1 配置管理 - 状态模块 pkg file server

https://www.unixhot.com/docs/saltstack/ref/states/highstate.html

状态模块的特点:

  • 状态是不可以回滚的。
  • 写好的状态模块要支持多次执行。
[root@salt-node4 ~]# cat /srv/salt/web/apache.sls 
apache-install:  # 名称声明(id声明)  高级状态id必须唯一  ps: 一个id声明下,状态模块不能重复使用。
  pkg.installed: # 安装模块   ps:python里模块的应用是通过“.”来进行的。
    - names:  # 选项声明
      - httpd  # 具体的选项,是一个list。
      - httpd-devel

1. pkg模块

pkg模块是虚拟的,根据操作系统的不同,调用相关的工具安装操作系统。

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.pkg.html#module-salt.states.pkg

pkg模块常用的方法:

pkg.installed 安装
pkg.latest 确保最新版本
pkg.remove 卸载
pkg.purge 卸载并且删除配置文件

使用pkg模块安装多个软件:

lamp-pkg:
  pkg-installed:
    - pkgs:
      - httpd
      - php
      - mysql
      - maridb-server
      - php-mysql
      - php-cli
      - php-mbstring

2. file模块

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file

例子:
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf 
    - source: salt://files/httpd.conf
    - user: root
    - group: root
    - mode: 644

ps:上面如果不写- name ,还可以写成这样,此时他直接管理声明id:

例子:
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://files/httpd.conf
    - user: root
    - group: root
    - mode: 644

3. service模块

https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.service.html#module-salt.states.service

例子:
apache-services:
  service.running:
    - name: httpd
    - enable: True # 允许开机启动
    - reload: True # 允许重载

4. 状态之间的关系

  • 1我依赖谁? require
  • 2我被谁依赖? require_in
  • 3我监控谁? watch (包含require)
  • 4我被谁监控?watch_in
  • 5我引用谁?include
  • 6我扩展谁?用到再说。
例子:

我依赖谁? require

apache-services:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:  # 他们都正常执行了,我才执行。
      - pkg: lamp-pkg
      - file: apapche-config

我被谁依赖?(谁依赖我?)
mysql-config:
  file.managed:
    - name: /etc/my.conf
    - source: salt://lamp/files/my.cnf
    - user: root
    - gropu: root
    - mode: 644
    - require_in: # 和 require
      - service: mysql-service

我监控谁?
如果配置文件修改了,就重启服务。
apache-services:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:
      - pkg: lamp-pkg
      - file: apapche-config
    - watch:
      - file: apache-config

1.如果监控到apache-config的状态发生改变(就是配置文件改变了),就重载服务。
2.这里需要注意,如果加上了relaod : True 就是重载,如果没有就是重启。

2 jinja模版

http://docs.jinkan.org/docs/jinja2/

使用背景:

有100台机器,有一个配置文件需要更改为本机的ip地址。最佳实践就是通过jinja模版来做。

二种分割符

{{...}} 表示变量的引用
{%...%} 表示表达式

jinja模版使用方法

相当于在jinja模版里,定义了一个变量,模版配置文件里面再去调用。

可以在模版文件里,也可以写在sls文件里,然后模版文件直接调用。

1 告诉File模块,你要使用jinja模版

- template: jinja

2 你要列出参数列表

- defaults:
    PORT: 80   

3 模版里面进行引用

{{ PORT }}
例子1:

[root@salt-node4 /srv/salt/lamp]# cat config.sls 
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://lamp/files/httpd.conf
    - user: root
    - gropu: root
    - mode: 644
    - template: jinja # 告诉模块使用jinjia模版
    - defaults:
      PORT: 88  # 定义的参数

例子2:
nginx-test-index-html:
  file.managed:
    - name:  /usr/local/nginx/html/index.html
    - source: salt://bbs/files/index.html
    - user: root
    - group: root
    - mode: 755
    - template: jinja
    - HOST: {{grains['fqdn']}}  # 获取主机名使用grains

在模版里面进行支持jinja模版

Listen {{PORT}}

# grains
# HOST: {{ grains['fqdn_ip4'][0] }}:{{PORT}}

# 远程执行模块
# HWWARE: {{salt['network.hw_addr']('eth0')}}

# pillar
# {{pillar['apache']}}

3 实战 安装LAMP环境

LAMP架构

1.安装软件包 pkg
2.修改配置文件。 file
3.启动服务

sls文件内容

[root@salt-node4 /srv/salt]# tree lamp/
lamp/
├── files
│   ├── httpd.conf
│   ├── my.cnf
│   └── php.ini
└── lamp.sls

