ansiblie自动化安装nginx
Posted 人间忽晚,山河以秋
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ansiblie自动化安装nginx相关的知识,希望对你有一定的参考价值。
安装好ansible的前提下
思路:首先在一台机器上编译安装好nginx,然后打包,在通过ansible下发,安装
一、源码编译安装nginx
下载nginx源码编译包
[root@ansible-01 ~]# wget http://mirrors.sohu.com/nginx/nginx-1.9.6.tar.gz
--2021-05-27 16:25:16-- http://mirrors.sohu.com/nginx/nginx-1.9.6.tar.gz
正在解析主机 mirrors.sohu.com (mirrors.sohu.com)... 123.125.123.141
正在连接 mirrors.sohu.com (mirrors.sohu.com)|123.125.123.141|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:884733 (864K) [application/octet-stream]
正在保存至: “nginx-1.9.6.tar.gz”
100%[================>] 884,733 65.9KB/s 用时 13s
2021-05-27 16:25:29 (66.5 KB/s) - 已保存 “nginx-1.9.6.tar.gz” [884733/884733])
[root@ansible-01 ~]#
下载完成,用ls命令可以看到一个nginx的压缩包
[root@ansible-01 ~]# ls
1.txt anaconda-ks.cfg nginx-1.9.6.tar.gz test www
[root@ansible-01 ~]#
解压
[root@ansible-01 ~]# tar -zxvf nginx-1.9.6.tar.gz
[root@ansible-01 ~]# ls
1.txt nginx-1.9.6 test
anaconda-ks.cfg nginx-1.9.6.tar.gz www
编译nginx
[root@ansible-01 ~]# cd nginx-1.9.6
[root@ansible-01 nginx-1.9.6]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@ansible-01 nginx-1.9.6]# ./ conf
conf/ configure
[root@ansible-01 nginx-1.9.6]# ./configure --prefix=/usr/local/nginx
checking for OS
+ Linux 3.10.0-862.el7.x86_64 x86_64
checking for C compiler ... not found
./configure: error: C compiler cc is not found
编译没有没有成功,是因为没有安装依赖,于是安装一下依赖
[root@ansible-01 nginx-1.9.6]# yum install gcc gcc-c++ pcre-devel zlib-devel openssl-devel -y
再次编译
[root@ansible-01 nginx-1.9.6]# ./configure --prefix=/usr/local/nginx
编译安装,然后查看返回值为0,说明上面的安装没有错误
[root@ansible-01 nginx-1.9.6]# make && make install
[root@ansible-01 nginx-1.9.6]# echo $?
0
编辑启动脚本
[root@ansible-01 nginx-1.9.6]# vim /etc/init.d/nginx
#!/bin/bash
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings
NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usx/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"
start()
{
echo -n $"Starting $prog: "
mkdir -p /dev/shm/nginx_temp
daemon $NGINX_SBIN -c $NGINX_CONF
RETVAL=$?
echo
return $RETVAL
}
stop()
{
echo -n $"Stopping $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -TERM
rm -rf /dev/shm/nginx_temp
RETVAL=$?
echo
return $RETVAL
}
reload()
{
echo -n $"Reloading $prog: "
killproc -p $NGINX_PID $NGINX_SBIN -HUP
RETVAL=$?
