《云計(jì)算應(yīng)用運(yùn)維實(shí)戰(zhàn)》高職全套教學(xué)課件

云計(jì)算應(yīng)用運(yùn)維實(shí)戰(zhàn)第1章-自動(dòng)化運(yùn)維第2章-Docker搭建與運(yùn)維第3章-ELK日志分析系統(tǒng)第4章-MySQL常用操作第5章-網(wǎng)站優(yōu)化與服務(wù)器優(yōu)化第6章-Tomcat搭建配置全套可編輯PPT課件項(xiàng)目1：自動(dòng)化運(yùn)維目錄CONTENTS01Ansible的安裝0203Ansibleplaybook的使用Ansibleplaybook進(jìn)階使用本章介紹本項(xiàng)目主要介紹自動(dòng)化運(yùn)維的相關(guān)工具：Ansible與Ansibleplaybook。共分為兩個(gè)子單元。單元一介紹了Ansible的安裝與Ansibleplaybook的使用，包含了Ansibleplaybook的基本使用，循環(huán)，條件判斷以及handlers。單元二介紹了Ansiblebook進(jìn)階使用。Ansible的安裝

一、Ansible的安裝工欲善其事，必先利其器。在項(xiàng)目開發(fā)之前，對(duì)于工程師來(lái)說(shuō)，做好準(zhǔn)備工作是非常重要的環(huán)節(jié)。安裝Ansible前需要先關(guān)閉防火墻和SELinux，并修改/etc/hosts文件?！緦W(xué)習(xí)目標(biāo)】通過(guò)本節(jié)的學(xué)習(xí)，使學(xué)生主要掌握Ansibleplaybook基本的知識(shí)，培養(yǎng)學(xué)生實(shí)現(xiàn)自主進(jìn)行Ansible安裝的能力。任務(wù)實(shí)現(xiàn)步驟1：環(huán)境準(zhǔn)備，在兩臺(tái)機(jī)器上關(guān)閉防火墻和SELinux

