目的
使用cloud-init編寫腳本,在創(chuàng)建服務(wù)器的時(shí)候就寫入腳本,在無(wú)人值守的情況下完成服務(wù)環(huán)境的配置/軟件的安裝(nginx/php等)/自己開(kāi)發(fā)的項(xiàng)目的初次部署及配置.
在創(chuàng)建阿里云ECS的時(shí)候?qū)懭?
Screen Shot 2017-10-27 at 7.33.09 PM.png
腳本如下,我把注釋寫到里面了,所以就不在說(shuō)明了.
主要干了兩件事:
- 服務(wù)器基本環(huán)境配置
- 項(xiàng)目的初始化安裝配置
要用cloud-init的,需要先看下cloud-init官網(wǎng)
#cloud-config
users:
- default
# 創(chuàng)建用戶www,nginx和php-fpm均使用該用戶及組,web應(yīng)用的所有者/組也是www.
# 日常部署任務(wù)也是使用www,所以sudo添加了重啟php-fpm的權(quán)限
- name: www
sudo:
- ALL=(ALL)NOPASSWD:/bin/systemctl restart php-fpm.service
# 創(chuàng)建用于平時(shí)登錄服務(wù)器的賬戶mallto,配置ssh-authorized-keys
- name: wahaha
groups: www,wheel
ssh-authorized-keys:
- ssh-rsa [馬賽克]
sudo:
# dep 是php的一個(gè)部署工具的命令,在阿里云的RDC上時(shí)使用wahaha該用戶連接服務(wù)器執(zhí)行命令的,
# 所以需要以www用戶的身份執(zhí)行部署任務(wù),不然創(chuàng)建的文件都是wahaha的了,還要在修改所有者等.
- ALL=(www)NOPASSWD:/usr/local/bin dep
# 設(shè)置root和mallto的密碼
chpasswd:
expire: false
list: |
root:[馬賽克]
mallto:[馬賽克]
package_upgrade: true
# 因?yàn)楹竺娌渴痦?xiàng)目需要從git庫(kù)拉取代碼,所以要配置www的ssh密鑰對(duì)和known_hosts,
# 在這里直接設(shè)置文件的`owner`屬性不行,因?yàn)槲募膶懭胂扔趙ww用戶的創(chuàng)建.所以后面的命令中還需要修改文件擁有者
write_files:
- content: |
[馬賽克]
path: /home/www/.ssh/known_hosts
permissions: '0644'
- content: |
ssh-rsa [馬賽克]
path: /home/www/.ssh/id_rsa.pub
permissions: '0600'
- content: |
-----BEGIN RSA PRIVATE KEY-----
[馬賽克]
-----END RSA PRIVATE KEY-----
path: /home/www/.ssh/id_rsa
permissions: '0600'
runcmd:
# 修改默認(rèn)的ssh端口
- sed -i -e '/^#Port/s/^.*$/Port 8888/' /etc/ssh/sshd_config
# 因?yàn)閯?chuàng)建阿里云ECS的時(shí)候,沒(méi)有設(shè)置密碼選擇的是秘鑰登錄,所以默認(rèn)是禁止了密碼登錄,配置中只禁止了root登錄
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
# 修改上面write_files創(chuàng)建文件的所有者
- chown -R www /home/www
- chgrp -R www /home/www
- systemctl reload sshd
# yum源配置,我使用cloud-init的yum_repos設(shè)置一直不行...
- yum install -y epel-release
- yum install -y https://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-15.ius.centos7.noarch.rpm
- yum install -y https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
- yum install -y http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
- yum update
# 安裝postgresql客戶端,因?yàn)槭褂玫氖前⒗镌频臄?shù)據(jù)庫(kù)服務(wù),所以不安裝數(shù)據(jù)庫(kù)服務(wù)
- yum install -y postgresql96
# 安裝nginx并配置運(yùn)行用戶
- yum install -y nginx
- sed -i -e '/^user nginx;/s/^.*$/user www www;/' /etc/nginx/nginx.conf
- systemctl start nginx
- systemctl enable nginx
# 安裝php-fpm及常用庫(kù)及配置運(yùn)行用戶
- yum install -y php71u-fpm
- systemctl start php-fpm
- systemctl enable php-fpm
- yum install -y php71u-gd php71u-mysqlnd php71u-pdo php71u-mcrypt php71u-mbstring php71u-json php71u-cli php71u-xml php71u-pgsql php71u-pecl-redis php71u-opcache
- sed -i -e '/^user = php-fpm/s/^.*$/user = www/' /etc/php-fpm.d/www.conf
- sed -i -e '/^group = php-fpm/s/^.*$/group = www/' /etc/php-fpm.d/www.conf
# 配置opcache的黑名單
- echo '/app/back_end/*/integration' >> /etc/php.d/opcache-default.blacklist
- echo '/app/back_end/*/test' >> /etc/php.d/opcache-default.blacklist
- systemctl reload php-fpm
# 安裝其他常用庫(kù),從OneinStack抄的
- yum install -y deltarpm gcc-c++ cmake autoconf libpng-devel freetype-devel libxml2 libxml2-devel zlib-devel glib2-devel bzip2 bzip2-devel ncurses-devel libaio numactl numactl-libs readline-devel libcurl-devel e2fsprogs-devel krb5-devel libidn-devel openssl-devel libxslt-devel libicu-devel libevent-devel libtool bison gd-devel pcre-devel zip unzip ntpdate sqlite-devel expect expat-devel rsync git lsof lrzsz mlocate
- updatedb
# 安裝部署工具
- curl -LO https://deployer.org/deployer.phar
- mv deployer.phar /usr/local/bin/dep
- chmod +x /usr/local/bin/dep
# 創(chuàng)建項(xiàng)目目錄
- mkdir -p /app/back_end
- chown -R www /app
- chgrp -R www /app
- chmod -R 775 /app
# 拉取web項(xiàng)目初始化部署需要的文件配置及命令
- cd /home/www
- su - www -c 'git clone git@code.aliyun.com:wahaha/project_init.git'
- chmod +x /home/www/project_init/project_install.sh
- chmod +x /home/www/project_init/nginx_config_install.sh
- chmod +x /home/www/project_init/composer.sh
# 這安裝composer的命令沒(méi)用,php composer-setup.php 這句執(zhí)行不了,不知道為什么....我先是放在runcmd中也不行
- /home/www/project_init/composer.sh
# web項(xiàng)目的nginx配置初始化
- /home/www/project_init/nginx_config_install.sh
# 項(xiàng)目初始化
- su - www -s /home/www/project_init/project_install.sh
項(xiàng)目初始化用的的幾個(gè)shell腳本如下:
composer.sh:
#!/bin/bash
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php
php -r "unlink('composer-setup.php');"
mv composer.phar /usr/local/bin/composer
/usr/local/bin/composer config -g repo.packagist composer https://packagist.phpcomposer.com
php composer-setup.php執(zhí)行失敗...原因還不知道
nginx_config_install.sh:
#!/bin/bash
cp -r /home/www/project_init/nginx.conf/* /etc/nginx/conf.d/
systemctl reload nginx
project_install.sh:
我這里三個(gè)環(huán)境的名字是:production/staging/test,各個(gè)文件的目錄也是這樣
#!/bin/bash
# Author: never615 <never615 AT gmail.com>
# BLOG: http://never615.com
#
. /home/www/project_init/option.sh
# 克隆項(xiàng)目,部署項(xiàng)目的各個(gè)環(huán)境
cd /home/www
mkdir projects
cd projects
for repository in ${repositorys[@]}
do
echo ${repository}
git clone ${repository}
done
for path in `ls`
do
echo $path
tempPath="/home/www/projects/${path}"
cd "${tempPath}/deploy"
for deploy in `ls`
do
if [$deploy == "production"]
then
git checkout master
else
git checkout develop
fi
cd "${tempPath}/deploy/${deploy}"
/usr/local/bin/dep -vvv deploy ${deploy}
done
done
初次部署項(xiàng)目使用的是工具deploy,在我們其他項(xiàng)目中也有介紹,如:
使用deployer部署工具配合阿里云RDC完成部署
deployer文檔