echo
return $RETVAL
}
restart()
{
stop
start
}
configtest()
{
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
restart
;;
configtest)
configtest
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|configtest}"
RETVAL=1
esac
exit $RETVAL
把nginx的配置文件清空后再重新编写
user nobody nobody; //定义nginx运行的用户和用户组
worker_processes 2; //nginx进程数,一般为CPU总核心数
error_log /usr/local/nginx/logs/nginx_error.log crit; //全局错误日志定义类型
pid /usr/local/nginx/logs/nginx.pid; //进程文件
worker_rlimit_nofile 51200;
events //工作模式与连接数上限
{
use epoll;
worker_connections 6000;
}
http //http下的一些配置
{
include mime.types; //文件扩展名与文件类型映射表
default_type application/octet-stream; //默认文件类型
server_names_hash_bucket_size 3526;
server_names_hash_max_size 4096;
log_format combined_realip '$remote_addr $http_x_forwarded_for [$time_local]'
'$host "$request_uri" $status'
'"$http_referer" "$http_user_agent"';
sendfile on; //开启高效文件传输模式
tcp_nopush on; //防止网络阻塞
keepalive_timeout 30; //长连接超时时间,单位为秒
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 8 4k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
client_max_body_size 10m;
client_body_buffer_size 256k;
client_body_temp_path /usr/local/nginx/client_body_temp;
proxy_temp_path /usr/local/nginx/proxy_temp;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
fastcgi_intercept_errors on;
tcp_nodelay on; //防止网络阻塞
gzip on; //开启gzip压缩输出
gzip_min_length 1k;
gzip_buffers 4 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css text/htm
application/xml;
server //虚拟主机配置
{
listen 80;
server_name localhost;
index index.html index.htm index.php;
root /usr/local/nginx/html;
location ~ \\.php$
{
include fastcgi_params;
fastcgi_pass unix:/tmp/php-fcgi.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/1ocal/nginx/html$fastcgi_script_name;
}
}
}
<inx/conf/nginx.conf" 61L, 1481C 已写入
检查文件是否有错误,可以看到,没有错误
[root@ansible-01 nginx-1.9.6]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
启动nginx服务,但是权限不够
[root@ansible-01 nginx-1.9.6]# service nginx start
env: /etc/init.d/nginx: 权限不够
给启动脚本权限,再次启动,还是有错误
[root@ansible-01 nginx-1.9.6]# chmod 777 /etc/init.d/nginx
[root@ansible-01 nginx-1.9.6]# service nginx start
Reloading systemd: [ OK ]
Starting nginx (via systemctl): Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[FAILED]
查看端口,原来端口被http占用
[root@ansible-01 nginx-1.9.6]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1095/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1367/master
tcp 0 0 10.30.59.248:25 0.0.0.0:* LISTEN 1367/master
tcp6 0 0 :::80 :::* LISTEN 1773/httpd
tcp6 0 0 :::22 :::* LISTEN 1095/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1367/master
关闭http
[root@ansible-01 nginx-1.9.6]# systemctl stop httpd
[root@ansible-01 nginx-1.9.6]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1095/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1367/master
tcp 0 0 10.30.59.248:25 0.0.0.0:* LISTEN 1367/master
tcp6 0 0 :::22 :::* LISTEN 1095/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1367/master
再次启动,这回启动成功,查看端口和nginx的状态可以看到都是开启的
[root@ansible-01 nginx-1.9.6]# service nginx start
Starting nginx (via systemctl): [ OK ]
[root@ansible-01 nginx-1.9.6]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9704/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1095/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1367/master
tcp 0 0 10.30.59.248:25 0.0.0.0:* LISTEN 1367/master
tcp6 0 0 :::22 :::* LISTEN 1095/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1367/master
[root@ansible-01 nginx-1.9.6]# systemctl status nginx
● nginx.service - SYSV: http service.
Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
Active: active (running) since 四 2021-05-27 17:40:07 CST; 16s ago
Docs: man:systemd-sysv-generator(8)
Process: 9696 ExecStart=/etc/rc.d/init.d/nginx start (code=exited, status=0/SUCCESS)
Tasks: 3
Memory: 5.4M
CGroup: /system.slice/nginx.service
├─9704 nginx: master process /usr/local/ngin...
├─9705 nginx: worker process
└─9706 nginx: worker process
5月 27 17:40:07 ansible-01 systemd[1]: Starting SYSV: ...
5月 27 17:40:07 ansible-01 nginx[9696]: Starting Nginx...
5月 27 17:40:07 ansible-01 systemd[1]: Started SYSV: h...
Hint: Some lines were ellipsized, use -l to show in full.