[root@ansible-test1~]#systemctlstopfirewalld[root@ansible-test1~]#systemctldisablefirewalldRemovedsymlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.Removedsymlink/etc/systemd/system/basic.target.wants/firewalld.service.[root@ansible-test1~]#setenforce0步驟2：環(huán)境準(zhǔn)備，修改/etc/hosts文件。[root@ansible-test1~]#cat/etc/selinux/config…#disabled-NoSELinuxpolicyisloaded.SELINUX=disabled //將此處改為disabled#SELINUXTYPE=cantakeoneofthreetwovalues:…[root@ansible-test1~]#cat/etc/hostslocalhostlocalhost.localdomainlocalhost4localhost4.localdomain4::1localhostlocalhost.localdomainlocalhost6localhost6.localdomain60ansible-test1 //添加兩臺(tái)主機(jī)的IP和主機(jī)名0ansible-test2知識(shí)鏈接：所謂防火墻指的是一個(gè)由軟件和硬件設(shè)備組合而成、在內(nèi)部網(wǎng)和外部網(wǎng)之間、專用網(wǎng)與公共網(wǎng)之間的界面上構(gòu)造的保護(hù)屏障.是一種獲取安全性方法的形象說(shuō)法，它是一種計(jì)算機(jī)硬件和軟件的結(jié)合，使Internet與Intranet之間建立起一個(gè)安全網(wǎng)關(guān)（SecurityGateway），從而保護(hù)內(nèi)部網(wǎng)免受非法用戶的侵入，防火墻主要由服務(wù)訪問(wèn)規(guī)則、驗(yàn)證工具、包過(guò)濾和應(yīng)用網(wǎng)關(guān)4個(gè)部分組成，防火墻就是一個(gè)位于計(jì)算機(jī)和它所連接的網(wǎng)絡(luò)之間的軟件或硬件。該計(jì)算機(jī)流入流出的所有網(wǎng)絡(luò)通信和數(shù)據(jù)包均要經(jīng)過(guò)此防火墻。步驟3：安裝Ansible，準(zhǔn)備兩臺(tái)機(jī)器anisble-01和anisble-02，只需要在anisble-01上安裝Ansible，先安裝epel倉(cāng)庫(kù)。[root@ansible-test1~]#yuminstallepel-release-y[root@ansible-test1~]#yuminstall-yansible[root@ansible-test1~]#ansible--versionansible2.9.10 configfile=/etc/ansible/ansible.cfg configuredmodulesearchpath=[u'/root/.ansible/plugins/modules',u'/usr/share/ansible/plugins/modules'] ansiblepythonmodulelocation=/usr/lib/python2.7/site-packages/ansible executablelocation=/usr/bin/ansible pythonversion=2.7.5(default,Nov202015,02:00:19)[GCC4.8.520150623(RedHat4.8.5-4)]知識(shí)鏈接：EPEL的全稱叫ExtraPackagesforEnterpriseLinux。EPEL是由Fedora社區(qū)打造，為RHEL及衍生發(fā)行版如CentOS、ScientificLinux等提供高質(zhì)量軟件包的項(xiàng)目。裝上了EPEL之后，就相當(dāng)于添加了一個(gè)第三方源。步驟4：免密配置，anisble-01上生成密鑰對(duì)ssh-keygen-trsa，把公鑰放到anisble-02上，設(shè)置密鑰認(rèn)證。注意：需要將本機(jī)也配置免密。[root@ansible-test1~]#ssh-keygen-trsaGeneratingpublic/privatersakeypair.Enterfileinwhichtosavethekey(/root/.ssh/id_rsa):Createddirectory'/root/.ssh'.Enterpassphrase(emptyfornopassphrase):Entersamepassphraseagain:Youridentificationhasbeensavedin/root/.ssh/id_rsa.Yourpublickeyhasbeensavedin/root/.ssh/id_rsa.pub.Thekeyfingerprintis:0a:47:86:44:83:a2:7c:c3:0c:1b:33:1c:03:88:0c:09root@ansible-test1Thekey'srandomartimageis:+--[RSA2048]+|E+.o+||=Bo.o||o.O.o||.o=o||.o.S||o.||.|||||++[root@ansible-test1~]#ssh-copy-id0Theauthenticityofhost'0(0)'can'tbeestablished.ECDSAkeyfingerprintisdc:a5:08:4d:9a:40:8a:be:ee:68:dd:41:61:7d:d7:05.Areyousureyouwanttocontinueconnecting(yes/no)?yes/usr/bin/ssh-copy-id:INFO:attemptingtologinwiththenewkey(s),tofilteroutanythatarealreadyinstalled/usr/bin/ssh-copy-id:INFO:1key(s)remaintobeinstalled--ifyouarepromptednowitistoinstallthenewkeysroot@0'spassword:Numberofkey(s)added:1Nowtryloggingintothemachine,with:"ssh'0'"andchecktomakesurethatonlythekey(s)youwantedwereadded.[root@ansible-test1~]#ssh0Lastlogin:SatJul416:49:182020from[root@ansible-test2~]#登出Connectionto0closed.步驟5：主機(jī)組設(shè)置。/etc/ansible/hosts文件中添加本機(jī)和另一臺(tái)機(jī)器的IP：[root@ansible-test1~]#grep^[^#]/etc/ansible/hosts[testhost]0說(shuō)明：testhost為自定義的主機(jī)組名字，上面兩個(gè)IP為組內(nèi)的機(jī)器IP。步驟6：Ansible遠(yuǎn)程執(zhí)行命令

