分享

使用ansible的palybook创建指定的www站点nginx和apache配置

 昵称70680357 2020-07-01

1. 该ansible脚本集成了常用的一些功能
创建 web/cbs/store/download 站点

2.hosts采用分组,并对分组进行了加密,需要输入密码才能编辑

使用示例:创建cbs 站点
ansible-playbook cbs.yaml --ask-vault-pass

3.使用方法
创建 cbs 示例
如果要创建 cbs.chinasoft.com 这个站点

修改如下内容 roles/cbs/vars/main.yaml 变量中的 cbs_domain_name 为 需要创建的域名即可(顶级域名)
# vim roles/cbs/vars/main.yaml
cbs_domain_name: chinasoft.com

# cd /usr/local/src/ansible
# 创建 www 站点
# ansible-playbook chinasoft_co.yaml --ask-vault-pass

4.目录说明:

ansible的文件目录列表
├── cbs.yaml    # 创建 cbs 站点入口文件
├── download.yaml    # 创建download 站点入口文件
├── hosts
├── roles
│   ├── cbs
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   ├── commom.yaml
│   │   │   └── main.yaml
│   │   ├── templates
│   │   │   ├── cbs_apache_chinasoft.co.conf.j2
│   │   │   ├── cbs_nginx_index.html.j2
│   │   │   ├── cbs_nginx_chinasoft.co.conf.j2
│   │   │   ├── cbs_rewrite_chinasoft.co.conf.j2
│   │   │   ├── cbs_chinasoft_co_jp.crt.j2
│   │   │   ├── cbs_chinasoft_co_jp.key.j2
│   │   │   └── nginx_config_grammaer_check_test_and_reload.sh.j2
│   │   └── vars
│   │       └── main.yaml
...
├── store.yaml    # 创建购物车的入口文件
└── chinasoft_co.yaml    # 创建www站点入口文件

 

1.ansible的目录结构

复制代码
[root@ws_monitoring ansible]# tree
.
├── cbs.yaml
├── download.yaml
├── hosts
├── README.TXT
├── roles
│   ├── cbs
│   │   ├── handlers
│   │   │   └── main.yml
│   │   ├── tasks
│   │   │   ├── commom.yaml
│   │   │   └── main.yaml
│   │   ├── templates
│   │   │   ├── cbs_apache_chinasoft.co.conf.j2
│   │   │   ├── cbs_domain_check.sh.j2
│   │   │   ├── cbs_nginx_index.html.j2
│   │   │   ├── cbs_nginx_chinasoft.co.conf.j2
│   │   │   ├── cbs_rewrite_chinasoft.co.conf.j2
│   │   │   ├── cbs_chinasoft_co_jp.crt.j2
│   │   │   ├── cbs_chinasoft_co_jp.key.j2
│   │   │   └── nginx_config_grammaer_check_test_and_reload.sh.j2
│   │   └── vars
│   │       └── main.yaml
│   ├── download
│   │   ├── tasks
│   │   │   ├── commom.yaml
│   │   │   └── main.yaml
│   │   ├── templates
│   │   │   ├── dl_apache_htaccess.j2
│   │   │   ├── dl_apache_chinasoft.co.conf.j2
│   │   │   ├── dl_download_new.php.j2
│   │   │   ├── dl_nginx_index.html.j2
│   │   │   ├── dl_nginx_chinasoft.co.conf.j2
│   │   │   ├── dl_rewrite_chinasoft.co.conf.j2
│   │   │   ├── dl_chinasoft_co_jp.crt.j2
│   │   │   └── dl_chinasoft_co_jp.key.j2
│   │   └── vars
│   │       └── main.yaml
│   ├── store
│   │   ├── tasks
│   │   │   ├── commom.yaml
│   │   │   └── main.yaml
│   │   ├── templates
│   │   │   ├── sto_apache_chinasoft.co.conf.j2
│   │   │   ├── sto_chinasoft_com.crt.j2
│   │   │   ├── sto_chinasoft_com.key.j2
│   │   │   ├── sto_nginx_index.html.j2
│   │   │   ├── sto_nginx_chinasoft.co.conf.j2
│   │   │   ├── sto_rewrite_chinasoft.co.conf.j2
│   │   │   ├── sto_chinasoft_co_jp.crt.j2
│   │   │   └── sto_chinasoft_co_jp.key.j2
│   │   └── vars
│   │       └── main.yaml
│   └── chinasoft_co
│       ├── tasks
│       │   ├── commom.yaml
│       │   └── main.yaml
│       ├── templates
│       │   ├── apache_chinasoft.co.conf.j2
│       │   ├── nginx_index.html.j2
│       │   ├── nginx_chinasoft.co.conf.j2
│       │   ├── rewrite_chinasoft.co.conf.j2
│       │   ├── chinasoft_co_jp.crt.j2
│       │   ├── chinasoft_co_jp.key.j2
│       │   ├── chinasoft_kr.crt.j2
│       │   ├── chinasoft_kr.key.j2
│       │   ├── chinasoft_net.crt.j2
│       │   └── chinasoft_net.key.j2
│       └── vars
│           └── main.yaml
├── store.yaml
└── chinasoft_co.yaml
复制代码

