ansible roles在 Centos 和 Ubuntu编译安装Nginx
Posted y_zilong
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansible roles在 Centos 和 Ubuntu编译安装Nginx相关的知识,希望对你有一定的参考价值。
1、创建nginx角色目录
[root@ansible ~]# mkdir -pv /data/ansible/roles/nginx/{tasks,vars,files,handlers,templates,meta,default}
[root@ansible ~]# tree /data/ansible/roles/nginx/
/data/ansible/roles/nginx/
├── default
├── files
├── handlers
├── meta
├── tasks
├── templates
└── vars
7 directories, 0 files
[root@ansible ~]#2、编写tasks文件
编写入口文件,定义任务的执行顺序
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/main.yml
- include: package.yml
- include: group_add.yml
- include: user_add.yml
- include: build.yml
- include: start.yml
[root@ansible ~]#
安装软件包
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/package.yml
---
- name: install packages for CentOS
yum: name={{ centos_package }} state=installed
when: ansible_facts['distribution'] == "CentOS"
- name: install packages for Ubuntu
apt: name={{ ubuntu_package }}
when: ansible_facts['distribution'] == "Ubuntu"
[root@ansible ~]#
zlib-1.2.11下载:https://sourceforge.net/projects/libpng/files/zlib/1.2.11/zlib-1.2.11.tar.gz/download
pcre-8.44下载:https://sourceforge.net/projects/pcre/files/pcre/8.44/pcre-8.44.tar.gz/download
[root@ansible files]# wget https://github.com/maxmind/geoip-api-c/releases/download/v1.6.12/GeoIP-1.6.12.tar.gz
[root@ansible files]# ls
GeoIP-1.6.12.tar.gz openssl-1.1.1k.tar.gz zlib-1.2.11.tar.gz
nginx-1.18.0.tar.gz pcre-8.44.tar.gz
[root@ansible files]#创建组
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/group_add.yml
---
- name: create user
user: name={{ user }} uid={{ uid }} group={{ group }} shell=/sbin/nologin system=yes create_home=no home={{ prefix }}/conf/nginx
ignore_errors: True
[root@ansible ~]# 创建用户
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/user_add.yml
---
- name: create user
user: name={{ user }} uid={{ uid }} group={{ group }} shell=/sbin/nologin system=yes create_home=no home={{ prefix }}/conf/nginx
ignore_errors: True
[root@ansible ~]# 编译nginx
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/build.yml
---
- name: delete {{ dest_dir }}
file: path={{ dest_dir }} state=absent
ignore_errors: True
- name: create {{ dest_dir }}
file: path={{ dest_dir }} state=directory owner=root group=root mode=755
- name: unarchive geoip file
unarchive: src="files/{{ geoip_version }}{{ compression_type }}" dest={{ dest_dir }} owner=root remote_src=no
- name: unarchive pcre file
unarchive: src="files/{{ pcre_version }}{{ compression_type }}" dest={{ dest_dir }} owner=root remote_src=no
- name: unarchive zlib file
unarchive: src="files/{{ zlib_version }}{{ compression_type }}" dest={{ dest_dir }} owner=root remote_src=no
- name: unarchive openssl file
unarchive: src="files/{{ openssl_version }}{{ compression_type }}" dest={{ dest_dir }} owner=root remote_src=no
- name: unarchive nginx file
unarchive: src="files/{{ nginx_version }}{{ compression_type }}" dest={{ dest_dir }} owner=root remote_src=no
- name: build geoip
shell: chdir={{ dest_dir }}/{{ geoip_version }} ./configure && make -j {{ ansible_processor_vcpus }} && make install
- name: configure nginx
shell:
chdir={{ dest_dir }}/{{ nginx_version }} \\
./configure \\
--prefix={{ prefix }} \\
--user={{ user }} \\
--group={{ group }} \\
--sbin-path={{ prefix }}/sbin/nginx \\
--conf-path={{ prefix }}/conf/nginx.conf \\
--pid-path={{ prefix }}/run/nginx.pid \\
--with-http_auth_request_module \\
--with-http_realip_module \\
--with-http_v2_module \\
--with-debug \\
--with-http_random_index_module \\
--with-http_sub_module \\
--with-http_addition_module \\
--with-http_secure_link_module \\
--with-http_geoip_module \\
--with-http_ssl_module \\
--with-stream_ssl_module \\
--with-stream_realip_module \\
--with-stream_ssl_preread_module \\
--with-stream \\
--with-http_slice_module \\
--with-threads \\
--with-http_gzip_static_module \\
--with-http_gunzip_module \\
--with-http_stub_status_module \\
--add-module=/data/ansible/roles/nginx/meta/echo-nginx-module \\