。這樣就可以批量執(zhí)行命令了。這里的testhost為主機(jī)組名，-m后邊是模塊名字，-a后面是命令。當(dāng)然我們也可以直接寫一個(gè)IP，針對(duì)某一臺(tái)機(jī)器來(lái)執(zhí)行命令。[root@ansible-test1~]#ansibletesthost-mcommand-a"hostname"|CHANGED|rc=0>>ansible-test10|CHANGED|rc=0>>ansible-test2[root@ansible-test1~]#ansible0-mcommand-a"hostname"0|CHANGED|rc=0>>ansible-test2步驟7：Ansible拷貝文件或目錄源目錄會(huì)放到目標(biāo)目錄下面去，如果目標(biāo)指定的目錄不存在，它會(huì)自動(dòng)創(chuàng)建。如果拷貝的是文件，如果dest指定的名字和源不同，并且它不是已經(jīng)存在的目錄，相當(dāng)于拷貝過(guò)去后又重命名。但相反，如果desc是目標(biāo)機(jī)器上已經(jīng)存在的目錄，則會(huì)直接把文件拷貝到該目錄下面。[root@ansible-test1~]#ansible0-mcopy-a"src=/etc/passwddest=/tmp/123"0|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"checksum":"8f3ebea24b1558e6207af80195aa12931d96345f","dest":"/tmp/123","gid":0,"group":"root","md5sum":"ca8f3327c9a73cb6fd96ba88ec4d18ee","mode":"0644","owner":"root","secontext":"unconfined_u:object_r:admin_home_t:s0","size":1040,"src":"/root/.ansible/tmp/ansible-tmp-1593856449.24-11462-53060923085626/source","state":"file","uid":0}這里的/tmp/123和源機(jī)器上的/etc/passwd是一致的，但如果目標(biāo)機(jī)器上已經(jīng)有/tmp/123目錄，則會(huì)再/tmp/123目錄下面建立passwd文件。步驟8：Ansible遠(yuǎn)程執(zhí)行腳本首先創(chuàng)建一個(gè)shell腳本。[root@ansible-test1~]#cat/tmp/test.sh#!/bin/bashecho`date`>/tmp/ansible_test.txt知識(shí)鏈接：shellscript是利用shell的功能所寫的一個(gè)程序，這個(gè)程序是使用純文本文件，將一些shell的語(yǔ)法與指令寫在里面，然后用正規(guī)表示法，管道命令以及數(shù)據(jù)流重導(dǎo)向等功能，以達(dá)到我們所想要的處理目的。然后把該腳本分發(fā)到各個(gè)機(jī)器上。[root@ansible-test1~]#ansibletesthost-mcopy-a"src=/tmp/test.shdest=/tmp/test.shmode=0755"0|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"checksum":"1a6e4af02dba1bda6fc8e23031d4447efeba0ade","dest":"/tmp/test.sh","gid":0,"group":"root","md5sum":"edfaa4371316af8c5ba354e708fe8a97","mode":"0755","owner":"root","secontext":"unconfined_u:object_r:admin_home_t:s0","size":48,"src":"/root/.ansible/tmp/ansible-tmp-1593856700.7-11499-220274653312920/source","state":"file","uid":0}|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"checksum":"1a6e4af02dba1bda6fc8e23031d4447efeba0ade","dest":"/tmp/test.sh","gid":0,"group":"root","mode":"0755","owner":"root","path":"/tmp/test.sh","secontext":"unconfined_u:object_r:user_tmp_t:s0","size":48,"state":"file","uid":0}最后是批量執(zhí)行該shell腳本。[root@ansible-test1~]#ansibletesthost-mshell-a"/tmp/test.sh"|CHANGED|rc=0>>0|CHANGED|rc=0>>shell模塊，還支持遠(yuǎn)程執(zhí)行命令并且?guī)Ч艿?。[root@ansible-test1~]#ansibletesthost-mshell-a"cat/etc/passwd|wc-l"|CHANGED|rc=0>>210|CHANGED|rc=0>>21[root@ansible-test1~]#cat/tmp/ansible_test.txt//2020年07月04日星期六18:00:51CST運(yùn)行成功。步驟9：Ansible管理任務(wù)計(jì)劃創(chuàng)建任務(wù)計(jì)劃，命名并定義工作。[root@ansible-test1~]#ansibletesthost-mcron-a"name='testcron'job='/bin/bash/tmp/test.sh'weekday=6"|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"envs":[],"jobs":["testcron"]}0|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"envs":[],"jobs":["testcron"]}若要?jiǎng)h除該cron只需要加一個(gè)字段state=absent。[root@ansible-test1~]#ansibletesthost-mcron-a"name='testcron'state=absent"|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"envs":[],"jobs":[]}其他的時(shí)間表示——分鐘：minute；小時(shí)：hour；日期：day；月份：month。步驟10：Ansible安裝RPM包/管理服務(wù)使用Yum模塊安裝httpd服務(wù)。[root@ansible-test1~]#ansibletesthost-myum-a"name=httpd"|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"changes":{"installed":["httpd"]},"msg":"","rc":0,"results":[……\n\nComplete!\n"]}0|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python“},"changed":true,"changes":{"installed":["httpd"]},"msg":"","rc":0,"results":[…\n\nComplete!\n"]}在name后面還可以加上state=installed/removed設(shè)置服務(wù)狀態(tài)，這里的name是CentOS系統(tǒng)里的服務(wù)名，可以通過(guò)chkconfig–list命令查到。[root@ansible-test1~]#ansibletesthost-mservice-a"name=httpdstate=startedenabled=yes"|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"enabled":true,"name":"httpd","state":"started","status":{…"WatchdogTimestampMonotonic":"0","WatchdogUSec":"0"}}0|CHANGED=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python"},"changed":true,"enabled":true,"name":"httpd","state":"started","status":{…"WatchdogUSec":"0"}}Ansible文檔的使用：[root@ansible-test1~]#ansible-doc-l //列出所有模塊fortios_router_community_listConfigurecommunitylistsinFortinet'sFortiOS...azure_rm_devtestlab_infoGetAzureDevTestLabfactsecs_taskdefinitionregisterataskdefinitioninecsavi_alertscriptconfigModuleforsetupofAlertScriptConfigAviRESTfu...tower_receiveReceiveassetsfromAnsibleTowernetapp_e_iscsi_targetNetAppE-SeriesmanageiSCSItargetconfiguratio...azure_rm_acsManageanAzureContainerService(ACS)instance…[root@ansible-test1~]#ansible-docyum //查看指定模塊的文檔>YUM(/usr/lib/python2.7/site-packages/ansible/modules/packaging/os/yum.py)

