免費個人運維知識庫，歡迎您的訂閱：literator_ray.flowus.cn

一、核心功能描述

這個 Ansible Role 的核心功能是：?實現 ?IBM HTTP Server (IHS) 訪問日志的自動化監控分析。

1. ?環境自動化部署?

   • 依賴安裝?：自動安裝編譯工具鏈（gcc/automake等）及 Perl 環境

   • ?組件部署?：解壓 AWStats 主程序、配置模板和擴展插件（GeoIP/日志輪轉工具）

2. IHS 日志優化?

   • **日志格式重構：**啟用增強型日志格式（包含 User-Agent/Referer 等關鍵字段），集成 cronolog實現按天切割日志 (access_log.%Y%m%d)。

   • **虛擬主機配置：**動態生成虛擬主機配置（基于服務器 IP 和域名），映射 AWStats 資源路徑 (如 /awstatsclasses→ 程序目錄)。

3. 安全與權限控制?

   • **訪問認證：**生成 Basic 認證密碼文件 (awstats.passwd)，限制 /awstats路徑需認證訪問（預設賬號 admin）?

   • ?SELinux 適配?：自動設置上下文權限

4. ??智能配置管理

   • **動態配置生成：**基于主機名創建配置文件 (awstats.{{主機名}}.conf)，自動適配日志路徑 (access_log.%YYYY-24%MM-24%DD-24)。

   • 地理數據分析?：集成 GeoIP 組件實現訪問者地理位置追蹤。

5. 持續運維機制

   • 定時統計任務：每日 00:10 自動更新分析數據 (awstats_updateall.pl)。

   • 服務集成：自動重啟 IHS 服務 (ibmhttp) 及網絡服務生效配置。

可以根據自己的實際需求修改腳本

二、roles內容

2.1 文件結構

roles/awstats/
|-- files
|   |-- awstats_conf.sh
|   |-- awstats-conf.tgz
|   |-- awstats-pack.tgz
|   |-- awstats.tgz
|   `-- URI-1.36.tar.gz
|-- tasks
|   |-- awstats_config.yml
|   |-- chcon.yml
|   |-- chown.yml
|   |-- cron.yml
|   |-- directory.yml
|   |-- group.yml
|   |-- htpasswd.yml
|   |-- httpd_config.yml
|   |-- main.yml
|   |-- make.yml
|   |-- service.yml
|   |-- unarchive.yml
|   |-- user.yml
|   `-- yum.yml
`-- templates|-- all-hosts.j2`-- awstats.example.conf.j23 directories, 21 files

2.2 主配置文件

---
- hosts: allremote_user: rootserial: 2roles:- awstats

2.3 tasks文件內容

• main.yml

[root@ansible ansible]# cat roles/awstats/tasks/main.yml
- include: yum.yml
- include: unarchive.yml
- include: group.yml
- include: user.yml
- include: chown.yml
- include: directory.yml
- include: make.yml
- include: httpd_config.yml
- include: htpasswd.yml
- include: awstats_config.yml
- include: cron.yml
- include: chcon.yml
- include: service.yml

• include: yum.yml

- name: install pkgyum: name={{ item }} state=presentloop:- gcc- automake- autoconf- libtool- make- zlib-devel- perl-ExtUtils-CBuilder- perl-ExtUtils-MakeMaker- cpan

• include: unarchive.yml

- name: unarchive awstats pkgunarchive: src={{ item.src }} dest={{ item.dest }}loop:- { src: 'awstats.tgz', dest: '/usr/local/' }- { src: 'awstats-conf.tgz', dest: '/etc/' }- { src: 'awstats-pack.tgz', dest: '/root/'}- { src: 'URI-1.36.tar.gz', dest: '/root/' }- name: unarchive remote_host pkgunarchive: src={{ item.src }} dest={{ item.dest }} copy=noloop:- { src: '/root/awstats-pack/GeoIP.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/Geo-IP-1.38.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/Geo-IPfree-0.6.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/cronolog-1.6.2.tar.gz', dest: '/root/awstats-pack/' }

• include: group.yml

- name: create groupgroup: name=was system=yes

• include: user.yml

- name: create useruser: name=was group=was system=yes state=present

• include: chown.yml

- name: change permissionfile: path=/usr/local/awstats owner=was group=was recurse=yes
- name: chmod 755 logs directoryfile: path=/opt/IBM/HTTPServer/logs mode=0755

• include: directory.yml

- name: create directoryfile: path=/var/lib/awstats state=directory owner=was group=was

