Ansible-完成运维架构并代码上线

0、架构规划图

1、配置基础环境

2、配置rsync远程备份 "[rsync]"

(1)roles/rsync/tasks/main.yml

# rsync 服务端
# 修改配置文件
echo '
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false 
list = false
auth users = rsync_backup 
secrets file = /etc/rsync.passwd
[data]  
path = /data
' > /etc/rsyncd.conf

# 创建虚拟验证密码文件
echo '
rsync_backup:1
' > /etc/rsync.passwd
chmod 600 /etc/rsync.passwd

# 创建备份目录
mkdir /data
chown www.www /data

# 启动服务并加入开机自启
systemctl start rsyncd
systemctl enable rsyncd
- name: Modify rsync_server configure
  template:
    src: rsyncd.conf.j2
    dest: /etc/rsyncd.conf
  notify: Restart rsyncd

- name: Create virtual user_password_file
  template:
    src: rsync.passwd.j2
    dest: /etc/rsync.passwd
    mode: '600'

- name: Create backup_directory
  file:
    path: /data
    state: directory
    owner: www
    group: www

- name: Start rsyncd server
  systemd:
    name: rsyncd
    state: started
    enabled: yes

(2)roles/rsync/handlers/main.yml

# 重启rsync服务端,使配置文件生效
systemctl restart rsyncd
- name: Restart rsyncd
  systemd:
    name: rsyncd
    state: restarted

(3)roles/rsync/templates/rsyncd.conf.j2

# 此为rsync虚拟用户的密码验证文件
rsync_backup:1

(4)roles/rsync/templates/rsync.passwd.j2

uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false 
list = false
auth users = rsync_backup 
secrets file = /etc/rsync.passwd
[data]  
path = /data

3.配置nfs服务端 "[nfs]"

(1)roles/nfs/tasks/main.yml

# 配置文件中指定共享目录
echo '
/data/zh    172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/kod   172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

/data/zrlog 172.16.1.0/24(rw,sync,all_squash,anonuid=53,anongid=53)
' > /etc/exports

# 创建共享目录
mkdir /data/{zh,zrlog,kod} -p
chown www.www -R /data
chown tomcat.tomcat -R /data/kod

# 启动服务并加入开机自启
systemctl start nfs
systemctl enable nfs

(2)roles/nfs/handlers/main.yml

# 重启nfs服务端使配置文件生效
systemctl restart nfs
- name: Restart nfs
  systemd:
    name: nfs
    state: restarted

(3)roles/nfs/templates/exports.j2

/data/zh     172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/kod    172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)

/data/zrlog  172.16.1.0/24(rw,sync,all_squash,anonuid=53,anongid=53)

4.布署lsync实时同步 "[nfs]"

(1) roles/lsync/tasks/main.yml

# 安装lsyncd
yum -y install lsyncd

# 配置/etc/lsyncd.conf
echo '
settings {
 logfile = "/var/log/lsyncd/lsyncd.log",
 statusFile = "/var/log/lsyncd/lsyncd.status",
 inotifyMode = "CloseWrite",
 maxProcesses = 8,
}

sync {
 default.rsync,
 source = "/data",
 target = "rsync_backup@172.16.1.41::data",
 delete= true,
 exclude = { ".*" },
 delay = 1,

rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/rsync.pwd",
    _extra = {"--bwlimit=200"}
    }
}
' > /etc/lsyncd.conf

# 创建密码验证文件
echo '1' > /etc/rsync.pwd
chmod 600 /etc/rsync.pwd

# 启动服务并加入开机自启
systemctl start lsyncd
systemctl enable lsyncd
- name: Install lsyncd
  yum:
    name: lsyncd
    state: installed

- name: Modiry lsyncd configure
  template:
    src: lsyncd.conf.j2
    dest: /etc/lsyncd.conf
  notify: Restart lsyncd

- name: Create virtual_user_password_file
  template:
    src: rsync.pwd.j2
    dest: /etc/rsync.pwd
    mode: '600'

- name: Start lsyncd
  systemd:
    name: lsyncd
    state: started
    enabled: yes