1 directory, 4 files

[root@salt-node4 lamp]# cat lamp.sls 
apache-server:
  pkg.installed:
    - names:
      - httpd
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://lamp/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - defaults:
      PORT: 10000
    - require: 
      - pkg: apache-server
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - require:
      - pkg: apache-server
      - file: apache-server
    - watch:
      - file: apache-server

mysql-server:
  pkg.installed:
    - names:
      - mariadb
      - mariadb-server
  file.managed:
    - name: /etc/my.conf
    - source: salt://lamp/files/my.cnf
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: mysql-server
  service.running:
    - name: mariadb
    - enable: True
    - reload: True
    - require:
      - pkg: mysql-server
      - file: mysql-server
    - watch:
      - file: mysql-server

php-config:
  pkg.installed:
    - pkgs:
      - php
      - php-mysql
      - php-cli
      - php-mbstring
  file.managed:
    - name: /etc/php.ini
    - source: salt://lamp/files/php.ini
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: php-config

[root@salt-node4 /srv/salt]# salt '*' state.sls lamp.lamp

4 实战 一键安装集群

集群架构图

头脑风暴

环境分类

  • 开发环境
  • 测试环境
  • 预生产环境
  • 生产环境

salt环境

  • base基础环境

    • 1 dns配置
    • 2 历史命令记录
    • 3 历史命令记录日志
    • 4 内核参数优化
    • 5 安装yum仓库
    • 6 安装zabbix
  • prod 生产环境

知识拓展

什么叫做五元组?

源地址、源端口、目标地址、目标端口、协议

修改内核参数的模块http://docs.saltstack.cn/ref/states/all/salt.states.sysctl.html#module-salt.states.sysctl

在调试时如果遇到报错,请看报错

1. 修改master配置文件

[root@salt-node4 /srv/salt/lamp]# vim /etc/salt/master
 534 file_roots:
 535   base:
 536     - /srv/salt/base
 537   prod:
 538     - /srv/salt/prod
 ...
 696 pillar_roots:
 697   base:
 698     - /srv/pillar/base
 699    prod:
 700     - /srv/pillar/prod

2. 新建对应的目录。

[root@salt-node4 ~]# mkdir -p /srv/{pillar,salt}
[root@salt-node4 ~]# mkdir -p /srv/pillar/{base,prod}
[root@salt-node4 ~]# mkdir -p /srv/salt/{base,prod}  
[root@salt-node4 ~]# tree /srv/
/srv/
├── pillar  # 定义pillar相关
│   ├── base
│   └── prod
└── salt    # 部署相关 
    ├── base
    └── prod

6 directories, 0 files
[root@salt-node4 /srv]# cd salt/base/
[root@salt-node4 /srv/salt/base]# mkdir init # 初始化文件夹啊

3. 系统初始化sls文件

参考赵班长写好的sls文件。

[root@salt-node4 ~]# git clone https://github.com/unixhot/saltbook-code.git
Cloning into 'saltbook-code'...
remote: Counting objects: 87, done.
remote: Total 87 (delta 0), reused 0 (delta 0), pack-reused 87
Unpacking objects: 100% (87/87), done.

[root@salt-node4 ~]# cp -a saltbook-code/salt/base/* /srv/salt/base/
[root@salt-node4 ~]# tree /srv/salt/base/
/srv/salt/base/
├── init
│   ├── audit.sls
│   ├── dns.sls
│   ├── env_init.sls
│   ├── epel.sls
│   ├── files
│   │   ├── resolv.conf
│   │   └── zabbix_agentd.conf
│   ├── history.sls
│   ├── sysctl.sls
│   └── zabbix_agent.sls
└── top.sls

2 directories, 10 files

#历史命令追加到/var/log/message
[root@salt-node4 /srv/salt/base/init]# cat audit.sls 
/etc/bashrc:
  file.append:
    - text:
      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'

# 内核参数优化
[root@salt-node4 /srv/salt/base/init]# cat sysctl.sls 
net.ipv4.ip_local_port_range:
  sysctl.present:
    - value: 10000 65000
fs.file-max:
  sysctl.present:
    - value: 2000000
net.ipv4.ip_forward:
  sysctl.present:
    - value: 1
vm.swappiness:
  sysctl.present:
    - value: 0

# dns修改
[root@salt-node4 /srv/salt/base/init]# cat dns.sls 
/etc/resolv.conf:
  file.managed:
    - source: salt://init/files/resolv.conf
    - user: root
    - gourp: root
    - mode: 644