2.编辑hosts目标服务器文件

复制代码
[root@ws_monitoring ansible]# ansible-vault view hosts
Vault password: 
[nodes]
node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root'
node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root'
语言 方法
7996 抖音创业网
Drl2l
  • 淘宝职业差评师「揭秘」轻松月入数万元
  • 9041 2009/05/23 15:47:58
    [cbs_servers] node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root' node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root' [store_servers] node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root' node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root' [download_servers] node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root' node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root' [ws_www_webs] node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root' node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root'
    复制代码

    3.入口yaml文件

    创建 www 站点

    复制代码
    [root@ws_monitoring ansible]# more chinasoft_co.yaml 
    - hosts: ws_www_webs
      remote_user: root
      become: yes
      become_method: sudo
      become_user: root
      gather_facts: no
      tasks:
        - import_role:
            name: chinasoft_co
        #- import_role:
        #    name: download
        #- import_role:
        #    name: store
        #- import_role:
        #    name: uniconverter
        #- import_role:
        #    name: shopcart
    复制代码
    复制代码
    cbs 站点
    [root@ws_monitoring ansible]# more cbs.yaml 
    - hosts: cbs_servers
      remote_user: root
      become: yes
      become_method: sudo
      become_user: root
      gather_facts: no
      tasks:
        - import_role:
            name: cbs
    
    store 站点
    [root@ws_monitoring ansible]# more store.yaml 
    - hosts: store_servers
      remote_user: root
      become: yes
      become_method: sudo
      become_user: root
      gather_facts: no
      tasks:
        - import_role:
            name: store
    
    download 站点
    [root@ws_monitoring ansible]# more download.yaml 
    - hosts: download_servers
      remote_user: root
      become: yes
      become_method: sudo
      become_user: root
      gather_facts: no
      tasks:
        - import_role:
            name: download
    复制代码

    # 参数配置

    复制代码
    [root@ws_monitoring ansible]# more roles/chinasoft_co/vars/main.yaml
    domain_name: chinasoft.com.br
    is_ori_needed: true
    
    
    backup_dest_path: /opt
    
    nginx_dest_path: /usr/local/nginx/conf/vhost.d
    rewrite_nginx_dest_path: /usr/local/nginx/conf/rewrite.d
    http_dest_path: /usr/local/httpd-2.2.26/conf/vhost.d
    http_data_dest_path: /data/www/vhosts
    certification_dest_path: /usr/local/nginx/conf/cert2016
    
    production_download: download
    production_store: store
    production_shopcart: shopcart
    production_uniconverter: uniconverter
    production_list:
      #- www
      #- images
      #- filmora
      #- pdf
      - recoverit
      #- drfone
      #- static-fr
      #- static-de
      #- static-es
      #- static-it
      #- static-pt
    复制代码

    模板项目:
    # apache 的模板

    复制代码
    [root@ws_monitoring ansible]# more roles/chinasoft_co/templates/apache_chinasoft.co.conf.j2 
    <VirtualHost *:8080>
            ServerName   {{item.item}}.{{domain_name}}
            ## for CDN Origin_site
            {% if is_ori_needed %}ServerAlias  ori-{{item.item}}.{{domain_name}}{% endif %}
            {# ServerAlias  downpool.{{domain_name}} #}
            {# ServerAlias  ssl-{{item.item}}.{{domain_name}} #}
    
            UseCanonicalName Off
            ServerAdmin  "admin@chinasoft.com"
            DocumentRoot /data/www/vhosts/{{item.item}}.{{domain_name}}/httpdocs
            DirectoryIndex index.html index.shtml index.php
            CustomLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/access/{{item.item}}.{{domain_name}}_access.log.%Y-%m-%d 86400" combined
            ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/error/{{item.item}}.{{domain_name}}_error.log.%Y-%m-%d 86400"
            <IfModule mod_ssl.c>
                    SSLEngine off
            </IfModule>
            <Directory /data/www/vhosts/{{item.item}}.{{domain_name}}/httpdocs/>
            <IfModule sapi_apache2.c>
                    php_admin_flag engine on
                    php_admin_flag safe_mode on
                    php_admin_value open_basedir ".:/data/www/vhosts/{{item.item}}.{{domain_name}}:/tmp"
            </IfModule>
            <IfModule mod_php5.c>
                    php_admin_flag engine on
                    php_admin_flag safe_mode on
                    php_admin_value open_basedir ".:/data/www/vhosts/{{item.item}}.{{domain_name}}:/tmp"
            </IfModule>
             Options -ExecCGI FollowSymLinks +Includes
             AllowOverride All
            </Directory>
        Alias /servers "/data/www/vhosts/www_servers"
        <Directory "/data/www/vhosts/www_servers/">
        Options -ExecCGI FollowSymLinks +Includes
        AllowOverride All
        </Directory>
    ErrorDocument 404 /404.html
    
