saltstack为nginx提供状态配置

1、创建nginx配置需要的目录
mkdir /srv/salt/prod/nginx

mkdir /srv/salt/prod/nginx/files

2、将需要用到的nginx的源码包、启动脚本以及配置文件提供到files文件中

[root@node1 nginx]# ll files/

total 824

-rw-r--r-- 1 root root 833473 Oct 11 15:51 nginx-1.8.1.tar.gz

-rw-r--r-- 1 root root   1012 Oct 11 15:52 nginx.conf

-rwxr-xr-x 1 root root   2687 Oct 11 14:53 nginx.init

3、编写nginx安装的配置文件,并将nginx启动脚本添加到系统服务

[root@node1 nginx]# cat install.sls

include:

  - pkg.pkg-init

nginx-install:

  file.managed:

    - name: /usr/local/src/nginx-1.8.1.tar.gz

    - source: salt://nginx/files/nginx-1.8.1.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: useradd -M -s /sbin/nologin nginx && cd /usr/local/src && tar xf nginx-1.8.1.tar.gz && cd nginx-1.8.1 && yum install libxslt-devel -y gd gd-devel GeoIP GeoIP-devel pcre pcre-devel && ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-ipv6 --with-http_ssl_module  --with-http_spdy_module --with-http_realip_module    --with-http_addition_module    --with-http_xslt_module   --with-http_image_filter_module    --with-http_geoip_module  --with-http_sub_module  --with-http_dav_module --with-http_flv_module    --with-http_mp4_module --with-http_gunzip_module  --with-http_gzip_static_module  --with-http_auth_request_module  --with-http_random_index_module   --with-http_secure_link_module   --with-http_degradation_module   --with-http_stub_status_module && make && make install && chown -R nginx:nginx /usr/local/nginx/

    - unless: test -d /usr/local/nginx

    - require:

      - pkg: pkg-init

      - file: /usr/local/src/nginx-1.8.1.tar.gz

nginx-init:

  file.managed:

    - name: /etc/init.d/nginx

    - source: salt://nginx/files/nginx.init

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: chkconfig --add nginx

    - unless: chkconfig --list|grep nginx

    - require:

      - file: /etc/init.d/nginx

执行nginx安装配置文件:

salt 'node1' state.sls nginx.install saltenv=prod

当然可以将上述的install.sls中的几个部分分割开:

1、nginx服务的用户,可以自定义nginx-user.sls
nginx-user-group:

  group.present:

    - name: nginx

    - gid: 1000

  user.present:

    - name: nginx

    - fullname: nginx

    - shell: /sbin/nologin

    - uid: 1000

    - gid: 1000

2、编译nginx安装时需要依赖的包

nginx-require:

  pkg.installed:

    - names:

      - libxslt-devel

      - gd

      - gd-devel

      - GeoIP

      - GeoIP-devel

      - pcre

      - pcre-devel

4、nginx安装完成后,需要给nginx提供配置文件,并将nginx服务开启

[root@node1 nginx]# cat service.sls

include:

  - nginx.install

/usr/local/nginx/conf/nginx.conf:

  file.managed:

    - source: salt://nginx/files/nginx.conf

    - user: nginx

    - group: nginx

    - mode: 644

nginx-service:

  file.directory:

    - name: /usr/local/nginx/conf/vhost

    - require:

      - file: nginx-install

  service.running:

    - name: nginx

    - enable: True

    - reload: True

    - require:

      - file: /etc/init.d/nginx

      - cmd: nginx-init

    - watch:

      - file: /usr/local/nginx/conf/nginx.conf

执行整个nginx项目配置文件

salt 'node1' state.sls nginx.service saltenv=prod

nginx框架图:

[root@node1 nginx]# tree

.