# 更换epel源
[root@salt-node4 /srv/salt/base/init]# cat epel.sls 
yum_repo_release:
  pkg.installed:
    - sources:
      - epel-release: http://mirrors.aliyun.com/repo/epel-7.repo 
      - zabbix-epel: https://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/7/x86_64/zabbix-get-3.0.5-1.el7.x86_64.rpm
    - unless: rpm -qa | grep epel-release-7-8.noarch

# 历史命令增加时间
[root@salt-node4 /srv/salt/base/init]# cat history.sls 
/etc/profile:
  file.append:
    - text:
      - export HISTTIMEFORMAT="%F %T `whoami` "

# 安装zabbix-agent
[root@salt-node4 init]# cat zabbix_agent.sls 
zabbix-epel:
  file.managed:
    - name: /tmp/zabbix-release-3.0-1.el7.noarch.rpm 
    - source: salt://init/files/zabbix-release-3.0-1.el7.noarch.rpm 
    - backup: minion # 文件替换建议都加上这个参数,防止误操作文件被替换
  cmd.run:
    - name: rpm -vih /tmp/zabbix-release-3.0-1.el7.noarch.rpm
    - require:
      - file: zabbix-epel
    - unless: rpm -qa |grep zabbix-release

zabbix-agent:
  pkg.installed:
    - name: zabbix-agent
    - require:
      - file: zabbix-epel
  file.managed:
    - name: /etc/zabbix_agentd.conf
    - source: salt://init/files/zabbix_agentd.conf
    - backup: minion
    - template: jinja
    - defaults:
      server: {{ pillar['zabbix-server'] }}   # 配置文件zabbix_agent.conf里引用这个变量 {{ server }}
    - require:
      - pkg: zabbix-agent
  service.running:
    - enable: True
    - watch:
      - pkg: zabbix-agent
      - file: zabbix-agent
zabbix_agentd.conf.d:
  file.directory:
    - name: /etc/zabbix_agentd.conf.d
    - backup: minion
    - watch_in:
      - service: zabbix-agent
    - require:
      - pkg: zabbix-agent
      - file: zabbix-agent

[root@salt-node4 init]# cat env_init.sls 
include:
  - init.dns    
  - init.history
  - init.audit
  - init.sysctl
  - init.epel
  - init.zabbix_agent

topfile文件

[root@salt-node4 base]# cat top.sls
base:
  '*':
    - init.env_init

pillar 文件内容

[root@salt-node4 /srv]# cat pillar/base/top.sls 
base:
  '*':
    - zabbix.agent
[root@salt-node4 /srv]# cat pillar/base/zabbix/agent.sls 
zabbix-server: 10.0.0.202
[root@salt-node4 /srv]# 

知识拓展

http://docs.saltstack.cn/ref/states/all/salt.states.file.html#module-salt.states.file

在替换文件时建议加上 - backend: minion 参数。
文件在更改替换后,备份文件保存在/var/cache/salt/minion/file_backup下:

[root@salt-node4 /etc/yum.repos.d]# tree /var/cache/salt/minion/
/var/cache/salt/minion/
├── accumulator
├── extmods
├── file_backup
│   └── etc
│       └── zabbix_agentd.conf_Fri_Mar_17_05:11:38_395952_2017

4. 部署软件

4.1 部署haproxy

1.新建相关目录

# 对要安装的内容进行拆分,拆的越小,灵活度越高。
[root@salt-node4 ~]# cd /srv/salt/prod
[root@salt-node4 prod]# mkdir {modules,cluster,bbs}
[root@salt-node4 prod]# cd modules/
[root@salt-node4 modules]# mkdir haproxy  keepalived  libevent  memcached  nginx  pcre  php  pkg  user

2.haproxy 和 依赖的模块文件内容。

[root@salt-node4 modules]# cat haproxy/install.sls 
include:
  - modules.pkg.pkg-init

haproxy-install:
  file.managed:
    - name: /usr/local/src/haproxy-1.6.3.tar.gz
    - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz
    - mode: 755
    - user: root
    - group: root
  cmd.run:
    - name: cd /usr/local/src && tar zxf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
    - unless: test -d /usr/local/haproxy
    - require:
      - pkg: pkg-init
      - file: haproxy-install

/etc/init.d/haproxy:
  file.managed:
    - source: salt://modules/haproxy/files/haproxy.init
    - mode: 755
    - user: root
    - group: root
    - require:
      - cmd: haproxy-install

net.ipv4.ip_nonlocal_bind:
  sysctl.present:
    - value: 1

haproxy-config-dir:
  file.directory:
    - name: /etc/haproxy
    - mode: 755
    - user: root
    - group: root

haproxy-init:
  cmd.run:
    - name: chkconfig --add haproxy   # 将haproxy添加到开机启动里。 
    - unless: chkconfig --list | grep haproxy  # 如果已经添加到开机启动了,就不执行这个操作。
    - require:
      - file: /etc/init.d/haproxy
[root@salt-node4 modules]# 