到这里,源码编译安装nginx成功
二、环境准备
新建目录,用于存放关于ansible自动安装nginx的数据和yml的文件
[root@ansible-01 ~]# cd /etc/ansible/
[root@ansible-01 ansible]# mkdir nginx_install/
在目录下面还要创建多个目录
[root@ansible-01 ansible]# cd nginx_install/
[root@ansible-01 nginx_install]# ls
在nginx_install下面在创建一个roles目录,roles目录下面还有common和install目录,这两个目录下面分别都有handles,files,meta,tasks,templates,vars目录
roles下:
common:为一些准备操作,
install:是安装nginx上午操作
以上两个目录下:
handlers:是当发生改变时要执行的操作,通常用在配置文件发生改变,重启服务。
files:为安装时用到的一些问价,
meta:为说明信息,说明校色依赖等信息
tasks:里面是核心的配置文件
templates:通常存一些配置文件,启动脚本等模板文件
vars:定义的变量
[root@ansible-01 nginx_install]# mkdir -p roles/{common,install}/{handlers,files,meta,tasks,templates,vars}
[root@ansible-01 nginx_install]# ls
roles
[root@ansible-01 nginx_install]# cd roles/
[root@ansible-01 roles]# ls
common install
然后把存放服务数据的nginx目录打包,移到/etc/ansible/nginx_install/roles/install/files/目录里
[root@ansible-01 ~]# cd /usr/local/
[root@ansible-01 local]# ls
bin etc html lib libexec nginx share
conf games include lib64 logs sbin src
[root@ansible-01 local]# tar -zcvf nginx.tar.gz nginx/
[root@ansible-01 local]# mv nginx.tar.gz /etc/ansible/nginx_install/roles/install/files/
把配置文件和启动脚本都移动到/etc/ansible/nginx_install/roles/install/templates/里
[root@ansible-01 local]# cd nginx/
[root@ansible-01 nginx]# ls
client_body_temp html sbin
conf logs scgi_temp
fastcgi_temp proxy_temp uwsgi_temp
[root@ansible-01 nginx]# cp conf/nginx.conf /etc/ansible/nginx_install/roles/install/templates/
[root@ansible-01 nginx]# cp /etc/init.d/nginx /etc/ansible/nginx_install/roles/install/templates/
三、编写需要的yml文件
所有的编写都在我们之前创建的关于ansible自动安装的目录里,即/etc/ansible/nginx_install里
1、编写安装依赖的yml文件(在存放依赖的common目录的tasks里,文件名:main.yml)
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/roles/common/tasks/main.yml
- name: install initializtion requre software
yum: name={{ item }} state=installed
with_items:
- zlib-devel
- pcre-devel
~
~
~
~
~
~
~
~
<le/nginx_install/roles/common/tasks/main.yml" 5L, 133C 已写入
2、编写定义所需的变量
编写目录是安装目录(install)的存放变量的目录(vars),文件名是,main.yml
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/roles/install/vars/main.yml
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx
~
~
~
<ble/nginx_install/roles/install/vars/main.yml" 3L, 63C 已写入
3、编写压缩包处理的文件(在安装目录install的tasks里,和第四,第五个文件一起)
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/roles/install/tasks/copy.yml
- name: Copy Nginx Software
copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root
- name: Uncompression Nginx Software
shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/
- name: Copy Nginx Start Script
template: src=nginx dest=/etc/init.d/nginx owner=root group=root mode=0755
- name: Copy Nginx Config
template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root m
ode=0644
~
~
~
~
~
~
~
<e/nginx_install/roles/install/tasks/copy.yml" 8L, 411C 已写入
4、编写创建用户的文件(和第三个一起)
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/roles/install/tasks/install.yml
- name: Create Nginx User
user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin
- name: Start Nginx Service
shell: /etc/init.d/nginx start
- name: Add Boot start Nginx service
shell: chkconfig --level 345 nginx on
- name: Delete Nginx compression files
shell: rm -rf /tmp/nginx.tar.gz
~
~
~
~
~
~
<ginx_install/roles/install/tasks/install.yml" 8L, 315C 已写入
5、调用copy.yml和install.yml(和第三,第四个一起)
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/roles/install/tasks/main.yml
- include: copy.yml
- include: install.yml
~
~
~
~
~
~
~
<le/nginx_install/roles/install/tasks/main.yml" 3L, 44C 已写入
6、编写入口文件,即终极文件
