【实验需求】

1
对 webservers 组部署 nginx1.18

【实验步骤】

1、准备相关目录及文件

1
2
3
4
5
[root@control ~]# mkdir /data/ansible/files/nginx/
[root@control ~]# ls /data/ansible/files/nginx/
nginx-1.18.0.tar.gz

[root@control ~]# mkdir -p /etc/ansible/templates

2、准备playbook剧本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
[root@control ~]# vim /etc/ansible/nginx_install.yml
- hosts: webservers
# 编译安装nginx 1.18版本
  vars:
    PackageDir: "/data/ansible/files/nginx"
    PackageName: "nginx-1.18.0"
    SUFFIX: '.tar.gz'
    PACKAGE_INSTALL_DIR: "/apps/nginx"
    PIDFileDIR: "/apps/nginx/run"

  tasks:
    - name: install packages
      yum:
        name:
          - gcc
          - pcre-devel
          - openssl-devel
          - zlib-devel
          - wget
          - make

    - name: create user
      user:
        name: nginx
        uid: 80
        shell: /sbin/nologin
        system: yes
        create_home: no

    - name: create install dir
      file:
        path: "{{ PACKAGE_INSTALL_DIR }}"
        state: directory

    - name: copy file to remote host
      unarchive:
        src: "{{ PackageDir }}/{{ PackageName }}{{ SUFFIX }}"
        dest: "/usr/local/src"

    - name: built install nginx
      shell: ./configure --prefix={{ PACKAGE_INSTALL_DIR }} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module && make -j {{ ansible_processor_vcpus }} && make install
      args:
        chdir: /usr/local/src/{{ PackageName }}

    - name: create PID file directory
      file:
        path: "{{ PIDFileDIR }}"
        state: directory

    - name: modify file owner
      file:
        path: "{{ PACKAGE_INSTALL_DIR }}"
        owner: nginx
        group: nginx
        recurse: yes

    - name: create link file
      file:
        src: "{{ PACKAGE_INSTALL_DIR }}/sbin/nginx"
        dest: /usr/sbin/nginx
        state: link

    - name: modify nginx user and group
      replace:
        path: "{{ PACKAGE_INSTALL_DIR }}/conf/nginx.conf"
        regexp: '^#(user.*)'
        replace: 'user nginx nginx;'
        backup: yes
    
    - name: modify work_processes
      lineinfile:
        path: "{{ PACKAGE_INSTALL_DIR }}/conf/nginx.conf"
        regexp: '^worker_processes'
        line: "worker_processes {{ ansible_processor_vcpus }};"

    - name: modify PID path
      lineinfile:
        path: "{{ PACKAGE_INSTALL_DIR }}/conf/nginx.conf"
        regexp: '^#(pid.*)'
        line: "pid {{ PIDFileDIR }}/nginx.pid;"

    - name: prepare nginx service startup file
      template:
        src: nginx.service.j2
        dest: /usr/lib/systemd/system/nginx.service

    - name: start nginx service
      service:
        name: nginx
        state: started
        enabled: yes

2、准备jinja2模版

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@control ~]# vim /etc/ansible/templates/nginx.service.j2
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile={{ PIDFileDIR }}/nginx.pid
ExecStartPre=/usr/bin/rm -f {{ PIDFileDIR }}/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target