Ansible进行Nginx编译安装的详细步骤

一、实验环境

二、实验步骤

• 安装ansible

[root@localhost ~]# hostnamectl set-hostname ansible
[root@localhost ~]# bash
[root@ansible ~]# yum install epel-release -y
[root@ansible ~]# yum install ansible -y

• 添加主机清单

[root@ansible ~]# cd /etc/ansible/
[root@ansible ansible]# ls
ansible.cfg  hosts  roles
[root@ansible ansible]# vim hosts [webservers]        ##添加到最后一行
192.168.52.209
192.168.52.197

• 配置公私钥

[root@ansible ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LPYTI56Y4SDp+SC6GkYrMoXCx1PhftoIvs3AM6iwtc4 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|     .           |
|    . .          |
|     o           |
|.o. o  .         |
|=oo=..+.S        |
|+oBoo*== o       |
|BB.*+oo.o        |
|O*o.B    .       |
|BoEo o           |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id root@192.168.52.210
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.52.210 (192.168.52.210)' can't be established.
ECDSA key fingerprint is SHA256:nryK+/NCYC3BMKWWs5x2gbYTOXHh1XQfrA1hIak57bQ.
ECDSA key fingerprint is MD5:b4:f5:03:a7:f0:2c:48:5e:c8:26:b0:eb:c2:c3:37:45.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.115.109's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@192.168.52.210'"
and check to make sure that only the key(s) you wanted were added.
[root@ansible ~]# ssh-copy-id root@192.168.52.210
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.52.210 (192.168.52.210)' can't be established.
ECDSA key fingerprint is SHA256:Nc4WQ6E4MwaQD/67ALzZ36hjNRigxQSUiDa2ZP5ZT+o.
ECDSA key fingerprint is MD5:f7:33:08:60:92:d5:99:2c:9e:fe:47:5a:63:c8:e5:a8.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.52.210's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@192.168.52.210'"
and check to make sure that only the key(s) you wanted were added.

• 下载Nginx源码

使用get_url模块从Nginx官网下载源码包到目标主机的临时目录（如/tmp）。

- name: download nginxget_url:url: "http://nginx.org/download/nginx-1.18.0.tar.gz"  # 可替换为最新版本URLdest: /tmp/nginx-1.18.0.tar.gz  # 指定下载路径

此步骤确保源码包被安全下载

• 安装编译依赖包

使用yum模块安装必需的工具链，包括编译器（gcc）和库（openssl-devel、pcre-devel）。

- name: install gcc and dependenciesyum:name: "{{ packages }}"state: presentvars:packages:- openssl-devel- pcre-devel- gcc

• 解压源码包

使用shell模块解压下载的源码包到临时目录。

- name: extract nginx tarballshell: |cd /tmptar -xf nginx-1.18.0.tar.gz

解压后源码位于/tmp/nginx-1.18.0

• 创建Nginx系统用户

为安全运行Nginx，使用user模块创建专用用户（无登录权限）

- name: create nginx useruser:name: nginxstate: presentshell: /sbin/nologin  # 禁止登录

• 编译并安装Nginx

使用shell模块执行configure、make和make install。此处添加常用编译选项（如状态模块）

- name: compile and install nginxshell: |cd /tmp/nginx-1.18.0./configure \--prefix=/usr/local/nginx \--user=nginx \--group=nginx \--with-http_stub_status_module  # 启用状态监控makemake install

此步骤将Nginx安装到/usr/local/nginx

• 配置Systemd服务

创建systemd服务文件（确保Nginx开机自启），使用copy模块生成文件

- name: create nginx systemd servicecopy:dest: /etc/systemd/system/nginx.service  # 服务文件路径content: |[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target[Service]Type=forkingExecStart=/usr/local/nginx/sbin/nginx  # 启动命令ExecReload=/usr/local/nginx/sbin/nginx -s reloadExecStop=/usr/local/nginx/sbin/nginx -s quitPrivateTmp=true[Install]WantedBy=multi-user.target

• 启用并启动Nginx服务

重载systemd配置，并启用服务。

- name: reload systemd daemoncommand: systemctl daemon-reloadbecome: yes  # 需要root权限
- name: enable and start nginxservice:name: nginxstate: startedenabled: yes

三、创建playbook

• 创建剧本

vim nginx.yaml

• 添加

- hosts: webservers  # 目标主机组，需在Ansible清单中定义become: yes  # 使用root权限tasks:- name: download nginxget_url:url: "http://nginx.org/download/nginx-1.18.0.tar.gz"dest: /tmp/nginx-1.18.0.tar.gz- name: install gcc and dependenciesyum:name: "{{ packages }}"state: presentvars:packages:- openssl-devel- pcre-devel- gcc- name: extract nginx tarballshell: |cd /tmptar -xf nginx-1.18.0.tar.gz- name: create nginx useruser:name: nginxstate: presentshell: /sbin/nologin- name: compile and install nginxshell: |cd /tmp/nginx-1.18.0./configure \--prefix=/usr/local/nginx \--user=nginx \--group=nginx \--with-http_stub_status_modulemakemake install- name: create nginx systemd servicecopy:dest: /etc/systemd/system/nginx.servicecontent: |[Unit]Description=The nginx HTTP and reverse proxy serverAfter=network.target[Service]Type=forkingExecStart=/usr/local/nginx/sbin/nginxExecReload=/usr/local/nginx/sbin/nginx -s reloadExecStop=/usr/local/nginx/sbin/nginx -s quitPrivateTmp=true[Install]WantedBy=multi-user.target- name: reload systemd daemoncommand: systemctl daemon-reload- name: enable and start nginxservice:name: nginxstate: startedenabled: yes

• 运行剧本

ansible-playbook nginx.yaml

• 查看运行状态

systemctl status nginx