免费个人运维知识库，欢迎您的订阅：literator_ray.flowus.cn

一、核心功能描述

这个 Ansible Role 的核心功能是：​实现 ​IBM HTTP Server (IHS) 访问日志的自动化监控分析。

1. ​环境自动化部署​

   • 依赖安装​：自动安装编译工具链（gcc/automake等）及 Perl 环境

   • ​组件部署​：解压 AWStats 主程序、配置模板和扩展插件（GeoIP/日志轮转工具）

2. IHS 日志优化​

   • **日志格式重构：**启用增强型日志格式（包含 User-Agent/Referer 等关键字段），集成 cronolog实现按天切割日志 (access_log.%Y%m%d)。

   • **虚拟主机配置：**动态生成虚拟主机配置（基于服务器 IP 和域名），映射 AWStats 资源路径 (如 /awstatsclasses→ 程序目录)。

3. 安全与权限控制​

   • **访问认证：**生成 Basic 认证密码文件 (awstats.passwd)，限制 /awstats路径需认证访问（预设账号 admin）​

   • ​SELinux 适配​：自动设置上下文权限

4. ​​智能配置管理

   • **动态配置生成：**基于主机名创建配置文件 (awstats.{{主机名}}.conf)，自动适配日志路径 (access_log.%YYYY-24%MM-24%DD-24)。

   • 地理数据分析​：集成 GeoIP 组件实现访问者地理位置追踪。

5. 持续运维机制

   • 定时统计任务：每日 00:10 自动更新分析数据 (awstats_updateall.pl)。

   • 服务集成：自动重启 IHS 服务 (ibmhttp) 及网络服务生效配置。

可以根据自己的实际需求修改脚本

二、roles内容

2.1 文件结构

roles/awstats/
|-- files
|   |-- awstats_conf.sh
|   |-- awstats-conf.tgz
|   |-- awstats-pack.tgz
|   |-- awstats.tgz
|   `-- URI-1.36.tar.gz
|-- tasks
|   |-- awstats_config.yml
|   |-- chcon.yml
|   |-- chown.yml
|   |-- cron.yml
|   |-- directory.yml
|   |-- group.yml
|   |-- htpasswd.yml
|   |-- httpd_config.yml
|   |-- main.yml
|   |-- make.yml
|   |-- service.yml
|   |-- unarchive.yml
|   |-- user.yml
|   `-- yum.yml
`-- templates|-- all-hosts.j2`-- awstats.example.conf.j23 directories, 21 files

2.2 主配置文件

---
- hosts: allremote_user: rootserial: 2roles:- awstats

2.3 tasks文件内容

• main.yml

[root@ansible ansible]# cat roles/awstats/tasks/main.yml
- include: yum.yml
- include: unarchive.yml
- include: group.yml
- include: user.yml
- include: chown.yml
- include: directory.yml
- include: make.yml
- include: httpd_config.yml
- include: htpasswd.yml
- include: awstats_config.yml
- include: cron.yml
- include: chcon.yml
- include: service.yml

• include: yum.yml

- name: install pkgyum: name={{ item }} state=presentloop:- gcc- automake- autoconf- libtool- make- zlib-devel- perl-ExtUtils-CBuilder- perl-ExtUtils-MakeMaker- cpan

• include: unarchive.yml

- name: unarchive awstats pkgunarchive: src={{ item.src }} dest={{ item.dest }}loop:- { src: 'awstats.tgz', dest: '/usr/local/' }- { src: 'awstats-conf.tgz', dest: '/etc/' }- { src: 'awstats-pack.tgz', dest: '/root/'}- { src: 'URI-1.36.tar.gz', dest: '/root/' }- name: unarchive remote_host pkgunarchive: src={{ item.src }} dest={{ item.dest }} copy=noloop:- { src: '/root/awstats-pack/GeoIP.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/Geo-IP-1.38.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/Geo-IPfree-0.6.tar.gz', dest: '/root/awstats-pack/' }- { src: '/root/awstats-pack/cronolog-1.6.2.tar.gz', dest: '/root/awstats-pack/' }

• include: group.yml

- name: create groupgroup: name=was system=yes

• include: user.yml

- name: create useruser: name=was group=was system=yes state=present

• include: chown.yml

- name: change permissionfile: path=/usr/local/awstats owner=was group=was recurse=yes
- name: chmod 755 logs directoryfile: path=/opt/IBM/HTTPServer/logs mode=0755

• include: directory.yml

- name: create directoryfile: path=/var/lib/awstats state=directory owner=was group=was

