$ tree
.
├── add_authorized_key.yml
├── ansible-deploy.pem
├── ansible-deploy.pub
├── etc
│ └── ansible
│ └── hosts
└── mysite.yml
$ mkdir -p roles && cd roles && ansible-galaxy init nginx && cd - && tree .
- nginx was created successfully
.
├── add_authorized_key.yml
├── ansible-deploy.pem
├── ansible-deploy.pub
├── etc
│ └── ansible
│ └── hosts
├── roles
│ └── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ └── vars
│ └── main.yml
└── mysite.yml
11 directories, 11 files
開始撰寫 mysite.yml 跟 nginx 相關資料:
$ cat mysite.yml
---
- hosts: mysite
remote_user: ubuntu
sudo: yes
roles:
- nginx
tasks:
- name: ubuntu system upgrade
apt: upgrade=dist
$ ansible-playbook mysite.yml -i etc/ansible/hosts --private-key=ansible-deploy.pem
PLAY [mysite] **************************************************
GATHERING FACTS ***************************************************************
ok: [XX.XX.XX.XX]
TASK: [ubuntu system upgrade] *************************************************
ok: [XX.XX.XX.XX]
PLAY RECAP ********************************************************************
XX.XX.XX.XX : ok=2 changed=0 unreachable=0 failed=0
代表目標機器已經更新好系統了,而剛剛添加的 roles/nginx 目前還是個空殼所以沒有任何動作。
接著要研究一下 Nginx 官方安裝位置:http://nginx.org/packages 和 http://nginx.org/en/linux_packages.html 對照表。此例需要添加官方 repo 的原始指令方式:
$ vim /etc/apt/sources.list
deb http://nginx.org/packages/ubuntu/ trusty nginx
deb-src http://nginx.org/packages/ubuntu/ trusty nginx
指令方式:
$ echo "deb http://nginx.org/packages/ubuntu/ trusty nginx" | sudo tee -a /etc/apt/sources.list
$ echo "deb-src http://nginx.org/packages/ubuntu/ trusty nginx" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
而在 ansible 則是透過:
- name: Add Nginx Official Repo - deb
apt_repository: repo='deb http://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx' state=present
- name: Add Nginx Official Repo - deb-src
apt_repository: repo='deb-src http://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx' state=present
# http://docs.ansible.com/ansible/apt_key_module.html
- name: Add Nginx Official Repo - package signing key
apt_key: url=http://nginx.org/packages/keys/nginx_signing.key state=present
#- name: Add Nginx Official Repo - ppa:nginx/stable
# apt_repository: repo='ppa:nginx/stable'
- name: Update cache
apt: update_cache=yes
- name: Install Nginx
apt:
pkg: nginx
state: installed
到現在為止,整個 nginx role 的安裝設定:
$ tree .
.
