saltstack之nginx、php的配置

saltstack为nginx提供状态配置

1、创建nginx配置需要的目录
mkdir /srv/salt/prod/nginx
mkdir /srv/salt/prod/nginx/files

 2、将需要用到的nginx的源码包、启动脚本以及配置文件提供到files文件中

[root@node1 nginx]# ll files/
total 824
-rw-r--r-- 1 root root 833473 Oct 11 15:51 nginx-1.8.1.tar.gz
-rw-r--r-- 1 root root   1012 Oct 11 15:52 nginx.conf
-rwxr-xr-x 1 root root   2687 Oct 11 14:53 nginx.init

 3、编写nginx安装的配置文件,并将nginx启动脚本添加到系统服务

[root@node1 nginx]# cat install.sls 
include:
  - pkg.pkg-init

nginx-install:
  file.managed:
    - name: /usr/local/src/nginx-1.8.1.tar.gz
    - source: salt://nginx/files/nginx-1.8.1.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: useradd -M -s /sbin/nologin nginx && cd /usr/local/src && tar xf nginx-1.8.1.tar.gz && cd nginx-1.8.1 && yum install libxslt-devel -y gd gd-devel GeoIP GeoIP-devel pcre pcre-devel && ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-ipv6 --with-http_ssl_module  --with-http_spdy_module --with-http_realip_module    --with-http_addition_module    --with-http_xslt_module   --with-http_image_filter_module    --with-http_geoip_module  --with-http_sub_module  --with-http_dav_module --with-http_flv_module    --with-http_mp4_module --with-http_gunzip_module  --with-http_gzip_static_module  --with-http_auth_request_module  --with-http_random_index_module   --with-http_secure_link_module   --with-http_degradation_module   --with-http_stub_status_module && make && make install && chown -R nginx:nginx /usr/local/nginx/
    - unless: test -d /usr/local/nginx
    - require:
      - pkg: pkg-init
      - file: /usr/local/src/nginx-1.8.1.tar.gz

nginx-init:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx.init
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list|grep nginx
    - require:
      - file: /etc/init.d/nginx

 执行nginx安装配置文件:

salt 'node1' state.sls nginx.install saltenv=prod

 当然可以将上述的install.sls中的几个部分分割开:

1、nginx服务的用户,可以自定义nginx-user.sls
nginx-user-group:
  group.present:
    - name: nginx
    - gid: 1000

  user.present:
    - name: nginx
    - fullname: nginx
    - shell: /sbin/nologin
    - uid: 1000
    - gid: 1000

 2、编译nginx安装时需要依赖的包

nginx-require:
  pkg.installed:
    - names:
      - libxslt-devel
      - gd
      - gd-devel
      - GeoIP
      - GeoIP-devel
      - pcre
      - pcre-devel

 4、nginx安装完成后,需要给nginx提供配置文件,并将nginx服务开启

[root@node1 nginx]# cat service.sls 
include:
  - nginx.install

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf
    - user: nginx
    - group: nginx
    - mode: 644

nginx-service:
  file.directory:
    - name: /usr/local/nginx/conf/vhost
    - require:
      - file: nginx-install
  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require: 
      - file: /etc/init.d/nginx
      - cmd: nginx-init
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

 执行整个nginx项目配置文件

salt 'node1' state.sls nginx.service saltenv=prod

 nginx框架图:

[root@node1 nginx]# tree
.
├── files
│   ├── nginx-1.8.1.tar.gz
│   ├── nginx.conf
│   └── nginx.init
├── install.sls
└── service.sls

 将nginx项目整合到base环境的top.sls文件中:

[root@node1 base]# cat top.sls 
base:
  '*':
    - init.env_init

prod:
  '*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
    - nginx.service

 nginx的配置文件如下:

[root@node1 nginx]# cat files/nginx.conf 
user  nginx;
worker_processes  1;
error_log  logs/error.log  error;
pid        logs/nginx.pid;
worker_rlimit_nofile 30000;


events {
    worker_connections  1024;
    use epoll;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    sendfile        on;
    tcp_nopush     on;
    underscores_in_headers on;
    keepalive_timeout  10;
    send_timeout 60;
    gzip  on;
include /usr/local/nginx/conf/vhost/*.conf;
    server {
        listen       8080;
        server_name  localhost;
        location /nginx_status {
            stub_status on;
            access_log off;
            allow 192.168.44.0/24;
            deny all;
        }
    }
}

 nginx启动脚本如下:

[root@node1 nginx]# cat files/nginx.init 
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  NGINX is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /etc/nginx/nginx.conf
# config:      /etc/sysconfig/nginx
# pidfile:     /var/run/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {
   # make required directories
   user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
   if [ -n "$user" ]; then
      if [ -z "`grep $user /etc/passwd`" ]; then
         useradd -M -s /bin/nologin $user
      fi
      options=`$nginx -V 2>&1 | grep 'configure arguments:'`
      for opt in $options; do
          if [ `echo $opt | grep '.*-temp-path'` ]; then
              value=`echo $opt | cut -d "=" -f 2`
              if [ ! -d "$value" ]; then
                  # echo "creating" $value
                  mkdir -p $value && chown -R $user $value
              fi
          fi
       done
    fi
}

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    make_dirs
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    sleep 1
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

 saltstack为php提供状态配置

1、安装php的依赖包
2、编译安装php
3、安装PHP插件:pdo_mysql
4、提供php配置文件php-ini
5、提供php-fpm配置文件
6、给php-fpm提供启动脚本、将服务添加到启动项、开启php-fpm服务
1、创建php项目需要的目录
mkdir /srv/salt/prod/php
mkdir /srv/salt/prod/php/files

 2、编译安装php需要用到的文件脚本和源码包

[root@node1 files]# ll
total 14760
-rw-r--r-- 1 root root     2354 Oct 11 20:03 init.d.php-fpm
-rw-r--r-- 1 root root 15011816 Oct 11 19:23 php-5.6.30.tar.bz2
-rw-r--r-- 1 root root    22794 Oct 11 20:05 php-fpm.conf.default
-rw-r--r-- 1 root root    73685 Oct 11 20:01 php.ini-production

 3、编写状态配置文件

3.1编写libmcrypt状态配置
mkdir /srv/salt/prod/libmcrypt
mkdir /srv/salt/prod/libmcrypt/files
[root@node1 files]# ll
total 512
-rw-r--r-- 1 root root 523321 Oct 11 20:13 libmcrypt-2.5.7.tar.gz
[root@node1 files]# pwd
/srv/salt/prod/libmcrypt/files
[root@node1 libmcrypt]# pwd
/srv/salt/prod/libmcrypt
[root@node1 libmcrypt]# tree
.
├── files
│   └── libmcrypt-2.5.7.tar.gz
└── install.sls
[root@node1 libmcrypt]# cat install.sls 
libmcrypt-install:
  file.managed:
    - name: /usr/local/src/libmcrypt-2.5.7.tar.gz
    - source: salt://libmcrypt/files/libmcrypt-2.5.7.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src/ && tar xf libmcrypt-2.5.7.tar.gz && cd libmcrypt-2.5.7 && ./configure && make && make install
    - unless: test -d /usr/local/src/libmcrypt-2.5.7
    - require:
      - file: /usr/local/src/libmcrypt-2.5.7.tar.gz
5.2编译安装php
[root@node1 php]# cat install.sls 
pkg-php:                                 编写依赖包状态配置
  pkg.installed:
    - names:
      - libxml2
      - libxml2-devel
      - bzip2
      - bzip2-devel
      - libjpeg-turbo
      - libjpeg-turbo-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - zlib
      - zlib-devel
      - libcurl
      - libcurl-devel

php-install:                        php编译安装状态配置
  file.managed:
    - name: /usr/local/src/php-5.6.30.tar.bz2
    - source: salt://php/files/php-5.6.30.tar.bz2
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src/ && tar xf php-5.6.30.tar.bz2 && cd php-5.6.30 && ./configure --prefix=/usr/local/php --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-openssl --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-zlib --with-libxml-dir=/usr --enable-xml  --enable-sockets --enable-fpm --with-config-file-path=/usr/local/php/etc --with-bz2 --with-gd && make && make install
    - unless: test -d /usr/local/php
    - require:
      - pkg: pkg-php                   由于上面安装的依赖于是基于pkg模式
      - file: /usr/local/src/php-5.6.30.tar.bz2

