目的
使用cloud-init编写脚本,在创建服务器的时候就写入脚本,在无人值守的情况下完成服务环境的配置/软件的安装(nginx/php等)/自己开发的项目的初次部署及配置.
在创建阿里云ECS的时候写入:
脚本如下,我把注释写到里面了,所以就不在说明了.
主要干了两件事:
- 服务器基本环境配置
- 项目的初始化安装配置
要用cloud-init的,需要先看下cloud-init官网
#cloud-config
users:
- default
# 创建用户www,nginx和php-fpm均使用该用户及组,web应用的所有者/组也是www.
# 日常部署任务也是使用www,所以sudo添加了重启php-fpm的权限
- name: www
sudo:
- ALL=(ALL)NOPASSWD:/bin/systemctl restart php-fpm.service
# 创建用于平时登录服务器的账户mallto,配置ssh-authorized-keys
- name: wahaha
groups: www,wheel
ssh-authorized-keys:
- ssh-rsa [马赛克]
sudo:
# dep 是php的一个部署工具的命令,在阿里云的RDC上时使用wahaha该用户连接服务器执行命令的,
# 所以需要以www用户的身份执行部署任务,不然创建的文件都是wahaha的了,还要在修改所有者等.
- ALL=(www)NOPASSWD:/usr/local/bin dep
# 设置root和mallto的密码
chpasswd:
expire: false
list: |
root:[马赛克]
mallto:[马赛克]
package_upgrade: true
# 因为后面部署项目需要从git库拉取代码,所以要配置www的ssh密钥对和known_hosts,
# 在这里直接设置文件的`owner`属性不行,因为文件的写入先于www用户的创建.所以后面的命令中还需要修改文件拥有者
write_files:
- content: |
[马赛克]
path: /home/www/.ssh/known_hosts
permissions: '0644'
- content: |
ssh-rsa [马赛克]
path: /home/www/.ssh/id_rsa.pub
permissions: '0600'
- content: |
-----BEGIN RSA PRIVATE KEY-----
[马赛克]
-----END RSA PRIVATE KEY-----
path: /home/www/.ssh/id_rsa
permissions: '0600'
runcmd:
# 修改默认的ssh端口
- sed -i -e '/^#Port/s/^.*$/Port 8888/' /etc/ssh/sshd_config
# 因为创建阿里云ECS的时候,没有设置密码选择的是秘钥登录,所以默认是禁止了密码登录,配置中只禁止了root登录
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
# 修改上面write_files创建文件的所有者
- chown -R www /home/www
- chgrp -R www /home/www
- systemctl reload sshd
# yum源配置,我使用cloud-init的yum_repos设置一直不行...
- yum install -y epel-release
- yum install -y https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-15.ius.centos7.noarch.rpm
- yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
- yum install -y http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
- yum update
# 安装postgresql客户端,因为使用的是阿里云的数据库服务,所以不安装数据库服务
- yum install -y postgresql96
# 安装nginx并配置运行用户
- yum install -y nginx
- sed -i -e '/^user nginx;/s/^.*$/user www www;/' /etc/nginx/nginx.conf
- systemctl start nginx
- systemctl enable nginx
# 安装php-fpm及常用库及配置运行用户
- yum install -y php71u-fpm
- systemctl start php-fpm
- systemctl enable php-fpm
- yum install -y php71u-gd php71u-mysqlnd php71u-pdo php71u-mcrypt php71u-mbstring php71u-json php71u-cli php71u-xml php71u-pgsql php71u-pecl-redis php71u-opcache
- sed -i -e '/^user = php-fpm/s/^.*$/user = www/' /etc/php-fpm.d/www.conf
- sed -i -e '/^group = php-fpm/s/^.*$/group = www/' /etc/php-fpm.d/www.conf
# 配置opcache的黑名单
- echo '/app/back_end/*/integration' >> /etc/php.d/opcache-default.blacklist
- echo '/app/back_end/*/test' >> /etc/php.d/opcache-default.blacklist
- systemctl reload php-fpm
# 安装其他常用库,从OneinStack抄的
- yum install -y deltarpm gcc-c++ cmake autoconf libpng-devel freetype-devel libxml2 libxml2-devel zlib-devel glib2-devel bzip2 bzip2-devel ncurses-devel libaio numactl numactl-libs readline-devel libcurl-devel e2fsprogs-devel krb5-devel libidn-devel openssl-devel libxslt-devel libicu-devel libevent-devel libtool bison gd-devel pcre-devel zip unzip ntpdate sqlite-devel expect expat-devel rsync git lsof lrzsz mlocate
- updatedb
# 安装部署工具
- curl -LO https://deployer.org/deployer.phar
- mv deployer.phar /usr/local/bin/dep
- chmod +x /usr/local/bin/dep
# 创建项目目录
- mkdir -p /app/back_end
- chown -R www /app
- chgrp -R www /app
- chmod -R 775 /app
# 拉取web项目初始化部署需要的文件配置及命令
- cd /home/www
- su - www -c 'git clone git@code.aliyun.com:wahaha/project_init.git'
- chmod +x /home/www/project_init/project_install.sh
- chmod +x /home/www/project_init/nginx_config_install.sh
- chmod +x /home/www/project_init/composer.sh
# 这安装composer的命令没用,php composer-setup.php 这句执行不了,不知道为什么....我先是放在runcmd中也不行
- /home/www/project_init/composer.sh
# web项目的nginx配置初始化
- /home/www/project_init/nginx_config_install.sh
# 项目初始化
- su - www -s /home/www/project_init/project_install.sh
项目初始化用的的几个shell脚本如下:
composer.sh:
#!/bin/bash
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/local/bin/composer
/usr/local/bin/composer config -g repo.packagist composer https://packagist.phpcomposer.com
php composer-setup.php
执行失败...原因还不知道
nginx_config_install.sh:
#!/bin/bash
cp -r /home/www/project_init/nginx.conf/* /etc/nginx/conf.d/
systemctl reload nginx
project_install.sh:
我这里三个环境的名字是:production/staging/test,各个文件的目录也是这样
#!/bin/bash
# Author: never615 <never615 AT gmail.com>
# BLOG: http://never615.com
#
. /home/www/project_init/option.sh
# 克隆项目,部署项目的各个环境
cd /home/www
mkdir projects
cd projects
for repository in ${repositorys[@]}
do
echo ${repository}
git clone ${repository}
done
for path in `ls`
do
echo $path
tempPath="/home/www/projects/${path}"
cd "${tempPath}/deploy"
for deploy in `ls`
do
if [$deploy == "production"]
then
git checkout master
else
git checkout develop
fi
cd "${tempPath}/deploy/${deploy}"
/usr/local/bin/dep -vvv deploy ${deploy}
done
done
初次部署项目使用的是工具deploy,在我们其他项目中也有介绍,如:
使用deployer部署工具配合阿里云RDC完成部署
deployer文档