saltstack部署nginx+php
发表于:2025-12-03 作者:千家信息网编辑
千家信息网最后更新 2025年12月03日,因为基本上生产环境中都是nginx+php的环境,所以就不单独列出salt部署php的过程了,这里就结合我在生产环境中的脚本进行nginx+php环境的部署。部署规划:1)编译安装libiconv、l
千家信息网最后更新 2025年12月03日saltstack部署nginx+php
因为基本上生产环境中都是nginx+php的环境,所以就不单独列出salt部署php的过程了,这里就结合我在生产环境中的脚本进行nginx+php环境的部署。
部署规划:
1)编译安装libiconv、libmcrypt、mhash以及mcrypt
2)编译安装php
3)添加启动停止脚本
4)添加到系统服务并设置开机启动
5)拷贝日志切割脚本
6)添加日志切割定时任务
7)安装memcached/redis/protobuf扩展
8)修改php.ini加载php扩展
salt部署目录架构:
[root@salt-master ~]# tree /srv/salt/base//srv/salt/base/├── cron│ ├── files│ │ ├── nginx_cut_log.sh│ │ └── php_cut_log.sh│ ├── nginx.sls│ └── php.sls├── nginx│ ├── files│ │ ├── nginx│ │ ├── nginx-1.6.3.tar.gz│ │ └── nginx.conf│ ├── install.sls│ └── service.sls├── packages│ └── install.sls├── pcre│ ├── files│ │ └── pcre-8.37.tar.gz│ └── install.sls├── php│ ├── extension.sls│ ├── files│ │ ├── libmemcached-1.0.18.tar.gz│ │ ├── memcached-2.2.0.tgz│ │ ├── php-5.6.16.tar.gz│ │ ├── php-fpm│ │ ├── php-fpm.conf│ │ ├── php.ini│ │ ├── phpredis-2.2.4.tar.gz│ │ └── protobuf.so│ ├── install.sls│ ├── libiconv│ │ └── files│ │ └── libiconv-1.14.tar.gz│ ├── libiconv.sls│ ├── libmcrypt│ │ └── files│ │ └── libmcrypt-2.5.8.tar.gz│ ├── libmcrypt.sls│ ├── mcrypt│ │ └── files│ │ └── mcrypt-2.6.8.tar.gz│ ├── mcrypt.sls│ ├── mhash│ │ └── files│ │ └── mhash-0.9.9.9.tar.gz│ ├── mhash.sls│ └── service.sls├── top.sls└── user ├── nginx.sls └── php.sls18 directories, 34 files
安装libiconv:
[root@salt-master base]# cat php/libiconv.sls libiconv-source-install: file.managed: - name: /opt/tools/libiconv-1.14.tar.gz - source: salt://php/libiconv/files/libiconv-1.14.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf libiconv-1.14.tar.gz && cd libiconv-1.14 && ./configure --prefix=/usr/local && make && make install && /sbin/ldconfig - unless: test -e /usr/local/lib/libiconv.so.2.5.1 - require: - file: libiconv-source-install
安装limcrypt:
[root@salt-master base]# cat php/libmcrypt.sls libmcrypt-source-install: file.managed: - name: /opt/tools/libmcrypt-2.5.8.tar.gz - source: salt://php/libmcrypt/files/libmcrypt-2.5.8.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools && tar -zxf libmcrypt-2.5.8.tar.gz && cd libmcrypt-2.5.8 && ./configure && make && make install && ldconfig && cd libltdl && ./configure --enable-ltdl-install && make && make install && /sbin/ldconfig - unless: test -e /usr/local/lib/libmcrypt.so.4.4.8 - require: - file: libmcrypt-source-install
安装mhash:
[root@salt-master base]# cat php/mhash.sls mhash-source-install: file.managed: - name: /opt/tools/mhash-0.9.9.9.tar.gz - source: salt://php/mhash/files/mhash-0.9.9.9.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf mhash-0.9.9.9.tar.gz && cd mhash-0.9.9.9 && ./configure && make && make install && ln -s /usr/local/lib/libmcrypt.la /usr/lib/libmcrypt.la && ln -s /usr/local/lib/libmcrypt.so /usr/lib/libmcrypt.so && ln -s /usr/local/lib/libmcrypt.so.4 /usr/lib/libmcrypt.so.4 && ln -s /usr/local/lib/libmcrypt.so.4.4.8 /usr/lib/libmcrypt.so.4.4.8 && ln -s /usr/local/lib/libmhash.a /usr/lib/libmhash.a && ln -s /usr/local/lib/libmhash.la /usr/lib/libmhash.la && ln -s /usr/local/lib/libmhash.so /usr/lib/libmhash.so && ln -s /usr/local/lib/libmhash.so.2 /usr/lib/libmhash.so.2 && ln -s /usr/local/lib/libmhash.so.2.0.1 /usr/lib/libmhash.so.2.0.1 && ln -s /usr/local/bin/libmcrypt-config /usr/bin/libmcrypt-config - unless: test -e /usr/local/lib/libmhash.a - require: - file: mhash-source-install
安装mcrypt:
[root@salt-master base]# cat php/mcrypt.sls mcrypt-source-install: file.managed: - name: /opt/tools/mcrypt-2.6.8.tar.gz - source: salt://php/mcrypt/files/mcrypt-2.6.8.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools/ && tar -zxf mcrypt-2.6.8.tar.gz && cd mcrypt-2.6.8 && /sbin/ldconfig && ./configure && make && make install - unless: test -e /usr/local/bin/mcrypt - require: - file: mcrypt-source-install
安装php:
[root@salt-master base]# cat php/install.sls include: - packages.install - user.php - php.libiconv - php.libmcrypt - php.mhash - php.mcryptphp-source-install: file.managed: - name: /opt/tools/php-5.6.16.tar.gz - source: salt://php/files/php-5.6.16.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /opt/tools/ && tar -zxf php-5.6.16.tar.gz && cd php-5.6.16 && ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-libxml-dir --enable-xml --enable-fpm --with-fpm-user=www --with-fpm-group=www --enable-bcmath --enable-mbstring --enable-gd-native-ttf --enable-sockets --enable-mysqlnd --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-zip --enable-inline-optimization --with-gd --with-bz2 --with-zlib --with-mcrypt --with-mhash --with-openssl --with-xmlrpc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --without-pear --disable-ipv6 --disable-pdo --with-gettext --disable-debug --without-pdo-sqlite --disable-rpath --enable-shmop --enable-sysvsem --with-curl --with-curlwrappers --enable-mbregex --enable-pcntl --enable-soap --enable-sigchild --enable-pdo && make ZEND_EXTRA_LIBS='-liconv' && make install - unless: test -d /usr/local/php - require: - file: php-source-install - user: php-user-group - cmd: libiconv-source-install - cmd: libmcrypt-source-install - cmd: mcrypt-source-install - cmd: mhash-source-install
配置php服务:
[root@salt-master base]# cat php/service.sls include: - php.install - cron.php/usr/local/php/etc: file.directory: - user: www - group: www - mode: 644 - makedirs: True/usr/local/php/etc/php-fpm.conf: file.managed: - source: salt://php/files/php-fpm.conf - user: www - group: www - mode: 644/etc/php.ini: file.managed: - source: salt://php/files/php.ini - user: www - group: www - mode: 644/etc/profile: file.append: - text: - export PATH=$PATH:/usr/local/php/bin:/usr/local/php/sbinphp-init: file.managed: - name: /etc/init.d/php-fpm - source: salt://php/files/php-fpm - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm && source /etc/profile - unless: chkconfig --list|grep php-fpm - require: - file: php-initphp-service: service.running: - name: php-fpm - enable: True - restart: True - require: - cmd: php-init - watch: - file: /etc/php.ini - file: /usr/local/php/etc/php-fpm.conf
部署定时任务:
[root@salt-master base]# cat cron/php.sls php-crond-job: file.managed: - name: /opt/tools/scripts/php_cut_log.sh - source: salt://cron/files/php_cut_log.sh - user: root - group: root - mode: 755/bin/bash /opt/tools/scripts/php_cut_log.sh >/dev/null 2>&1: cron.present: - identifier: cut php daily logs job - user: root - minute: '0' - hour: '0' - require: - file: php-crond-job
安装php扩展:
[root@salt-master base]# cat php/extension.sls include: - php.servicelibmemcached-source-install: file.managed: - name: /opt/tools/libmemcached-1.0.18.tar.gz - source: salt://php/files/libmemcached-1.0.18.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools && tar -zxf libmemcached-1.0.18.tar.gz && cd libmemcached-1.0.18 && ./configure --prefix=/usr/local/libmemcached --with-memcached && make && make install - unless: test -d /usr/local/libmemcached - require: - file: libmemcached-source-installmemcached-source-install: file.managed: - name: /opt/tools/memcached-2.2.0.tgz - source: salt://php/files/memcached-2.2.0.tgz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools/ && tar -zxf memcached-2.2.0.tgz && cd memcached-2.2.0 && /usr/local/php/bin/phpize && ./configure --enable-memcached --with-php-config=/usr/local/php/bin/php-config --with-libmemcached-dir=/usr/local/libmemcached && make && make install - unless: test -x /usr/bin/memcached - require: - file: memcached-source-installphpredis-source-install: file.managed: - name: /opt/tools/phpredis-2.2.4.tar.gz - source: salt://php/files/phpredis-2.2.4.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /opt/tools && tar -zxf phpredis-2.2.4.tar.gz && cd phpredis-2.2.4 && /usr/local/php/bin/phpize && ./configure --with-php-config=/usr/local/php/bin/php-config && make && make install - unless: test -e /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/redis.so - require: - file: phpredis-source-installprotobuf-extension: file.managed: - name: /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/protobuf.so - source: salt://php/files/protobuf.so - user: www - group: www - mode: 755extension-init: file.managed: - name: /usr/local/php/etc/php.ini - source: salt://php/files/php.ini - user: www - group: www - replace: True - mode: 644 cmd.run: - name: chown -R www:www /usr/local/php && source /etc/profile - require: - file: protobuf-extension - file: extension-init - watch: - file: /usr/local/php/etc/php.ini
top.sls文件:
[root@salt-master base]# cat top.sls base: 'salt-minion02.contoso.com': - nginx.service - php.service - php.extension
环境
脚本
任务
日志
服务
生产
编译
拷贝
文件
架构
目录
系统
过程
规划
配置
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
面试问数据库基于几大范式做的
互联网运维与网络安全
珠海移动宽带服务器
用友u8服务器端系统管理
灵武软件开发技术靠谱吗
人民银软件开发
网络安全管理三条红线
数据库加密函数监控显示明文
服务器的服务商
网络安全进企业
联想服务器安全模式
必达门锁登录如何选择数据库
网络安全委员会安立冬
福建智能化软件开发要多少钱
刚果金网络安全吗
樱花内网穿透无法连接服务器
农民漫画网络安全法
批量备份数据库
数控线切割机床软件开发
手机网络安全知识摘抄简短
上海市计算机软件开发中心闵行
周村企业oa软件开发公司
丹江口软件开发诚信互利
数据库中查询日期之前
数据库sql相关问题
兴义gpu云服务器
网络安全常见试题
转回原服务器还能再回来吗
配置代理服务器打不开网站
深圳软件开发公司伺服驱动器
