1 配置管理 - 状态模块 pkg file server
https://www.unixhot.com/docs/saltstack/ref/states/highstate.html
状态模块的特点:
- 状态是不可以回滚的。
- 写好的状态模块要支持多次执行。
[root@salt-node4 ~]# cat /srv/salt/web/apache.sls
apache-install: # 名称声明(id声明) 高级状态id必须唯一 ps: 一个id声明下,状态模块不能重复使用。
pkg.installed: # 安装模块 ps:python里模块的应用是通过“.”来进行的。
- names: # 选项声明
- httpd # 具体的选项,是一个list。
- httpd-devel
1. pkg模块
pkg模块是虚拟的,根据操作系统的不同,调用相关的工具安装操作系统。
https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.pkg.html#module-salt.states.pkg
pkg模块常用的方法:
pkg.installed 安装
pkg.latest 确保最新版本
pkg.remove 卸载
pkg.purge 卸载并且删除配置文件
使用pkg模块安装多个软件:
lamp-pkg:
pkg-installed:
- pkgs:
- httpd
- php
- mysql
- maridb-server
- php-mysql
- php-cli
- php-mbstring
2. file模块
https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file
例子:
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://files/httpd.conf
- user: root
- group: root
- mode: 644
ps:上面如果不写- name ,还可以写成这样,此时他直接管理声明id:
例子:
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://files/httpd.conf
- user: root
- group: root
- mode: 644
3. service模块
https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.service.html#module-salt.states.service
例子:
apache-services:
service.running:
- name: httpd
- enable: True # 允许开机启动
- reload: True # 允许重载
4. 状态之间的关系
- 1我依赖谁? require
- 2我被谁依赖? require_in
- 3我监控谁? watch (包含require)
- 4我被谁监控?watch_in
- 5我引用谁?include
- 6我扩展谁?用到再说。
例子:
我依赖谁? require
apache-services:
service.running:
- name: httpd
- enable: True
- reload: True
- require: # 他们都正常执行了,我才执行。
- pkg: lamp-pkg
- file: apapche-config
我被谁依赖?(谁依赖我?)
mysql-config:
file.managed:
- name: /etc/my.conf
- source: salt://lamp/files/my.cnf
- user: root
- gropu: root
- mode: 644
- require_in: # 和 require
- service: mysql-service
我监控谁?
如果配置文件修改了,就重启服务。
apache-services:
service.running:
- name: httpd
- enable: True
- reload: True
- require:
- pkg: lamp-pkg
- file: apapche-config
- watch:
- file: apache-config
1.如果监控到apache-config的状态发生改变(就是配置文件改变了),就重载服务。
2.这里需要注意,如果加上了relaod : True 就是重载,如果没有就是重启。
2 jinja模版
http://docs.jinkan.org/docs/jinja2/
使用背景:
有100台机器,有一个配置文件需要更改为本机的ip地址。最佳实践就是通过jinja模版来做。
二种分割符
{{...}} 表示变量的引用
{%...%} 表示表达式
jinja模版使用方法
相当于在jinja模版里,定义了一个变量,模版配置文件里面再去调用。
可以在模版文件里,也可以写在sls文件里,然后模版文件直接调用。
1 告诉File模块,你要使用jinja模版
- template: jinja
2 你要列出参数列表
- defaults:
PORT: 80
3 模版里面进行引用
{{ PORT }}
例子1:
[root@salt-node4 /srv/salt/lamp]# cat config.sls
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://lamp/files/httpd.conf
- user: root
- gropu: root
- mode: 644
- template: jinja # 告诉模块使用jinjia模版
- defaults:
PORT: 88 # 定义的参数
例子2:
nginx-test-index-html:
file.managed:
- name: /usr/local/nginx/html/index.html
- source: salt://bbs/files/index.html
- user: root
