自动化管理工具Saltstack之nginx部署(12) saltstack

本文转载自http://blog.cunss.com/?p=272 ，做了稍微改动，但仍以原作为主，若有转载本文，请务必注明原始出处

1./srv/salt/nginx目录树

. conf.sls file |--- nginx |--- nginx-1.5.1.tar.gz |--- nginx.conf |--- nginx_log_cut.sh |--- vhost.conf init.sls install.sls vhost.sls

/srv/salt/top.sls

base: 'test82.salt.cn': - nginx.init

2.init.sls 初始化所有sls文件 /srv/salt/nginx/init.sls

include: - nginx.install - nginx.conf - nginx.vhost

3.install.sls nginx的安装sls /srv/salt/nginx/install.sls

nginx_source: file.managed: - name: /tmp/nginx-1.5.1.tar.gz - unless: test -e /tmp/nginx-1.5.1.tar.gz - user: root - group: root - makedirs: True - source: salt://nginx/file/nginx-1.5.1.tar.gz nginx_extract: cmd.run: - cwd: /tmp - names: - tar zxf nginx-1.5.1.tar.gz - unless: test -d /tmp/nginx-1.5.1 - require: - file: nginx_source nginx_user: user.present: - name: www - createhome: False - gid_from_name: True - shell: /sbin/nologin nginx_pkg: pkg.installed: - pkgs: - gcc - gcc-c++ - openssl-devel - pcre-devel - zlib-devel nginx_compile: cmd.run: - cwd: /tmp/nginx-1.5.1 - names: - ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module - make - make install - require: - cmd: nginx_extract - pkg: nginx_pkg - unless: test -d /usr/local/nginx create_dir: cmd.run: - names: - chown -R www.www /var/www/html - mkdir -p /usr/local/nginx/conf/vhost - unless: test -d /usr/local/nginx/conf/vhost - require: - cmd: nginx_compile

4.conf.sls 管理nginx主配置文件 /srv/salt/nginx/conf.sls

include: - nginx.install{% set nginx_user = 'www' %}nginx_conf: file.managed: - name: /usr/local/nginx/conf/nginx.conf - source: salt://nginx/file/nginx.conf - template: jinja - defaults: nginx_user: {{ nginx_user }} num_cpus: {{ grains['num_cpus'] }} nginx_service : file.managed: - name: /etc/init.d/nginx - user: root - mode: 755 - source: salt://nginx/file/nginx cmd.run: - names: - /sbin/chkconfig --add nginx - /sbin/chkconfig nginx on - unless: /sbin/chkconfig --list nginx service.running: - name: nginx - enable: True - reload: True - watch: - file: /usr/local/nginx/conf/vhost/*.conf nginx_log_cut: file.managed: - name: /usr/local/nginx/sbin/nginx_log_cut.sh - source: salt://nginx/file/nginx_log_cut.sh cron.present: - name: sh /usr/local/nginx/sbin/nginx_log_cut.sh - user: root - minute: 10 - hour: 0 - require: - file: nginx_log_cut

5.使用pillar适合针对不同的主机动态生成配置 /srv/pillar目录树

. top.sls vhost.sls

/srv/pillar/top.sls

base: 'test82.salt.cn': - vhost

/srv/pillar/vhost.sls

vhost: {% if 'test8' in grains['id'] %} - name: www target: /usr/local/nginx/conf/vhost/vhost_www.conf {% else %} - name: bbs target: /usr/local/nginx/conf/vhost/vhost_bbs.conf {% endif %}

6.vhost.sls 生成虚拟机配置文件 /srv/salt/nginx/vhost.sls

include: - nginx.install{% for vhostname in pillar['vhost'] %}{{ vhostname['name'] }}: file.managed: - name: {{ vhostname['target'] }} - source: salt://nginx/file/vhost.conf - target: {{ vhostname['target'] }} - template: jinja - defaults: server_name: {{ grains['fqdn_ip4'][0] }} log_name: {{ vhostname['name'] }} - watch_in: service: nginx{% endfor %}

7.nginx.conf 主配置文件模板 /srv/salt/nginx/file/nginx.conf

# user{{ nginx_user }}; worker_processes {{grains['num_cpus']}}; error_loglogs/nginx_error.lognotice; pid/usr/local/nginx/sbin/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { includemime.types; default_typeapplication/octet-stream; charsetutf-8; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 128m; sendfile on; tcp_nopushon; keepalive_timeout 60; tcp_nodelay on; server_tokens off; client_body_buffer_size512k; gzip on; gzip_min_length1k; gzip_buffers4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_typestext/plain application/x-javascript text/css application/xml; gzip_vary on; log_formatmain'$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$host"' ; include vhost/*.conf; }

8.nginx nginx服务管理脚本 /srv/salt/nginx/file/nginx

#!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig:- 85 15 # description:Nginx is an HTTP(S) server, HTTP(S) reverse \ #proxy and IMAP/POP3 proxy server # processname: nginx # config:/usr/local/nginx/conf/nginx.conf # pidfile:/usr/local/nginx/logs/nginx.pid# Source function library. . /etc/rc.d/init.d/functions# Source networking configuration. . /etc/sysconfig/network# Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx)NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"lockfile=/var/lock/subsys/nginxmake_dirs() { # make required directories user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=$[^ ]*$.*/\1/g' -` if [ -z "`grep $user /etc/passwd`" ]; then useradd -M -s /bin/nologin $user fi options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=https://www.it610.com/article/`echo $opt | cut -d"=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done }start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval }stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval }restart() { configtest || return $? stop sleep 1 start }reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo }force_reload() { restart }configtest() { $nginx -t -c $NGINX_CONF_FILE }rh_status() { status $prog }rh_status_q() { rh_status >/dev/null 2>&1 }case "$1" in start) rh_status_q && exit 0 $1 ; ; stop) rh_status_q || exit 0 $1 ; ; restart|configtest) $1 ; ; reload) rh_status_q || exit 7 $1 ; ; force-reload) force_reload ; ; status) rh_status ; ; condrestart|try-restart) rh_status_q || exit 0 ; ; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac

9.nginx_log_cut.sh nginx日志切割脚本 /srv/salt/nginx/file/nginx_log_cut.sh

#!/bin/bashlogs_path=/usr/local/nginx/logs yesterday=`date -d "yesterday" +%F`mkdir -p $logs_path/$yesterdaycd $logs_pathfor nginx_logs in `ls *log` ; do mv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs}kill -USR1`cat /usr/local/nginx/sbin/nginx.pid` done

10.vhost.sls 虚拟机配置文件 /srv/salt/nginx/file/vhost.conf

server { listen80; server_name {{ server_name }}; index index.html index.htm ; roothtml; #location ~ .*\.(php|php5)?$ #{ #try_files $uri =404; #fastcgi_passunix:/tmp/php-cgi.sock; #fastcgi_index index.php; #include fcgi.conf; #} location /status { stub_status on; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires30d; } location ~ .*\.(js|css)?$ { expires1d; } access_loglogs/{{ log_name }}-access.logmain; }

11.安装配置nginx 命令行执行如下