目录规划
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@test
/
srv
/
salt
/
nginx]
# tree
.
|
-
-
conf.sls
|
-
-
file
| |
-
-
enable_php.conf
| |
-
-
log_format.conf
| |
-
-
nginx
| |
-
-
nginx
-
1.2
.
3_bin_centos6
.
4_64bit
.tar.gz
/
/
以绝对路径压缩的安装包,解压使用,比源码安装快捷
| |
-
-
nginx
-
1.2
.
3.tar
.gz
| |
-
-
nginx.conf
| |
-
-
nginx_log_cut.sh
| |
-
-
ngx_cache_purge
-
1.6
.tar.gz
| |
-
-
sql_sec.conf
| `
-
-
web.conf
|
-
-
init.sls
|
-
-
install.sls
`
-
-
vhost.sls
|
# 分析每个sls文件
init.sls 初始化所有sls文件 在nginx目录下
?
1
2
3
4
5
|
# cat init.sls
include:
-
nginx.install
-
nginx.conf
-
nginx.vhost
|
# install.sls 服务的安装
# unless Do not execute cmd if statement on the host returns 0(unless的解释)
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
# cat install.sls
nginx_source:
file
.managed:
-
name:
/
tmp
/
nginx
-
1.2
.
3.tar
.gz
-
unless: test
-
e
/
tmp
/
nginx
-
1.2
.
3.tar
.gz
-
user: root
-
group: root
-
makedirs:
True
-
source: salt:
/
/
nginx
/
file
/
nginx
-
1.2
.
3.tar
.gz
nginx_cache:
file
.managed:
-
name:
/
tmp
/
ngx_cache_purge
-
1.6
.tar.gz
-
unless: test
-
e
/
tmp
/
ngx_cache_purge
-
1.6
.tar.gz
-
user: root
-
group: root
-
makedirs:
True
-
source: salt:
/
/
nginx
/
file
/
ngx_cache_purge
-
1.6
.tar.gz
nginx_cache_extract:
cmd.run:
-
cwd:
/
tmp
-
names:
-
tar xzf ngx_cache_purge
-
1.6
.tar.gz
-
unless: test
-
d
/
tmp
/
ngx_cache_purge
-
1.6
-
require:
-
file
: nginx_cache
nginx_extract:
cmd.run:
-
cwd:
/
tmp
-
names:
-
tar xzf nginx
-
1.2
.
3.tar
.gz
-
unless: test
-
d
/
tmp
/
nginx
-
1.2
.
3
-
require:
-
file
: nginx_source
nginx_user:
user.present:
-
name: www
-
createhome:
False
-
gid_from_name:
True
-
shell:
/
sbin
/
nologin
nginx_compile:
cmd.run:
-
cwd:
/
tmp
/
nginx
-
1.2
.
3
-
names:
-
.
/
configure
-
-
user
=
www
-
-
group
=
www
-
-
prefix
=
/
data
/
soft
/
nginx
-
1.2
.
3
\
-
-
with
-
http_stub_status_module
-
-
add
-
module
=
..
/
ngx_cache_purge
-
1.6
\
-
-
with
-
http_realip_module
-
-
with
-
http_ssl_module
-
-
with
-
http_sub_module \
-
-
with
-
http_flv_module
-
-
with
-
http_addition_module
-
-
with
-
http_gzip_static_module
-
make
-
make install
-
require:
-
cmd: nginx_cache_extract
-
cmd: nginx_extract
-
unless: test
-
d
/
data
/
soft
/
nginx
-
1.2
.
3
create_dir:
cmd.run:
-
names:
-
mkdir
-
p
/
data
/
wwwroot
/
web && chown
-
R www:www
/
data
/
wwwroot
/
web
-
mkdir
-
p
/
data
/
soft
/
nginx
-
1.2
.
3
/
logs
/
&& chmod
+
w
/
data
/
soft
/
nginx
-
1.2
.
3
/
logs
/
-
mkdir
-
p
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
vhost
-
mkdir
-
p
/
data
/
wwwroot
/
proxy_temp_dir
-
unless: test [[
-
d
/
data
/
wwwroot
/
web &&
-
d
/
data
/
soft
/
nginx
-
1.2
.
3
/
logs
/
&&
/
data
/
wwwroot
/
proxy_temp_dir &&
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
vhost ]]
-
require:
-
cmd: nginx_compile
|
# conf.sls 管理配置文件
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# cat conf.sls
include:
-
nginx.install
/
/
引用安装
{
%
set
nginx_user
=
'www'
+
' '
+
'www'
%
}
/
/
设置nginx用户变量
nginx_conf:
file
.managed:
-
name:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
nginx.conf
-
source: salt:
/
/
nginx
/
file
/
nginx.conf
-
template: jinja
/
/
使用jinja模版
-
defaults:
nginx_user: {{ nginx_user }}
num_cpus: {{ grains[
'num_cpus'
] }}
/
/
根据cpu核心数生成配置项
nginx_service:
file
.managed:
-
name:
/
etc
/
init.d
/
nginx
-
user: root
-
mode:
755
-
source: salt:
/
/
nginx
/
file
/
nginx
cmd.run:
-
names:
-
/
sbin
/
chkconfig
-
-
add nginx
-
/
sbin
/
chkconfig nginx on
-
unless:
/
sbin
/
chkconfig
-
-
list
nginx
service.running:
-
name: nginx
-
enable:
True
-
reload
:
True
-
watch:
-
file
:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
vhost
/
*
.conf
nginx_log_conf:
file
.managed:
-
name:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
log_format.conf
-
unless: test
-
e
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
log_format.conf
-
source: salt:
/
/
nginx
/
file
/
log_format.conf
nginx_php_conf:
file
.managed:
-
name:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
enable_php.conf
-
unless: test
-
e
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
enable_php.conf
-
source: salt:
/
/
nginx
/
file
/
enable_php.conf
nginx_sql_conf:
file
.managed:
-
name:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
sql_sec.conf
-
unless: test
-
e
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
sql_sec.conf
-
source: salt:
/
/
nginx
/
file
/
sql_sec.conf
nginx_log_cut:
file
.managed:
-
name:
/
data
/
soft
/
nginx
-
1.2
.
