├── README.md ├── salt_configuration ├── README.md ├── _grains │ └── squid.py ├── ais_app_webserver.sls ├── clear.sls ├── cron.sls ├── files │ ├── ais_app_webserver │ │ └── conf.d │ │ │ └── monitor.conf │ ├── city_webserver │ │ ├── nginx.conf │ │ └── php.ini │ ├── files │ │ ├── test1 │ │ ├── test2 │ │ └── test3 │ ├── my_webserver │ │ └── conf.d │ │ │ ├── monitor.conf │ │ │ └── test.conf │ ├── nginx │ │ ├── fastcgi.conf │ │ ├── nginx.conf │ │ └── nginx.ini │ ├── php │ │ ├── pear.conf │ │ ├── php-fpm.conf │ │ └── php.ini │ ├── python │ │ ├── init-python.sh │ │ ├── pip-2.7 │ │ ├── setuptools-1.4.2.tar.gz │ │ └── virtualenv-2.7 │ ├── salt-minion │ │ └── minion │ ├── squid │ │ ├── rm_cache_swap_log.sh │ │ ├── root │ │ ├── squid │ │ ├── squid.conf │ │ └── squid_log │ ├── system │ │ ├── limits.conf │ │ ├── motd.sh │ │ ├── resolv.conf │ │ ├── sshd_config │ │ ├── sudoers │ │ ├── sysctl.conf │ │ ├── syslog.conf │ │ └── vimrc │ └── zabbix │ │ ├── nginx_status.conf │ │ ├── nginx_status.sh │ │ ├── php-fpm_status.conf │ │ ├── php-fpm_status.sh │ │ ├── squid_status.conf │ │ ├── squid_status.sh │ │ └── zabbix_agentd.conf ├── inc │ ├── resolv.sls │ ├── vim.sls │ └── yum.sls ├── install.sls ├── mendian.sls ├── my_webserver.sls ├── nginx.sls ├── person.sls ├── php.sls ├── pillar │ ├── pillar.sls │ ├── schedule.sls │ └── top.sls ├── python.sls ├── salt-minion.sls ├── squid.sls ├── system.sls ├── test.sls ├── top.sls ├── user.sls ├── virtualenv.sls └── zabbix.sls ├── saltmaster配置文件选项说明.md ├── saltstack的安装与简单配置.md ├── salt匹配minion以及自定义用户组nodegroup.md ├── salt的grains使用以及cmd.run.md ├── salt的pillar定义以及使用.md ├── salt的state.sls的使用.md ├── test ├── 基于saltstack的grains和pillar自动化配置squid.md └── 基于saltstack的webui的搭建使用halite.md /README.md: -------------------------------------------------------------------------------- 1 | salt 2 | ==== 3 | 4 | 这里主要整理saltstack运维自动化 5 | 6 | 记录下来saltstack研究中遇到的事情,方便以后查阅,也可以帮助又需要的人 7 | 8 | 9 | 10 | == 11 | 12 | Here the main cleaning saltstack operations automation。 13 | 14 | Recorded saltstack encountered in the study for myself, and can also help people in need 15 | -------------------------------------------------------------------------------- /salt_configuration/README.md: -------------------------------------------------------------------------------- 1 | # 2 | 新加模块测试不要用'*'去匹配全局,现在已经应用线上环境了 3 | 4 | 测试请用salt -L 'hostname' state.sls 模块 5 | -------------------------------------------------------------------------------- /salt_configuration/_grains/squid.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | 3 | ''' 4 | Module for squid disk information by python2.7.3 5 | ''' 6 | 7 | 8 | import commands 9 | import os 10 | 11 | def cache(): 12 | ''' 13 | Return the cache usage information for volumes mounted on this minion 14 | ''' 15 | grains={} 16 | m = commands.getoutput("free -g|awk '$0~/Mem/ {print$2+1}'") 17 | grains['cache_mem_size']=int(int(m)*(0.45)) 18 | 19 | file = commands.getoutput("df -Th |awk '{print$7}'") 20 | cache = 'cache' 21 | 22 | if cache in file: 23 | 24 | a = commands.getoutput("df -Th |grep cache |awk 'NR==1 {print$3}' |sed 's/G//g'") 25 | b = int(int(a)*(0.9)) 26 | if b >= 65: 27 | grains['cache_disk_size'] = 65*1024 28 | else: 29 | grains['cache_disk_size'] = int(b*1024) 30 | else: 31 | grains['cache_disk_size'] = 'The cache of partition does not exist' 32 | 33 | return grains 34 | -------------------------------------------------------------------------------- /salt_configuration/ais_app_webserver.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - nginx 3 | - php 4 | 5 | {{ pillar['ngx_conf_dir'] }}/conf.d: 6 | file.recurse: 7 | - source: salt://files/ais_app_webserver/conf.d 8 | - require: 9 | - pkg: nginx 10 | - watch_in: 11 | - service: nginx 12 | -------------------------------------------------------------------------------- /salt_configuration/clear.sls: -------------------------------------------------------------------------------- 1 | puppet: 2 | pkg: 3 | - purged 4 | 5 | mcollective-common: 6 | pkg: 7 | - purged 8 | -------------------------------------------------------------------------------- /salt_configuration/cron.sls: -------------------------------------------------------------------------------- 1 | date > /tmp/crontest: 2 | cron.present: 3 | - user: root 4 | - minute: '*/1' 5 | -------------------------------------------------------------------------------- /salt_configuration/files/ais_app_webserver/conf.d/monitor.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 40080; 3 | server_name _; 4 | allow 127.0.0.1; 5 | deny all; 6 | access_log off; 7 | 8 | location /php-fpm_status { 9 | fastcgi_pass unix:/dev/shm/php-fpm.sock; 10 | include fastcgi_params; 11 | fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; 12 | } 13 | 14 | location /nginx_status { 15 | stub_status on; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /salt_configuration/files/city_webserver/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | {% if grains['num_cpus'] < 8 %} 3 | worker_processes {{ grains['num_cpus'] }}; 4 | {% else %} 5 | worker_processes 8; 6 | {% endif %} 7 | worker_rlimit_nofile 65535; 8 | 9 | error_log /var/log/nginx/error.log notice; 10 | pid /var/run/nginx.pid; 11 | 12 | events { 13 | use epoll; 14 | worker_connections 65535; 15 | } 16 | 17 | 18 | http { 19 | include /etc/nginx/mime.types; 20 | default_type appliacation/octet-stream; 21 | 22 | log_format main '$request_time $upstream_response_time $remote_addr - $upstream_addr [$time_local] ' 23 | '$host "$request" $status $bytes_sent ' 24 | '"$http_referer" "$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for" - "$server_addr"'; 25 | 26 | access_log /data1/logs/nginx/access.log main; 27 | 28 | server_names_hash_bucket_size 128; 29 | 30 | proxy_redirect off; 31 | proxy_set_header Host $host; 32 | proxy_set_header X-Real-IP $remote_addr; 33 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 34 | client_body_buffer_size 1024k; 35 | client_max_body_size 2m; 36 | proxy_connect_timeout 90; 37 | proxy_send_timeout 90; 38 | proxy_read_timeout 90; 39 | proxy_buffer_size 4k; 40 | proxy_buffers 4 32k; 41 | proxy_busy_buffers_size 64k; 42 | proxy_temp_file_write_size 100k; 43 | 44 | sendfile on; 45 | tcp_nopush on; 46 | tcp_nodelay on; 47 | server_tokens off; 48 | send_timeout 10; 49 | client_header_timeout 10; 50 | client_body_timeout 10; 51 | 52 | keepalive_timeout 65; 53 | 54 | fastcgi_connect_timeout 300; 55 | fastcgi_send_timeout 300; 56 | fastcgi_read_timeout 300; 57 | fastcgi_buffer_size 64k; 58 | fastcgi_buffers 8 64k; 59 | fastcgi_busy_buffers_size 128k; 60 | fastcgi_temp_file_write_size 128k; 61 | fastcgi_intercept_errors on; 62 | 63 | include conf.d/*.conf; 64 | } 65 | -------------------------------------------------------------------------------- /salt_configuration/files/city_webserver/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | engine = On 3 | short_open_tag = On 4 | asp_tags = Off 5 | precision = 14 6 | y2k_compliance = On 7 | output_buffering = 4096 8 | zlib.output_compression = Off 9 | implicit_flush = Off 10 | unserialize_callback_func = 11 | serialize_precision = 17 12 | allow_call_time_pass_reference = Off 13 | safe_mode = Off 14 | safe_mode_gid = Off 15 | safe_mode_include_dir = 16 | safe_mode_exec_dir = 17 | safe_mode_allowed_env_vars = PHP_ 18 | safe_mode_protected_env_vars = LD_LIBRARY_PATH 19 | disable_functions = 20 | disable_classes = 21 | zend.enable_gc = On 22 | expose_php = Off 23 | max_execution_time = 30 24 | max_input_time = 60 25 | memory_limit = 128M 26 | error_reporting = E_ALL & ~E_NOTICE 27 | display_errors = Off 28 | display_startup_errors = Off 29 | log_errors = On 30 | log_errors_max_len = 1024 31 | ignore_repeated_errors = Off 32 | ignore_repeated_source = Off 33 | report_memleaks = On 34 | track_errors = Off 35 | html_errors = Off 36 | variables_order = "GPCS" 37 | request_order = "GP" 38 | register_globals = Off 39 | register_long_arrays = Off 40 | register_argc_argv = Off 41 | auto_globals_jit = On 42 | post_max_size = 8M 43 | magic_quotes_gpc = Off 44 | magic_quotes_runtime = Off 45 | magic_quotes_sybase = Off 46 | auto_prepend_file = 47 | auto_append_file = 48 | default_mimetype = "text/html" 49 | doc_root = 50 | user_dir = 51 | enable_dl = Off 52 | file_uploads = On 53 | upload_max_filesize = 2M 54 | max_file_uploads = 20 55 | allow_url_fopen = On 56 | allow_url_include = Off 57 | default_socket_timeout = 60 58 | [Date] 59 | date.timezone = Asia/Shanghai 60 | [filter] 61 | [iconv] 62 | [intl] 63 | [sqlite] 64 | [sqlite3] 65 | [Pcre] 66 | [Pdo] 67 | [Pdo_mysql] 68 | pdo_mysql.cache_size = 2000 69 | pdo_mysql.default_socket= 70 | [Phar] 71 | [Syslog] 72 | define_syslog_variables = Off 73 | [mail function] 74 | SMTP = localhost 75 | smtp_port = 25 76 | mail.add_x_header = On 77 | [SQL] 78 | sql.safe_mode = Off 79 | [ODBC] 80 | odbc.allow_persistent = On 81 | odbc.check_persistent = On 82 | odbc.max_persistent = -1 83 | odbc.max_links = -1 84 | odbc.defaultlrl = 4096 85 | odbc.defaultbinmode = 1 86 | [Interbase] 87 | ibase.allow_persistent = 1 88 | ibase.max_persistent = -1 89 | ibase.max_links = -1 90 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 91 | ibase.dateformat = "%Y-%m-%d" 92 | ibase.timeformat = "%H:%M:%S" 93 | [MySQL] 94 | mysql.allow_local_infile = On 95 | mysql.allow_persistent = On 96 | mysql.cache_size = 2000 97 | mysql.max_persistent = -1 98 | mysql.max_links = -1 99 | mysql.default_port = 100 | mysql.default_socket = 101 | mysql.default_host = 102 | mysql.default_user = 103 | mysql.default_password = 104 | mysql.connect_timeout = 60 105 | mysql.trace_mode = Off 106 | [MySQLi] 107 | mysqli.max_persistent = -1 108 | mysqli.allow_persistent = On 109 | mysqli.max_links = -1 110 | mysqli.cache_size = 2000 111 | mysqli.default_port = 3306 112 | mysqli.default_socket = 113 | mysqli.default_host = 114 | mysqli.default_user = 115 | mysqli.default_pw = 116 | mysqli.reconnect = Off 117 | [mysqlnd] 118 | mysqlnd.collect_statistics = On 119 | mysqlnd.collect_memory_statistics = Off 120 | [OCI8] 121 | [PostgreSQL] 122 | pgsql.allow_persistent = On 123 | pgsql.auto_reset_persistent = Off 124 | pgsql.max_persistent = -1 125 | pgsql.max_links = -1 126 | pgsql.ignore_notice = 0 127 | pgsql.log_notice = 0 128 | [Sybase-CT] 129 | sybct.allow_persistent = On 130 | sybct.max_persistent = -1 131 | sybct.max_links = -1 132 | sybct.min_server_severity = 10 133 | sybct.min_client_severity = 10 134 | [bcmath] 135 | bcmath.scale = 0 136 | [browscap] 137 | [Session] 138 | session.save_handler = files 139 | session.use_cookies = 1 140 | session.use_only_cookies = 1 141 | session.name = PHPSESSID 142 | session.auto_start = 0 143 | session.cookie_lifetime = 0 144 | session.cookie_path = / 145 | session.cookie_domain = 146 | session.cookie_httponly = 147 | session.serialize_handler = php 148 | session.gc_probability = 1 149 | session.gc_divisor = 1000 150 | session.gc_maxlifetime = 1440 151 | session.bug_compat_42 = Off 152 | session.bug_compat_warn = Off 153 | session.referer_check = 154 | session.entropy_length = 0 155 | session.cache_limiter = nocache 156 | session.cache_expire = 180 157 | session.use_trans_sid = 0 158 | session.hash_function = 0 159 | session.hash_bits_per_character = 5 160 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 161 | [MSSQL] 162 | mssql.allow_persistent = On 163 | mssql.max_persistent = -1 164 | mssql.max_links = -1 165 | mssql.min_error_severity = 10 166 | mssql.min_message_severity = 10 167 | mssql.compatability_mode = Off 168 | mssql.secure_connection = Off 169 | [Assertion] 170 | [COM] 171 | [mbstring] 172 | [exif] 173 | [Tidy] 174 | tidy.clean_output = Off 175 | [soap] 176 | soap.wsdl_cache_enabled=1 177 | soap.wsdl_cache_dir="/tmp" 178 | soap.wsdl_cache_ttl=86400 179 | soap.wsdl_cache_limit = 5 180 | [sysvshm] 181 | [ldap] 182 | ldap.max_links = -1 183 | [mcrypt] 184 | [dba] 185 | [xsl] 186 | [apc] 187 | extension = apc.so 188 | apc.enabled=1 189 | apc.optimization=1 190 | apc.shm_size=512M 191 | apc.ttl=60 192 | apc.user_ttl=60 193 | apc.num_files_hint=1024 194 | apc.mmap_file_mask=/dev/zero 195 | apc.enable_cli=1 196 | apc.cache_by_default=1 197 | [redis] 198 | extension = redis.so 199 | [zeromq] 200 | extension = zmq.so 201 | [msgpack] 202 | extension = msgpack.so 203 | [dbase] 204 | extension=dbase.so 205 | [mcrtpt] 206 | extension=mcrypt.so 207 | [memcache] 208 | extension=memcache.so 209 | memcache.hash_strategy = "consistent" 210 | memcache.hash_function = "crc32" 211 | [mmseg] 212 | extension=mmseg.so 213 | mmseg.area_dic="/home/www/v2/dict/areas_ext.dic" 214 | mmseg.area_level=2000 215 | mmseg.comm_dic="/home/www/v2/dict/communities_ext.dic" 216 | mmseg.comm_level=3000 217 | 218 | -------------------------------------------------------------------------------- /salt_configuration/files/files/test1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kerncai/saltstack/841807b6979b6f59cda26ce89b72f0ffbd9bd5fd/salt_configuration/files/files/test1 -------------------------------------------------------------------------------- /salt_configuration/files/files/test2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kerncai/saltstack/841807b6979b6f59cda26ce89b72f0ffbd9bd5fd/salt_configuration/files/files/test2 -------------------------------------------------------------------------------- /salt_configuration/files/files/test3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kerncai/saltstack/841807b6979b6f59cda26ce89b72f0ffbd9bd5fd/salt_configuration/files/files/test3 -------------------------------------------------------------------------------- /salt_configuration/files/my_webserver/conf.d/monitor.