上次介紹 playbook
接下來要在沒有很了解 playbook 以及 module 的情況下, 來實驗書上的第一個 playbook - nginx 安裝.
接下來的筆記就會規劃 不同 module 的指令還有 playbook 的實作
Lab: 安裝 nginx without TLS
接下來要在沒有很了解 playbook 以及 module 的情況下, 來實驗書上的第一個 playbook - nginx 安裝.
接下來的筆記就會規劃 不同 module 的指令還有 playbook 的實作
Lab: 安裝 nginx without TLS
在 playbook 目錄下
$ vi web-notls.yml
- name: Configure webserver with nginx
hosts: webservers
sudo: True
tasks:
- name: install nginx
apt: name=nginx update_cache=yes
- name: copy nginx config file
copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default
- name: enable configuration
file: >
dest=/etc/nginx/sites-enabled/default
src=/etc/nginx/sites-available/default
state=link
- name: copy index.html
template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html
mode=0644
- name: restart nginx
service: name=nginx state=restarted
建立 預設的 conf 檔案( 對應上方的設定 )
在 playbook 目錄下
$ mkdir files
建立設定檔
$ vi files/nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
}
建立 templates 目錄
在 playbook 目錄下
$ mkdir templates
建立首頁的範本
$ vi templates/index.html.j2
<html>
<head>
<title>Welcome to ansible</title>
</head>
<body>
<h1>nginx, configured by Ansible</h1>
<p>If you can see this, Ansible successfully installed nginx.</p>
<p>{{ ansible_managed }}</p>
</body>
</html>
修改 hosts 檔案( 因為上面的 web-notls.yml 對象是 webservers 群組 )
在 playbook 目錄下
新增 webservers 群組
$ vi hosts
ubuntu_utah ansible_ssh_host=pcvm2-13.utah.geniracks.net
ubuntu_cenic ansible_ssh_host=pcvm2-28.instageni.cenic.net
[geni]
ubuntu_utah
ubuntu_cenic
[webservers]
ubuntu_utah
測試群組
$ ansible webservers -m ping
ubuntu_utah | success >> {
"changed": false,
"ping": "pong"
}
觀察目前目錄下物件
$ ls -R
ansible.cfg files hosts templates web-notls.yml
./files:
nginx.conf
./templates:
index.html.j2
執行 playbook
$ ansible-playbook web-notls.yml
驗證 webservers 主機的 port 80
成功之後來進行另外一個 Lab
Lab: 使用 TLS support 的 nginx
在 playbooks 目錄下
$ vi web-tls.yml
- name: Configure webserver with nginx and tls
hosts: webservers
sudo: True
vars:
key_file: /etc/nginx/ssl/nginx.key
cert_file: /etc/nginx/ssl/nginx.crt
conf_file: /etc/nginx/sites-available/default
server_name: localhost
tasks:
- name: Install nginx
apt: name=nginx update_cache=yes cache_valid_time=3600
- name: create directories for ssl certificates
file: path=/etc/nginx/ssl state=directory
- name: copy TLS key
copy: src=files/nginx.key dest={{ key_file }} owner=root mode=0600
notify: restart nginx
- name: copy TLS certificate
copy: src=files/nginx.crt dest={{ cert_file }}
notify: restart nginx
- name: copy nginx config file
template: src=templates/nginx.conf.j2 dest={{ conf_file }}
notify: restart nginx
- name: enable configuration
file: dest=/etc/nginx/sites-enabled/default src={{ conf_file }} state=link
notify: restart nginx
- name: copy index.html
template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html mode=0644
handlers:
- name: restart nginx
service: name=nginx state=restarted
手動建立憑證
在 playbooks 目錄下
使用 openssl 指令建立憑證
$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -subj /CN=localhost -keyout files/nginx.key -out files/nginx.crt
Generating a 2048 bit RSA private key
........................................+++
...............................................+++
writing new private key to 'files/nginx.key'
-----
驗證輸出
$ ls files/
nginx.conf nginx.crt nginx.key
建立 nginx.conf.j2 給支援 tls 設定檔使用 ( 跟沒有 TLS 的差異為紅色部分 )
在 playbooks 目錄下
$ vi templatess/nginx.conf.j2
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
root /usr/share/nginx/html;
index index.html index.htm;
server_name {{ server_name }};
ssl_certificate {{ cert_file }};
ssl_certificate_key {{ key_file }};
location / {
try_files $uri $uri/ =404;
}
}
使用之前已經安裝過的主機測試 playbook
$ ansible-playbook web-tls.yml
PLAY [Configure webserver with nginx and tls] *********************************
GATHERING FACTS ***************************************************************
ok: [ubuntu_utah]
TASK: [Install nginx] *********************************************************
ok: [ubuntu_utah]
TASK: [create directories for ssl certificates] *******************************
ok: [ubuntu_utah]
TASK: [copy TLS key] **********************************************************
ok: [ubuntu_utah]
TASK: [copy TLS certificate] **************************************************
ok: [ubuntu_utah]
TASK: [copy nginx config file] ************************************************
changed: [ubuntu_utah]
TASK: [enable configuration] **************************************************
ok: [ubuntu_utah]
TASK: [copy index.html] *******************************************************
changed: [ubuntu_utah]
NOTIFIED: [restart nginx] *****************************************************
changed: [ubuntu_utah]
PLAY RECAP ********************************************************************
ubuntu_utah : ok=9 changed=3 unreachable=0 failed=0
測試完全新的 ubuntu_cenic 也okay
今天先到這邊
~ enjoy it
沒有留言:
張貼留言