站点图标 IDC铺

Puppet模块(六):nginx模块

一、模块说明Nginx反向代理服务、缓存服务、负载均衡服务。二、目录结构

三、代码展示1、files目录conf.d    #其下存放nginx的配置文件,根据环境不同使用不同代码,也可以使用puppet的environments技术,本人暂未研究DeployPub     #生产环境的配置文件。

DeployTest    #测试环境的配置文件test01.conf    #nginx虚拟主机配置文件,可以将upstream单独存放一个文件,然后一个server一个文件,后台如10.188.1.11:8888就是你的网站地址了,可用iis\tomcat\apache\php\nginx等等搭建,这就不用说了吧

upstream www{ server 10.188.1.11:8888 weight=5 max_fails=2 fail_timeout=30s; server 10.188.1.12:8888 weight=5 max_fails=2 fail_timeout=30s; keepalive 20; } server { listen 80; server_name www.ewin.com; location / { proxy_pass http://www; proxy_next_upstream http_502 http_504 error timeout invalid_header; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; } location ~ /purge(/.*) { allow 10.188.1.0/24; deny all; proxy_cache_purge tmpcache $host$1$is_args$args; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|css|html|shtml|htm)$ { proxy_cache tmpcache; proxy_cache_valid 200 304 12h; proxy_cache_valid 301 302 1m; proxy_cache_valid any 1m; proxy_cache_key $host$uri$is_args$args; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $remote_addr; proxy_pass http://web-html; } location /nginxstatus { stub_status on; access_log off; allow 10.188.1.0/24; deny all; } access_log /var/log/nginx/www.log main; }

pack #存放相关安装包 nginx-1.6.2.tar.gz #下载http://nginx.org/download/nginx-1.6.2.tar.gz ngx_cache_purge-2.3.tar.gz #下载http://labs.frickle.com/files/ngx_cache_purge-2.3.tar.gz

openssl-1.0.1j.tar.gz #下载http://www.openssl.org/source/openssl-1.0.1j.tar.gz pcre-8.35.tar.gz #下载http://cznic.dl.sourceforge.net/project/pcre/pcre/8.35/pcre-8.35.tar.gz

zlib-1.2.8.tar.gz #下载http://zlib.net/zlib-1.2.8.tar.gz nginx_install.sh #nginx安装脚本#!/bin/bash cd /usr/local/src/nginx-1.6.2 make clean /bin/bash configure –prefix=/usr/local/nginx –sbin-path=/usr/sbin/nginx –conf-path=/etc/nginx/nginx.conf –pid-path=/var/run/nginx/nginx.pid –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –lock-path=/var/lock/nginx.lock –user=nginx –group=nginx –with-pcre=/usr/local/src/pcre-8.35 –with-zlib=/usr/local/src/zlib-1.2.8 –with-openssl=/usr/local/src/openssl-1.0.1j –with-http_stub_status_module –add-module=/usr/local/src/ngx_cache_purge-2.3 –with-http_perl_module –with-http_realip_module make make install

说明:编译命令中定义了相关目录、用户等;启用了PCRE(正则匹配)、ZLIB、SSL、STATUS(状态监控)、PURGE(缓存清除插件)、PERL模块、REALIP模块(真实IP) 其中PERL模块用于URL忽略大小写,参考 http://www.cnblogs.com/tommyli/p/3543303.html

2、manifests目录 init.ppclass nginx{ include nginx::install,nginx::config,nginx::service } install.pp

class nginx::install { Exec{ path => [/usr/bin,/usr/sbin,/bin] } package { [perl-devel,perl-ExtUtils-Embed]: #perl,pcre,zlib-devel,gcc-c++,gcc,openssl-devel #注意:主机安装的其他模块中已有的package不重复,如果只安装本nginx模块,则需要将上面注释的package都加在列表中。

ensure => installed, before => Exec[install_nginx], } file { /usr/local/src: ensure => directory, source => puppet:///modules/nginx/pack, ignore => .svn, owner => root, group => root, mode => 0640, recurse => remote, before => Exec[install_nginx], } exec { pcre: command => tar -zxf pcre-8.35.tar.gz, cwd => /usr/local/src, refreshonly => true, subscribe => File[/usr/local/src], before => Exec[install_nginx], } exec { zlib: command => tar -zxf zlib-1.2.8.tar.gz, cwd => /usr/local/src, refreshonly => true, subscribe => File[/usr/local/src], before => Exec[install_nginx], } exec { openssl: command => tar -zxf openssl-1.0.1j.tar.gz, cwd => /usr/local/src, refreshonly => true, subscribe => File[/usr/local/src], before => Exec[install_nginx], } exec { cache: command => tar -zxf ngx_cache_purge-2.3.tar.gz, cwd => /usr/local/src, refreshonly => true, subscribe => File[/usr/local/src], before => Exec[install_nginx], } exec { nginx: command => tar -zxf nginx-1.6.2.tar.gz, cwd => /usr/local/src/, refreshonly => true, subscribe => File[/usr/local/src], before => Exec[install_nginx], } file { /usr/local/src/nginx_install.sh: ensure => file, owner => root, group => root, mode => 755, source => puppet:///modules/nginx/nginx_install.sh, before => Exec[install_nginx], } exec { install_nginx: command => /bin/bash nginx_install.sh, cwd => “/usr/local/src”, refreshonly => true, subscribe => File[/usr/local/src/nginx_install.sh], } } 。

