【ansible】服务的安装部署中使用非root用户执行ansible

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了【ansible】服务的安装部署中使用非root用户执行ansible相关的知识,希望对你有一定的参考价值。

参考技术A 匿名非root用户sudo和“成为”特权升级

https://www.codenong.com/40983674/

ansible非root用户批量修改root密码

https://www.cnblogs.com/zhanmeiliang/p/6197762.html

Ansible 用使用非root用户,并且sudo需要输入密码的情况配置

https://blog.csdn.net/qq_31977125/article/details/103051766

ansible - 匿名非root用户sudo和“成为”特权升级

https://www.coder.work/article/6381367

使用Ansible安装部署nginx+php+mysql

前提:

1、已配置好hosts文件且免密码登录

2、需要的yaml文件已上传到主控端

一、使用Ansible安装nginx

1、nginx.yaml文件

 1 ---
 2 - hosts: clong
 3   remote_user: root
 4   gather_facts: no
 5   tasks:
 6     # 安装epel源 
 7     - name: install epel-release repo
 8       yum: name=epel-release state=present
 9     # 安装libselinux-python
10     - name: install libselinux-python
11       yum: name=libselinux-python state=present 
12     # 配置nginx最新稳定版源
13     - name: copy nginx.repo
14       copy: src=nginx.repo dest=/etc/yum.repos.d/nginx.repo
15     # 更新yum缓存
16     - name: update yum cache -1
17       command: yum clean all
18     - name: update yum cache -2
19       command: yum makecache     
20     # 安装nginx      
21     - name: install nginx
22       yum: name=nginx state=present
23     # 开启nginx
24     - name: start nginx
25       service: name=nginx state=started enabled=yes
26     # 复制nginx配置文件  
27     - name: copy nginx conf
28       copy: src=nginx.conf dest=/etc/nginx/nginx.conf backup=yes force=yes
29     # 验证配置文件
30     - name: check nginx.conf
31       shell: /usr/sbin/nginx -t -c /etc/nginx/nginx.conf
32     # 删除默认的default.conf文件
33     - name: delete default.conf  
34       file: path=/etc/nginx/conf.d/default.conf state=absent
35     # 复制www站点文件
36     - name: copy www conf
37       copy: src=www.conf dest=/etc/nginx/conf.d/www.conf backup=yes force=yes
38       notify: restart nginx
39     # 重启nginx
40   handlers:
41     - name: restart nginx
42       service: name=nginx state=restarted
43     # --syntax-check

2、nginx.conf文件

 1 user  nginx nginx;
 2 worker_processes  auto;
 3 worker_cpu_affinity auto;
 4 
 5 error_log  /var/log/nginx/error.log warn;
 6 pid        /var/run/nginx.pid;
 7 
 8 events {
 9     use epoll;
10     multi_accept off;
11     accept_mutex off;
12     worker_connections  65535;
13 }
14 
15 http {
16     include       mime.types;
17     default_type  application/octet-stream;
18 
19     log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
20                       ‘$status $body_bytes_sent "$http_referer" ‘
21                       ‘"$http_user_agent" "$http_x_forwarded_for"‘;
22 
23     access_log  /var/log/nginx/access.log  main;
24 
25     server_names_hash_bucket_size 128;
26     client_body_timeout 15;
27     send_timeout 15;
28     large_client_header_buffers 4 32k;
29     client_max_body_size 8m; 
30     client_header_buffer_size 128k;  
31     client_header_timeout 15;  
32 
33     charset UTF-8;
34     server_tokens off;
35 
36     sendfile  on;
37     sendfile_max_chunk 512k;
38 
39     tcp_nopush  on;
40     tcp_nodelay on;
41  
42     keepalive_timeout  60;
43     keepalive_requests 100000;
44     reset_timedout_connection on;
45  
46     fastcgi_connect_timeout 300;
47     fastcgi_send_timeout 300;
48     fastcgi_read_timeout 300;
49     fastcgi_buffer_size 64k;
50     fastcgi_buffers 4 64k;
51     fastcgi_busy_buffers_size 128k;
52     fastcgi_temp_file_write_size 128k;
53 
54     gzip  on;
55     gzip_min_length  10240;
56     gzip_buffers     4 16k;
57     gzip_http_version 1.1;
58     gzip_proxied expired no-cache no-store private auth;
59     gzip_disable "MSIE [1-6].";
60     gzip_comp_level 2;
61     gzip_types   text/plain text/css text/xml text/javascript  application/json application/x-javascript application/xml application/xml+rss;
62     gzip_vary on;
63     
64     open_file_cache max=102400 inactive=20s;
65     open_file_cache_valid 30s;
66     open_file_cache_min_uses 1;
67     open_file_cache_errors on;
68     
69     include /etc/nginx/conf.d/*.conf;
70 
71 }

3、www.conf文件

 1 server {
 2     listen       80;
 3     server_name  localhost;
 4     
 5     location / {
 6         root   /usr/share/nginx/html;
 7         index  index.php index.html index.htm;
 8     }
 9 
10     location ~ \.php {
11         root           /usr/share/nginx/html;
12         fastcgi_pass   127.0.0.1:9000;
13         fastcgi_index  index.php;
14         fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
15         include        fastcgi_params;
16     }
17     access_log  /var/log/nginx/host.access.log  main;
18 }

4、nginx.repo文件

1 [nginx]
2 name=nginx repo
3 baseurl=http://nginx.org/packages/centos/7/$basearch/
4 gpgcheck=0
5 enabled=1

 

以上是关于【ansible】服务的安装部署中使用非root用户执行ansible的主要内容,如果未能解决你的问题,请参考以下文章

自动化运维Ansible安装部署及使用

使用playbook实现一键部署mysql数据库

如何使用Ansible自动化部署Docker镜像

Ansible基础

Ansible -的安装部署(Redhat&Centos)

63-CICD持续集成工具-Jenkins结合Ansible实现自动化批量部署