(2)roles/lsync/handlers/main.yml

# 重启lsync服务,使配置文件生效
systemctl restart lsyncd
- name: Restart lsyncd
  systemd:
    name: lsyncd
    state: restarted

(3)roles/lsymc/templates/lsyncd.conf.j2

# 此内容为lsyncd的配置文件
settings {
 logfile = "/var/log/lsyncd/lsyncd.log",
 statusFile = "/var/log/lsyncd/lsyncd.status",
 inotifyMode = "CloseWrite",
 maxProcesses = 8,
}

sync {
 default.rsync,
 source = "/data",
 target = "rsync_backup@172.16.1.41::data",
 delete= true,
 exclude = { ".*" },
 delay = 1,

rsync = {
    binary = "/usr/bin/rsync",
    archive = true,
    compress = true,
    verbose = true,
    password_file = "/etc/rsync.pwd",
    _extra = {"--bwlimit=200"}
    }
}

(4)roles/lsync/templates/rsync.pwd.j2

# 此内容为rsync虚拟用户的验证密码
1

5. 布署nginx web服务 "[web] and [nginx-proxy]"

(1) roles/nginx/tasks/main.yml

# 安装nginx
yum install nginx -y 

# 修改配置文件
sed -i '/user  nginx/c user  www ;' /etc/nginx/nginx.conf 

# 启动服务并加入开机自启
systemctl start nginx
systemctl enable nginx
- name: Install nginx
  yum:
    name: nginx
    state: installed

- name: Modify start_user
  replace:
    path: /etc/nginx/nginx.conf
    regexp: '^user  nginx'
    replace: 'user  www'
  notify: Restart nginx

- name: Start nginx
  systemd:
    name: nginx
    state: started
    enabled: yes

(2) roles/nginx/handlers/main.yml

# 重启nginx服务,使配置文件生效
systemctl restart nginx
- name: Restart nginx
  systemd:
    name: nginx
    state: restarted

6. 布署php服务 "[web]"

(1) roles/php/tasks/main.yml

# 安装php及扩展
yum -y install php72w \
php72w-cli \
php72w-fpm \
php72w-common \
php72w-devel \
php72w-embedded \
php72w-gd \
php72w-mbstring \
php72w-mysqlnd \
php72w-opcache \
php72w-pdo  \
php72w-xml  \
php72w-mysqlnd  \
php72w-pecl-memcached \
php72w-pecl-mongodb   \
php72w-pecl-redis     \
php72w-pecl-zip       \
php72w-bcmath

# 修改配置文件
sed -i '/^user =/cuser = www' /etc/php-fpm.d/www.conf
sed -i '/^group =/cgroup = www' /etc/php-fpm.d/www.conf

# 启动服务并加入开机自启
systemctl start php-fpm
systemctl enable php-fpm
- name: Install php and depend
  yum:
    name: "{{ item }}"
    state: installed
  loop:
    - php72w
    - php72w-cli
    - php72w-fpm
    - php72w-common
    - php72w-devel
    - php72w-embedded
    - php72w-gd
    - php72w-mbstring
    - php72w-mysqlnd
    - php72w-opcache
    - php72w-pdo
    - php72w-xml
    - php72w-mysqlnd
    - php72w-pecl-memcached
    - php72w-pecl-mongodb
    - php72w-pecl-redis
    - php72w-pecl-zip
    - php72w-bcmath

- name: Modify www.conf
  copy:
    src: www.conf
    dest: /etc/php-fpm.d/www.conf
  notify: Restart php

- name: Modify php.ini
  copy:
    src: php.ini
    dest: /etc/php.ini
  notify: Restart php

- name: Start php
  systemd:
    name: php-fpm
    state: started
    enabled: yes

(2)roles/php/handlers/main.yml

# 重启php使配置文件生效
systemctl restart php-fpm
- name: Restart php
  systemd:
    name: php-fpm
    state: restarted

(3)roles/php/files/php.ini

...
..
.
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = redis
session.save_path = 'tcp://172.16.1.51:6379?weight=1&timeout=2.5'
.
..
...

