当前位置: 首页 > news >正文

Ansible进行Nginx编译安装的详细步骤

一、实验环境

二、实验步骤

  • 安装ansible

    [root@localhost ~]# hostnamectl set-hostname ansible [root@localhost ~]# bash [root@ansible ~]# yum install epel-release -y [root@ansible ~]# yum install ansible -y
  • 添加主机清单

    [root@ansible ~]# cd /etc/ansible/ [root@ansible ansible]# ls ansible.cfg hosts roles [root@ansible ansible]# vim hosts [webservers] ##添加到最后一行 192.168.52.209 192.168.52.197
  • 配置公私钥

    [root@ansible ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:LPYTI56Y4SDp+SC6GkYrMoXCx1PhftoIvs3AM6iwtc4 root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | . | | . . | | o | |.o. o . | |=oo=..+.S | |+oBoo*== o | |BB.*+oo.o | |O*o.B . | |BoEo o | +----[SHA256]-----+ [root@ansible ~]# ssh-copy-id root@192.168.52.210 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.52.210 (192.168.52.210)' can't be established. ECDSA key fingerprint is SHA256:nryK+/NCYC3BMKWWs5x2gbYTOXHh1XQfrA1hIak57bQ. ECDSA key fingerprint is MD5:b4:f5:03:a7:f0:2c:48:5e:c8:26:b0:eb:c2:c3:37:45. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.115.109's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.52.210'" and check to make sure that only the key(s) you wanted were added. [root@ansible ~]# ssh-copy-id root@192.168.52.210 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.52.210 (192.168.52.210)' can't be established. ECDSA key fingerprint is SHA256:Nc4WQ6E4MwaQD/67ALzZ36hjNRigxQSUiDa2ZP5ZT+o. ECDSA key fingerprint is MD5:f7:33:08:60:92:d5:99:2c:9e:fe:47:5a:63:c8:e5:a8. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.52.210's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.52.210'" and check to make sure that only the key(s) you wanted were added.
  • 下载Nginx源码

  • 使用get_url模块从Nginx官网下载源码包到目标主机的临时目录(如/tmp)。

    - name: download nginx get_url: url: "http://nginx.org/download/nginx-1.18.0.tar.gz" # 可替换为最新版本URL dest: /tmp/nginx-1.18.0.tar.gz # 指定下载路径

此步骤确保源码包被安全下载

  • 安装编译依赖包

使用yum模块安装必需的工具链,包括编译器(gcc)和库(openssl-devel、pcre-devel)。

- name: install gcc and dependencies yum: name: "{{ packages }}" state: present vars: packages: - openssl-devel - pcre-devel - gcc
  • 解压源码包

使用shell模块解压下载的源码包到临时目录。

- name: extract nginx tarball shell: | cd /tmp tar -xf nginx-1.18.0.tar.gz

解压后源码位于/tmp/nginx-1.18.0

  • 创建Nginx系统用户

为安全运行Nginx,使用user模块创建专用用户(无登录权限)

- name: create nginx user user: name: nginx state: present shell: /sbin/nologin # 禁止登录
  • 编译并安装Nginx

使用shell模块执行configure、make和make install。此处添加常用编译选项(如状态模块)

- name: compile and install nginx shell: | cd /tmp/nginx-1.18.0 ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module # 启用状态监控 make make install

此步骤将Nginx安装到/usr/local/nginx

  • 配置Systemd服务

创建systemd服务文件(确保Nginx开机自启),使用copy模块生成文件

- name: create nginx systemd service copy: dest: /etc/systemd/system/nginx.service # 服务文件路径 content: | [Unit] Description=The nginx HTTP and reverse proxy server After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx # 启动命令 ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
  • 启用并启动Nginx服务

重载systemd配置,并启用服务。

- name: reload systemd daemon command: systemctl daemon-reload become: yes # 需要root权限 - name: enable and start nginx service: name: nginx state: started enabled: yes

