible/roles/sh/ip.txt"
for i in `$ip`
do
/root/ansible/roles/sh/auto_ssh.sh $user $password $i
done
chmod 777 auto_ssh.sh
chmod 777 ssh_key.sh
sh ssh_key.sh
2、主机清单
cat /etc/ansible/hosts
[nginx]
192.168.0.201 #主机清单
3、目录结构
4、剧本集合
[root@bogon tasks]# pwd #路径
/root/ansible/roles/nginx/tasks
[root@bogon tasks]# ls #剧本和目录
configure.yml copynginx.yml copyselinux.yml files file.yml firewallstop.yml main.yml restart.yml shell.yml tarnginx.yml template.yml user.yml yum.yml
[root@bogon tasks]# cat configure.yml nginx
- name: configure make make install #剧本编译安装
shell: cd /usr/src/nginx-1.6.0/;./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_stub_status_module && make && make install
[root@bogon tasks]# cat copynginx.yml
- name: copy nginx.tar #复制nginx软件包
copy: src=nginx-1.6.0.tar.gz dest=/usr/src/nginx-1.6.0.tar.gz
- name: copy nginxstart.sh #复制nginx启动脚本,
copy: src=nginxstart.sh dest=/etc/init.d/nginx mode=777
[root@bogon tasks]# cat copyselinux.yml #关闭selinux
- name: copy selinux #复制本机selinux到目标 文件,关闭selinux
copy: src=/etc/selinux/config dest=/etc/selinux/config
[root@bogon tasks]# cat file.yml
- name: create nginx file=link(ln) #创建软连接
file: src=/usr/local/nginx/sbin/nginx dest=/usr/local/sbin/nginx state=link
- name: create directory baidu #创建目录,并777权限
file: path=/var/www/baidu/ state=directory mode=777
- name: create touch baidu.access.log #创建文件,并777权限
file: path=/var/www/baidu/baidu.access.log state=touch mode=777
[root@bogon tasks]# cat firewallstop.yml
- name: firewalld stop #关闭防火墙,禁用开机自动启动
service: name=firewalld state=stopped enabled=no
cat restart.yml
- name: restart nginx #重启nginx
shell: /usr/bin/killall -s QUIT nginx; /etc/init.d/nginx start
- name: chmod rc.local 777 #开机自动启动文件授权权限
file: dest=/etc/rc.d/rc.local mode=777
- name: enabled nginx #加入开机自动启动
shell: echo "/etc/init.d/nginx start" >> /etc/rc.d/rc.local
[root@bogon tasks]# cat shell.yml #创建index.html
- name: create index.html #创建 index.html
shell: echo wo shi baidu server > /var/www/baidu/index.html
[root@bogon tasks]# cat tarnginx.yml
- name: tar nginx #解压nginx软件包
shell: cd /usr/src/; tar zxf nginx-1.6.0.tar.gz -C /usr/src/
[root@bogon tasks]# cat template.yml
- name: copy nginx.conf #复制nginx配置文件j2模板
template: src=nginx.conf.j2 dest=/usr/local/nginx/conf/nginx.conf
[root@bogon tasks]# cat user.yml
- name: create nginx #创建nginx用户
user: name=nginx system=yes state=present
[root@bogon tasks]# cat yum.yml
- name: install pcre-devel #安装需要软件包
yum: name=pcre-devel state=present
- name: install zlib-devel
yum: name=zlib-devel state=present
- name: install gcc-c++
yum: name=gcc-c++ state=present
- name: install elinks
yum: name=elinks state=present
- name: install psmisc
yum: name=psmisc state=present
- name: remove httpd
yum: name=httpd state=absent
5、主文件调用剧本
[root@bogon tasks]# cat main.yml ##主文件调用剧本
- include: copyselinux.yml
- include: firewallstop.yml
- include: yum.yml
- include: user.yml
- include: copynginx.yml
- include: tarnginx.yml
- include: configure.yml
- include: file.yml
- include: template.yml
- include: shell.yml
- include: restart.yml
5、nignx启动脚本和nginx软件包存放位置
[root@bogon files]#pwd #路径
/root/ansible/roles/nginx/tasks/files
[root@bogon files]# ls
nginx-1.6.0.tar.gz nginxstart.sh
[root@bogon files]# cat nginxstart.sh #nginx脚本
#! /bin/sh
#chkconfig: - 33 33
PROG="/usr/local/nginx/sbin/nginx"
PIDF="/usr/local/nginx/logs/nginx.pid"
case "$1" in
start)
$PROG
;;
stop)
kill -s QUIT $(cat $PIDF) &> /dev/null
;;
restart)
$0 stop &> /dev/null
$0 start
;;
reload)
kill -s HUP $(cat $PIDF)
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
exit 0
5、模板nginx.conf.j2
[root@bogon templates]# cat nginx.conf.j2 #模板nginx.conf.j2
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name {{ ansible_ens33.ipv4.address }};
charset utf-8;
access_log logs/baidu.access.log;
location /{
root /var/www/baidu;
index index.html index.php;
}
location ~ \.php$ { # 添加
root /var/www/baidu; #添加
fastcgi_pass 127.0.0.1:9000; # 添加
fastcgi_index index.php; # 添加
include fastcgi.conf; # 添加
}
}
server {
listen 80;
server_name localhost;
location /status {
stub_status on;
access_log off;
}
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
6、角色剧本
[root@bogon ansible]# pwd
/root/ansible
[root@bogon ansible]# ls
nginx_role.yml roles
[root@bogon ansible]# cat nginx_role.yml #角色剧本
---
- hosts: nginx
remote_user: root
roles:
- role: nginx
[root@bogon ansible]#ansible-playbook nginx_role.yml #执行剧本
7浏览器验证效果
#验证效果
关闭selinux,
关闭防火墙
检查yum安装
账号检查
检查nginx.tar 和nginx启动脚本复制情况和解压nginx
检查编译安装
检查软连接
检查创建baidu目录
检查创建baidu_access.log日志文件
检查nnginx.conf.j2 =====nginx.conf模板文件复制情况
检查index.html
检查nginx进程和端口