(4)roles/php/files/www.conf

[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_value[session.save_handler] = files
;php_value[session.save_path]    = /var/lib/php/session
php_value[soap.wsdl_cache_dir]  = /var/lib/php/wsdlcache

7.布署mariadb服务 "[mariadb]"

(1)roles/mariadb/tasks/main.yml

# mariadb安装后,默认不需要密码,在此也不设置
# 安装数据库
yum -y install mariadb mariadb-server

# 启动数据库并加入开机自启动
systemctl start mariadb
systemctl enable mariadb

# mariadb数据库内创建zrlog、zh库,并授权用户和主机
create database zrlog;
create database zh;

grant all on zrlog.* to zrlog@'%' identified by '123456';
grant all on zh.* to zh@'%' identified by '123456';


flush privileges;

# 上传zrlog、zh 数据库文件至/tmp目录(过程略)
# 导入zrlog、zh 数据库文件至mariadb数据库中
mysql < zrlog.sql
mysql < zh.sql
- name: Install maridb
  yum:
    name: "{{ item }}"
    state: installed
  loop:
      - mariadb
      - mariadb-server

- name: Start mariadb
  systemd:
    name: mariadb
    state: started
    enabled: yes

- name: Create new databases with names 'zrlog' and 'zh'
  mysql_db:
    name: "{{ item }}"
    state: present
  loop:
      - zrlog
      - zh

- name: Create remote user zh and zrlog
  mysql_user:
    name: "{{ item.name }}"
    host: '%'
    password: "123456"
    priv: "{{ item.priv }}"
    state: present
  loop:
    - { name: zh , priv: 'zh.*:ALL' }
    - { name: zrlog , priv: 'zrlog.*:ALL' }

- name: Remote send database_data 'zh.sql and zrlog.sql'
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: zh.sql.j2 , dest: /tmp/zh.sql }
    - { src: zrlog.sql.j2 , dest: /tmp/zrlog.sql }

- name: Restore database
  mysql_db:
    name: "{{ item.name }}"
    state: import
    target: "{{ item.target }}"
  loop:
    - { name: zh , target: /tmp/zh.sql }
    - { name: zrlog , target: /tmp/zrlog.sql }

(2)roles/mariadb/files/

zh.sql.j2
zrlog.sql.j2

8.布署redis服务

(1)roles/redis/tasks/main.yml

`# 安装redis
yum -y install redis

`# 配置redis服务
sed -i '/bind 127.0.0.1/cbind 127.0.0.1 172.16.1.51' /etc/redis.conf

`# 启动服务并加入自启动
systemctl start redis
systemctl enable redis
- name: Install redis
  yum:
    name: redis
    state: installed

- name: Configure redis
  replace:
    path: /etc/redis.conf
    regexp: '^# bind 127.0.0.1$'
    replace: 'bind 127.0.0.1 172.16.1.51'
  notify: Restart redis

- name: Start redis
  systemd:
    name: redis
    state: started
    enabled: yes

(2)roles/redis/handlers/main.yml

# 重启redis服务,使配置文件生效
systemctl restart redis
- name: Restart redis
  systemd:
    name: redis
    state: restarted

9.布署keepalivd高可用服务 "[keepalivd]"

(1)roles/keepalivd/tasks/main.yml

# nopreempt不抢占,只有在主备都是backup模式时才生效;
# 安装keepalived
yum -y install keepalived

# 编辑nginx监控脚本(Master and Backup)
mkdir /scripts
echo '
#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
        systemctl stop keepalived
fi     
' > /scripts/montoring_nginx.sh
chmod o+x /scripts/montoring_nginx.sh

# 配置keepalived (Master端)
echo '
global_defs {
     router_id 10.0.0.5
}

vrrp_script check_web {
	script "/scripts/montoring_nginx.sh" 
	interval 5  
	weight 2 
}

vrrp_instance VIP_1 {
  	state BACKUP 
  	interface eth0
  	lvs_sync_daemon_inteface eth0
  	virtual_router_id 152
  	priority 100
  	nopreempt 
  	advert_int 1

 	 authentication {
 	       auth_type PASS
 	       auth_pass 1111
 	 }
 	 virtual_ipaddress {
 		10.0.0.3/24 dev eth0 lavel eth0:1
 	 }
 	 track_script { 
 	       check_web	
 	 }
}
' > /etc/keepalived/keepalived.conf

