saltstack之nginx、php的配置
saltstack为nginx提供状态配置
1、创建nginx配置需要的目录
mkdir /srv/salt/prod/nginx mkdir /srv/salt/prod/nginx/files
2、将需要用到的nginx的源码包、启动脚本以及配置文件提供到files文件中
[root@node1 nginx]# ll files/ total 824 -rw-r--r-- 1 root root 833473 Oct 11 15:51 nginx-1.8.1.tar.gz -rw-r--r-- 1 root root 1012 Oct 11 15:52 nginx.conf -rwxr-xr-x 1 root root 2687 Oct 11 14:53 nginx.init
3、编写nginx安装的配置文件,并将nginx启动脚本添加到系统服务
[root@node1 nginx]# cat install.sls include: - pkg.pkg-init nginx-install: file.managed: - name: /usr/local/src/nginx-1.8.1.tar.gz - source: salt://nginx/files/nginx-1.8.1.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: useradd -M -s /sbin/nologin nginx && cd /usr/local/src && tar xf nginx-1.8.1.tar.gz && cd nginx-1.8.1 && yum install libxslt-devel -y gd gd-devel GeoIP GeoIP-devel pcre pcre-devel && ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module && make && make install && chown -R nginx:nginx /usr/local/nginx/ - unless: test -d /usr/local/nginx - require: - pkg: pkg-init - file: /usr/local/src/nginx-1.8.1.tar.gz nginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://nginx/files/nginx.init - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list|grep nginx - require: - file: /etc/init.d/nginx
执行nginx安装配置文件:
salt 'node1' state.sls nginx.install saltenv=prod
当然可以将上述的install.sls中的几个部分分割开:
1、nginx服务的用户,可以自定义nginx-user.sls
nginx-user-group: group.present: - name: nginx - gid: 1000 user.present: - name: nginx - fullname: nginx - shell: /sbin/nologin - uid: 1000 - gid: 1000
2、编译nginx安装时需要依赖的包
nginx-require: pkg.installed: - names: - libxslt-devel - gd - gd-devel - GeoIP - GeoIP-devel - pcre - pcre-devel
4、nginx安装完成后,需要给nginx提供配置文件,并将nginx服务开启
[root@node1 nginx]# cat service.sls include: - nginx.install /usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://nginx/files/nginx.conf - user: nginx - group: nginx - mode: 644 nginx-service: file.directory: - name: /usr/local/nginx/conf/vhost - require: - file: nginx-install service.running: - name: nginx - enable: True - reload: True - require: - file: /etc/init.d/nginx - cmd: nginx-init - watch: - file: /usr/local/nginx/conf/nginx.conf
执行整个nginx项目配置文件
salt 'node1' state.sls nginx.service saltenv=prod
nginx框架图:
[root@node1 nginx]# tree . ├── files │ ├── nginx-1.8.1.tar.gz │ ├── nginx.conf │ └── nginx.init ├── install.sls └── service.sls
将nginx项目整合到base环境的top.sls文件中:
[root@node1 base]# cat top.sls base: '*': - init.env_init prod: '*': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived - nginx.service
nginx的配置文件如下:
[root@node1 nginx]# cat files/nginx.conf user nginx; worker_processes 1; error_log logs/error.log error; pid logs/nginx.pid; worker_rlimit_nofile 30000; events { worker_connections 1024; use epoll; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; sendfile on; tcp_nopush on; underscores_in_headers on; keepalive_timeout 10; send_timeout 60; gzip on; include /usr/local/nginx/conf/vhost/*.conf; server { listen 8080; server_name localhost; location /nginx_status { stub_status on; access_log off; allow 192.168.44.0/24; deny all; } } }
nginx启动脚本如下:
[root@node1 nginx]# cat files/nginx.init #!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: NGINX is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /etc/nginx/nginx.conf # config: /etc/sysconfig/nginx # pidfile: /var/run/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -` if [ -n "$user" ]; then if [ -z "`grep $user /etc/passwd`" ]; then useradd -M -s /bin/nologin $user fi options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=`echo $opt | cut -d "=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done fi } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac
saltstack为php提供状态配置
1、安装php的依赖包
2、编译安装php
3、安装PHP插件:pdo_mysql
4、提供php配置文件php-ini
5、提供php-fpm配置文件
6、给php-fpm提供启动脚本、将服务添加到启动项、开启php-fpm服务
1、创建php项目需要的目录
mkdir /srv/salt/prod/php mkdir /srv/salt/prod/php/files
2、编译安装php需要用到的文件脚本和源码包
[root@node1 files]# ll total 14760 -rw-r--r-- 1 root root 2354 Oct 11 20:03 init.d.php-fpm -rw-r--r-- 1 root root 15011816 Oct 11 19:23 php-5.6.30.tar.bz2 -rw-r--r-- 1 root root 22794 Oct 11 20:05 php-fpm.conf.default -rw-r--r-- 1 root root 73685 Oct 11 20:01 php.ini-production
3、编写状态配置文件
3.1编写libmcrypt状态配置