├── files

│   ├── nginx-1.8.1.tar.gz

│   ├── nginx.conf

│   └── nginx.init

├── install.sls

└── service.sls

将nginx项目整合到base环境的top.sls文件中:

[root@node1 base]# cat top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy-outside

    - cluster.haproxy-outside-keepalived

    - nginx.service

nginx的配置文件如下:

[root@node1 nginx]# cat files/nginx.conf

user  nginx;

worker_processes  1;

error_log  logs/error.log  error;

pid        logs/nginx.pid;

worker_rlimit_nofile 30000;

events {

    worker_connections  1024;

    use epoll;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  logs/access.log  main;

    sendfile        on;

    tcp_nopush     on;

    underscores_in_headers on;

    keepalive_timeout  10;

    send_timeout 60;

    gzip  on;

include /usr/local/nginx/conf/vhost/*.conf;

    server {

        listen       8080;

        server_name  localhost;

        location /nginx_status {

            stub_status on;

            access_log off;

            allow 192.168.44.0/24;

            deny all;

        }

    }

}

nginx启动脚本如下:

[root@node1 nginx]# cat files/nginx.init

#!/bin/sh

#

# nginx - this script starts and stops the nginx daemon

#

# chkconfig:   - 85 15

# description:  NGINX is an HTTP(S) server, HTTP(S) reverse \

#               proxy and IMAP/POP3 proxy server

# processname: nginx

# config:      /etc/nginx/nginx.conf

# config:      /etc/sysconfig/nginx

# pidfile:     /var/run/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"

prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

   # make required directories

   user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`

   if [ -n "$user" ]; then

      if [ -z "`grep $user /etc/passwd`" ]; then

         useradd -M -s /bin/nologin $user

      fi

      options=`$nginx -V 2>&1 | grep 'configure arguments:'`

      for opt in $options; do

          if [ `echo $opt | grep '.*-temp-path'` ]; then

              value=`echo $opt | cut -d "=" -f 2`

              if [ ! -d "$value" ]; then

                  # echo "creating" $value

                  mkdir -p $value && chown -R $user $value

              fi

          fi

       done

    fi

}

start() {

    [ -x $nginx ] || exit 5

    [ -f $NGINX_CONF_FILE ] || exit 6

    make_dirs

    echo -n $"Starting $prog: "

    daemon $nginx -c $NGINX_CONF_FILE

    retval=$?

    echo

    [ $retval -eq 0 ] && touch $lockfile

    return $retval

}

stop() {

    echo -n $"Stopping $prog: "

    killproc $prog -QUIT

    retval=$?

    echo

    [ $retval -eq 0 ] && rm -f $lockfile

    return $retval

}

restart() {

    configtest || return $?

    stop

    sleep 1

    start

}

reload() {

    configtest || return $?

    echo -n $"Reloading $prog: "

    killproc $nginx -HUP

    RETVAL=$?

    echo

}

force_reload() {

    restart

}

configtest() {

  $nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

    status $prog

}

rh_status_q() {

    rh_status >/dev/null 2>&1

}

case "$1" in

    start)

        rh_status_q && exit 0

        $1

        ;;

    stop)

        rh_status_q || exit 0

        $1

        ;;

    restart|configtest)

        $1

        ;;

    reload)

        rh_status_q || exit 7

        $1

        ;;

    force-reload)

        force_reload

        ;;

    status)

        rh_status

        ;;

    condrestart|try-restart)

        rh_status_q || exit 0

            ;;

    *)

        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"

        exit 2

esac

saltstack为php提供状态配置

1、安装php的依赖包
2、编译安装php
3、安装PHP插件:pdo_mysql
4、提供php配置文件php-ini
5、提供php-fpm配置文件
6、给php-fpm提供启动脚本、将服务添加到启动项、开启php-fpm服务
1、创建php项目需要的目录
mkdir /srv/salt/prod/php

mkdir /srv/salt/prod/php/files

2、编译安装php需要用到的文件脚本和源码包

[root@node1 files]# ll

total 14760

-rw-r--r-- 1 root root     2354 Oct 11 20:03 init.d.php-fpm

-rw-r--r-- 1 root root 15011816 Oct 11 19:23 php-5.6.30.tar.bz2

-rw-r--r-- 1 root root    22794 Oct 11 20:05 php-fpm.conf.default

-rw-r--r-- 1 root root    73685 Oct 11 20:01 php.ini-production

3、编写状态配置文件

3.1编写libmcrypt状态配置
mkdir /srv/salt/prod/libmcrypt

mkdir /srv/salt/prod/libmcrypt/files

[root@node1 files]# ll

total 512

-rw-r--r-- 1 root root 523321 Oct 11 20:13 libmcrypt-2.5.7.tar.gz

[root@node1 files]# pwd

/srv/salt/prod/libmcrypt/files

[root@node1 libmcrypt]# pwd

/srv/salt/prod/libmcrypt

[root@node1 libmcrypt]# tree

.

