ansible:安装nginx1.18.0(使用role功能)

一，ansible使用role的用途？

roles分别将变量/文件/任务/模板/handler等放置于单独的目录中,

并可以方便的include各目录下的功能

roles使playbook能实现代码被调用，避免了代码的重复

说明：刘宏缔的架构森林是一个专注架构的博客，地址：https://www.cnblogs.com/architectforest

         对应的源码可以访问这里获取： https://github.com/liuhongdi/

说明：作者:刘宏缔 邮箱: 371125307@qq.com

二，ansible例子:安装nginx

1,配置hosts

[root@centos8 roles]# vi /etc/ansible/hosts

内容:

[web]
172.18.1.1:22
172.18.1.2:22
172.18.1.3:22

2,role的目录结构

[root@centos8 roles]# tree
.
├── nginx
│   ├── files
│   │   ├── installnginx.sh
│   │   ├── nginx-1.18.0.tar.gz
│   │   └── nginx.service
│   ├── tasks
│   │   └── main.yml
│   ├── templates
│   │   └── nginx.conf.j2
│   └── vars
└── webinstallnginx.yml

5 directories, 6 files

各文件的用途说明： 

webinstallnginx.yml是nginx这个role被执行的playbook的入口文件

tasks目录下的main.yml是task的执行入口文件

files目录存放需要用到的文件

installnginx.sh是安装nginx的脚本

nginx-1.18.0.tar.gz是下载好的nginx源码

nginx.conf:配置文件

nginx.service: 供systemd管理用的service文件

三，role目录下各文件的代码

1,webinstallnginx.yml

# roles: 调用role

[root@centos8 roles]# more webinstallnginx.yml 
- hosts: web
  remote_user: root
  roles:
    - nginx

2，nginx/tasks/main.yml 

#gcc,make,pcre-devel,openssl-devel是编译nginx需要的软件

#/usr/local/soft：  软件安装目录

#/usr/local/source:   源文件、安装包保存的目录

#/data/nginx/logs:  保存nginx日志的目录

#user/group:添加用户nginx,用来运行nginx服务

[root@centos8 roles]# more nginx/tasks/main.yml 
- name: install gcc
  dnf: name=gcc disable_gpg_check=yes
- name: install make
  dnf: name=make disable_gpg_check=yes
- name: install pcre-devel
  dnf: name=pcre-devel disable_gpg_check=yes
- name: install openssl-devel
  dnf: name=openssl-devel disable_gpg_check=yes
- name: Configure soft dir
  file: path=/usr/local/soft/ state=directory mode=0755
- name: Configure source dir
  file: path=/usr/local/source/ state=directory mode=0755
- name: copy nginx source file
  copy: src=nginx-1.18.0.tar.gz dest=/usr/local/source/
- name: install nginx
  script: installnginx.sh
- name: Configure log dir
  file: path=/data/nginx/logs/ state=directory mode=0755
- name: add group:nginx
  group: name=nginx
- name: add user:nginx
  user: name=nginx group=nginx createhome=no shell=/sbin/nologin
- name: template conf file
  template: src=nginx.conf.j2 dest=/usr/local/soft/nginx-1.18.0/conf/
- name: copy service file
  copy: src=nginx.service dest=/usr/lib/systemd/system/
- name: start service
  service: name=nginx state=started enabled=yes

3，nginx/files/installnginx.sh 

#--with-http_stub_status_module：查看http状态的模块

#--with-http_ssl_module：实现对https的支持

[root@centos8 roles]# more nginx/files/installnginx.sh 
cd /usr/local/source/;
tar -zxvf nginx-1.18.0.tar.gz;
cd /usr/local/source/nginx-1.18.0/;
./configure --prefix=/usr/local/soft/nginx-1.18.0 --with-http_stub_status_module --with-http_ssl_module;
make && make install;

4，nginx/templates/nginx.conf.j2 

说明：在nginx.conf后加j2,表示这是一个jinja2文件，

           也可以不加，不会影响ansible对它的处理

说明:{{ ansible_processor_cores }}  这个变量代表受控端机器的核心数量,

        是供nginx优化使用的，因为受控机上的核心数量可能并不一致

        这个变量的值通过setup模块可以看到，例子：

        [root@centos8 roles]# ansible 172.18.1.1 -m setup | grep processor_cores
        "ansible_processor_cores": 1,

  nginx.conf.j2 的内容:

[root@centos8 roles]# more nginx/templates/nginx.conf.j2 
user nginx nginx;
worker_processes  {{ ansible_processor_cores }};
error_log   /data/nginx/logs/error.log;
pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    server_tokens off;    
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /data/nginx/logs/access.log  main;
    sendfile        on;
    keepalive_timeout  60 45;

    gzip on;
    gzip_disable "MSIE [1-6].";
    gzip_comp_level 9;
    gzip_types  application/json text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_proxied any;

    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

5,nginx/files/nginx.service 

[root@centos8 roles]# more nginx/files/nginx.service 
[Unit]
Description=nginx-The High-performance HTTP Server
After=network.target

[Service]
Type=forking
PIDFile=/usr/local/soft/nginx-1.18.0/logs/nginx.pid
ExecStartPre=/usr/local/soft/nginx-1.18.0/sbin/nginx -t -c /usr/local/soft/nginx-1.18.0/conf/nginx.conf
ExecStart=/usr/local/soft/nginx-1.18.0/sbin/nginx -c /usr/local/soft/nginx-1.18.0/conf/nginx.conf
ExecReload=/usr/local/soft/nginx-1.18.0/sbin/nginx -s reload
ExecStop=/usr/local/soft/nginx-1.18.0/sbin/nginx -s stop
PrivateTmp=true

[Install]
WantedBy=multi-user.target

四，安装nginx功能的执行效果:

1,执行playbook 

[root@centos8 roles]# ansible-playbook  webinstallnginx.yml

2,完成后登录到服务器，检查状态

[root@web2 sbin]# systemctl status nginx
● nginx.service - nginx-The High-performance HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2020-05-14 09:24:59 UTC; 1h 18min ago
...

五，查看ansible的版本

[root@centos8 roles]# ansible --version
ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.6.8 (default, Nov 21 2019, 19:31:34) [GCC 8.3.1 20190507 (Red Hat 8.3.1-4)]