saltstack 之源碼部署管理nginx

saltstack接觸也有一段時間了，感覺saltstack強大之處在於state文件部署，通過他可以給我們大批量部署節省很多時間，今天就用部署我前端的轉發服務器為例進行源碼部署nginx；水平有限希望大家多多指導。

思路：

1、用grains收集cpu、打開文件數等信息結合jinja配置nginx.conf文件

2、使用pillar保存我們要使用的變量結合jinja配置vhost.conf文件

3、state安裝推送文件

部署步驟：

1、編寫grains，根據系統打開文件數配置合理的nginx打開文件數量：

[root@mailnginx]#cd/srv/salt/_grains/
[root@mail_grains]#catnginx_config.py
importos,sys,commands
defNginxGrains():
grains={}
max_open_file=65536
#Worker_info={'cpus2':'0110','cpus4':'1000010000100001','cpus8':'1000000001000000001000000001000000001000000001000000001000000001'}
try:
getulimit=commands.getstatusoutput('source/etc/profile;ulimit-n')
exceptException,e:
pass
ifgetulimit[0]==0:
max_open_file=int(getulimit[1])
grains['max_open_file']=max_open_file
returngrains
if__name__=='__main__':
printNginxGrains()
推送文件到客戶端並啟動文件重啟客戶端生效：
salt'*'saltutil.sync_all
salt'*'sys.reload_modules

2、編寫變量之pillar，這裡我定義了域名和後端轉發主機：

[root@mailpillar]#cattop.sls
base:
'*':
-vhost
[root@mailpillar]#catvhost.sls
hostname:www.huasuan.com
pass:192.168.10.100

3、編寫state所有文件，先查看目錄選項：

[root@mailsalt]#treenginx
nginx
├──conf.sls
├──files
│??├──nginx
│??├──nginx-1.6.0.tar.gz
│??├──nginx.conf
│??└──huasuan.conf
├──init.sls
├──install.sls
├──server.sls
└──vhost.sls

注釋：init.sls指定啟用哪個入口選項，install.sls指定安裝步驟，server.sls表示管理服務腳本,
conf.sls指定管理配置文件nginx.conf，vhost.sls指定管理vhost.sls目錄下的虛擬主機。

4、查看top文件和init文件：

[root@mailnginx]#catinstall.sls
[root@mailsalt]#cattop.sls
base:
'*':
-nginx
[root@mailsalt]#catnginx/init.sls
include:
-nginx.install
-nginx.conf
-nginx.server
-nginx.vhost

5、安裝install,sls文件:

#nginx.tar.gz
nginx_source:
file.managed:
-name:/tmp/nginx-1.6.0.tar.gz
-unless:test-e/tmp/nginx-1.6.0.tar.gz
-source:salt://nginx/files/nginx-1.6.0.tar.gz
#extract
extract_nginx:
cmd.run:
-cwd:/tmp
-names:
-tarzxvfnginx-1.6.0.tar.gz
-unless:test-d/tmp/nginx-1.6.0
-require:
-file:nginx_source
#user
nginx_user:
user.present:
-name:nginx
-uid:1501
-createhome:False
-gid_from_name:True
-shell:/sbin/nologin
#nginx_pkgs
nginx_pkg:
pkg.installed:
-pkgs:
-gcc
-openssl-devel
-pcre-devel
-zlib-devel
#nginx_compile
nginx_compile:
cmd.run:
-cwd:/tmp/nginx-1.6.0
-names:
-./configure--prefix=/usr/local/nginx--user=nginx--group=nginx--with-http_ssl_module--with-http_gzip_static_module--http-client-body-temp-path=/usr/local/nginx/client/--http-proxy-temp-path=/usr/local/nginx/proxy/--http-fastcgi-temp-path=/usr/local/nginx/fcgi/--with-poll_module--with-file-aio--with-http_realip_module--with-http_addition_module--with-http_random_index_module--with-pcre--with-http_stub_status_module
-make
-makeinstall
-require:
-cmd:extract_nginx
-pkg:nginx_pkg
-unless:test-d/usr/local/nginx
#cache_dir
cache_dir:
cmd.run:
-names:
-mkdir-p/usr/local/nginx/{client,proxy,fcgi}&&chown-Rnginx.nginx/usr/local/nginx/
-mkdir-p/usr/local/nginx/conf/vhost&&chown-Rnginx.nginx/usr/local/nginx/conf/vhost
-unless:test-d/usr/local/nginx/client/
-require:
-cmd:nginx_compile