# 配置keepalived (backup端)
echo '
global_defs {
     router_id 10.0.0.6
}

vrrp_script check_web {
	script "/scripts/montoring_nginx.sh" 
	interval 5  
	weight 2 
}

vrrp_instance VIP_1 {
  	state BACKUP 
  	interface eth0
  	lvs_sync_daemon_inteface eth0
  	virtual_router_id 152
  	priority 90
  	nopreempt 
  	advert_int 1

 	 authentication {
 	       auth_type PASS
 	       auth_pass 1111
 	 }
 	 virtual_ipaddress {
 		10.0.0.3/24 dev eth0 lavel eth0:1
 	 }
 	 track_script { 
 	       check_web	
 	 }
}
' > /etc/keepalived/keepalived.conf

# 启动服务并加入自启动 (Master and Backup)
systemctl start keepalived
systemctl enable keepalived
- name: Install keepalived
  yum:
    name: keepalived
    state: installed

- name: Create scripts directory
  file:
    path: /scripts
    state: directory

- name: Remote pull script file
  copy:
    src: montoring_nginx.sh
    dest: /scripts/montoring_nginx.sh
    mode: 777

- name: Edit keepalived configure
  template:
    src: keepalived.conf.j2
    dest: /etc/keepalived/keepalived.conf
  notify: Restart keepalived

- name: Start keepalived
  systemd:
    name: keepalived
    state: started
    enabled: yes

(2)roles/keepalived/handlers/main.yml

# 重启服务,使配置生效
systemctl restart keepalived
- name: Restart keepalived
  systemd:
    name: keepalived
    state: restarted

(3)roles/keepalived/files/montoring_nginx.sh

#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
        systemctl stop keepalived
fi    

(4)roles/keepalived/templates/keepalived.conf.j2

global_defs {
     router_id {{ ansible_hostname }}
}

vrrp_script check_web {
	script "/scripts/montoring_nginx.sh" 
	interval 5  
	weight 2 
}

vrrp_instance VIP_1 {
{% if ansible_hostname == "nginx_proxy1" %}
        priority 100
{% elif ansible_hostname == "nginx_proxy2" %}
        priority 90
{% endif %}
  	state BACKUP 
  	interface eth0
  	lvs_sync_daemon_inteface eth0
  	virtual_router_id 152
  	nopreempt 
  	advert_int 1

 	 authentication {
 	       auth_type PASS
 	       auth_pass 1111
 	 }
 	 virtual_ipaddress {
 		10.0.0.3/24 dev eth0 lavel eth0:1
 	 }
 	 track_script { 
 	       check_web	
 	 }
}

10.布署tomcat服务 "[tomcat]"

(1) roles/tomcat/tasks/main.yml

# 安装tomcat (web1 web2 web3)
yum -y install tomcat

# 修改配置文件使站点目录支持软连接
sed -i '/^<Context>/c<Context allowLinking="true">' /etc/tomcat/context.xml 


# 启动服务并加入自启动
systemctl start tomcat
systemctl enable tomcat
- name: Install tomcat
  yum:
    name: tomcat
    state: installed

- name: Modify tomcat configure on context.xml
  replace
    path: /etc/tomcat/context.xml
    regexp: '/^<Context>'
    replace: '/<Context allowLinking="true">'
  notify: Restart tomcat

- name: Start tomcat
  systemd:
    name: tomcat
    state: started
    enabled: yes

(2)roles/tomcat/tasks/main.yml

# 重启服务,使配置文件生效
systemctl restart tomcat
- name: Restart tomcat
  systemd:
    name: tomcat
    state: restarted

11.配置chronyd时间同步服务

(1)服务端,手动配置

`# 编辑chrony时间同步服务端配置文件,指定可以进行时间同步的网段
sed -i '/^#allow 192/aallow 172.16.1.0/24' /etc/chrony.conf

`# 启动服务并加入自启动
systemctl start chronyd
systemctl enable chronyd

(2)客户端批量执行,roles/chrony/tasks/main.yml

`# 指定时间同步服务端
sed  -i '/server [0-3]./s/^/&#/g' /etc/chrony.conf
sed  -i '/#server 3./aserver 172.16.1.41 iburst' /etc/chrony.conf

