saltstack接觸也有一段時間了,感覺saltstack強大之處在於state文件部署,通過他可以給我們大批量部署節省很多時間,今天就用部署我前端的轉發服務器為例進行源碼部署nginx;水平有限希望大家多多指導。
思路:
1、用grains收集cpu、打開文件數等信息結合jinja配置nginx.conf文件
2、使用pillar保存我們要使用的變量結合jinja配置vhost.conf文件
3、state安裝推送文件
部署步驟:
1、編寫grains,根據系統打開文件數配置合理的nginx打開文件數量:
[root@mailnginx]#cd/srv/salt/_grains/ [root@mail_grains]#catnginx_config.py importos,sys,commands defNginxGrains(): grains={} max_open_file=65536 #Worker_info={'cpus2':'0110','cpus4':'1000010000100001','cpus8':'1000000001000000001000000001000000001000000001000000001000000001'} try: getulimit=commands.getstatusoutput('source/etc/profile;ulimit-n') exceptException,e: pass ifgetulimit[0]==0: max_open_file=int(getulimit[1]) grains['max_open_file']=max_open_file returngrains if__name__=='__main__': printNginxGrains() 推送文件到客戶端並啟動文件重啟客戶端生效: salt'*'saltutil.sync_all salt'*'sys.reload_modules
2、編寫變量之pillar,這裡我定義了域名和後端轉發主機:
[root@mailpillar]#cattop.sls base: '*': -vhost [root@mailpillar]#catvhost.sls hostname:www.huasuan.com pass:192.168.10.100
3、編寫state所有文件,先查看目錄選項:
[root@mailsalt]#treenginx nginx ├──conf.sls ├──files │??├──nginx │??├──nginx-1.6.0.tar.gz │??├──nginx.conf │??└──huasuan.conf ├──init.sls ├──install.sls ├──server.sls └──vhost.sls 注釋:init.sls指定啟用哪個入口選項,install.sls指定安裝步驟,server.sls表示管理服務腳本, conf.sls指定管理配置文件nginx.conf,vhost.sls指定管理vhost.sls目錄下的虛擬主機。
4、查看top文件和init文件:
[root@mailnginx]#catinstall.sls [root@mailsalt]#cattop.sls base: '*': -nginx [root@mailsalt]#catnginx/init.sls include: -nginx.install -nginx.conf -nginx.server -nginx.vhost
5、安裝install,sls文件:
#nginx.tar.gz nginx_source: file.managed: -name:/tmp/nginx-1.6.0.tar.gz -unless:test-e/tmp/nginx-1.6.0.tar.gz -source:salt://nginx/files/nginx-1.6.0.tar.gz #extract extract_nginx: cmd.run: -cwd:/tmp -names: -tarzxvfnginx-1.6.0.tar.gz -unless:test-d/tmp/nginx-1.6.0 -require: -file:nginx_source #user nginx_user: user.present: -name:nginx -uid:1501 -createhome:False -gid_from_name:True -shell:/sbin/nologin #nginx_pkgs nginx_pkg: pkg.installed: -pkgs: -gcc -openssl-devel -pcre-devel -zlib-devel #nginx_compile nginx_compile: cmd.run: -cwd:/tmp/nginx-1.6.0 -names: -./configure--prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_ssl_module--with-http_gzip_static_module--http-client-body-temp-path=/usr/local/nginx/client/--http-proxy-temp-path=/usr/local/nginx/proxy/--http-fastcgi-temp-path=/usr/local/nginx/fcgi/--with-poll_module--with-file-aio--with-http_realip_module--with-http_addition_module--with-http_random_index_module--with-pcre--with-http_stub_status_module -make -makeinstall -require: -cmd:extract_nginx -pkg:nginx_pkg -unless:test-d/usr/local/nginx #cache_dir cache_dir: cmd.run: -names: -mkdir-p/usr/local/nginx/{client,proxy,fcgi}&&chown-Rnginx.nginx/usr/local/nginx/ -mkdir-p/usr/local/nginx/conf/vhost&&chown-Rnginx.nginx/usr/local/nginx/conf/vhost -unless:test-d/usr/local/nginx/client/ -require: -cmd:nginx_compile 注釋:nginx使用源碼編譯安裝的方式,包括了文件包推送,解壓、安裝管理,主要核心是cmd的使用
6、管理配置文件conf.sls:
[root@mailnginx]#catconf.sls include: -nginx.install nginx_service: file.managed: -name:/usr/local/nginx/conf/nginx.conf -user:nginx -mode:644 -source:salt://nginx/files/nginx.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/nginx.conf
7、服務腳本啟動文件管理server.sls:
[root@mailnginx]#catserver.sls include: -nginx.install server: file.managed: -name:/etc/init.d/nginx -user:root -mode:755 -source:salt://nginx/files/nginx service.running: -name:nginx -enable:True -reload:True -watch: -file:/etc/init.d/nginx command: cmd.run: -names: -/sbin/chkconfig--addnginx -/sbin/chkconfignginxon -unless:/sbin/chkconfig--listnginx
8、虛擬主機管理配置文件:vhost.sls
[root@mailnginx]#catvhost.sls include: -nginx.install vhostconfig: file.managed: -name:/usr/local/nginx/conf/vhost/huasuan.conf -user:root -mode:644 -source:salt://nginx/files/huasuan.conf -template:jinja service.running: -name:nginx -enable:True -reload:True -watch: -file:/usr/local/nginx/conf/vhost/huasuan.conf
