|
|
saltstack接触也有一段时间了,感觉saltstack强大之处在于state文件部署,通过他可以给我们大批量部署节省很多时间,今天就用部署我前端的转发服务器为例进行源码部署nginx;水平有限希望大家多多指导。 思路:
1、用grains收集cpu、打开文件数等信息结合jinja配置nginx.conf文件
2、使用pillar保存我们要使用的变量结合jinja配置vhost.conf文件
3、state安装推送文件
部署步骤:
1、编写grains,根据系统打开文件数配置合理的nginx打开文件数量:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| [iyunv@mail nginx]# cd /srv/salt/_grains/
[iyunv@mail _grains]# cat nginx_config.py
import os,sys,commands
def NginxGrains():
grains ={}
max_open_file=65536
#Worker_info={'cpus2':'01 10','cpus4':'1000 0100 0010 0001','cpus8':'10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001'}
try:
getulimit=commands.getstatusoutput('source /etc/profile;ulimit -n')
except Exception,e:
pass
if getulimit[0]==0:
max_open_file=int(getulimit[1])
grains['max_open_file'] = max_open_file
return grains
if __name__ == '__main__':
print NginxGrains()
推送文件到客户端并启动文件重启客户端生效:
salt '*' saltutil.sync_all
salt '*' sys.reload_modules
|
2、编写变量之pillar,这里我定义了域名和后端转发主机:
1
2
3
4
5
6
7
| [iyunv@mail pillar]# cat top.sls
base:
'*':
- vhost
[iyunv@mail pillar]# cat vhost.sls
hostname: www.huasuan.com
pass: 192.168.10.100
|
3、编写state所有文件,先查看目录选项:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| [iyunv@mail salt]# tree nginx
nginx
├── conf.sls
├── files
│?? ├── nginx
│?? ├── nginx-1.6.0.tar.gz
│?? ├── nginx.conf
│?? └── huasuan.conf
├── init.sls
├── install.sls
├── server.sls
└── vhost.sls
注释:init.sls指定启用哪个入口选项,install.sls指定安装步骤,server.sls表示管理服务脚本,
conf.sls指定管理配置文件nginx.conf,vhost.sls 指定管理vhost.sls目录下的虚拟主机。
|
4、查看top文件和init文件:
1
2
3
4
5
6
7
8
9
10
11
| [iyunv@mail nginx]# cat install.sls
[iyunv@mail salt]# cat top.sls
base:
'*':
- nginx
[iyunv@mail salt]# cat nginx/init.sls
include:
- nginx.install
- nginx.conf
- nginx.server
- nginx.vhost
|
5、安装install,sls文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| #nginx.tar.gz
nginx_source:
file.managed:
- name: /tmp/nginx-1.6.0.tar.gz
- unless: test -e /tmp/nginx-1.6.0.tar.gz
- source: salt://nginx/files/nginx-1.6.0.tar.gz
#extract
extract_nginx:
cmd.run:
- cwd: /tmp
- names:
- tar zxvf nginx-1.6.0.tar.gz
- unless: test -d /tmp/nginx-1.6.0
- require:
- file: nginx_source
#user
nginx_user:
user.present:
- name: nginx
- uid: 1501
- createhome: False
- gid_from_name: True
- shell: /sbin/nologin
#nginx_pkgs
nginx_pkg:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
- zlib-devel
#nginx_compile
nginx_compile:
cmd.run:
- cwd: /tmp/nginx-1.6.0
- names:
- ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module --with-http_gzip_static_module --http-client-body-temp-path=/usr/local/nginx/client/ --http-proxy-temp-path=/usr/local/nginx/proxy/ --http-fastcgi-temp-path=/usr/local/nginx/fcgi/ --with-poll_module --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_random_index_module --with-pcre --with-http_stub_status_module
- make
- make install
- require:
- cmd: extract_nginx
- pkg: nginx_pkg
- unless: test -d /usr/local/nginx
#cache_dir
cache_dir:
cmd.run:
- names:
- mkdir -p /usr/local/nginx/{client,proxy,fcgi} && chown -R nginx.nginx /usr/local/nginx/
- mkdir -p /usr/local/nginx/conf/vhost && chown -R nginx.nginx /usr/local/nginx/conf/vhost
- unless: test -d /usr/local/nginx/client/
- require:
- cmd: nginx_compile
注释:nginx使用源码编译安装的方式,包括了文件包推送,解压、安装管理,主要核心是cmd的使用
|
