saltstack配置管理二

作者: print("") 分类: linux 发布时间: 2017-12-27 23:15

因为wordpress格式问题,我就上传了文件saltstack配置管理二 Saltstack 配置keepalived
一、功能模块
新建两个文件
[root@agent srv]# mkdir /srv/salt/prod/keepalived
[root@agent srv]# mkdir /srv/salt/prod/keepalived/files
首先手工安装一次测试一下
cd /usr/local/src/
tar zxf keepalived-1.3.9.tar.gz
cd keepalived-1.3.9
./configure –prefix=/usr/local/keepalived –disable-fwmark
make && make install
启动脚本路径
/usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.init
主配置文件路径
/usr/local/src/keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf
系统文件路径
/usr/local/keepalived/etc/sysconfig/keepalived
/usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig
把文件复制到/srv/salt/prod/keepalived/files/
cp init.d/keepalived.init /srv/salt/prod/keepalived/files/
cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/
cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/
修改keepalived.init
[root@agent files]# cat keepalived.init
#!/bin/sh
#
# Startup script for the Keepalived daemon
#
# processname: keepalived
# pidfile: /var/run/keepalived.pid
# config: /etc/keepalived/keepalived.conf
# chkconfig: – 21 79
# description: Start and stop Keepalived
 
# Source function library
. /etc/rc.d/init.d/functions
 
# Source configuration file (we set KEEPALIVED_OPTIONS there)
. /etc/sysconfig/keepalived
 
RETVAL=0
 
prog=”keepalived”
 
start() {
echo -n $”Starting $prog: ”
daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}   ###只是修改了这一部分
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
}
 
stop() {
echo -n $”Stopping $prog: ”
killproc keepalived
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
}
 
reload() {
echo -n $”Reloading $prog: ”
killproc keepalived -1
RETVAL=$?
echo
}
 
# See how we were called.
case “$1” in
start)
start
;;
stop)
stop
;;
reload)
reload
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
fi
;;
status)
status keepalived
RETVAL=$?
;;
*)
echo “Usage: $0 {start|stop|reload|restart|condrestart|status}”
RETVAL=1
esac
 
exit $RETVAL
现在写自动安装的sls文件
[root@agent keepalived]# cat install.sls
include:
– pkg.pkg-init
 
keepalived-install:
file.managed:
– name: /usr/local/src/keepalived-1.2.19.tar.gz
– source: salt://keepalived/files/keepalived-1.2.19.tar.gz
– user: root
– group: root
– mode: 755
 
cmd.run:
– name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure –prefix=/usr/local/keepalived –disable-fwmark >>/dev/null 2>&1 && make >>/dev/null 2>&1 && make install >>/dev/null 2>&1
– unless: test -d /usr/local/keepalived
– require:
– pkg: pkg-init
– file: keepalived-install
 
keepalived-init:
file.managed:
– name: /etc/init.d/keepalived
– source: salt://keepalived/files/keepalived.init
– user: root
– group: root
– mode: 755
– require:
– cmd: keepalived-install
cmd.run:
– name: chkconfig –add keepalived
– unless: chkconfig –list |grep keepalived
– require:
– file: keepalived-init
 