├── files

│   └── libmcrypt-2.5.7.tar.gz

└── install.sls

[root@node1 libmcrypt]# cat install.sls

libmcrypt-install:

  file.managed:

    - name: /usr/local/src/libmcrypt-2.5.7.tar.gz

    - source: salt://libmcrypt/files/libmcrypt-2.5.7.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src/ && tar xf libmcrypt-2.5.7.tar.gz && cd libmcrypt-2.5.7 && ./configure && make && make install

    - unless: test -d /usr/local/src/libmcrypt-2.5.7

    - require:

      - file: /usr/local/src/libmcrypt-2.5.7.tar.gz

5.2编译安装php

[root@node1 php]# cat install.sls

pkg-php:                                 编写依赖包状态配置

  pkg.installed:

    - names:

      - libxml2

      - libxml2-devel

      - bzip2

      - bzip2-devel

      - libjpeg-turbo

      - libjpeg-turbo-devel

      - libpng

      - libpng-devel

      - freetype

      - freetype-devel

      - zlib

      - zlib-devel

      - libcurl

      - libcurl-devel

php-install:                        php编译安装状态配置

  file.managed:

    - name: /usr/local/src/php-5.6.30.tar.bz2

    - source: salt://php/files/php-5.6.30.tar.bz2

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src/ && tar xf php-5.6.30.tar.bz2 && cd php-5.6.30 && ./configure --prefix=/usr/local/php --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-openssl --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-zlib --with-libxml-dir=/usr --enable-xml  --enable-sockets --enable-fpm --with-config-file-path=/usr/local/php/etc --with-bz2 --with-gd && make && make install

    - unless: test -d /usr/local/php

    - require:

      - pkg: pkg-php                   由于上面安装的依赖于是基于pkg模式

      - file: /usr/local/src/php-5.6.30.tar.bz2

pdo-plugin:                          php插件pdo_mysql状态配置

  cmd.run:

    - name: cd /usr/local/src/php-5.6.30/ext/pdo_mysql && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make&& make install

    - unless: test -f /usr/local/php/lib/php/extensions/*/pdo_mysql.so

    - require:

      - file: php-install

php-ini:                                  提供php的php-ini配置文件

  file.managed:

    - name: /usr/local/php/etc/php.ini

    - source: salt://php/files/php.ini-production

    - user: root

    - group: root

    - mode: 644

php-fpm:                                 提供php-fpm的配置文件

  file.managed:

    - name: /usr/local/php/etc/php-fpm.conf

    - source: salt://php/files/php-fpm.conf.default

    - user: root

    - group: root

    - mode: 644

php-service:                           将php-fpm服务添加到系统服务中

  file.managed:

    - name: /etc/init.d/php-fpm

    - source: salt://php/files/init.d.php-fpm

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: chkconfig --add php-fpm

    - unless: chkconfig --list|grep php-fpm

    - require:

      - file: /etc/init.d/php-fpm

  service.running:

    - name: php-fpm

    - enable: True

    - require:

      - cmd: php-service

    - watch:

      - file: php-ini

      - file: php-fpm

执行[root@node1 php]# salt 'node1' state.sls php.install saltenv=prod

查看php-fpm:
[root@node1 php]# netstat -tunlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      122333/nginx

tcp        0      0 192.168.44.10:80            0.0.0.0:*                   LISTEN      107737/haproxy

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1265/sshd

tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      42708/python2.7

tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      107737/haproxy

tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      42714/python2.7

tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      117298/php-fpm

tcp        0      0 :::22                       :::*                        LISTEN      1265/sshd

udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1092/dhclient

php项目构建图:

[root@node1 php]# tree

.

