SaltStack状态文件分离部署LNMP
环境说明:
主机 | IP | 服务 |
---|---|---|
master | 192.168.220.9 | salt-master,salt-minion,nginx |
node1 | 192.168.220.10 | salt-minion,mysql |
node2 | 192.168.220.17 | salt-minion,php |
salt-master修改配置文件
[root@master ~]# vim /etc/salt/master
......
667 file_roots:
668 # base:
669 # - /srv/salt/
670 # dev:
671 # - /srv/salt/dev/services
672 # - /srv/salt/dev/states
673 prod: # 生产环境
674 - /srv/salt/prod/ # 目录
675 # - /srv/salt/prod/states
......
849 pillar_roots:
850 # base:
851 # - /srv/pillar
852 prod: # 生产环境
853 - /srv/pillar/prod # 变量存放目录
854 #ext_pillar:
......
mkdir -p /srv/pillar/prod
mkdir -p /srv/salt/prod
变量
[root@master ~]# cd /srv/pillar/prod/
[root@master prod]# ls
mysql.sls nginx.sls php.sls top.sls
[root@master prod]# cat mysql.sls
mysql_installdir: /usr/local/mysql
mysql_datadir: /opt/data
mysql_password: 123
mysql_ip: 192.168.220.10
[root@master prod]# cat nginx.sls
nginx_installdir: /usr/local/nginx
[root@master prod]# cat php.sls
php_installdir: /usr/local/php7
php_ip: 192.168.220.17
[root@master prod]# cat top.sls
prod:
'*':
- nginx
- mysql
- php
[root@master prod]# salt '*' test.ping # 测试连通性
node1:
True
node2:
True
master:
True
[root@master prod]# salt '*' pillar.items # 变量查看
[root@master prod]# salt '*' pillar.items
node1:
----------
mysql_datadir:
/opt/data
mysql_installdir:
/usr/local/mysql
mysql_ip:
192.168.220.10
mysql_password:
123
nginx_installdir:
/usr/local/nginx
php_installdir:
/usr/local/php7
php_ip:
192.168.220.17
master:
----------
mysql_datadir:
/opt/data
mysql_installdir:
/usr/local/mysql
mysql_ip:
192.168.220.10
mysql_password:
123
nginx_installdir:
/usr/local/nginx
php_installdir:
/usr/local/php7
php_ip:
192.168.220.17
node2:
----------
mysql_datadir:
/opt/data
mysql_installdir:
/usr/local/mysql
mysql_ip:
192.168.220.10
mysql_password:
123
nginx_installdir:
/usr/local/nginx
php_installdir:
/usr/local/php7
php_ip:
192.168.220.17
目录结构
[root@master ~]# cd /srv/
[root@master srv]# tree
.
|-- pillar
| `-- prod
| |-- mysql.sls
| |-- nginx.sls
| |-- php.sls
| `-- top.sls
`-- salt
`-- prod
|-- modules
| |-- application
| | `-- php
| | |-- files
| | | |-- install.sh.j2
| | | |-- mysql.php
| | | |-- oniguruma-devel-6.8.2-2.el8.x86_64.rpm
| | | |-- php-7.4.24.tar.gz
| | | |-- php-fpm
| | | |-- php-fpm.conf
| | | |-- php-fpm.service
| | | |-- php.ini
| | | `-- www.conf
| | `-- install.sls
| |-- database
| | `-- mysql
| | |-- files
| | | |-- install.sh.j2
| | | |-- mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
| | | |-- mysql.server.j2
| | | `-- mysqld.service.j2
| | `-- install.sls
| `-- web
| `-- nginx
| |-- files
| | |-- install.sh.j2
| | |-- nginx-1.20.1.tar.gz
| | `-- nginx.service.j2
| `-- install.sls
`-- lnmp
|-- files
| |-- index.php
| |-- my.cnf.j2
| |-- mysql.conf.j2
| `-- nginx.conf.j2
|
|-- mysql.sls
`-- nginx.sls
注:modules部分为安装部分
lnmp部分为配置部分
nginx部分
[root@master ~]# cd /srv/salt/prod/
[root@master prod]# cat modules/web/nginx/install.sls
nginc-dev-package:
pkg.installed:
- pkgs:
- pcre-devel
- openssl
- openssl-devel
- gd-devel
- gcc
- gcc-c++
- make
- wget
nginx:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/nginx-1.20.1.tar.gz:
file.managed:
- source: salt://modules/web/nginx/files/nginx-1.20.1.tar.gz
nginx-installsh:
cmd.script:
- name: salt://modules/web/nginx/files/install.sh.j2
- template: jinja
- unless: test -d {{ pillar['nginx_installdir'] }}
/usr/lib/systemd/system/nginx.service:
file.managed:
- source: salt://modules/web/nginx/files/nginx.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
[root@master prod]# cat modules/web/nginx/files/install.sh.j2