/etc/sysconfig/keepalived:
file.managed:
– source: salt://keepalived/files/keepalived.sysconfig
– user: root
– group: root
– mode: 644
– unless: test -f /usr/local/keepalived
– require:
– cmd: keepalived-init
– file: keepalived-init
/etc/keepalived:
file.directory:
– user: root
– group: root
– mode: 755
– unless: test -d /etc/keepalived
– require:
– file: /etc/sysconfig/keepalived
测试一下:
[root@agent keepalived]# salt ‘liang’ state.sls keepalived.install env=prod
liang:
———-
ID: pkg-init
Function: pkg.installed
Name: pcre
Result: True
Comment: Package pcre is already installed.
Started: 19:10:47.798680
Duration: 1001.531 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: gcc
Result: True
Comment: Package gcc is already installed.
Started: 19:10:48.800395
Duration: 0.458 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: pcre-devel
Result: True
Comment: Package pcre-devel is already installed.
Started: 19:10:48.800922
Duration: 0.321 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: glibc
Result: True
Comment: Package glibc is already installed.
Started: 19:10:48.801311
Duration: 0.358 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: openssl-devel
Result: True
Comment: Package openssl-devel is already installed.
Started: 19:10:48.801730
Duration: 0.254 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: autoconf
Result: True
Comment: Package autoconf is already installed.
Started: 19:10:48.802037
Duration: 0.333 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: gcc-c++
Result: True
Comment: Package gcc-c++ is already installed.
Started: 19:10:48.802424
Duration: 0.278 ms
Changes:
———-
ID: pkg-init
Function: pkg.installed
Name: make
Result: True
Comment: Package make is already installed.
Started: 19:10:48.802761
Duration: 0.255 ms
Changes:
———-
ID: keepalived-install
Function: file.managed
Name: /usr/local/src/keepalived-1.2.19.tar.gz
Result: True
Comment: File /usr/local/src/keepalived-1.2.19.tar.gz is in the correct state
Started: 19:10:48.806436
Duration: 4.931 ms
Changes:
———-
ID: keepalived-install
Function: cmd.run
Name: cd /usr/local/src/ && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure –prefix=/usr/local/keepalived –disable-fwmark >>/dev/null 2>&1 && make >>/dev/null 2>&1 && make install >>/dev/null 2>&1
Result: True
Comment: unless execution succeeded
Started: 19:10:48.812717
Duration: 6.628 ms
Changes:
———-
ID: keepalived-init
Function: file.managed
Name: /etc/init.d/keepalived
Result: True
Comment: File /etc/init.d/keepalived is in the correct state
Started: 19:10:48.819768
Duration: 3.36 ms
Changes:
———-
ID: keepalived-init
Function: cmd.run
Name: chkconfig –add keepalived
Result: True
Comment: unless execution succeeded
Started: 19:10:48.823607
Duration: 36.325 ms
Changes:
———-
ID: /etc/sysconfig/keepalived
Function: file.managed
Result: True
Comment: File /etc/sysconfig/keepalived is in the correct state
Started: 19:10:48.860464
Duration: 68.047 ms
Changes:
———-
ID: /etc/keepalived
Function: file.directory
Result: True
Comment: unless execution succeeded
Started: 19:10:48.929294
Duration: 6.979 ms
Changes:
 
Summary
————-
Succeeded: 14
Failed:     0
————-
Total states run:     14
在客户端查看一下。看到下面的结果。已经安装成功了。
[root@liang haproxy]# ll /usr/local/keepalived/
总用量 16
drwxr-xr-x. 2 root root 4096 12月  8 19:09 bin
drwxr-xr-x. 5 root root 4096 12月  8 19:09 etc
drwxr-xr-x. 2 root root 4096 12月  8 19:09 sbin
drwxr-xr-x. 3 root root 4096 12月  8 19:09 share
[root@liang haproxy]# ll /etc/init.d/keepalived
-rwxr-xr-x. 1 root root 1335 12月  8 19:09 /etc/init.d/keepalived
[root@liang haproxy]#
二、业务模块
业务模块也放在/srv/salt/prod/cluster 中这样模块更加清晰化了
把配置文件放在/srv/salt/prod/cluster/files中。配置文件用jinja 的方式写入
[root@agent cluster]# cat files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_form keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
 
 
 
}
 
vrrp_instance haproxy_ha {
 
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
 
virtual_ipaddress {
192.168.57.134
}
}
 
执行业务的sls文件如下取名字需要用心
[root@agent cluster]# cat haproxy-outside-keepalived.sls
include:
– keepalived.install
 
keepalived-service:
file.managed:
– name: /etc/keepalived/keepalived.conf
– source: salt://cluster/files/haproxy-outside-keepalived.conf
– user: root
– group: root
– mode: 644
– template: jinja
{% if grains[‘fqdn’] == ‘liang’ %}
– ROUTEID: haproxy_ha
– STATEID: MASTER
– PRIORITYID: 150
{% elif grains[‘fqdn’] == ‘dome_1’ %}
– ROUTEID: haproxy_bak
– STATEID: BACKUP
– PRIORITYID: 100
{% endif %}
– require:
– file: /etc/keepalived
service.running:
– name: keepalived
– enable: True
– watch:
– file: keepalived-service
– require:
– file: keepalived-service
[root@agent cluster]#
 
