1./srv/salt/nginx目录树
. conf.sls file |--- nginx |--- nginx-1.5.1.tar.gz |--- nginx.conf |--- nginx_log_cut.sh |--- vhost.conf init.sls install.sls vhost.sls
/srv/salt/top.sls
base: 'test82.salt.cn': - nginx.init
2.init.sls 初始化所有sls文件
/srv/salt/nginx/init.sls
include: - nginx.install - nginx.conf - nginx.vhost
3.install.sls nginx的安装sls
/srv/salt/nginx/install.sls
nginx_source: file.managed: - name: /tmp/nginx-1.5.1.tar.gz - unless: test -e /tmp/nginx-1.5.1.tar.gz - user: root - group: root - makedirs: True - source: salt://nginx/file/nginx-1.5.1.tar.gz nginx_extract: cmd.run: - cwd: /tmp - names: - tar zxf nginx-1.5.1.tar.gz - unless: test -d /tmp/nginx-1.5.1 - require: - file: nginx_source nginx_user: user.present: - name: www - createhome: False - gid_from_name: True - shell: /sbin/nologin nginx_pkg: pkg.installed: - pkgs: - gcc - gcc-c++ - openssl-devel - pcre-devel - zlib-devel nginx_compile: cmd.run: - cwd: /tmp/nginx-1.5.1 - names: - ./configure --user=www --group=www --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_gzip_static_module --with-http_ssl_module --with-http_realip_module - make - make install - require: - cmd: nginx_extract - pkg: nginx_pkg - unless: test -d /usr/local/nginx create_dir: cmd.run: - names: - chown -R www.www /var/html/www - mkdir -p /usr/local/nginx/conf/vhost - unless: test -d /usr/local/nginx/conf/vhost - require: - cmd: nginx_compile
4.conf.sls 管理nginx主配置文件
/srv/salt/nginx/conf.sls
include: - nginx.install {% set nginx_user = 'www' %} nginx_conf: file.managed: - name: /usr/local/nginx/conf/nginx.conf - source: salt://nginx/file/nginx.conf - template: jinja - defaults: nginx_user: {{ nginx_user }} num_cpus: {{ grains['num_cpus'] }} nginx_service : file.managed: - name: /etc/init.d/nginx - user: root - mode: 755 - source: salt://nginx/file/nginx cmd.run: - names: - /sbin/chkconfig --add nginx - /sbin/chkconfig nginx on - unless: /sbin/chkconfig --list nginx service.running: - name: nginx - enable: True - reload: True - watch: - file: /usr/local/nginx/conf/vhost/*.conf nginx_log_cut: file.managed: - name: /usr/local/nginx/sbin/nginx_log_cut.sh - source: salt://nginx/file/nginx_log_cut.sh cron.present: - name: sh /usr/local/nginx/sbin/nginx_log_cut.sh - user: root - minute: 10 - hour: 0 - require: - file: nginx_log_cut
5.使用pillar适合针对不同的主机动态生成配置
/srv/pillar目录树
.
top.sls
vhost.sls
/srv/pillar/top.sls
base: 'test82.salt.cn': - vhost
/srv/pillar/vhost.sls
vhost: {% if 'test8' in grains['id'] %} - name: www target: /usr/local/nginx/conf/vhost/vhost_www.conf {% else %} - name: bbs target: /usr/local/nginx/conf/vhost/vhost_bbs.conf {% endif %}
6.vhost.sls 生成虚拟机配置文件
/srv/salt/nginx/vhost.sls
include: - nginx.install {% for vhostname in pillar['vhost'] %} {{ vhostname['name'] }}: file.managed: - name: {{ vhostname['target'] }} - source: salt://nginx/file/vhost.conf - target: {{ vhostname['target'] }} - template: jinja - defaults: server_name: {{ grains['fqdn_ip4'][0] }} log_name: {{ vhostname['name'] }} - watch_in: service: nginx {% endfor %}
6.nginx.conf 主配置文件模板
/srv/salt/nginx/file/nginx.conf
# user {{ nginx_user }}; worker_processes {{grains['num_cpus']}}; error_log logs/nginx_error.log notice; pid /usr/local/nginx/sbin/nginx.pid; worker_rlimit_nofile 65535; events { use epoll; worker_connections 65535; } http { include mime.types; default_type application/octet-stream; charset utf-8; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 32k; client_max_body_size 128m; sendfile on; tcp_nopush on; keepalive_timeout 60; tcp_nodelay on; server_tokens off; client_body_buffer_size 512k; gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$host"' ; include vhost/*.conf; }
7.nginx nginx服务管理脚本
/srv/salt/nginx/file/nginx
#!/bin/sh # # nginx - this script starts and stops the nginx daemon # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse # proxy and IMAP/POP3 proxy server # processname: nginx # config: /usr/local/nginx/conf/nginx.conf # pidfile: /usr/local/nginx/logs/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/usr/local/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf" lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`$nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=([^ ]*).*/1/g' -` if [ -z "`grep $user /etc/passwd`" ]; then useradd -M -s /bin/nologin $user fi options=`$nginx -V 2>&1 | grep 'configure arguments:'` for opt in $options; do if [ `echo $opt | grep '.*-temp-path'` ]; then value=`echo $opt | cut -d "=" -f 2` if [ ! -d "$value" ]; then # echo "creating" $value mkdir -p $value && chown -R $user $value fi fi done } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac
8.nginx_log_cut.sh nginx日志切割脚本
/srv/salt/nginx/file/nginx_log_cut.sh
#!/bin/bash logs_path=/usr/local/nginx/logs yesterday=`date -d "yesterday" +%F` mkdir -p $logs_path/$yesterday cd $logs_path for nginx_logs in `ls *log` ; do mv $nginx_logs ${yesterday}/${yesterday}-${nginx_logs} kill -USR1 `cat /usr/local/nginx/sbin/nginx.pid` done
9.vhost.sls 虚拟机配置文件
/srv/salt/nginx/file/vhost.conf
server { listen 80; server_name {{ server_name }}; index index.html index.htm ; root html; #location ~ .*.(php|php5)?$ # { # try_files $uri =404; # fastcgi_pass unix:/tmp/php-cgi.sock; # fastcgi_index index.php; # include fcgi.conf; # } location /status { stub_status on; } location ~ .*.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; } location ~ .*.(js|css)?$ { expires 1d; } access_log logs/{{ log_name }}-access.log main; }
10.安装配置nginx
命令行执行如下
salt 'test82.salt.cn' state.highstate