saltstack接触也有一段时间了,感觉saltstack强大之处在于state文件部署,通过他可以给我们大批量部署节省很多时间,今天就用部署我前端的转发服务器为例进行源码部署nginx;水平有限希望大家多多指导。
思路:
1、用grains收集cpu、打开文件数等信息结合jinja配置nginx.conf文件
2、使用pillar保存我们要使用的变量结合jinja配置vhost.conf文件
3、state安装推送文件
部署步骤:
1、编写grains,根据系统打开文件数配置合理的nginx打开文件数量:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@mail nginx]
# cd /srv/salt/_grains/
[root@mail _grains]
# cat nginx_config.py
import
os,sys,commands
def
NginxGrains():
grains
=
{}
max_open_file
=
65536
#Worker_info={'cpus2':'01 10','cpus4':'1000 0100 0010 0001','cpus8':'10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001'}
try
:
getulimit
=
commands.getstatusoutput(
'source /etc/profile;ulimit -n'
)
except
Exception,e:
pass
if
getulimit[
0
]
=
=
0
:
max_open_file
=
int
(getulimit[
1
])
grains[
'max_open_file'
]
=
max_open_file
return
grains
if
__name__
=
=
'__main__'
:
print
NginxGrains()
推送文件到客户端并启动文件重启客户端生效:
salt
'*'
saltutil.sync_all
salt
'*'
sys.reload_modules
|
2、编写变量之pillar,这里我定义了域名和后端转发主机:
1
2
3
4
5
6
7
|
[root@mail pillar]
# cat top.sls
base:
'*'
:
-
vhost
[root@mail pillar]
# cat vhost.sls
hostname: www.huasuan.com
pass
:
192.168
.
10.100
|
3、编写state所有文件,先查看目录选项:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[root@mail salt]
# tree nginx
nginx
├── conf.sls
├── files
│?? ├── nginx
│?? ├── nginx
-
1.6
.
0.tar
.gz
│?? ├── nginx.conf
│?? └── huasuan.conf
├── init.sls
├── install.sls
├── server.sls
└── vhost.sls
注释:init.sls指定启用哪个入口选项,install.sls指定安装步骤,server.sls表示管理服务脚本,
conf.sls指定管理配置文件nginx.conf,vhost.sls 指定管理vhost.sls目录下的虚拟主机。
|
4、查看top文件和init文件:
1
2
3
4
5
6
7
8
9
10
11
|
[root@mail nginx]
# cat install.sls
[root@mail salt]
# cat top.sls
base:
'*'
:
-
nginx
[root@mail salt]
# cat nginx/init.sls
include:
-
nginx.install
-
nginx.conf
-
nginx.server
-
nginx.vhost
|
5、安装install,sls文件:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#nginx.tar.gz
nginx_source:
file
.managed:
-
name:
/
tmp
/
nginx
-
1.6
.
0.tar
.gz
-
unless: test
-
e
/
tmp
/
nginx
-
1.6
.
0.tar
.gz
-
source: salt:
/
/
nginx
/
files
/
nginx
-
1.6
.
0.tar
.gz
#extract
extract_nginx:
cmd.run:
-
cwd:
/
tmp
-
names:
-
tar zxvf nginx
-
1.6
.
0.tar
.gz
-
unless: test
-
d
/
tmp
/
nginx
-
1.6
.
0
-
require:
-
file
: nginx_source
#user
nginx_user:
user.present:
-
name: nginx
-
uid:
1501
-
createhome:
False
-
gid_from_name:
True
-
shell:
/
sbin
/
nologin
#nginx_pkgs
nginx_pkg:
pkg.installed:
-
pkgs:
-
gcc
-
openssl
-
devel
-
pcre
-
devel
-
zlib
-
devel
#nginx_compile
nginx_compile:
cmd.run:
-
cwd:
/
tmp
/
nginx
-
1.6
.
0
-
names:
-
.
