Saltstack系列:Saltstack安装Nginx
学习了Saltstack,之前也写几篇Saltstack系列,分别是: Saltstack的安装,Saltstack的分组,以及Saltstack的Grains和Pillar,今天牛刀小试,利用Saltstack部署Nginx源码编译安装。 实现内容:(1.nginx源码安装
(2.实现配置文件、服务、用户、日志切割
1.目录结构
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# pwd
/srv/salt
# tree -n .
.
├── nginx
│ ├── conf.sls
│ ├── files
│ │ ├── nginx
│ │ ├── nginx-1.7.12.tar.gz
│ │ ├── nginx.conf
│ │ ├── nginx_log_cut.sh
│ │ └── vhost.conf
│ ├── init.sls
│ └── install.sls
└── top.sls
2 directories, 9 files
2.文件分析
(1.top文件
1
2
3
4
5
6
7
8
# cat top.sls
base:
'node2':
- nginx
# cat init.sls
include:
- nginx.install
- nginx.conf
(2.init.sls文件
1
2
3
4
# cat init.sls
include:
- nginx.install
- nginx.conf
(3.install.sls文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# cat install.sls
#nginx.tar.gz
nginx_source:
file.managed:
- name: /tmp/nginx-1.7.12.tar.gz
- unless: test -e /tmp/nginx-1.7.12.tar.gz
- source: salt://nginx/files/nginx-1.7.12.tar.gz
#extract
extract_nginx:
cmd.run:
- cwd: /tmp
- names:
- tar zxvf nginx-1.7.12.tar.gz
- unless: test -d /tmp/nginx-1.7.12
- require:
- file: nginx_source
#user
nginx_user:
user.present:
- name: nginx
- createhome: False
- gid_from_name: True
- shell: /sbin/nologin
#nginx_pkgs
nginx_pkg:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- zlib-devel
#nginx_compile
nginx_compile:
cmd.run:
- cwd: /tmp/nginx-1.7.12
- names:
- ./configure --prefix=/home/nginx--user=nginx--group=nginx--with-http_ssl_module --with-http_stub_status_module && make && make install
- require:
- cmd: extract_nginx
- pkg:nginx_pkg
- unless: test -d /home/nginx
#cache_dir
cache_dir:
cmd.run:
- names:
- mkdir -p /home/nginx/conf/conf.d && chown -R nginx.nginx /home/nginx/
- require:
- cmd: nginx_compile
- unless: test -d /home/nginx/conf/conf.d/
#vhosts
file.managed:
- name: /home/nginx/conf/conf.d/www.example.com.conf
- unless: test -e /home/nginx/conf/conf.d/www.example.com.conf
- source: salt://nginx/files/vhost.conf
(4.nginx启动脚本文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# cat nginx
#! /bin/bash
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig: 35 86 15
# description:Nginx is an HTTP(S) server, HTTP(S) reverse # proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /home/nginx/conf/nginx.conf
# pidfile: /home/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = no ] && exit 0
nginx=/home/nginx/sbin/nginx
prog=$(basename $nginx)
NGINX_CONF_FILE=/home/nginx/conf/nginx.conf
lockfile=/var/lock/subsys/nginx
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $Starting $prog:
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $Stopping $prog:
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $Reloading $prog:
killproc $nginx -HUP
RETVAL=$\?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case $1 in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}
exit 2
esac
(5.nginx配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# cat nginx.conf
user{{ nginx_user }};
worker_processes{{grains.num_cpus}};
pid logs/nginx.pid;
worker_rlimit_nofile 204800;
events {
use epoll;
worker_connections65535;
}
http {
include mime.types;
log_formatmain'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$host"';
include /usr/local/nginx/conf/conf.d/*.conf;
default_typeapplication/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 300m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
server_tokens off;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;
fastcgi_cache_key $request_method://$host$request_uri;
fastcgi_cache TEST;
fastcgi_cache_valid 200 302 1h;
fastcgi_cache_valid 301 1d;
fastcgi_cache_valid any 1m;
gzip on;
gzip_min_length1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
limit_req_log_level warn;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
}
(6.nginx日志切割脚本文件 [此脚本来自网络为测试]
1
2
3
4
5
6
7
8
9
10
11
# cat nginx_log_cut.sh
#!/bin/bash
logs_path=/home/nginx/logs
yesterday=`date -d "yesterday" +%F`
mkdir -p $logs_path/$yesterday
cd $logs_path
for nginx_logs in `ls *log` ;
do
mv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs}
kill -USR1`cat /home/nginx/logs/nginx.pid`
done
2.运行,查看效果
1
2
3
4
5
6
7
8
#刷新缓存
# salt 'node2' saltutil.refresh_pillar
#运行
# salt 'node2' state.highstate
# salt 'node2' cmd.run 'netstat -antup |grep 80'
node2:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1668/n
页:
[1]