我使用 Ansible Galaxy 直接从 Github 安装了 Nginxinc 的 Ansible 角色,但我没有直接在 playbook 中进行日志记录。我尝试了几种方法来使我的自定义日志记录格式正常工作,但所有这些都失败了,日志文件的名称和格式仍然与我的自定义格式不同。 这是我的剧本,经过简化:
- name: Install NGINX and configure a simple reverse proxy in front of a web server
hosts: "{{ host }}"
become: true
collections:
- nginxinc.nginx_core
tasks:
- name: Install NGINX
include_role:
name: nginx
- name: Configure NGINX
include_role:
name: nginx_config
vars:
nginx_config_http_template_enable: true
log: # Configure logs
format:
- name: main
escape: default
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'
access:
- path: /var/log/nginx/reverse-access.log
format: main
if: $loggable
error:
file: /var/log/nginx/reverse-error.log
level: notice
format: main
nginx_config_http_template:
- template_file: http/default.conf.j2
deployment_location: /etc/nginx/conf.d/default.conf
config:
upstreams:
- name: upstr
least_conn: true
servers:
- address: 0.0.0.0:8089
servers:
- core:
listen ssl http2:
- port: 443
ssl_certificate: /etc/letsencrypt/live/service.company.com/fullchain.pem
ssl_certificate_key: /etc/letsencrypt/live/service.company.com/privkey.pem
locations:
- location: /bladash_test/dashboard_test
我错过了什么?我非常感谢任何提示!
我尝试了几个地方和地点,比如上面提到的剧本和模板中,但似乎没有任何效果。 我希望我的自定义日志记录格式和日志文件名称能够按照上面的代码中所述工作。
编辑:
再次深入研究后,我刚刚找到了配置日志记录的默认文件(至少在这个分子示例中):https://github.com/nginxinc/ansible-role-nginx-config/blob/main /分子/common/files/nginx.conf 我可以在哪里覆盖它?非常感谢!
并在模板中
Ansible 角色 专为可重用性而设计 - 这是他们的主要目标。可重写的变量在
defaults
文件夹中定义(也在角色的 README 文件中说明)。通常,除了这些变量之外,您无需更改任何内容即可配置角色。例如,您可以在那里找到:
# ...
# Enable creating dynamic templated NGINX HTTP configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each dictionary in the top level list/array represents a new configuration file.
# Unless otherwise noted, all variables are *strings* and *optional* (*required* values inside a dictionary are only required if the top level variable is defined).
# Most (not all) of these directives can also be used under the 'server' and 'location' contexts, as briefly seen at the end of the below dictionary.
nginx_config_http_template_enable: false
nginx_config_http_template:
- template_file: http/default.conf.j2
deployment_location: /etc/nginx/conf.d/default.conf
backup: true
config:
# ...
log: # Configure logs
format: # Available only in the 'http' context
- name: main # Required
escape: default # Can be set to 'default', 'json' or 'none'
format: | # Required
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
基于此,您的示例中存在以下错误:
log
字典 - 它应该被定义为 nginx_config_http_template[0].config
字典中的键;listen ssl http2
不是有效密钥。这可能只是一个复制粘贴问题,但仍然 - ssl_certificate
和 ssl_certificate_key
不是任何 listen
、ssl
或 http2
字典的键 - 它们可能属于 proxy
或 grpc
.所以,像这样的东西应该可以工作 - 至少从角色配置的角度来看它是有效的(不确定 NGINX 本身)。我还删除了未根据评论标记为所需的键:
---
- name: Converge
hosts: all
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
vars:
nginx_config_http_template_enable: true
nginx_config_http_template:
- config:
upstreams:
- name: upstr
least_conn: true
servers:
- address: 0.0.0.0:8089
servers:
- core:
listen:
- port: 443
ssl:
certificate: /etc/letsencrypt/live/service.company.com/fullchain.pem
certificate_key: /etc/letsencrypt/live/service.company.com/privkey.pem
locations:
- location: /bladash_test/dashboard_test
log:
format:
- name: main
escape: default
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'
access:
- path: /var/log/nginx/reverse-access.log
format: main
if: $loggable
error:
file: /var/log/nginx/reverse-error.log
level: notice
format: main