/
configure
-
-
prefix
=
/
usr
/
local
/
nginx
-
-
user
=
nginx
-
-
group
=
nginx
-
-
with
-
http_ssl_module
-
-
with
-
http_gzip_static_module
-
-
http
-
client
-
body
-
temp
-
path
=
/
usr
/
local
/
nginx
/
client
/
-
-
http
-
proxy
-
temp
-
path
=
/
usr
/
local
/
nginx
/
proxy
/
-
-
http
-
fastcgi
-
temp
-
path
=
/
usr
/
local
/
nginx
/
fcgi
/
-
-
with
-
poll_module
-
-
with
-
file
-
aio
-
-
with
-
http_realip_module
-
-
with
-
http_addition_module
-
-
with
-
http_random_index_module
-
-
with
-
pcre
-
-
with
-
http_stub_status_module
-
make
-
make install
-
require:
-
cmd: extract_nginx
-
pkg: nginx_pkg
-
unless: test
-
d
/
usr
/
local
/
nginx
#cache_dir
cache_dir:
cmd.run:
-
names:
-
mkdir
-
p
/
usr
/
local
/
nginx
/
{client,proxy,fcgi} && chown
-
R nginx.nginx
/
usr
/
local
/
nginx
/
-
mkdir
-
p
/
usr
/
local
/
nginx
/
conf
/
vhost && chown
-
R nginx.nginx
/
usr
/
local
/
nginx
/
conf
/
vhost
-
unless: test
-
d
/
usr
/
local
/
nginx
/
client
/
-
require:
-
cmd: nginx_compile
注释:nginx使用源码编译安装的方式,包括了文件包推送,解压、安装管理,主要核心是cmd的使用
|
6、管理配置文件conf.sls:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@mail nginx]
# cat conf.sls
include:
-
nginx.install
nginx_service:
file
.managed:
-
name:
/
usr
/
local
/
nginx
/
conf
/
nginx.conf
-
user: nginx
-
mode:
644
-
source: salt:
/
/
nginx
/
files
/
nginx.conf
-
template: jinja
service.running:
-
name: nginx
-
enable:
True
-
reload
:
True
-
watch:
-
file
:
/
usr
/
local
/
nginx
/
conf
/
nginx.conf
|
7、服务脚本启动文件管理server.sls:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
[root@mail nginx]
# cat server.sls
include:
-
nginx.install
server:
file
.managed:
-
name:
/
etc
/
init.d
/
nginx
-
user: root
-
mode:
755
-
source: salt:
/
/
nginx
/
files
/
nginx
service.running:
-
name: nginx
-
enable:
True
-
reload
:
True
-
watch:
-
file
:
/
etc
/
init.d
/
nginx
command:
cmd.run:
-
names:
-
/
sbin
/
chkconfig
-
-
add nginx
-
/
sbin
/
chkconfig nginx on
-
unless:
/
sbin
/
chkconfig
-
-
list
nginx
|
8、虚拟主机管理配置文件:vhost.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@mail nginx]
# cat vhost.sls
include:
-
nginx.install
vhostconfig:
file
.managed:
-
name:
/
usr
/
local
/
nginx
/
conf
/
vhost
/
huasuan.conf
-
user: root
-
mode:
644
-
source: salt:
/
/
nginx
/
files
/
huasuan.conf
-
template: jinja
service.running:
-
name: nginx
-
enable:
True
-
reload
:
True
-
watch:
-
file
:
/
usr
/
local
/
nginx
/
conf
/
vhost
/
huasuan.conf
|
上面几个分别是把已经保存在files目录下的配置文件推送到客户端,都是使用jinja模板为了使用系统的grains和pillar变量:
9、分别查看以下几个配置文件nginx.conf:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# For more information on configuration, see:
user nginx;
worker_processes {{ grains[
'num_cpus'
] }};
{
%
if
grains[
'num_cpus'
]
=
=
2
%
}
worker_cpu_affinity
01
10
;
{
%
elif
grains[
'num_cpus'
]
=
=
4
%
}
worker_cpu_affinity
1000
0100
0010
0001
;
{
%
elif
grains[
'num_cpus'
] >
=
8
%
}
worker_cpu_affinity
00000001
00000010
00000100
00001000
00010000
00100000
01000000
10000000
;
{
%
else
%
}
worker_cpu_affinity
1000
0100
0010
0001
;
{
%
endif
%
}
worker_rlimit_nofile {{ grains[
'max_open_file'
] }};
error_log
/
var
/
log
/
nginx
/
error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid
/
var
/
run
/
nginx.pid;
events {
worker_connections {{ grains[
'max_open_file'
] }};
}
http
{
include mime.types;
default_type application
/
octet
-
stream;
charset utf