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name _; 4 | 5 | location /nginx_status { 6 | stub_status on; 7 | access_log off; 8 | allow 10.0.0.0/8; 9 | allow 192.168.1.0/24; 10 | deny all; 11 | } 12 | } 13 | 14 | -------------------------------------------------------------------------------- /salt_configuration/files/my_webserver/conf.d/test.conf: -------------------------------------------------------------------------------- 1 | server { 2 | 3 | location = /tem/index.php { 4 | include /home/www/conf/fastcgi_params; 5 | internal; 6 | fastcgi_pass unix:/dev/shm/php-fpm.sock; 7 | fastcgi_index index.php; 8 | fastcgi_param SCRIPT_FILENAME /home/www/indexes/tem/index.php; 9 | fastcgi_temp_path /home/www/tmp/tem/temp; 10 | } 11 | location /tem { 12 | rewrite . /duankou/index.php last; 13 | } 14 | 15 | 16 | -------------------------------------------------------------------------------- /salt_configuration/files/nginx/fastcgi.conf: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | 14 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 15 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 16 | 17 | fastcgi_param REMOTE_ADDR $remote_addr; 18 | fastcgi_param REMOTE_PORT $remote_port; 19 | fastcgi_param SERVER_ADDR $server_addr; 20 | fastcgi_param SERVER_PORT $server_port; 21 | fastcgi_param SERVER_NAME $server_name; 22 | 23 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 24 | fastcgi_param REDIRECT_STATUS 200; 25 | -------------------------------------------------------------------------------- /salt_configuration/files/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user nginx; 2 | {% if grains['num_cpus'] < 8 %} 3 | worker_processes {{ grains['num_cpus'] }}; 4 | {% else %} 5 | worker_processes 8; 6 | {% endif %} 7 | worker_rlimit_nofile 65535; 8 | 9 | error_log /var/log/nginx/error.log notice; 10 | pid /var/run/nginx.pid; 11 | 12 | events { 13 | use epoll; 14 | worker_connections 65535; 15 | } 16 | 17 | 18 | http { 19 | include /etc/nginx/mime.types; 20 | default_type appliacation/octet-stream; 21 | 22 | log_format main '$request_time $upstream_response_time $remote_addr - $upstream_addr [$time_local] ' 23 | '$host "$request" $status $bytes_sent ' 24 | '"$http_referer" "$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for" - "$server_addr"'; 25 | 26 | access_log /data1/logs/nginx/access.log main; 27 | 28 | server_names_hash_bucket_size 128; 29 | 30 | proxy_redirect off; 31 | proxy_set_header Host $host; 32 | proxy_set_header X-Real-IP $remote_addr; 33 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 34 | client_body_buffer_size 1024k; 35 | client_max_body_size 2m; 36 | proxy_connect_timeout 90; 37 | proxy_send_timeout 90; 38 | proxy_read_timeout 90; 39 | proxy_buffer_size 4k; 40 | proxy_buffers 4 32k; 41 | proxy_busy_buffers_size 64k; 42 | proxy_temp_file_write_size 100k; 43 | 44 | sendfile on; 45 | tcp_nopush on; 46 | tcp_nodelay on; 47 | server_tokens off; 48 | send_timeout 10; 49 | client_header_timeout 10; 50 | client_body_timeout 10; 51 | 52 | keepalive_timeout 65; 53 | 54 | fastcgi_connect_timeout 300; 55 | fastcgi_send_timeout 300; 56 | fastcgi_read_timeout 300; 57 | fastcgi_buffer_size 64k; 58 | fastcgi_buffers 8 64k; 59 | fastcgi_busy_buffers_size 128k; 60 | fastcgi_temp_file_write_size 128k; 61 | fastcgi_intercept_errors on; 62 | 63 | include conf.d/*.conf; 64 | } 65 | -------------------------------------------------------------------------------- /salt_configuration/files/nginx/nginx.ini: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # nginx Startup script for nginx 4 | # 5 | # chkconfig: - 85 15 6 | # processname: nginx 7 | # config: /etc/nginx/nginx.conf 8 | # config: /etc/sysconfig/nginx 9 | # pidfile: /var/run/nginx.pid 10 | # description: nginx is a HTTP and reverse proxy server 11 | # 12 | ### BEGIN INIT INFO 13 | # Provides: nginx 14 | # Required-Start: $local_fs $remote_fs $network 15 | # Required-Stop: $local_fs $remote_fs $network 16 | # Default-Start: 2 3 4 5 17 | # Default-Stop: 0 1 6 18 | # Short-Description: start and stop nginx 19 | ### END INIT INFO 20 | 21 | # Source function library. 22 | . /etc/rc.d/init.d/functions 23 | 24 | CONFFILE="/etc/nginx/nginx.conf" 25 | 26 | if [ -f /etc/sysconfig/nginx ]; then 27 | . /etc/sysconfig/nginx 28 | fi 29 | 30 | prog=nginx 31 | nginx=${NGINX-/usr/sbin/nginx} 32 | conffile=${CONFFILE-/etc/nginx/nginx.conf} 33 | lockfile=${LOCKFILE-/var/lock/subsys/nginx} 34 | pidfile=${PIDFILE-/var/run/nginx.pid} 35 | SLEEPMSEC=100000 36 | RETVAL=0 37 | 38 | start() { 39 | echo -n $"Starting $prog: " 40 | 41 | daemon --pidfile=${pidfile} ${nginx} -c ${conffile} 42 | RETVAL=$? 43 | echo 44 | [ $RETVAL = 0 ] && touch ${lockfile} 45 | return $RETVAL 46 | } 47 | 48 | stop() { 49 | echo -n $"Stopping $prog: " 50 | killproc -p ${pidfile} ${prog} 51 | RETVAL=$? 52 | echo 53 | [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile} 54 | } 55 | 56 | reload() { 57 | configtest || return $? 58 | echo -n $"Reloading $prog: " 59 | killproc -p ${pidfile} ${prog} -HUP 60 | RETVAL=$? 61 | echo 62 | } 63 | 64 | upgrade() { 65 | oldbinpidfile=${pidfile}.oldbin 66 | 67 | configtest -q || return 6 68 | echo -n $"Staring new master $prog: " 69 | killproc -p ${pidfile} ${prog} -USR2 70 | RETVAL=$? 71 | echo 72 | /bin/usleep $SLEEPMSEC 73 | if [ -f ${oldbinpidfile} -a -f ${pidfile} ]; then 74 | echo -n $"Graceful shutdown of old $prog: " 75 | killproc -p ${oldbinpidfile} ${prog} -QUIT 76 | RETVAL=$? 77 | echo 78 | else 79 | echo $"Upgrade failed!" 80 | return 1 81 | fi 82 | } 83 | 84 | configtest() { 85 | if [ "$#" -ne 0 ] ; then 86 | case "$1" in 87 | -q) 88 | FLAG=$1 89 | ;; 90 | *) 91 | ;; 92 | esac 93 | shift 94 | fi 95 | ${nginx} -t -c ${conffile} $FLAG 96 | RETVAL=$? 97 | return $RETVAL 98 | } 99 | 100 | rh_status() { 101 | status -p ${pidfile} ${nginx} 102 | } 103 | 104 | # See how we were called. 105 | case "$1" in 106 | start) 107 | rh_status >/dev/null 2>&1 && exit 0 108 | start 109 | ;; 110 | stop) 111 | stop 112 | ;; 113 | status) 114 | rh_status 115 | RETVAL=$? 