#!/bin/bash
cd /usr/src
rm -rf nginx-1.20.1
tar xf nginx-1.20.1.tar.gz
cd /usr/src/nginx-1.20.1
./configure \
--prefix="{{ pillar['nginx_installdir']}}" \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log && make && make install
[root@master prod]# cat modules/web/nginx/files/nginx.service.j2
[Unit]
Description=nginx server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['nginx_installdir'] }}/sbin/nginx
ExecStop={{ pillar['nginx_installdir'] }}/sbin/nginx -s stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master prod]# vim lnmp/nginx.sls
"Development Tools":
pkg.group_installed
include:
- modules.web.nginx.install
/var/log/nginx:
file.directory:
- user: nginx
- group: nginx
- mode: '0755'
- makedirs: true
{{ pillar['nginx_installdir'] }}/html/index.php:
file.managed:
- source: salt://lnmp/files/index.php
- user: nginx
- group: nginx
- mode: '0644'
- require:
- cmd: nginx-installsh
{{ pillar['nginx_installdir'] }}/conf/nginx.conf:
file.managed:
- source: salt://lnmp/files/nginx.conf.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
- require:
- cmd: nginx-installsh
lnmp-nginx-service:
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: {{ pillar['nginx_installdir'] }}/conf/nginx.conf
- require:
- cmd: nginx-installsh
- file: {{ pillar['nginx_installdir'] }}/conf/nginx.conf
[root@master prod]# vim lnmp/files/nginx.conf.j2
......
43 location / {
44 root html;
45 index index.html index.php index.htm; # 添加index.php
46 }
......
65 location ~ \.php$ {
66 root /var/www/html; # php主机index.php文件存放位置
67 fastcgi_pass {{ pillar['php_ip'] }}:9000; # 变量
68 fastcgi_index index.php;
69 fastcgi_param SCRIPT_FILENAME $Document_root$fastcgi_script_name; # 修改为$Document_root..
70 include fastcgi_params;
71 }
......
[root@master prod]# cat lnmp/files/index.php
<?php
phpinfo();
?>
Mysql部分
[root@master prod]# cat modules/database/mysql/install.sls
ncurses-compat-libs:
pkg.installed
create-mysql-user:
user.present:
- name: mysql
- createhome: false
- system: true
- shell: /sbin/nologin
create-datadir:
file.directory:
- name: {{ pillar['mysql_datadir'] }}
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
/usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz:
file.managed:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
- user: root
- group: root
- mode: '0644'
mysql-install:
cmd.script:
- name: salt://modules/database/mysql/files/install.sh.j2
- template: jinja
- unless: test -d {{ pillar['mysql_installdir'] }}
trasfer-files:
file.managed:
- names:
- {{ pillar['mysql_installdir'] }}/support-files/mysql.server:
- source: salt://modules/database/mysql/files/mysql.server.j2
- template: jinja
- /usr/lib/systemd/system/mysqld.service:
- source: salt://modules/database/mysql/files/mysqld.service.j2
- template: jinja
- require:
- cmd: mysql-install
[root@master prod]# cat modules/database/mysql/files/install.sh.j2
#!/bin/bash
cd /usr/src
tar xf mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
ln -s /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64 {{ pillar['mysql_installdir'] }}
chown -R mysql.mysql {{ pillar['mysql_installdir'] }}
{{ pillar['mysql_installdir'] }}/bin/mysqld --initialize-insecure --user=mysql --datadir="{{ pillar['mysql_datadir'] }}"
echo "export PATH={{ pillar['mysql_installdir'] }}/bin:\$PATH" > /etc/profile.d/mysqld.sh
[root@master prod]# cat modules/database/mysql/files/mysql.server.j2
......
# overwritten by settings in the MySQL configuration files.
basedir={{ pillar['mysql_installdir'] }}
datadir={{ pillar['mysql_datadir'] }}
......
