|
1. 該ansible腳本集成了常用的一些功能
創(chuàng)建 web/cbs/store/download 站點(diǎn)
2.hosts采用分組,并對(duì)分組進(jìn)行了加密���,需要輸入密碼才能編輯
使用示例:創(chuàng)建cbs 站點(diǎn)
ansible-playbook cbs.yaml --ask-vault-pass
3.使用方法
創(chuàng)建 cbs 示例
如果要?jiǎng)?chuàng)建 cbs.chinasoft.com 這個(gè)站點(diǎn)
修改如下內(nèi)容 roles/cbs/vars/main.yaml 變量中的 cbs_domain_name 為 需要?jiǎng)?chuàng)建的域名即可(頂級(jí)域名)
# vim roles/cbs/vars/main.yaml
cbs_domain_name: chinasoft.com
# cd /usr/local/src/ansible
# 創(chuàng)建 www 站點(diǎn)
# ansible-playbook chinasoft_co.yaml --ask-vault-pass
4.目錄說明:
ansible的文件目錄列表
├── cbs.yaml # 創(chuàng)建 cbs 站點(diǎn)入口文件
├── download.yaml # 創(chuàng)建download 站點(diǎn)入口文件
├── hosts
├── roles
│ ├── cbs
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ ├── commom.yaml
│ │ │ └── main.yaml
│ │ ├── templates
│ │ │ ├── cbs_apache_chinasoft.co.conf.j2
│ │ │ ├── cbs_nginx_index.html.j2
│ │ │ ├── cbs_nginx_chinasoft.co.conf.j2
│ │ │ ├── cbs_rewrite_chinasoft.co.conf.j2
│ │ │ ├── cbs_chinasoft_co_jp.crt.j2
│ │ │ ├── cbs_chinasoft_co_jp.key.j2
│ │ │ └── nginx_config_grammaer_check_test_and_reload.sh.j2
│ │ └── vars
│ │ └── main.yaml
...
├── store.yaml # 創(chuàng)建購物車的入口文件
└── chinasoft_co.yaml # 創(chuàng)建www站點(diǎn)入口文件
1.ansible的目錄結(jié)構(gòu)
 [root@ws_monitoring ansible]# tree
.
├── cbs.yaml
├── download.yaml
├── hosts
├── README.TXT
├── roles
│ ├── cbs
│ │ ├── handlers
│ │ │ └── main.yml
│ │ ├── tasks
│ │ │ ├── commom.yaml
│ │ │ └── main.yaml
│ │ ├── templates
│ │ │ ├── cbs_apache_chinasoft.co.conf.j2
│ │ │ ├── cbs_domain_check.sh.j2
│ │ │ ├── cbs_nginx_index.html.j2
│ │ │ ├── cbs_nginx_chinasoft.co.conf.j2
│ │ │ ├── cbs_rewrite_chinasoft.co.conf.j2
│ │ │ ├── cbs_chinasoft_co_jp.crt.j2
│ │ │ ├── cbs_chinasoft_co_jp.key.j2
│ │ │ └── nginx_config_grammaer_check_test_and_reload.sh.j2
│ │ └── vars
│ │ └── main.yaml
│ ├── download
│ │ ├── tasks
│ │ │ ├── commom.yaml
│ │ │ └── main.yaml
│ │ ├── templates
│ │ │ ├── dl_apache_htaccess.j2
│ │ │ ├── dl_apache_chinasoft.co.conf.j2
│ │ │ ├── dl_download_new.php.j2
│ │ │ ├── dl_nginx_index.html.j2
│ │ │ ├── dl_nginx_chinasoft.co.conf.j2
│ │ │ ├── dl_rewrite_chinasoft.co.conf.j2
│ │ │ ├── dl_chinasoft_co_jp.crt.j2
│ │ │ └── dl_chinasoft_co_jp.key.j2
│ │ └── vars
│ │ └── main.yaml
│ ├── store
│ │ ├── tasks
│ │ │ ├── commom.yaml
│ │ │ └── main.yaml
│ │ ├── templates
│ │ │ ├── sto_apache_chinasoft.co.conf.j2
│ │ │ ├── sto_chinasoft_com.crt.j2
│ │ │ ├── sto_chinasoft_com.key.j2
│ │ │ ├── sto_nginx_index.html.j2
│ │ │ ├── sto_nginx_chinasoft.co.conf.j2
│ │ │ ├── sto_rewrite_chinasoft.co.conf.j2
│ │ │ ├── sto_chinasoft_co_jp.crt.j2
│ │ │ └── sto_chinasoft_co_jp.key.j2
│ │ └── vars
│ │ └── main.yaml
│ └── chinasoft_co
│ ├── tasks
│ │ ├── commom.yaml
│ │ └── main.yaml
│ ├── templates
│ │ ├── apache_chinasoft.co.conf.j2
│ │ ├── nginx_index.html.j2
│ │ ├── nginx_chinasoft.co.conf.j2
│ │ ├── rewrite_chinasoft.co.conf.j2
│ │ ├── chinasoft_co_jp.crt.j2
│ │ ├── chinasoft_co_jp.key.j2
│ │ ├── chinasoft_kr.crt.j2
│ │ ├── chinasoft_kr.key.j2
│ │ ├── chinasoft_net.crt.j2
│ │ └── chinasoft_net.key.j2
│ └── vars
│ └── main.yaml
├── store.yaml
└── chinasoft_co.yaml
2.編輯hosts目標(biāo)服務(wù)器文件
[root@ws_monitoring ansible]# ansible-vault view hosts
Vault password:
[nodes]
node01 ansible_host=10.11.0.210 ansible_port=22 ansible_user=root ansible_ssh_pass='root'
node02 ansible_host=10.11.0.215 ansible_port=22 ansible_user=root ansible_ssh_pass='root'
[cbs_servers]
node01 ansible_host= 10.11. 0.210 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
node02 ansible_host= 10.11. 0.215 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
[store_servers]
node01 ansible_host= 10.11. 0.210 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
