Deployment and Management of nginx with source code of saltstack

Deployment and Management of nginx with source code of saltstack

Saltstack has been in touch for some time. I feel that saltstack is powerful in state file deployment, which can save us a lot of time for mass deployment, today, we will deploy nginx in the source code by deploying the front-end forwarding server. We hope you can provide more guidance.

Ideas:

1. Use grains to collect cpu, open file count, and other information, and use jinja to configure the nginx. conf file

2. Use pillar to save the variables we want to use in combination with jinja to configure the vhost. conf file

3. state installation and push File

Deployment steps:

1. Write grains and configure the number of files opened by nginx based on the number of files opened by the system:

[Root @ mailnginx] # cd/srv/salt/_ grains/[root @ mail_grains] # catnginx_config.pyimportos, sys, commandsdefNginxGrains (): grains = {} max_open_file = 65536 # Worker_info = {'cpus2': '000000', 'cpus4': '000000', 'cpus8': '000000'} try: getulimit = commands. getstatusoutput ('source/etc/profile; ulimit-n') implements texception, e: passifgetulimit [0] = 0: max_open_file = int (getulimit [1]) grains ['max _ open_file '] = max_open_filereturngrainsif _ name __= =' _ main _ ': printNginxGrains () pushes files to the client and starts the files to restart the client to take effect: salt '*' saltutil. sync_allsalt '*' sys. reload_modules

2. Compile the variable pillar. Here I define the domain name and backend forwarding Host:

[root@mailpillar]#cattop.slsbase:'*':-vhost[root@mailpillar]#catvhost.slshostname:www.huasuan.compass:192.168.10.100

3. compile all state files and check the DIRECTORY options first:

[Root @ mailsalt] # treenginxnginx restart ── conf. sls restart ── files │ ?? ── Nginx │ ?? ├──Nginx-1.6.0.tar.gz │ ?? ── Nginx. conf │ ?? ── Huasuan. conf ── init. sls ── install. sls ── server. sls ── vhost. sls notes: init. sls specifies which entry option to enable, install. sls specifies the installation step, server. sls indicates the management service script, conf. sls specifies to manage the configuration file nginx. conf, vhost. sls specifies to manage vhost. the virtual host in the sls directory.

4. view the top and init files:

[root@mailnginx]#catinstall.sls[root@mailsalt]#cattop.slsbase:'*':-nginx[root@mailsalt]#catnginx/init.slsinclude:-nginx.install-nginx.conf-nginx.server-nginx.vhost

5. install the sls file:

Export nginx.tar.gz nginx_source: file. managed:-name:/tmp/nginx-1.6.0.tar.gz-unless: test-e/tmp/nginx-1.6.0.tar.gz-source: salt: // nginx/files/nginx-1.6.0.tar.gz # extractextract_nginx: cmd. run:-cwd:/tmp-names: -tarzxvfnginx-1.6.0.tar.gz-unless: test-d/tmp/nginx-1.6.0-require:-file: nginx_source # usernginx_user: user. present:-name: nginx-uid: 1501-createhome: False-gid_from_name: True-shell:/sbin/nologin # nginx_pkgsnginx_pkg: pkg. installed:-pkgs:-gcc-openssl-devel-pcre-devel-zlib-devel # nginx_compilenginx_compile: cmd. run:-cwd:/tmp/nginx-1.6.0-names :-. /configure -- prefix =/usr/local/nginx -- user = nginx -- group = nginx -- with-http_ssl_module -- with-http_gzip_static_module -- http-client-body-temp-path =/usr/local/nginx /client/-- http-proxy-temp-path =/usr/local/nginx/proxy/-- http-fastcgi-temp-path =/usr/local/nginx/fcgi /-- with-poll_module -- with-file-aio -- with-http_realip_module -- with-http_addition_module -- with-http_random_index_module -- with-pcre -- with-http_stub_status_module-make-makeinstall-require: -cmd: The extract_nginx-pkg: nginx_pkg-unless: test-d/usr/local/nginx # cache_dircache_dir: cmd. run:-names:-mkdir-p/usr/local/nginx/{client, proxy, fcgi} & chown-Rnginx.nginx/usr/local/nginx/-mkdir-p/usr/local/nginx/conf/vhost & chown-Rnginx.nginx/usr/local/nginx/conf/vhost- unless: test-d/usr/local/nginx/client/-require:-cmd: nginx_compile Note: nginx uses source code compilation and installation methods, including file package push, decompression, and Installation Management, the main core is the use of cmd.

6. Manage the configuration file conf. sls:

[root@mailnginx]#catconf.slsinclude:-nginx.installnginx_service:file.managed:-name:/usr/local/nginx/conf/nginx.conf-user:nginx-mode:644-source:salt://nginx/files/nginx.conf-template:jinjaservice.running:-name:nginx-enable:True-reload:True-watch:-file:/usr/local/nginx/conf/nginx.conf

7. The service script starts file management server. sls:

[root@mailnginx]#catserver.slsinclude:-nginx.installserver:file.managed:-name:/etc/init.d/nginx-user:root-mode:755-source:salt://nginx/files/nginxservice.running:-name:nginx-enable:True-reload:True-watch:-file:/etc/init.d/nginxcommand:cmd.run:-names:-/sbin/chkconfig--addnginx-/sbin/chkconfignginxon-unless:/sbin/chkconfig--listnginx