注釋：nginx使用源碼編譯安裝的方式，包括了文件包推送，解壓、安裝管理，主要核心是cmd的使用

6、管理配置文件conf.sls:

[root@mailnginx]#catconf.sls
include:
-nginx.install

nginx_service:
file.managed:
-name:/usr/local/nginx/conf/nginx.conf
-user:nginx
-mode:644
-source:salt://nginx/files/nginx.conf
-template:jinja
service.running:
-name:nginx
-enable:True
-reload:True
-watch:
-file:/usr/local/nginx/conf/nginx.conf

7、服務腳本啟動文件管理server.sls:

[root@mailnginx]#catserver.sls
include:
-nginx.install
server:
file.managed:
-name:/etc/init.d/nginx
-user:root
-mode:755
-source:salt://nginx/files/nginx
service.running:
-name:nginx
-enable:True
-reload:True
-watch:
-file:/etc/init.d/nginx
command:
cmd.run:
-names:
-/sbin/chkconfig--addnginx
-/sbin/chkconfignginxon
-unless:/sbin/chkconfig--listnginx

8、虛擬主機管理配置文件：vhost.sls

[root@mailnginx]#catvhost.sls
include:
-nginx.install

vhostconfig:
file.managed:
-name:/usr/local/nginx/conf/vhost/huasuan.conf
-user:root
-mode:644
-source:salt://nginx/files/huasuan.conf
-template:jinja
service.running:
-name:nginx
-enable:True
-reload:True
-watch:
-file:/usr/local/nginx/conf/vhost/huasuan.conf

上面幾個分別是把已經保存在files目錄下的配置文件推送到客戶端，都是使用jinja模板為了使用系統的grains和pillar變量：

9、分別查看以下幾個配置文件nginx.conf：

#Formoreinformationonconfiguration,see:
usernginx;
worker_processes{{grains['num_cpus']}};
{%ifgrains['num_cpus']==2%}
worker_cpu_affinity0110;
{%elifgrains['num_cpus']==4%}
worker_cpu_affinity1000010000100001;
{%elifgrains['num_cpus']>=8%}
worker_cpu_affinity0000000100000010000001000000100000010000001000000100000010000000;
{%else%}
worker_cpu_affinity1000010000100001;
{%endif%}
worker_rlimit_nofile{{grains['max_open_file']}};

error_log/var/log/nginx/error.log;
#error_log/var/log/nginx/error.lognotice;
#error_log/var/log/nginx/error.loginfo;

pid/var/run/nginx.pid;

events{
worker_connections{{grains['max_open_file']}};
}

http
{
includemime.types;
default_typeapplication/octet-stream;
charsetutf-8;
server_names_hash_bucket_size128;
client_header_buffer_size32k;
large_client_header_buffers432k;
client_max_body_size128m;
sendfileon;
tcp_nopushon;
keepalive_timeout60;
tcp_nodelayon;
server_tokensoff;
client_body_buffer_size512k;
gzipon;
gzip_min_length1k;
gzip_buffers416k;
gzip_http_version1.1;
gzip_comp_level2;
gzip_typestext/plainapplication/x-javascripttext/cssapplication/xml;
gzip_varyon;
log_formatmain'$remote_addr-$remote_user[$time_local]"$request"'
'$status$body_bytes_sent"$http_referer"'
'"$http_user_agent""$http_x_forwarded_for""$host"';
includevhost/*.conf;
}