--add-module=/data/ansible/roles/nginx/meta/ngx_cache_purge \\
--with-file-aio \\
--with-pcre={{ dest_dir }}/{{ pcre_version }} \\
--with-zlib={{ dest_dir }}/{{ zlib_version }} \\
--with-openssl={{ dest_dir }}/{{ openssl_version }}
- name: build nginx
shell:
chdir={{ dest_dir }}/{{ nginx_version }} make -j {{ ansible_processor_vcpus }} && make install
- debug: msg="nginx build successfull"
[root@ansible ~]# 编写启动 nginx 服务的 yml 文件
[root@ansible ~]# cat /data/ansible/roles/nginx/tasks/start.yml
---
- name: set lib
shell: echo "/usr/local/lib" >> /etc/ld.so.conf && ldconfig
- name: set variable PATH
shell: echo PATH={{ prefix }}/sbin:$PATH >> /etc/profile.d/nginx.sh
- name: prepare service file
template: src=nginx.service dest=/lib/systemd/system/nginx.service
notify: restart nginx
- name: prepare conf file
template: src=nginx.conf.j2 dest={{ prefix }}/conf/nginx.conf
notify: restart nginx
- name: start service
service: name=nginx state=started enabled=yes
- debug: msg="nginx start succesfull"
[root@ansible ~]#
3、编写vars文件
定义变量
[root@ansible ~]#cat /data/ansible/roles/nginx/vars/main.yml
centos_package: ['make','gcc','gcc-c++','libtool','pcre','pcre-devel','zlib','zlib-devel','openssl','openssl-devel','perl-ExtUtils-Embed','expat-devel','bzip2','gzip']
ubuntu_package: ['g++','make','libapr1-dev','libaprutil1-dev','libpcre3','libpcre3-dev','libssl-dev','bzip2','gzip','openssl','zlib1g-dev','build-essential','libtool','openssl','libgeoip-dev']
prefix: /apps/nginx
dest_dir: /usr/local/src
nginx_version: nginx-1.18.0
openssl_version: openssl-1.1.1k
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
geoip_version: GeoIP-1.6.12
compression_type: .tar.gz
user: nginx
group: nginx
uid: 80
gid: 80
[root@ansible vars]# 5、编写 handler 文件
[root@ansible ~]# cat /data/ansible/roles/nginx/handlers/main.yml
---
- name: restart nginx
service: name=nginx state=restarted
- debug: msg='nginx start successfull'
[root@ansible ~]#
6、编写templates文件
编写Nginx配置模板
[root@ansible ~]# cat /data/ansible/roles/nginx/templates/nginx.conf.j2
user {{ user }};
worker_processes auto;
error_log {{ prefix }}/logs/error.log;
pid {{ prefix }}/run/nginx.pid
include {{ prefix }}/conf.d/*.conf;
events {
worker_connections 65535;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request"'
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ prefix }}/logs/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;
location / {
}
error_page 404 /404.html;
location= /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
[root@ansible ~]#
编写Nginx启动模板
[root@ansible ~]# cat /data/ansible/roles/nginx/templates/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile={{ prefix }}/run/nginx.pid
ExecStartPre=/bin/rm -f {{ prefix }}/run/nginx.pid
ExecStartPre={{ prefix }}/sbin/nginx -t
ExecStart={{ prefix }}/sbin/nginx
ExecReload=/bin/kill -s HUP {{ prefix }}/run/nginx.pid
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@ansible ~]#
7、Nginx第三方模块
第三方模块是对Nginx的功能扩展,第三方模块需要在编译安装Nginx的时候使用参数 --add-module=PATH 指定路径添加,有的模块是由公司的开发人员针对业务需求定制开发的,有的模块是开源爱好者开发好之后上传到github进行开源的模块,Nginx的第三方模块需要从源码重新编译进行支持
比如:
echo模块:https://github.com/openresty/echo-nginx-module.git
缓存清理模块:https://github.com/FRiCKLE/ngx_cache_purge.git
[root@ansible ~]# cd /data/ansible/roles/nginx/meta/
[root@ansible meta]# yum install -y git
[root@ansible meta]# git clone https://github.com/openresty/echo-nginx-module.git
[root@ansible meta]# git clone https://github.com/FRiCKLE/ngx_cache_purge.git
[root@ansible meta]# ll /data/ansible/roles/nginx/meta/
total 0
drwxr-xr-x 6 root root 186 Jun 13 14:37 echo-nginx-module
drwxr-xr-x 4 root root 135 Jun 13 14:39 ngx_cache_purge
[root@ansible meta]# 运行playbook,检查nginx环境
[root@ansible ~]# cat /data/ansible/roles/nginx.yml
---
- hosts: web
serial: 2
remote_user: root
roles:
- role: nginx
[root@ansible ~]#
[root@ansible ~]# ansible-playbook -C /data/ansible/roles/nginx.yml
[root@ansible ~]# ansible-playbook /data/ansible/roles/nginx.yml
以上是关于ansible roles在 Centos 和 Ubuntu编译安装Nginx的主要内容,如果未能解决你的问题,请参考以下文章