saltstack 之源码部署管理nginx
saltstack 之源码部署管理nginx
saltstack接触也有一段时间了,感觉saltstack强大之处在于state文件部署,通过他可以给我们大批量部署节省很多时间,今天就用部署我前端的转发服务器为例进行源码部署nginx;水平有限希望大家多多指导。
思路:
1、用grains收集cpu、打开文件数等信息结合jinja配置nginx.conf文件
2、使用pillar保存我们要使用的变量结合jinja配置vhost.conf文件
3、state安装推送文件
部署步骤:
1、编写grains,根据系统打开文件数配置合理的nginx打开文件数量:
[root@mailnginx]#cd/srv/salt/_grains/
[root@mail_grains]#catnginx_config.py
importos,sys,commands
defNginxGrains():
grains={}
max_open_file=65536
#Worker_info={'cpus2':'0110','cpus4':'1000010000100001','cpus8':'1000000001000000001000000001000000001000000001000000001000000001'}
try:
getulimit=commands.getstatusoutput('source/etc/profile;ulimit-n')
exceptException,e:
pass
ifgetulimit[0]==0:
max_open_file=int(getulimit[1])
grains['max_open_file']=max_open_file
returngrains
if__name__=='__main__':
printNginxGrains()
推送文件到客户端并启动文件重启客户端生效:
salt'*'saltutil.sync_all
salt'*'sys.reload_modules
2、编写变量之pillar,这里我定义了域名和后端转发主机:
[root@mailpillar]#cattop.sls base: '*': -vhost [root@mailpillar]#catvhost.sls hostname:www.huasuan.com pass:192.168.10.100
3、编写state所有文件,先查看目录选项:
[root@mailsalt]#treenginx nginx ├──conf.sls ├──files │??├──nginx │??├──nginx-1.6.0.tar.gz │??├──nginx.conf │??└──huasuan.conf ├──init.sls ├──install.sls ├──server.sls └──vhost.sls 注释:init.sls指定启用哪个入口选项,install.sls指定安装步骤,server.sls表示管理服务脚本, conf.sls指定管理配置文件nginx.conf,vhost.sls指定管理vhost.sls目录下的虚拟主机。
4、查看top文件和init文件:
[root@mailnginx]#catinstall.sls [root@mailsalt]#cattop.sls base: '*': -nginx [root@mailsalt]#catnginx/init.sls include: -nginx.install -nginx.conf -nginx.server -nginx.vhost
5、安装install,sls文件:
#nginx.tar.gz
nginx_source:
file.managed:
-name:/tmp/nginx-1.6.0.tar.gz
-unless:test-e/tmp/nginx-1.6.0.tar.gz
-source:salt://nginx/files/nginx-1.6.0.tar.gz
#extract
extract_nginx:
cmd.run:
-cwd:/tmp
-names:
-tarzxvfnginx-1.6.0.tar.gz
-unless:test-d/tmp/nginx-1.6.0
-require:
-file:nginx_source
#user
nginx_user:
user.present:
-name:nginx
-uid:1501
-createhome:False
-gid_from_name:True
-shell:/sbin/nologin
#nginx_pkgs
nginx_pkg:
pkg.installed:
-pkgs:
-gcc
-openssl-devel
-pcre-devel
-zlib-devel
#nginx_compile
nginx_compile:
cmd.run:
-cwd:/tmp/nginx-1.6.0
-names:
-./configure--prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_ssl_module--with-http_gzip_static_module--http-client-body-temp-path=/usr/local/nginx/client/--http-proxy-temp-path=/usr/local/nginx/proxy/--http-fastcgi-temp-path=/usr/local/nginx/fcgi/--with-poll_module--with-file-aio--with-http_realip_module--with-http_addition_module--with-http_random_index_module--with-pcre--with-http_stub_status_module
-make
-makeinstall
-require:
-cmd:extract_nginx
-pkg:nginx_pkg
-unless:test-d/usr/local/nginx
#cache_dir
cache_dir:
cmd.run:
-names:
-mkdir-p/usr/local/nginx/{client,proxy,fcgi}&&chown-Rnginx.nginx/usr/local/nginx/
-mkdir-p/usr/local/nginx/conf/vhost&&chown-Rnginx.nginx/usr/local/nginx/conf/vhost
-unless:test-d/usr/local/nginx/client/
-require:
-cmd:nginx_compile
注释:nginx使用源码编译安装的方式,包括了文件包推送,解压、安装管理,主要核心是cmd的使用
6、管理配置文件conf.sls:
[root@mailnginx]#catconf.sls include: -nginx.install nginx_service: file.managed: -name:/usr/local/nginx/conf/nginx.conf -user:nginx -mode:644 -source:salt://nginx/files/nginx.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/nginx.conf
7、服务脚本启动文件管理server.sls:
[root@mailnginx]#catserver.sls include: -nginx.install server: file.managed: -name:/etc/init.d/nginx -user:root -mode:755 -source:salt://nginx/files/nginx service.running: -name:nginx -enable:True -reload:True -watch: -file:/etc/init.d/nginx command: cmd.run: -names: -/sbin/chkconfig--addnginx -/sbin/chkconfignginxon -unless:/sbin/chkconfig--listnginx
8、虚拟主机管理配置文件:vhost.sls
[root@mailnginx]#catvhost.sls include: -nginx.install vhostconfig: file.managed: -name:/usr/local/nginx/conf/vhost/huasuan.conf -user:root -mode:644 -source:salt://nginx/files/huasuan.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/vhost/huasuan.conf
