SaltStack自动化lamp zabbix
结构
[root@master salt]# tree
.
|-- base
|-- dev
|-- prod
| |-- modules
| | |-- application
| | | `-- php
| | | |-- files
| | | | |-- init.d.php-fpm
| | | | |-- install.sh
| | | | |-- oniguruma-devel-6.8.2-2.el8.x86_64.rpm
| | | | |-- php-7.4.24.tar.xz
| | | | |-- php-fpm.conf.default
| | | | |-- php-fpm.service
| | | | |-- php.ini-production
| | | | `-- www.conf.default
| | | `-- install.sls
| | |-- database
| | | `-- mysql
| | | |-- files
| | | | |-- my.cnf
| | | | |-- mysql-5.7.34-el7-x86_64.tar.gz
| | | | |-- mysql.server
| | | | |-- mysql.sh
| | | | `-- mysqld.service
| | | |-- install.sh
| | | `-- install.sls
| | `-- web
| | `-- httpd
| | |-- files
| | | |-- apr-1.7.0.tar.gz
| | | |-- apr-util-1.6.1.tar.gz
| | | |-- httpd-2.4.48.tar.gz
| | | |-- httpd.conf
| | | |-- httpd.service
| | | `-- install.sh
| | `-- install.sls
| `-- zabbix
| ├── files
| │ ├── index.php
| │ ├── install.sh
| │ ├── my.cnf
| │ ├── mysql.conf
| │ ├── php.ini
| │ ├── vhosts.conf
| │ └── zabbix-5.4.4.tar.gz
| ├── httpd.sls
| ├── install.sls
| ├── main.sls
| └── mysql.sls
`-- test
httpd
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/install.sls
"Development Tools":
pkg.group_installed
httpd-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
create-apache-user:
user.present:
- name: apache
- createhome: false
- system: true
- shell: /sbin/nologin
download-apache:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/httpd/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/httpd/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.51.tar.gz:
- source: salt://modules/web/httpd/files/httpd-2.4.48.tar.gz
httpd-install:
cmd.script:
- name: salt://modules/web/httpd/files/install.sh
- unless: test -d /usr/local/apache
/usr/local/apache/conf/httpd.conf:
file.managed:
- source: salt://modules/web/httpd/files/httpd.conf
- user: root
- group: root
- mode: '0644'
- require:
- cmd: httpd-install
/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://modules/web/httpd/files/httpd.service
- user: root
- group: root
- mode: '0644'
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/files/httpd.service
[Unit]
Description=httpd server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecStop=/usr/local/apache/bin/apachectl stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# vim /srv/salt/prod/modules/web/httpd/files/httpd.conf
119 #LoadModule remoteip_module modules/mod_remoteip.so
120 LoadModule proxy_module modules/mod_proxy.so // 取消注释
121 #LoadModule proxy_connect_module modules/mod_proxy_connect.so
122 #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
123 #LoadModule proxy_http_module modules/mod_proxy_http.so
124 LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so // 取消注释
125 #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
260 <IfModule dir_module>
261 DirectoryIndex index.php index.html //加上index.php
262 </IfModule>
397 AddType application/x-compress .Z
398 AddType application/x-gzip .gz .tgz
## 搜索AddType,添加以下内容
399 AddType application/x-httpd-php .php
400 AddType application/x-httpd-php-source .phps
500 Include conf/extra/proxy-html.conf
## 添加以下内容
501 Include conf/extra/vhosts.conf
511 <IfModule ssl_module>
512 SSLRandomSeed startup builtin
513 SSLRandomSeed connect builtin
514 </IfModule>
515 <VirtualHost *:80>
516 DocumentRoot "/usr/local/apache/htdocs/zabbix"
517 ServerName zabbix.example.com
518 ProxyRequests Off
519 ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/zabbix/$1
520 <Directory "/usr/local/apache/htdocs/zabbix">
521 Options none
522 AllowOverride none
523 Require all granted
524 </Directory>
525 </VirtualHost>
mysql
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/install.sls
ncurses-compat-libs:
pkg.installed
mysql:
user.present:
- system: true
- createhome: false
- shell: /sbin/nologin
/usr/local:
archive.extracted:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
file.symlink:
- name: /usr/local/mysql
- target: /usr/local/mysql-5.7.34-linux-glibc2.12-x86_64
/usr/local/mysql:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- recurse:
- user
- group
/opt/data:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
- recurse:
- user
- group
/etc/profile.d/mysql.sh:
file.managed:
- source: salt://modules/database/mysql/files/mysql.sh
- user: root
- group: root
- mode: '0644'
/usr/local/mysql/support-files/mysql.server:
file.managed:
- source: salt://modules/database/mysql/files/mysql.server
- user: mysql
- group: mysql
- mode: '0755'
/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.service
- user: root
- group: root
- mode: '0644'
mysql-initialize:
cmd.run:
- name: '/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/'
- require:
- archive: /usr/local
- user: mysql
- file: /opt/data
- unless: test $(ls -l /opt/data | wc -l) -gt 1
