ansible(playbook)批量自動化部署nginx

上一篇介紹了使用playbook批量部署zabbix客戶端，當時全部的任務所有都是寫在一個playbook中，比較臃腫，且代碼不可複用。這篇文章咱們將介紹經過ansible的roles、include等模塊實現批量安裝nginx。

如下爲具體實現步驟：

一、目錄結構：

[root@deploy playbook-test]# tree
.
├── nginx.yml
└── roles
    └── nginx
    
        ├── files
        │   ├── nginx-1.8.0.tar.gz
        │   ├── nginx.service
        │   ├── openssl-1.0.1h.tar.gz
        │   ├── pcre-8.12.tar.gz
        │   └── zlib-1.2.11.tar.gz
        ├── handlers
        │   └── main.yml
        ├── tasks
        │   ├── copy.yml
        │   ├── group.yml
        │   ├── install.yml
        │   ├── main.yml
        │   ├── service.yml
        │   ├── template.yml
        │   ├── unarchive.yml
        │   └── user.yml
        ├── templates
        │   ├── nginx.conf.j2
        │   └── temp.conf.j2
        └── vars
            └── main.yml

二、代碼內容：

cat nginx.yml

[root@deploy playbook-test]# cat nginx.yml 
---
- hosts: web
  remote_user: root
  roles:
    - nginx

cat tasks/group.yml

[root@deploy nginx]# cat tasks/group.yml 
---
- name: 建立nginx組
  group: 
    name: nginx
    gid: 202
    system: yes
    state: present

cat tasks/user.yml

[root@deploy nginx]# cat tasks/user.yml 
---
- name: 建立nginx用戶
  user:
    name: nginx
    uid: 202
    group: nginx
    shell: /sbin/nologin

cat tasks/copy.yml

[root@deploy nginx]# cat tasks/copy.yml 
---
- name: 拷貝源碼包
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: "nginx-1.8.0.tar.gz", dest: "/tmp/nginx-1.8.0.tar.gz" }
    - { src: "openssl-1.0.1h.tar.gz", dest: "/tmp/openssl-1.0.1h.tar.gz" }
    - { src: "pcre-8.12.tar.gz", dest: "/tmp/pcre-8.12.tar.gz" }
    - { src: "zlib-1.2.11.tar.gz", dest: "/tmp/zlib-1.2.11.tar.gz" }

cat tasks/unarchive.yml

---
- name: 解壓源碼包
  unarchive:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    remote_src: yes
  with_items:
    - { src: "/tmp/nginx-1.8.0.tar.gz",dest: "/opt/" }
    - { src: "/tmp/openssl-1.0.1h.tar.gz",dest: "/opt/" }
    - { src: "/tmp/pcre-8.12.tar.gz",dest: "/opt/" }
    - { src: "/tmp/zlib-1.2.11.tar.gz",dest: "/opt/" }

cat tasks/install.yml

---
- name: Start Install NGINX
  shell: cd /opt/nginx-1.8.0 && ./configure --prefix=/opt/nginx --with-pcre=/opt/pcre-8.12 --with-openssl=/opt/openssl-1.0.1h --with-zlib=/opt/zlib-1.2.11 --with-http_stub_status_module --with-http_ssl_module --user=nginx --group=nginx && make && make install

cat tasks/template.yml

---
- name: 拷貝配置文件
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - { src: "nginx.conf.j2",dest: "/opt/nginx/conf/nginx.conf" }
    #- { src: "temp.conf.j2",dest: "/opt/nginx/vhosts/temp.conf" }
  notify:
    - restart nginx

cat tasks/service.yml

---
- name: 拷貝啓動腳本
  copy: src="nginx.service" dest="/lib/systemd/system/nginx.service"

cat tasks/main.yml

---
  - include: group.yml
  - include: user.yml
  - include: copy.yml
  - include: unarchive.yml
  - include: install.yml
  - include: template.yml
    tags: [conf]
  - include: service.yml

cat vars/main.yml

root@deploy nginx]# cat vars/main.yml 
---
ngxport: "8000"
server_name: "www.xxx.com"
root_dir: "/web"

cat handlers/main.yml

[root@deploy nginx]# cat handlers/main.yml
---
- name: restart nginx
  service: name=nginx state=restarted enabled=yes

cat nginx.conf.j2

user  nginx;
worker_processes  {{ ansible_processor_vcpus }};

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  2048;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       {{ ngxport }};
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   html;
            index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}
include /opt/nginx/vhosts/*.conf;
}

三、批量安裝

[root@deploy playbook-test]# ansible-playbook nginx.yml

[root@deploy playbook-test]# ansible-playbook nginx.yml 

PLAY [web] **************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [192.168.131.15]
ok: [192.168.131.10]

TASK [nginx : 建立nginx組] *************************************************************************************************************************************
ok: [192.168.131.15]
ok: [192.168.131.10]

TASK [nginx : 建立nginx用戶] ************************************************************************************************************************************
ok: [192.168.131.10]
ok: [192.168.131.15]

