查看目录结构
[root@iZ23nvakegvZ nginx_v2]# tree
.
├── files
│ ├── nginx.crt
│ ├── nginx.key
├── hosts
├── templates
│ ├── index.html.j2
│ └── test.conf.j2
└── web-tls.yml
2 directories, 8 files
[root@iZ23nvakegvZ nginx_v2]#
查看nginx https playbook
[root@iZ23nvakegvZ nginx_v2]# cat web-tls.yml
- name: Configure webserver with nginx and tls
hosts: vpnserver
#hosts: web_test1
#sudo: True
vars:
key_file: /etc/nginx/ssl/nginx.key
cert_file: /etc/nginx/ssl/nginx.crt
conf_file: /etc/nginx/conf.d/test.conf
server_name: localhost
tasks:
- name: Install Nginx server
yum: name=nginx
- name: create directories for ssl certificates
file: path=/etc/nginx/ssl state=directory
- name: copy TLS key
copy: src=files/nginx.key dest={{ key_file }} owner=root mode=0600
notify: restart nginx
- name: copy TLS certificate
copy: src=files/nginx.crt dest={{ cert_file }}
notify: restart nginx
- name: copy nginx config file
template: src=templates/test.conf.j2 dest={{ conf_file }}
notify: restart nginx
- name: copy index.html
template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html
handlers:
- name: restart nginx
service: name=nginx state=restarted
[root@iZ23nvakegvZ nginx_v2]#
查看配置文件hosts
[root@iZ23nvakegvZ nginx_v2]# cat hosts
[web_test1]
web_test01 ansible_ssh_host=10.117.54.249
[root@iZ23nvakegvZ nginx_v2]#
查看template 模板文件
[root@iZ23nvakegvZ nginx_v2]# cat templates/index.html.j2
<html>
<head>
<title>Welcome to Ansible </title>
</head>
<body>
<h1>nginx, configured by Ansible </h1>
<p>If you can see this, Ansible successfully installed nginx.</p>
<p>{{ ansible_managed }}</p>
</body>
</html>
[root@iZ23nvakegvZ nginx_v2]# cat templates/test.conf.j2
server{
listen 80;
listen 443;
server_name {{ server_name }};
root /usr/share/nginx/html;
index index.php index.html;
ssl on;
ssl_certificate {{ cert_file }};
ssl_certificate_key {{ key_file }};
ssl_session_timeout 5m;SSSS
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/nginxtest.access.log main;
error_log /var/log/nginx/nginxtest.error.log warn;
location ~ /\.ht {
deny all;
}
}
[root@iZ23nvakegvZ nginx_v2]#
执行
[root@iZ23nvakegvZ nginx_v2]# ansible-playbook -i hosts web-tls.yml
See also