- group: root
- mode: 755
- template: jinja
- HOST: {{grains['fqdn']}} # 获取主机名使用grains
在模版里面进行支持jinja模版
Listen {{PORT}}
# grains
# HOST: {{ grains['fqdn_ip4'][0] }}:{{PORT}}
# 远程执行模块
# HWWARE: {{salt['network.hw_addr']('eth0')}}
# pillar
# {{pillar['apache']}}
3 实战 安装LAMP环境
LAMP架构
1.安装软件包 pkg
2.修改配置文件。 file
3.启动服务
sls文件内容
[root@salt-node4 /srv/salt]# tree lamp/
lamp/
├── files
│ ├── httpd.conf
│ ├── my.cnf
│ └── php.ini
└── lamp.sls
1 directory, 4 files
[root@salt-node4 lamp]# cat lamp.sls
apache-server:
pkg.installed:
- names:
- httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://lamp/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
PORT: 10000
- require:
- pkg: apache-server
service.running:
- name: httpd
- enable: True
- reload: True
- require:
- pkg: apache-server
- file: apache-server
- watch:
- file: apache-server
mysql-server:
pkg.installed:
- names:
- mariadb
- mariadb-server
file.managed:
- name: /etc/my.conf
- source: salt://lamp/files/my.cnf
- user: root
- group: root
- mode: 644
- require:
- pkg: mysql-server
service.running:
- name: mariadb
- enable: True
- reload: True
- require:
- pkg: mysql-server
- file: mysql-server
- watch:
- file: mysql-server
php-config:
pkg.installed:
- pkgs:
- php
- php-mysql
- php-cli
- php-mbstring
file.managed:
- name: /etc/php.ini
- source: salt://lamp/files/php.ini
- user: root
- group: root
- mode: 644
- require:
- pkg: php-config
[root@salt-node4 /srv/salt]# salt '*' state.sls lamp.lamp
4 实战 一键安装集群
集群架构图
头脑风暴
环境分类
- 开发环境
- 测试环境
- 预生产环境
- 生产环境
salt环境
-
base基础环境
- 1 dns配置
- 2 历史命令记录
- 3 历史命令记录日志
- 4 内核参数优化
- 5 安装yum仓库
- 6 安装zabbix
- prod 生产环境
知识拓展
什么叫做五元组?
源地址、源端口、目标地址、目标端口、协议
修改内核参数的模块http://docs.saltstack.cn/ref/states/all/salt.states.sysctl.html#module-salt.states.sysctl
在调试时如果遇到报错,请看报错
1. 修改master配置文件
[root@salt-node4 /srv/salt/lamp]# vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt/base
537 prod:
538 - /srv/salt/prod
...
696 pillar_roots:
697 base:
698 - /srv/pillar/base
699 prod:
700 - /srv/pillar/prod
2. 新建对应的目录。
[root@salt-node4 ~]# mkdir -p /srv/{pillar,salt}
[root@salt-node4 ~]# mkdir -p /srv/pillar/{base,prod}
[root@salt-node4 ~]# mkdir -p /srv/salt/{base,prod}
[root@salt-node4 ~]# tree /srv/
/srv/
├── pillar # 定义pillar相关
│ ├── base
│ └── prod
└── salt # 部署相关
├── base
└── prod
6 directories, 0 files
[root@salt-node4 /srv]# cd salt/base/
[root@salt-node4 /srv/salt/base]# mkdir init # 初始化文件夹啊
3. 系统初始化sls文件
参考赵班长写好的sls文件。
[root@salt-node4 ~]# git clone https://github.com/unixhot/saltbook-code.git
Cloning into 'saltbook-code'...
remote: Counting objects: 87, done.
remote: Total 87 (delta 0), reused 0 (delta 0), pack-reused 87
Unpacking objects: 100% (87/87), done.