├── files

│   ├── init.d.php-fpm

│   ├── php-5.6.30.tar.bz2

│   ├── php-fpm.conf.default

│   └── php.ini-production

└── install.sls

将nginx和php-fpm结合起来,提供配置文件

mkdir /srv/salt/prod/html

mkdir /srv/salt/prod/html/files

[root@node1 files]# ll

total 8

-rw-r--r-- 1 root root 1034 Oct 11 21:24 fastcgi_params

-rw-r--r-- 1 root root  278 Oct 11 21:10 www.conf

[root@node1 files]# pwd

/srv/salt/prod/html/files

[root@node1 html]# tree

.

├── files

│   ├── fastcgi_params            将nginx和php进行结合

│   └── www.conf                     添加应用配置文件

└── www.sls

[root@node1 html]# cat www.sls

include:                                 包含了nginx和php的安装

  - php.install

  - nginx.service

nginx-php-conf:

  file.managed:

    - name: /usr/local/nginx/conf/fastcgi_params

    - source: salt://html/files/fastcgi_params

    - user: nginx

    - group: nginx

    - mode: 755

html-www:

  file.managed:

    - name: /usr/local/nginx/conf/vhost/www.conf

    - source: salt://html/files/www.conf

    - user: root

    - group: root

    - mode: 644

    - require:

      - service: php-service

    - watch_in:

      - service: nginx-service

提供的fastcgi_params配置文件

[root@node1 html]# cat files/fastcgi_params 

fastcgi_param  QUERY_STRING       $query_string;

fastcgi_param  REQUEST_METHOD     $request_method;

fastcgi_param  CONTENT_TYPE       $content_type;

fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

fastcgi_param  REQUEST_URI        $request_uri;

fastcgi_param  DOCUMENT_URI       $document_uri;

fastcgi_param  DOCUMENT_ROOT      $document_root;

fastcgi_param  SERVER_PROTOCOL    $server_protocol;

fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;

fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;

fastcgi_param  REMOTE_PORT        $remote_port;

fastcgi_param  SERVER_ADDR        $server_addr;

fastcgi_param  SERVER_PORT        $server_port;

fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect

fastcgi_param  REDIRECT_STATUS    200;

提供的index.php测试文件:

[root@node1 conf]# cat ../html/index.php

<?php

  phpinfo();

?>

测试效果:

构建树info如下:

[root@node1 prod]# tree libmcrypt/

libmcrypt/

├── files

│   └── libmcrypt-2.5.7.tar.gz

└── install.sls

[root@node1 prod]# tree nginx/

nginx/

├── files

│   ├── nginx-1.8.1.tar.gz

│   ├── nginx.conf

│   └── nginx.init

├── install.sls

└── service.sls

[root@node1 prod]# tree php/

php/

├── files

│   ├── init.d.php-fpm

│   ├── php-5.6.30.tar.bz2

│   ├── php-fpm.conf.default

│   └── php.ini-production

└── install.sls

[root@node1 prod]# tree html/

html/

├── files

│   ├── fastcgi_params

│   └── www.conf

└── www.sls

将项目nginx和php和html结合到top.sls文件中:

[root@node1 base]# cat top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy-outside

    - cluster.haproxy-outside-keepalived

    - html.www                     该项目包含了nginx和php的安装

saltstack之nginx、php的配置的更多相关文章

  1. nginx + SSL优化配置

    nginx + SSL优化配置: #http段添加如下配置项: http { ssl_prefer_server_ciphers on; #设置协商加密算法时,优先使用我们服务端的加密套件,而不是客户 ...

  2. nginx安装与配置

    一.在线安装 ubuntu 安装 sudo apt-get install nginx 安装后文件结构为: 配置文件:/etc/nginx ,并且每台虚拟主机已经安排在 /etc/nginx/site ...

  3. windows下nginx安装、配置与使用(转载)

    目前国内各大门户网站已经部署了Nginx,如新浪.网易.腾讯等:国内几个重要的视频分享网站也部署了Nginx,如六房间.酷6等.新近发现Nginx 技术在国内日趋火热,越来越多的网站开始部署Nginx ...