mkdir /srv/salt/prod/libmcrypt mkdir /srv/salt/prod/libmcrypt/files [root@node1 files]# ll total 512 -rw-r--r-- 1 root root 523321 Oct 11 20:13 libmcrypt-2.5.7.tar.gz [root@node1 files]# pwd /srv/salt/prod/libmcrypt/files [root@node1 libmcrypt]# pwd /srv/salt/prod/libmcrypt [root@node1 libmcrypt]# tree . ├── files │ └── libmcrypt-2.5.7.tar.gz └── install.sls [root@node1 libmcrypt]# cat install.sls libmcrypt-install: file.managed: - name: /usr/local/src/libmcrypt-2.5.7.tar.gz - source: salt://libmcrypt/files/libmcrypt-2.5.7.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar xf libmcrypt-2.5.7.tar.gz && cd libmcrypt-2.5.7 && ./configure && make && make install - unless: test -d /usr/local/src/libmcrypt-2.5.7 - require: - file: /usr/local/src/libmcrypt-2.5.7.tar.gz 5.2编译安装php [root@node1 php]# cat install.sls pkg-php: 编写依赖包状态配置 pkg.installed: - names: - libxml2 - libxml2-devel - bzip2 - bzip2-devel - libjpeg-turbo - libjpeg-turbo-devel - libpng - libpng-devel - freetype - freetype-devel - zlib - zlib-devel - libcurl - libcurl-devel php-install: php编译安装状态配置 file.managed: - name: /usr/local/src/php-5.6.30.tar.bz2 - source: salt://php/files/php-5.6.30.tar.bz2 - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src/ && tar xf php-5.6.30.tar.bz2 && cd php-5.6.30 && ./configure --prefix=/usr/local/php --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-openssl --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-zlib --with-libxml-dir=/usr --enable-xml --enable-sockets --enable-fpm --with-config-file-path=/usr/local/php/etc --with-bz2 --with-gd && make && make install - unless: test -d /usr/local/php - require: - pkg: pkg-php 由于上面安装的依赖于是基于pkg模式 - file: /usr/local/src/php-5.6.30.tar.bz2 pdo-plugin: php插件pdo_mysql状态配置 cmd.run: - name: cd /usr/local/src/php-5.6.30/ext/pdo_mysql && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make&& make install - unless: test -f /usr/local/php/lib/php/extensions/*/pdo_mysql.so - require: - file: php-install php-ini: 提供php的php-ini配置文件 file.managed: - name: /usr/local/php/etc/php.ini - source: salt://php/files/php.ini-production - user: root - group: root - mode: 644 php-fpm: 提供php-fpm的配置文件 file.managed: - name: /usr/local/php/etc/php-fpm.conf - source: salt://php/files/php-fpm.conf.default - user: root - group: root - mode: 644 php-service: 将php-fpm服务添加到系统服务中 file.managed: - name: /etc/init.d/php-fpm - source: salt://php/files/init.d.php-fpm - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm - unless: chkconfig --list|grep php-fpm - require: - file: /etc/init.d/php-fpm service.running: - name: php-fpm - enable: True - require: - cmd: php-service - watch: - file: php-ini - file: php-fpm
执行[root@node1 php]# salt 'node1' state.sls php.install saltenv=prod
查看php-fpm:
[root@node1 php]# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 122333/nginx tcp 0 0 192.168.44.10:80 0.0.0.0:* LISTEN 107737/haproxy tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1265/sshd tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 42708/python2.7 tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 107737/haproxy tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 42714/python2.7 tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 117298/php-fpm tcp 0 0 :::22 :::* LISTEN 1265/sshd udp 0 0 0.0.0.0:68 0.0.0.0:* 1092/dhclient
php项目构建图:
[root@node1 php]# tree . ├── files │ ├── init.d.php-fpm │ ├── php-5.6.30.tar.bz2 │ ├── php-fpm.conf.default │ └── php.ini-production └── install.sls
将nginx和php-fpm结合起来,提供配置文件
mkdir /srv/salt/prod/html mkdir /srv/salt/prod/html/files [root@node1 files]# ll total 8 -rw-r--r-- 1 root root 1034 Oct 11 21:24 fastcgi_params -rw-r--r-- 1 root root 278 Oct 11 21:10 www.conf [root@node1 files]# pwd /srv/salt/prod/html/files [root@node1 html]# tree . ├── files │ ├── fastcgi_params 将nginx和php进行结合 │ └── www.conf 添加应用配置文件 └── www.sls [root@node1 html]# cat www.sls include: 包含了nginx和php的安装 - php.install - nginx.service nginx-php-conf: file.managed: - name: /usr/local/nginx/conf/fastcgi_params - source: salt://html/files/fastcgi_params - user: nginx - group: nginx - mode: 755 html-www: file.managed: - name: /usr/local/nginx/conf/vhost/www.conf - source: salt://html/files/www.conf - user: root - group: root - mode: 644 - require: - service: php-service - watch_in: - service: nginx-service
提供的fastcgi_params配置文件
[root@node1 html]# cat files/fastcgi_params fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200;
提供的index.php测试文件:
[root@node1 conf]# cat ../html/index.php <?php phpinfo(); ?>
测试效果:
构建树info如下:
[root@node1 prod]# tree libmcrypt/ libmcrypt/ ├── files │ └── libmcrypt-2.5.7.tar.gz └── install.sls [root@node1 prod]# tree nginx/ nginx/ ├── files │ ├── nginx-1.8.1.tar.gz │ ├── nginx.conf │ └── nginx.init ├── install.sls └── service.sls [root@node1 prod]# tree php/ php/ ├── files │ ├── init.d.php-fpm │ ├── php-5.6.30.tar.bz2 │ ├── php-fpm.conf.default │ └── php.ini-production └── install.sls [root@node1 prod]# tree html/ html/ ├── files │ ├── fastcgi_params │ └── www.conf └── www.sls
将项目nginx和php和html结合到top.sls文件中:
[root@node1 base]# cat top.sls base: '*': - init.env_init prod: '*': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived - html.www 该项目包含了nginx和php的安装