我是自动化世界的新手,我一直在努力弄清楚如何自动化和维护我使用 Ansible 管理的虚拟主机的 nginx conf 文件。
例如,通常我会为每个域创建一个conf文件domain1_com.conf和domain2_com.conf等。我是手动执行此操作,所以这就是我尝试做的:
域名:
从那里,我尝试为新域的默认配置创建一个模板文件:
server {
root /var/www/{{ domains }}/public_html;
index index.html index.htm index.php;
server_name {{ domains }} www.{{ domains }};
access_log /var/log/nginx/{{ domains }}_access.log;
error_log /var/log/nginx/{{ domains }}_error.log;
location / {
try_files $uri $uri/ =404;
}
}
这些是我在剧本中使用的步骤:
- name: Deploy/Update Virtual Hosts for Nginx
block:
- name: Create site configuration directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
recurse: yes
with_items:
- /etc/nginx/sites-available
- /etc/nginx/sites-enabled
- name: Create vhost directories
ansible.builtin.file:
path: /var/www/{{ item }}/public_html/
state: directory
mode: '0755'
owner: www-data
group: www-data
loop: "{{ domains }}"
- name: Deploy Nginx Configuration
ansible.builtin.copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
- name: Check for Active vhost Configurations
ansible.builtin.stat:
path: "/etc/nginx/sites-available/{{ item }}.conf"
register: nginx_configs
loop: "{{ domains }}"
- name: Deploy Non-SSL vHost Configurations
ansible.builtin.template:
src: vhost_config.j2
dest: "/etc/nginx/sites-available/{{ item.item }}.conf"
owner: root
group: root
when: not item.stat.exists
loop: "{{ nginx_configs.results }}"
- name: Create Configuration Symlinks
ansible.builtin.file:
src: "/etc/nginx/sites-available/{{ domains }}.conf"
dest: "/etc/nginx/sites-enabled/{{ domains }}.conf"
state: link
loop: "{{ domains }}"
- name: Reload Nginx
ansible.builtin.systemd:
name: nginx
state: reloaded
我希望对于“检查活动虚拟主机配置”,当它检查但没有找到新域的虚拟主机配置时,它只会为新域部署 vhost_config.j2。该文件是使用正确的文件名生成的,例如domain1.com.conf,但是该文件的内容包含列出的所有域名,而不仅仅是新域。
vhost_config.js 部署为 /etc/nginx/sites-available/domain1.com.conf
server {
root /var/www/['domain1.com', 'domain2.com', 'domain3.com', 'domain4.com', 'domain5.com', 'domain6.com']/public_html;
index index.html index.htm index.php;
server_name ['domain1.com', 'domain2.com', 'domain3.com', 'domain4.com', 'domain5.com', 'domain6.com'] www.['domain1.com', 'domain2.com', 'domain3.com', 'domain4.com', 'domain5.com', 'domain6.com'];
access_log /var/log/nginx/['domain1.com', 'domain2.com', 'domain3.com', 'domain4.com', 'domain5.com', 'domain6.com']_access.log;
error_log /var/log/nginx/['domain1.com', 'domain2.com', 'domain3.com', 'domain4.com', 'domain5.com', 'domain6.com']_error.log;
location / {
try_files $uri $uri/ =404;
}
}
除了上面发布的内容之外,我还尝试执行 for 循环,但我不知道如何告诉它使用“检查活动 Nginx 配置”的结果来仅部署域名作为内容对于 vhost_config.j2,它为每个域名生成一个。
例如:
用于domain1.com.conf和domain2.com.conf的vhost_config.j2
当游戏运行时,它应该创建两个文件domain1.com.conf和domain2.com.conf,每个文件都应该有{{domains}}或所需的变量,以便每个文件只打印一个新域名,因此domain1.conf。 com.conf 中应该只有domain1.com,没有其他域。
我正在使用 Ansible 版本 [core 2.15.12] 和 python 版本 3.9.2,并且部署到的主机使用 Ubuntu 24.04.1 LTS。
抱歉这么长的消息。如果我可以提供任何其他信息,请告诉我,感谢大家的时间和帮助!
据我目前了解您的示例,您可能需要更改模板文件,将
domains
与 item.item
交换。
一个最小的示例手册
---
- hosts: localhost
become: false
gather_facts: false
vars:
domains:
- example.org
- example.net
- example.com
tasks:
- name: Check for Active vhost Configurations
ansible.builtin.stat:
path: "{{ item }}.conf"
register: nginx_configs
loop: "{{ domains }}"
- debug:
var: nginx_configs.results
- name: Deploy Non-SSL vHost Configurations
debug:
msg: |
server {
root /var/www/{{ item.item }}/public_html;
index index.html index.htm index.php;
server_name {{ item.item }} www.{{ item.item }};
access_log /var/log/nginx/{{ item.item }}_access.log;
error_log /var/log/nginx/{{ item.item }}_error.log;
location / {
try_files $uri $uri/ =404;
}
}
when: not item.stat.exists
loop: "{{ nginx_configs.results }}"
loop_control:
label: "{{ item.item }}"
将产生
的输出TASK [Check for Active vhost Configurations] *************
ok: [localhost] => (item=example.org)
ok: [localhost] => (item=example.net)
ok: [localhost] => (item=example.com)
TASK [debug] *********************************************
ok: [localhost] =>
nginx_configs.results:
- ansible_loop_var: item
changed: false
failed: false
invocation:
module_args:
checksum_algorithm: sha1
follow: false
get_attributes: true
get_checksum: true
get_md5: false
get_mime: true
path: example.org.conf
item: example.org
stat:
exists: false
- ansible_loop_var: item
changed: false
failed: false
invocation:
module_args:
checksum_algorithm: sha1
follow: false
get_attributes: true
get_checksum: true
get_md5: false
get_mime: true
path: example.net.conf
item: example.net
stat:
exists: false
- ansible_loop_var: item
changed: false
failed: false
invocation:
module_args:
checksum_algorithm: sha1
follow: false
get_attributes: true
get_checksum: true
get_md5: false
get_mime: true
path: example.com.conf
item: example.com
stat:
exists: false
TASK [Deploy Non-SSL vHost Configurations] ***************
ok: [localhost] => (item=example.org) =>
msg: |-
server {
root /var/www/example.org/public_html;
index index.html index.htm index.php;
server_name example.org www.example.org;
access_log /var/log/nginx/example.org_access.log;
error_log /var/log/nginx/example.org_error.log;
location / {
try_files $uri $uri/ =404;
}
}
ok: [localhost] => (item=example.net) =>
msg: |-
server {
root /var/www/example.net/public_html;
index index.html index.htm index.php;
server_name example.net www.example.net;
access_log /var/log/nginx/example.net_access.log;
error_log /var/log/nginx/example.net_error.log;
location / {
try_files $uri $uri/ =404;
}
}
ok: [localhost] => (item=example.com) =>
msg: |-
server {
root /var/www/example.com/public_html;
index index.html index.htm index.php;
server_name example.com www.example.com;
access_log /var/log/nginx/example.com_access.log;
error_log /var/log/nginx/example.com_error.log;
location / {
try_files $uri $uri/ =404;
}
}