[root@salt-node4 ~]# cp -a saltbook-code/salt/base/* /srv/salt/base/
[root@salt-node4 ~]# tree /srv/salt/base/
/srv/salt/base/
├── init
│ ├── audit.sls
│ ├── dns.sls
│ ├── env_init.sls
│ ├── epel.sls
│ ├── files
│ │ ├── resolv.conf
│ │ └── zabbix_agentd.conf
│ ├── history.sls
│ ├── sysctl.sls
│ └── zabbix_agent.sls
└── top.sls
2 directories, 10 files
#历史命令追加到/var/log/message
[root@salt-node4 /srv/salt/base/init]# cat audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
# 内核参数优化
[root@salt-node4 /srv/salt/base/init]# cat sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
# dns修改
[root@salt-node4 /srv/salt/base/init]# cat dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- gourp: root
- mode: 644
# 更换epel源
[root@salt-node4 /srv/salt/base/init]# cat epel.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http://mirrors.aliyun.com/repo/epel-7.repo
- zabbix-epel: https://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/7/x86_64/zabbix-get-3.0.5-1.el7.x86_64.rpm
- unless: rpm -qa | grep epel-release-7-8.noarch
# 历史命令增加时间
[root@salt-node4 /srv/salt/base/init]# cat history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
# 安装zabbix-agent
[root@salt-node4 init]# cat zabbix_agent.sls
zabbix-epel:
file.managed:
- name: /tmp/zabbix-release-3.0-1.el7.noarch.rpm
- source: salt://init/files/zabbix-release-3.0-1.el7.noarch.rpm
- backup: minion # 文件替换建议都加上这个参数,防止误操作文件被替换
cmd.run:
- name: rpm -vih /tmp/zabbix-release-3.0-1.el7.noarch.rpm
- require:
- file: zabbix-epel
- unless: rpm -qa |grep zabbix-release
zabbix-agent:
pkg.installed:
- name: zabbix-agent
- require:
- file: zabbix-epel
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- backup: minion
- template: jinja
- defaults:
server: {{ pillar['zabbix-server'] }} # 配置文件zabbix_agent.conf里引用这个变量 {{ server }}
- require:
- pkg: zabbix-agent
service.running:
- enable: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix_agentd.conf.d
- backup: minion
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
[root@salt-node4 init]# cat env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.epel
- init.zabbix_agent
topfile文件
[root@salt-node4 base]# cat top.sls
base:
'*':
- init.env_init
pillar 文件内容
[root@salt-node4 /srv]# cat pillar/base/top.sls
base:
'*':
- zabbix.agent
[root@salt-node4 /srv]# cat pillar/base/zabbix/agent.sls
zabbix-server: 10.0.0.202
[root@salt-node4 /srv]#
知识拓展
http://docs.saltstack.cn/ref/states/all/salt.states.file.html#module-salt.states.file
在替换文件时建议加上 - backend: minion 参数。
文件在更改替换后,备份文件保存在/var/cache/salt/minion/file_backup下:
[root@salt-node4 /etc/yum.repos.d]# tree /var/cache/salt/minion/
/var/cache/salt/minion/
├── accumulator
├── extmods
├── file_backup
│ └── etc
│ └── zabbix_agentd.conf_Fri_Mar_17_05:11:38_395952_2017
4. 部署软件
4.1 部署haproxy
1.新建相关目录
# 对要安装的内容进行拆分,拆的越小,灵活度越高。
[root@salt-node4 ~]# cd /srv/salt/prod
[root@salt-node4 prod]# mkdir {modules,cluster,bbs}
[root@salt-node4 prod]# cd modules/
[root@salt-node4 modules]# mkdir haproxy keepalived libevent memcached nginx pcre php pkg user
2.haproxy 和 依赖的模块文件内容。
[root@salt-node4 modules]# cat haproxy/install.sls
include:
- modules.pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.3.tar.gz
- source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
/etc/init.d/haproxy:
file.managed:
- source: salt://modules/haproxy/files/haproxy.init
- mode: 755
- user: root
- group: root
- require:
- cmd: haproxy-install
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
haproxy-init:
cmd.run:
- name: chkconfig --add haproxy # 将haproxy添加到开机启动里。
- unless: chkconfig --list | grep haproxy # 如果已经添加到开机启动了,就不执行这个操作。
- require:
- file: /etc/init.d/haproxy
[root@salt-node4 modules]#
依赖模块内容
[root@salt-node4 modules]# cat pkg/pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
# haproxy 服务器启动模块
[root@salt-node4 /srv/salt/prod/cluster]# cat haproxy-outside.sls
include:
- modules.haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
- backup: minion
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-install
- file: haproxy-service
- watch:
- file: haproxy-service
# top file文件
[root@salt-node4 /srv/salt/prod/cluster]# cat /srv/salt/base/top.sls
base:
'*':
- init.env_init
prod:
'*':
- cluster.haproxy-outside
[root@salt-node4 /srv/salt/prod/cluster]# salt '*' state.highstate
3测试
用户名:haproxy
密码:saltstack
网页访问:http://10.0.0.203:8888/haproxy-status
[root@salt-node4 prod]# netstat -tnlpau|grep ha
tcp 0 0 10.0.0.254:80 0.0.0.0:* LISTEN 95442/haproxy
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN 95442/haproxy
udp 0 0 0.0.0.0:26141 0.0.0.0:* 95442/haproxy
4.2 部署memcached 和 keepalived
知识扩充 什么是seesion?