依赖模块内容
[root@salt-node4 modules]# cat pkg/pkg-init.sls 
pkg-init:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel

# haproxy 服务器启动模块

[root@salt-node4 /srv/salt/prod/cluster]# cat haproxy-outside.sls 
include:
  - modules.haproxy.install

haproxy-service:
  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://cluster/files/haproxy-outside.cfg 
    - user: root
    - group: root
    - mode: 644
    - backup: minion

  service.running:
    - name: haproxy
    - enable: True
    - reload: True
    - require:
      - cmd: haproxy-install
      - file: haproxy-service
    - watch:
      - file: haproxy-service 

# top file文件
[root@salt-node4 /srv/salt/prod/cluster]# cat /srv/salt/base/top.sls
base:
  '*':
    - init.env_init

prod:
  '*':
      - cluster.haproxy-outside

[root@salt-node4 /srv/salt/prod/cluster]# salt '*' state.highstate

3测试

用户名:haproxy
密码:saltstack
网页访问:http://10.0.0.203:8888/haproxy-status

[root@salt-node4 prod]# netstat -tnlpau|grep ha
tcp        0      0 10.0.0.254:80           0.0.0.0:*               LISTEN      95442/haproxy       
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      95442/haproxy       
udp        0      0 0.0.0.0:26141           0.0.0.0:*                           95442/haproxy   

4.2 部署memcached 和 keepalived

知识扩充 什么是seesion?

会话是在服务器端产生的,是为了标识唯一用户。因为http是无状态的。
每一个用户连接服务器都会产生一个session,为了标识就用了session,session存储在客户端的cookie里,客户端连接服务器端,每次都会将cookie发送给服务器验证。

用户模块:
用户组模块
用户模块


[root@salt-node4 /srv/salt/prod/modules]# cat memcached/install.sls 
include:
  - modules.libevent.install

memcached-install:
  file.managed:
    - name: /usr/local/src/memcached-1.4.24.tar.gz
    - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz
    - require:
      - cmd: libevent-source-install
  cmd.run:
    - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
    - unless: tess -d /usr/local/memcached
    - require:
      - file: memcached-install
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/
files/       install.sls  
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/install.sls 
keepalived-service:
  file.managed:
    - name: /usr/local/src/keepalived-1.2.17.tar.gz
    - source: salt://modules/keepalived/files/keepalived-1.2.17.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
    - unless: test -d /usr/local/keepalived
    - require:
      - file: keepalived-service

keepalived-config:
  file.managed:
    - name: /etc/sysconfig/keepalived
    - source: salt://modules/keepalived/files/keepalived.sysconfig
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: keepalived-service

keepalived-cmd:
  file.managed:
    - name: /etc/init.d/keepalived
    - source: salt://modules/keepalived/files/keepalived.init
    - user: root
    - group: root
    - mode: 755
    - require:
      - file: keepalived-config

keepalived-run:
  cmd.run:
    - name: chkconfig --add keepalived
    - unless: chkconfig --list|grep keepalived
    - require:
      - cmd: keepalived-service
      - file: keepalived-cmd
  service.running:
    - name: keepalived
    - enable: True
    - reload: True

keepalived-directory:
  file.directory:
    - name: /etc/keepalived
    - user: root
    - group: root

4.3 部署nginx php bbs

# nginx sls文件
[root@salt-node4 /srv/salt/prod/modules]# cat nginx/install.sls 
include:
  - modules.user.www
  - modules.pcre.install
  - modules.pkg.pkg-init
nginx-install:
  file.managed:
    - name: /usr/local/src/nginx-1.9.1.tar.gz
    - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx
    - unless: test -d /usr/local/nginx
    - require: 
      - file: nginx-install
      - user: www-user-group
      - cmd: pcre-source-install
      - pkg: pkg-init

nginx-config:
  file.managed:
    - name: /usr/local/nginx/conf/nginx.conf
    - source: salt://modules/nginx/files/nginx.conf
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: nginx-install

nginx-directory-online:
  file.directory:
    - name:  /usr/local/nginx/conf/vhost_online
    - require: 
      - cmd: nginx-install

nginx-directory-offline:
  file.directory:
    - name:  /usr/local/nginx/conf/vhost_offline
    - require:
      - cmd: nginx-install

nginx-cmd:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://modules/nginx/files/nginx-init
    - user: root
    - group: root
    - mode: 755
    - require:
      - cmd: nginx-install

