saltstack部署nginx+php
发表于:2024-11-18 作者:千家信息网编辑
千家信息网最后更新 2024年11月18日,因为基本上生产环境中都是nginx+php的环境,所以就不单独列出salt部署php的过程了,这里就结合我在生产环境中的脚本进行nginx+php环境的部署。部署规划:1)编译安装libiconv、l
千家信息网最后更新 2024年11月18日saltstack部署nginx+php
因为基本上生产环境中都是nginx+php的环境,所以就不单独列出salt部署php的过程了,这里就结合我在生产环境中的脚本进行nginx+php环境的部署。
部署规划:
1)编译安装libiconv、libmcrypt、mhash以及mcrypt
2)编译安装php
3)添加启动停止脚本
4)添加到系统服务并设置开机启动
5)拷贝日志切割脚本
6)添加日志切割定时任务
7)安装memcached/redis/protobuf扩展
8)修改php.ini加载php扩展
salt部署目录架构:
[root@salt-master ~]# tree /srv/salt/base//srv/salt/base/├── cron│ ├── files│ │ ├── nginx_cut_log.sh│ │ └── php_cut_log.sh│ ├── nginx.sls│ └── php.sls├── nginx│ ├── files│ │ ├── nginx│ │ ├── nginx-1.6.3.tar.gz│ │ └── nginx.conf│ ├── install.sls│ └── service.sls├── packages│ └── install.sls├── pcre│ ├── files│ │ └── pcre-8.37.tar.gz│ └── install.sls├── php│ ├── extension.sls│ ├── files│ │ ├── libmemcached-1.0.18.tar.gz│ │ ├── memcached-2.2.0.tgz│ │ ├── php-5.6.16.tar.gz│ │ ├── php-fpm│ │ ├── php-fpm.conf│ │ ├── php.ini│ │ ├── phpredis-2.2.4.tar.gz│ │ └── protobuf.so│ ├── install.sls│ ├── libiconv│ │ └── files│ │ └── libiconv-1.14.tar.gz│ ├── libiconv.sls│ ├── libmcrypt│ │ └── files│ │ └── libmcrypt-2.5.8.tar.gz│ ├── libmcrypt.sls│ ├── mcrypt│ │ └── files│ │ └── mcrypt-2.6.8.tar.gz│ ├── mcrypt.sls│ ├── mhash│ │ └── files│ │ └── mhash-0.9.9.9.tar.gz│ ├── mhash.sls│ └── service.sls├── top.sls└── user ├── nginx.sls └── php.sls18 directories, 34 files
安装libiconv:
[root@salt-master base]# cat php/libiconv.sls libiconv-source-install: file.managed: - name: /opt/tools/libiconv-1.14.tar.gz - source: salt://php/libiconv/files/libiconv-1.14.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf libiconv-1.14.tar.gz && cd libiconv-1.14 && ./configure --prefix=/usr/local && make && make install && /sbin/ldconfig - unless: test -e /usr/local/lib/libiconv.so.2.5.1 - require: - file: libiconv-source-install
安装limcrypt:
[root@salt-master base]# cat php/libmcrypt.sls libmcrypt-source-install: file.managed: - name: /opt/tools/libmcrypt-2.5.8.tar.gz - source: salt://php/libmcrypt/files/libmcrypt-2.5.8.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools && tar -zxf libmcrypt-2.5.8.tar.gz && cd libmcrypt-2.5.8 && ./configure && make && make install && ldconfig && cd libltdl && ./configure --enable-ltdl-install && make && make install && /sbin/ldconfig - unless: test -e /usr/local/lib/libmcrypt.so.4.4.8 - require: - file: libmcrypt-source-install
安装mhash:
[root@salt-master base]# cat php/mhash.sls mhash-source-install: file.managed: - name: /opt/tools/mhash-0.9.9.9.tar.gz - source: salt://php/mhash/files/mhash-0.9.9.9.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9 && ./configure && make && make install && ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la && ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so && ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 && ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 && ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a && ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la && ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so && ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 && ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 && ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config - unless: test -e /usr/local/lib/libmhash.a - require: - file: mhash-source-install
安装mcrypt:
[root@salt-master base]# cat php/mcrypt.sls mcrypt-source-install: file.managed: - name: /opt/tools/mcrypt-2.6.8.tar.gz - source: salt://php/mcrypt/files/mcrypt-2.6.8.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools/ && tar -zxf mcrypt-2.6.8.tar.gz && cd mcrypt-2.6.8 && /sbin/ldconfig && ./configure && make && make install - unless: test -e /usr/local/bin/mcrypt - require: - file: mcrypt-source-install
安装php:
[root@salt-master base]# cat php/install.sls include: - packages.install - user.php - php.libiconv - php.libmcrypt - php.mhash - php.mcryptphp-source-install: file.managed: - name: /opt/tools/php-5.6.16.tar.gz - source: salt://php/files/php-5.6.16.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf php-5.6.16.tar.gz && cd php-5.6.16 && ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-libxml-dir --enable-xml --enable-fpm --with-fpm-user=www --with-fpm-group=www --enable-bcmath --enable-mbstring --enable-gd-native-ttf --enable-sockets --enable-mysqlnd --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-zip --enable-inline-optimization --with-gd --with-bz2 --with-zlib --with-mcrypt --with-mhash --with-openssl --with-xmlrpc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --without-pear --disable-ipv6 --disable-pdo --with-gettext --disable-debug --without-pdo-sqlite --disable-rpath --enable-shmop --enable-sysvsem --with-curl --with-curlwrappers --enable-mbregex --enable-pcntl --enable-soap --enable-sigchild --enable-pdo && make ZEND_EXTRA_LIBS='-liconv' && make install - unless: test -d /usr/local/php - require: - file: php-source-install - user: php-user-group - cmd: libiconv-source-install - cmd: libmcrypt-source-install - cmd: mcrypt-source-install - cmd: mhash-source-install
配置php服务:
[root@salt-master base]# cat php/service.sls include: - php.install - cron.php/usr/local/php/etc: file.directory: - user: www - group: www - mode: 644 - makedirs: True/usr/local/php/etc/php-fpm.conf: file.managed: - source: salt://php/files/php-fpm.conf - user: www - group: www - mode: 644/etc/php.ini: file.managed: - source: salt://php/files/php.ini - user: www - group: www - mode: 644/etc/profile: file.append: - text: - export PATH=$PATH:/usr/local/php/bin:/usr/local/php/sbinphp-init: file.managed: - name: /etc/init.d/php-fpm - source: salt://php/files/php-fpm - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm && source /etc/profile - unless: chkconfig --list|grep php-fpm - require: - file: php-initphp-service: service.running: - name: php-fpm - enable: True - restart: True - require: - cmd: php-init - watch: - file: /etc/php.ini - file: /usr/local/php/etc/php-fpm.conf
部署定时任务:
[root@salt-master base]# cat cron/php.sls php-crond-job: file.managed: - name: /opt/tools/scripts/php_cut_log.sh - source: salt://cron/files/php_cut_log.sh - user: root - group: root - mode: 755/bin/bash /opt/tools/scripts/php_cut_log.sh >/dev/null 2>&1: cron.present: - identifier: cut php daily logs job - user: root - minute: '0' - hour: '0' - require: - file: php-crond-job
安装php扩展:
[root@salt-master base]# cat php/extension.sls include: - php.servicelibmemcached-source-install: file.managed: - name: /opt/tools/libmemcached-1.0.18.tar.gz - source: salt://php/files/libmemcached-1.0.18.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools && tar -zxf libmemcached-1.0.18.tar.gz && cd libmemcached-1.0.18 && ./configure --prefix=/usr/local/libmemcached --with-memcached && make && make install - unless: test -d /usr/local/libmemcached - require: - file: libmemcached-source-installmemcached-source-install: file.managed: - name: /opt/tools/memcached-2.2.0.tgz - source: salt://php/files/memcached-2.2.0.tgz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools/ && tar -zxf memcached-2.2.0.tgz && cd memcached-2.2.0 && /usr/local/php/bin/phpize && ./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/libmemcached && make && make install - unless: test -x /usr/bin/memcached - require: - file: memcached-source-installphpredis-source-install: file.managed: - name: /opt/tools/phpredis-2.2.4.tar.gz - source: salt://php/files/phpredis-2.2.4.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools && tar -zxf phpredis-2.2.4.tar.gz && cd phpredis-2.2.4 && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install - unless: test -e /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/redis.so - require: - file: phpredis-source-installprotobuf-extension: file.managed: - name: /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/protobuf.so - source: salt://php/files/protobuf.so - user: www - group: www - mode: 755extension-init: file.managed: - name: /usr/local/php/etc/php.ini - source: salt://php/files/php.ini - user: www - group: www - replace: True - mode: 644 cmd.run: - name: chown -R www:www /usr/local/php && source /etc/profile - require: - file: protobuf-extension - file: extension-init - watch: - file: /usr/local/php/etc/php.ini
top.sls文件:
[root@salt-master base]# cat top.sls base: 'salt-minion02.contoso.com': - nginx.service - php.service - php.extension
环境
脚本
任务
日志
服务
生产
编译
拷贝
文件
架构
目录
系统
过程
规划
配置
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
抚顺市盘古网络技术有限公司
服务器连接到显示器没反应
大连公安系统软件开发
七日杀能不能转让服务器
uu加速链接不上服务器
kip3000服务器
ps4安全模式清楚数据库
数据库管理技术经历的阶段
南通市网络安全基地
互联网科技的一种
网络安全需要用到什么技术
姜堰区环保网络技术联系方式
芯片丝印数据库
网络安全宣传教育内容
苹果5连接服务器时出现问题
工程软件开发用什么语言好
网络安全不能超过50字
阳泉网络技术哪家好
网络安全属于国家安全体系吗
ado 更新数据库
我国网络安全事件统计
服务器主机如何安装win7
呼市信友软件开发有限公司
服务器回档是什么意思
广西天映网络技术有限公司
广州礼德软件开发有限公司
单机魔兽世界不能选服务器
互联网科技与传统工业
手机gps就是移动数据库
服务器新增内存条开机无反应
