SaltStack部署实践 | 一键部署Nginx、Redis

请添加图片描述


今天来学习一下如何通过编写 Saltstack 状态脚本来实现自动化批量部署Nginx、Redis

能力有限,内容为自身所学认知之文,不敢苟才,希望能够给有兴趣者一丁点帮助启发即可

Redis

我们现在 salt-master 的家目录下创建一个 Redis 目录,用来存放相关文件

mkdir /home/salt/redis/files -pv

创建好之后,根据自己需要将定制的redis的配置文件和注册服务文件放在files目录下

[root@server1 ~]# ll /home/salt/redis/files/
redis.conf
redis-server.service
redis-6.2.6.tar.gz

开始编写sls脚本


vim /home/salt/redis/install.sls

我们这次安装redis的版本为 6.2.6 版本

{% set VERSION = '6.2.6' %}

创建redis存放数据目录、日志目录、配置文件目录


redisdata_dir:
  file.directory:
    - name: /var/lib/redis
    - user: root
    - group: root
    - makedirs: True
    - unless:
      - test -e /var/lib/redis

redislog_dir:
  file.directory:
    - name: /var/log/redis
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: redisdata_dir
    - unless:
      - test -e /var/log/redis


redisconf_dir:
  file.directory:
    - name: /etc/redis
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: redislog_dir
    - unless:
      - test -e /etc/redis

接着我们将 redis 压缩包分发到每台minion上

PS:redis的工作目录在 /opt/redis-6.2.6/ 下

redis_source:
  file.managed:
    - name: /opt/redis-{{VERSION}}.tar.gz
    - source: salt://redis/files/redis-{{VERSION}}.tar.gz
    - require:
      - file: redisconf_dir
    - unless:
      - test -e /opt/redis-{{VERSION}}.tar.gz

然后解压缩

redis_extract:
  cmd.run:
    - cwd: /opt
    - names:
      - tar zxf redis- {{VERSION}}.tar.gz
    - require:
      - file: redis_source
    - unless:
      - test -e /opt/redis-{{VERSION}}

编译安装redis

redis_complie:
  cmd.run:
    - cwd: /opt/redis-{{VERSION}}
    - names:
      - make clean && make > /dev/null && make install > /dev/null
    - require:
      - cmd: redis_extract
    - unless:
      - test -e /usr/local/bin/redis-server

下发 Redis 服务配置文件并重新加载服务配置文件

redis_system:
  file.managed:
    - name: /usr/lib/systemd/system/redis-server.service
    - source: salt://redis/files/redis-server.service
    - require:
      - cmd: redis_complie
    - unless:
      - test -e /usr/lib/systemd/system/redis-server.service
      
redis_service_reload:
  cmd.run:
    - names:
      - systemctl daemon-reload
    - require:
      - file: redis_system      

下发 Redis 配置文件

redis_conf:
  file.managed:
    - name: /etc/redis/redis.conf
    - source: salt://redis/files/redis.conf
    - require:
      - cmd: redis_service_reload
    - unless:
      - test -e /etc/redis/redis.conf

启动Redis并加入到开机自启动中

redis_enable:
  cmd.run:
    - names:
      - systemctl enable redis-server
      - systemctl start redis-server
    - unless:
      - systemctl status redis-server

编写完之后我们在 master 上执行 salt 命令

salt ip地址 state.sls redis.install

完整脚本如下:

{% set VERSION = '6.2.6' %}


redisdata_dir:
  file.directory:
    - name: /var/lib/redis
    - user: root
    - group: root
    - makedirs: True
    - unless:
      - test -e /var/lib/redis

redislog_dir:
  file.directory:
    - name: /var/log/redis
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: redisdata_dir
    - unless:
      - test -e /var/log/redis

redisconf_dir:
  file.directory:
    - name: /etc/redis
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: redislog_dir
    - unless:
      - test -e /etc/redis
      
redis_source:
  file.managed:
    - name: /opt/redis-{{VERSION}}.tar.gz
    - source: salt://redis/files/redis-{{VERSION}}.tar.gz
    - require:
      - file: redisconf_dir
    - unless:
      - test -e /opt/redis-{{VERSION}}.tar.gz

redis_extract:
  cmd.run:
    - cwd: /opt
    - names:
      - tar zxf redis- {{VERSION}}.tar.gz
    - require:
      - file: redis_source
    - unless:
      - test -e /opt/redis-{{VERSION}}

