我使用 Ansible Galaxy 直接从 Github 安装了 Nginxinc 的 Ansible 角色,但我没有直接在 playbook 中进行日志记录。我尝试了几种方法来使我的自定义日志记录格式正常工作,但所有这些都失败了,日志文件的名称和格式仍然与我的自定义格式不同。 这是我的剧本,经过简化:
- name: Install NGINX and configure a simple reverse proxy in front of a web server
hosts: "{{ host }}"
become: true
collections:
- nginxinc.nginx_core
tasks:
- name: Install NGINX
include_role:
name: nginx
- name: Configure NGINX
include_role:
name: nginx_config
vars:
nginx_config_http_template_enable: true
log: # Configure logs
format:
- name: main
escape: default
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'
access:
- path: /var/log/nginx/reverse-access.log
format: main
if: $loggable
error:
file: /var/log/nginx/reverse-error.log
level: notice
format: main
nginx_config_http_template:
- template_file: http/default.conf.j2
deployment_location: /etc/nginx/conf.d/default.conf
config:
upstreams:
- name: upstr
least_conn: true
servers:
- address: 0.0.0.0:8089
servers:
- core:
listen ssl http2:
- port: 443
ssl_certificate: /etc/letsencrypt/live/service.company.com/fullchain.pem
ssl_certificate_key: /etc/letsencrypt/live/service.company.com/privkey.pem
locations:
- location: /bladash_test/dashboard_test
我错过了什么?我非常感谢任何提示!
我尝试了几个地方和地点,比如上面提到的剧本和模板中,但似乎没有任何效果。 我希望我的自定义日志记录格式和日志文件名称能够按照上面的代码中所述工作。
编辑:
再次深入研究后,我刚刚找到了配置日志记录的默认文件(至少在这个分子示例中):https://github.com/nginxinc/ansible-role-nginx-config/blob/main /分子/common/files/nginx.conf 我可以在哪里覆盖它?非常感谢!
并在模板中
Ansible 角色 专为可重用性而设计 - 这是他们的主要目标。可重写的变量在
defaults# ...
# Enable creating dynamic templated NGINX HTTP configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each dictionary in the top level list/array represents a new configuration file.
# Unless otherwise noted, all variables are *strings* and *optional* (*required* values inside a dictionary are only required if the top level variable is defined).
# Most (not all) of these directives can also be used under the 'server' and 'location' contexts, as briefly seen at the end of the below dictionary.
nginx_config_http_template_enable: false
nginx_config_http_template:
- template_file: http/default.conf.j2
deployment_location: /etc/nginx/conf.d/default.conf
backup: true
config:
# ...
log: # Configure logs
format: # Available only in the 'http' context
- name: main # Required
escape: default # Can be set to 'default', 'json' or 'none'
format: | # Required
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
基于此,您的示例中存在以下错误:
lognginx_config_http_template[0].configlisten ssl http2ssl_certificatessl_certificate_keylistensslhttp2proxygrpc所以,像这样的东西应该可以工作 - 至少从角色配置的角度来看它是有效的(不确定 NGINX 本身)。我还删除了未根据评论标记为所需的键:
---
- name: Converge
hosts: all
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
vars:
nginx_config_http_template_enable: true
nginx_config_http_template:
- config:
upstreams:
- name: upstr
least_conn: true
servers:
- address: 0.0.0.0:8089
servers:
- core:
listen:
- port: 443
ssl:
certificate: /etc/letsencrypt/live/service.company.com/fullchain.pem
certificate_key: /etc/letsencrypt/live/service.company.com/privkey.pem
locations:
- location: /bladash_test/dashboard_test
log:
format:
- name: main
escape: default
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer"'
'"$http_user_agent" "$http_x_forwarded_for"'
access:
- path: /var/log/nginx/reverse-access.log
format: main
if: $loggable
error:
file: /var/log/nginx/reverse-error.log
level: notice
format: main