6、管理配置文件conf.sls:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [iyunv@mail nginx]# cat conf.sls
include:
- nginx.install
nginx_service:
file.managed:
- name: /usr/local/nginx/conf/nginx.conf
- user: nginx
- mode: 644
- source: salt://nginx/files/nginx.conf
- template: jinja
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
|
7、服务脚本启动文件管理server.sls:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| [iyunv@mail nginx]# cat server.sls
include:
- nginx.install
server:
file.managed:
- name: /etc/init.d/nginx
- user: root
- mode: 755
- source: salt://nginx/files/nginx
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /etc/init.d/nginx
command:
cmd.run:
- names:
- /sbin/chkconfig --add nginx
- /sbin/chkconfig nginx on
- unless: /sbin/chkconfig --list nginx
|
8、虚拟主机管理配置文件:vhost.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [iyunv@mail nginx]# cat vhost.sls
include:
- nginx.install
vhostconfig:
file.managed:
- name: /usr/local/nginx/conf/vhost/huasuan.conf
- user: root
- mode: 644
- source: salt://nginx/files/huasuan.conf
- template: jinja
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: /usr/local/nginx/conf/vhost/huasuan.conf
|
上面几个分别是把已经保存在files目录下的配置文件推送到客户端,都是使用jinja模板为了使用系统的grains和pillar变量:
9、分别查看以下几个配置文件nginx.conf:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| # For more information on configuration, see:
user nginx;
worker_processes {{ grains['num_cpus'] }};
{% if grains['num_cpus'] == 2 %}
worker_cpu_affinity 01 10;
{% elif grains['num_cpus'] == 4 %}
worker_cpu_affinity 1000 0100 0010 0001;
{% elif grains['num_cpus'] >= 8 %}
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
{% else %}
worker_cpu_affinity 1000 0100 0010 0001;
{% endif %}
worker_rlimit_nofile {{ grains['max_open_file'] }};
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections {{ grains['max_open_file'] }};
}
http
{
include mime.types;
default_type application/octet-stream;
charset utf-8;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 128m;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
tcp_nodelay on;
server_tokens off;
client_body_buffer_size 512k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$host"' ;
include vhost/*.conf;
}
注释:grains['max_open_file']这个变量由我们第一个创建的自定义grains收集到服务端,基于jinja
来返回客户端
|
10、虚拟主机配置文件vhost:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@mail files]# cat huasuan.conf
server {
listen 80;
server_name {{ pillar['hostname'] }};
location / {
proxy_pass http://{{ pillar['pass'] }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ /\.git {
deny all;
}
}
注释:pillar['hostname']和pillar['pass']由上面我们定义的pillar基于jinja获得,这里用反向代
理服务器为例
|
10、服务启动脚本,没什么特别;就是放上去服务器端同步到客户端启动目录下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
| [iyunv@mail files]# cat nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
if [ -z "`grep $user /etc/passwd`" ]; then
useradd -M -s /bin/nologin $user
fi
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
|
11、配置完成:启动服务器开始安装操作:
1
2
| 启动操作:
[iyunv@mail salt]# salt 'monitor' state.highstate
|
12、查看结果:
查看客户端文件配置文件看到已经生效,我客户端是4核所以给的worker_processer是4:
并且已经启动了nginx服务:
到此全部的安装部署流程已经走完,用saltstack我们发现有再多的机器很快也能按照我们需求对系统来快速部署。
|
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-12-14 10:46:48
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