`# 启动服务并加入自启动
systemctl start chronyd
systemctl enable chronyd
- name: Edit chrony_server configure
  copy:
    src: chrony.conf
    dest: /etc/chrony.conf
  notify: Restart chronyd

- name: Start chrony
  systemd:
    name: chronyd
    state: started
    enabled: yes

(3)客户端批量执行,roles/chrony/hanlers/main.yml

# 重启chronyd使配置生效
systemctl restart chronyd
- name: Restart chronyd
  systemd:
    name: chronyd
    state: restarted

(3)客户端批量执行,roles/chrony/files/

chrony.conf

12.布署kodcloud 服务 "[web]"

(1)roles/kodcloud/tasks/main.yml

`# 创建虚拟主机
echo '
server {
        listen 80;
        server_name kod.imscz.com;
        root /code/kod;

        location / {
                index   index.php index.html;

        }
        location ~ .*\.php$ {
                fastcgi_pass    127.0.0.1:9000;
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include         fastcgi_params;
                #fastcgi_param   HTTPS on;
        }
}
' > /etc/nginx/conf.d/kod.imscz.com.conf

`# 创建站点目录
mkdir /code/kod -p

`# 上传可道云源码至站点目录
cd /code/kod
sz...略
tar -xzvf kod.tar.gz
chown www.www -R /code/kod


`# 重启nginx服务
systemctl restart nginx
- name: Create kod virtual hosts
  copy:
    src: kod.imscz.com.conf
    dest: /etc/nginx/conf.d/kod.imscz.com.conf

- name: Create site directory
  file:
    path: /code/kod
    state: directory
    recurse: yes
    owner: www
    group: www

- name: Upload kod source_code
  unarchive:
    src: kod.tar.gz
    dest: /code/kod
    owner: www
    group: www

- name: Create nfs_mount_directory
  file:
    path: /mnt/kod
    state: directory
    owner: www
    group: www
    recurse: yes

- name: Mount nfs_share_directory to local_mount_directory
  mount:
    src: 172.16.1.31:/data/kod
    path: /mnt/kod
    fstype: nfs
    state: mounted

- name: Restart nginx
  systemd:
    name: nginx
    state: restarted

(2)roles/kodcloud/files/

# 虚拟主机配置文件
kod.imscz.com.conf

# 可道云源码布署压缩包,此包为提前部署好的源码进行压缩而成
kod.tar.gz

13.部署WeCenter服务 "[web]"

(1)roles/WeCenter/tasks/main.yml

echo '
server {
        listen 80;
        server_name zh.imscz.com;
        root /code/zh;
        client_max_body_size 20M;

        location / {
                index   index.php index.html;

        }
        location ~ .*\.php$ {
                fastcgi_pass    127.0.0.1:9000;
                fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include         fastcgi_params;
                #fastcgi_param   HTTPS on;
        }
}
' > /etc/nginx/conf.d/zh.imscz.com.conf

# 创建站点目录
mkdir /code/zh -p

# 上传知乎源码至站点目录
cd /code/zh
sz...略
tar -xzvf zh.tar.gz
chown www.www -R /code/zh

# 创建zh的nfs共享挂载目录
mkdir /mnt/zh

# 挂载zh的nfs共享目录
mount -t nfs 172.16.1.31:/data/zh /mnt/zh

# 重启nginx服务
systemctl restart nginx
- name: Create WeCenter virtual host
  copy:
    src: zh.imscz.com.conf
    dest: /etc/nginx/conf.d/zh.imscz.com.conf

- name: Create zh site_directory
  file:
    path: /code/zh
    state: directory
    owner: www
    group: www
    recurse: yes

- name: Uplod zh_source_code
  unarchive:
    src: zh.tar.gz
    dest: /code/zh
    owner: www
    group: www

- name: Create zh_mount_directory
  file:
    path: /mnt/zh
    state: directory
    owner: www
    group: www
    recurse: yes

- name: Remote mount nfs_share_directory to zh_mount_directory
  mount:
    src: 172.16.1.31:/data/zh
    path: /mnt/zh
    fstype: nfs
    state: mounted

