本文档适用于centos操作系统
环境:
salt-master: 172.16.0.197
salt-minion(nginx server): 172.16.0.233
salt安装和添加认证过程略
首先浏览一下我的目录结构
[root@localhost salt]# tree /srv/salt/
/srv/salt/
├── base
│ ├── init
│ │ ├── env_init.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ ├── zabbix-3.4.8.tar.gz
│ │ │ └── zabbix_agentd.conf
│ │ ├── pkg-init.sls
│ │ └── zabbix_agent.sls
│ ├── top.sls
│ └── user
│ └── zabbix.sls
└── prod
├── nginx
│ ├── files
│ │ ├── nginx-1.10.3.tar.gz
│ │ ├── nginx.conf
│ │ └── nginx-init
│ ├── install.sls
│ └── service.sls
├── pcre
│ ├── files
│ │ └── pcre-8.42.tar.gz
│ └── install.sls
└── user
└── www.sls
zabbix部分是上篇文章的,这次主要看prod部分即可
创建目录
[root@localhost salt]# mkdir -p /srv/salt/prod/pcre/files/
[root@localhost salt]# mkdir -p /srv/salt/prod/nginx/files/
下载pcre和nginx源码包保存到各自的files目录下
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.42.tar.gz
wget http://nginx.org/download/nginx-1.12.2.tar.gz
编写pcre安装文件
[root@localhost salt]# cat /srv/salt/prod/pcre/install.sls
pcre-source-install:
file.managed:
- name: /usr/local/src/pcre-8.42.tar.gz
- source: salt://pcre/files/pcre-8.42.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf pcre-8.42.tar.gz && cd pcre-8.42 && ./configure --prefix=/usr/local/pcre && make && make install
- unless: test -d /usr/local/pcre
- require:
- file: pcre-source-install
编写nginx安装文件
[root@localhost salt]# cat /srv/salt/prod/nginx/install.sls
include:
- pcre.install
- user.www
# Nginx编译安装
nginx-source-install:
file.managed:
- name: /usr/local/src/nginx-1.10.3.tar.gz
- source: salt://nginx/files/nginx-1.10.3.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.10.3.tar.gz && cd nginx-1.10.3 && ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.42 && make && make install && chown -R www:www /usr/local/nginx
- unless: test -d /usr/local/nginx
- require:
- user: www-user-group
- file: nginx-source-install
- pkg: pkg-init
- cmd: pcre-source-install
这里注意nginx编译的时候--with-pcre=/usr/local/src/pcre-8.42指定的是pcre的源码目录,不是安装目录
编写nginx.conf
[root@localhost salt]# cat /srv/salt/prod/nginx/files/nginx.conf
user www;
worker_processes 16;
error_log logs/error.log error;
worker_rlimit_nofile 30000;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
underscores_in_headers on;
keepalive_timeout 10;
send_timeout 60;
include /usr/local/nginx/conf/vhost/*.conf;
server {
listen 80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
}
}
编写Nginx的service.sls启动服务
[root@localhost salt]# cat /srv/salt/prod/nginx/service.sls
include:
- nginx.install
nginx-init:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx-init
- mode: 755
- user: root
- group: root
cmd.run:
- name: systemctl enable nginx
- unless: systemctl list-unit-files | grep nginx
- require:
- file: nginx-init
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
- user: www
- group: www
- mode: 644
nginx-service:
file.directory:
- name: /usr/local/nginx/conf/vhost
- require:
- cmd: nginx-source-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-init
- watch:
- file: /usr/local/nginx/conf/nginx.conf
创建www用户
[root@localhost salt]# mkdir /srv/salt/prod/user
[root@localhost salt]# cat /srv/salt/prod/user/www.sls
www-user-group:
group.present:
- name: www
- gid: 1001
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 1001
- gid: 1001
修改top.sls
[root@localhost salt]# cat /srv/salt/base/top.sls
base:
'*':
- init.env_init
prod:
'172.16.0.233':
- nginx.install
- nginx.service
因为我们是只对172.16.0.233这台机器安装nginx,所以这边只需要列出172.16.0.233这台主机即可
测试并运行
[root@localhost salt]# salt '*' state.highstate test=True
[root@localhost salt]# salt '*' state.highstate