上面几个分别是把已经保存在files目录下的配置文件推送到客户端,都是使用jinja模板为了使用系统的grains和pillar变量:
9、分别查看以下几个配置文件nginx.conf:
#Formoreinformationonconfiguration,see:
usernginx;
worker_processes{{grains['num_cpus']}};
{%ifgrains['num_cpus']==2%}
worker_cpu_affinity0110;
{%elifgrains['num_cpus']==4%}
worker_cpu_affinity1000010000100001;
{%elifgrains['num_cpus']>=8%}
worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000;
{%else%}
worker_cpu_affinity1000010000100001;
{%endif%}
worker_rlimit_nofile{{grains['max_open_file']}};
error_log/var/log/nginx/error.log;
#error_log/var/log/nginx/error.lognotice;
#error_log/var/log/nginx/error.loginfo;
pid/var/run/nginx.pid;
events{
worker_connections{{grains['max_open_file']}};
}
http
{
includemime.types;
default_typeapplication/octet-stream;
charsetutf-8;
server_names_hash_bucket_size128;
client_header_buffer_size32k;
large_client_header_buffers432k;
client_max_body_size128m;
sendfileon;
tcp_nopushon;
keepalive_timeout60;
tcp_nodelayon;
server_tokensoff;
client_body_buffer_size512k;
gzipon;
gzip_min_length1k;
gzip_buffers416k;
gzip_http_version1.1;
gzip_comp_level2;
gzip_typestext/plainapplication/x-javascripttext/cssapplication/xml;
gzip_varyon;
log_formatmain'$remote_addr-$remote_user[$time_local]"$request"'
'$status$body_bytes_sent"$http_referer"'
'"$http_user_agent""$http_x_forwarded_for""$host"';
includevhost/*.conf;
}
注释:grains['max_open_file']这个变量由我们第一个创建的自定义grains收集到服务端,基于jinja
来返回客户端
10、虚拟主机配置文件vhost:
[root@mailfiles]#cathuasuan.conf
server{
listen80;
server_name{{pillar['hostname']}};
location/{
proxy_passhttp://{{pillar['pass']}};
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;
}
location~/\.git{
denyall;
}
}
注释:pillar['hostname']和pillar['pass']由上面我们定义的pillar基于jinja获得,这里用反向代
理服务器为例
10、服务启动脚本,没什么特别;就是放上去服务器端同步到客户端启动目录下:
[root@mailfiles]#catnginx
#!/bin/sh
#
#nginx-thisscriptstartsandstopsthenginxdaemon
#
#chkconfig:-8515
#description:NginxisanHTTP(S)server,HTTP(S)reverse\
#proxyandIMAP/POP3proxyserver
#processname:nginx
#config:/usr/local/nginx/conf/nginx.conf
#pidfile:/usr/local/nginx/logs/nginx.pid
#Sourcefunctionlibrary.
./etc/rc.d/init.d/functions
#Sourcenetworkingconfiguration.
./etc/sysconfig/network
#Checkthatnetworkingisup.
["$NETWORKING"="no"]&&exit0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename$nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
make_dirs(){
#makerequireddirectories
user=`$nginx-V2>&1|grep"configurearguments:"|sed's/[^*]*--user=\([^]*\).*/\1/g'-`
if[-z"`grep$user/etc/passwd`"];then
useradd-M-s/bin/nologin$user
fi
options=`$nginx-V2>&1|grep'configurearguments:'`
foroptin$options;do
if[`echo$opt|grep'.*-temp-path'`];then
value=`echo$opt|cut-d"="-f2`
if[!-d"$value"];then
#echo"creating"$value
mkdir-p$value&&chown-R$user$value
fi
fi
done
}
start(){
[-x$nginx]||exit5
[-f$NGINX_CONF_FILE]||exit6
make_dirs
echo-n$"Starting$prog:"
daemon$nginx-c$NGINX_CONF_FILE
retval=$?
echo
[$retval-eq0]&&touch$lockfile
return$retval
}
stop(){
echo-n$"Stopping$prog:"
killproc$prog-QUIT
retval=$?
echo
[$retval-eq0]&&rm-f$lockfile
return$retval
}
restart(){
configtest||return$?
stop
sleep1
start
}
reload(){
configtest||return$?
echo-n$"Reloading$prog:"
killproc$nginx-HUP
RETVAL=$?
echo
}
force_reload(){
restart
}
configtest(){
$nginx-t-c$NGINX_CONF_FILE
}
rh_status(){
status$prog
}
rh_status_q(){
rh_status>/dev/null2>&1
}
case"$1"in
start)
rh_status_q&&exit0
$1
;;
stop)
rh_status_q||exit0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q||exit7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q||exit0
;;
*)
echo$"Usage:$0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit2
esac
11、配置完成:启动服务器开始安装操作:
启动操作: [root@mailsalt]#salt'monitor'state.highstate
12、查看结果:
查看客户端文件配置文件看到已经生效,我客户端是4核所以给的worker_processer是4:
并且已经启动了nginx服务:
到此全部的安装部署流程已经走完,用saltstack我们发现有再多的机器很快也能按照我们需求对系统来快速部署。
本文出自 “小罗” 博客,请务必保留此出处http://xiaoluoge.blog.51cto.com/9141967/1722289
评论暂时关闭