- name: Restart nginx
  systemd:
    name: nginx
    state: retarted

(2)roles/WeCenter/files/

zh.imscz.com.conf
zh.tar.gz

14.部署zrlog服务 "[web]"

(1)roles/zrlog/tasks/main.yml

# 上传源码包至tomcat站点目录,并解压
cd /usr/share/tomcat/webapps
sz...略
tar -xzvf zrlog.tar.gz
chown tomcat.tomcat . -R

# 重启服务
systemctl restart tomcat
- name: Upload zrlog_source to tomcat
  unarchive:
    src: zrlog.tar.gz
    dest: /usr/share/tomcat/webapps
    owner: tomcat
    group: tomcat

- name: Create zrlog_mount_directory
  file:
    path: /mnt/zrlog
    state: directory
    owner: tomcat
    group: tomcat
    recurse: yes

- name: Mount nfs_share_directory to zrlog_mount_directory
  mount:
    src: 172.16.1.31:/data/zrlog
    path: /mnt/zrlog
    fstype: nfs
    state: mounted

- name: Restart tomcat
  systemd:
    name: tomcat
    state: restarted

15.配置nginx-proxy负载均衡 "[nginx-proxy]"

(1)roles/nginx-proxy/tasks/main.yml

`# 自定义传输请求头信息的参数文件
echo '
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
' > /etc/nginx/proxy_params

`# 创建测试https协议密钥文件
mkdir /etc/nginx/ssl_key
cd /etc/nginx/ssl_key/
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=IMSCZ"
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt

`# 创建负载均衡后端代理文件 (kod)
echo '
upstream http_kod {
server 172.16.1.7:80;
}
server {
	listen 443 ssl;
	server_name kod.imscz.com;
	ssl_certificate ssl_key/server.crt;
	ssl_certificate_key ssl_key/server.key;
	
	charset utf8;
	location / {
		proxy_pass http://http_kod;
		include proxy_params;
	}
}
server {
	listen 80;
	server_name kod.imscz.com;
	return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/kod.imscz.com


`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zh {
server 172.16.1.7:80;
}
server {
		listen 443 ssl;
		server_name zh.imscz.com;
		ssl_certificate ssl_key/server.crt;
		ssl_certificate_key ssl_key/server.key;
	
		charset utf8;
	location / {
		proxy_pass http://http_zh;
		include proxy_params;
	}
}
server {
	listen 80;
	server_name zh.imscz.com;
	return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zh.imscz.com

`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zrlog {
server 172.16.1.7:8080;
}
server {
		listen 443 ssl;
		server_name zrlog.imscz.com;
		ssl_certificate ssl_key/server.crt;
		ssl_certificate_key ssl_key/server.key;
	
		charset utf8;
	location / {
		proxy_pass http://http_zrlog;
		include proxy_params;
	}
}
server {
	listen 80;
	server_name zrlog.imscz.com;
	return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zrlog.imscz.com
- name: Create require_head proxy_params file
  copy:
    src: proxy_params
    dest: /etc/nginx/proxy_params

- name: Create ssl_key directory
  file:
    path: /etc/nginx/ssl_key
    state: directory

- name: Remote send server.crt of ssl_key
  copy:
    src: server.crt
    dest: /etc/nginx/ssl_key/server.crt

- name: Remote send server.key of ssl_key
  copy:
    src: server.key
    dest: /etc/nginx/ssl_key/server.key

- name: Create lb virtual_hosts of ( kod zh zrlog )
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  loop:
    - { src: kod.oldxu.com.conf , dest: /etc/nginx/conf.d/kod.cldxu.com.conf }
    - { src: zh.oldxu.com.conf , dest: /etc/nginx/conf.d/zh.cldxu.com.conf }
    - { src: zrlog.oldxu.com.conf , dest: /etc/nginx/conf.d/zrlog.cldxu.com.conf }

- name: Restart nginx
  systemd:
    name: nginx
    state: restarted

(2)roles/nginx-proxy/files/

proxy_params
server.crt
server.key
zh.oldxu.com.conf
kod.oldxu.com.conf
zrlog.oldxu.com.conf
posted @ 2020-01-02 15:46  IMSCZ  阅读(479)  评论(0编辑  收藏  举报