利用Ansible部署HTTPS服务和Nginx
详细步骤
1. 利用Ansible部署HTTPS服务
步骤说明:
利用Ansible在CentOS主机上部署HTTPS服务。假设你已经有一个主机清单文件hosts,并且在其中定义了目标主机。具体操作如下:
示例步骤:
创建Ansible任务文件 install_https.yml
---
- hosts: all
become: yes
tasks:
- name: 安装httpd和mod_ssl
yum:
name:
- httpd
- mod_ssl
state: present
- name: 启动并启用httpd服务
systemd:
name: httpd
state: started
enabled: yes
- name: 创建自签名证书
command: openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=example.com" -keyout /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.crt
- name: 配置HTTPS虚拟主机
copy:
dest: /etc/httpd/conf.d/ssl.conf
content: |
<VirtualHost *:443>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html"
ServerName www.example.com
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/localhost.crt"
SSLCertificateKeyFile "/etc/pki/tls/private/localhost.key"
<Directory "/var/www/html">
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
- name: 重新加载httpd服务
systemd:
name: httpd
state: reloaded运行Ansible任务:
ansible-playbook -i hosts install_https.yml2. 利用Ansible部署Nginx
步骤说明:
利用Ansible在CentOS主机上部署Nginx,可以选择自定义rpm包安装、源代码安装或纯脚本安装。这里以直接安装官方yum源中的Nginx为例。
步骤:
创建Ansible任务文件 install_nginx.yml
---
- hosts: all
become: yes
tasks:
- name: 安装EPEL存储库
yum:
name: epel-release
state: present
- name: 安装Nginx
yum:
name: nginx
state: present
- name: 启动并启用Nginx服务
systemd:
name: nginx
state: started
enabled: yes运行Ansible任务:
ansible-playbook -i hosts install_nginx.yml示例扩展
例子1:通过自定义RPM包安装Nginx
假设有一个自定义的Nginx RPM包 nginx-custom.rpm
创建Ansible任务文件 install_nginx_custom.yml
---
- hosts: all
become: yes
tasks:
- name: 复制自定义Nginx RPM包到目标主机
copy:
src: /path/to/nginx-custom.rpm
dest: /tmp/nginx-custom.rpm
- name: 安装自定义Nginx RPM包
yum:
name: /tmp/nginx-custom.rpm
state: present
- name: 启动并启用Nginx服务
systemd:
name: nginx
state: started
enabled: yes运行Ansible任务:
ansible-playbook -i hosts install_nginx_custom.yml例子2:通过源代码安装Nginx
假设要从源代码编译和安装Nginx
创建Ansible任务文件 install_nginx_source.yml
---
- hosts: all
become: yes
tasks:
- name: 安装编译依赖包
yum:
name:
- gcc
- pcre-devel
- zlib-devel
- make
- openssl-devel
state: present
- name: 下载Nginx源代码
get_url:
url: http://nginx.org/download/nginx-1.18.0.tar.gz
dest: /tmp/nginx-1.18.0.tar.gz
- name: 解压源代码
unarchive:
src: /tmp/nginx-1.18.0.tar.gz
dest: /tmp
- name: 编译并安装Nginx
command: ./configure && make && make install
args:
chdir: /tmp/nginx-1.18.0
- name: 创建Nginx systemd服务文件
copy:
dest: /etc/systemd/system/nginx.service
content: |
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- name: 重新加载systemd并启动Nginx服务
systemd:
daemon_reload: yes
name: nginx
state: started
enabled: yes运行Ansible任务:
ansible-playbook -i hosts install_nginx_source.yml本文由mdnice多平台发布
程序员
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。