web-nginx

使用roles部署web nginx

环境

外网IP 内网IP 主机名
10.0.0.5 172.16.1.5 lb01 (负载均衡)
10.0.0.6 172.16.1.6 lb02
10.0.0.7 172.16.1.7 web01(服务器)
10.0.0.8 172.16.1.8 web02
10.0.0.9 172.16.1.9 web03
10.0.0.31 172.16.1.31 nfs (共享存储)
10.0.0.41 172.16.1.41 backup
10.0.0.51 172.16.1.51 db01 (数据库)
10.0.0.52 172.16.1.52 db02
10.0.0.53 172.16.1.53 db03(代理机)
10.0.0.54 172.16.1.54 db04(代理机)
10.0.0.61 172.16.1.61 m01 (跳板机)
10.0.0.71 172.16.1.71 zabbix

流程分析

1.安装ansible
2.优化ansible
3.推送公钥
4.开启防火墙
5.开启80 443 873 nfs等端口和服务白名单
6.关闭selinux
7.创建同一的用户
	1.安装nginx
	2.拷贝nginx配置文件
	3.拷贝nginx虚拟主机配置
	4.启动nginx

推送公钥

1.创建密钥对
[root@m01 ~]# ssh-keygen
2.推送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

ansible优化

1.下载
[root@m01 ~]#  yum install -y ansible
2.优化
[root@m01 ~]#  vim /etc/ansible/ansible.cfg		#改为
host_key_checking = False

配置主机清单

[root@m01 ~]# vim /root/ansible/hosts 
#[]标签名任意,但是最好不要用特殊符号(- | &)和大写字母,中文(不能是nginx)
#端口是22的时候可以省略
[web_group]
172.16.1.7 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.8 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.9 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[db_group]
172.16.1.51 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.52 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.53 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.54 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[nfs_group]
172.16.1.31 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[redis_group]
172.16.1.81 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[lb_group]
172.16.1.5 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'
172.16.1.6 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[backup_group]
172.16.1.41 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[zabbix_group]
172.16.1.71 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[m01_group]
172.16.1.61 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

[mtj_group]
172.16.1.202 ansible_ssh_port=22 asible_ssh_user=root ansible_ssh_pass='1'

nginx配置文件


user  {{ ww_w }};
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

站点目录


123

nginx server


server {
	listen {{nginx_wp_port}};
	server_name {{wp_com}};
	root {{wp_site_directory}};
	index index.html index.php;
 
	location ~ \.php$ {
		fastcgi_pass   {{ php_ip_point }};
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		}
}
---------------------------------------------------------------------

server {
	listen {{nginx_zh_port}};
	server_name {{zh_com}};
	root {{zh_site_directory}};
	index index.html;
 
	location ~ \.php$ {
		fastcgi_pass   {{ php_ip_point }};
		fastcgi_index  index.php;
		fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
		include fastcgi_params;
		}
}

创建角色

[root@m01 roles]# ansible-galaxy init nginx_web

编辑tasks目录

1.安装nginx
[root@m01 nginx_web]# vim tasks/install.yml 
- name: check {{ nginx_packages_name }}
  shell: "ls /tmp/nginx-1.18.0"
  ignore_errors: yes
  register: check_nginx_packages

- name: jieya {{ nginx_packages_name }}
  unarchive:
    src: "nginx-1.18.0.tar.gz"
    dest: "{{nginx_packages_pos}}"
  when: check_nginx_packages != 0

- name: check nginx
  shell: "rpm -q nginx"
  ignore_errors: yes
  register: check_nginx

- name: Install Nginx Server
  yum:
    name:
      - "/tmp/nginx-1.18.0/nginx-1.18.0-1.el7.ngx.x86_64.rpm"
  when: check_nginx.rc != 0
2.创建www统一 的用户
[root@m01 nginx_web]# vim tasks/useradd.yml 
- name: panduan "{{ ww_w }}"
  shell: 'id {{ ww_w }}'
  ignore_errors: yes
  register: id_www

- name: Create {{ ww_w }} Group
  group:
    name: "{{ ww_w }}"
    gid: "{{ uid_gid }}"
    state: present
  when: id_www.rc != 0

- name: Create {{ ww_w }} User
  user:
    name: "{{ ww_w }}"
    uid: "{{ uid_gid }}"
    group: "{{ ww_w }}"
    shell: /sbin/nologin
    create_home: false
  when: id_www.rc != 0
3.创建站点目录
[root@m01 nginx_web]# vim tasks/dir.yml 
- name: create {{site_directory}}
  file:
    path: "{{ site_directory }}"
    state: directory
    owner: "{{ ww_w  }}"
    group: "{{ ww_w }}"
    recurse: yes
4.拷贝HTML页面
[root@m01 nginx_web]# vim tasks/html.yml 
- name: Create web index.html
  copy:
    src: "1.html"
    dest: /code/index.html
    owner: www
    group: www
    mode: 0644
[root@m01 nginx_web]# vim tasks/copy.yml 

5.拷贝配置文件
- name: copy nginx.conf
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: 0644
  with_items:
    - { src: "nginx.conf.j2",dest: "/etc/nginx/nginx.conf" }
    - { src: "default.j2",dest: "/etc/nginx/conf.d/default.conf" }
  notify:
    - "reload nginx"
6.启动nginx
[root@m01 nginx_web]# vim tasks/start.yml 
- name: start nginx
  service:
    name: nginx
    state: started
    enabled: true
7.include
[root@m01 nginx_web]# vim tasks/main.yml 
- include: install.yml
- include: useradd.yml
- include: copy.yml
- include: dir.yml
- include: html.yml
- include: start.yml
8.编辑变量
[root@m01 nginx_web]# vim vars/main.yml 
#统一的用户
ww_w: www
#uid gid
uid_gid: 666
#wordpress和wecenter端口
nginx_wp_port: 80
nginx_zh_port: 80
#站点目录
site_directory: "/code"
wp_site_directory: "/code/wordpress"
zh_site_directory: "/code/WeCenter"
#PHP所在主机ip和端口
php_ip_point: "127.0.0.1:9000"
#nginx压缩包解压后的目录名
nginx_packages_name: "nginx-1.18.0"
#nginx压缩包解压后的位置
nginx_packages_pos: "/tmp"

编辑入口文件

[root@m01 roles]# vim site.yml 
- hosts: all
  roles:
    #- { role: base }
    #- { role: rsync_client,when: ansible_fqdn is match 'web*' }
    #- { role: rsync_client,when: ansible_fqdn is match 'nfs*' }
    #- { role: rsync_server,when: ansible_fqdn is match 'backup*' }
    #- { role: nfs_server,when: ansible_fqdn is match 'nfs*' }
    #- { role: nfs_client,when: ansible_fqdn is match 'web*' }
    #- { role: mount_server,when: ansible_fqdn is match 'nfs*' }
    #- { role: mount_client,when: ansible_fqdn is match 'web*' }
    #- { role: sersync,when: ansible_fqdn is match 'web*' }
    - { role: nginx_web,when: ansible_fqdn is match 'web*' }

执行

[root@m01 roles]# ansible-playbook site.yml 


你可能感兴趣的:(web-nginx)