美文网首页
使用cloud-init实现无人值守配置服务器环境及初始化项目,

使用cloud-init实现无人值守配置服务器环境及初始化项目,

作者: never615 | 来源:发表于2017-10-27 19:31 被阅读1635次

    目的

    使用cloud-init编写脚本,在创建服务器的时候就写入脚本,在无人值守的情况下完成服务环境的配置/软件的安装(nginx/php等)/自己开发的项目的初次部署及配置.

    在创建阿里云ECS的时候写入:

    Screen Shot 2017-10-27 at 7.33.09 PM.png

    脚本如下,我把注释写到里面了,所以就不在说明了.

    主要干了两件事:

    1. 服务器基本环境配置
    2. 项目的初始化安装配置

    要用cloud-init的,需要先看下cloud-init官网

    #cloud-config
    users:
      - default
    # 创建用户www,nginx和php-fpm均使用该用户及组,web应用的所有者/组也是www.
    # 日常部署任务也是使用www,所以sudo添加了重启php-fpm的权限
      - name: www
        sudo:
            - ALL=(ALL)NOPASSWD:/bin/systemctl restart php-fpm.service
    # 创建用于平时登录服务器的账户mallto,配置ssh-authorized-keys
      - name: wahaha
        groups: www,wheel
        ssh-authorized-keys:
            - ssh-rsa [马赛克]
        sudo:
    # dep 是php的一个部署工具的命令,在阿里云的RDC上时使用wahaha该用户连接服务器执行命令的,
    # 所以需要以www用户的身份执行部署任务,不然创建的文件都是wahaha的了,还要在修改所有者等.
            - ALL=(www)NOPASSWD:/usr/local/bin dep
    # 设置root和mallto的密码
    chpasswd:
      expire: false
      list: |
        root:[马赛克]
        mallto:[马赛克]
    package_upgrade: true
    # 因为后面部署项目需要从git库拉取代码,所以要配置www的ssh密钥对和known_hosts,
    # 在这里直接设置文件的`owner`属性不行,因为文件的写入先于www用户的创建.所以后面的命令中还需要修改文件拥有者
    write_files:
    - content: |
        [马赛克]
      path: /home/www/.ssh/known_hosts
      permissions: '0644'
    - content: |
        ssh-rsa [马赛克]
      path: /home/www/.ssh/id_rsa.pub
      permissions: '0600'
    - content: |
        -----BEGIN RSA PRIVATE KEY-----
        [马赛克]
        -----END RSA PRIVATE KEY-----
      path: /home/www/.ssh/id_rsa
      permissions: '0600'
    runcmd:
    # 修改默认的ssh端口
      - sed -i -e '/^#Port/s/^.*$/Port 8888/' /etc/ssh/sshd_config
    # 因为创建阿里云ECS的时候,没有设置密码选择的是秘钥登录,所以默认是禁止了密码登录,配置中只禁止了root登录
      - sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
    # 修改上面write_files创建文件的所有者
      - chown -R www /home/www
      - chgrp -R www /home/www
      - systemctl reload sshd
    # yum源配置,我使用cloud-init的yum_repos设置一直不行...
      - yum install -y epel-release
      - yum install -y https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-15.ius.centos7.noarch.rpm
      - yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
      - yum install -y http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
      - yum update
    # 安装postgresql客户端,因为使用的是阿里云的数据库服务,所以不安装数据库服务
      - yum install -y postgresql96
    # 安装nginx并配置运行用户
      - yum install -y nginx
      - sed -i -e '/^user  nginx;/s/^.*$/user  www www;/' /etc/nginx/nginx.conf
      - systemctl start nginx
      - systemctl enable nginx
    # 安装php-fpm及常用库及配置运行用户
      - yum install -y php71u-fpm
      - systemctl start php-fpm
      - systemctl enable php-fpm
      - yum install -y php71u-gd php71u-mysqlnd php71u-pdo php71u-mcrypt php71u-mbstring php71u-json php71u-cli php71u-xml php71u-pgsql php71u-pecl-redis php71u-opcache
      - sed -i -e '/^user = php-fpm/s/^.*$/user = www/' /etc/php-fpm.d/www.conf
      - sed -i -e '/^group = php-fpm/s/^.*$/group = www/' /etc/php-fpm.d/www.conf
    # 配置opcache的黑名单
      - echo '/app/back_end/*/integration' >> /etc/php.d/opcache-default.blacklist
      - echo '/app/back_end/*/test' >> /etc/php.d/opcache-default.blacklist
      - systemctl reload php-fpm
    # 安装其他常用库,从OneinStack抄的
      - yum install -y deltarpm gcc-c++ cmake autoconf libpng-devel freetype-devel libxml2 libxml2-devel zlib-devel glib2-devel bzip2 bzip2-devel ncurses-devel libaio numactl numactl-libs readline-devel libcurl-devel e2fsprogs-devel krb5-devel libidn-devel openssl-devel libxslt-devel libicu-devel libevent-devel libtool bison gd-devel pcre-devel zip unzip ntpdate sqlite-devel expect expat-devel rsync git lsof lrzsz mlocate
      - updatedb
    # 安装部署工具
      - curl -LO https://deployer.org/deployer.phar
      - mv deployer.phar /usr/local/bin/dep
      - chmod +x /usr/local/bin/dep
    # 创建项目目录
      - mkdir -p /app/back_end
      - chown -R www /app
      - chgrp -R www /app
      - chmod -R 775 /app
    # 拉取web项目初始化部署需要的文件配置及命令
      - cd /home/www
      - su - www -c 'git clone git@code.aliyun.com:wahaha/project_init.git'
      - chmod +x /home/www/project_init/project_install.sh
      - chmod +x /home/www/project_init/nginx_config_install.sh
      - chmod +x /home/www/project_init/composer.sh
    # 这安装composer的命令没用,php composer-setup.php 这句执行不了,不知道为什么....我先是放在runcmd中也不行  
      - /home/www/project_init/composer.sh
    # web项目的nginx配置初始化  
      - /home/www/project_init/nginx_config_install.sh
    # 项目初始化  
      - su - www -s /home/www/project_init/project_install.sh
    