Installs,upgrade,downgrades,removes,andlistspackagesandgroupswiththe`yum'packagemanager.ThismoduleonlyworksonPython2.IfyourequirePython3supportseethe[dnf]module.

*ThismoduleismaintainedbyTheAnsibleCoreTeam*note:Thismodulehasacorrespondingactionplugin.

OPTIONS(=ismandatory):

-allow_downgradeSpecifyifthenamedpackageandversionisallowedtodowngradeamaybealreadyinstalledhigherversionofthatpackage.Notethatsettingallow_downgrade=Truecanmakethismodulebehaveinanon-idempotentway.Thetaskcouldendupwithasetofpackagesthatdoesnotmatchthecompletelistofspecifiedpackagestoinstall(becausedependenciesbetweenthedowngradedpackageandotherscancausechangesto

thepackageswhichwereintheearliertransaction).[Default:no]type:boolversion_added:2.4

ansibleplaybook中的使用35ansibleplaybook中的使用步驟1：把模塊寫入到配置文件里面。[root@ansible-test1ansible]#cat/etc/ansible/test.yml-hosts:0remote_user:roottasks:-name:test_playbookshell:touch/tmp/playbook_test.txt說(shuō)明：第一行需要有三個(gè)杠，hosts參數(shù)指定了對(duì)哪些主機(jī)進(jìn)行參作，如果是多臺(tái)機(jī)器可以用逗號(hào)作為分隔，也可以使用主機(jī)組，在/etc/ansible/hosts里定義，user參數(shù)指定了使用什么用戶登錄遠(yuǎn)程主機(jī)操作，tasks指定了一個(gè)任務(wù)，其下面的name參數(shù)同樣是對(duì)任務(wù)的描述，在執(zhí)行過(guò)程中會(huì)打印出來(lái)，shell是ansible模塊名字[root@ansible-test1ansible]#ansible-playbooktest.ymlPLAY[0]***********************************************************************************************36TASK[GatheringFacts]********************************************************************************************ok:[0]

