上一篇其实对通过saltstack部署nginx做了演示,但是可能与我目前的环境还是有点出入,然后sls的结构也不太清晰,所以就又做了改变和优化,叫做进阶可能有点噱头了,不过还是记录如下:

nginx安装目标:

   1)安装必要依赖

   2)准备pcre安装包

   2)源码安装pcre

   3)准备nginx安装包

   4)源码安装nginx

nginx配置:

   1)拷贝nginx.conf配置文件

   2)拷贝启停脚本

   3)添加系统服务并设置开机启动

   4)拷贝日志切割脚本

   5)添加定时任务

salt master上的目录结构如下:

[root@salt-master base]# tree /srv/salt/base/
/srv/salt/base/
├── cron
│   ├── files
│   │   └── nginx_cut_log.sh
│   └── nginx.sls
├── nginx
│   ├── files
│   │   ├── nginx
│   │   ├── nginx-1.6.3.tar.gz
│   │   └── nginx.conf
│   ├── install.sls
│   └── service.sls
├── packages
│   └── install.sls
├── pcre
│   ├── files
│   │   └── pcre-8.37.tar.gz
│   └── install.sls
└── user
    └── nginx.sls
8 directories, 11 files

安装必要软件包:

[root@salt-master base]# cat packages/install.sls 
yum_pcre_packages:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - autoconf
      - automake
      - zlib
      - zlib-devel
      - make
      - openssl
      - openssl-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - libxml2
      - libxml2-devel
      - glibc
      - glibc-devel
      - glib2
      - glib-devel
      - bzip2
      - bzip2-devel
      - ncurses
      - ncurses-devel
      - curl
      - cmake

编译安装pcre:

[root@salt-master base]# cat pcre/install.sls 
include:
  - packages.install
pcre-source-install:
  file.managed:
    - source: salt://pcre/files/pcre-8.37.tar.gz
    - name: /opt/tools/pcre-8.37.tar.gz
    - user: root
    - group: root
    - mode: 755
    - makedirs: True
    - dir_mode: 644
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install 
    - unless: test -d /usr/local/pcre
    - require:
      - file: pcre-source-install

创建nginx用户和组:

[root@salt-master base]# cat user/nginx.sls 
nginx-user-group:
  group.present:
    - name: nginx
    - gid: 601
  user.present:
    - name: nginx
    - fullname: nginx
    - shell: /sbin/nologin
    - uid: 601
    - gid: 601

编译安装nginx:

[root@salt-master base]# cat nginx/install.sls 
include:
  - pcre.install
  - user.nginx
nginx-source-install:
  file.managed:
    - source: salt://nginx/files/nginx-1.6.3.tar.gz
    - name: /opt/tools/nginx-1.6.3.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf nginx-1.6.3.tar.gz && mkdir -p /usr/local/nginx/tmp/{client,proxy,fcgi} && cd nginx-1.6.3 && ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_gzip_static_module --http-client-body-temp-path=/usr/local/nginx/tmp/client/ --http-proxy-temp-path=/usr/local/nginx/tmp/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/tmp/fcgi/ --with-poll_module --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_addition_module --with-http_random_index_module --with-http_stub_status_module --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx/scgi_temp --with-pcre=/opt/tools/pcre-8.37 && make && make install && chown -R nginx:nginx /usr/local/nginx/
    - unless: test -e /usr/local/nginx/sbin/nginx
    - require:
      - file: nginx-source-install
      - cmd: pcre-source-install

添加定时任务:

[root@salt-master base]# cat cron/nginx.sls 
/opt/tools/scripts/:
  file.directory:
    - user: root
    - group: root
    - mode: 644
    - makedirs: True
nginx-crond-job:
  file.managed:
    - name: /opt/tools/scripts/nginx_cut_log.sh
    - source: salt://cron/files/nginx_cut_log.sh
    - user: root
    - group: root
    - mode: 755
/bin/bash /opt/tools/scripts/nginx_cut_log.sh >/dev/null 2>&1:
  cron.present:
    - identifier: SUPERCRON
    - user: root
    - minute: 0
    - hour: 0

启动nginx并设置开机启动:

[root@salt-master base]# cat nginx/service.sls 
include:
  - nginx.install
  - cron.nginx
nginx-init:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list|grep nginx
    - require: 
      - file: nginx-init
/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf
    - user: nginx
    - group: nginx
    - mode: 644
nginx-service:
  file.directory:
    - name: /usr/local/nginx/conf.d
    - require:
      - cmd: nginx-source-install
  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require:
      - cmd: nginx-init
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

部署命令:[root@salt-master base]# salt 'salt-minion02.contoso.com' state.sls nginx.service

部署结果:

[root@salt-minion02 logs]# ll /usr/local/pcre/
total 16
drwxr-xr-x 2 root root 4096 Jun  8 10:29 bin
drwxr-xr-x 2 root root 4096 Jun  8 10:29 include
drwxr-xr-x 3 root root 4096 Jun  8 10:29 lib
drwxr-xr-x 4 root root 4096 Jun  8 10:29 share
[root@salt-minion02 logs]# id nginx
uid=601(nginx) gid=601(nginx) groups=601(nginx)
[root@salt-minion02 logs]# ll /usr/local/nginx/
total 32
drwxr-xr-x 2 nginx nginx 4096 Jun  8 10:30 conf
drwxr-xr-x 2 root  root  4096 Jun  8 10:30 conf.d
drwxr-xr-x 2 nginx nginx 4096 Jun  8 10:30 html
drwxr-xr-x 2 nginx nginx 4096 Jun  8 10:30 logs
drwxr-xr-x 2 nginx nginx 4096 Jun  8 10:30 sbin
drwx------ 2 nginx root  4096 Jun  8 10:30 scgi_temp
drwxr-xr-x 5 nginx nginx 4096 Jun  8 10:29 tmp
drwx------ 2 nginx root  4096 Jun  8 10:30 uwsgi_temp
[root@salt-minion02 logs]# /usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.6.3
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_gzip_static_module --http-client-body-temp-path=/usr/local/nginx/tmp/client/ --http-proxy-temp-path=/usr/local/nginx/tmp/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/tmp/fcgi/ --with-poll_module --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_addition_module --with-http_random_index_module --with-http_stub_status_module --http-uwsgi-temp-path=/usr/local/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/nginx/scgi_temp --with-pcre=/opt/tools/pcre-8.37
[root@salt-minion02 logs]# /etc/init.d/nginx status
nginx (pid 11422 11421 11420 11419 11416) is running...
[root@salt-minion02 logs]# chkconfig --list|grep nginx
nginx          0:off1:off2:on3:on4:on5:on6:off
[root@salt-minion02 logs]# crontab -l
0 * * * * /usr/sbin/ntpdate   210.72.145.44 64.147.116.229 time.nist.gov >/dev/null 2>&1
# Lines below here are managed by Salt, do not edit
# SALT_CRON_IDENTIFIER:SUPERCRON
0 0 * * * /bin/bash /opt/tools/scripts/nginx_cut_log.sh >/dev/null 2>&1
[root@salt-minion02 logs]# ll /opt/tools/scripts/nginx_cut_log.sh 
-rwxr-xr-x 1 root root 1100 Jun  8 10:30 /opt/tools/scripts/nginx_cut_log.sh