• include: make.yml

- name: perl makefile add configshell: chdir=/root/awstats-pack/Geo-IP-1.38 perl Makefile.PL LIBS='-L/usr/local/lib' INC='-I/usr/local/include'
- name: perl makefileshell: chdir={{ item }} perl Makefile.PLloop:- /root/awstats-pack/Geo-IPfree-0.6- /root/URI-1.36
- name: configureshell: chdir={{ item }} ./configureloop:- /root/awstats-pack/cronolog-1.6.2- /root/awstats-pack/GeoIP-1.4.6  
- name: make && make installshell: chdir={{ item }} make -j `lscpu | awk '/^CPU\(s\)/{print$2}'` && make installloop:- /root/awstats-pack/cronolog-1.6.2- /root/awstats-pack/GeoIP-1.4.6- /root/awstats-pack/Geo-IP-1.38- /root/awstats-pack/Geo-IPfree-0.6- /root/URI-1.36

• include: httpd_config.yml

- name: edit httpd.conf configreplace: path=/opt/IBM/HTTPServer/conf/httpd.conf regexp={{ item.src }} replace={{ item.dest }}loop:- { src: '^(CustomLog logs/access_log common)', dest: '#\1' }- { src: '^(LogFormat "%{User-agent}i" agent)', dest: '\1\nLogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" all\nCustomLog "|/usr/local/sbin/cronolog /opt/IBM/HTTPServer/logs/access_log.%Y%m%d" all'}  
- name: write awstats config end of httpd.confscript: awstats_conf.sh

• include: htpasswd.yml

- name: create htpasswdshell: chdir=/opt/IBM/HTTPServer/bin/ ./htpasswd -b /usr/local/awstats/wwwroot/cgi-bin/awstats.passwd admin longser*
- name: copy htpasswdcopy: src=/usr/local/awstats/wwwroot/cgi-bin/awstats.passwd dest=/etc/awstats/awstats.passwd remote_src=yes

• include: awstats_config.yml

- name: template config to remote all-hoststemplate: src=all-hosts.j2 dest=/etc/awstats/all-hosts- name: template config to remote awstats.xxx.conftemplate: src=awstats.example.conf.j2 dest=/etc/awstats/awstats.{{ ansible_facts.hostname }}.conf- name: edit awstats.all.conf LogFilereplace: path=/etc/awstats/awstats.all.conf regexp='^(LogFile=).*' replace='\1"/opt/IBM/HTTPServer/logs/access_log.%YYYY-24%MM-24%DD-24"'- name: delete default templatefile: path={{ item }} state=absentloop:- /etc/awstats/awstats.ghtj.conf- /etc/awstats/awstats.ghtjpx.conf

• include: cron.yml

- name: awstats croncron: minute=10 hour=0 job='/usr/local/awstats/wwwroot/cgi-bin/awstats_updateall.pl now' user=was name=awstats disabled=no

• include: chcon.yml

- name: because open selinux ,so need set chconshell: chdir=/root {{ item }}loop:- chcon -R -u system_u /etc/awstats- chcon -R -u system_u /usr/local/awstats- chcon -R -u system_u -t httpd_sys_content_t /usr/local/awstats/wwwroot- chcon -R -t httpd_sys_script_exec_t /usr/local/awstats/wwwroot/cgi-bin/*.pl- chcon -R -u system_u -t httpd_sys_content_t /var/lib/awstats/

• include: service.yml

- name: restart serviceservice: name={{ item }} state=restartedloop:- ibmhttp- network

三、files文件內容

• awstats_conf.sh

#!/bin/bashIP=`ifconfig eth0 | awk '/netmask/{print$2}'`
DOMAIN=`hostname`.bjzgh12351.orgcat >> /opt/IBM/HTTPServer/conf/httpd.conf <<EOF
NameVirtualHost $IP:80
<VirtualHost $IP:80>ServerName aw$DOMAINAlias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"Alias /awstatscss "/usr/local/awstats/wwwroot/css/"Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"Alias /js "/usr/local/awstats/wwwroot/js/"ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"<Directory "/usr/local/awstats/wwwroot">Options NoneAllowOverride NoneOrder deny,allowDeny from allAllow from all</Directory><Directory "/usr/local/awstats/wwwroot/cgi-bin">AuthName "AWStats Authorization"AuthType BasicAuthUserFile /etc/awstats/awstats.passwdrequire valid-user</Directory>
</VirtualHost>

四、關鍵價值

• ?開箱即用?：全流程自動化部署，無需人工干預

• ?深度集成?：無縫適配 IHS 日志體系，保留企業級特性

• ?安全可視?：通過 https://服務器IP/awstats/awstats.pl訪問加密統計面板

• ?生產就緒?：內置日志切割、定時任務、SELinux 加固等運維關鍵能力

---

如果你不請什么是ansible中的角色，動動你的小手，跳轉過去看看唄“roles角色”

請不要以此視為定論，這只是我的個人經驗