116 | ;; 117 | restart) 118 | configtest -q || exit $RETVAL 119 | stop 120 | start 121 | ;; 122 | upgrade) 123 | upgrade 124 | ;; 125 | condrestart|try-restart) 126 | if rh_status >/dev/null 2>&1; then 127 | stop 128 | start 129 | fi 130 | ;; 131 | force-reload|reload) 132 | reload 133 | ;; 134 | configtest) 135 | configtest 136 | ;; 137 | *) 138 | echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|upgrade|reload|status|help|configtest}" 139 | RETVAL=2 140 | esac 141 | 142 | exit $RETVAL 143 | -------------------------------------------------------------------------------- /salt_configuration/files/php/pear.conf: -------------------------------------------------------------------------------- 1 | #PEAR_Config 0.9 2 | a:31:{s:9:"cache_dir";s:15:"/tmp/pear/cache";s:15:"default_channel";s:12:"pear.php.net";s:16:"preferred_mirror";s:12:"pear.php.net";s:13:"remote_config";s:0:"";s:13:"auto_discover";i:0;s:13:"master_server";s:12:"pear.php.net";s:10:"http_proxy";s:0:"";s:7:"php_dir";s:26:"/opt/local/php-fpm/lib/php";s:7:"ext_dir";s:63:"/opt/local/php-fpm/lib/php/extensions/no-debug-non-zts-20090626";s:7:"doc_dir";s:30:"/opt/local/php-fpm/lib/php/doc";s:7:"bin_dir";s:22:"/opt/local/php-fpm/bin";s:8:"data_dir";s:31:"/opt/local/php-fpm/lib/php/data";s:7:"cfg_dir";s:30:"/opt/local/php-fpm/lib/php/cfg";s:7:"www_dir";s:33:"/opt/local/php-fpm/lib/php/htdocs";s:8:"test_dir";s:31:"/opt/local/php-fpm/lib/php/test";s:8:"temp_dir";s:14:"/tmp/pear/temp";s:12:"download_dir";s:18:"/tmp/pear/download";s:7:"php_bin";s:26:"/opt/local/php-fpm/bin/php";s:10:"php_prefix";s:0:"";s:10:"php_suffix";s:0:"";s:7:"php_ini";s:0:"";s:8:"username";s:0:"";s:8:"password";s:0:"";s:7:"verbose";i:1;s:15:"preferred_state";s:6:"stable";s:5:"umask";i:18;s:9:"cache_ttl";i:3600;s:8:"sig_type";s:3:"gpg";s:7:"sig_bin";s:12:"/usr/bin/gpg";s:9:"sig_keyid";s:0:"";s:10:"sig_keydir";s:31:"/opt/local/php-fpm/etc/pearkeys";} -------------------------------------------------------------------------------- /salt_configuration/files/php/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix. 7 | 8 | ; Include one or more files. If glob(3) exists, it is used to include a bunch of 9 | ; files from a glob(3) pattern. This directive can be used everywhere in the 10 | ; file. 11 | ;include=/opt/local/phpfpm/etc/phpfpm.d/*.conf 12 | 13 | ;;;;;;;;;;;;;;;;;; 14 | ; Global Options ; 15 | ;;;;;;;;;;;;;;;;;; 16 | 17 | [global] 18 | ; Pid file 19 | ; Default Value: none 20 | pid = /var/run/php-fpm/php-fpm.pid 21 | 22 | ; Error log file 23 | ; Default Value: /var/log/php-fpm.log 24 | error_log = /var/log/php-fpm/error.log 25 | 26 | ; Log level 27 | ; Possible Values: alert, error, warning, notice, debug 28 | ; Default Value: notice 29 | ;log_level = notice 30 | 31 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 32 | ; interval set by emergency_restart_interval then FPM will restart. A value 33 | ; of '0' means 'Off'. 34 | ; Default Value: 0 35 | ;emergency_restart_threshold = 0 36 | 37 | ; Interval of time used by emergency_restart_interval to determine when 38 | ; a graceful restart will be initiated. This can be useful to work around 39 | ; accidental corruptions in an accelerator's shared memory. 40 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 41 | ; Default Unit: seconds 42 | ; Default Value: 0 43 | ;emergency_restart_interval = 0 44 | 45 | ; Time limit for child processes to wait for a reaction on signals from master. 46 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 47 | ; Default Unit: seconds 48 | ; Default Value: 0 49 | ;process_control_timeout = 0 50 | 51 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 52 | ; Default Value: yes 53 | ;daemonize = yes 54 | 55 | ;;;;;;;;;;;;;;;;;;;; 56 | ; Pool Definitions ; 57 | ;;;;;;;;;;;;;;;;;;;; 58 | 59 | 60 | ; Start a new pool named 'www'. 61 | [www] 62 | 63 | ; The address on which to accept FastCGI requests. 64 | ; Valid syntaxes are: 65 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on 66 | ; a specific port; 67 | ; 'port' - to listen on a TCP socket to all addresses on a 68 | ; specific port; 69 | ; '/path/to/unix/socket' - to listen on a unix socket. 70 | ; Note: This value is mandatory. 71 | listen = /dev/shm/php-fpm.sock 72 | 73 | ; Set listen(2) backlog. A value of '-1' means unlimited. 74 | ; Default Value: -1 75 | listen.backlog = 8192 76 | 77 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect. 78 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original 79 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address 80 | ; must be separated by a comma. If this value is left blank, connections will be 81 | ; accepted from any ip address. 82 | ; Default Value: any 83 | listen.allowed_clients = 127.0.0.1 84 | 85 | ; Set permissions for unix socket, if one is used. In Linux, read/write 86 | ; permissions must be set in order to allow connections from a web server. Many 87 | ; BSD-derived systems allow connections regardless of permissions. 88 | ; Default Values: user and group are set as the running user 89 | ; mode is set to 0666 90 | ;listen.owner = nobody 91 | ;listen.group = nobody 92 | ;listen.mode = 0666 93 | 94 | ; Unix user/group of processes 95 | ; Note: The user is mandatory. If the group is not set, the default user's group 96 | ; will be used. 97 | ; RPM: apache Choosed to be able to access some dir as httpd 98 | user = php-fpm 99 | ; RPM: Keep a group allowed to write in log dir. 100 | group = php-fpm 101 | 102 | ; Choose how the process manager will control the number of child processes. 103 | ; Possible Values: 104 | ; static - a fixed number (pm.max_children) of child processes; 105 | ; dynamic - the number of child processes are set dynamically based on the 106 | ; following directives: 107 | ; pm.max_children - the maximum number of children that can 108 | ; be alive at the same time. 109 | ; pm.start_servers - the number of children created on startup. 110 | ; pm.min_spare_servers - the minimum number of children in 'idle' 111 | ; state (waiting to process). If the number 112 | ; of 'idle' processes is less than this 113 | ; number then some children will be created. 114 | ; pm.max_spare_servers - the maximum number of children in 'idle' 115 | ; state (waiting to process). If the number 116 | ; of 'idle' processes is greater than this 117 | ; number then some children will be killed. 118 | ; Note: This value is mandatory. 119 | pm = static 120 | 121 | ; The number of child processes to be created when pm is set to 'static' and the 122 | ; maximum number of child processes to be created when pm is set to 'dynamic'. 123 | ; This value sets the limit on the number of simultaneous requests that will be 124 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 125 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 126 | ; CGI. 127 | ; Note: Used when pm is set to either 'static' or 'dynamic' 128 | ; Note: This value is mandatory. 129 | pm.max_children = 100 130 | 131 | ; The number of child processes created on startup. 132 | ; Note: Used only when pm is set to 'dynamic' 133 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 134 | ;pm.start_servers = 20 135 | 136 | ; The desired minimum number of idle server processes. 137 | ; Note: Used only when pm is set to 'dynamic' 138 | ; Note: Mandatory when pm is set to 'dynamic' 139 | ;pm.min_spare_servers = 28 140 | 141 | ; The desired maximum number of idle server processes. 