TASK [nginx : 開始拷貝源碼包] **************************************************************************************************************************************
changed: [192.168.131.10] => (item={u'dest': u'/tmp/nginx-1.8.0.tar.gz', u'src': u'nginx-1.8.0.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/tmp/nginx-1.8.0.tar.gz', u'src': u'nginx-1.8.0.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/tmp/openssl-1.0.1h.tar.gz', u'src': u'openssl-1.0.1h.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/tmp/openssl-1.0.1h.tar.gz', u'src': u'openssl-1.0.1h.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/tmp/pcre-8.12.tar.gz', u'src': u'pcre-8.12.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/tmp/pcre-8.12.tar.gz', u'src': u'pcre-8.12.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/tmp/zlib-1.2.11.tar.gz', u'src': u'zlib-1.2.11.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/tmp/zlib-1.2.11.tar.gz', u'src': u'zlib-1.2.11.tar.gz'})

TASK [nginx : 開始解壓源碼包] **************************************************************************************************************************************
changed: [192.168.131.15] => (item={u'dest': u'/opt/', u'src': u'/tmp/nginx-1.8.0.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/opt/', u'src': u'/tmp/nginx-1.8.0.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/opt/', u'src': u'/tmp/openssl-1.0.1h.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/opt/', u'src': u'/tmp/openssl-1.0.1h.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/opt/', u'src': u'/tmp/pcre-8.12.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/opt/', u'src': u'/tmp/pcre-8.12.tar.gz'})
changed: [192.168.131.15] => (item={u'dest': u'/opt/', u'src': u'/tmp/zlib-1.2.11.tar.gz'})
changed: [192.168.131.10] => (item={u'dest': u'/opt/', u'src': u'/tmp/zlib-1.2.11.tar.gz'})

TASK [nginx : Start Install NGINX] **************************************************************************************************************************
changed: [192.168.131.15]
changed: [192.168.131.10]

TASK [nginx : 拷貝配置文件] ***************************************************************************************************************************************
changed: [192.168.131.10] => (item={u'dest': u'/opt/nginx/conf/nginx.conf', u'src': u'nginx.conf.j2'})
changed: [192.168.131.15] => (item={u'dest': u'/opt/nginx/conf/nginx.conf', u'src': u'nginx.conf.j2'})

TASK [nginx : 開始拷貝源碼包] **************************************************************************************************************************************
changed: [192.168.131.10]
changed: [192.168.131.15]

RUNNING HANDLER [nginx : restart nginx] *********************************************************************************************************************
changed: [192.168.131.10]
changed: [192.168.131.15]

PLAY RECAP **************************************************************************************************************************************************
192.168.131.10             : ok=9    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.131.15             : ok=9    changed=6    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

四、驗證客戶端上nginx是否安裝成功並啓動

[root@deploy playbook-test]# ansible web -m shell -a "ps -ef | grep nginx|grep -v grep"
192.168.131.10 | CHANGED | rc=0 >>
root      71714      1  0 01:25 ?        00:00:00 nginx: master process /opt/nginx/sbin/nginx
nginx     71715  71714  0 01:25 ?        00:00:00 nginx: worker process

192.168.131.15 | CHANGED | rc=0 >>
root      71654      1  0 01:25 ?        00:00:00 nginx: master process /opt/nginx/sbin/nginx
nginx     71655  71654  0 01:25 ?        00:00:00 nginx: worker process

五、若是咱們要增長nginx站點，可寫好對應的模板，將以前template.yml文件中的註釋打開，而後推送到vhosts目錄，重載nginx配置文件便可生效。

cat temp.conf.j2

[root@deploy templates]# cat temp.conf.j2
server
{
listen 80;
server_name {{ server_name }};
index index.html index.php;
root {{ root_dir }};
}

從新下發nginx配置配置文件，添加新的nginx站點

[root@deploy playbook-test]# ansible-playbook nginx.yml --tags=conf

PLAY [web] **************************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [192.168.131.15]
ok: [192.168.131.10]

TASK [nginx : 拷貝配置文件] ***************************************************************************************************************************************
ok: [192.168.131.10] => (item={u'dest': u'/opt/nginx/conf/nginx.conf', u'src': u'nginx.conf.j2'})
ok: [192.168.131.15] => (item={u'dest': u'/opt/nginx/conf/nginx.conf', u'src': u'nginx.conf.j2'})
changed: [192.168.131.15] => (item={u'dest': u'/opt/nginx/vhosts/temp.conf', u'src': u'temp.conf.j2'})
changed: [192.168.131.10] => (item={u'dest': u'/opt/nginx/vhosts/temp.conf', u'src': u'temp.conf.j2'})

RUNNING HANDLER [nginx : restart nginx] *********************************************************************************************************************
changed: [192.168.131.10]
changed: [192.168.131.15]

PLAY RECAP **************************************************************************************************************************************************
192.168.131.10             : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
192.168.131.15             : ok=3    changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

測試：

[root@deploy playbook-test]# ansible web -m shell -a "netstat -antlp | grep 80"
192.168.131.15 | CHANGED | rc=0 >>
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      72534/nginx: master 
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      72534/nginx: master 

192.168.131.10 | CHANGED | rc=0 >>
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      72596/nginx: master 
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      72596/nginx: master