salt nginx部署

目录规划

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@test / srv / salt / nginx]
# tree
.
| - - conf.sls
| - - file
| | - - enable_php.conf
| | - - log_format.conf
| | - - nginx
| | - - nginx - 1.2 . 3_bin_centos6 . 4_64bit .tar.gz   / / 以绝对路径压缩的安装包,解压使用,比源码安装快捷
| | - - nginx - 1.2 . 3.tar .gz
| | - - nginx.conf
| | - - nginx_log_cut.sh
| | - - ngx_cache_purge - 1.6 .tar.gz
| | - - sql_sec.conf
| ` - - web.conf
| - - init.sls
| - - install.sls
` - - vhost.sls

# 分析每个sls文件
init.sls 初始化所有sls文件 在nginx目录下

?

1
2
3
4
5
# cat init.sls
include:
- nginx.install
- nginx.conf
- nginx.vhost

# install.sls 服务的安装
# unless Do not execute cmd if statement on the host returns 0(unless的解释)

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# cat install.sls
nginx_source:
   file .managed:
     - name: / tmp / nginx - 1.2 . 3.tar .gz
     - unless: test - e / tmp / nginx - 1.2 . 3.tar .gz
     - user: root
     - group: root
     - makedirs: True
     - source: salt: / / nginx / file / nginx - 1.2 . 3.tar .gz
 
nginx_cache:
   file .managed:
     - name: / tmp / ngx_cache_purge - 1.6 .tar.gz
     - unless: test - e / tmp / ngx_cache_purge - 1.6 .tar.gz
     - user: root
     - group: root
     - makedirs: True
     - source: salt: / / nginx / file / ngx_cache_purge - 1.6 .tar.gz
 
nginx_cache_extract:
   cmd.run:
     - cwd: / tmp
     - names:
       - tar xzf ngx_cache_purge - 1.6 .tar.gz
     - unless: test - d / tmp / ngx_cache_purge - 1.6
     - require:
       - file : nginx_cache
 
nginx_extract:
   cmd.run:
     - cwd: / tmp
     - names:
       - tar xzf nginx - 1.2 . 3.tar .gz
     - unless: test - / tmp / nginx - 1.2 . 3
     - require:
       - file : nginx_source
 
nginx_user:
   user.present:
     - name: www
     - createhome: False
     - gid_from_name: True
     - shell: / sbin / nologin
 
nginx_compile:
   cmd.run:
     - cwd: / tmp / nginx - 1.2 . 3
     - names:
       - . / configure - - user = www - - group = www - - prefix = / data / soft / nginx - 1.2 . 3 \
- - with - http_stub_status_module - - add - module = .. / ngx_cache_purge - 1.6 \
- - with - http_realip_module - - with - http_ssl_module - - with - http_sub_module \
- - with - http_flv_module  - - with - http_addition_module - - with - http_gzip_static_module
       - make
       - make install
     - require:
       - cmd: nginx_cache_extract
       - cmd: nginx_extract
     - unless: test - d / data / soft / nginx - 1.2 . 3
 
create_dir:
   cmd.run:
     - names:
       - mkdir - p / data / wwwroot / web && chown - R www:www / data / wwwroot / web
       - mkdir - p / data / soft / nginx - 1.2 . 3 / logs / && chmod + w / data / soft / nginx - 1.2 . 3 / logs /
       - mkdir - p / data / soft / nginx - 1.2 . 3 / conf / vhost
       - mkdir - p / data / wwwroot / proxy_temp_dir
     - unless: test [[ - d / data / wwwroot / web && - d / data / soft / nginx - 1.2 . 3 / logs / && / data / wwwroot / proxy_temp_dir && / data / soft / nginx - 1.2 . 3 / conf / vhost ]]
     - require:
       - cmd: nginx_compile

# conf.sls 管理配置文件

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# cat conf.sls
include:
   - nginx.install            / / 引用安装
 
{ % set nginx_user = 'www' + ' ' + 'www' % / / 设置nginx用户变量
 
nginx_conf:
   file .managed:
     - name: / data / soft / nginx - 1.2 . 3 / conf / nginx.conf
     - source: salt: / / nginx / file / nginx.conf
     - template: jinja   / / 使用jinja模版
     - defaults:
       nginx_user: {{ nginx_user }}
       num_cpus: {{ grains[ 'num_cpus' ] }} / / 根据cpu核心数生成配置项
 
nginx_service:
   file .managed:
     - name: / etc / init.d / nginx
     - user: root
     - mode: 755
     - source: salt: / / nginx / file / nginx
   cmd.run:
     - names:
       - / sbin / chkconfig - - add nginx
       - / sbin / chkconfig nginx on
     - unless: / sbin / chkconfig - - list nginx
   service.running:
     - name: nginx
     - enable: True
     - reload : True
     - watch:
       - file : / data / soft / nginx - 1.2 . 3 / conf / vhost / * .conf
 
nginx_log_conf:
   file .managed:
     - name: / data / soft / nginx - 1.2 . 3 / conf / log_format.conf
     - unless: test - e / data / soft / nginx - 1.2 . 3 / conf / log_format.conf
     - source: salt: / / nginx / file / log_format.conf
 
