saltstack 之源码部署管理nginx
saltstack 之源码部署管理nginx
saltstack接触也有一段时间了,感觉saltstack强大之处在于state文件部署,通过他可以给我们大批量部署节省很多时间,今天就用部署我前端的转发服务器为例进行源码部署nginx;水平有限希望大家多多指导。
思路:
1、用grains收集cpu、打开文件数等信息结合jinja配置nginx.conf文件
2、使用pillar保存我们要使用的变量结合jinja配置vhost.conf文件
3、state安装推送文件
部署步骤:
1、编写grains,根据系统打开文件数配置合理的nginx打开文件数量:
[root@mailnginx]#cd/srv/salt/_grains/ [root@mail_grains]#catnginx_config.py importos,sys,commands defNginxGrains(): grains={} max_open_file=65536 #Worker_info={'cpus2':'0110','cpus4':'1000010000100001','cpus8':'1000000001000000001000000001000000001000000001000000001000000001'} try: getulimit=commands.getstatusoutput('source/etc/profile;ulimit-n') exceptException,e: pass ifgetulimit[0]==0: max_open_file=int(getulimit[1]) grains['max_open_file']=max_open_file returngrains if__name__=='__main__': printNginxGrains() 推送文件到客户端并启动文件重启客户端生效: salt'*'saltutil.sync_all salt'*'sys.reload_modules
2、编写变量之pillar,这里我定义了域名和后端转发主机:
[root@mailpillar]#cattop.sls base: '*': -vhost [root@mailpillar]#catvhost.sls hostname:www.huasuan.com pass:192.168.10.100
3、编写state所有文件,先查看目录选项:
[root@mailsalt]#treenginx nginx ├──conf.sls ├──files │??├──nginx │??├──nginx-1.6.0.tar.gz │??├──nginx.conf │??└──huasuan.conf ├──init.sls ├──install.sls ├──server.sls └──vhost.sls 注释:init.sls指定启用哪个入口选项,install.sls指定安装步骤,server.sls表示管理服务脚本, conf.sls指定管理配置文件nginx.conf,vhost.sls指定管理vhost.sls目录下的虚拟主机。
4、查看top文件和init文件:
[root@mailnginx]#catinstall.sls [root@mailsalt]#cattop.sls base: '*': -nginx [root@mailsalt]#catnginx/init.sls include: -nginx.install -nginx.conf -nginx.server -nginx.vhost
5、安装install,sls文件:
#nginx.tar.gz nginx_source: file.managed: -name:/tmp/nginx-1.6.0.tar.gz -unless:test-e/tmp/nginx-1.6.0.tar.gz -source:salt://nginx/files/nginx-1.6.0.tar.gz #extract extract_nginx: cmd.run: -cwd:/tmp -names: -tarzxvfnginx-1.6.0.tar.gz -unless:test-d/tmp/nginx-1.6.0 -require: -file:nginx_source #user nginx_user: user.present: -name:nginx -uid:1501 -createhome:False -gid_from_name:True -shell:/sbin/nologin #nginx_pkgs nginx_pkg: pkg.installed: -pkgs: -gcc -openssl-devel -pcre-devel -zlib-devel #nginx_compile nginx_compile: cmd.run: -cwd:/tmp/nginx-1.6.0 -names: -./configure--prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_ssl_module--with-http_gzip_static_module--http-client-body-temp-path=/usr/local/nginx/client/--http-proxy-temp-path=/usr/local/nginx/proxy/--http-fastcgi-temp-path=/usr/local/nginx/fcgi/--with-poll_module--with-file-aio--with-http_realip_module--with-http_addition_module--with-http_random_index_module--with-pcre--with-http_stub_status_module -make -makeinstall -require: -cmd:extract_nginx -pkg:nginx_pkg -unless:test-d/usr/local/nginx #cache_dir cache_dir: cmd.run: -names: -mkdir-p/usr/local/nginx/{client,proxy,fcgi}&&chown-Rnginx.nginx/usr/local/nginx/ -mkdir-p/usr/local/nginx/conf/vhost&&chown-Rnginx.nginx/usr/local/nginx/conf/vhost -unless:test-d/usr/local/nginx/client/ -require: -cmd:nginx_compile 注释:nginx使用源码编译安装的方式,包括了文件包推送,解压、安装管理,主要核心是cmd的使用
6、管理配置文件conf.sls:
[root@mailnginx]#catconf.sls include: -nginx.install nginx_service: file.managed: -name:/usr/local/nginx/conf/nginx.conf -user:nginx -mode:644 -source:salt://nginx/files/nginx.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/nginx.conf
7、服务脚本启动文件管理server.sls:
[root@mailnginx]#catserver.sls include: -nginx.install server: file.managed: -name:/etc/init.d/nginx -user:root -mode:755 -source:salt://nginx/files/nginx service.running: -name:nginx -enable:True -reload:True -watch: -file:/etc/init.d/nginx command: cmd.run: -names: -/sbin/chkconfig--addnginx -/sbin/chkconfignginxon -unless:/sbin/chkconfig--listnginx
8、虚拟主机管理配置文件:vhost.sls
[root@mailnginx]#catvhost.sls include: -nginx.install vhostconfig: file.managed: -name:/usr/local/nginx/conf/vhost/huasuan.conf -user:root -mode:644 -source:salt://nginx/files/huasuan.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/vhost/huasuan.conf
上面几个分别是把已经保存在files目录下的配置文件推送到客户端,都是使用jinja模板为了使用系统的grains和pillar变量:
9、分别查看以下几个配置文件nginx.conf:
#Formoreinformationonconfiguration,see: usernginx; worker_processes{{grains['num_cpus']}}; {%ifgrains['num_cpus']==2%} worker_cpu_affinity0110; {%elifgrains['num_cpus']==4%} worker_cpu_affinity1000010000100001; {%elifgrains['num_cpus']>=8%} worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000; {%else%} worker_cpu_affinity1000010000100001; {%endif%} worker_rlimit_nofile{{grains['max_open_file']}}; error_log/var/log/nginx/error.log; #error_log/var/log/nginx/error.lognotice; #error_log/var/log/nginx/error.loginfo; pid/var/run/nginx.pid; events{ worker_connections{{grains['max_open_file']}}; } http { includemime.types; default_typeapplication/octet-stream; charsetutf-8; server_names_hash_bucket_size128; client_header_buffer_size32k; large_client_header_buffers432k; client_max_body_size128m; sendfileon; tcp_nopushon; keepalive_timeout60; tcp_nodelayon; server_tokensoff; client_body_buffer_size512k; gzipon; gzip_min_length1k; gzip_buffers416k; gzip_http_version1.1; gzip_comp_level2; gzip_typestext/plainapplication/x-javascripttext/cssapplication/xml; gzip_varyon; log_formatmain'$remote_addr-$remote_user[$time_local]"$request"' '$status$body_bytes_sent"$http_referer"' '"$http_user_agent""$http_x_forwarded_for""$host"'; includevhost/*.conf; } 注释:grains['max_open_file']这个变量由我们第一个创建的自定义grains收集到服务端,基于jinja 来返回客户端
10、虚拟主机配置文件vhost:
[root@mailfiles]#cathuasuan.conf server{ listen80; server_name{{pillar['hostname']}}; location/{ proxy_passhttp://{{pillar['pass']}}; proxy_set_headerHost$host; proxy_set_headerX-Real-IP$remote_addr; proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for; } location~/\.git{ denyall; } } 注释:pillar['hostname']和pillar['pass']由上面我们定义的pillar基于jinja获得,这里用反向代 理服务器为例
10、服务启动脚本,没什么特别;就是放上去服务器端同步到客户端启动目录下:
[root@mailfiles]#catnginx #!/bin/sh # #nginx-thisscriptstartsandstopsthenginxdaemon # #chkconfig:-8515 #description:NginxisanHTTP(S)server,HTTP(S)reverse\ #proxyandIMAP/POP3proxyserver #processname:nginx #config:/usr/local/nginx/conf/nginx.conf #pidfile:/usr/local/nginx/logs/nginx.pid #Sourcefunctionlibrary. ./etc/rc.d/init.d/functions #Sourcenetworkingconfiguration. ./etc/sysconfig/network #Checkthatnetworkingisup. ["$NETWORKING"="no"]&&exit0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename$nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" lockfile=/var/lock/subsys/nginx make_dirs(){ #makerequireddirectories user=`$nginx-V2>&1|grep"configurearguments:"|sed's/[^*]*--user=\([^]*\).*/\1/g'-` if[-z"`grep$user/etc/passwd`"];then useradd-M-s/bin/nologin$user fi options=`$nginx-V2>&1|grep'configurearguments:'` foroptin$options;do if[`echo$opt|grep'.*-temp-path'`];then value=`echo$opt|cut-d"="-f2` if[!-d"$value"];then #echo"creating"$value mkdir-p$value&&chown-R$user$value fi fi done } start(){ [-x$nginx]||exit5 [-f$NGINX_CONF_FILE]||exit6 make_dirs echo-n$"Starting$prog:" daemon$nginx-c$NGINX_CONF_FILE retval=$? echo [$retval-eq0]&&touch$lockfile return$retval } stop(){ echo-n$"Stopping$prog:" killproc$prog-QUIT retval=$? echo [$retval-eq0]&&rm-f$lockfile return$retval } restart(){ configtest||return$? stop sleep1 start } reload(){ configtest||return$? echo-n$"Reloading$prog:" killproc$nginx-HUP RETVAL=$? echo } force_reload(){ restart } configtest(){ $nginx-t-c$NGINX_CONF_FILE } rh_status(){ status$prog } rh_status_q(){ rh_status>/dev/null2>&1 } case"$1"in start) rh_status_q&&exit0 $1 ;; stop) rh_status_q||exit0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q||exit7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q||exit0 ;; *) echo$"Usage:$0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit2 esac
11、配置完成:启动服务器开始安装操作:
启动操作: [root@mailsalt]#salt'monitor'state.highstate
12、查看结果:
查看客户端文件配置文件看到已经生效,我客户端是4核所以给的worker_processer是4:
并且已经启动了nginx服务:
到此全部的安装部署流程已经走完,用saltstack我们发现有再多的机器很快也能按照我们需求对系统来快速部署。
本文出自 “小罗” 博客,请务必保留此出处http://xiaoluoge.blog.51cto.com/9141967/1722289
评论暂时关闭