[root@ansible-01 ~]# vim /etc/ansible/nginx_install/install.yml
---
- hosts: 10.30.59.216
remote_user: root
gather_facts: True
roles:
- common
- install
~
~
~
~
~
~
~
"/etc/ansible/nginx_install/install.yml" 7L, 103C 已写入
最后执行一下就可以远程安装给nginx,但是另一台机器要确保80端口没有被占用
我的没有被占用
[root@ansible-02 local]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1077/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1338/master
tcp6 0 0 :::2222 :::* LISTEN 2459/docker-proxy
tcp6 0 0 :::8080 :::* LISTEN 3886/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1077/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1338/master
tcp6 0 0 :::8443 :::* LISTEN 3
然后执行ansible-playbook
[root@ansible-01 ~]# ansible-playbook /etc/ansible/nginx_install/install.yml
PLAY [10.30.59.216] *************************************************************
TASK [Gathering Facts] **********************************************************
ok: [10.30.59.216]
TASK [common : install initializtion requre software] ***************************
[DEPRECATION WARNING]: Invoking "yum" only once while using a loop via
squash_actions is deprecated. Instead of using a loop to supply multiple items
and specifying `name: "{{ item }}"`, please use `name: ['zlib-devel', 'pcre-
devel']` and remove the loop. This feature will be removed in version 2.11.
Deprecation warnings can be disabled by setting deprecation_warnings=False in
ansible.cfg.
ok: [10.30.59.216] => (item=[u'zlib-devel', u'pcre-devel'])
TASK [install : Copy Nginx Software] ********************************************
changed: [10.30.59.216]
TASK [install : Uncompression Nginx Software] ***********************************
[WARNING]: Consider using the unarchive module rather than running 'tar'. If
you need to use command because unarchive is insufficient you can add 'warn:
lse' to this command task or set 'command_warnings=False' in ansible.cfg to
get rid of this message.
changed: [10.30.59.216]
TASK [install : Copy Nginx Start Script] ****************************************
changed: [10.30.59.216]
TASK [install : Copy Nginx Config] **********************************************
ok: [10.30.59.216]
TASK [install : Create Nginx User] **********************************************
changed: [10.30.59.216]
TASK [install : Start Nginx Service] ********************************************
changed: [10.30.59.216]
TASK [install : Add Boot start Nginx service] ***********************************
changed: [10.30.59.216]
TASK [install : Delete Nginx compression files] *********************************
[WARNING]: Consider using the file module with state=absent rather than running
'rm'. If you need to use command because file is insufficient you can add
'warn: false' to this command task or set 'command_warnings=False' in
ansible.cfg to get rid of this message.
changed: [10.30.59.216]
PLAY RECAP **********************************************************************
10.30.59.216 : ok=10 changed=7 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
[root@ansible-01 ~]#
再次查看另一台的端口,看nginx是否安装启动成功
[root@ansible-02 ~]# netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 32668/nginx: master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1077/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1338/master
tcp6 0 0 :::2222 :::* LISTEN 2459/docker-proxy
tcp6 0 0 :::8080 :::* LISTEN 3886/docker-proxy
tcp6 0 0 :::22 :::* LISTEN 1077/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1338/master
tcp6 0 0 :::8443 :::* LISTEN 3874/docker-proxy
可以看到有了nginx的端口,说明自动化安装nginx成功
以上是关于ansiblie自动化安装nginx的主要内容,如果未能解决你的问题,请参考以下文章