    

    项目初始化用的的几个shell脚本如下:

    composer.sh:
    #!/bin/bash
    php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
    php composer-setup.php
    php -r "unlink('composer-setup.php');"
    mv composer.phar /usr/local/bin/composer
    /usr/local/bin/composer config -g repo.packagist composer https://packagist.phpcomposer.com
    

    php composer-setup.php执行失败...原因还不知道

    nginx_config_install.sh:
    #!/bin/bash
    cp -r /home/www/project_init/nginx.conf/* /etc/nginx/conf.d/
    systemctl reload nginx
    
    project_install.sh:

    我这里三个环境的名字是:production/staging/test,各个文件的目录也是这样

    #!/bin/bash
    # Author:  never615 <never615 AT gmail.com>
    # BLOG:  http://never615.com
    #
    . /home/www/project_init/option.sh
    
    
    # 克隆项目,部署项目的各个环境
    cd /home/www
    mkdir projects
    cd projects
    for repository in ${repositorys[@]}
    do
      echo ${repository}
      git clone ${repository}
    done
    
    for path in `ls`
    do
      echo $path
      tempPath="/home/www/projects/${path}"
      cd "${tempPath}/deploy"
      for deploy in `ls`
      do
        if [$deploy == "production"]
        then
          git checkout master
        else
          git checkout develop
        fi
        cd "${tempPath}/deploy/${deploy}"
        /usr/local/bin/dep -vvv deploy ${deploy}
      done
    done
    
    
    

    初次部署项目使用的是工具deploy,在我们其他项目中也有介绍,如:
    使用deployer部署工具配合阿里云RDC完成部署
    deployer文档

    参考

    相关文章

      网友评论

          本文标题:使用cloud-init实现无人值守配置服务器环境及初始化项目,

          本文链接:https://www.haomeiwen.com/subject/vtudpxtx.html