• include: make.yml

- name: perl makefile add configshell: chdir=/root/awstats-pack/Geo-IP-1.38 perl Makefile.PL LIBS='-L/usr/local/lib' INC='-I/usr/local/include'
- name: perl makefileshell: chdir={{ item }} perl Makefile.PLloop:- /root/awstats-pack/Geo-IPfree-0.6- /root/URI-1.36
- name: configureshell: chdir={{ item }} ./configureloop:- /root/awstats-pack/cronolog-1.6.2- /root/awstats-pack/GeoIP-1.4.6  
- name: make && make installshell: chdir={{ item }} make -j `lscpu | awk '/^CPU\(s\)/{print$2}'` && make installloop:- /root/awstats-pack/cronolog-1.6.2- /root/awstats-pack/GeoIP-1.4.6- /root/awstats-pack/Geo-IP-1.38- /root/awstats-pack/Geo-IPfree-0.6- /root/URI-1.36

• include: httpd_config.yml

- name: edit httpd.conf configreplace: path=/opt/IBM/HTTPServer/conf/httpd.conf regexp={{ item.src }} replace={{ item.dest }}loop:- { src: '^(CustomLog logs/access_log common)', dest: '#\1' }- { src: '^(LogFormat "%{User-agent}i" agent)', dest: '\1\nLogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" all\nCustomLog "|/usr/local/sbin/cronolog /opt/IBM/HTTPServer/logs/access_log.%Y%m%d" all'}  
- name: write awstats config end of httpd.confscript: awstats_conf.sh

• include: htpasswd.yml

- name: create htpasswdshell: chdir=/opt/IBM/HTTPServer/bin/ ./htpasswd -b /usr/local/awstats/wwwroot/cgi-bin/awstats.passwd admin longser*
- name: copy htpasswdcopy: src=/usr/local/awstats/wwwroot/cgi-bin/awstats.passwd dest=/etc/awstats/awstats.passwd remote_src=yes

• include: awstats_config.yml

- name: template config to remote all-hoststemplate: src=all-hosts.j2 dest=/etc/awstats/all-hosts- name: template config to remote awstats.xxx.conftemplate: src=awstats.example.conf.j2 dest=/etc/awstats/awstats.{{ ansible_facts.hostname }}.conf- name: edit awstats.all.conf LogFilereplace: path=/etc/awstats/awstats.all.conf regexp='^(LogFile=).*' replace='\1"/opt/IBM/HTTPServer/logs/access_log.%YYYY-24%MM-24%DD-24"'- name: delete default templatefile: path={{ item }} state=absentloop:- /etc/awstats/awstats.ghtj.conf- /etc/awstats/awstats.ghtjpx.conf

• include: cron.yml

- name: awstats croncron: minute=10 hour=0 job='/usr/local/awstats/wwwroot/cgi-bin/awstats_updateall.pl now' user=was name=awstats disabled=no

• include: chcon.yml

- name: because open selinux ,so need set chconshell: chdir=/root {{ item }}loop:- chcon -R -u system_u /etc/awstats- chcon -R -u system_u /usr/local/awstats- chcon -R -u system_u -t httpd_sys_content_t /usr/local/awstats/wwwroot- chcon -R -t httpd_sys_script_exec_t /usr/local/awstats/wwwroot/cgi-bin/*.pl- chcon -R -u system_u -t httpd_sys_content_t /var/lib/awstats/

• include: service.yml

- name: restart serviceservice: name={{ item }} state=restartedloop:- ibmhttp- network

三、files文件内容

• awstats_conf.sh

#!/bin/bashIP=`ifconfig eth0 | awk '/netmask/{print$2}'`
DOMAIN=`hostname`.bjzgh12351.orgcat >> /opt/IBM/HTTPServer/conf/httpd.conf <<EOF
NameVirtualHost $IP:80
<VirtualHost $IP:80>ServerName aw$DOMAINAlias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"Alias /awstatscss "/usr/local/awstats/wwwroot/css/"Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"Alias /js "/usr/local/awstats/wwwroot/js/"ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"<Directory "/usr/local/awstats/wwwroot">Options NoneAllowOverride NoneOrder deny,allowDeny from allAllow from all</Directory><Directory "/usr/local/awstats/wwwroot/cgi-bin">AuthName "AWStats Authorization"AuthType BasicAuthUserFile /etc/awstats/awstats.passwdrequire valid-user</Directory>
</VirtualHost>

四、关键价值

• ​开箱即用​：全流程自动化部署，无需人工干预

• ​深度集成​：无缝适配 IHS 日志体系，保留企业级特性

• ​安全可视​：通过 https://服务器IP/awstats/awstats.pl访问加密统计面板

• ​生产就绪​：内置日志切割、定时任务、SELinux 加固等运维关键能力

---

如果你不请什么是ansible中的角色，动动你的小手，跳转过去看看呗“roles角色”

请不要以此视为定论，这只是我的个人经验