[root@master prod]# cat modules/database/mysql/files/mysqld.service.j2
[Unit]
Description=Mysql server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['mysql_installdir'] }}/support-files/mysql.server start
ExecStop={{ pillar['mysql_installdir'] }}/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master prod]# cat lnmp/mysql.sls
lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- ncurses-compat-libs
include:
- modules.database.mysql.install
provides-mysql-file:
file.managed:
- user: root
- group: root
- mode: '0644'
- names:
- /etc/my.cnf:
- source: salt://lnmp/files/my.cnf.j2
- template: jinja
- /etc/ld.so.conf.d/mysql.conf:
- source: salt://lnmp/files/mysql.conf.j2
- template: jinja
/usr/local/include/mysql:
file.symlink:
- target: {{ pillar['mysql_installdir'] }}/mysql/include
mysqld-service:
service.running:
- name: mysqld
- enable: true
- reload: true
- require:
- cmd: mysql-install
- file: trasfer-files
- watch:
- file: provides-mysql-file
set-password:
cmd.run:
- name: {{ pillar['mysql_installdir'] }}/bin/mysql -e "set password = password('{{ pillar['mysql_password'] }}');"
- require:
- service: mysqld-service
- unless: {{ pillar['mysql_installdir'] }}/bin/mysql -uroot -p{{ pillar['mysql_password'] }} -e "exit"
[root@master prod]# cat lnmp/files/my.cnf.j2
[mysqld]
port = 3306
datadir = {{ pillar['mysql_datadir'] }}
basedir = {{ pillar['mysql_installdir'] }}
socket = /tmp/mysql.sock
pid-file = {{ pillar['mysql_datadir'] }}/mysql.pid
log-error = {{ pillar['mysql_datadir'] }}/mysql.err
skip-name-resolve
[root@master prod]# cat lnmp/files/mysql.conf.j2
{{ pillar['mysql_installdir'] }}/mysql/lib
php部分
[root@master ~]# cd /srv/salt/prod/
[root@master prod]# cat modules/application/php/install.sls
/usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- unless: rpm -q oniguruma-devel
epel-install:
cmd.run:
- name: dnf -y install epel-release
- unless: rpm -q epel-release
dep-pkckages-install:
pkg.installed:
- pkgs:
- sqlite-devel
- libzip-devel
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- gcc
- gcc-c++
- make
/usr/src/php-7.4.24.tar.gz:
file.managed:
- source: salt://modules/application/php/files/php-7.4.24.tar.gz
- user: root
- group: root
- mode: '0644'
php-install:
cmd.script:
- name: salt://modules/application/php/files/install.sh.j2
- template: jinja
- unless: test -d {{ pillar['php_installdir' ] }}
/var/www/html/:
file.directory:
- user: root
- group: root
- mode: '0755'
- makedirs: true
copy-php:
file.managed:
- names:
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- {{ pillar['php_installdir' ] }}/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- {{ pillar['php_installdir'] }}/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
- /etc/php.ini:
- source: salt://modules/application/php/files/php.ini
- /var/www/html/index.php:
- source: salt://lnmp/files/index.php
- /var/www/html/mysql.php:
- source: salt://modules/application/php/files/mysql.php.j2
- template: jinja
- require:
- cmd: php-install
php-fpm.service:
service.running:
- enable: true
- reload: true
- require:
- cmd: php-install
- file: copy-php
- watch:
- file: copy-php
[root@master prod]# cat modules/application/php/files/install.sh.j2
#!/bin/bash
cd /usr/src
rm -rf php-7.4.24
tar xf php-7.4.24.tar.gz
cd /usr/src/php-7.4.24
./configure --prefix="{{ pillar['php_installdir'] }}" \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix && make && make install
[root@master prod]# cat modules/application/php/files/mysql.php.j2 # 测试php与mysql连通性的文件
<?php
$servername = "{{ pillar['mysql_ip'] }}";
$username = "QAQ";
$password = "{{ pillar['mysql_password'] }}";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("连接失败: " . $conn->connect_error);
}
echo "连接成功";
?>
[root@master prod]# vim modules/application/php/files/php-fpm.service
[Unit]
Description=php-fpm server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master prod]# vim modules/application/php/files/www.conf
......
35 ; Note: This value is mandatory.
36 listen = 192.168.220.17:9000 # php主机IP
37
38 ; Set listen(2) backlog.
......
62 ; Default Value: any
63 ;listen.allowed_clients = 192.168.220.9 # nginx主机IP
64
65 ; Specify the nice(2) priority to apply to the pool processes (only if set)
......
执行
# master上安装nginx
[root@master prod]# salt master state.sls lnmp.nginx saltenv=prod
# node1上安装mysql
[root@master prod]# salt node1 state.sls lnmp.mysql saltenv=prod
# node2上安装php
[root@master prod]# salt node1 state.sls modules.application.php.install saltenv=prod
浏览器访问
测试MySQL与php连通性
# 在MySQL主机上登录并创建QAQ用户并授权用于测试连接
[root@node1 ~]# mysql -uroot -p123
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.7.34 MySQL Community Server (GPL)
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create user 'QAQ'@'192.168.220.%';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on *.* to 'QAQ'@'192.168.220.%' identified by '123';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
浏览器测试访问