TASK[test_playbook]**********************************************************************************************[WARNING]:Considerusingthefilemodulewithstate=touchratherthanrunning'touch'.Ifyouneedtousecommandbecausefileisinsufficientyoucanadd'warn:false'tothiscommandtaskorset'command_warnings=False'inansible.cfgtogetridofthismessage.changed:[0]PLAYRECAP********************************************************************************************************0:ok=2changed=1unreachable=0failed=0skipped=0rescued=0ignored=037步驟2：創(chuàng)建用戶。[root@ansible-test1ansible]#catcreate_user.yml-name:create_userhosts:0user:rootgather_facts:falsevars:-user:"test"tasks:-name:createuseruser:name="{{user}}"說(shuō)明：name參數(shù)對(duì)該playbook實(shí)現(xiàn)的功能做一個(gè)概述，后面執(zhí)行過(guò)程中，會(huì)打印name變量的值，可以省略；gather_facts參數(shù)指定了在以下任務(wù)部分執(zhí)行前，是否先執(zhí)行setup模塊獲取主機(jī)相關(guān)信息，這在后面的task會(huì)使用到setup獲取的信息時(shí)用到；vars參數(shù)，指定了變量，這里指字一個(gè)user變量，其值為test，需要注意的是，變量值一定38要用引號(hào)引住；user提定了調(diào)用user模塊，name是user模塊里的一個(gè)參數(shù)，而增加的用戶名字調(diào)用了上面user變量的值。[root@ansible-test1ansible]#ansible-playbookcreate_user.yml

PLAY[create_user]************************************************************************************************TASK[createuser]************************************************************************************************changed:[0]PLAYRECAP********************************************************************************************************0:ok=1changed=1unreachable=0failed=0skipped=0rescued=0ignored=039ansibleplaybook中的循環(huán)步驟1：創(chuàng)建while.yml文件[root@ansible-test1ansible]#catwhile.yml-hosts:testhostuser:roottasks:-name:changemodeforfilesfile:path=/tmp/{{item}}mode=600with_items:-1.txt-2.txt-3.txt

說(shuō)明:with_items為循環(huán)的對(duì)象40步驟2：執(zhí)行while.yml。[root@ansible-test1ansible]#ansible-playbookwhile.ymlPLAY[testhost]***************************************************************************************************TASK[GatheringFacts]********************************************************************************************ok:[]ok:[0]TASK[changemodeforfiles]**************************************************************************************ok:[]=>(item=1.txt)changed:[0]=>(item=1.txt)ok:[]=>(item=2.txt)changed:[0]=>(item=2.txt)41ok:[]=>(item=3.txt)changed:[0]=>(item=3.txt)PLAYRECAP********************************************************************************************************:ok=2changed=0unreachable=0failed=0skipped=0rescued=0ignored=00:ok=2changed=1unreachable=0failed=0skipped=0rescued=0ignored=042ansibleplaybook中的條件判斷步驟1：創(chuàng)建when.yml文件[root@ansible-test1ansible]#catwhen.yml-hosts:testhostuser:rootgather_facts:Truetasks:-name:usewhenshell:touch/tmp/when.txtwhen:ansible_eno16777736.ipv4.address=="0"說(shuō)明：ansibleanisble-02-msetup可以查看到所有的facter信息43知識(shí)鏈接：YML文件格式是YAML(YAMLAintMarkupLanguage)編寫的文件格式，YAML是一種直觀的能夠被電腦識(shí)別的的數(shù)據(jù)數(shù)據(jù)序列化格式，并且容易被人類閱讀，容易和腳本語(yǔ)言交互的，可以被支持YAML庫(kù)的不同的編程語(yǔ)言程序?qū)?，比如：C/C++,Ruby,Python,Java,Perl,C#,PHP等。44步驟2：執(zhí)行when.yml文件[root@ansible-test1ansible]#ansible-playbookwhen.yml

PLAY[testhost]***************************************************************************************************

TASK[GatheringFacts]********************************************************************************************ok:[]ok:[0]

TASK[usewhen]***************************************************************************************************45skipping:[][WARNING]:Considerusingthefilemodulewithstate=touchratherthanrunning'touch'.Ifyouneedtousecommandbecausefileisinsufficientyoucanadd'warn:false'tothiscommandtaskorset'command_warnings=False'inansible.cfgtogetridofthismessage.changed:[0]