8. VM management configuration file: vhost. sls

[root@mailnginx]#catvhost.slsinclude:-nginx.installvhostconfig:file.managed:-name:/usr/local/nginx/conf/vhost/huasuan.conf-user:root-mode:644-source:salt://nginx/files/huasuan.conf-template:jinjaservice.running:-name:nginx-enable:True-reload:True-watch:-file:/usr/local/nginx/conf/vhost/huasuan.conf

The preceding configuration files that have been saved in the files directory are pushed to the client. The jinja template is used to use the grains and pillar variables of the system:

9. view the following configuration files:

# Formoreinformationonconfiguration, see: usernginx; worker_processes {grains ['num _ cpus'] };{% ifgrains ['num _ cpus'] == 2%} worker_cpu_affinity0110; {% elifgrains ['num _ cpus'] = 4%} worker_cpu_affinity00000000100001; {% elifgrains ['num _ cpus']> = 8%} seconds; {% else %} worker_cpu_affinity0000100001; {% endif %} worker_rlimit_nofile {grains ['max _ open_file ']}; error_log/var/log/nginx/error. log; # error_log/var/log/nginx/error. lognotice; # error_log/var/log/nginx/error. loginfo; pid/var/run/nginx. pid; events {worker_connections {grains ['max _ open_file '] };} http {includemime. types; default_typeapplication/octet-stream; charsetutf-8; temperature; sendfileon; temperature; keepalive_timeout60; tcp_nodelayon; server_tokensoff; temperature; gzipon; temperature; gzip_typestext/plainapplication/x-javascripttext/cssapplication/xml; gzip_varyon; log_formatmain '$ remote_addr-$ remote_user [$ time_local] "$ request" ''$ status $ response" $ http_referer "'' "$ http_user_agent" "$ http_x_forwarded_for" "$ host "'; unzip devhost /*. conf;} Note: grains ['max _ open_file '] This variable is collected to the server by the first custom grains we created, and the client is returned Based on jinja.

10. Virtual Host Configuration File vhost:

[Root @ mailfiles] # cathuasuan. confserver {listen80; server_name {pillar ['hostname'] }}; location/{proxy_passhttp: // {pillar ['pass']}; proxy_set_headerHost $ host; proxy_set_headerX-Real-IP $ remote_addr; proxy_set_headerX-Forwarded-For $ proxy_add_x_forwarded_for;} location ~ /\. Git {denyall;} Note: pillar ['hostname'] and pillar ['pass'] are obtained by the pillar defined above based on jinja. Here we use the reverse proxy server as an example.

10. There is nothing special about the service startup script; it is put on the server side and synchronized to the client startup directory:

[root@mailfiles]#catnginx#!/bin/sh##nginx-thisscriptstartsandstopsthenginxdaemon##chkconfig:-8515#description:NginxisanHTTP(S)server,HTTP(S)reverse\#proxyandIMAP/POP3proxyserver#processname:nginx#config:/usr/local/nginx/conf/nginx.conf#pidfile:/usr/local/nginx/logs/nginx.pid#Sourcefunctionlibrary../etc/rc.d/init.d/functions#Sourcenetworkingconfiguration../etc/sysconfig/network#Checkthatnetworkingisup.["$NETWORKING"="no"]&&exit0nginx="/usr/local/nginx/sbin/nginx"prog=$(basename$nginx)NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"lockfile=/var/lock/subsys/nginxmake_dirs(){#makerequireddirectoriesuser=`$nginx-V2>&1|grep"configurearguments:"|sed's/[^*]*--user=\([^]*\).*/\1/g'-`if[-z"`grep$user/etc/passwd`"];thenuseradd-M-s/bin/nologin$userfioptions=`$nginx-V2>&1|grep'configurearguments:'`foroptin$options;doif[`echo$opt|grep'.*-temp-path'`];thenvalue=`echo$opt|cut-d"="-f2`if[!-d"$value"];then#echo"creating"$valuemkdir-p$value&&chown-R$user$valuefifidone}start(){[-x$nginx]||exit5[-f$NGINX_CONF_FILE]||exit6make_dirsecho-n$"Starting$prog:"daemon$nginx-c$NGINX_CONF_FILEretval=$?echo[$retval-eq0]&&touch$lockfilereturn$retval}stop(){echo-n$"Stopping$prog:"killproc$prog-QUITretval=$?echo[$retval-eq0]&&rm-f$lockfilereturn$retval}restart(){configtest||return$?stopsleep1start}reload(){configtest||return$?echo-n$"Reloading$prog:"killproc$nginx-HUPRETVAL=$?echo}force_reload(){restart}configtest(){$nginx-t-c$NGINX_CONF_FILE}rh_status(){status$prog}rh_status_q(){rh_status>/dev/null2>&1}case"$1"instart)rh_status_q&&exit0$1;;stop)rh_status_q||exit0$1;;restart|configtest)$1;;reload)rh_status_q||exit7$1;;force-reload)force_reload;;status)rh_status;;condrestart|try-restart)rh_status_q||exit0;;*)echo$"Usage:$0{start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"exit2esac

11. configuration complete: Start the server to start installation:

Start Operation: [root @ mailsalt] # salt 'monitor' state. highstate

12. view the result:

Check the configuration file of the client. The configuration file has taken effect. My client has 4 cores, so the worker_processer is 4:

The nginx service has been started:

 

Now all the installation and deployment processes have been completed. With saltstack, we found that there are more machines that can quickly deploy the system as needed.

This article from the "Luo" blog, please be sure to keep this source http://xiaoluoge.blog.51cto.com/9141967/1722289