(七)saltstack项目实战_安装nginx

fdsdff · 发表于 2016-12-21 09:40:39

创建nginx所需目录
[iyunv@node1 ~]# cd /data/etc/salt/
[iyunv@node1 salt]# mkdir -p nginx/files
[iyunv@node1 salt]# cd nginx/files/
[iyunv@node1 files]# wget http://nginx.org/download/nginx-1.11.3.tar.gz
[iyunv@node1 salt]# tree nginx/
nginx/
|-- conf.sls
|-- files
| |-- nginx
| |-- nginx-1.11.3.tar.gz
| |-- nginx.conf
| |-- nginx_log_cut.sh
| `-- vhost.conf
|-- init.sls
|-- install.sls
`-- vhost.sls
[iyunv@node1 salt]# cat nginx/init.sls
include:
  - nginx.install
  - nginx.conf
  - nginx.vhost
[iyunv@node1 salt]# cat top.sls
base:
  '*':
- nginx.init
2. 安装nginx文件

[iyunv@node1 nginx]# vim install.sls
nginx_source:
  file.managed:
- name: /usr/local/src/nginx-1.11.3.tar.gz
- unless: test -e /usr/local/src/nginx-1.11.3.tar.gz
- user: root
- group: root
- source: salt://nginx/files/nginx-1.11.3.tar.gz

nginx_pkg:
  pkg.installed:
- pkgs:
   - openssl-devel
   - pcre-devel
   - zlib-devel
   - unzip

nginx_user:
  user.present:
- name: www
- createhome: False
- shell: /sbin/nologin

nginx_extrace:
  cmd.run:
- cwd: /usr/local/src
- names:
   - tar zxf nginx-1.11.3.tar.gz && chown -R root:root nginx-1.11.3
- unless: test -d /usr/local/src/nginx-1.11.3
- require:
   - pkg: nginx_pkg

nginx_compile:
  cmd.run:
- name: cd /usr/local/src/nginx-1.11.3 && ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module && make && make install
- unless: test -d /usr/local/nginx
- require:
   - cmd: nginx_extrace
   - user: nginx_user

create_dir:
  cmd.run:
- names:
   - chown -R www:www /usr/local/nginx/html && mkdir -p /usr/local/nginx/conf/vhost
- unless: test -d /usr/local/nginx/conf/vhost
- require:
   - cmd: nginx_compile
3. 管理nginx配置文件

[iyunv@node1 nginx]# cat conf.sls
include:
  - nginx.install             -> 引用nginx目录下install.sls文件

{% set nginx_user = 'www' %}

nginx_conf:
  file.managed:                -> nginx主配置文件
- name: /usr/local/nginx/conf/nginx.conf
- source: salt://nginx/files/nginx.conf
- template: jinja
- defaults:
   nginx_user: {{ nginx_user }}
   num_cpus: {{ grains['num_cpus'] }}

nginx_service:                -> nginx服务管理
  file.managed:
- name: /etc/init.d/nginx
- user: root
- group: root
- mode: 755
- source: salt://nginx/files/nginx
  cmd.run:
- names:
   - /sbin/chkconfig --add nginx && /sbin/chkconfig nginx on
- unless: /sbin/chkconfig --list nginx
  service.running:
- name: nginx
- enable: True
- reload: True
- watch:
   - file: /usr/local/nginx/conf/vhost/*.conf

nginx_log_cut:
  file.managed:
- name: /usr/local/nginx/sbin/nginx_log_cut.sh
- source: salt://nginx/files/nginx_log_cut.sh
  cron.present:
- name: sh /usr/local/nginx/sbin/nginx_log_cut.sh
- user: root
- minute: 10
- hour: 0
- require:
   - file: nginx_log_cut
4. 使用pillar适合针对不同的主机动态生成配置文件

[iyunv@node1 ~]# cd /data/etc/salt/pillar/
[iyunv@node1 pillar]# cat top.sls
base:
  '*':
- vhost
[iyunv@node1 pillar]# cat vhost.sls
vhost:
  {% if 'node2' in grains['id'] %}    -> 如果id中有node2字符, 使用www配置文件, 反之使用bbs.conf
  - name: www
target: /usr/local/nginx/conf/vhost/www.conf
  {% else %}
  - name: bbs
target: /usr/local/nginx/conf/vhost/bbs.conf
  {% endif %}
5. 生成虚拟主机配置文件

[iyunv@node1 pillar]# cd /data/etc/salt/nginx/
[iyunv@node1 nginx]# cat vhost.sls
include:
  - nginx.install

{% for vhostname in pillar['vhost'] %}
{{ vhostname['name'] }}:
  file.managed:
- name: {{ vhostname['target'] }}
- source: salt://nginx/files/vhost.conf
- target: {{ vhostname['target'] }}
- template: jinja
- defaults:
   server_name: {{grains['fqdn']}}
   log_name: {{vhostname['name']}}
- watch_in:
   service: nginx
{% endfor %}
6. nginx主配置文件模版

