Saltstack系列：Saltstack安装Nginx

ertwer

   学习了Saltstack，之前也写几篇Saltstack系列，分别是: Saltstack的安装，Saltstack的分组，以及Saltstack的Grains和Pillar，今天牛刀小试，利用Saltstack部署Nginx源码编译安装。    实现内容：
       （1.nginx源码安装
       （2.实现配置文件、服务、用户、日志切割
1.目录结构

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

[iyunv@node1 salt]# pwd /srv/salt [iyunv@node1 salt]# tree -n . . ├── nginx │   ├── conf.sls │   ├── files │   │   ├── nginx │   │   ├── nginx-1.7.12.tar.gz │   │   ├── nginx.conf │   │   ├── nginx_log_cut.sh │   │   └── vhost.conf │   ├── init.sls │   └── install.sls └── top.sls 2 directories, 9 files

2.文件分析
（1.top文件

1 2 3 4 5 6 7 8

[iyunv@node1 salt]# cat top.sls base:   'node2':     - nginx [iyunv@node1 nginx]# cat init.sls include:   - nginx.install   - nginx.conf

（2.init.sls文件

1 2 3 4

[iyunv@node1 nginx]# cat init.sls include:   - nginx.install   - nginx.conf

（3.install.sls文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

[iyunv@node1 nginx]# cat install.sls #nginx.tar.gz nginx_source:   file.managed:     - name: /tmp/nginx-1.7.12.tar.gz     - unless: test -e /tmp/nginx-1.7.12.tar.gz     - source: salt://nginx/files/nginx-1.7.12.tar.gz #extract extract_nginx:   cmd.run:     - cwd: /tmp     - names:       - tar zxvf nginx-1.7.12.tar.gz     - unless: test -d /tmp/nginx-1.7.12     - require:       - file: nginx_source #user nginx_user:   user.present:     - name: nginx     - createhome: False     - gid_from_name: True     - shell: /sbin/nologin #nginx_pkgs nginx_pkg:   pkg.installed:     - pkgs:       - openssl-devel       - pcre-devel       - zlib-devel #nginx_compile nginx_compile:   cmd.run:     - cwd: /tmp/nginx-1.7.12     - names:       - ./configure --prefix=/home/nginx  --user=nginx  --group=nginx  --with-http_ssl_module --with-http_stub_status_module && make && make install     - require:       - cmd: extract_nginx       - pkg:  nginx_pkg     - unless: test -d /home/nginx #cache_dir cache_dir:   cmd.run:     - names:       - mkdir -p /home/nginx/conf/conf.d && chown -R nginx.nginx /home/nginx/     - require:       - cmd: nginx_compile     - unless: test -d /home/nginx/conf/conf.d/   #vhosts   file.managed:     - name: /home/nginx/conf/conf.d/www.example.com.conf     - unless: test -e /home/nginx/conf/conf.d/www.example.com.conf     - source: salt://nginx/files/vhost.conf

（4.nginx启动脚本文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91

[iyunv@node1 files]# cat nginx #! /bin/bash # # nginx - this script starts and stops the nginx daemin # # chkconfig:   35 86 15 # description:  Nginx is an HTTP(S) server, HTTP(S) reverse #               proxy and IMAP/POP3 proxy server # processname: nginx # config:      /home/nginx/conf/nginx.conf # pidfile:     /home/nginx/logs/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ $NETWORKING = no ] && exit 0 nginx=/home/nginx/sbin/nginx prog=$(basename $nginx) NGINX_CONF_FILE=/home/nginx/conf/nginx.conf lockfile=/var/lock/subsys/nginx start() {     [ -x $nginx ] || exit 5     [ -f $NGINX_CONF_FILE ] || exit 6     echo -n $Starting $prog:     daemon $nginx -c $NGINX_CONF_FILE     retval=$?     echo     [ $retval -eq 0 ] && touch $lockfile     return $retval } stop() {     echo -n $Stopping $prog:     killproc $prog -QUIT     retval=$?     echo     [ $retval -eq 0 ] && rm -f $lockfile     return $retval } restart() {     configtest || return $?     stop     start } reload() {     configtest || return $?     echo -n $Reloading $prog:     killproc $nginx -HUP     RETVAL=$\?     echo } force_reload() {     restart } configtest() {   $nginx -t -c $NGINX_CONF_FILE } rh_status() {     status $prog } rh_status_q() {     rh_status >/dev/null 2>&1 } case $1 in     start)         rh_status_q && exit 0         $1         ;;     stop)         rh_status_q || exit 0         $1         ;;     restart|configtest)         $1         ;;     reload)         rh_status_q || exit 7         $1         ;;     force-reload)         force_reload         ;;     status)         rh_status         ;;     condrestart|try-restart)         rh_status_q || exit 0             ;;     *)         echo $Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}         exit 2 esac

（5.nginx配置文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

[iyunv@node1 files]# cat nginx.conf user  {{ nginx_user }}; worker_processes  {{grains.num_cpus}}; pid        logs/nginx.pid; worker_rlimit_nofile 204800; events {     use epoll;     worker_connections  65535; } http {     include       mime.types;     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '                       '$status $body_bytes_sent "$http_referer" '                       '"$http_user_agent" "$http_x_forwarded_for" "$host"';     include /usr/local/nginx/conf/conf.d/*.conf;     default_type  application/octet-stream;     server_names_hash_bucket_size 128;     client_header_buffer_size 32k;     large_client_header_buffers 4 32k;       client_max_body_size 300m;     sendfile on;       tcp_nopush     on;     keepalive_timeout 60;     tcp_nodelay on;     server_tokens off;       fastcgi_connect_timeout 300;        fastcgi_send_timeout 300;       fastcgi_read_timeout 300;     fastcgi_buffer_size 64k;        fastcgi_buffers 4 64k;     fastcgi_busy_buffers_size 128k;     fastcgi_temp_file_write_size 128k;     fastcgi_cache_path /usr/local/nginx/fastcgi_cache levels=1:2 keys_zone=TEST:10m inactive=5m;     fastcgi_cache_key $request_method://$host$request_uri;     fastcgi_cache TEST;     fastcgi_cache_valid 200 302 1h;     fastcgi_cache_valid 301 1d;     fastcgi_cache_valid any 1m;       gzip on;     gzip_min_length  1k;     gzip_buffers     4 16k;     gzip_http_version 1.1;        gzip_comp_level 2;     gzip_types       text/plain application/x-javascript text/css application/xml;        gzip_vary on;        limit_req_log_level warn;     limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s; }

（6.nginx日志切割脚本文件 [此脚本来自网络为测试]

1 2 3 4 5 6 7 8 9 10 11

[iyunv@node1 files]# cat nginx_log_cut.sh   #!/bin/bash logs_path=/home/nginx/logs yesterday=`date -d "yesterday" +%F` mkdir -p $logs_path/$yesterday cd $logs_path for nginx_logs in `ls *log` ; do mv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs} kill -USR1  `cat /home/nginx/logs/nginx.pid` done

2.运行，查看效果

1 2 3 4 5 6 7 8

#刷新缓存 [iyunv@node1 files]# salt 'node2' saltutil.refresh_pillar #运行 [iyunv@node1 files]# salt 'node2' state.highstate [iyunv@node1 files]# salt 'node2' cmd.run 'netstat -antup |grep 80' node2:     tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      1668/n