├── defaults
│ └── main.yml
├── files
├── handlers
│ └── main.yml
├── meta
│ └── main.yml
├── README.md
├── tasks
│ ├── main.yml
│ └── task-Ubuntu.yml
├── templates
└── vars
└── main.yml
7 directories, 7 files
$ cat tasks/main.yml
---
# tasks file for nginx
- include: task-Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
$ cat tasks/task-Ubuntu.yml
---
# http://docs.ansible.com/ansible/apt_repository_module.html
- name: Add Nginx Official Repo - deb
apt_repository: repo='deb http://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx' state=present
- name: Add Nginx Official Repo - deb-src
apt_repository: repo='deb-src http://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx' state=present
# http://docs.ansible.com/ansible/apt_key_module.html
# $ curl -s 'http://nginx.org/packages/keys/nginx_signing.key' | sudo apt-key add -
- name: Add Nginx Official Repo - package signing key
apt_key: url=http://nginx.org/packages/keys/nginx_signing.key state=present
#- name: Add Nginx Official Repo - ppa:nginx/stable
# apt_repository: repo='ppa:nginx/stable'
- name: Update cache
apt: update_cache=yes
- name: Install Nginx
apt:
pkg: nginx
state: installed
其中 ansible_distribution_release, ansible_distribution 環境變數,可以透過 ansible -i host mysite -m setup 得知。接著再次執行 ansible-playbook ,過程就會安裝 nginx 啦(changed=4 都落在 nginx role 動作) :
$ ansible-playbook mysite.yml -i etc/ansible/hosts --private-key=ansible-deploy.pem
PLAY [mysite] **************************************************
GATHERING FACTS ***************************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb] *********************************
changed: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb-src] *****************************
changed: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - package signing key] *****************
changed: [XX.XX.XX.XX]
TASK: [nginx | Update cache] **************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Install Nginx] *************************************************
changed: [XX.XX.XX.XX]
TASK: [ubuntu system upgrade] *************************************************
ok: [XX.XX.XX.XX]
PLAY RECAP ********************************************************************
XX.XX.XX.XX : ok=7 changed=4 unreachable=0 failed=0
最後要客製化 Nginx 的話,就變成要改寫設定檔了,改寫設定檔前,當然要來個設定檔測試,這時規劃在 roles/nginx/handlers/main.yml 設定一些事件處理:
$ cat handlers/main.yml
---
# handlers file for nginx
- name: set nginx auto start
service: name=nginx state=started enabled=yes
- name: restart nginx
service: name=nginx state=restarted
- name: test nginx config
shell: service nginx configtest
register: result
changed_when: "result.rc != 0"
always_run: yes
接著回到 mysite.yml 設定檔,可以添加:
- hosts: mysite
remote_user: ubuntu
sudo: yes
roles:
- nginx
tasks:
- name: ubuntu system upgrade
apt: upgrade=dist update_cache=yes
- name: ensure nginx auto start
service: name=nginx state=started enabled=yes
- name: test webserver configure files
always_run: yes
shell: date
notify: test nginx config
如此一來,除了安裝 nginx 、更新系統外,還會多了測試 nginx configure files:
$ ansible-playbook mysite.yml -i etc/ansible/hosts --private-key=ansible-deploy.pem
PLAY [mysite] **************************************************
GATHERING FACTS ***************************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb] *********************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb-src] *****************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - package signing key] *****************
ok: [XX.XX.XX.XX]
TASK: [nginx | Update cache] **************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Install Nginx] *************************************************
ok: [XX.XX.XX.XX]
TASK: [ubuntu system upgrade] *************************************************
ok: [XX.XX.XX.XX]
TASK: [ensure nginx auto start] ***********************************************
ok: [XX.XX.XX.XX]
TASK: [test webserver configure files] ****************************************
changed: [XX.XX.XX.XX]
NOTIFIED: [nginx | test nginx config] *****************************************
ok: [XX.XX.XX.XX]
PLAY RECAP ********************************************************************
XX.XX.XX.XX : ok=10 changed=1 unreachable=0 failed=0
這邊發動測試 nginx 測試檔是綁定在一個 date 指令上,因為 date 每次結果都不一樣,將導致永遠都是 changed=1 結果。以上就完成了建立一個 role 並且納入使用的方式。
接著試試設定的部分吧!把一些設定檔那來做模板(templates),未來可以透過引入 nginx role 時,搭配指定參數後,即可產生客製化的設定檔:
先將機器上的 nginx 設定檔搬到 roles/nginx/templates 中,且檔案結尾改成 .j2 ,這是因為 ansible template 採用 Jinja2 方案。
$ scp -r -i ansible-deploy.pem ubuntu@XX.XX.XX.XX:/etc/nginx/conf.d roles/nginx/templates/
$ cp roles/nginx/templates/conf.d/default.conf roles/nginx/templates/default.conf.j2
$ tree roles/nginx/templates/
roles/nginx/templates/
├── conf.d
│ ├── default.conf
│ └── example_ssl.conf
└── default.conf.j2
之後就是把機器上的 default.conf 覆蓋掉或是刪掉並搭配新增一則 mysite.conf 來啟用 nginx 了,在此先沿用覆蓋方式。
接著在 mysite.yml 或是 roles/nginx/task/task-Ubuntu.yml 中,就可以引入從 template 取得資料來蓋掉系統檔案,若在 mysite.yml 中:
- name: Update Nginx configure files
template: src=roles/nginx/templates/default.conf.j2 dest=/etc/nginx/conf.d/default.conf
在 roles/nginx/task/task-Ubuntu.yml:
- name: Update Nginx configure files
template: src=default.conf.j2 dest=/etc/nginx/conf.d/default.conf
通常都會寫在 roles/nginx/task/main.yml 為多,而上述是因為有偵測系統狀況決定 nginx 設定檔位置,因此我一樣寫在 task-Ubuntu.yml 中。接下來可以朝改寫 default.conf.j2 內變數地用法,將一些常見數值改成變動的,並且在 roles/nginx/defaults/main.yml 定義好,如此一來,在 mysite.yml 引用 roles nginx 時,也就可達成動態變動的方式。
例如:
$ tree .