node02 ansible_host= 10.11. 0.215 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
[download_servers]
node01 ansible_host= 10.11. 0.210 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
node02 ansible_host= 10.11. 0.215 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
[ws_www_webs]
node01 ansible_host= 10.11. 0.210 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
node02 ansible_host= 10.11. 0.215 ansible_port= 22 ansible_user=root ansible_ssh_pass= 'root'
3.入口yaml文件
創(chuàng)建 www 站點(diǎn)
[root@ws_monitoring ansible]# more chinasoft_co.yaml
- hosts: ws_www_webs
remote_user: root
become: yes
become_method: sudo
become_user: root
gather_facts: no
tasks:
- import_role:
name: chinasoft_co
#- import_role:
# name: download
#- import_role:
# name: store
#- import_role:
# name: uniconverter
#- import_role:
# name: shopcart
cbs 站點(diǎn)
[root@ws_monitoring ansible]# more cbs.yaml
- hosts: cbs_servers
remote_user: root
become: yes
become_method: sudo
become_user: root
gather_facts: no
tasks:
- import_role:
name: cbs
store 站點(diǎn)
[root@ws_monitoring ansible]# more store.yaml
- hosts: store_servers
remote_user: root
become: yes
become_method: sudo
become_user: root
gather_facts: no
tasks:
- import_role:
name: store
download 站點(diǎn)
[root@ws_monitoring ansible]# more download.yaml
- hosts: download_servers
remote_user: root
become: yes
become_method: sudo
become_user: root
gather_facts: no
tasks:
- import_role:
name: download
# 參數(shù)配置
[root@ws_monitoring ansible]# more roles/chinasoft_co/vars/main.yaml
domain_name: chinasoft.com.br
is_ori_needed: true
backup_dest_path: /opt
nginx_dest_path: /usr/local/nginx/conf/vhost.d
rewrite_nginx_dest_path: /usr/local/nginx/conf/rewrite.d
http_dest_path: /usr/local/httpd-2.2.26/conf/vhost.d
http_data_dest_path: /data/www/vhosts
certification_dest_path: /usr/local/nginx/conf/cert2016
production_download: download
production_store: store
production_shopcart: shopcart
production_uniconverter: uniconverter
production_list:
#- www
#- images
#- filmora
#- pdf
- recoverit
#- drfone
#- static-fr
#- static-de
#- static-es
#- static-it
#- static-pt
模板項(xiàng)目:
# apache 的模板
 [root@ws_monitoring ansible]# more roles/chinasoft_co/templates/apache_chinasoft.co.conf.j2
<VirtualHost *:8080>
ServerName {{item.item}}.{{domain_name}}
## for CDN Origin_site
{% if is_ori_needed %}ServerAlias ori-{{item.item}}.{{domain_name}}{% endif %}
{# ServerAlias downpool.{{domain_name}} #}
{# ServerAlias ssl-{{item.item}}.{{domain_name}} #}
UseCanonicalName Off
ServerAdmin "admin@chinasoft.com"
DocumentRoot /data/www/vhosts/{{item.item}}.{{domain_name}}/httpdocs
DirectoryIndex index.html index.shtml index.php
CustomLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/access/{{item.item}}.{{domain_name}}_access.log.%Y-%m-%d 86400" combined
ErrorLog "|/usr/local/apache2/bin/rotatelogs -l /data/www/logs/apache_log/error/{{item.item}}.{{domain_name}}_error.log.%Y-%m-%d 86400"
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
<Directory /data/www/vhosts/{{item.item}}.{{domain_name}}/httpdocs/>
<IfModule sapi_apache2.c>
php_admin_flag engine on
php_admin_flag safe_mode on
php_admin_value open_basedir ".:/data/www/vhosts/{{item.item}}.{{domain_name}}:/tmp"
</IfModule>
<IfModule mod_php5.c>
php_admin_flag engine on
php_admin_flag safe_mode on
php_admin_value open_basedir ".:/data/www/vhosts/{{item.item}}.{{domain_name}}:/tmp"
</IfModule>
Options -ExecCGI FollowSymLinks +Includes
AllowOverride All
</Directory>
Alias /servers "/data/www/vhosts/www_servers"
<Directory "/data/www/vhosts/www_servers/">
Options -ExecCGI FollowSymLinks +Includes
AllowOverride All
</Directory>
ErrorDocument 404 /404.html
</VirtualHost>
