使用roles部署web nginx
环境
| 外网IP |
内网IP |
主机名 |
| 10.0.0.5 |
172.16.1.5 |
lb01 (负载均衡) |
| 10.0.0.6 |
172.16.1.6 |
lb02 |
| 10.0.0.7 |
172.16.1.7 |
web01(服务器) |
| 10.0.0.8 |
172.16.1.8 |
web02 |
| 10.0.0.9 |
172.16.1.9 |
web03 |
| 10.0.0.31 |
172.16.1.31 |
nfs (共享存储) |
| 10.0.0.41 |
172.16.1.41 |
backup |
| 10.0.0.51 |
172.16.1.51 |
db01 (数据库) |
| 10.0.0.52 |
172.16.1.52 |
db02 |
| 10.0.0.53 |
172.16.1.53 |
db03(代理机) |
| 10.0.0.54 |
172.16.1.54 |
db04(代理机) |
| 10.0.0.61 |
172.16.1.61 |
m01 (跳板机) |
| 10.0.0.71 |
172.16.1.71 |
zabbix |
流程分析
1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
1.安装nginx
2.拷贝nginx配置文件
3.拷贝nginx虚拟主机配置
4.启动nginx
推送公钥
1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.5
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.6
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.7
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.8
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.9
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.31
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.41
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.51
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.52
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.53
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.54
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.61
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.71
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@172.16.1.81
ansible优化
1.下载
[root@m01 ~]# yum install -y ansible
2.优化
[root@m01 ~]# vim /etc/ansible/ansible.cfg #改为
host_key_checking = False
配置主机清单
[root@m01 ~]# vim /root/ansible/hosts
#[]标签名任意,但是最好不要用特殊符号(- | &)和大写字母,中文(不能是nginx)
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
nginx配置文件
user {{ ww_w }};
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
站点目录
123
nginx server
server {
listen {{nginx_wp_port}};
server_name {{wp_com}};
root {{wp_site_directory}};
index index.html index.php;
location ~ \.php$ {
fastcgi_pass {{ php_ip_point }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
---------------------------------------------------------------------
server {
listen {{nginx_zh_port}};
server_name {{zh_com}};
root {{zh_site_directory}};
index index.html;
location ~ \.php$ {
fastcgi_pass {{ php_ip_point }};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
创建角色
[root@m01 roles]# ansible-galaxy init nginx_web
编辑tasks目录
1.安装nginx
[root@m01 nginx_web]# vim tasks/install.yml
- name: check {{ nginx_packages_name }}
shell: "ls /tmp/nginx-1.18.0"
ignore_errors: yes
register: check_nginx_packages
- name: jieya {{ nginx_packages_name }}
unarchive:
src: "nginx-1.18.0.tar.gz"
dest: "{{nginx_packages_pos}}"
when: check_nginx_packages != 0
- name: check nginx
shell: "rpm -q nginx"
ignore_errors: yes
register: check_nginx
- name: Install Nginx Server
yum:
name:
- "/tmp/nginx-1.18.0/nginx-1.18.0-1.el7.ngx.x86_64.rpm"
when: check_nginx.rc != 0
2.创建www统一 的用户
[root@m01 nginx_web]# vim tasks/useradd.yml
- name: panduan "{{ ww_w }}"
shell: 'id {{ ww_w }}'
ignore_errors: yes
register: id_www
- name: Create {{ ww_w }} Group
group:
name: "{{ ww_w }}"
gid: "{{ uid_gid }}"
state: present
when: id_www.rc != 0
- name: Create {{ ww_w }} User
user:
name: "{{ ww_w }}"
uid: "{{ uid_gid }}"
group: "{{ ww_w }}"
shell: /sbin/nologin
create_home: false
when: id_www.rc != 0
3.创建站点目录
[root@m01 nginx_web]# vim tasks/dir.yml
- name: create {{site_directory}}
file:
path: "{{ site_directory }}"
state: directory
owner: "{{ ww_w }}"
group: "{{ ww_w }}"
recurse: yes
4.拷贝HTML页面
[root@m01 nginx_web]# vim tasks/html.yml
- name: Create web index.html
copy:
src: "1.html"
dest: /code/index.html
owner: www
group: www
mode: 0644
[root@m01 nginx_web]# vim tasks/copy.yml
5.拷贝配置文件
- name: copy nginx.conf
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0644
with_items:
- { src: "nginx.conf.j2",dest: "/etc/nginx/nginx.conf" }
- { src: "default.j2",dest: "/etc/nginx/conf.d/default.conf" }
notify:
- "reload nginx"
6.启动nginx
[root@m01 nginx_web]# vim tasks/start.yml
- name: start nginx
service:
name: nginx
state: started
enabled: true
7.include
[root@m01 nginx_web]# vim tasks/main.yml
- include: install.yml
- include: useradd.yml
- include: copy.yml
- include: dir.yml
- include: html.yml
- include: start.yml
8.编辑变量
[root@m01 nginx_web]# vim vars/main.yml
#统一的用户
ww_w: www
#uid gid
uid_gid: 666
#wordpress和wecenter端口
nginx_wp_port: 80
nginx_zh_port: 80
#站点目录
site_directory: "/code"
wp_site_directory: "/code/wordpress"
zh_site_directory: "/code/WeCenter"
#PHP所在主机ip和端口
php_ip_point: "127.0.0.1:9000"
#nginx压缩包解压后的目录名
nginx_packages_name: "nginx-1.18.0"
#nginx压缩包解压后的位置
nginx_packages_pos: "/tmp"
编辑入口文件
[root@m01 roles]# vim site.yml
- hosts: all
roles:
#- { role: base }
#- { role: rsync_client,when: ansible_fqdn is match 'web*' }
#- { role: rsync_client,when: ansible_fqdn is match 'nfs*' }
#- { role: rsync_server,when: ansible_fqdn is match 'backup*' }
#- { role: nfs_server,when: ansible_fqdn is match 'nfs*' }
#- { role: nfs_client,when: ansible_fqdn is match 'web*' }
#- { role: mount_server,when: ansible_fqdn is match 'nfs*' }
#- { role: mount_client,when: ansible_fqdn is match 'web*' }
#- { role: sersync,when: ansible_fqdn is match 'web*' }
- { role: nginx_web,when: ansible_fqdn is match 'web*' }
执行
[root@m01 roles]# ansible-playbook site.yml