142 | ; Note: Used only when pm is set to 'dynamic' 143 | ; Note: Mandatory when pm is set to 'dynamic' 144 | ;pm.max_spare_servers = 68 145 | 146 | ; The number of requests each child process should execute before respawning. 147 | ; This can be useful to work around memory leaks in 3rd party libraries. For 148 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 149 | ; Default Value: 0 150 | pm.max_requests = 10240 151 | 152 | ; The URI to view the FPM status page. If this value is not set, no URI will be 153 | ; recognized as a status page. By default, the status page shows the following 154 | ; information: 155 | ; accepted conn - the number of request accepted by the pool; 156 | ; pool - the name of the pool; 157 | ; process manager - static or dynamic; 158 | ; idle processes - the number of idle processes; 159 | ; active processes - the number of active processes; 160 | ; total processes - the number of idle + active processes. 161 | ; The values of 'idle processes', 'active processes' and 'total processes' are 162 | ; updated each second. The value of 'accepted conn' is updated in real time. 163 | ; Example output: 164 | ; accepted conn: 12073 165 | ; pool: www 166 | ; process manager: static 167 | ; idle processes: 35 168 | ; active processes: 65 169 | ; total processes: 100 170 | ; By default the status page output is formatted as text/plain. Passing either 171 | ; 'html' or 'json' as a query string will return the corresponding output 172 | ; syntax. Example: 173 | ; http://www.foo.bar/status 174 | ; http://www.foo.bar/status?json 175 | ; http://www.foo.bar/status?html 176 | ; Note: The value must start with a leading slash (/). The value can be 177 | ; anything, but it may not be a good idea to use the .php extension or it 178 | ; may conflict with a real PHP file. 179 | ; Default Value: not set 180 | pm.status_path = /php-fpm_status 181 | 182 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 183 | ; URI will be recognized as a ping page. This could be used to test from outside 184 | ; that FPM is alive and responding, or to 185 | ; - create a graph of FPM availability (rrd or such); 186 | ; - remove a server from a group if it is not responding (load balancing); 187 | ; - trigger alerts for the operating team (24/7). 188 | ; Note: The value must start with a leading slash (/). The value can be 189 | ; anything, but it may not be a good idea to use the .php extension or it 190 | ; may conflict with a real PHP file. 191 | ; Default Value: not set 192 | ;ping.path = /ping 193 | 194 | ; This directive may be used to customize the response of a ping request. The 195 | ; response is formatted as text/plain with a 200 response code. 196 | ; Default Value: pong 197 | ;ping.response = pong 198 | 199 | ; The timeout for serving a single request after which the worker process will 200 | ; be killed. This option should be used when the 'max_execution_time' ini option 201 | ; does not stop script execution for some reason. A value of '0' means 'off'. 202 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 203 | ; Default Value: 0 204 | ;request_terminate_timeout = 0 205 | 206 | ; The timeout for serving a single request after which a PHP backtrace will be 207 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 208 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 209 | ; Default Value: 0 210 | request_slowlog_timeout = 2s 211 | 212 | ; The log file for slow requests 213 | ; Default Value: not set 214 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 215 | slowlog = /var/log/php-fpm/www-slow.log 216 | 217 | ; Set open file descriptor rlimit. 218 | ; Default Value: system defined value 219 | ;rlimit_files = 1024 220 | 221 | ; Set max core size rlimit. 222 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 223 | ; Default Value: system defined value 224 | ;rlimit_core = 0 225 | 226 | ; Chroot to this directory at the start. This value must be defined as an 227 | ; absolute path. When this value is not set, chroot is not used. 228 | ; Note: chrooting is a great security feature and should be used whenever 229 | ; possible. However, all PHP paths will be relative to the chroot 230 | ; (error_log, sessions.save_path, ...). 231 | ; Default Value: not set 232 | ;chroot = 233 | 234 | ; Chdir to this directory at the start. This value must be an absolute path. 235 | ; Default Value: current directory or / when chroot 236 | ;chdir = /var/www 237 | 238 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 239 | ; stderr will be redirected to /dev/null according to FastCGI specs. 240 | ; Default Value: no 241 | ;catch_workers_output = yes 242 | 243 | ; Limits the extensions of the main script FPM will allow to parse. This can 244 | ; prevent configuration mistakes on the web server side. You should only limit 245 | ; FPM to .php extensions to prevent malicious users to use other extensions to 246 | ; exectute php code. 247 | ; Note: set an empty value to allow all extensions. 248 | ; Default Value: .php 249 | ;security.limit_extensions = .php .php3 .php4 .php5 250 | 251 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 252 | ; the current environment. 253 | ; Default Value: clean env 254 | ;env[HOSTNAME] = $HOSTNAME 255 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 256 | ;env[TMP] = /tmp 257 | ;env[TMPDIR] = /tmp 258 | ;env[TEMP] = /tmp 259 | 260 | ; Additional php.ini defines, specific to this pool of workers. These settings 261 | ; overwrite the values previously defined in the php.ini. The directives are the 262 | ; same as the PHP SAPI: 263 | ; php_value/php_flag - you can set classic ini defines which can 264 | ; be overwritten from PHP call 'ini_set'. 265 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 266 | ; PHP call 'ini_set' 267 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 268 | 269 | ; Defining 'extension' will load the corresponding shared extension from 270 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 271 | ; overwrite previously defined php.ini values, but will append the new value 272 | ; instead. 273 | 274 | ; Default Value: nothing is defined by default except the values in php.ini and 275 | ; specified at startup with the -d argument 276 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 277 | ;php_flag[display_errors] = off 278 | php_admin_value[error_log] = /var/log/php-fpm/www-error.log 279 | php_admin_flag[log_errors] = on 280 | php_admin_value[memory_limit] = 128M 281 | -------------------------------------------------------------------------------- /salt_configuration/files/php/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;; 4 | ; About php.ini ; 5 | ;;;;;;;;;;;;;;;;;;; 6 | ; PHP's initialization file, generally called php.ini, is responsible for 7 | ; configuring many of the aspects of PHP's behavior. 