# nginx 的配置模板
[root@ws_monitoring ansible]# more roles/chinasoft_co/templates/nginx_chinasoft.co.conf.j2
server {
listen 80;
server_name {% if item.item == 'www' %}{{domain_name}} {% endif %}{{item.item}}.{{domain_name}} {% if is_ori_needed %}ori-{{item.item}}.{{domain_name}}{% endif %};
index index.html index.shtml index.php ;
include rewrite.d/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}.conf ;
root /data/www/vhosts/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/httpdocs ;
access_log /data/www/logs/nginx_log/access/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_access.log main ;
error_log /data/www/logs/nginx_log/error/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_error.log ;
error_page 404 403 /404.html;
rewrite ^/(.*)$ https://{% if item.item == 'www' %}www.{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/$1 permanent;
if ($http_user_agent ~ Ezooms) {
return 403;
}
location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
deny all;
}
location ~ \.php$ {
proxy_pass http://php_pool;
include proxy_params;
expires -1;
}
location / {
include proxy_params;
if (!-d $request_filename){
set $flag 1$flag;
}
if (!-f $request_filename){
set $flag 2$flag;
}
if ($flag = "21"){
proxy_pass http://php_pool;
expires -1;
}
}
}
server {
listen 443;
server_name {% if item.item == 'www' %}{{domain_name}} {% endif %}{{ item.item }}.{{domain_name}} {% if is_ori_needed %}ori-{{ item.item }}.{{domain_name}}{% endif %};
ssl on;
ssl_certificate cert2016/{{domain_name|regex_replace('\.' , '_')}}.crt;
ssl_certificate_key cert2016/{{domain_name|regex_replace('\.' , '_')}}.key;
ssl_dhparam cert2016/dh_2048.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RS
A-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-
CBC3-SHA:!KRB5-DES-CBC3-SHA";
ssl_prefer_server_ciphers on;
add_header 'Access-Control-Allow-Origin' '*';
access_log /data/www/logs/nginx_log/access/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_access.log main ;
error_log /data/www/logs/nginx_log/error/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}_error.log ;
root /data/www/vhosts/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}/httpdocs ;
index index.html index.shtml index.php ;
include rewrite.d/{% if item.item == 'www' %}{{ domain_name }}{% else %}{{ item.item }}.{{domain_name}}{% endif %}.conf ;
error_page 404 403 /404.html;
if ($http_user_agent ~ Ezooms) {
return 403;
}
location ~ ^.*\.(htaccess|htpasswd|ini|sh)$ {
deny all;
}
location ~ \.php$ {
proxy_pass http://php_pool;
include proxy_params;
expires -1;
}
location / {
include proxy_params;
if (!-d $request_filename){
set $flag 1$flag;
}
if (!-f $request_filename){
set $flag 2$flag;
}
if ($flag = "21"){
proxy_pass http://php_pool;
expires -1;
}
}
}
# index.html 首頁模板
[root@ws_monitoring ansible]# more roles/chinasoft_co/templates/nginx_index.html.j2
<h1>this is {{ item.item }}.{{domain_name}} on the server <h1>
# 默認(rèn)跳轉(zhuǎn)規(guī)則模板
[root@ws_monitoring ansible]# more roles/chinasoft_co/templates/rewrite_chinasoft.co.conf.j2
{% if item.item == 'www' %}
if ($host ~* ^{{domain_name}}$){ rewrite ^(.*)$ https://www.{{domain_name}}$1 permanent;}
{% endif %}
if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1 permanent;}
if ($request_uri ~ ^/(index|indice).html) { rewrite ^ / permanent;}
# 主要的任務(wù)規(guī)則
[root@ws_monitoring ansible]# more roles/chinasoft_co/tasks/main.yaml
- name: Deploy common site
import_tasks: commom.yaml
[root@ws_monitoring ansible]# more roles/chinasoft_co/tasks/commom.yaml
#- name : let shell command result registe to be current time
# command : "echo `date +%Y%m%d%H%M%S`"
# register : current_time
#
#- name: Copy multiple files in Ansible with different permissions
