- httpd
- mysql
- php
- 项目配置文件
- zabbix
结构
[root@master salt]# tree . |-- base |-- dev |-- prod | |-- modules | | |-- application | | | `-- php | | | |-- files | | | | |-- install.sh | | | | |-- oniguruma-devel-6.8.2-1.el7.x86_64.rpm | | | | |-- php-8.0.10.tar.gz | | | | |-- php-fpm | | | | |-- php-fpm.conf | | | | |-- php-fpm.service | | | | `-- www.conf | | | `-- install.sls | | |-- database | | | `-- mysql | | | |-- files | | | | |-- install.sh | | | | |-- mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz | | | | |-- mysql.server | | | | `-- mysqld.service | | | `-- install.sls | | `-- web | | `-- httpd | | |-- files | | | |-- apr-1.7.0.tar.gz | | | |-- apr-util-1.6.1.tar.gz | | | |-- httpd-2.4.48.tar.gz | | | |-- httpd.conf | | | |-- httpd.service | | | `-- install.sh | | `-- install.sls | `-- zabbix | |-- files | | |-- index.php | | |-- install.sh | | |-- my.cnf | | |-- mysql.conf | | |-- php.ini | | |-- vhosts.conf | | |-- zabbix-5.4.4.tar.gz | | `-- zabbix_server.conf | |-- httpd.sls | |-- install.sls | |-- main.sls | `-- mysql.sls `-- testhttpd
//apache服务安装的状态文件
[root@master ~]# cat /srv/salt/prod/modules/web/httpd/install.sls
http-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
http:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
http-download:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/httpd/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/httpd/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.48.tar.gz:
- source: salt://modules/web/httpd/files/httpd-2.4.48.tar.gz
- /usr/lib/systemd/system/httpd.service:
- source: salt://modules/web/httpd/files/httpd.service
- /usr/lib/systemd/system/httpd.service:
- source: salt://modules/web/httpd/files/httpd.service.j2
- user: root
- group: root
- mode: '0644'
- template: jinja
httpd-install:
cmd.script:
- name: salt://modules/web/httpd/files/install.sh {{ pillar['install_dir'] }}
- unless: test -d {{ pillar['install_dir'] }}
{{ pillar['install_dir'] }}/conf/httpd.conf:
file.managed:
- source: salt://modules/web/httpd/files/httpd.conf
- user: root
- group: root
- mode: '0644'
- require:
- cmd: apache-install
//安装脚本
[root@master ~]# vim /srv/salt/prod/modules/web/httpd/files/install.sh
#!/bin/bash
cd /usr/src
rm -rf apr-util-1.6.1 httpd-2.4.48 apr-1.7.0
tar -xf apr-1.7.0.tar.gz
tar -xf apr-util-1.6.1.tar.gz
tar -xf httpd-2.4.48.tar.gz
cd apr-1.7.0
sed -i '/$RM "$cfgfile"/d' configure
./configure --prefix=/usr/local/apr &&
make && make install
cd ../apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr &&
make && make install
cd ../httpd-2.4.48
./configure --prefix=$1
--enable-so
--enable-ssl
--enable-cgi
--enable-rewrite
--with-zlib
--with-pcre
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util/
--enable-modules=most
--enable-mpms-shared=all
--with-mpm=prefork &&
make && make install
sed -i '/#ServerName/s/#//g' /usr/local/apache/conf/httpd.conf
systemctl daemon-reload
//httpd配置文件
[root@master httpd]# cat files/httpd.conf
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See
# for a discussion of each configuration directive.
#
# See the httpd.conf(5) man page for more information on this configuration,
# and httpd.service(8) on using and configuring the httpd service.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf/extra/vhosts.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# definition. These values also provide defaults for
# any containers you may define later in the file.
#
# All of these directives may appear inside containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin root@localhost
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
#ServerName www.example.com:80
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# blocks below.
#
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# documentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
documentRoot "/var/www/html"
#
# Relax access to content within /var/www.
#
AllowOverride None
# Allow open access:
Require all granted
# Further relax access to the default document root:
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymlinks SymlinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymlinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.php index.html
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Require all denied
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a
# container, they will be logged here. Contrariwise, if you *do*
# define per- access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the documentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a section to allow access to
# the filesystem path.
#
# scriptAlias: This controls which directories contain server scripts.
# scriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to scriptAlias
# directives as to Alias.
#
scriptAlias /cgi-bin/ "/var/www/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your scriptAliased
# CGI directory exists, if you have that configured.
#
AllowOverride None
Options None
Require all granted
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of scriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the meta tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#Errordocument 500 "The server made a boo boo."