config.pp #$nginx_conf参数用来确认主机使用哪个环境的配置文件,可在foreamen的主机属性里设置,或节点site.pp里设置class nginx::config { include nginx::config::iptables group { “nginx”: ensure => present, before => USER[“nginx”], } user { “nginx”: ensure => present, groups => nginx, shell => /sbin/nologin, } file { /etc/nginx/nginx.conf: ensure => file, owner => root, group => root, mode => 400, content => template(“nginx/nginx.conf.erb”), require => Class[nginx::install], } case $nginx_conf { pub: { file { /etc/nginx/conf.d: ensure => directory, source => puppet:///modules/nginx/conf.d/DeployPub, ignore => .svn, owner => root, group => root, mode => 0640, recurse => remote, require => Class[nginx::install], } } test: { file { /etc/nginx/conf.d: ensure => directory, source => puppet:///modules/nginx/conf.d/DeployTest, ignore => .svn, owner => root, group => root, mode => 0640, recurse => remote, require => Class[nginx::install], } } } file { nginxd: path => /etc/rc.d/init.d/nginxd, ensure => file, owner => root, group => root, mode => 755, content => template(“nginx/nginxd.erb”), require => Class[nginx::install], } } class nginx::config::iptables { Exec{ path => [/usr/bin,/usr/sbin,/bin,/sbin] } exec { open_port_80: command => iptables -I INPUT -p tcp –dport 80 -j ACCEPT, unless => grep “tcp –dport 80” /etc/sysconfig/iptables 2>/dev/null, notify => Exec[save_port_80], } exec { save_port_80: command => service iptables save, refreshonly => true, } }

service.ppclass nginx::service { service { nginxd: ensure => running, enable => true, hasrestart => true, hasstatus => true, subscribe => Class[“nginx::config”], } }

3、templates目录 nginx.conf.erbuser nginx nginx; worker_processes 1; error_log /var/log/nginx/error.log crit; pid /var/run/nginx/nginx.pid; worker_rlimit_nofile 1024; #ulimit -n events { use epoll; worker_connections 1024; } http { include mime.types; default_type application/octet-stream; log_format main $remote_addr – $remote_user [$time_local] “$request” $status $body_bytes_sent “$http_referer” “$http_user_agent” “$http_x_forwarded_for”; access_log /var/log/nginx/access.log main; #charset utf-8; server_names_hash_bucket_size 128; client_header_buffer_size 32k; large_client_header_buffers 4 64k; perl_set $url sub { my $r = shift; my $re = lc($r->uri); return $re; } ; server_tokens off; sendfile on; autoindex on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; #压缩功能 gzip on; gzip_min_length 1k; gzip_buffers 4 16k; gzip_http_version 1.1; gzip_comp_level 2; gzip_types text/plain application/x-javascript text/css application/xml; gzip_vary on; #limit_zone crawler $binary_remote_addr 10m; #缓存功能 #客户端请求的最大的单个文件字节数 client_max_body_size 300m; #缓冲区代理缓冲用户请求的最大字节数 client_body_buffer_size 128k; #和后端连接(发起握手)的超时时间 proxy_connect_timeout 600; #连接成功后等待后端响应的超时时间 proxy_read_timeout 600; #后端数据回传时间 proxy_send_timeout 600; #代理请求缓存区保存头信息的块大小 proxy_buffer_size 16k; proxy_buffers 4 64k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 128k; #缓存文件路径 proxy_temp_path /usr/local/nginx/proxy_temp; proxy_cache_path /usr/local/nginx/proxy_cache levels=1:2 keys_zone=tmpcache:200m inactive=1d max_size=2g; #levels两层HASH目录,缓存区名称为tmpcache,内存缓存20M,1天内没被访问会被删除,硬盘缓存200M include /etc/nginx/conf.d/*.conf; }

nginxd.erb #nginx服务脚本 service nginxd start#!/bin/bash # chkconfig: 35 85 15 # description: nginx is a World Wide Web server. . /etc/rc.d/init.d/functions . /etc/sysconfig/network # Check that networking is up. [ “$NETWORKING” = “no” ] && exit 0 nginx=”/usr/sbin/nginx” prog=$(basename $nginx) NGINX_CONF_FILE=”/etc/nginx/nginx.conf” [ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx lockfile=/var/lock/subsys/nginx make_dirs() { # make required directories user=`nginx -V 2>&1 | grep “configure arguments:” | sed s/[^*]*–user=\([^ ]*\).*/\1/g -` options=`$nginx -V 2>&1 | grep configure arguments:` for opt in $options; do if [ `echo $opt | grep .*-temp-path` ]; then value=`echo $opt | cut -d “=” -f 2` if [ ! -d “$value” ]; then # echo “creating” $value mkdir -p $value && chown -R $user $value fi fi done } start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 make_dirs echo -n $”Starting $prog: ” daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $”Stopping $prog: ” killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop sleep 1 start } reload() { configtest || return $? echo -n $”Reloading $prog: ” killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case “$1″ in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}” exit 2 esac

四、Foreman配置    导入模块

我这里是以配置组的形式添加给主机了,单个的可以在右下方可用类中点击nginx添加

    添加参数:

    推送给客户端主机:

完成后查看报告,根据报告做相应调整。

退出移动版