使用Ansible自动配置Nginx服务
1、首先安装好Ansible环境,具体步骤请见Ansible安装
2、先创建hosts文件(为后面编写脚本安装JDK做铺垫)
[root@localhost /]# vi hosts
[jdktest]
192.168.186.133 ansible_ssh_user=guxiong ansible_ssh_pass=private
192.168.186.134 ansible_ssh_user=guxiong ansible_ssh_pass=private
注:记得/etc/ansible/hosts也要加入
3、创建文件夹
[root@localhost /]#
makedir roles
nginx-install
default
files
ngnix-install
nginx-install.tar.gz
handler
meta
tasks main.yml
templates install-nginx.sh nginx.conf
vars main.yml
4、编辑tasks下面的main.yml
- name: create direc
shell: mkdir -p {{ nginx_path }}
- name: copy nginx file to remote client
copy: src=nginx-install.tar.gz dest=/home/{{ user }}
- name: untar nginx
shell: tar -zxf nginx-install.tar.gz
- name: configure install-nginx.sh user template
template: src=install-nginx.sh dest=/home/{{ user }}/nginx-install/install-nginx.sh
- name: cd install direc and excu install
shell: cd /home/{{ user }}/nginx-install && sh install-nginx.sh
- name: configure nginx.conf use template
template: src=nginx.conf dest={{ nginx_path }}/conf/nginx.conf
- name: rm nginxfiles
shell: rm -rf /home/{{ user }}/nginx-install*
5、编辑templates下的 install-nginx.sh
#!/bin/bash
mkdir -p {{ nginx_path }}
cd nginx-1.9.3-hide-version
./configure --prefix={{ nginx_path }} --with-http_ssl_module --with-http_gunzip_module --with-http_stub_status_module --with-http_gzip_static_module --with-zlib=../zlib-1.2.8 --with-pcre=../pcre-8.38 --add-module=../nginx_upstream_check_module-master --add-module=../ngx_cache_purge-2.3 && make && make install
sleep 6
exit 0
nginx.conf
#user nobody;
worker_processes 4;
error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$upstream_cache_status"';
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
server_tokens off;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
proxy_connect_timeout 60;
proxy_read_timeout 30;
proxy_send_timeout 60;
proxy_buffer_size 4k;
proxy_buffers 32 4k;
proxy_busy_buffers_size 8k;
proxy_temp_file_write_size 512k;
proxy_next_upstream http_500 http_502 http_503 error invalid_header;
proxy_temp_path {{ nginx_path }}/proxy_temp;
proxy_cache_path {{ nginx_path }}/proxy_cache
levels=1:2 keys_zone=cache_one:100m inactive=2d max_size=2g;
upstream test {
server 192.168.186.133:8080;
server 192.168.186.134:8080;
check interval=3000 rise=2 fall=5 timeout=1000 type=tcp;
ip_hash;
}
server {
listen {{ nginx_port }};
server_name {{ nginx_host }};
check_status;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
# root html;
# index index.html index.htm;
proxy_pass http://test/baidu/;
}
location / {
proxy_pass http://test;
}
location ~ /purge(/.*) {
# allow 192.168.100.112;
# allow 192.168.100.64;
allow all;
# deny all;
proxy_cache_purge cache_one $host$1$is_args$args;
error_page 405 =200 /purge$1;
}
location ^~ /jenkins {
proxy_pass http://test/jenkins/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log logs/jenkins_access.log main;
}
location /status {
check_status;
access_log off;
# allow 192.168.100.64;
allow all;
deny all;
}
#error_page 404 /404.html;
location ~ .*\.(gif|jpg|png|html|css|ico|pdf) {
proxy_pass http://test;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache cache_one;
add_header Nginx-Cache $upstream_cache_status;
proxy_cache_valid 200 304 301 302 8h;
proxy_cache_valid 404 1m;
proxy_cache_valid any 2d;
proxy_cache_key $host$uri$is_args$args;
expires 30d;
access_log logs/host.access.log main;
# access_log logs/access.log main;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
6、将使用到的变量编辑vars下的main.yml
user: guxiong nginx_host: 192.168.186.134 nginx_port: 3080 nginx_path: /home/guxiong/nginx1.9.0
7、ansible-playbook安装
[root@localhost /]# ansible-playbook nginx-install.yml --extra-var "host_cluster=jdktest user=guxiong nginx_host=192.168.186.134 nginx_port=3080 nginx_path=/home/guxiong/nginx1.9.0"
PLAY [jdktest] **************************************************************** TASK: [nginx-install | create direc] ****************************************** changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | copy nginx file to remote client] ********************** changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | untar nginx] ******************************************* changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | configure install-nginx.sh user template] ************** changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | cd install direc and excu install] ********************* changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | configure nginx.conf use template] ********************* changed: [192.168.186.134] changed: [192.168.186.133] TASK: [nginx-install | rm nginxfiles] ***************************************** changed: [192.168.186.134] changed: [192.168.186.133] PLAY RECAP ******************************************************************** 192.168.186.133 : ok=7 changed=7 unreachable=0 failed=0 192.168.186.134 : ok=7 changed=7 unreachable=0 failed=0
stay hungry,stay foolish