8 | ;/opt/local/php-fpm/lib/php/extensions/no-debug-non-zts-20090626/ 9 | ; PHP attempts to find and load this configuration from a number of locations. 10 | ; The following is a summary of its search order: 11 | ; 1. SAPI module specific location. 12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0) 13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) 14 | ; 4. Current working directory (except CLI) 15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP 16 | ; (otherwise in Windows) 17 | ; 6. The directory from the --with-config-file-path compile time option, or the 18 | ; Windows directory (C:\windows or C:\winnt) 19 | ; See the PHP docs for more specific information. 20 | ; http://php.net/configuration.file 21 | 22 | ; The syntax of the file is extremely simple. Whitespace and Lines 23 | ; beginning with a semicolon are silently ignored (as you probably guessed). 24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though 25 | ; they might mean something in the future. 26 | 27 | ; Directives following the section heading [PATH=/www/mysite] only 28 | ; apply to PHP files in the /www/mysite directory. Directives 29 | ; following the section heading [HOST=www.example.com] only apply to 30 | ; PHP files served from www.example.com. Directives set in these 31 | ; special sections cannot be overridden by user-defined INI files or 32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under 33 | ; CGI/FastCGI. 34 | ; http://php.net/ini.sections 35 | 36 | ; Directives are specified using the following syntax: 37 | ; directive = value 38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. 39 | ; Directives are variables used to configure PHP or PHP extensions. 40 | ; There is no name validation. If PHP can't find an expected 41 | ; directive because it is not set or is mistyped, a default value will be used. 42 | 43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one 44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression 45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a 46 | ; previously set variable or directive (e.g. ${foo}) 47 | 48 | ; Expressions in the INI file are limited to bitwise operators and parentheses: 49 | ; | bitwise OR 50 | ; ^ bitwise XOR 51 | ; & bitwise AND 52 | ; ~ bitwise NOT 53 | ; ! boolean NOT 54 | 55 | ; Boolean flags can be turned on using the values 1, On, True or Yes. 56 | ; They can be turned off using the values 0, Off, False or No. 57 | 58 | ; An empty string can be denoted by simply not writing anything after the equal 59 | ; sign, or by using the None keyword: 60 | 61 | ; foo = ; sets foo to an empty string 62 | ; foo = None ; sets foo to an empty string 63 | ; foo = "None" ; sets foo to the string 'None' 64 | 65 | ; If you use constants in your value, and these constants belong to a 66 | ; dynamically loaded extension (either a PHP extension or a Zend extension), 67 | ; you may only use these constants *after* the line that loads the extension. 68 | 69 | ;;;;;;;;;;;;;;;;;;; 70 | ; About this file ; 71 | ;;;;;;;;;;;;;;;;;;; 72 | ; PHP comes packaged with two INI files. One that is recommended to be used 73 | ; in production environments and one that is recommended to be used in 74 | ; development environments. 75 | 76 | ; php.ini-production contains settings which hold security, performance and 77 | ; best practices at its core. But please be aware, these settings may break 78 | ; compatibility with older or less security conscience applications. We 79 | ; recommending using the production ini in production and testing environments. 80 | 81 | ; php.ini-development is very similar to its production variant, except it's 82 | ; much more verbose when it comes to errors. We recommending using the 83 | ; development version only in development environments as errors shown to 84 | ; application users can inadvertently leak otherwise secure information. 85 | 86 | ;;;;;;;;;;;;;;;;;;; 87 | ; Quick Reference ; 88 | ;;;;;;;;;;;;;;;;;;; 89 | ; The following are all the settings which are different in either the production 90 | ; or development versions of the INIs with respect to PHP's default behavior. 91 | ; Please see the actual settings later in the document for more details as to why 92 | ; we recommend these changes in PHP's behavior. 93 | 94 | ; allow_call_time_pass_reference 95 | ; Default Value: On 96 | ; Development Value: Off 97 | ; Production Value: Off 98 | 99 | ; display_errors 100 | ; Default Value: On 101 | ; Development Value: On 102 | ; Production Value: Off 103 | 104 | ; display_startup_errors 105 | ; Default Value: Off 106 | ; Development Value: On 107 | ; Production Value: Off 108 | 109 | ; error_reporting 110 | ; Default Value: E_ALL & ~E_NOTICE 111 | ; Development Value: E_ALL | E_STRICT 112 | ; Production Value: E_ALL & ~E_DEPRECATED 113 | 114 | ; html_errors 115 | ; Default Value: On 116 | ; Development Value: On 117 | ; Production value: Off 118 | 119 | ; log_errors 120 | ; Default Value: Off 121 | ; Development Value: On 122 | ; Production Value: On 123 | 124 | ; magic_quotes_gpc 125 | ; Default Value: On 126 | ; Development Value: Off 127 | ; Production Value: Off 128 | 129 | ; max_input_time 130 | ; Default Value: -1 (Unlimited) 131 | ; Development Value: 60 (60 seconds) 132 | ; Production Value: 60 (60 seconds) 133 | 134 | ; output_buffering 135 | ; Default Value: Off 136 | ; Development Value: 4096 137 | ; Production Value: 4096 138 | 139 | ; register_argc_argv 140 | ; Default Value: On 141 | ; Development Value: Off 142 | ; Production Value: Off 143 | 144 | ; register_long_arrays 145 | ; Default Value: On 146 | ; Development Value: Off 147 | ; Production Value: Off 148 | 149 | ; request_order 150 | ; Default Value: None 151 | ; Development Value: "GP" 152 | ; Production Value: "GP" 153 | 154 | ; session.bug_compat_42 155 | ; Default Value: On 156 | ; Development Value: On 157 | ; Production Value: Off 158 | 159 | ; session.bug_compat_warn 160 | ; Default Value: On 161 | ; Development Value: On 162 | ; Production Value: Off 163 | 164 | ; session.gc_divisor 165 | ; Default Value: 100 166 | ; Development Value: 1000 167 | ; Production Value: 1000 168 | 169 | ; session.hash_bits_per_character 170 | ; Default Value: 4 171 | ; Development Value: 5 172 | ; Production Value: 5 173 | 174 | ; short_open_tag 175 | ; Default Value: On 176 | ; Development Value: Off 177 | ; Production Value: Off 178 | 179 | ; track_errors 180 | ; Default Value: Off 181 | ; Development Value: On 182 | ; Production Value: Off 183 | 184 | ; url_rewriter.tags 185 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 186 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 187 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 188 | 189 | ; variables_order 190 | ; Default Value: "EGPCS" 191 | ; Development Value: "GPCS" 192 | ; Production Value: "GPCS" 193 | 194 | ;;;;;;;;;;;;;;;;;;;; 195 | ; php.ini Options ; 196 | ;;;;;;;;;;;;;;;;;;;; 197 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 198 | ;user_ini.filename = ".user.ini" 199 | 200 | ; To disable this feature set this option to empty value 201 | ;user_ini.filename = 202 | 203 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 204 | ;user_ini.cache_ttl = 300 205 | 206 | ;;;;;;;;;;;;;;;;;;;; 207 | ; Language Options ; 208 | ;;;;;;;;;;;;;;;;;;;; 209 | 210 | ; Enable the PHP scripting language engine under Apache. 