注釋：grains['max_open_file']這個變量由我們第一個創建的自定義grains收集到服務端，基於jinja
來返回客戶端

10、虛擬主機配置文件vhost:

[root@mailfiles]#cathuasuan.conf
server{
listen80;
server_name{{pillar['hostname']}};
location/{
proxy_passhttp://{{pillar['pass']}};
proxy_set_headerHost$host;
proxy_set_headerX-Real-IP$remote_addr;
proxy_set_headerX-Forwarded-For$proxy_add_x_forwarded_for;
}
location~/\.git{
denyall;
}
}
注釋：pillar['hostname']和pillar['pass']由上面我們定義的pillar基於jinja獲得，這裡用反向代
理服務器為例

10、服務啟動腳本，沒什麼特別；就是放上去服務器端同步到客戶端啟動目錄下：

[root@mailfiles]#catnginx
#!/bin/sh
#
#nginx-thisscriptstartsandstopsthenginxdaemon
#
#chkconfig:-8515
#description:NginxisanHTTP(S)server,HTTP(S)reverse\
#proxyandIMAP/POP3proxyserver
#processname:nginx
#config:/usr/local/nginx/conf/nginx.conf
#pidfile:/usr/local/nginx/logs/nginx.pid

#Sourcefunctionlibrary.
./etc/rc.d/init.d/functions

#Sourcenetworkingconfiguration.
./etc/sysconfig/network

#Checkthatnetworkingisup.
["$NETWORKING"="no"]&&exit0

nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename$nginx)

NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"


lockfile=/var/lock/subsys/nginx

make_dirs(){
#makerequireddirectories
user=`$nginx-V2>&1|grep"configurearguments:"|sed's/[^*]*--user=\([^]*\).*/\1/g'-`
if[-z"`grep$user/etc/passwd`"];then
useradd-M-s/bin/nologin$user
fi
options=`$nginx-V2>&1|grep'configurearguments:'`
foroptin$options;do
if[`echo$opt|grep'.*-temp-path'`];then
value=`echo$opt|cut-d"="-f2`
if[!-d"$value"];then
#echo"creating"$value
mkdir-p$value&&chown-R$user$value
fi
fi
done
}

start(){
[-x$nginx]||exit5
[-f$NGINX_CONF_FILE]||exit6
make_dirs
echo-n$"Starting$prog:"
daemon$nginx-c$NGINX_CONF_FILE
retval=$?
echo
[$retval-eq0]&&touch$lockfile
return$retval
}

stop(){
echo-n$"Stopping$prog:"
killproc$prog-QUIT
retval=$?
echo
[$retval-eq0]&&rm-f$lockfile
return$retval
}

restart(){
configtest||return$?
stop
sleep1
start
}

reload(){
configtest||return$?
echo-n$"Reloading$prog:"
killproc$nginx-HUP
RETVAL=$?
echo
}

force_reload(){
restart
}

configtest(){
$nginx-t-c$NGINX_CONF_FILE
}

rh_status(){
status$prog
}

rh_status_q(){
rh_status>/dev/null2>&1
}

case"$1"in
start)
rh_status_q&&exit0
$1
;;
stop)
rh_status_q||exit0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q||exit7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q||exit0
;;
*)
echo$"Usage:$0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit2
esac

11、配置完成：啟動服務器開始安裝操作：

啟動操作：
[root@mailsalt]#salt'monitor'state.highstate

12、查看結果：

查看客戶端文件配置文件看到已經生效，我客戶端是4核所以給的worker_processer是4：

並且已經啟動了nginx服務：

到此全部的安裝部署流程已經走完，用saltstack我們發現有再多的機器很快也能按照我們需求對系統來快速部署。

本文出自 “小羅” 博客，請務必保留此出處http://xiaoluoge.blog.51cto.com/9141967/1722289