PLAYRECAP********************************************************************************************************:ok=1changed=0unreachable=0failed=0skipped=1rescued=0ignored=00:ok=2changed=1unreachable=0failed=0skipped=0rescued=0ignored=046ansibleplaybook中的handlers步驟1：創(chuàng)建handlers.yml。執(zhí)行task之后，服務(wù)器發(fā)生變化之后要執(zhí)行的一些操作，比如我們修改了配置文件后，需要重啟一下服務(wù)，創(chuàng)建handlers.yml文件加入如下內(nèi)容[root@ansible-test1ansible]#cathandlers.yml-name:handlerstesthosts:0user:roottasks:-name:copyfilecopy:src=/etc/passwddest=/tmp/aaa.txtnotify:testhandlers47handlers:-name:testhandlersshell:echo"111111">>/tmp/aaa.txt說(shuō)明，只有copy模塊真正執(zhí)行后，才會(huì)去調(diào)用下面的handlers相關(guān)的操作。也就是說(shuō)如果1.txt和2.txt

內(nèi)容是一樣的，并不會(huì)去執(zhí)行handlers里面的shell相關(guān)命令。這種比較適合配置文件發(fā)生更改后，重啟服務(wù)的操作。[root@ansible-test1ansible]#ansible-playbookhandlers.yml

PLAY[handlerstest]**********************************************************************************************

TASK[GatheringFacts]********************************************************************************************ok:[0]

48TASK[copyfile]**************************************************************************************************changed:[0]

RUNNINGHANDLER[testhandlers]***********************************************************************************changed:[0]

PLAYRECAP********************************************************************************************************0:ok=3changed=2unreachable=0failed=0skipped=0rescued=0ignored=0

請(qǐng)確認(rèn)具體所指的內(nèi)容

Ansibleplaybook進(jìn)階使用一、Ansibleplaybook進(jìn)階使用本單元主要是進(jìn)行學(xué)習(xí)Ansibleplaybook進(jìn)階使用，主要包括ansible自動(dòng)化安裝nginx以及管理配置文件，創(chuàng)建Django工程文件為下面的開發(fā)做準(zhǔn)備?！緦W(xué)習(xí)目標(biāo)】通過(guò)本單元的學(xué)習(xí)，使學(xué)生主要掌握Ansibleplaybook進(jìn)階知識(shí)，培養(yǎng)學(xué)生實(shí)現(xiàn)增加IT運(yùn)維的質(zhì)量，降低成本的能力。ansible自動(dòng)化安裝nginx步驟1：編譯安裝nginx步驟1-1：使用wget下載nginx包，下載地址：/nginx/nginx-1.9.6.tar.gz步驟1-2：解壓下載的nginx包./configure--prefix=/usr/local/nginxmake&&makeinstall步驟1-3：編寫/etc/init.d/nginx文件內(nèi)容如下：#!/bin/bash#chkconfig:-3021#description:httpservice.#SourceFunctionLibrary./etc/init.d/functions#NginxSettingsNGINX_SBIN="/usr/local/nginx/sbin/nginx"NGINX_CONF="/usr/local/nginx/conf/nginx.conf"NGINX_PID="/usx/local/nginx/logs/nginx.pid"RETVAL=0prog="Nginx"start(){echo-n$"Starting$prog:"mkdir-p/dev/shm/nginx_tempdaemon$NGINX_SBIN-c$NGINX_CONFRETVAL=$?echoreturn$RETVAL}stop(){echo-n$"Stopping$prog:"killproc-p$NGINX_PID$NGINX_SBIN–TERMrm-rf/dev/shm/nginx_temp

