文章目录
- 一、核心功能描述
- 二、roles内容
-
- [2.1 文件结构](#2.1 文件结构)
- [2.2 主配置文件](#2.2 主配置文件)
- [2.3 tasks文件内容](#2.3 tasks文件内容)
- 三、files文件内容
- 四、关键价值
免费个人运维知识库,欢迎您的订阅:literator_ray.flowus.cn
一、核心功能描述
这个 Ansible Role 的核心功能是:实现 IBM HTTP Server (IHS) 访问日志的自动化监控分析。
-
环境自动化部署
-
依赖安装:自动安装编译工具链(gcc/automake等)及 Perl 环境
-
组件部署:解压 AWStats 主程序、配置模板和扩展插件(GeoIP/日志轮转工具)
-
-
IHS 日志优化
-
**日志格式重构:**启用增强型日志格式(包含 User-Agent/Referer 等关键字段),集成
cronolog实现按天切割日志 (access_log.%Y%m%d)。 -
**虚拟主机配置:**动态生成虚拟主机配置(基于服务器 IP 和域名),映射 AWStats 资源路径 (如
/awstatsclasses→ 程序目录)。
-
-
安全与权限控制
-
**访问认证:**生成 Basic 认证密码文件 (
awstats.passwd),限制/awstats路径需认证访问(预设账号admin) -
SELinux 适配:自动设置上下文权限
-
-
智能配置管理
-
**动态配置生成:**基于主机名创建配置文件 (
awstats.{``{主机名}}.conf),自动适配日志路径 (access_log.%YYYY-24%MM-24%DD-24)。 -
地理数据分析:集成 GeoIP 组件实现访问者地理位置追踪。
-
-
持续运维机制
-
定时统计任务 :每日 00:10 自动更新分析数据 (
awstats_updateall.pl)。 -
服务集成 :自动重启 IHS 服务 (
ibmhttp) 及网络服务生效配置。
-
可以根据自己的实际需求修改脚本
二、roles内容
2.1 文件结构
YAML
roles/awstats/
|-- files
| |-- awstats_conf.sh
| |-- awstats-conf.tgz
| |-- awstats-pack.tgz
| |-- awstats.tgz
| `-- URI-1.36.tar.gz
|-- tasks
| |-- awstats_config.yml
| |-- chcon.yml
| |-- chown.yml
| |-- cron.yml
| |-- directory.yml
| |-- group.yml
| |-- htpasswd.yml
| |-- httpd_config.yml
| |-- main.yml
| |-- make.yml
| |-- service.yml
| |-- unarchive.yml
| |-- user.yml
| `-- yum.yml
`-- templates
|-- all-hosts.j2
`-- awstats.example.conf.j2
3 directories, 21 files2.2 主配置文件
YAML
---
- hosts: all
remote_user: root
serial: 2
roles:
- awstats2.3 tasks文件内容
- main.yml
YAML
[root@ansible ansible]# cat roles/awstats/tasks/main.yml
- include: yum.yml
- include: unarchive.yml
- include: group.yml
- include: user.yml
- include: chown.yml
- include: directory.yml
- include: make.yml
- include: httpd_config.yml
- include: htpasswd.yml
- include: awstats_config.yml
- include: cron.yml
- include: chcon.yml
- include: service.yml- include: yum.yml
YAML
- name: install pkg
yum: name={{ item }} state=present
loop:
- gcc
- automake
- autoconf
- libtool
- make
- zlib-devel
- perl-ExtUtils-CBuilder
- perl-ExtUtils-MakeMaker
- cpan- include: unarchive.yml
YAML
- name: unarchive awstats pkg
unarchive: src={{ item.src }} dest={{ item.dest }}
loop:
- { src: 'awstats.tgz', dest: '/usr/local/' }
- { src: 'awstats-conf.tgz', dest: '/etc/' }
- { src: 'awstats-pack.tgz', dest: '/root/'}
- { src: 'URI-1.36.tar.gz', dest: '/root/' }
- name: unarchive remote_host pkg
unarchive: src={{ item.src }} dest={{ item.dest }} copy=no
loop:
- { src: '/root/awstats-pack/GeoIP.tar.gz', dest: '/root/awstats-pack/' }
- { src: '/root/awstats-pack/Geo-IP-1.38.tar.gz', dest: '/root/awstats-pack/' }
- { src: '/root/awstats-pack/Geo-IPfree-0.6.tar.gz', dest: '/root/awstats-pack/' }
- { src: '/root/awstats-pack/cronolog-1.6.2.tar.gz', dest: '/root/awstats-pack/' }- include: group.yml
YAML
- name: create group
group: name=was system=yes- include: user.yml
YAML
- name: create user
user: name=was group=was system=yes state=present- include: chown.yml
Shell
- name: change permission
file: path=/usr/local/awstats owner=was group=was recurse=yes
- name: chmod 755 logs directory
file: path=/opt/IBM/HTTPServer/logs mode=0755- include: directory.yml
YAML
- name: create directory
file: path=/var/lib/awstats state=directory owner=was group=was- include: make.yml
YAML
- name: perl makefile add config
shell: chdir=/root/awstats-pack/Geo-IP-1.38 perl Makefile.PL LIBS='-L/usr/local/lib' INC='-I/usr/local/include'
- name: perl makefile
