saltstack之nginx、php的配置

wadeson發表於2017-10-12

saltstack為nginx提供狀態配置

1、建立nginx配置需要的目錄
mkdir /srv/salt/prod/nginx
mkdir /srv/salt/prod/nginx/files

 2、將需要用到的nginx的原始碼包、啟動指令碼以及配置檔案提供到files檔案中

[root@node1 nginx]# ll files/
total 824
-rw-r--r-- 1 root root 833473 Oct 11 15:51 nginx-1.8.1.tar.gz
-rw-r--r-- 1 root root   1012 Oct 11 15:52 nginx.conf
-rwxr-xr-x 1 root root   2687 Oct 11 14:53 nginx.init

 3、編寫nginx安裝的配置檔案,並將nginx啟動指令碼新增到系統服務

[root@node1 nginx]# cat install.sls 
include:
  - pkg.pkg-init

nginx-install:
  file.managed:
    - name: /usr/local/src/nginx-1.8.1.tar.gz
    - source: salt://nginx/files/nginx-1.8.1.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: useradd -M -s /sbin/nologin nginx && cd /usr/local/src && tar xf nginx-1.8.1.tar.gz && cd nginx-1.8.1 && yum install libxslt-devel -y gd gd-devel GeoIP GeoIP-devel pcre pcre-devel && ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-file-aio --with-ipv6 --with-http_ssl_module  --with-http_spdy_module --with-http_realip_module    --with-http_addition_module    --with-http_xslt_module   --with-http_image_filter_module    --with-http_geoip_module  --with-http_sub_module  --with-http_dav_module --with-http_flv_module    --with-http_mp4_module --with-http_gunzip_module  --with-http_gzip_static_module  --with-http_auth_request_module  --with-http_random_index_module   --with-http_secure_link_module   --with-http_degradation_module   --with-http_stub_status_module && make && make install && chown -R nginx:nginx /usr/local/nginx/
    - unless: test -d /usr/local/nginx
    - require:
      - pkg: pkg-init
      - file: /usr/local/src/nginx-1.8.1.tar.gz

nginx-init:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx.init
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list|grep nginx
    - require:
      - file: /etc/init.d/nginx

 執行nginx安裝配置檔案:

salt 'node1' state.sls nginx.install saltenv=prod

 當然可以將上述的install.sls中的幾個部分分割開:

1、nginx服務的使用者,可以自定義nginx-user.sls
nginx-user-group:
  group.present:
    - name: nginx
    - gid: 1000

  user.present:
    - name: nginx
    - fullname: nginx
    - shell: /sbin/nologin
    - uid: 1000
    - gid: 1000

 2、編譯nginx安裝時需要依賴的包

nginx-require:
  pkg.installed:
    - names:
      - libxslt-devel
      - gd
      - gd-devel
      - GeoIP
      - GeoIP-devel
      - pcre
      - pcre-devel

 4、nginx安裝完成後,需要給nginx提供配置檔案,並將nginx服務開啟

[root@node1 nginx]# cat service.sls 
include:
  - nginx.install

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf
    - user: nginx
    - group: nginx
    - mode: 644

nginx-service:
  file.directory:
    - name: /usr/local/nginx/conf/vhost
    - require:
      - file: nginx-install
  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require: 
      - file: /etc/init.d/nginx
      - cmd: nginx-init
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

 執行整個nginx專案配置檔案

salt 'node1' state.sls nginx.service saltenv=prod

 nginx框架圖:

[root@node1 nginx]# tree
.
├── files
│   ├── nginx-1.8.1.tar.gz
│   ├── nginx.conf
│   └── nginx.init
├── install.sls
└── service.sls

 將nginx專案整合到base環境的top.sls檔案中:

[root@node1 base]# cat top.sls 
base:
  '*':
    - init.env_init

prod:
  '*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
    - nginx.service

 nginx的配置檔案如下:

[root@node1 nginx]# cat files/nginx.conf 
user  nginx;
worker_processes  1;
error_log  logs/error.log  error;
pid        logs/nginx.pid;
worker_rlimit_nofile 30000;


events {
    worker_connections  1024;
    use epoll;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  logs/access.log  main;
    sendfile        on;
    tcp_nopush     on;
    underscores_in_headers on;
    keepalive_timeout  10;
    send_timeout 60;
    gzip  on;
include /usr/local/nginx/conf/vhost/*.conf;
    server {
        listen       8080;
        server_name  localhost;
        location /nginx_status {
            stub_status on;
            access_log off;
            allow 192.168.44.0/24;
            deny all;
        }
    }
}

 nginx啟動指令碼如下:

[root@node1 nginx]# cat files/nginx.init 
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  NGINX is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /etc/nginx/nginx.conf
# config:      /etc/sysconfig/nginx
# pidfile:     /var/run/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {
   # make required directories
   user=`$nginx -V 2>&1 | grep "configure arguments:.*--user=" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
   if [ -n "$user" ]; then
      if [ -z "`grep $user /etc/passwd`" ]; then
         useradd -M -s /bin/nologin $user
      fi
      options=`$nginx -V 2>&1 | grep 'configure arguments:'`
      for opt in $options; do
          if [ `echo $opt | grep '.*-temp-path'` ]; then
              value=`echo $opt | cut -d "=" -f 2`
              if [ ! -d "$value" ]; then
                  # echo "creating" $value
                  mkdir -p $value && chown -R $user $value
              fi
          fi
       done
    fi
}

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    make_dirs
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    sleep 1
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

 saltstack為php提供狀態配置

1、安裝php的依賴包
2、編譯安裝php
3、安裝PHP外掛:pdo_mysql
4、提供php配置檔案php-ini
5、提供php-fpm配置檔案
6、給php-fpm提供啟動指令碼、將服務新增到啟動項、開啟php-fpm服務
1、建立php專案需要的目錄
mkdir /srv/salt/prod/php
mkdir /srv/salt/prod/php/files

 2、編譯安裝php需要用到的檔案指令碼和原始碼包

[root@node1 files]# ll
total 14760
-rw-r--r-- 1 root root     2354 Oct 11 20:03 init.d.php-fpm
-rw-r--r-- 1 root root 15011816 Oct 11 19:23 php-5.6.30.tar.bz2
-rw-r--r-- 1 root root    22794 Oct 11 20:05 php-fpm.conf.default
-rw-r--r-- 1 root root    73685 Oct 11 20:01 php.ini-production

 3、編寫狀態配置檔案

3.1編寫libmcrypt狀態配置
mkdir /srv/salt/prod/libmcrypt
mkdir /srv/salt/prod/libmcrypt/files
[root@node1 files]# ll
total 512
-rw-r--r-- 1 root root 523321 Oct 11 20:13 libmcrypt-2.5.7.tar.gz
[root@node1 files]# pwd
/srv/salt/prod/libmcrypt/files
[root@node1 libmcrypt]# pwd
/srv/salt/prod/libmcrypt
[root@node1 libmcrypt]# tree
.
├── files
│   └── libmcrypt-2.5.7.tar.gz
└── install.sls
[root@node1 libmcrypt]# cat install.sls 
libmcrypt-install:
  file.managed:
    - name: /usr/local/src/libmcrypt-2.5.7.tar.gz
    - source: salt://libmcrypt/files/libmcrypt-2.5.7.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src/ && tar xf libmcrypt-2.5.7.tar.gz && cd libmcrypt-2.5.7 && ./configure && make && make install
    - unless: test -d /usr/local/src/libmcrypt-2.5.7
    - require:
      - file: /usr/local/src/libmcrypt-2.5.7.tar.gz
5.2編譯安裝php
[root@node1 php]# cat install.sls 
pkg-php:                                 編寫依賴包狀態配置
  pkg.installed:
    - names:
      - libxml2
      - libxml2-devel
      - bzip2
      - bzip2-devel
      - libjpeg-turbo
      - libjpeg-turbo-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - zlib
      - zlib-devel
      - libcurl
      - libcurl-devel

php-install:                        php編譯安裝狀態配置
  file.managed:
    - name: /usr/local/src/php-5.6.30.tar.bz2
    - source: salt://php/files/php-5.6.30.tar.bz2
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src/ && tar xf php-5.6.30.tar.bz2 && cd php-5.6.30 && ./configure --prefix=/usr/local/php --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-openssl --enable-mbstring --with-freetype-dir --with-jpeg-dir --with-png-dir --with-mcrypt --with-zlib --with-libxml-dir=/usr --enable-xml  --enable-sockets --enable-fpm --with-config-file-path=/usr/local/php/etc --with-bz2 --with-gd && make && make install
    - unless: test -d /usr/local/php
    - require:
      - pkg: pkg-php                   由於上面安裝的依賴於是基於pkg模式
      - file: /usr/local/src/php-5.6.30.tar.bz2