pdo-plugin:                          php插件pdo_mysql状态配置
  cmd.run:
    - name: cd /usr/local/src/php-5.6.30/ext/pdo_mysql && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make&& make install 
    - unless: test -f /usr/local/php/lib/php/extensions/*/pdo_mysql.so
    - require:
      - file: php-install

php-ini:                                  提供php的php-ini配置文件
  file.managed:
    - name: /usr/local/php/etc/php.ini
    - source: salt://php/files/php.ini-production
    - user: root
    - group: root
    - mode: 644

php-fpm:                                 提供php-fpm的配置文件
  file.managed:
    - name: /usr/local/php/etc/php-fpm.conf
    - source: salt://php/files/php-fpm.conf.default
    - user: root
    - group: root
    - mode: 644

php-service:                           将php-fpm服务添加到系统服务中
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://php/files/init.d.php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm
    - unless: chkconfig --list|grep php-fpm
    - require:
      - file: /etc/init.d/php-fpm
  service.running:
    - name: php-fpm
    - enable: True
    - require: 
      - cmd: php-service
    - watch:
      - file: php-ini
      - file: php-fpm

 执行[root@node1 php]# salt 'node1' state.sls php.install saltenv=prod

查看php-fpm:
[root@node1 php]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      122333/nginx        
tcp        0      0 192.168.44.10:80            0.0.0.0:*                   LISTEN      107737/haproxy      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1265/sshd           
tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      42708/python2.7     
tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      107737/haproxy      
tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      42714/python2.7     
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      117298/php-fpm      
tcp        0      0 :::22                       :::*                        LISTEN      1265/sshd           
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1092/dhclient

 php项目构建图:

[root@node1 php]# tree
.
├── files
│   ├── init.d.php-fpm
│   ├── php-5.6.30.tar.bz2
│   ├── php-fpm.conf.default
│   └── php.ini-production
└── install.sls

 将nginx和php-fpm结合起来,提供配置文件

mkdir /srv/salt/prod/html
mkdir /srv/salt/prod/html/files
[root@node1 files]# ll
total 8
-rw-r--r-- 1 root root 1034 Oct 11 21:24 fastcgi_params
-rw-r--r-- 1 root root  278 Oct 11 21:10 www.conf
[root@node1 files]# pwd
/srv/salt/prod/html/files
[root@node1 html]# tree
.
├── files
│   ├── fastcgi_params            将nginx和php进行结合
│   └── www.conf                     添加应用配置文件
└── www.sls
[root@node1 html]# cat www.sls 
include:                                 包含了nginx和php的安装
  - php.install
  - nginx.service

nginx-php-conf:
  file.managed:
    - name: /usr/local/nginx/conf/fastcgi_params
    - source: salt://html/files/fastcgi_params
    - user: nginx
    - group: nginx
    - mode: 755

html-www:
  file.managed:
    - name: /usr/local/nginx/conf/vhost/www.conf
    - source: salt://html/files/www.conf
    - user: root
    - group: root
    - mode: 644
    - require: 
      - service: php-service
    - watch_in:
      - service: nginx-service

 提供的fastcgi_params配置文件

[root@node1 html]# cat files/fastcgi_params 

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

 提供的index.php测试文件:

[root@node1 conf]# cat ../html/index.php 
<?php
  phpinfo();
?>

 测试效果:

构建树info如下:

[root@node1 prod]# tree libmcrypt/
libmcrypt/
├── files
│   └── libmcrypt-2.5.7.tar.gz
└── install.sls

[root@node1 prod]# tree nginx/
nginx/
├── files
│   ├── nginx-1.8.1.tar.gz
│   ├── nginx.conf
│   └── nginx.init
├── install.sls
└── service.sls

[root@node1 prod]# tree php/
php/
├── files
│   ├── init.d.php-fpm
│   ├── php-5.6.30.tar.bz2
│   ├── php-fpm.conf.default
│   └── php.ini-production
└── install.sls

[root@node1 prod]# tree html/
html/
├── files
│   ├── fastcgi_params
│   └── www.conf
└── www.sls

 将项目nginx和php和html结合到top.sls文件中:

[root@node1 base]# cat top.sls 
base:
  '*':
    - init.env_init

prod:
  '*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
    - html.www                     该项目包含了nginx和php的安装

 

posted on 2017-10-12 10:02  wadeson  阅读(390)  评论(0编辑  收藏  举报