-
8
;
server_names_hash_bucket_size
128
;
client_header_buffer_size
32k
;
large_client_header_buffers
4
32k
;
client_max_body_size
128m
;
sendfile on;
tcp_nopush on;
keepalive_timeout
60
;
tcp_nodelay on;
server_tokens off;
client_body_buffer_size
512k
;
gzip on;
gzip_min_length
1k
;
gzip_buffers
4
16k
;
gzip_http_version
1.1
;
gzip_comp_level
2
;
gzip_types text
/
plain application
/
x
-
javascript text
/
css application
/
xml;
gzip_vary on;
log_format main
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" "$host"'
;
include vhost
/
*
.conf;
}
注释:grains[
'max_open_file'
]这个变量由我们第一个创建的自定义grains收集到服务端,基于jinja
来返回客户端
|
10、虚拟主机配置文件vhost:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[root@mail files]
# cat huasuan.conf
server {
listen
80
;
server_name {{ pillar[
'hostname'
] }};
location
/
{
proxy_pass http:
/
/
{{ pillar[
'pass'
] }};
proxy_set_header Host $host;
proxy_set_header X
-
Real
-
IP $remote_addr;
proxy_set_header X
-
Forwarded
-
For $proxy_add_x_forwarded_for;
}
location ~
/
\.git {
deny
all
;
}
}
注释:pillar[
'hostname'
]和pillar[
'pass'
]由上面我们定义的pillar基于jinja获得,这里用反向代
理服务器为例
|
10、服务启动脚本,没什么特别;就是放上去服务器端同步到客户端启动目录下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
[root@mail files]
# cat nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
.
/
etc
/
rc.d
/
init.d
/
functions
# Source networking configuration.
.
/
etc
/
sysconfig
/
network
# Check that networking is up.
[
"$NETWORKING"
=
"no"
] && exit
0
nginx
=
"/usr/local/nginx/sbin/nginx"
prog
=
$(basename $nginx)
NGINX_CONF_FILE
=
"/usr/local/nginx/conf/nginx.conf"
lockfile
=
/
var
/
lock
/
subsys
/
nginx
make_dirs() {
# make required directories
user
=
`$nginx
-
V
2
>&
1
| grep
"configure arguments:"
| sed
's/[^*]*--user=\([^ ]*\).*/\1/g'
-
`
if
[
-
z
"`grep $user /etc/passwd`"
]; then
useradd
-
M
-
s
/
bin
/
nologin $user
fi
options
=
`$nginx
-
V
2
>&
1
| grep
'configure arguments:'
`
for
opt
in
$options; do
if
[ `echo $opt | grep
'.*-temp-path'
` ]; then
value
=
`echo $opt | cut
-
d
"="
-
f
2
`
if
[ !
-
d
"$value"
]; then
# echo "creating" $value
mkdir
-
p $value && chown
-
R $user $value
fi
fi
done
}
start() {
[
-
x $nginx ] || exit
5
[
-
f $NGINX_CONF_FILE ] || exit
6
make_dirs
echo
-
n $
"Starting $prog: "
daemon $nginx
-
c $NGINX_CONF_FILE
retval
=
$?
echo
[ $retval
-
eq
0
] && touch $lockfile
return
$retval
}
stop() {
echo
-
n $
"Stopping $prog: "
killproc $prog
-
QUIT
retval
=
$?
echo
[ $retval
-
eq
0
] && rm
-
f $lockfile
return
$retval
}
restart() {
configtest ||
return
$?
stop
sleep
1
start
}
reload
() {
configtest ||
return
$?
echo
-
n $
"Reloading $prog: "
killproc $nginx
-
HUP
RETVAL
=
$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx
-
t
-
c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >
/
dev
/
null
2
>&
1
}
case
"$1"
in
start)
rh_status_q && exit
0
$
1
;;
stop)
rh_status_q || exit
0
$
1
;;
restart|configtest)
$
1
;;
reload
)
rh_status_q || exit
7
$
1
;;
force
-
reload
)
force_reload
;;
status)
rh_status
;;
condrestart|
try
-
restart)
rh_status_q || exit
0
;;
*
)
echo $
"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit
2
esac
|
11、配置完成:启动服务器开始安装操作:
1
2
|
启动操作:
[root@mail salt]
# salt 'monitor' state.highstate
|
12、查看结果:
查看客户端文件配置文件看到已经生效,我客户端是4核所以给的worker_processer是4:
并且已经启动了nginx服务:
到此全部的安装部署流程已经走完,用saltstack我们发现有再多的机器很快也能按照我们需求对系统来快速部署。