pdo-plugin:                          php外掛pdo_mysql狀態配置
  cmd.run:
    - name: cd /usr/local/src/php-5.6.30/ext/pdo_mysql && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make&& make install 
    - unless: test -f /usr/local/php/lib/php/extensions/*/pdo_mysql.so
    - require:
      - file: php-install

php-ini:                                  提供php的php-ini配置檔案
  file.managed:
    - name: /usr/local/php/etc/php.ini
    - source: salt://php/files/php.ini-production
    - user: root
    - group: root
    - mode: 644

php-fpm:                                 提供php-fpm的配置檔案
  file.managed:
    - name: /usr/local/php/etc/php-fpm.conf
    - source: salt://php/files/php-fpm.conf.default
    - user: root
    - group: root
    - mode: 644

php-service:                           將php-fpm服務新增到系統服務中
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://php/files/init.d.php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm
    - unless: chkconfig --list|grep php-fpm
    - require:
      - file: /etc/init.d/php-fpm
  service.running:
    - name: php-fpm
    - enable: True
    - require: 
      - cmd: php-service
    - watch:
      - file: php-ini
      - file: php-fpm

 執行[root@node1 php]# salt 'node1' state.sls php.install saltenv=prod

檢視php-fpm:
[root@node1 php]# netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      122333/nginx        
tcp        0      0 192.168.44.10:80            0.0.0.0:*                   LISTEN      107737/haproxy      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1265/sshd           
tcp        0      0 0.0.0.0:4505                0.0.0.0:*                   LISTEN      42708/python2.7     
tcp        0      0 0.0.0.0:8090                0.0.0.0:*                   LISTEN      107737/haproxy      
tcp        0      0 0.0.0.0:4506                0.0.0.0:*                   LISTEN      42714/python2.7     
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      117298/php-fpm      
tcp        0      0 :::22                       :::*                        LISTEN      1265/sshd           
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1092/dhclient

 php專案構建圖:

[root@node1 php]# tree
.
├── files
│   ├── init.d.php-fpm
│   ├── php-5.6.30.tar.bz2
│   ├── php-fpm.conf.default
│   └── php.ini-production
└── install.sls

 將nginx和php-fpm結合起來,提供配置檔案

mkdir /srv/salt/prod/html
mkdir /srv/salt/prod/html/files
[root@node1 files]# ll
total 8
-rw-r--r-- 1 root root 1034 Oct 11 21:24 fastcgi_params
-rw-r--r-- 1 root root  278 Oct 11 21:10 www.conf
[root@node1 files]# pwd
/srv/salt/prod/html/files
[root@node1 html]# tree
.
├── files
│   ├── fastcgi_params            將nginx和php進行結合
│   └── www.conf                     新增應用配置檔案
└── www.sls
[root@node1 html]# cat www.sls 
include:                                 包含了nginx和php的安裝
  - php.install
  - nginx.service

nginx-php-conf:
  file.managed:
    - name: /usr/local/nginx/conf/fastcgi_params
    - source: salt://html/files/fastcgi_params
    - user: nginx
    - group: nginx
    - mode: 755

html-www:
  file.managed:
    - name: /usr/local/nginx/conf/vhost/www.conf
    - source: salt://html/files/www.conf
    - user: root
    - group: root
    - mode: 644
    - require: 
      - service: php-service
    - watch_in:
      - service: nginx-service

 提供的fastcgi_params配置檔案

[root@node1 html]# cat files/fastcgi_params 

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

 提供的index.php測試檔案:

[root@node1 conf]# cat ../html/index.php 
<?php
  phpinfo();
?>

 測試效果:

構建樹info如下:

[root@node1 prod]# tree libmcrypt/
libmcrypt/
├── files
│   └── libmcrypt-2.5.7.tar.gz
└── install.sls

[root@node1 prod]# tree nginx/
nginx/
├── files
│   ├── nginx-1.8.1.tar.gz
│   ├── nginx.conf
│   └── nginx.init
├── install.sls
└── service.sls

[root@node1 prod]# tree php/
php/
├── files
│   ├── init.d.php-fpm
│   ├── php-5.6.30.tar.bz2
│   ├── php-fpm.conf.default
│   └── php.ini-production
└── install.sls

[root@node1 prod]# tree html/
html/
├── files
│   ├── fastcgi_params
│   └── www.conf
└── www.sls

 將專案nginx和php和html結合到top.sls檔案中:

[root@node1 base]# cat top.sls 
base:
  '*':
    - init.env_init

prod:
  '*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
    - html.www                     該專案包含了nginx和php的安裝

 

相關文章