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysqld.service
[Unit]
Description=mysql server daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecStop=/usr/local/mysql/support-files/mysql.server stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/mysql.sh
PATH=/usr/local/mysql/bin:$PATH
[root@master ~]# vim /srv/salt/prod/modules/database/mysql/files/mysql.server
46 basedir=/usr/local/mysql
47 datadir=/opt/data
php
[root@master ~]# cat /srv/salt/prod/modules/application/php/install.sls
dnf -y install epel-release:
cmd.run
/tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- unless: rpm -q oniguruma-devel
php-dep-package:
pkg.installed:
- pkgs:
- sqlite-devel
- libzip-devel
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
unarchive-php:
archive.extracted:
- name: /usr/src/
- source: salt://modules/application/php/files/php-7.4.24.tar.gz
php-install:
cmd.script:
- name: salt://modules/application/php/files/install.sh
- unless: test -d /usr/local/php7
copy-file-php:
file.managed:
- names:
- /usr/local/php7/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- /usr/local/php7/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/local/apache/conf/httpd.conf:
- source: salt://modules/application/php/files/httpd.conf
- /usr/local/apache/htdocs/index.php:
- source: salt://modules/application/php/files/index.php
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
- require:
- cmd: php-install
php-fpm.service:
service.running:
- enable: true
- require:
- cmd: php-install
- file: copy-file-php
- watch:
- file: copy-file-php
## 脚本 ##
[root@master ~]# cat /srv/salt/prod/modules/application/php7/files/install.sh
#!/bin/bash
cd /usr/src/php-7.4.24
./configure --prefix=/usr/local/php7 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix && \
make && make install
## service配置文件 ##
[root@master ~]# cat /srv/salt/prod/modules/application/php7/files/php-fpm.service
[Unit]
Description=php server daemon
After=network.target
[Service]
Type=forking
ExecStart=/etc/init.d/php-fpm start
ExecStop=/etc/init.d/php-fpm stop
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
[root@master prod]# vim modules/application/php7/files/www.conf.default
listen = 0.0.0.0:9000
zabbix
root@master ~]# cat /srv/salt/prod/zabbix/apache.sls
include:
- modules.web.httpd.install
/usr/include/httpd:
file.symlink:
- target: /usr/local/apache/include
/usr/local/apache/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mode: '0755'
- makedirs: true
/usr/local/apache/conf/extra/vhosts.conf:
file.managed:
- source: salt://zabbix/files/vhosts.conf
- user: root
- group: root
- mode: '0664'
- require:
- cmd: httpd-install
/usr/local/apache/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/files/index.php
- user: root
- group: root
- mode: '0664'
httpd.service:
service.running:
- enable: true
- reload: true
- require:
- cmd: httpd-install
- file: /usr/lib/systemd/system/httpd.service
- watch:
- file: /usr/local/apache/conf/httpd.conf
- file: /usr/local/apache/conf/extra/vhosts.conf
[root@master ~]# cat /srv/salt/prod/zabbix/mysql.sls
include:
- modules.database.mysql.install
lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
- glibc
- glibc-gconv-extra
- libgcc
- libstdc++
/usr/local/include/mysql:
file.symlink:
- target: /usr/local/mysql/include
/etc/ld.so.conf.d/mysql.conf:
file.managed:
- source: salt://zabbix/files/mysql.conf
- user: root
- group: root
- mode: '0644'
/etc/my.cnf:
file.managed:
- source: salt://zabbix/files/my.cnf
- user: root
- group: root
- mode: '0644'
- watch_in:
- service: mysqld.service
mysqld.service:
service.running:
- enable: true
- reload: true
- require:
- archive: /usr/local
- file: /usr/lib/systemd/system/mysqld.service
- file: /etc/my.cnf
set-password-mysql:
cmd.run:
- name: /usr/local/mysql/bin/mysql -e "set password = password('zs123');"
- require:
- service: mysqld.service
- unless: /usr/local/mysql/bin/mysql -uroot -pzs123 -e 'exit'
[root@master ~]# cat /srv/salt/prod/zabbix/files/index.php
<?php
phpinfo();
?>
[root@master ~]# cat /srv/salt/prod/zabbix/files/my.cnf
[mysqld]
basedir = /usr/local/mysql
datadir = /opt/data
socket = /tmp/mysql.sock
port = 3306
pid-file = /opt/data/mysql.pid
user = mysql
skip-name-resolve
[root@master ~]# cat /srv/salt/prod/zabbix/files/mysql.conf
/usr/local/mysql/lib
[root@master ~]# cat /srv/salt/prod/zabbix/files/vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/zabbix"
ServerName zabbix.example.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/zabbix/$1
<Directory "/usr/local/apache/htdocs/zabbix">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>
[root@master ~]# cat /srv/salt/prod/zabbix/main.sls
include:
- zabbix.apache
- zabbix.mysql
- modules.application.php.install
浙公网安备 33010602011771号