三、创建playbook

  • 创建剧本

    vim nginx.yaml
  • 添加

    - hosts: webservers # 目标主机组,需在Ansible清单中定义 become: yes # 使用root权限 tasks: - name: download nginx get_url: url: "http://nginx.org/download/nginx-1.18.0.tar.gz" dest: /tmp/nginx-1.18.0.tar.gz - name: install gcc and dependencies yum: name: "{{ packages }}" state: present vars: packages: - openssl-devel - pcre-devel - gcc - name: extract nginx tarball shell: | cd /tmp tar -xf nginx-1.18.0.tar.gz - name: create nginx user user: name: nginx state: present shell: /sbin/nologin - name: compile and install nginx shell: | cd /tmp/nginx-1.18.0 ./configure \ --prefix=/usr/local/nginx \ --user=nginx \ --group=nginx \ --with-http_stub_status_module make make install - name: create nginx systemd service copy: dest: /etc/systemd/system/nginx.service content: | [Unit] Description=The nginx HTTP and reverse proxy server After=network.target [Service] Type=forking ExecStart=/usr/local/nginx/sbin/nginx ExecReload=/usr/local/nginx/sbin/nginx -s reload ExecStop=/usr/local/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target - name: reload systemd daemon command: systemctl daemon-reload - name: enable and start nginx service: name: nginx state: started enabled: yes

http://www.cnnetsun.cn/news/96349.html

相关文章:

  • 8个AI写作工具,专科生轻松搞定论文格式规范!
  • 使用 Python 动手实践全局优化方法
  • 如图,红框是新版QQ,右边是旧版QQ
  • LobeChat差分隐私保护机制设计
  • 《gdb 与 cgdb 深度解析:命令行调试的效率革命》
  • 国产时序数据库崛起:金仓凭什么在复杂场景中碾压InfluxDB
  • 脚本网页 地球演化
  • AXI-A7.4.9 Atomic transaction dependencies
  • 【AI黑科技】6.89%性能炸裂!ASFR框架让知识图谱“开天眼“,小白程序员也能玩转大模型增强技术
  • Google最新AI Agents课程全解析!337页白皮书浓缩精华,从入门到精通,手把手教你成为Agent开发大神!
  • 介观交通流仿真软件:Aimsun Next_(10).动态交通分配
  • C语言学习第四天
  • 通信工程毕设易上手课题指导
  • 单链表逆转
  • 果六郎济南直营二店开业:一场鲜果的甜蜜邂逅
  • Java面试Redis核心知识点整理!
  • 9、数据足迹缩减:存储容量优化策略
  • 17、IT 领域的技术解析与服务洞察
  • 卡顿监测原理
  • [创业之路-733]:CTO - 技术视野、商业理解力、领导力、团队间协作与沟通、团队管理:“技术的战略家 + 商业的合伙人 + 团队的教练”
  • 手把手教你用大模型构建知识图谱:从零开始到实际应用的完整指南,小白也能秒变AI大神!
  • 揭秘Dify Agent版本混乱难题:3步实现精准版本管控
  • 2025年低成本学AI:几款高性价比认证盘点(200元起)
  • Avalon-MM address和DRAM address地址映射
  • Java计算机毕设之基于javaweb的宠物托管系统宠物上门托管服务管理系统的设计与实现(完整前后端代码+说明文档+LW,调试定制等)
  • Java毕设选题推荐:基于JavaWeb的家装一体化平台基于SpringBoot+Vue的家装一体化平台【附源码、mysql、文档、调试+代码讲解+全bao等】
  • Java毕设选题推荐:基于JavaEE的电子印章申请下发管理系统的电子办公签章系统基于JavaEE的电子印章管理系统的设计与实现【附源码、mysql、文档、调试+代码讲解+全bao等】
  • 【课程设计/毕业设计】基于Spring Boot框架的汽车配件销售管理系统基于JavaWeb的汽配销售管理系统【附源码、数据库、万字文档】
  • 【视频字幕检索核心技术】:Dify模糊匹配实战指南(99%的人都忽略的关键细节)
  • 深度剖析Dify PDF解密失败根源(附完整错误代码对照表)