会话是在服务器端产生的,是为了标识唯一用户。因为http是无状态的。
每一个用户连接服务器都会产生一个session,为了标识就用了session,session存储在客户端的cookie里,客户端连接服务器端,每次都会将cookie发送给服务器验证。
用户模块:
用户组模块
用户模块
[root@salt-node4 /srv/salt/prod/modules]# cat memcached/install.sls
include:
- modules.libevent.install
memcached-install:
file.managed:
- name: /usr/local/src/memcached-1.4.24.tar.gz
- source: salt://modules/memcached/files/memcached-1.4.24.tar.gz
- require:
- cmd: libevent-source-install
cmd.run:
- name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
- unless: tess -d /usr/local/memcached
- require:
- file: memcached-install
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/
files/ install.sls
[root@salt-node4 /srv/salt/prod/modules]# cat keepalived/install.sls
keepalived-service:
file.managed:
- name: /usr/local/src/keepalived-1.2.17.tar.gz
- source: salt://modules/keepalived/files/keepalived-1.2.17.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-service
keepalived-config:
file.managed:
- name: /etc/sysconfig/keepalived
- source: salt://modules/keepalived/files/keepalived.sysconfig
- user: root
- group: root
- mode: 755
- require:
- cmd: keepalived-service
keepalived-cmd:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://modules/keepalived/files/keepalived.init
- user: root
- group: root
- mode: 755
- require:
- file: keepalived-config
keepalived-run:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list|grep keepalived
- require:
- cmd: keepalived-service
- file: keepalived-cmd
service.running:
- name: keepalived
- enable: True
- reload: True
keepalived-directory:
file.directory:
- name: /etc/keepalived
- user: root
- group: root
4.3 部署nginx php bbs
# nginx sls文件
[root@salt-node4 /srv/salt/prod/modules]# cat nginx/install.sls
include:
- modules.user.www
- modules.pcre.install
- modules.pkg.pkg-init
nginx-install:
file.managed:
- name: /usr/local/src/nginx-1.9.1.tar.gz
- source: salt://modules/nginx/files/nginx-1.9.1.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx
- unless: test -d /usr/local/nginx
- require:
- file: nginx-install
- user: www-user-group
- cmd: pcre-source-install
- pkg: pkg-init
nginx-config:
file.managed:
- name: /usr/local/nginx/conf/nginx.conf
- source: salt://modules/nginx/files/nginx.conf
- user: root
- group: root
- mode: 755
- require:
- cmd: nginx-install
nginx-directory-online:
file.directory:
- name: /usr/local/nginx/conf/vhost_online
- require:
- cmd: nginx-install
nginx-directory-offline:
file.directory:
- name: /usr/local/nginx/conf/vhost_offline
- require:
- cmd: nginx-install
nginx-cmd:
file.managed:
- name: /etc/init.d/nginx
- source: salt://modules/nginx/files/nginx-init
- user: root
- group: root
- mode: 755
- require:
- cmd: nginx-install
cmd.run:
- name: chkconfig --add nginx
- unless: chkconfig --list|grep nginx
- require:
- file: nginx-directory-offline
- file: nginx-cmd
- file: nginx-config
- cmd: nginx-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-cmd
- watch:
- file: nginx-config
# php 安装文件
[root@salt-node4 /srv/salt/prod/modules]# cat php/install.sls
include:
- modules.user.www
- modules.pkg.pkg-init
pkg-php:
pkg.installed:
- names:
- openssl-devel
- swig
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- zlib
- zlib-devel
- libcurl
- libcurl-devel
php-source-install:
file.managed:
- name: /usr/local/src/php-5.6.9.tar.gz
- source: salt://modules/php/files/php-5.6.9.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&& ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
- require:
- file: php-source-install
- user: www-user-group
- unless: test -d /usr/local/php-fastcgi
pdo-plugin:
cmd.run:
- name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so
- require:
- cmd: php-source-install
php-ini:
file.managed:
- name: /usr/local/php-fastcgi/etc/php.ini
- source: salt://modules/php/files/php.ini-production
- user: root
- group: root
- mode: 644
php-fpm:
file.managed:
- name: /usr/local/php-fastcgi/etc/php-fpm.conf
- source: salt://modules/php/files/php-fpm.conf.default
- user: root
- group: root
- mode: 644
php-fastcgi-service:
file.managed:
- name: /etc/init.d/php-fpm
- source: salt://modules/php/files/init.d.php-fpm
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add php-fpm
- unless: chkconfig --list|grep php-fpm
- require:
- file: php-fastcgi-service
service.running:
- name: php-fpm
- enable: True
- reload: True
- require:
- cmd: php-fastcgi-service
- watch:
- file: php-ini
- file: php-fpm
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-redis.sls
redis-plugin:
file.managed:
- name: /usr/local/src/redis-2.2.7.tgz
- source: salt://modules/php/files/redis-2.2.7.tgz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so
require:
- file: redis-plugin
- cmd: php-install
redis-php-config:
file.append:
- name: /usr/local/php-fastcgi/etc/php.ini
- text:
- extension=redis.so
[root@salt-node4 /srv/salt/prod/modules]# cat php/php-memcache.sls
memcache-plugin:
file.managed:
- name: /usr/local/src/memcache-2.2.7.tgz
- source: salt://modules/php/files/memcache-2.2.7.tgz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so
require:
- file: memcache-plugin
- cmd: php-install
memcache-php-config:
file.append:
- name: /usr/local/php-fastcgi/etc/php.ini
- text:
- extension=memcache.so
# make模块
[root@salt-node4 /srv/salt/prod/modules]# cat pkg/pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
# 增加www用户的模块
[root@salt-node4 /srv/salt/prod/modules]# cat user/www.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 1000
- gid: 1000
# memcached 安装模块
[root@salt-node4 /srv/salt/prod]# cat bbs/memcached.sls
include:
- modules.user.www
- modules.memcached.install
memcached-service:
cmd.run:
- name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www
- unless: netstat -tnlpua|grep 11211
- require:
- cmd: memcached-install
- user: www-user-group
- group: www-user-group
# bbs模块
[root@salt-node4 /srv/salt/prod]# cat bbs/web.sls
include:
- modules.nginx.install
- modules.php.install
- modules.php.php-memcache
- modules.php.php-redis
nginx-vhost-online:
file.managed:
- name: /usr/local/nginx/conf/vhost_online/nginx_bbs.conf
- source: salt://bbs/files/nginx_bbs.conf
- user: root
- group: root
- mode: 644
- require:
- cmd: nginx-install
- watch_in:
- service: nginx-cmd
nginx-test-index-html:
file.managed:
- name: /usr/local/nginx/html/index.html
- source: salt://bbs/files/index.html
- user: root
- group: root
- mode: 755
- template: jinja
- HOST: {{grains['fqdn']}}
top file文件
[root@salt-node4 /srv/salt]# cat base/top.sls
base:
'*':
- init.env_init
prod:
'*':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalive
- bbs.web