首先测试一下
[root@agent cluster]# salt ‘*’ state.sls cluster.haproxy-outside-keepalived env=prod
dome_1:
Succeeded: 16
Failed:     0
————-
Total states run:     16
没有看到报错信息表明已经成功了。
现在查看一下minion端的一个启动情况 、已经看到vip启动成功了。
[root@liang srv]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:a7:7e:c4 brd ff:ff:ff:ff:ff:ff
inet 192.168.57.130/24 brd 192.168.57.255 scope global eth0
inet 192.168.57.134/32 scope global eth0
inet6 fe80::20c:29ff:fea7:7ec4/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 7a:fd:d5:ba:8f:dc brd ff:ff:ff:ff:ff:ff
[root@liang srv]#
关闭keepalived
[root@liang srv]# /etc/init.d/keepalived stop
停止 keepalived:[确定]
[root@liang srv]#
查看另一台的情况、 ip地址已经飘逸过来了!!
[root@dome_1 html]# ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:0c:29:26:74:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.57.131/24 brd 192.168.57.255 scope global eth0
inet 192.168.57.134/32 scope global eth0
inet6 fe80::20c:29ff:fe26:746c/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 5e:bc:a8:4d:e3:5f brd ff:ff:ff:ff:ff:ff
[root@dome_1 html]#
访问一下。
我前面的一个模式的 hacaproxy 是 source 模式后面我改到了轮训模式
[root@agent files]# cat haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
 
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
 
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri       /haproxy-status
stats auth      haproxy:saltstack
 
frontend frontend_www_example_com
bind 192.168.57.134:80
option httplog
log global
default_backend backend_www_example_com
 
 
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
#balance source
balance roundrobin
server web-node1 192.168.57.130:8080 check inter 2000 rise 30 fall 15
访问的效果如下:
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]# curl http://192.168.57.134
demo_1
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]# curl http://192.168.57.134
demo_1
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]#
 
已经成功把haproxy+keepalived 自动化安装成功了。
 
Saltstack 配置nginx
 
一、功能模块
 
利用saltstatck 安装Nginx+PHP
首先在minion停掉httpd  。后面的nginx 把端口也指定为8080
[root@dome_1 ~]# /etc/init.d/httpd stop
停止 httpd:[确定]
[root@dome_1 ~]#
在master建立四个文件夹
[root@agent prod]# mkdir nginx
[root@agent prod]# mkdir php
[root@agent prod]# mkdir nginx/files
[root@agent prod]# mkdir php/files
我们先手动安装一次。看看如此操作的。
cd /usr/local/src/
tar zxf nginx-1.10.2.tar.gz
cd nginx-1.10.2
./configure
make && make install
 
那么开始写安装的模块/srv/salt/prod/nginx/install.sls
 
[root@agent prod]# cat /srv/salt/prod/nginx/install.sls
include:
– pkg.pkg-init
 
nginx-install:
file.managed:
– name: /usr/local/src/nginx-1.10.2.tar.gz
– source: salt://nginx/files/nginx-1.10.2.tar.gz
– user: root
– group: root
– mode: 755
– require:
– pkg: pkg-init
cmd.run:
– name: cd /usr/local/src/ && tar zxf nginx-1.10.2.tar.gz && cd nginx-1.10.2 && ./configure –prefix=/usr/local/nginx >>/dev/null 2>&1 && make >>/dev/null 2>&1 && make install >>/dev/null 2>&1
– unless: test -d /usr/local/nginx
– require:
– pkg: pkg-init
– file: nginx-install
 
nginx-init:
file.managed:
– name: /etc/init.d/nginx
– source: salt://nginx/files/nginx.init
– user: root
– group: root
– mode: 755
– require:
– cmd: nginx-install
cmd.run:
– name: chkconfig –add nginx
– unless: chkconfig –list |grep nginx
– require:
– file: nginx-init
Nginx的启动脚本 nginx.init
[root@agent files]# cat nginx.init
#!/bin/sh
#
# nginx – this script starts and stops the nginx daemin
#
# chkconfig:   – 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /run/nginx/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ “$NETWORKING” = “no” ] && exit 0
nginx=”/usr/local/nginx/sbin/nginx”
prog=$(basename $nginx)
NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf ”
lockfile=/var/lock/nginx.lock
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $”Starting $prog: ”
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $”Stopping $prog: ”
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
start
}
reload() {
configtest || return $?
echo -n $”Reloading $prog: ”
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case “$1″ in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}”
exit 2
esac
二、功能模块
功能模放在/srv/salt/prod/cluster/nginx-outside.sls
[root@agent cluster]# cat /srv/salt/prod/cluster/nginx-outside.sls
include:
– nginx.install
nginx-service:
file.managed:
– name: /usr/local/nginx/conf/nginx.conf
– source: salt://cluster/files/nginx.conf
– user: root
– group: root
– mode: 644
service.running:
– name: nginx
– enable: True
– watch:
– file: nginx-service
– require:
– file: nginx-service
Nginx的配置文件我还没有修改。因为后面还有php的结合环境。所以后面需要修改。
这里先用默认的做一个测试
[root@agent cluster]# cat files/nginx.conf
 