redis_complie:
  cmd.run:
    - cwd: /opt/redis-{{VERSION}}
    - names:
      - make clean && make > /dev/null && make install > /dev/null
    - require:
      - cmd: redis_extract
    - unless:
      - test -e /usr/local/bin/redis-server

redis_system:
  file.managed:
    - name: /usr/lib/systemd/system/redis-server.service
    - source: salt://redis/files/redis-server.service
    - require:
      - cmd: redis_complie
    - unless:
      - test -e /usr/lib/systemd/system/redis-server.service

redis_service_reload:
  cmd.run:
    - names:
      - systemctl daemon-reload
    - require:
      - file: redis_system
      
redis_conf:
  file.managed:
    - name: /etc/redis/redis.conf
    - source: salt://redis/files/redis.conf
    - require:
      - cmd: redis_service_reload
    - unless:
      - test -e /etc/redis/redis.conf

redis_enable:
  cmd.run:
    - names:
      - systemctl enable redis-server
      - systemctl start redis-server
    - unless:
      - systemctl status redis-server  

Nginx

我们在 salt-master 的家目录下创建 Nginx 目录来存放相关脚本文件

mkdir -pv /home/salt/nginx/files
  • conf.sls:负责nginx的文件下发 init.sls:saltstack执行sls脚本顺序
  • install.sls:负责nginx的安装前准备以及编译安装
  • files:存放nginx配置文件以及注册服务文件,比如说nginx.conf、nginx.service

创建好之后,根据自己需要将定制的 Nginx 的配置文件和注册服务文件放在files目录下

编写 init.sls 文件

vim /home/salt/nginx/init.sls
include:
  - nginx.install
  - nginx.conf

下面开始进行 Nginx 的安装,这里我写了两个脚本,分别对应Nginx的不同安装方式:

1、一个源码编译安装 Nginx

2、一个是 yum 安装 Nginx

源码编译安装Nginx

首先编写安装脚本

vim /home/salt/nginx/install.sls

编译安装Nginx的话我们指定安装版本

{% set VERSION = '1.15.4' %}

创建Nginx工作目录、日志目录

data_dir:
  file.directory:
    - name: /var/lib/nginx
    - user: root
    - group: root
    - makedirs: True
    - unless:
      - test -e /var/lib/nginx

log_dir:
  file.directory:
    - name: /var/log/nginx
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: data_dir
    - unless:
      - test -e /var/log/nginx

下发 Nginx 压缩包到minio,接着进行解压缩

nginx_source:
  file.managed:
    - name: /opt/nginx-{{VERSION}}.tar.gz
    - source: salt://nginx/nginx-{{VERSION}}.tar.gz
    - require:
      - file: log_dir
    - unless:
      - test -e /opt/nginx-{{VERSION}}.tar.gz

nginx_extract:
  cmd.run:
    - cwd: /opt
    - names:
      - tar zxf nginx- {{VERSION}}.tar.gz
    - require:
      - file: nginx_source
    - unless:
      - test -e /opt/nginx-{{VERSION}}

安装编译安装时所需要的工具包

nginx_pkg:
  pkg.installed:
    - pkgs:
      - gcc
      - openssl-devel
      - pcre-devel
      - zlib-devel
    - require:
      - file: nginx_extract

编译安装Nginx

指定Nginx的工作目录为:/opt/nginx

nginx_compile:
  cmd.run:
    - cwd: /opt/nginx-{{version}}
    - names:
      - ./configure --prefix=/opt/nginx --with-http_stub_status_module --with-file-aio --with-http_ssl_module && make && make install
    - require:
      - pkg: nginx_pkg
    - unless: test -d /opt/nginx

接着编写配置下发脚本

vim /home/salt/nginx/conf.sls

创建Nginx配置文件目录软连接(个人习惯)

nginx_softlink:
  cmd.run:
    - name: ln -s /opt/nginx/conf/ /etc/nginx

下发Nginx配置文件

nginx_conf:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/files/nginx.conf
    - require:
      - cmd: nginx_softlink
    - unless:
      - test -e /etc/nginx/nginx.conf

