学习了Saltstack,之前也写几篇Saltstack系列,分别是: Saltstack的安装,Saltstack的分组,以及Saltstack的Grains和Pillar,今天牛刀小试,利用Saltstack部署Nginx源码编译安装。
实现内容:
(1.nginx源码安装
(2.实现配置文件、服务、用户、日志切割
1.目录结构
[root@node1 salt]# pwd/srv/salt[root@node1 salt]# tree -n ..├── nginx│ ├── conf.sls│ ├── files│ │ ├── nginx│ │ ├── nginx-1.7.12.tar.gz│ │ ├── nginx.conf│ │ ├── nginx_log_cut.sh│ │ └── vhost.conf│ ├── init.sls│ └── install.sls└── top.sls2 directories, 9 files
2.文件分析
(1.top文件
[root@node1 salt]# cat top.sls base: 'node2': - nginx[root@node1 nginx]# cat init.sls include: - nginx.install - nginx.conf
(2.init.sls文件
[root@node1 nginx]# cat init.sls include: - nginx.install - nginx.conf
(3.install.sls文件
[root@node1 nginx]# cat install.sls #nginx.tar.gznginx_source: file.managed: - name: /tmp/nginx-1.7.12.tar.gz - unless: test -e /tmp/nginx-1.7.12.tar.gz - source: salt://nginx/files/nginx-1.7.12.tar.gz#extractextract_nginx: cmd.run: - cwd: /tmp - names: - tar zxvf nginx-1.7.12.tar.gz - unless: test -d /tmp/nginx-1.7.12 - require: - file: nginx_source#usernginx_user: user.present: - name: nginx - createhome: False - gid_from_name: True - shell: /sbin/nologin#nginx_pkgsnginx_pkg: pkg.installed: - pkgs: - openssl-devel - pcre-devel - zlib-devel#nginx_compilenginx_compile: cmd.run: - cwd: /tmp/nginx-1.7.12 - names: - ./configure --prefix=/home/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module && make && make install - require: - cmd: extract_nginx - pkg: nginx_pkg - unless: test -d /home/nginx#cache_dircache_dir: cmd.run: - names: - mkdir -p /home/nginx/conf/conf.d && chown -R nginx.nginx /home/nginx/ - require: - cmd: nginx_compile - unless: test -d /home/nginx/conf/conf.d/ #vhosts file.managed: - name: /home/nginx/conf/conf.d/www.example.com.conf - unless: test -e /home/nginx/conf/conf.d/www.example.com.conf - source: salt://nginx/files/vhost.conf
(4.nginx启动脚本文件
[root@node1 files]# cat nginx#! /bin/bash## nginx - this script starts and stops the nginx daemin## chkconfig: 35 86 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse # proxy and IMAP/POP3 proxy server# processname: nginx# config: /home/nginx/conf/nginx.conf# pidfile: /home/nginx/logs/nginx.pid# Source function library.. /etc/rc.d/init.d/functions# Source networking configuration.. /etc/sysconfig/network# Check that networking is up.[ $NETWORKING = no ] && exit 0nginx=/home/nginx/sbin/nginxprog=$(basename $nginx)NGINX_CONF_FILE=/home/nginx/conf/nginx.conflockfile=/var/lock/subsys/nginxstart() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $Starting $prog: daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval}stop() { echo -n $Stopping $prog: killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval}restart() { configtest || return $? stop start}reload() { configtest || return $? echo -n $Reloading $prog: killproc $nginx -HUP RETVAL=$\? echo}force_reload() { restart}configtest() { $nginx -t -c $NGINX_CONF_FILE}rh_status() { status $prog}rh_status_q() { rh_status >/dev/null 2>&1}case $1 in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest} exit 2esac (5.nginx配置文件
[root@node1 files]# cat nginx.confuser { { nginx_user }};worker_processes `grains`.`num_cpus`;pid logs/nginx.pid;worker_rlimit_nofile 204800;events { use epoll; worker_connections 65535;}http { include mime.types; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$host"'; include /usr/local/nginx/conf/conf.d/*.conf; default_type application/octet-stream; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 300m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; server_tokens off; fastcgi_connect_timeout 300; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 64k; fastcgi_buffers 4 64k; fastcgi_busy_buffers_size 128k; fastcgi_temp_file_write_size 128k; fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m; fastcgi_cache_key $request_method://$host$request_uri; fastcgi_cache TEST; fastcgi_cache_valid 200 302 1h; fastcgi_cache_valid 301 1d; fastcgi_cache_valid any 1m; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; limit_req_log_level warn; limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;} (6.nginx日志切割脚本文件 [此脚本来自网络为测试]
[root@node1 files]# cat nginx_log_cut.sh #!/bin/bashlogs_path=/home/nginx/logsyesterday=`date -d "yesterday" +%F`mkdir -p $logs_path/$yesterdaycd $logs_pathfor nginx_logs in `ls *log` ;domv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs}kill -USR1 `cat /home/nginx/logs/nginx.pid`done 2.运行,查看效果
#刷新缓存[root@node1 files]# salt 'node2' saltutil.refresh_pillar#运行[root@node1 files]# salt 'node2' state.highstate[root@node1 files]# salt 'node2' cmd.run 'netstat -antup |grep 80' node2: tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1668/nginx