  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list|grep nginx
    - require:
      - file: nginx-directory-offline
      - file: nginx-cmd
      - file: nginx-config
      - cmd: nginx-install

  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require: 
      - cmd: nginx-cmd
    - watch:
      - file: nginx-config

# php 安装文件
[root@salt-node4 /srv/salt/prod/modules]# cat php/install.sls 
include:
  - modules.user.www
  - modules.pkg.pkg-init

pkg-php:
  pkg.installed:
    - names:
      - openssl-devel
      - swig
      - libjpeg-turbo
      - libjpeg-turbo-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - libxml2
      - libxml2-devel
      - zlib
      - zlib-devel
      - libcurl
      - libcurl-devel

php-source-install:
  file.managed:
    - name: /usr/local/src/php-5.6.9.tar.gz
    - source: salt://modules/php/files/php-5.6.9.tar.gz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&&  ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml  --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem  --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
    - require:
      - file: php-source-install
      - user: www-user-group
    - unless: test -d /usr/local/php-fastcgi

pdo-plugin:
  cmd.run:
    - name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so
    - require:
      - cmd: php-source-install

php-ini:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php.ini
    - source: salt://modules/php/files/php.ini-production
    - user: root
    - group: root
    - mode: 644

php-fpm:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php-fpm.conf
    - source: salt://modules/php/files/php-fpm.conf.default
    - user: root
    - group: root
    - mode: 644

php-fastcgi-service:
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://modules/php/files/init.d.php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm
    - unless: chkconfig --list|grep php-fpm
    - require:
      - file: php-fastcgi-service
  service.running:
    - name: php-fpm
    - enable: True
    - reload: True
    - require:
      - cmd: php-fastcgi-service
    - watch:
      - file: php-ini
      - file: php-fpm
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-redis.sls 
redis-plugin:
  file.managed:
    - name: /usr/local/src/redis-2.2.7.tgz
    - source: salt://modules/php/files/redis-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so
  require:
    - file: redis-plugin
    - cmd: php-install

redis-php-config:
  file.append:
    - name: /usr/local/php-fastcgi/etc/php.ini
    - text:
      - extension=redis.so
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-memcache.sls 
memcache-plugin:
  file.managed:
    - name: /usr/local/src/memcache-2.2.7.tgz
    - source: salt://modules/php/files/memcache-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755

  cmd.run:
    - name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so
  require:
    - file: memcache-plugin
    - cmd: php-install

memcache-php-config:
  file.append: 
    - name: /usr/local/php-fastcgi/etc/php.ini
    - text:
      - extension=memcache.so

# make模块
[root@salt-node4 /srv/salt/prod/modules]# cat pkg/pkg-init.sls 
pkg-init:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel

# 增加www用户的模块
[root@salt-node4 /srv/salt/prod/modules]# cat user/www.sls 
www-user-group:
  group.present:
    - name: www
    - gid: 1000

  user.present:
    - name: www
    - fullname: www
    - shell: /sbin/nologin
    - uid: 1000
    - gid: 1000

#  memcached 安装模块
[root@salt-node4 /srv/salt/prod]# cat bbs/memcached.sls 
include:
  - modules.user.www
  - modules.memcached.install

memcached-service:
  cmd.run:
  - name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www
  - unless: netstat -tnlpua|grep 11211
  - require:
    - cmd: memcached-install
    - user: www-user-group
    - group: www-user-group

# bbs模块
[root@salt-node4 /srv/salt/prod]# cat bbs/web.sls 
include:
  - modules.nginx.install
  - modules.php.install
  - modules.php.php-memcache
  - modules.php.php-redis

nginx-vhost-online:
  file.managed:
    - name: /usr/local/nginx/conf/vhost_online/nginx_bbs.conf
    - source: salt://bbs/files/nginx_bbs.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - cmd: nginx-install 
    - watch_in:
      - service: nginx-cmd 

nginx-test-index-html:
  file.managed:
    - name:  /usr/local/nginx/html/index.html
    - source: salt://bbs/files/index.html
    - user: root
    - group: root
    - mode: 755
    - template: jinja
    - HOST: {{grains['fqdn']}}

top file文件

[root@salt-node4 /srv/salt]# cat base/top.sls
base:
  '*':
    - init.env_init

prod:
  '*':
      - cluster.haproxy-outside
      - cluster.haproxy-outside-keepalive
      - bbs.web