下发Nginx注册服务文件,并重新加载

nginx_system:
  file.managed:
    - name: /usr/lib/systemd/system/nginx.service
    - source: salt://nginx/files/nginx.service
    - require:
      - file: nginx_conf
    - unless:
      - test -e /usr/lib/systemd/system/nginx.service

nginx_systemreload:
  cmd.run:
    - name:
      - systemctl daemon-reload
    - require:
      - file: nginx_system

Nginx内核参数调优

nginx_kernel:
  cmd.run:
    - cwd: /etc/sysctl.conf
  file.append:
    - text:
      - #set nginx kernel args
      - net.ipv4.tcp_keepalive_time = 30
      - net.ipv4.ip_local_port_range = 1024 65000
      - net.ipv4.tcp_max_tw_buckets = 15000
      - net.ipv4.tcp_tw_reuse = 1
      - net.ipv4.tcp_tw_recycle = 0
      - net.ipv4.tcp_fin_timeout = 30
      - net.core.somaxconn = 65535
      - net.core.netdev_max_backlog = 262144
      - net.ipv4.tcp_max_orphans = 262144
      - net.ipv4.tcp_max_syn_backlog = 262144
      - net.ipv4.tcp_timestamps = 0
      - net.ipv4.tcp_synack_retries = 1
      - net.ipv4.tcp_syn_retries = 1
    - unless: grep "#set nginx kernel args" /etc/sysctl.conf
  cmd.run:
    - name: /sbin/sysctl -p

启动 Nginx 并加入到开机自启动中

nginx_start:
  cmd.run:
    - name:
      - systemctl start nginx
      - systemctl enable nginx
    - require:
      - cmd: nginx_systemreload
    - unless:
      - systemctl status nginx

编写完之后我们在 master 上执行 salt 命令

salt ip地址 state.sls nginx.init

完整脚本如下:

install.sls

{% set VERSION = '1.15.4' %}

data_dir:
  file.directory:
    - name: /var/lib/nginx
    - user: root
    - group: root
    - makedirs: True
    - unless:
      - test -e /var/lib/nginx
      
log_dir:
  file.directory:
    - name: /var/log/nginx
    - user: root
    - group: root
    - makedirs: True
    - require:
      - file: data_dir
    - unless:
      - test -e /var/log/nginx

nginx_source:
  file.managed:
    - name: /opt/nginx-{{VERSION}}.tar.gz
    - source: salt://nginx/nginx-{{VERSION}}.tar.gz
    - require:
      - file: log_dir
    - unless:
      - test -e /opt/nginx-{{VERSION}}.tar.gz

nginx_extract:
  cmd.run:
    - cwd: /opt
    - names:
      - tar zxf nginx- {{VERSION}}.tar.gz
    - require:
      - file: nginx_source
    - unless:
      - test -e /opt/nginx-{{VERSION}}
      
nginx_pkg:
  pkg.installed:
    - pkgs:
      - gcc
      - openssl-devel
      - pcre-devel
      - zlib-devel
    - require:
      - file: nginx_extract

nginx_compile:
  cmd.run:
    - cwd: /opt/nginx-{{version}}
    - names:
      - ./configure --prefix=/opt/nginx --with-http_stub_status_module --with-file-aio --with-http_ssl_module && make && make install
    - require:
      - pkg: nginx_pkg
    - unless: test -d /opt/nginx


conf.sls

nginx_softlink:
  cmd.run:
    - name: ln -s /opt/nginx/conf/ /etc/nginx
    
nginx_conf:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/files/nginx.conf
    - require:
      - cmd: nginx_softlink
    - unless:
      - test -e /etc/nginx/nginx.conf

nginx_system:
  file.managed:
    - name: /usr/lib/systemd/system/nginx.service
    - source: salt://nginx/files/nginx.service
    - require:
      - file: nginx_conf
    - unless:
      - test -e /usr/lib/systemd/system/nginx.service

nginx_systemreload:
  cmd.run:
    - name:
      - systemctl daemon-reload
    - require:
      - file: nginx_system