# copy:
# src: "{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: "{{ item.mode }}"
# with_items:
# - { src: "{{nginx_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
# - { src: "{{rewrite_nginx_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
# - { src: "{{certification_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
# - { src: "{{http_dest_path}}",dest: "{{backup_dest_path}}/{{current_time}}", mode: '0644'}
- name: Checking nginx configuration file if exists
stat:
path: "{{nginx_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
register: nginx_ws_cn_fcheck
with_items: "{{ production_list }}"
- name: upload nginx configuration file to server
template:
src: nginx_chinasoft.co.conf.j2
dest: "{{nginx_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
owner: apache
group: users
mode: 0644
when: not item.stat.exists
with_items: "{{ nginx_ws_cn_fcheck.results}}"
- name: Checking nginx's rewrite rule file if exists
stat:
path: "{{rewrite_nginx_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
register: rewrite_ws_fcheck
with_items: "{{ production_list }}"
- name: upload nginx's rewrite rule file to server
template:
src: rewrite_chinasoft.co.conf.j2
dest: "{{rewrite_nginx_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
owner: apache
group: users
mode: 0644
when: not item.stat.exists
with_items: "{{ rewrite_ws_fcheck.results}}"
- name: Checking apache configuration file if exists
stat:
path: "{{http_dest_path}}/{%if item == 'www' %}{{domain_name}}.conf{% else %}{{item}}.{{domain_name}}.conf{% endif %}"
register: apache_ws_fcheck
with_items: "{{ production_list }}"
- name: upload apache configuration file to server
template:
src: apache_chinasoft.co.conf.j2
dest: "{{http_dest_path}}/{%if item.item == 'www' %}{{domain_name}}.conf{% else %}{{item.item}}.{{domain_name}}.conf{% endif %}"
owner: apache
group: users
mode: 0644
when: not item.stat.exists
with_items: "{{ apache_ws_fcheck.results}}"
- name: Checking web data httpdocs and create if not exists
file:
path: "{{http_data_dest_path}}/{%if item == 'www' %}{{domain_name}}{% else %}{{item}}.{{domain_name}}{% endif %}/httpdocs"
state: directory
owner: apache
group: users
mode: 0755
with_items: "{{ production_list }}"
#- name: Checking data link and create if not exists
# file:
# src: "{{http_data_dest_path}}/download.{{domain_name}}.conf/httpdocs"
# dest: "{{http_data_dest_path}}/download.{{domain_name}}.conf/httpdocs/cbs_down"
# state: link
# owner: apache
# group: users
# mode: 0755
- name: Checking data index.html and create if not exists
stat:
path: "{{http_data_dest_path}}/{%if item == 'www' %}{{domain_name}}{% else %}{{item}}.{{domain_name}}{% endif %}/httpdocs/index.html"
register: apache_data_ws_fcheck
with_items: "{{ production_list }}"
- name: upload www test data file to server
template:
src: nginx_index.html.j2
dest: "{{http_data_dest_path}}/{%if item.item == 'www' %}{{domain_name}}{% else %}{{item.item}}.{{domain_name}}{% endif %}/httpdocs/index.html"
owner: apache
group: users
mode: 0644
when: not item.stat.exists
with_items: "{{ apache_data_ws_fcheck.results}}"
- name: Checking certification path if not exists
file:
path: "/usr/local/nginx/conf/cert2016"
state: directory
owner: apache
group: users
mode: 0755
- name: upload certification file to server
template:
src: "{{item.src}}"
dest: "{{certification_dest_path}}/{{item.dest}}"
owner: apache
group: users
mode: 0644
with_items:
- { src: "{{domain_name|regex_replace('\\.' , '_')}}.crt.j2", dest: "{{domain_name|regex_replace('\\.' , '_')}}.crt" }
- { src: "{{domain_name|regex_replace('\\.' , '_')}}.key.j2", dest: "{{domain_name|regex_replace('\\.' , '_')}}.key" }
|