RETVAL=$?echoreturn$RETVAL}reload(){echo-n$"Reloading$prog:"killproc-p$NGINX_PID$NGINX_SBIN-HUPRETVAL=$?echoreturn$RETVAL}restart(){stopstart}configtest(){$NGINX_SBIN-c$NGINX_CONF-treturn0}case"$1"instart)start;;stop)stop;;reload)reload;;restart)restart;;configtest)configtest;;*)echo$"Usage:$0{start|stop|reload|restart|configtest}"RETVAL=1esacexit$RETVAL步驟1-4：清空配置文件并重新編寫#>/usr/local/nginx/conf/nginx.conf內(nèi)容如下：usernobodynobody; //定義nginx運(yùn)行的用戶和用戶組worker_processes2; //nginx進(jìn)程數(shù)，一般為CPU總核心數(shù)error_log/usr/local/nginx/logs/nginx_error.logcrit; //全局錯(cuò)誤日志定義類型pid/usr/local/nginx/logs/nginx.pid; //進(jìn)程文件worker_rlimit_nofile51200;events //工作模式與連接數(shù)上限{useepoll;worker_connections6000;}http //http下的一些配置{includemime.types; //文件擴(kuò)展名與文件類型映射表default_typeapplication/octet-stream; //默認(rèn)文件類型server_names_hash_bucket_size3526;server_names_hash_max_size4096;log_formatcombined_realip'$remote_addr$http_x_forwarded_for[$time_local]''$host"$request_uri"$status''"$http_referer""$http_user_agent"';sendfileon; //開啟高效文件傳輸模式tcp_nopushon; //防止網(wǎng)絡(luò)阻塞keepalive_timeout30; //長(zhǎng)連接超時(shí)時(shí)間，單位為秒client_header_timeout3m;client_body_timeout3m;send_timeout3m;connection_pool_size256;client_header_buffer_size1k;large_client_header_buffers84k;request_pool_size4k;output_buffers432k;postpone_output1460;client_max_body_size10m;client_body_buffer_size256k;client_body_temp_path/usr/local/nginx/client_body_temp;proxy_temp_path/usr/local/nginx/proxy_temp;fastcgi_temp_path/usr/local/nginx/fastcgi_temp;fastcgi_intercept_errorson;tcp_nodelayon; //防止網(wǎng)絡(luò)阻塞gzipon; //開啟gzip壓縮輸出gzip_min_length1k;gzip_buffers48k;gzip_comp_level5;gzip_http_version1.1;gzip_typestext/plainapplication/x-javascripttext/csstext/htmapplication/xml;server //虛擬主機(jī)配置{listen80;server_namelocalhost;indexindex.htmlindex.htmindex.php;root/usr/local/nginx/html;location~\.php$步驟2：環(huán)境準(zhǔn)備步驟2-1：將nginx.tar.gz復(fù)制到/etc/ansible/nginx_install/roles/install/files下啟動(dòng)腳本和配置文件都放到/etc/ansible/nginx_install/roles/install/template下#mvnginx.tar.gz/etc/ansible/nginx_install/roles/install/files/#cpnginx/conf/nginx.conf/etc/ansible/nginx_install/roles/install/templates/#cp/etc/init.d/nginx/etc/ansible/nginx_install/roles/install/templates/步驟2-2：編寫需要的yml文件[root@ansible2nginx_install]#catinstall.yml-hosts:01 //入口文件remote_user:rootgather_facts:Trueroles:-common-install[root@ansible2nginx_install]#catroles/common/tasks/main.yml-name:installinitializationrequiresoftware//安裝需要的依賴yum:name={{item}}state=installedwith_items: -zlib-devel-pcre-devel-gcc[root@ansible2nginx_install]#catroles/install/vars/main.ymlnginx_user:www //定義所需變量nginx_port:80nginx_basedir:/usr/local/nginx[root@ansible2nginx_install]#catroles/install/tasks/copy.yml-name:CopyNginxSoftware //復(fù)制壓縮包c(diǎn)opy:src=nginx.tar.gzdest=/tmp/nginx.tar.gzowner=rootgroup=root-name:UncompressionNginxSoftware //解壓壓縮包shell:tarzxf/tmp/nginx.tar.gz-C/usr/local/-name:CopyNginxStartScript //復(fù)制啟動(dòng)腳本template:src=nginxdest=/etc/init.d/nginxowner=rootgroup=rootmode=0755-name:CopyNginxConfig //復(fù)制nginx配置文件template:src=nginx.confdest={{nginx_basedir}}/conf/owner=rootgroup=rootmode=0644[root@ansible2nginx_install]#catroles/install/tasks/install.yml-name:createnginxuser //創(chuàng)建用戶user:name={{nginx_user}}state=presentcreatehome=noshell=/sbin/nologin-name:startnginxservice //開啟服務(wù)shell:/etc/init.d/nginxstart-name:addbootstartnginxservice //加入開機(jī)啟動(dòng)shell:chkconfig--level345nginxon-name:deletenginxcompressionfiles //刪除壓縮包shell:rm-rf/tmp/nginx.tar.gz[root@ansible2nginx_install]#catroles/install/tasks/main.yml-include:copy.yml //調(diào)用copy.yml和install.yml-include:install.yml步驟3：執(zhí)行文件運(yùn)行install.yml文件#ansible-playbook/etc/ansible/nginx_install/install.yml注：要檢查遠(yuǎn)程機(jī)器存在端口占用，及時(shí)卸載。結(jié)果如下：[root@ansible-01~]#ansible-playbook/etc/ansible/nginx_install/install.yml