.
├── ansible-deploy.pem
├── ansible-deploy.pub
├── etc
│ └── ansible
│ └── hosts
├── roles
│ └── nginx
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ ├── main.yml
│ │ └── task-Ubuntu.yml
│ ├── templates
│ │ ├── conf.d
│ │ │ ├── default.conf
│ │ │ └── example_ssl.conf
│ │ └── default.conf.j2
│ └── vars
│ └── main.yml
└── mysite.yml
$ cat roles/nginx/templates/default.conf.j2
server {
listen {{ nginx_listen }};
server_name {{ nginx_server_name }};
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
root {{ nginx_document_root }};
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
提供了 nginx_listen、nginx_server_name 和 nginx_document_root 三個變數,並且定義預設數值:
$ cat roles/nginx/defaults/main.yml
---
# defaults file for nginx
nginx_listen: 80
nginx_server_name: localhost
nginx_document_root: /usr/share/nginx/html
如此一來,在 mysite.yml 中,引入 roles 可以改成:
$ cat mysite.yml
---
- hosts: mysite
remote_user: ubuntu
sudo: yes
roles:
- { role: 'nginx', nginx_listen: 8080 }
tasks:
- name: ubuntu system upgrade
apt: upgrade=dist update_cache=yes
- name: test webserver configure files
always_run: yes
shell: date
notify: test nginx config
- name: reload webserver configure files
always_run: yes
shell: date
notify: restart nginx
透過 ansible-playbook mysite.yml 後,可以去該 server:/etc/nginx/conf.d/default.conf 觀看到數值啦
$ ansible-playbook mysite.yml -i etc/ansible/hosts --private-key=ansible-deploy.pem
PLAY [mysite] **************************************************
GATHERING FACTS ***************************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb] *********************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - deb-src] *****************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Add Nginx Official Repo - package signing key] *****************
ok: [XX.XX.XX.XX]
TASK: [nginx | Update cache] **************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Install Nginx] *************************************************
ok: [XX.XX.XX.XX]
TASK: [nginx | Update Nginx configure files] **********************************
ok: [XX.XX.XX.XX]
TASK: [ubuntu system upgrade] *************************************************
ok: [XX.XX.XX.XX]
TASK: [ensure nginx auto start] ***********************************************
ok: [XX.XX.XX.XX]
TASK: [test webserver configure files] ****************************************
changed: [XX.XX.XX.XX]
TASK: [reload webserver configure files] **************************************
changed: [XX.XX.XX.XX]
NOTIFIED: [nginx | restart nginx] *********************************************
changed: [XX.XX.XX.XX]
NOTIFIED: [nginx | test nginx config] *****************************************
ok: [XX.XX.XX.XX]
PLAY RECAP ********************************************************************
XX.XX.XX.XX : ok=13 changed=3 unreachable=0 failed=0
沒有留言:
張貼留言