211 | ; http://php.net/engine 212 | engine = On 213 | 214 | ; This directive determines whether or not PHP will recognize code between 215 | ; tags as PHP source which should be processed as such. It's been 216 | ; recommended for several years that you not use the short tag "short cut" and 217 | ; instead to use the full tag combination. With the wide spread use 218 | ; of XML and use of these tags by other languages, the server can become easily 219 | ; confused and end up parsing the wrong code in the wrong context. But because 220 | ; this short cut has been a feature for such a long time, it's currently still 221 | ; supported for backwards compatibility, but we recommend you don't use them. 222 | ; Default Value: On 223 | ; Development Value: Off 224 | ; Production Value: Off 225 | ; http://php.net/short-open-tag 226 | short_open_tag = On 227 | 228 | ; Allow ASP-style <% %> tags. 229 | ; http://php.net/asp-tags 230 | asp_tags = Off 231 | 232 | ; The number of significant digits displayed in floating point numbers. 233 | ; http://php.net/precision 234 | precision = 14 235 | 236 | ; Enforce year 2000 compliance (will cause problems with non-compliant browsers) 237 | ; http://php.net/y2k-compliance 238 | y2k_compliance = On 239 | 240 | ; Output buffering is a mechanism for controlling how much output data 241 | ; (excluding headers and cookies) PHP should keep internally before pushing that 242 | ; data to the client. If your application's output exceeds this setting, PHP 243 | ; will send that data in chunks of roughly the size you specify. 244 | ; Turning on this setting and managing its maximum buffer size can yield some 245 | ; interesting side-effects depending on your application and web server. 246 | ; You may be able to send headers and cookies after you've already sent output 247 | ; through print or echo. You also may see performance benefits if your server is 248 | ; emitting less packets due to buffered output versus PHP streaming the output 249 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance 250 | ; reasons. 251 | ; Note: Output buffering can also be controlled via Output Buffering Control 252 | ; functions. 253 | ; Possible Values: 254 | ; On = Enabled and buffer is unlimited. (Use with caution) 255 | ; Off = Disabled 256 | ; Integer = Enables the buffer and sets its maximum size in bytes. 257 | ; Note: This directive is hardcoded to Off for the CLI SAPI 258 | ; Default Value: Off 259 | ; Development Value: 4096 260 | ; Production Value: 4096 261 | ; http://php.net/output-buffering 262 | output_buffering = 4096 263 | 264 | ; You can redirect all of the output of your scripts to a function. For 265 | ; example, if you set output_handler to "mb_output_handler", character 266 | ; encoding will be transparently converted to the specified encoding. 267 | ; Setting any output handler automatically turns on output buffering. 268 | ; Note: People who wrote portable scripts should not depend on this ini 269 | ; directive. Instead, explicitly set the output handler using ob_start(). 270 | ; Using this ini directive may cause problems unless you know what script 271 | ; is doing. 272 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" 273 | ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". 274 | ; Note: output_handler must be empty if this is set 'On' !!!! 275 | ; Instead you must use zlib.output_handler. 276 | ; http://php.net/output-handler 277 | ;output_handler = 278 | 279 | ; Transparent output compression using the zlib library 280 | ; Valid values for this option are 'off', 'on', or a specific buffer size 281 | ; to be used for compression (default is 4KB) 282 | ; Note: Resulting chunk size may vary due to nature of compression. PHP 283 | ; outputs chunks that are few hundreds bytes each as a result of 284 | ; compression. If you prefer a larger chunk size for better 285 | ; performance, enable output_buffering in addition. 286 | ; Note: You need to use zlib.output_handler instead of the standard 287 | ; output_handler, or otherwise the output will be corrupted. 288 | ; http://php.net/zlib.output-compression 289 | zlib.output_compression = Off 290 | 291 | ; http://php.net/zlib.output-compression-level 292 | ;zlib.output_compression_level = -1 293 | 294 | ; You cannot specify additional output handlers if zlib.output_compression 295 | ; is activated here. This setting does the same as output_handler but in 296 | ; a different order. 297 | ; http://php.net/zlib.output-handler 298 | ;zlib.output_handler = 299 | 300 | ; Implicit flush tells PHP to tell the output layer to flush itself 301 | ; automatically after every output block. This is equivalent to calling the 302 | ; PHP function flush() after each and every call to print() or echo() and each 303 | ; and every HTML block. Turning this option on has serious performance 304 | ; implications and is generally recommended for debugging purposes only. 305 | ; http://php.net/implicit-flush 306 | ; Note: This directive is hardcoded to On for the CLI SAPI 307 | implicit_flush = Off 308 | 309 | ; The unserialize callback function will be called (with the undefined class' 310 | ; name as parameter), if the unserializer finds an undefined class 311 | ; which should be instantiated. A warning appears if the specified function is 312 | ; not defined, or if the function doesn't include/implement the missing class. 313 | ; So only set this entry, if you really want to implement such a 314 | ; callback-function. 