标签：root   play   nginx配置文件   lan   event   sync   配置   reg   class   

使用roles部署web nginx

环境

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
	1.安装nginx
	2.拷贝nginx配置文件
	3.拷贝nginx虚拟主机配置
	4.启动nginx

推送公钥

1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81

ansible优化

1.下载
[root@m01 ~]#  yum install -y ansible
2.优化
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False

配置主机清单

[root@m01 ~]# vim /root/ansible/hosts 
#[]标签名任意，但是最好不要用特殊符号（- | &）和大写字母，中文（不能是nginx）
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass=‘1‘

nginx配置文件

user  {{ ww_w }};
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  ‘$remote_addr - $remote_user [$time_local] "$request" ‘
                      ‘$status $body_bytes_sent "$http_referer" ‘
                      ‘"$http_user_agent" "$http_x_forwarded_for"‘;

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

站点目录

123

nginx server

server {
	listen {{nginx_wp_port}};
	server_name {{wp_com}};
	root {{wp_site_directory}};
	index index.html index.php;
 
	location ~ \.php$ {
		fastcgi_pass   {{ php_ip_point }};
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		}
}
---------------------------------------------------------------------

server {
	listen {{nginx_zh_port}};
	server_name {{zh_com}};
	root {{zh_site_directory}};
	index index.html;
 
	location ~ \.php$ {
		fastcgi_pass   {{ php_ip_point }};
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		}
}

创建角色

[root@m01 roles]# ansible-galaxy init nginx_web

编辑tasks目录

1.安装nginx
[root@m01 nginx_web]# vim tasks/install.yml 
- name: check {{ nginx_packages_name }}
  shell: "ls /tmp/nginx-1.18.0"
  ignore_errors: yes
  register: check_nginx_packages

- name: jieya {{ nginx_packages_name }}
  unarchive:
    src: "nginx-1.18.0.tar.gz"
    dest: "{{nginx_packages_pos}}"
  when: check_nginx_packages != 0

- name: check nginx
  shell: "rpm -q nginx"
  ignore_errors: yes
  register: check_nginx

- name: Install Nginx Server
  yum:
    name:
      - "/tmp/nginx-1.18.0/nginx-1.18.0-1.el7.ngx.x86_64.rpm"
  when: check_nginx.rc != 0
2.创建www统一 的用户
[root@m01 nginx_web]# vim tasks/useradd.yml 
- name: panduan "{{ ww_w }}"
  shell: ‘id {{ ww_w }}‘
  ignore_errors: yes
  register: id_www

- name: Create {{ ww_w }} Group
  group:
    name: "{{ ww_w }}"
    gid: "{{ uid_gid }}"
    state: present
  when: id_www.rc != 0

- name: Create {{ ww_w }} User
  user:
    name: "{{ ww_w }}"
    uid: "{{ uid_gid }}"
    group: "{{ ww_w }}"
    shell: /sbin/nologin
    create_home: false
  when: id_www.rc != 0
3.创建站点目录
[root@m01 nginx_web]# vim tasks/dir.yml 
- name: create {{site_directory}}
  file:
    path: "{{ site_directory }}"
    state: directory
    owner: "{{ ww_w  }}"
    group: "{{ ww_w }}"
    recurse: yes
4.拷贝HTML页面
[root@m01 nginx_web]# vim tasks/html.yml 
- name: Create web index.html
  copy:
    src: "1.html"
    dest: /code/index.html
    owner: www
    group: www
    mode: 0644
[root@m01 nginx_web]# vim tasks/copy.yml 

5.拷贝配置文件
- name: copy nginx.conf
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
  with_items:
    - { src: "nginx.conf.j2",dest: "/etc/nginx/nginx.conf" }
    - { src: "default.j2",dest: "/etc/nginx/conf.d/default.conf" }
  notify:
    - "reload nginx"
6.启动nginx
[root@m01 nginx_web]# vim tasks/start.yml 
- name: start nginx
  service:
    name: nginx
    state: started
    enabled: true
7.include
[root@m01 nginx_web]# vim tasks/main.yml 
- include: install.yml
- include: useradd.yml
- include: copy.yml
- include: dir.yml
- include: html.yml
- include: start.yml
8.编辑变量
[root@m01 nginx_web]# vim vars/main.yml 
#统一的用户
ww_w: www
#uid gid
uid_gid: 666
#wordpress和wecenter端口
nginx_wp_port: 80
nginx_zh_port: 80
#站点目录
site_directory: "/code"
wp_site_directory: "/code/wordpress"
zh_site_directory: "/code/WeCenter"
#PHP所在主机ip和端口
php_ip_point: "127.0.0.1:9000"
#nginx压缩包解压后的目录名
nginx_packages_name: "nginx-1.18.0"
#nginx压缩包解压后的位置
nginx_packages_pos: "/tmp"

编辑入口文件

[root@m01 roles]# vim site.yml 
- hosts: all
  roles:
    #- { role: base }
    #- { role: rsync_client,when: ansible_fqdn is match ‘web*‘ }
    #- { role: rsync_client,when: ansible_fqdn is match ‘nfs*‘ }
    #- { role: rsync_server,when: ansible_fqdn is match ‘backup*‘ }
    #- { role: nfs_server,when: ansible_fqdn is match ‘nfs*‘ }
    #- { role: nfs_client,when: ansible_fqdn is match ‘web*‘ }
    #- { role: mount_server,when: ansible_fqdn is match ‘nfs*‘ }
    #- { role: mount_client,when: ansible_fqdn is match ‘web*‘ }
    #- { role: sersync,when: ansible_fqdn is match ‘web*‘ }
    - { role: nginx_web,when: ansible_fqdn is match ‘web*‘ }

执行

[root@m01 roles]# ansible-playbook site.yml 

web-nginx

标签：root   play   nginx配置文件   lan   event   sync   配置   reg   class   

原文地址：https://www.cnblogs.com/syy1757528181/p/13166167.html