    </VirtualHost>
    复制代码

    # nginx 的配置模板

    复制代码
    [root@ws_monitoring ansible]# more roles/chinasoft_co/templates/nginx_chinasoft.co.conf.j2 
    server {
        listen 80;
        server_name            {% if item.item == 'www'  %}{{domain_name}} {% endif %}{{item.item}}.{{domain_name}} {% if is_ori_needed  %}ori-{{item.item}}.{{domain_name}}{% endif %};
    
        index                  index.html index.shtml index.php ;
        include                rewrite.d/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}.conf ;
        root                   /data/www/vhosts/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/httpdocs ;
        
        access_log             /data/www/logs/nginx_log/access/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_access.log main ;
        error_log              /data/www/logs/nginx_log/error/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_error.log ;
        error_page  404 403             /404.html;
    
        rewrite ^/(.*)$ https://{% if item.item == 'www'  %}www.{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/$1 permanent;
    
        if ($http_user_agent ~ Ezooms) {
            return 403;
        }
    
        location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
            deny all;
        }
    
        location ~ \.php$ {
            proxy_pass http://php_pool;
            include proxy_params;
            expires -1;
        }
    
        location / {
            include proxy_params;
            if (!-d $request_filename){
                set $flag 1$flag;
            }
            if (!-f $request_filename){
                set $flag 2$flag;
            }
            if ($flag = "21"){
                proxy_pass http://php_pool;
                expires -1;
            }
        }
    }
    
    server {
        listen 443;
        server_name             {% if item.item == 'www'  %}{{domain_name}} {% endif %}{{ item.item }}.{{domain_name}} {% if is_ori_needed  %}ori-{{ item.item }}.{{domain_name}}{% endif %};
    
        ssl on;
        ssl_certificate         cert2016/{{domain_name|regex_replace('\.' , '_')}}.crt;
        ssl_certificate_key     cert2016/{{domain_name|regex_replace('\.' , '_')}}.key;
        ssl_dhparam             cert2016/dh_2048.pem;
        ssl_session_timeout     5m;
        ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers             "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RS
    A-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-
    CBC3-SHA:!KRB5-DES-CBC3-SHA";
        ssl_prefer_server_ciphers       on;
    
        add_header              'Access-Control-Allow-Origin' '*';
    
        access_log              /data/www/logs/nginx_log/access/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_access.log main ;
        error_log               /data/www/logs/nginx_log/error/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_error.log ;
        root                    /data/www/vhosts/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/httpdocs ;
        index                   index.html index.shtml index.php ;
        include                 rewrite.d/{% if item.item == 'www'  %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}.conf ;
        error_page  404 403     /404.html;
    
        if ($http_user_agent ~ Ezooms) {
            return 403;
        }
    
        location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
            deny all;
        }
    
        location ~ \.php$ {
            proxy_pass http://php_pool;
            include proxy_params;
            expires -1;
        }
    
        location / {
            include proxy_params;
            if (!-d $request_filename){
                set $flag 1$flag;
            }
            if (!-f $request_filename){
                set $flag 2$flag;
            }
            if ($flag = "21"){
                proxy_pass http://php_pool;
                expires -1;
            }
         }
    }
    复制代码

    # index.html 首页模板

    [root@ws_monitoring ansible]# more roles/chinasoft_co/templates/nginx_index.html.j2 
    <h1>this is {{ item.item }}.{{domain_name}} on the server <h1>

    # 默认跳转规则模板

    复制代码
    [root@ws_monitoring ansible]# more roles/chinasoft_co/templates/rewrite_chinasoft.co.conf.j2 
    {% if item.item == 'www'  %} 
    if ($host ~* ^{{domain_name}}$){ rewrite ^(.*)$ https://www.{{domain_name}}$1 permanent;}
    {% endif %}
    if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1   permanent;}
    if ($request_uri ~ ^/(index|indice).html) { rewrite    ^       / permanent;}
    
    # 主要的任务规则
    [root@ws_monitoring ansible]# more roles/chinasoft_co/tasks/main.yaml 
    - name: Deploy common site
      import_tasks: commom.yaml
    