#Errordocument 404 /missing.html
#Errordocument 404 "/cgi-bin/missing_handler.pl"
#Errordocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
//service启动文件
[root@master ~]# vim /srv/salt/prod/modules/web/apache/files/httpd.service.j2
[Unit]
Description=Apache server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['install_dir'] }}/bin/apachectl start
ExecStop={{ pillar['install_dir'] }}/bin/apachectl stop
[Install]
WantedBy=multi-user.target
mysql
//Mysql服务安装状态文件
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/install.sls
mysql-dep-package:
pkg.installed:
- name: ncurses-compat-libs
create-mysql-user:
user.present:
- name: mysql
- system: true
- createhome: false
- shell: /sbin/nologin
create-datadir:
file.directory:
- name: {{ pillar['data_dir'] }}
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
/usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz:
file.managed:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
- user: root
- group: root
- mode: '0644'
mysql-install:
cmd.script:
- name: salt://modules/database/mysql/files/install.sh
- unless: test -d {{ pillar['base_dir'] }}
trasfer-files:
file.managed:
- names:
- {{ pillar['base_dir'] }}/support-files/mysql.server:
- source: salt://modules/database/mysql/files/mysql.server
- /usr/lib/systemd/system/mysqld.service:
- source: salt://modules/database/mysql/files/mysqld.service.j2
- template: jinja
- require:
- cmd: mysql-install
//mysql安装脚本
[root@master ~]# cat /srv/salt/prod/modules/database/mysql/files/install.sh
#!/bin/bash
cd /usr/src
tar -xf mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local
ln -s /usr/local/mysql-5.7.34-linux-glibc2.12-x86_64 /usr/local/mysql
chown -R mysql.mysql /usr/local/mysql*
/usr/local/mysql/bin/mysqld --initialize-insecure --user mysql --datadir=/opt/data
echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysqld.sh
//mysql service启动文件
[root@master mysql]# cat /srv/salt/prod/modules/database/mysql/files/mysqld.service.j2
[Unit]
Description=Mysqld server daemon
After=network.target
[Service]
Type=forking
ExecStart={{ pillar['base_dir'] }}/support-files/mysql.server start
ExecStop={{ pillar['base_dir'] }}/support-files/mysql.server stop
[Install]
WantedBy=multi-user.target
php
//php服务的状态文件
/usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- names:
- yum -y install /usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- unless: rpm -q oniguruma-devel
dep-package-install:
pkg.installed:
- pkgs:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
- libzip-devel
- libsqlite3x
- libsqlite3x-devel
- oniguruma
- libzip-devel
/usr/src/php-8.0.10.tar.gz:
file.managed:
- source: salt://modules/application/php/files/php-8.0.10.tar.gz
- user: root
- group: root
- mode: '0644'
php-install:
cmd.script:
- name: salt://modules/application/php/files/install.sh
- unless: test -d /usr/local/php8
php-copy-package:
file.managed:
- names:
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/local/php8/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- /usr/local/php8/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
- require:
- cmd: php-install
php-fpm.service:
service.running:
- enable: true
- reload: true
- require:
- cmd: php-install
- file: php-copy-package
- watch:
- file: php-copy-package
//php安装脚本
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/install.sh
#!/bin/bash
cd /usr/src
rm -rf php-8.0.10
tar -xf php-8.0.10.tar.gz
cd php-8.0.10
./configure --prefix=/usr/local/php8
--with-config-file-path=/etc
--enable-fpm
--disable-debug
--disable-rpath
--enable-shared
--enable-soap
--with-openssl
--enable-bcmath
--with-iconv
--with-bz2
--enable-calendar
--with-curl
--enable-exif
--enable-ftp
--enable-gd
--with-jpeg
--with-zlib-dir
--with-freetype
--with-gettext
--enable-mbstring
--enable-pdo
--with-mysqli=mysqlnd
--with-pdo-mysql=mysqlnd
--with-readline
--enable-shmop
--enable-simplexml
--enable-sockets
--with-zip
--enable-mysqlnd-compression-support