nginx_php_conf:
   file .managed:
     - name: / data / soft / nginx - 1.2 . 3 / conf / enable_php.conf
     - unless: test - e / data / soft / nginx - 1.2 . 3 / conf / enable_php.conf
     - source: salt: / / nginx / file / enable_php.conf
 
nginx_sql_conf:
   file .managed:
     - name: / data / soft / nginx - 1.2 . 3 / conf / sql_sec.conf
     - unless: test - e / data / soft / nginx - 1.2 . 3 / conf / sql_sec.conf
     - source: salt: / / nginx / file / sql_sec.conf
 
nginx_log_cut:
   file .managed:
     - name: / data / soft / nginx - 1.2 . 3 / sbin / nginx_log_cut.sh
     - mode: 755
     - source: salt: / / nginx / file / nginx_log_cut.sh
   cron.present:
     - name: sh / data / soft / nginx - 1.2 . 3 / sbin / nginx_log_cut.sh
     - source: salt: / / nginx / file / nginx_log_cut.sh
     - minute: 10
     - hour: 0
     - require:
       - file : nginx_log_cut

# pillar上篇文章有提到,配置很灵活 适合针对不同的主机动态生成配置

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@test / srv / pillar]
# cat top.sls
base:
   '*' :
     - vhost
 
[root@test / srv / pillar]
# cat vhost.sls
vhost:
   { % if grains[ 'os' ] = = 'CentOS'  % }
   - name: web
     target: / data / soft / nginx - 1.2 . 3 / conf / vhost / web.conf
   { % else % }
   - name: bbs
     target: / data / soft / nginx - 1.2 . 3 / conf / vhost / bbs.conf
   { % endif % }

# 生成虚拟主机配置文件  vhost.sls

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@test / srv / salt / nginx]
# cat vhost.sls
include:
   - nginx.install
 
{ % for vname in pillar[ 'vhost' ] % }
 
{{ vname[ 'name' ] }}:
   file .managed:
     - name: {{ vname[ 'target' ] }}
     - source: salt: / / nginx / file / web.conf
     - target: {{ vname[ 'target' ] }}
     - template: jinja
     - defaults:
       log_name: {{ vname[ 'name' ] }}
     - watch_in:
       service: nginx
{ % endfor % }

# web.conf

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# cat web.conf
  server
  {
    listen 80 ;
    #listen 443;
    #ssl on;
    #ssl_certificate  conf/Web.crt;
    #ssl_certificate_key conf/Web.key;
 
    server_name {{ grains[ 'ip' ] }};
    index index.html index.htm index.shtml index.php;
    root  / data / wwwroot;
 
   #limit_conn   crawler  20;
   #limit_rate  20k;
 
#    location /admin/ {
#        allow 218.249.67.146;
#        deny all;
#    }
 
#    location ~ ^/admin/.*\.php$ {
#        allow 218.249.67.146;
#        deny all;
#        include enable_php.conf;
#    }
 
# SQL Injection
    include sql_sec.conf;
    include enable_php.conf;
 
    location ~ . * \.(gif|jpg|png|bmp|swf)$ {
         expires      1d ;
         access_log off;
         }
 
    location ~ . * \.(js|css)?$ {
         expires      1d ;
         access_log off;
         }
 
#   location ~ ^/status/ {
#     stub_status on;
#     access_log off;
#   }
      access_log off;
 
#   log_format  web  '$remote_addr - $remote_user [$time_local] "$request" '
#             '$status $body_bytes_sent "$http_referer" '
#             '"$http_user_agent" $http_x_forwarded_for';
#   access_log  logs/{{ log_name }}.log  {{ log_name }};
 
access_log off;
 
  }

# web.conf配置文件server_name项 我是自定义的py脚本 获取local_ip

?

1
2
3
4
5
6
7
8
9
10
11
12
# {{ grains['ip'] }} 获取主机ip 自己在_grains目录定义的脚本
 
[root@test / srv / salt]
# cat _grains/local_ip.py
#!/usr/bin/env python
import commands
 
def get_hostname():
     sc = {}
     get_ip = commands.getoutput( "ifconfig eth0 | grep 'inet addr:' | awk '{print $2}' | cut -c 6-" )
     sc[ 'ip' ] = get_ip
     return sc

# 验证配置

?

1
2
3
4
5
6
7
# salt -N 'test' state.highstate
Summary
- - - - - - - - - - - - -
Succeeded: 23
Failed:     0
- - - - - - - - - - - - -
Total:     23

# 验证客户端生成的配置文件是否正确

?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@salt - minion_6 / root]
# cat /data/soft/nginx-1.2.3/conf/vhost/web.conf
  server
  {
    listen 80 ;
    #listen 443;
    #ssl on;
    #ssl_certificate  conf/Web.crt;
    #ssl_certificate_key conf/Web.key;
 
    server_name 192.168 . 6.171 ;
    index index.html index.htm index.shtml index.php;
    root  / data / wwwroot;
......
 
# 如果有大量的主机配置都是不变的完全可以自己制作一个rpm包,用pkg的方式去管理主机,
# 又或者给nginx安装目录以绝对路径打包,每次安装只需要加大P解压

  • 本文固定链接: http://www.wpython.com/320.html

  • 转载请注明: Ted

    2014年07月21日

    于 小强的博客 发表


你可能感兴趣的:(SALT)