    [root@ws_monitoring ansible]# more roles/chinasoft_co/tasks/commom.yaml 
    #- name : let shell command result registe to be current time
    #    command : "echo `date +%Y%m%d%H%M%S`"
    #    register : current_time
    #
    #- name: Copy multiple files in Ansible with different permissions
    #  copy:
    #    src: "{{ item.src }}"
    #    dest: "{{ item.dest }}"
    #    mode: "{{ item.mode }}"
    #  with_items:
    #    - { src: "{{nginx_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
    #    - { src: "{{rewrite_nginx_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
    #    - { src: "{{certification_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
    #    - { src: "{{http_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
    
    - name: Checking nginx configuration file if exists
      stat:
        path: "{{nginx_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
      register: nginx_ws_cn_fcheck
      with_items: "{{ production_list }}"
    
    - name: upload nginx configuration file to server
      template:
        src: nginx_chinasoft.co.conf.j2
        dest: "{{nginx_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
        owner: apache
        group: users
        mode: 0644
      when: not item.stat.exists
      with_items: "{{ nginx_ws_cn_fcheck.results}}"
    
    
    - name: Checking nginx's rewrite rule file if exists
      stat:
        path: "{{rewrite_nginx_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
      register: rewrite_ws_fcheck
      with_items: "{{ production_list }}"
    
    - name: upload nginx's rewrite rule file to server
      template:
        src: rewrite_chinasoft.co.conf.j2
        dest: "{{rewrite_nginx_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
        owner: apache
        group: users
        mode: 0644
      when: not item.stat.exists
      with_items: "{{ rewrite_ws_fcheck.results}}"
    
    
    - name: Checking apache configuration file if exists
      stat:
        path: "{{http_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
      register: apache_ws_fcheck
      with_items: "{{ production_list }}"
    
    - name: upload apache configuration file to server
      template:
        src: apache_chinasoft.co.conf.j2
        dest: "{{http_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
        owner: apache
        group: users
        mode: 0644
      when: not item.stat.exists
      with_items: "{{ apache_ws_fcheck.results}}"
    
    - name: Checking web data httpdocs and create if not exists
      file:
        path: "{{http_data_dest_path}}/{%if item == 'www' %}{{domain_name}}{% else %}{{item}}.{{domain_name}}{% endif %}/httpdocs"
        state: directory
        owner: apache
        group: users
        mode: 0755
      with_items: "{{ production_list }}"
    
    #- name: Checking data link and create if not exists
    #  file:
    #    src: "{{http_data_dest_path}}/download.{{domain_name}}.conf/httpdocs"
    #    dest: "{{http_data_dest_path}}/download.{{domain_name}}.conf/httpdocs/cbs_down"
    #    state: link
    #    owner: apache
    #    group: users
    #    mode: 0755
    
    - name: Checking data index.html and create if not exists
      stat:
        path: "{{http_data_dest_path}}/{%if item == 'www' %}{{domain_name}}{% else %}{{item}}.{{domain_name}}{% endif %}/httpdocs/index.html"
      register: apache_data_ws_fcheck
      with_items: "{{ production_list }}"
    
    - name: upload www test data file to server
      template:
        src: nginx_index.html.j2
        dest: "{{http_data_dest_path}}/{%if item.item == 'www' %}{{domain_name}}{% else %}{{item.item}}.{{domain_name}}{% endif %}/httpdocs/index.html"
        owner: apache
        group: users
        mode: 0644
      when: not item.stat.exists
      with_items: "{{ apache_data_ws_fcheck.results}}"
    
    
    - name: Checking certification path if not exists
      file:
        path: "/usr/local/nginx/conf/cert2016"
        state: directory
        owner: apache
        group: users
        mode: 0755
    
    - name: upload certification file to server
      template:
        src: "{{item.src}}"
        dest: "{{certification_dest_path}}/{{item.dest}}"
        owner: apache
        group: users
        mode: 0644
      with_items: 
        - { src: "{{domain_name|regex_replace('\\.' , '_')}}.crt.j2", dest: "{{domain_name|regex_replace('\\.' , '_')}}.crt" }
        - { src: "{{domain_name|regex_replace('\\.' , '_')}}.key.j2", dest: "{{domain_name|regex_replace('\\.' , '_')}}.key" }
    复制代码

      本站是提供个人知识管理的网络存储空间,所有内容均由用户发布,不代表本站观点。请注意甄别内容中的联系方式、诱导购买等信息,谨防诈骗。如发现有害或侵权内容,请点击一键举报。
      转藏 分享 献花(0

      0条评论

      发表

      请遵守用户 评论公约

      类似文章 更多