[iyunv@node1 nginx]# vim files/nginx.conf
user {{ nginx_user }};
worker_processes {{grains['num_cpus']}};
error_log logs/nginx_error.log notice;
pid logs/nginx.pid;
worker_rlimit_nofile 65535;

events{
      use epoll;
      worker_connections 65535;
}

http{
      include    mime.types;
      default_type  application/octet-stream;
      charset  utf-8;
      server_names_hash_bucket_size 128;
      client_header_buffer_size 32k;
      large_client_header_buffers 4 32k;
      client_max_body_size 128m;
      sendfile on;
      tcp_nopush    on;
      keepalive_timeout 60;
      tcp_nodelay on;
      server_tokens off;
      client_body_buffer_size  512k;
      gzip on;
      gzip_min_length  1k;
      gzip_buffers    4 16k;
      gzip_http_version 1.1;
      gzip_comp_level 2;
      gzip_types    text/plain application/x-javascript text/css application/xml;
      gzip_vary on;
      log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                        '$status $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for" "$host"' ;

      include vhost/*.conf;
}
7. nginx服务管理脚本

[iyunv@node1 nginx]# cat files/nginx
#!/bin/sh
# chkconfig: - 30 21
# description: http service.
# Source Function Library
. /etc/init.d/functions
# Nginx Settings

NGINX_SBIN="/usr/local/nginx/sbin/nginx"
NGINX_CONF="/usr/local/nginx/conf/nginx.conf"
NGINX_PID="/usr/local/nginx/logs/nginx.pid"
RETVAL=0
prog="Nginx"

start() {
      echo -n $"Starting $prog: "
      mkdir -p /dev/shm/nginx_temp
      daemon $NGINX_SBIN -c $NGINX_CONF
      RETVAL=$?
      echo
      return $RETVAL
}

stop() {
      echo -n $"Stopping $prog: "
      killproc -p $NGINX_PID $NGINX_SBIN -TERM
      rm -rf /dev/shm/nginx_temp
      RETVAL=$?
      echo
      return $RETVAL
}

reload(){
      echo -n $"Reloading $prog: "
      killproc -p $NGINX_PID $NGINX_SBIN -HUP
      RETVAL=$?
      echo
      return $RETVAL
}

restart(){
      stop
      start
}

configtest(){
$NGINX_SBIN -c $NGINX_CONF -t
return 0
}

case "$1" in
  start)
      start
      ;;
  stop)
      stop
      ;;
  reload)
      reload
      ;;
  restart)
      restart
      ;;
  configtest)
      configtest
      ;;
  *)
      echo $"Usage: $0 {start|stop|reload|restart|configtest}"
      RETVAL=1
esac
exit $RETVAL
8. nginx日志切割脚本

[iyunv@node1 nginx]# cat files/nginx_log_cut.sh
#!/bin/bash
logs_path=/usr/local/nginx/logs
yesterday=`date -d "yesterday" +%F`
mkdir -p $logs_path/$yesterday
cd $logs_path
for nginx_logs in `ls *log` ;do
mv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs}
kill -USR1  `cat /data/src/nginx/logs/nginx.pid`
done
9. 虚拟主机配置文件

[iyunv@node1 nginx]# cat files/vhost.conf
server
      {
            listen    80;
            server_name {{ server_name }};    -> 调用vhosts.sls中配置
            index index.html index.htm ;
            root  html;
            #location ~ .*\.(php|php5)?$
            #       {
            #             try_files $uri =404;
            #             fastcgi_pass  unix:/tmp/php-cgi.sock;
            #             fastcgi_index index.php;
            #             include fcgi.conf;
            #       }
            location /status {
                     stub_status on;
            }
            location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
                     {
                              expires    30d;
                     }
            location ~ .*\.(js|css)?$
                     {
                              expires    1d;
                     }
            access_log  logs/{{ log_name }}-access.log  main;
      }

10. SaltStack install Nginx

[iyunv@node1 nginx]# salt 'node2' state.highstate test=True    -> 无报错既可
[iyunv@node1 nginx]# salt 'node2' state.highstate
[iyunv@node1 nginx]# curl 172.168.200.211 -I
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 29 Aug 2016 08:28:25 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 612
Last-Modified: Mon, 29 Aug 2016 07:55:02 GMT
Connection: keep-alive
ETag: "57c3ea56-264"
Accept-Ranges: bytes

账号		自动登录	找回密码
密码			立即注册

Shell从入门到精通（阿良）

wirelessnetview好用的无线分析工具

亿图图示专家(EDraw Max) V7.9 中文破解版

zabbix3.4.1安装部署+微信推送信息+大屏显

Red Hat OpenShift I: Containers & Kubern

2025 年，C++ 还能“硬核”多久？

RH199 RHCSA Rapid Track

[经验分享] (七)saltstack项目实战_安装nginx

浏览过的版块

扫码加入运维网微信交流群