--with-pear
--enable-pcntl
--enable-posix &&
make && make install
//service文件
[root@master ~]# cat /srv/salt/prod/modules/application/php/files/php-fpm.service
[Unit]
Description=Php-fpm server daemon
After=network.target
[Service]
Type=forking
ExecStart=service php-fpm start
ExecStop=service php-fpm stop
[Install]
WantedBy=multi-user.target
项目配置文件
[root@master prod]# cat /srv/salt/prod/zabbix/apache.sls
"Development Tools":
pkg.group_installed
include:
- modules.web.httpd.install
/usr/include/httpd:
file.symlink:
- target: /usr/local/apache/include
- require:
- cmd: apache-install
/usr/local/apache/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mode: '0755'
- makedirs: true
- require:
- cmd: apache-install
/usr/local/apache/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/files/index.php
- user: root
- group: root
- mode: '0755'
- makedirs: true
- require:
- cmd: apache-install
/usr/local/apache/conf/extra/vhosts.conf:
file.managed:
- source: salt://zabbix/files/vhosts.conf
- require:
- cmd: apache-install
apache-service-start:
service.running:
- name: httpd
- enable: true
- reload: true
- require:
- file: /usr/local/apache/conf/extra/vhosts.conf
- watch:
- file: /usr/local/apache/conf/extra/vhosts.conf
[root@master prod]# cat /srv/salt/prod/zabbix/mysql.sls
mysql-dep-packages:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
include:
- modules.database.mysql.install
provides-mysql-file:
file.managed:
- source: salt://zabbix/files/my.cnf
- user: root
- group: root
- mode: '0644'
- names:
- /etc/my.cnf:
- source: salt://zabbix/files/my.cnf
- /etc/ld.so.conf.d/mysql.conf:
- source: salt://zabbix/files/mysql.conf
/usr/local/include/mysql:
file.symlink:
- target: /usr/local/mysql/include
mysqld.service:
service.running:
- enable: true
- require:
- cmd: mysql-install
- file: trasfer-files
- watch:
- file: provides-mysql-file
mysql-set-password:
cmd.run:
- name: /usr/local/mysql/bin/mysql -e "set password=password('123');"
- require:
- service: mysqld.service
- unless: /usr/local/mysql/bin/mysql -uroot -p123 -e "exit"
zabbix
//zabbix安装的状态文件
[root@master ~]# cat /srv/salt/prod/zabbix/install.sls
zabbix-dep-packages:
pkg.installed:
- pkgs:
- net-snmp-devel
- libevent-devel
- gcc
- gcc-c++
- make
zabbix:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://zabbix/files/zabbix-5.4.4.tar.gz
salt://zabbix/files/install.sh:
cmd.script
/usr/local/etc/zabbix_server.conf:
file.managed:
- source: salt://zabbix/files/zabbix_server.conf
create-dir:
file.directory:
- name: /var/lib/mysql
- user: root
- group: root
- mode: '0644'
link:
cmd.run:
- name: ln -s /tmp/mysql.sock /var/lib/mysql/
/etc/php.ini:
file.managed:
- source: salt://zabbix/files/php.ini
copy-ui:
cmd.run:
- name: cp -a /usr/src/zabbix-5.4.4/ui/* /usr/local/apache/htdocs/zabbix/
start-service:
cmd.run:
- names:
- zabbix_server
- zabbix_agentd
//zabbix安装脚本
[root@master ~]# cat /srv/salt/prod/zabbix/files/install.sh
#!/bin/bash
cd /usr/src/
tar xf zabbix-5.4.4.tar.gz
/usr/local/mysql/bin/mysql -uroot -p123 -e "create database zabbix character set utf8 collate utf8_bin;"
/usr/local/mysql/bin/mysql -uroot -p123 -e "grant all privileges on zabbix.* to 'zabbix'@'localhost' identified by 'zabbix123';"
/usr/local/mysql/bin/mysql -uroot -p123 -e "flush privileges;"
cd /usr/src/zabbix-5.4.4/database/mysql
/usr/local/mysql/bin/mysql -uroot -p123 zabbix < schema.sql
/usr/local/mysql/bin/mysql -uroot -p123 zabbix < images.sql
/usr/local/mysql/bin/mysql -uroot -p123 zabbix < data.sql
cd /usr/src/zabbix-5.4.4/
./configure --enable-server --enable-agent --with-mysql --with-net-snmp --with-libcurl --with-libxml2 && make install
//虚拟主机配置文件
[root@master src]# cat /srv/salt/prod/zabbix/files/vhosts.conf
documentRoot "/usr/local/apache/htdocs/zabbix"
ServerName www.test.com
ProxyRequests Off
ProxyPassMatch ^/(.*.php)$ fcgi://127.0.0.1:9000/usr/local/apache/htdocs/zabbix/$1
Options none
AllowOverride none
Require all granted