#user  nobody;
worker_processes  1;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
 
events {
worker_connections  1024;
}
 
 
http {
include       mime.types;
default_type  application/octet-stream;
 
#log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
#                  ‘$status $body_bytes_sent “$http_referer” ‘
#                  ‘”$http_user_agent” “$http_x_forwarded_for”‘;
 
#access_log  logs/access.log  main;
 
sendfile        on;
#tcp_nopush     on;
 
#keepalive_timeout  0;
keepalive_timeout  65;
 
#gzip  on;
 
server {
listen       8080;
server_name  localhost;
 
#charset koi8-r;
 
#access_log  logs/host.access.log  main;
 
location / {
root   html;
index  index.html index.htm;
}
 
#error_page  404              /404.html;
 
# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
 
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}
 
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#    root           html;
#    fastcgi_pass   127.0.0.1:9000;
#    fastcgi_index  index.php;
#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#    include        fastcgi_params;
#}
 
# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
#
#location ~ /\.ht {
#    deny  all;
#}
}
 
 
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;
 
#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}
 
 
# HTTPS server
#
#server {
#    listen       443 ssl;
#    server_name  localhost;
 
#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;
 
#    ssl_session_cache    shared:SSL:1m;
#    ssl_session_timeout  5m;
 
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers  on;
 
#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}
 
}
测试结果如下
[root@agent cluster]# salt ‘*’ state.sls cluster.nginx-outside env=prod
dome_1:
———-
Succeeded: 14
Failed:     0
————-
Total states run:     14
liang:
Succeeded: 14
Failed:     0
那么在minion端查看一下
[root@liang sbin]# lsof -i:8080
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   5086   root    6u  IPv4 261076      0t0  TCP *:webcache (LISTEN)
nginx   5088 nobody    6u  IPv4 261076      0t0  TCP *:webcache (LISTEN)
[root@liang sbin]# lsof -i:8080
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   5086   root    6u  IPv4 261076      0t0  TCP *:webcache (LISTEN)
nginx   5088 nobody    6u  IPv4 261076      0t0  TCP *:webcache (LISTEN)
[root@liang sbin]#
访问一下负载均衡
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]# curl http://192.168.57.134
demo_1
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]# curl http://192.168.57.134
demo_1
[root@agent cluster]# curl http://192.168.57.134
liang
[root@agent cluster]#
 
 
 
Saltstack 配置PHP

  • 功能模块

 
首先我们手动安装一次。
yum install libmcrypt libmcrypt-devel mcrypt mhash
groupadd www
useradd -s /sbin/nologin -g www -M www
tar zxf php-5.5.12.tar.gz
cd php-5.5.12
 
./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –enable-fpm –with-fpm-user=www –with-fpm-group=www –with-mysql=mysqlnd –with-mysqli=mysqlnd –with-pdo-mysql=mysqlnd –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –enable-mbregex –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –disable-fileinfo –enable-maintainer-zts
 
make && make install
修改fpm配置php-fpm.conf.default文件名称
mv /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
复制php.ini配置文件
cp php.ini-production /usr/local/php/etc/php.ini
复制php-fpm启动脚本到init.d
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
赋予执行权限
chmod +x /etc/init.d/php-fpm
添加为启动项
chkconfig –add php-fpm
立即启动php-fpm
/etc/init.d/php-fpm start
那么用salt 来写一下把 安装的配置如下:
[root@agent prod]# cat /srv/salt/prod/php/php-install.sls
include:
– pkg.pkg-init
 
php-install:
file.managed:
– name: /usr/local/src/php-5.5.12.tar.gz
– source: salt://php/files/php-5.5.12.tar.gz
– user: root
– group: root
– mode: 755
– require:
– pkg: pkg-init
 
cmd.run:
– name: cd /usr/local/src/ && tar zxf php-5.5.12.tar.gz && cd php-5.5.12 &&  ./configure –prefix=/usr/local/php –with-config-file-path=/usr/local/php/etc –enable-fpm –with-fpm-user=www –with-fpm-group=www –with-mysql=mysqlnd –with-mysqli=mysqlnd –with-pdo-mysql=mysqlnd –with-iconv-dir –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –enable-xml –disable-rpath –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –enable-mbregex –enable-mbstring –with-mcrypt –enable-ftp –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –without-pear –with-gettext –disable-fileinfo –enable-maintainer-zts >>/dev/null 2>&1 && make >>/dev/null 2>&1 && make install >>/dev/null 2>&1
– unless: test -d /usr/local/php
– require:
– file: php-install
– pkg: pkg-init
 