上面幾個分別是把已經保存在files目錄下的配置文件推送到客戶端,都是使用jinja模板為了使用系統的grains和pillar變量:
9、分別查看以下幾個配置文件nginx.conf:
#Formoreinformationonconfiguration,see: usernginx; worker_processes{{grains['num_cpus']}}; {%ifgrains['num_cpus']==2%} worker_cpu_affinity0110; {%elifgrains['num_cpus']==4%} worker_cpu_affinity1000010000100001; {%elifgrains['num_cpus']>=8%} worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000; {%else%} worker_cpu_affinity1000010000100001; {%endif%} worker_rlimit_nofile{{grains['max_open_file']}}; error_log/var/log/nginx/error.log; #error_log/var/log/nginx/error.lognotice; #error_log/var/log/nginx/error.loginfo; pid/var/run/nginx.pid; events{ worker_connections{{grains['max_open_file']}}; } http { includemime.types; default_typeapplication/octet-stream; charsetutf-8; server_names_hash_bucket_size128; client_header_buffer_size32k; large_client_header_buffers432k; client_max_body_size128m; sendfileon; tcp_nopushon; keepalive_timeout60; tcp_nodelayon; server_tokensoff; client_body_buffer_size512k; gzipon; gzip_min_length1k; gzip_buffers416k; gzip_http_version1.1; gzip_comp_level2; gzip_typestext/plainapplication/x-javascripttext/cssapplication/xml; gzip_varyon; log_formatmain'$remote_addr-$remote_user[$time_local]"$request"' '$status$body_bytes_sent"$http_referer"' '"$http_user_agent""$http_x_forwarded_for""$host"'; includevhost/*.conf; } 注釋:grains['max_open_file']這個變量由我們第一個創建的自定義grains收集到服務端,基於jinja 來返回客戶端
10、虛擬主機配置文件vhost:
[root@mailfiles]#cathuasuan.conf server{ listen80; server_name{{pillar['hostname']}}; location/{ proxy_passhttp://{{pillar['pass']}}; proxy_set_headerHost$host; proxy_set_headerX-Real-IP$remote_addr; proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for; } location~/\.git{ denyall; } } 注釋:pillar['hostname']和pillar['pass']由上面我們定義的pillar基於jinja獲得,這裡用反向代 理服務器為例
10、服務啟動腳本,沒什麼特別;就是放上去服務器端同步到客戶端啟動目錄下:
[root@mailfiles]#catnginx #!/bin/sh # #nginx-thisscriptstartsandstopsthenginxdaemon # #chkconfig:-8515 #description:NginxisanHTTP(S)server,HTTP(S)reverse\ #proxyandIMAP/POP3proxyserver #processname:nginx #config:/usr/local/nginx/conf/nginx.conf #pidfile:/usr/local/nginx/logs/nginx.pid #Sourcefunctionlibrary. ./etc/rc.d/init.d/functions #Sourcenetworkingconfiguration. ./etc/sysconfig/network #Checkthatnetworkingisup. ["$NETWORKING"="no"]&&exit0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename$nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" lockfile=/var/lock/subsys/nginx make_dirs(){ #makerequireddirectories user=`$nginx-V2>&1|grep"configurearguments:"|sed's/[^*]*--user=\([^]*\).*/\1/g'-` if[-z"`grep$user/etc/passwd`"];then useradd-M-s/bin/nologin$user fi options=`$nginx-V2>&1|grep'configurearguments:'` foroptin$options;do if[`echo$opt|grep'.*-temp-path'`];then value=`echo$opt|cut-d"="-f2` if[!-d"$value"];then #echo"creating"$value mkdir-p$value&&chown-R$user$value fi fi done } start(){ [-x$nginx]||exit5 [-f$NGINX_CONF_FILE]||exit6 make_dirs echo-n$"Starting$prog:" daemon$nginx-c$NGINX_CONF_FILE retval=$? echo [$retval-eq0]&&touch$lockfile return$retval } stop(){ echo-n$"Stopping$prog:" killproc$prog-QUIT retval=$? echo [$retval-eq0]&&rm-f$lockfile return$retval } restart(){ configtest||return$? stop sleep1 start } reload(){ configtest||return$? echo-n$"Reloading$prog:" killproc$nginx-HUP RETVAL=$? echo } force_reload(){ restart } configtest(){ $nginx-t-c$NGINX_CONF_FILE } rh_status(){ status$prog } rh_status_q(){ rh_status>/dev/null2>&1 } case"$1"in start) rh_status_q&&exit0 $1 ;; stop) rh_status_q||exit0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q||exit7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q||exit0 ;; *) echo$"Usage:$0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit2 esac
11、配置完成:啟動服務器開始安裝操作:
啟動操作: [root@mailsalt]#salt'monitor'state.highstate
12、查看結果:
查看客戶端文件配置文件看到已經生效,我客戶端是4核所以給的worker_processer是4:
並且已經啟動了nginx服務:
到此全部的安裝部署流程已經走完,用saltstack我們發現有再多的機器很快也能按照我們需求對系統來快速部署。
本文出自 “小羅” 博客,請務必保留此出處http://xiaoluoge.blog.51cto.com/9141967/1722289