3
/
sbin
/
nginx_log_cut.sh
-
mode:
755
-
source: salt:
/
/
nginx
/
file
/
nginx_log_cut.sh
cron.present:
-
name: sh
/
data
/
soft
/
nginx
-
1.2
.
3
/
sbin
/
nginx_log_cut.sh
-
source: salt:
/
/
nginx
/
file
/
nginx_log_cut.sh
-
minute:
10
-
hour:
0
-
require:
-
file
: nginx_log_cut
|
# pillar上篇文章有提到,配置很灵活 适合针对不同的主机动态生成配置
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@test
/
srv
/
pillar]
# cat top.sls
base:
'*'
:
-
vhost
[root@test
/
srv
/
pillar]
# cat vhost.sls
vhost:
{
%
if
grains[
'os'
]
=
=
'CentOS'
%
}
-
name: web
target:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
vhost
/
web.conf
{
%
else
%
}
-
name: bbs
target:
/
data
/
soft
/
nginx
-
1.2
.
3
/
conf
/
vhost
/
bbs.conf
{
%
endif
%
}
|
# 生成虚拟主机配置文件 vhost.sls
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
[root@test
/
srv
/
salt
/
nginx]
# cat vhost.sls
include:
-
nginx.install
{
%
for
vname
in
pillar[
'vhost'
]
%
}
{{ vname[
'name'
] }}:
file
.managed:
-
name: {{ vname[
'target'
] }}
-
source: salt:
/
/
nginx
/
file
/
web.conf
-
target: {{ vname[
'target'
] }}
-
template: jinja
-
defaults:
log_name: {{ vname[
'name'
] }}
-
watch_in:
service: nginx
{
%
endfor
%
}
|
# web.conf
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# cat web.conf
server
{
listen
80
;
#listen 443;
#ssl on;
#ssl_certificate conf/Web.crt;
#ssl_certificate_key conf/Web.key;
server_name {{ grains[
'ip'
] }};
index index.html index.htm index.shtml index.php;
root
/
data
/
wwwroot;
#limit_conn crawler 20;
#limit_rate 20k;
# location /admin/ {
# allow 218.249.67.146;
# deny all;
# }
# location ~ ^/admin/.*\.php$ {
# allow 218.249.67.146;
# deny all;
# include enable_php.conf;
# }
# SQL Injection
include sql_sec.conf;
include enable_php.conf;
location ~ .
*
\.(gif|jpg|png|bmp|swf)$ {
expires
1d
;
access_log off;
}
location ~ .
*
\.(js|css)?$ {
expires
1d
;
access_log off;
}
# location ~ ^/status/ {
# stub_status on;
# access_log off;
# }
access_log off;
# log_format web '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" $http_x_forwarded_for';
# access_log logs/{{ log_name }}.log {{ log_name }};
access_log off;
}
|
# web.conf配置文件server_name项 我是自定义的py脚本 获取local_ip
?
1
2
3
4
5
6
7
8
9
10
11
12
|
# {{ grains['ip'] }} 获取主机ip 自己在_grains目录定义的脚本
[root@test
/
srv
/
salt]
# cat _grains/local_ip.py
#!/usr/bin/env python
import
commands
def
get_hostname():
sc
=
{}
get_ip
=
commands.getoutput(
"ifconfig eth0 | grep 'inet addr:' | awk '{print $2}' | cut -c 6-"
)
sc[
'ip'
]
=
get_ip
return
sc
|
# 验证配置
?
1
2
3
4
5
6
7
|
# salt -N 'test' state.highstate
Summary
-
-
-
-
-
-
-
-
-
-
-
-
-
Succeeded:
23
Failed:
0
-
-
-
-
-
-
-
-
-
-
-
-
-
Total:
23
|
# 验证客户端生成的配置文件是否正确
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@salt
-
minion_6
/
root]
# cat /data/soft/nginx-1.2.3/conf/vhost/web.conf
server
{
listen
80
;
#listen 443;
#ssl on;
#ssl_certificate conf/Web.crt;
#ssl_certificate_key conf/Web.key;
server_name
192.168
.
6.171
;
index index.html index.htm index.shtml index.php;
root
/
data
/
wwwroot;
......
# 如果有大量的主机配置都是不变的完全可以自己制作一个rpm包,用pkg的方式去管理主机,
# 又或者给nginx安装目录以绝对路径打包,每次安装只需要加大P解压
|
本文固定链接: http://www.wpython.com/320.html
转载请注明: Ted
2014年07月21日于 小强的博客 发表