php-fpm-conf:
file.managed:
– name: /usr/local/php/etc/php-fpm.conf
– source: salt://php/files/php-fpm.conf
– user: root
– group: root
– mode: 644
– require:
– cmd: php-install
 
php-init:
file.managed:
– name: /etc/init.d/php-fpm
– source: salt://php/files/php-fpm
– user: root
– group: root
– mode: 755
– require:
– file: php-fpm-conf
cmd.run:
– name: chkconfig –add php-fpm
– unless: chkconfig –list |grep php-fpm
– require:
– file: php-init
二、业务逻辑
把所有的逻辑的一个模块都放在/srv/salt/prod/cluster 下面
[root@agent cluster]# cat nginx-outside-php.sls
include:
– php.php-install
 
php-fpm-service:
file.managed:
– name: /usr/local/php/etc/php.ini
– source: salt://cluster/files/php.ini
– user: root
– group: root
– mode: 644
– require:
– cmd: php-init
service.running:
– name: php-fpm
– enable: True
– require:
– cmd: php-init
– watch:
– file: php-fpm-service
修改nginx的一个配置文件添加php的支持
[root@agent cluster]# cat files/nginx.conf
 
#user  nobody;
worker_processes  1;
 
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
 
#pid        logs/nginx.pid;
 
 
events {
worker_connections  1024;
}
 
 
http {
include       mime.types;
default_type  application/octet-stream;
 
#log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
#                  ‘$status $body_bytes_sent “$http_referer” ‘
#                  ‘”$http_user_agent” “$http_x_forwarded_for”‘;
 
#access_log  logs/access.log  main;
 
sendfile        on;
#tcp_nopush     on;
 
#keepalive_timeout  0;
keepalive_timeout  65;
 
#gzip  on;
 
server {
listen       8080;
server_name  localhost;
 
#charset koi8-r;
 
#access_log  logs/host.access.log  main;
 
location / {
root   html;
index  index.php index.html index.htm;
}
 
#error_page  404              /404.html;
 
# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   html;
}
 
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}
 
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
#    root           html;
#    fastcgi_pass   127.0.0.1:9000;
#    fastcgi_index  index.php;
#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
#    include        fastcgi_params;
#}
 
# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
#
#location ~ /\.ht {
#    deny  all;
#}
location ~ \.php$ {
root           html;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
include        fastcgi_params;
}
 
}
 
 
 
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#    listen       8000;
#    listen       somename:8080;
#    server_name  somename  alias  another.alias;
 
#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}
 
 
# HTTPS server
#
#server {
#    listen       443 ssl;
#    server_name  localhost;
 
#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;
 
#    ssl_session_cache    shared:SSL:1m;
#    ssl_session_timeout  5m;
 
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers  on;
 
#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}
 
}
 
添加到top中
[root@agent prod]# cat ../base/top.sls
base:
‘*’:
– init.main_init
prod:
‘liang’:
– cluster.haproxy-outside
– cluster.haproxy-outside-keepalived
– cluster.nginx-outside-php
– cluster.nginx-outside
‘dome_1’:
– cluster.haproxy-outside
– cluster.haproxy-outside-keepalived
– cluster.nginx-outside-php
– cluster.nginx-outside
测试一下
salt ‘*’ state.highstate
Summary
————-
Succeeded: 81
Failed:     0
————-
Total states run:     81
查看minion端的一些配置  服务已经起来了。
[root@dome_1 html]# netstat -nltp|grep http
[root@dome_1 html]# netstat -nltp|grep nginx
tcp        0      0 0.0.0.0:8080                0.0.0.0:*                   LISTEN      23219/nginx
[root@dome_1 html]# netstat -nltp|grep php-fpm
tcp        0      0 127.0.0.1:9000              0.0.0.0:*                   LISTEN      22331/php-fpm
[root@dome_1 html]#‘
在nginx中添加php文件尝试能不能访问
[root@liang html]# cat index.php
<?php
echo “liang”;
?>
[root@liang html]#
[root@dome_1 html]# cat index.php
<?php
echo “demo_1”
?>
 
访问一下haproxy
[root@agent prod]# curl http://192.168.57.134
liang[root@agent prod]# curl http://192.168.57.134
demo_1[root@agent prod]# curl http://192.168.57.134
liang[root@agent prod]# curl http://192.168.57.134
demo_1[root@agent prod]# curl http://192.168.57.134
liang[root@agent prod]# curl http://192.168.57.134

  已经全部成功了。

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

说点什么

avatar
  Subscribe  
提醒