nginx_kernel:
  cmd.run:
    - cwd: /etc/sysctl.conf
  file.append:
    - text:
      - #set nginx kernel args
      - net.ipv4.tcp_keepalive_time = 30
      - net.ipv4.ip_local_port_range = 1024 65000
      - net.ipv4.tcp_max_tw_buckets = 15000
      - net.ipv4.tcp_tw_reuse = 1
      - net.ipv4.tcp_tw_recycle = 0
      - net.ipv4.tcp_fin_timeout = 30
      - net.core.somaxconn = 65535
      - net.core.netdev_max_backlog = 262144
      - net.ipv4.tcp_max_orphans = 262144
      - net.ipv4.tcp_max_syn_backlog = 262144
      - net.ipv4.tcp_timestamps = 0
      - net.ipv4.tcp_synack_retries = 1
      - net.ipv4.tcp_syn_retries = 1
    - unless: grep "#set nginx kernel args" /etc/sysctl.conf
  cmd.run:
    - name: /sbin/sysctl -p

nginx_start:
  cmd.run:
    - name:
      - systemctl start nginx
      - systemctl enable nginx
    - require:
      - cmd: nginx_systemreload
    - unless:
      - systemctl status nginx

yum安装Nginx

编写 install.sls

vim /home/salt/nginx/install.sls
update_yum:
  cmd.run:
    - name: yum update -y

nginx_install:
  pkg.installed:
    - pkgs:
      - epel-release
      - nginx
    - require:
      - cmd: update_yum
    - unless:
      - systemctl status nginx

编写 conf.sls

vim /home/salt/nginx/conf.sls

yum 安装 Nginx配置目录在 /etc/nginx 下

下发 Nginx 配置文件

nginx_conf:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/files/nginx.conf
    - unless:
      - test -e /etc/nginx/nginx.conf

Nginx 内核参数调优

nginx_kernel:
  cmd.run:
    - cwd: /etc/sysctl.conf
  file.append:
    - text:
      - #set nginx kernel args
      - net.ipv4.tcp_keepalive_time = 30
      - net.ipv4.ip_local_port_range = 1024 65000
      - net.ipv4.tcp_max_tw_buckets = 15000
      - net.ipv4.tcp_tw_reuse = 1
      - net.ipv4.tcp_tw_recycle = 0
      - net.ipv4.tcp_fin_timeout = 30
      - net.core.somaxconn = 65535
      - net.core.netdev_max_backlog = 262144
      - net.ipv4.tcp_max_orphans = 262144
      - net.ipv4.tcp_max_syn_backlog = 262144
      - net.ipv4.tcp_timestamps = 0
      - net.ipv4.tcp_synack_retries = 1
      - net.ipv4.tcp_syn_retries = 1
    - unless: grep "#set nginx kernel args" /etc/sysctl.conf
  cmd.run:
    - name: /sbin/sysctl -p

启动 Nginx 并加入到开机自启动中

nginx_start:
  cmd.run:
    - name:
      - systemctl start nginx
      - systemctl enable nginx
    - require:
      - file: nginx_conf
    - unless:
      - systemctl status nginx

完整脚本如下:

install.sls

update_yum:
  cmd.run:
    - name: yum update -y

nginx_install:
  pkg.installed:
    - pkgs:
      - epel-release
      - nginx
    - require:
      - cmd: update_yum
    - unless:
      - systemctl status nginx

conf.sls

nginx_conf:
  file.managed:
    - name: /etc/nginx/nginx.conf
    - source: salt://nginx/files/nginx.conf
    - unless:
      - test -e /etc/nginx/nginx.conf

nginx_kernel:
  cmd.run:
    - cwd: /etc/sysctl.conf
  file.append:
    - text:
      - #set nginx kernel args
      - net.ipv4.tcp_keepalive_time = 30
      - net.ipv4.ip_local_port_range = 1024 65000
      - net.ipv4.tcp_max_tw_buckets = 15000
      - net.ipv4.tcp_tw_reuse = 1
      - net.ipv4.tcp_tw_recycle = 0
      - net.ipv4.tcp_fin_timeout = 30
      - net.core.somaxconn = 65535
      - net.core.netdev_max_backlog = 262144
      - net.ipv4.tcp_max_orphans = 262144
      - net.ipv4.tcp_max_syn_backlog = 262144
      - net.ipv4.tcp_timestamps = 0
      - net.ipv4.tcp_synack_retries = 1
      - net.ipv4.tcp_syn_retries = 1
    - unless: grep "#set nginx kernel args" /etc/sysctl.conf
  cmd.run:
    - name: /sbin/sysctl -p

nginx_start:
  cmd.run:
    - name:
      - systemctl start nginx
      - systemctl enable nginx
    - require:
      - file: nginx_conf
    - unless:
      - systemctl status nginx
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

咸鱼Linux运维

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值