shell: chdir={{ item }} perl Makefile.PL
loop:
- /root/awstats-pack/Geo-IPfree-0.6
- /root/URI-1.36
- name: configure
shell: chdir={{ item }} ./configure
loop:
- /root/awstats-pack/cronolog-1.6.2
- /root/awstats-pack/GeoIP-1.4.6
- name: make && make install
shell: chdir={{ item }} make -j `lscpu | awk '/^CPU\(s\)/{print$2}'` && make install
loop:
- /root/awstats-pack/cronolog-1.6.2
- /root/awstats-pack/GeoIP-1.4.6
- /root/awstats-pack/Geo-IP-1.38
- /root/awstats-pack/Geo-IPfree-0.6
- /root/URI-1.36- include: httpd_config.yml
YAML
- name: edit httpd.conf config
replace: path=/opt/IBM/HTTPServer/conf/httpd.conf regexp={{ item.src }} replace={{ item.dest }}
loop:
- { src: '^(CustomLog logs/access_log common)', dest: '#\1' }
- { src: '^(LogFormat "%{User-agent}i" agent)', dest: '\1\nLogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" all\nCustomLog "|/usr/local/sbin/cronolog /opt/IBM/HTTPServer/logs/access_log.%Y%m%d" all'}
- name: write awstats config end of httpd.conf
script: awstats_conf.sh- include: htpasswd.yml
YAML
- name: create htpasswd
shell: chdir=/opt/IBM/HTTPServer/bin/ ./htpasswd -b /usr/local/awstats/wwwroot/cgi-bin/awstats.passwd admin longser*
- name: copy htpasswd
copy: src=/usr/local/awstats/wwwroot/cgi-bin/awstats.passwd dest=/etc/awstats/awstats.passwd remote_src=yes- include: awstats_config.yml
YAML
- name: template config to remote all-hosts
template: src=all-hosts.j2 dest=/etc/awstats/all-hosts
- name: template config to remote awstats.xxx.conf
template: src=awstats.example.conf.j2 dest=/etc/awstats/awstats.{{ ansible_facts.hostname }}.conf
- name: edit awstats.all.conf LogFile
replace: path=/etc/awstats/awstats.all.conf regexp='^(LogFile=).*' replace='\1"/opt/IBM/HTTPServer/logs/access_log.%YYYY-24%MM-24%DD-24"'
- name: delete default template
file: path={{ item }} state=absent
loop:
- /etc/awstats/awstats.ghtj.conf
- /etc/awstats/awstats.ghtjpx.conf- include: cron.yml
YAML
- name: awstats cron
cron: minute=10 hour=0 job='/usr/local/awstats/wwwroot/cgi-bin/awstats_updateall.pl now' user=was name=awstats disabled=no- include: chcon.yml
YAML
- name: because open selinux ,so need set chcon
shell: chdir=/root {{ item }}
loop:
- chcon -R -u system_u /etc/awstats
- chcon -R -u system_u /usr/local/awstats
- chcon -R -u system_u -t httpd_sys_content_t /usr/local/awstats/wwwroot
- chcon -R -t httpd_sys_script_exec_t /usr/local/awstats/wwwroot/cgi-bin/*.pl
- chcon -R -u system_u -t httpd_sys_content_t /var/lib/awstats/- include: service.yml
YAML
- name: restart service
service: name={{ item }} state=restarted
loop:
- ibmhttp
- network三、files文件内容
- awstats_conf.sh
Shell
#!/bin/bash
IP=`ifconfig eth0 | awk '/netmask/{print$2}'`
DOMAIN=`hostname`.bjzgh12351.org
cat >> /opt/IBM/HTTPServer/conf/httpd.conf <<EOF
NameVirtualHost $IP:80
<VirtualHost $IP:80>
ServerName aw$DOMAIN
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
Alias /js "/usr/local/awstats/wwwroot/js/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Order deny,allow
Deny from all
Allow from all
</Directory>
<Directory "/usr/local/awstats/wwwroot/cgi-bin">
AuthName "AWStats Authorization"
AuthType Basic
AuthUserFile /etc/awstats/awstats.passwd
require valid-user
</Directory>
</VirtualHost>四、关键价值
-
开箱即用:全流程自动化部署,无需人工干预
-
深度集成:无缝适配 IHS 日志体系,保留企业级特性
-
安全可视 :通过
https://服务器IP/awstats/awstats.pl访问加密统计面板 -
生产就绪:内置日志切割、定时任务、SELinux 加固等运维关键能力
如果你不请什么是ansible中的角色,动动你的小手,跳转过去看看呗"roles角色"
请不要以此视为定论,这只是我的个人经验