因为基本上生产环境中都是nginx+php的环境,所以就不单独列出salt部署php的过程了,这里就结合我在生产环境中的脚本进行nginx+php环境的部署。

部署规划:

1)编译安装libiconv、libmcrypt、mhash以及mcrypt

2)编译安装php

3)添加启动停止脚本

4)添加到系统服务并设置开机启动

5)拷贝日志切割脚本

6)添加日志切割定时任务

7)安装memcached/redis/protobuf扩展

8)修改php.ini加载php扩展

salt部署目录架构:

[root@salt-master ~]# tree /srv/salt/base/
/srv/salt/base/
├── cron
│   ├── files
│   │   ├── nginx_cut_log.sh
│   │   └── php_cut_log.sh
│   ├── nginx.sls
│   └── php.sls
├── nginx
│   ├── files
│   │   ├── nginx
│   │   ├── nginx-1.6.3.tar.gz
│   │   └── nginx.conf
│   ├── install.sls
│   └── service.sls
├── packages
│   └── install.sls
├── pcre
│   ├── files
│   │   └── pcre-8.37.tar.gz
│   └── install.sls
├── php
│   ├── extension.sls
│   ├── files
│   │   ├── libmemcached-1.0.18.tar.gz
│   │   ├── memcached-2.2.0.tgz
│   │   ├── php-5.6.16.tar.gz
│   │   ├── php-fpm
│   │   ├── php-fpm.conf
│   │   ├── php.ini
│   │   ├── phpredis-2.2.4.tar.gz
│   │   └── protobuf.so
│   ├── install.sls
│   ├── libiconv
│   │   └── files
│   │       └── libiconv-1.14.tar.gz
│   ├── libiconv.sls
│   ├── libmcrypt
│   │   └── files
│   │       └── libmcrypt-2.5.8.tar.gz
│   ├── libmcrypt.sls
│   ├── mcrypt
│   │   └── files
│   │       └── mcrypt-2.6.8.tar.gz
│   ├── mcrypt.sls
│   ├── mhash
│   │   └── files
│   │       └── mhash-0.9.9.9.tar.gz
│   ├── mhash.sls
│   └── service.sls
├── top.sls
└── user
    ├── nginx.sls
    └── php.sls
18 directories, 34 files

安装libiconv:

[root@salt-master base]# cat php/libiconv.sls 
libiconv-source-install:
  file.managed:
    - name: /opt/tools/libiconv-1.14.tar.gz
    - source: salt://php/libiconv/files/libiconv-1.14.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf libiconv-1.14.tar.gz && cd libiconv-1.14 && ./configure --prefix=/usr/local && make && make install && /sbin/ldconfig 
    - unless: test -e /usr/local/lib/libiconv.so.2.5.1
    - require:
      - file: libiconv-source-install

安装limcrypt:

[root@salt-master base]# cat php/libmcrypt.sls 
libmcrypt-source-install:
  file.managed:
    - name: /opt/tools/libmcrypt-2.5.8.tar.gz
    - source: salt://php/libmcrypt/files/libmcrypt-2.5.8.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /opt/tools && tar -zxf libmcrypt-2.5.8.tar.gz && cd libmcrypt-2.5.8 && ./configure && make && make install && ldconfig && cd libltdl && ./configure --enable-ltdl-install && make && make install && /sbin/ldconfig
    - unless: test -e /usr/local/lib/libmcrypt.so.4.4.8
    - require:
      - file: libmcrypt-source-install

安装mhash:

[root@salt-master base]# cat php/mhash.sls 
mhash-source-install:
  file.managed:
    - name: /opt/tools/mhash-0.9.9.9.tar.gz
    - source: salt://php/mhash/files/mhash-0.9.9.9.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9 && ./configure && make && make install && ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la && ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so && ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 && ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 && ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a && ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la && ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so && ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 && ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 && ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config
    - unless: test -e /usr/local/lib/libmhash.a
    - require:
      - file: mhash-source-install

安装mcrypt:

[root@salt-master base]# cat php/mcrypt.sls 
mcrypt-source-install:
  file.managed:
    - name: /opt/tools/mcrypt-2.6.8.tar.gz
    - source: salt://php/mcrypt/files/mcrypt-2.6.8.tar.gz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf mcrypt-2.6.8.tar.gz && cd mcrypt-2.6.8 && /sbin/ldconfig && ./configure && make && make install
    - unless: test -e /usr/local/bin/mcrypt
    - require:
      - file: mcrypt-source-install

安装php:

[root@salt-master base]# cat php/install.sls 
include:
  - packages.install
  - user.php
  - php.libiconv
  - php.libmcrypt
  - php.mhash
  - php.mcrypt
php-source-install:
  file.managed:
    - name: /opt/tools/php-5.6.16.tar.gz
    - source: salt://php/files/php-5.6.16.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf php-5.6.16.tar.gz && cd php-5.6.16 && ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-libxml-dir --enable-xml --enable-fpm --with-fpm-user=www --with-fpm-group=www --enable-bcmath --enable-mbstring --enable-gd-native-ttf --enable-sockets --enable-mysqlnd --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-zip --enable-inline-optimization --with-gd --with-bz2 --with-zlib --with-mcrypt --with-mhash --with-openssl --with-xmlrpc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --without-pear --disable-ipv6 --disable-pdo --with-gettext --disable-debug --without-pdo-sqlite --disable-rpath --enable-shmop --enable-sysvsem --with-curl --with-curlwrappers --enable-mbregex --enable-pcntl --enable-soap --enable-sigchild --enable-pdo && make ZEND_EXTRA_LIBS='-liconv' && make install
    - unless: test -d /usr/local/php
    - require:
      - file: php-source-install
      - user: php-user-group
      - cmd: libiconv-source-install
      - cmd: libmcrypt-source-install
      - cmd: mcrypt-source-install
      - cmd: mhash-source-install

配置php服务:

[root@salt-master base]# cat php/service.sls 
include:
  - php.install
  - cron.php
/usr/local/php/etc:
  file.directory:
    - user: www
    - group: www
    - mode: 644
    - makedirs: True
/usr/local/php/etc/php-fpm.conf:
  file.managed:
    - source: salt://php/files/php-fpm.conf
    - user: www
    - group: www
    - mode: 644
/etc/php.ini:
  file.managed:
    - source: salt://php/files/php.ini
    - user: www
    - group: www
    - mode: 644
/etc/profile:
  file.append:
    - text:
      - export PATH=$PATH:/usr/local/php/bin:/usr/local/php/sbin
php-init:
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://php/files/php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm && source /etc/profile
    - unless: chkconfig --list|grep php-fpm
    - require:
      - file: php-init
php-service:
  service.running:
    - name: php-fpm
    - enable: True
    - restart: True
    - require:
      - cmd: php-init
    - watch:
      - file: /etc/php.ini
      - file: /usr/local/php/etc/php-fpm.conf

部署定时任务:

[root@salt-master base]# cat cron/php.sls 
php-crond-job:
  file.managed:
    - name: /opt/tools/scripts/php_cut_log.sh
    - source: salt://cron/files/php_cut_log.sh
    - user: root
    - group: root
    - mode: 755
/bin/bash /opt/tools/scripts/php_cut_log.sh >/dev/null 2>&1:
  cron.present:
    - identifier: cut php daily logs job
    - user: root
    - minute: '0'
    - hour: '0'
    - require:
      - file: php-crond-job

安装php扩展:

[root@salt-master base]# cat php/extension.sls 
include:
  - php.service
libmemcached-source-install:
  file.managed:
    - name: /opt/tools/libmemcached-1.0.18.tar.gz
    - source: salt://php/files/libmemcached-1.0.18.tar.gz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /opt/tools && tar -zxf libmemcached-1.0.18.tar.gz && cd libmemcached-1.0.18 && ./configure --prefix=/usr/local/libmemcached --with-memcached && make && make install
    - unless: test -d /usr/local/libmemcached
    - require:
      - file: libmemcached-source-install
memcached-source-install:
  file.managed:
    - name: /opt/tools/memcached-2.2.0.tgz
    - source: salt://php/files/memcached-2.2.0.tgz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /opt/tools/ && tar -zxf memcached-2.2.0.tgz && cd memcached-2.2.0 && /usr/local/php/bin/phpize && ./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/libmemcached && make && make install
    - unless: test -x /usr/bin/memcached
    - require:
      - file: memcached-source-install
phpredis-source-install:
  file.managed:
    - name: /opt/tools/phpredis-2.2.4.tar.gz
    - source: salt://php/files/phpredis-2.2.4.tar.gz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /opt/tools && tar -zxf phpredis-2.2.4.tar.gz && cd phpredis-2.2.4 && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install
    - unless: test -e /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/redis.so
    - require:
      - file: phpredis-source-install
protobuf-extension:
  file.managed:
    - name: /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/protobuf.so
    - source: salt://php/files/protobuf.so
    - user: www
    - group: www
    - mode: 755
extension-init:
  file.managed:
    - name: /usr/local/php/etc/php.ini
    - source: salt://php/files/php.ini
    - user: www
    - group: www
    - replace: True
    - mode: 644
  cmd.run:
    - name: chown -R www:www /usr/local/php && source /etc/profile
    - require:
      - file: protobuf-extension
      - file: extension-init
    - watch: 
      - file: /usr/local/php/etc/php.ini

top.sls文件:

[root@salt-master base]# cat top.sls 
base:
  'salt-minion02.contoso.com':
    - nginx.service
    - php.service
    - php.extension