PLAY[1]****************************************************************************************************

TASK[GatheringFacts]*************************************************************************************************ok:[1]

TASK[common:installinitializtionrequresoftware]******************************************************************[DEPRECATIONWARNING]:Invoking"yum"onlyoncewhileusingaloopviasquash_actionsisdeprecated.Insteadofusingalooptosupplymultipleitemsandspecifying`name:"{{item}}"`,pleaseuse`name:['zlib-devel','pcre-devel']`andremovetheloop.Thisfeaturewillberemovedinversion2.11.Deprecationwarningscanbedisabledbysettingdeprecation_warnings=Falseinansible.cfg.ok:[1]=>(item=[u'zlib-devel',u'pcre-devel'])TASK[install:CopyNginxSoftware]***********************************************************************************changed:[1]TASK[install:UncompressionNginxSoftware]**************************************************************************[WARNING]:Considerusingtheunarchivemoduleratherthanrunning'tar'.Ifyouneedtousecommandbecauseunarchiveisinsufficientyoucanadd'warn:false'tothiscommandtaskorset'command_warnings=False'inansible.cfgtogetridofthismessage.changed:[1]TASK[install:CopyNginxStartScript]*******************************************************************************ok:[1]

TASK[install:CopyNginxConfig]*************************************************************************************ok:[1]

TASK[install:CreateNginxUser]*************************************************************************************ok:[1]TASK[install:StartNginxService]***********************************************************************************changed:[1]

TASK[install:AddBootstartNginxservice]**************************************************************************changed:[1]

TASK[install:DeleteNginxcompressionfiles]************************************************************************[WARNING]:Considerusingthefilemodulewithstate=absentratherthanrunning'rm'.Ifyouneedtousecommandbecausefileisinsufficientyoucanadd'warn:false'tothiscommandtaskorset'command_warnings=False'inansible.cfgtogetridofthismessage.changed:[1]

PLAYRECAP*************************************************************************************************************1:ok=10changed=5unreachable=0failed=0skipped=0rescued=0ignored=0管理配置文件步驟1：管理nginx配置文件的playbook編寫。[root@ansible2nginx_config]#cat/etc/ansible/nginx_config/roles/new/handlers/main.yml-name:restartnginx //用于重新加載nginx服務(wù)shell:/etc/init.d/nginxreload[root@ansible2nginx_config]#cat/etc/ansible/nginx_config/roles/new/tasks/main.yml-name:copyconffile //復(fù)制.conf和hosts文件copy:src={{item.src}}dest={{nginx_basedir}}/{{item.dest}}backup=yesowner=rootgroup=rootmode=0644with_items:-{src:nginx.conf,dest:conf/nginx.conf}-{src:vhosts,dest:conf/}notify:restartnginx[root@ansible2nginx_config]#cat/etc/ansible/nginx_config/roles/new/vars/main.ymlnginx_basedir:/usr/local/nginx //定義變量[root@ansible2nginx_config]#catupdate.yml-hosts:01 //入口文件user:rootroles:-new //這里只有newold目錄中的yml文件與new目錄中的相同，files中的配置文件不同。其中new為更新時(shí)用到的，old為回滾時(shí)用到的，files下面為nginx.conf和vhosts目錄，handlers為重啟nginx服務(wù)的命令在執(zhí)行update.yml前，應(yīng)備份當(dāng)前配置文件，當(dāng)執(zhí)行之后發(fā)現(xiàn)錯(cuò)誤，則進(jìn)行回滾操作。關(guān)于回滾，需要在執(zhí)行playbook之前先備份一下舊的配置，所以對(duì)于老配置文件的管理一定要嚴(yán)格，千萬(wàn)不能隨便去修改線上機(jī)器的配置，并且要保證new/files下面的配置和線上的配置一致，命令如下：#rsync-av/etc/ansibl