  4. 阿里云服务器Linux CentOS安装配置(八)nginx安装、配置、域名绑定

    阿里云服务器Linux CentOS安装配置(八)nginx安装.配置.域名绑定 1.安装nginx yum -y install nginx 2.启动nginx service nginx star ...

  5. nginx入门篇----nginx服务器基础配置

    1.nginx.conf文件结构...                         #全局块  events{  ...  }  http                      #http块{ ...

  6. 高流量站点NGINX与PHP-fpm配置优化(译)

    使用Nginx搭配PHP已有7年的这份经历让我们学会如何为高流量站点优化NGINX和PHP-fpm配置. 以下正是这方面的一些提示和建议: 1. 将TCP切换为UNIX域套接字 UNIX域套接字相比T ...

  7. nginx反向代理配置及优化

    nginx反向代理配置及优化前言: 由于服务器apache抗不住目前的并发.加上前端squid配置后,问题依然无法解决.而页面程序大部分是动态.无法使用fastcgi来处理.因此想使用nginx做为反 ...

  8. LVS + Keepalived + Nginx安装及配置

    1.概述 上篇文章<架构设计:负载均衡层设计方案(6)——Nginx + Keepalived构建高可用的负载层>(http://blog.csdn.net/yinwenjie/artic ...

  9. windows下nginx+php简单配置

    Nginx+php运行环境搭建 虽然目前nginx使用很广泛,在大陆主流的互联网站点或多或少会用到这个俄国人开发的小应用(占用资源小).但是我这个土鳖还是第一次自己独立配置,网上资料不少,但是还是遇到 ...

随机推荐

  1. js如何计算当前日期的前一个月和后一个月?

    <div class="query_title_div"><img src="../../images/task/before.png"/&g ...

  2. 160519、Oracle中将查询出的多条记录的某个字段拼接成一个字符串的方法

    with temp as( select 'China' nation ,'Guangzhou' city from dual union all select 'China' nation ,'Sh ...

  3. HUD2647 Reward_反向建图拓扑排序

    HDU2647 Reward 题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=2647 题意:老板要发奖金了,有n个人,给你m对数,类似a b,这样的一对 ...

  4. 转发URL请求

    如何用Netty实现一个轻量级的HTTP代理服务器 - Newland - 博客园 https://www.cnblogs.com/jietang/p/8926325.html 现在迫切希望有一个HT ...

  5. nsq里面WaitGroups两种实用的用法

    看过好几遍了,觉得挺实用的,记录备忘一下. 1.开启很多个 goroutine 之后,等待执行完毕 type WaitGroupWrapper struct { sync.WaitGroup } fu ...

  6. 基于stm32CubeMX和keil5的stm32f103学习编程

    0.       准备 先用st-link连接stm32核心板与PC,用于烧录 St-link Stm32 3.3V 3.3V GND GND SWDIO DIO SWCLK DCLK 再用USB串口 ...

  7. Eclipse集成SVN

    安装Subversion1.82(SVN)插件 简介    :SVN是团队开发的代码管理工具,它使我们得以进行多人在同一平台之下的团队开发. 解决问题:Eclipse下的的SVN插件安装. 学到    ...

  8. 前端 javascript 数据类型 数字

    1.数字(Number) JavaScript中不区分整数值和浮点数值,JavaScript中所有数字均用浮点数值表示. 转换: parseInt(..)    将某值转换成数字,不成功则NaN pa ...

  9. 007-mac快捷键

    锁屏:Ctrl + Command + Q touch-bar:方法:“系统偏好设置”>“键盘”>“自定Control Strip…”,将“锁定屏幕”图标拖拽到Touch Bar上即可.] ...

  10. Spark2.0机器学习系列之6:GBDT(梯度提升决策树)、GBDT与随机森林差异、参数调试及Scikit代码分析

    概念梳理 GBDT的别称 GBDT(Gradient Boost Decision Tree),梯度提升决策树.     GBDT这个算法还有一些其他的名字,比如说MART(Multiple Addi ...