企业级 ##自动化运维工具saltstack的安装与部署Nginx服务##

1.创建环境文件

[root@server1 salt]# mkdir nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# mkdir files
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx-1.14.0.tar.gz

2.【server1】编辑脚本在【server3】上自动建立nginx服务

[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# vim install.sls 

3.配置【server3】环境
[1]配置yum源增加扩展包

[root@server3 ~]# cd /etc/yum.repos.d/
[root@server3 yum.repos.d]# ls
rhel-source.repo
[root@server3 yum.repos.d]# vim rhel-source.repo

[root@server3 yum.repos.d]# yum repolist 
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
rhel-source                                             | 3.9 kB     00:00     
salt                                                    | 2.9 kB     00:00     
salt/primary_db                                         |  16 kB     00:00     
repo id          repo name                                               status
rhel-source      Red Hat Enterprise Linux 6Server - x86_64 - Source      3,690
salt             saltstack                                                  29
repolist: 3,719

[2]下载安装搭建saltstack工具

[root@server3 yum.repos.d]# yum install -y salt-minion
[root@server3 yum.repos.d]# cd /etc/salt/
[root@server3 salt]# ls
cloud         cloud.deploy.d  cloud.profiles.d   master    minion    pki    proxy.d
cloud.conf.d  cloud.maps.d    cloud.providers.d  master.d  minion.d  proxy  roster
[root@server3 salt]# vim minion
[root@server3 salt]# /etc/init.d/salt-minion  start
Starting salt-minion:root:server3 daemon: OK

[3]从server1上发送钥匙到server3,建立免密连接

4.【server1】执行脚本,在【server3】远程连接安装nginx服务
【1】把安装包导入到【server3】/mnt下

[root@server1 nginx]# salt server3 state.sls nginx.install
    server3:
          ID: nginx-install
    Function: pkg.installed
      Result: True
     Comment: 3 targeted packages were installed/updated.
     Started: 13:39:15.288290
    Duration: 19219.395 ms

测试：

[root@server3 salt]# cd /mnt/
[root@server3 mnt]# ls
nginx-1.14.0.tar.gz

【2】编辑脚本进行nginx安装包的解压
【server1】

[root@server1 nginx]# vim install.sls 
[root@server1 nginx]# salt server3 state.sls nginx.install

【server3】

[root@server3 mnt]# ls
nginx-1.14.0  nginx-1.14.0.tar.gz            ##解压完成

【3】编译安装nginx

[root@server1 nginx]# vim install.sls 
[root@server1 nginx]# salt server3 state.sls nginx.install

【4】编写nginx服务的启动脚本

[root@server1 nginx]# vim service.sls

[root@server1 nginx]# salt server3 state.sls nginx.service

【5】在【server3】中查看nginx启动端口80：

[root@server3 nginx]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      4450/nginx          
[root@server3 nginx]# cd logs/
[root@server3 logs]# ls
access.log  error.log  nginx.pid
[root@server3 logs]# cd ..
[root@server3 nginx]# cd conf

[root@server3 conf]# scp nginx.conf [email protected]:/srv/salt/nginx/files
The authenticity of host '172.25.39.1 (172.25.39.1)' can't be established.
RSA key fingerprint is ce:b7:35:21:60:9f:f3:8d:f4:25:af:73:ad:ad:bc:ab.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.39.1' (RSA) to the list of known hosts.
root@172.25.39.1's password: 
nginx.conf                                          100% 2656     2.6KB/s   00:00 

【6】把nginx脚本放入【server1】/srv/salt/nginx/files路径下,方便直接调用

[root@server1 files]# ls
nginx  nginx-1.14.0.tar.gz  nginx.conf
[root@server1 files]# vim nginx
[root@server1 files]# cat nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)

lockfile="/var/lock/subsys/nginx"
pidfile="/usr/local/nginx/logs/${prog}.pid"

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"


start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc -p $pidfile $prog
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest_q || return 6
    stop
    start
}

reload() {
    configtest_q || return 6
    echo -n $"Reloading $prog: "
    killproc -p $pidfile $prog -HUP
    echo
}

configtest() {
    $nginx -t -c $NGINX_CONF_FILE
}

configtest_q() {
    $nginx -t -q -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

# Upgrade the binary with no downtime.
upgrade() {
    local oldbin_pidfile="${pidfile}.oldbin"

    configtest_q || return 6
    echo -n $"Upgrading $prog: "
    killproc -p $pidfile $prog -USR2
    retval=$?
    sleep 1
    if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]];  then
        killproc -p $oldbin_pidfile $prog -QUIT
        success $"$prog online upgrade"
        echo 
        return 0
    else
        failure $"$prog online upgrade"
        echo
        return 1
    fi
}

# Tell nginx to reopen logs
reopen_logs() {
    configtest_q || return 6
    echo -n $"Reopening $prog logs: "
    killproc -p $pidfile $prog -USR1
    retval=$?
    echo
    return $retval
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest|reopen_logs)
        $1
        ;;
    force-reload|upgrade) 
        rh_status_q || exit 7
        upgrade
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    status|status_q)
        rh_$1
        ;;
    condrestart|try-restart)
        rh_status_q || exit 7
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}"
        exit 2
esac

【7】在【server1】编辑脚本:

[root@server1 nginx]# vim service.sls 

[root@server1 nginx]# salt server3 state.sls nginx.service

测试server3：
服务已经启动：

【8】改变进程再次推送：

[root@server1 nginx]# vim files/nginx.conf

[root@server1 nginx]# salt server3 state.sls nginx.service

查看server3进程：

【9】建立用户组：

[root@server1 nginx]# vim files/nginx.conf

[root@server1 nginx]# cd ..
[root@server1 salt]# mkdir users
[root@server1 salt]# cd users/
[root@server1 users]# vim nginx.sls

[root@server1 nginx]# vim service.sls 
[root@server1 nginx]# salt server3 state.sls nginx.service

测试：【server3】

[root@server3 conf]# id nginx
uid=800(nginx) gid=800(nginx) groups=800(nginx)

【10】将工具包打包：

[root@server1 nginx]# vim install.sls 
[root@server1 nginx]# salt server3 state.sls nginx.service

可以执行就打包成功