315 | unserialize_callback_func = 316 | 317 | ; When floats & doubles are serialized store serialize_precision significant 318 | ; digits after the floating point. The default value ensures that when floats 319 | ; are decoded with unserialize, the data will remain the same. 320 | serialize_precision = 17 321 | 322 | ; This directive allows you to enable and disable warnings which PHP will issue 323 | ; if you pass a value by reference at function call time. Passing values by 324 | ; reference at function call time is a deprecated feature which will be removed 325 | ; from PHP at some point in the near future. The acceptable method for passing a 326 | ; value by reference to a function is by declaring the reference in the functions 327 | ; definition, not at call time. This directive does not disable this feature, it 328 | ; only determines whether PHP will warn you about it or not. These warnings 329 | ; should enabled in development environments only. 330 | ; Default Value: On (Suppress warnings) 331 | ; Development Value: Off (Issue warnings) 332 | ; Production Value: Off (Issue warnings) 333 | ; http://php.net/allow-call-time-pass-reference 334 | allow_call_time_pass_reference = Off 335 | 336 | ; Safe Mode 337 | ; http://php.net/safe-mode 338 | safe_mode = Off 339 | 340 | ; By default, Safe Mode does a UID compare check when 341 | ; opening files. If you want to relax this to a GID compare, 342 | ; then turn on safe_mode_gid. 343 | ; http://php.net/safe-mode-gid 344 | safe_mode_gid = Off 345 | 346 | ; When safe_mode is on, UID/GID checks are bypassed when 347 | ; including files from this directory and its subdirectories. 348 | ; (directory must also be in include_path or full path must 349 | ; be used when including) 350 | ; http://php.net/safe-mode-include-dir 351 | safe_mode_include_dir = 352 | 353 | ; When safe_mode is on, only executables located in the safe_mode_exec_dir 354 | ; will be allowed to be executed via the exec family of functions. 355 | ; http://php.net/safe-mode-exec-dir 356 | safe_mode_exec_dir = 357 | 358 | ; Setting certain environment variables may be a potential security breach. 359 | ; This directive contains a comma-delimited list of prefixes. In Safe Mode, 360 | ; the user may only alter environment variables whose names begin with the 361 | ; prefixes supplied here. By default, users will only be able to set 362 | ; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). 363 | ; Note: If this directive is empty, PHP will let the user modify ANY 364 | ; environment variable! 365 | ; http://php.net/safe-mode-allowed-env-vars 366 | safe_mode_allowed_env_vars = PHP_ 367 | 368 | ; This directive contains a comma-delimited list of environment variables that 369 | ; the end user won't be able to change using putenv(). These variables will be 370 | ; protected even if safe_mode_allowed_env_vars is set to allow to change them. 371 | ; http://php.net/safe-mode-protected-env-vars 372 | safe_mode_protected_env_vars = LD_LIBRARY_PATH 373 | 374 | ; open_basedir, if set, limits all file operations to the defined directory 375 | ; and below. This directive makes most sense if used in a per-directory 376 | ; or per-virtualhost web server configuration file. This directive is 377 | ; *NOT* affected by whether Safe Mode is turned On or Off. 378 | ; http://php.net/open-basedir 379 | ;open_basedir = 380 | 381 | ; This directive allows you to disable certain functions for security reasons. 382 | ; It receives a comma-delimited list of function names. This directive is 383 | ; *NOT* affected by whether Safe Mode is turned On or Off. 384 | ; http://php.net/disable-functions 385 | disable_functions = 386 | 387 | ; This directive allows you to disable certain classes for security reasons. 388 | ; It receives a comma-delimited list of class names. This directive is 389 | ; *NOT* affected by whether Safe Mode is turned On or Off. 390 | ; http://php.net/disable-classes 391 | disable_classes = 392 | 393 | ; Colors for Syntax Highlighting mode. Anything that's acceptable in 394 | ; would work. 395 | ; http://php.net/syntax-highlighting 396 | ;highlight.string = #DD0000 397 | ;highlight.comment = #FF9900 398 | ;highlight.keyword = #007700 399 | ;highlight.bg = #FFFFFF 400 | ;highlight.default = #0000BB 401 | ;highlight.html = #000000 402 | 403 | ; If enabled, the request will be allowed to complete even if the user aborts 404 | ; the request. Consider enabling it if executing long requests, which may end up 405 | ; being interrupted by the user or a browser timing out. PHP's default behavior 406 | ; is to disable this feature. 407 | ; http://php.net/ignore-user-abort 408 | ;ignore_user_abort = On 409 | 410 | ; Determines the size of the realpath cache to be used by PHP. This value should 411 | ; be increased on systems where PHP opens many files to reflect the quantity of 412 | ; the file operations performed. 413 | ; http://php.net/realpath-cache-size 414 | ;realpath_cache_size = 16k 415 | 416 | ; Duration of time, in seconds for which to cache realpath information for a given 417 | ; file or directory. For systems with rarely changing files, consider increasing this 418 | ; value. 419 | ; http://php.net/realpath-cache-ttl 420 | ;realpath_cache_ttl = 120 421 | 422 | ; Enables or disables the circular reference collector. 423 | ; http://php.net/zend.enable-gc 424 | zend.enable_gc = On 425 | 426 | ;;;;;;;;;;;;;;;;; 427 | ; Miscellaneous ; 428 | ;;;;;;;;;;;;;;;;; 429 | 430 | ; Decides whether PHP may expose the fact that it is installed on the server 431 | ; (e.g. by adding its signature to the Web server header). It is no security 432 | ; threat in any way, but it makes it possible to determine whether you use PHP 433 | ; on your server or not. 434 | ; http://php.net/expose-php 435 | expose_php = Off 436 | 437 | ;;;;;;;;;;;;;;;;;;; 438 | ; Resource Limits ; 439 | ;;;;;;;;;;;;;;;;;;; 440 | 441 | ; Maximum execution time of each script, in seconds 442 | ; http://php.net/max-execution-time 443 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 444 | max_execution_time = 30 445 | 446 | ; Maximum amount of time each script may spend parsing request data. It's a good 447 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 448 | ; long running scripts. 449 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 450 | ; Default Value: -1 (Unlimited) 451 | ; Development Value: 60 (60 seconds) 452 | ; Production Value: 60 (60 seconds) 453 | ; http://php.net/max-input-time 454 | max_input_time = 60 455 | 456 | ; Maximum input variable nesting level 457 | ; http://php.net/max-input-nesting-level 458 | ;max_input_nesting_level = 64 459 | 460 | ; How many GET/POST/COOKIE input variables may be accepted 461 | ; max_input_vars = 1000 462 | 463 | ; Maximum amount of memory a script may consume (128MB) 464 | ; http://php.net/memory-limit 465 | memory_limit = 128M 466 | 467 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 468 | ; Error handling and logging ; 469 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 470 | 471 | ; This directive informs PHP of which errors, warnings and notices you would like 472 | ; it to take action for. The recommended way of setting values for this 473 | ; directive is through the use of the error level constants and bitwise 474 | ; operators. The error level constants are below here for convenience as well as 475 | ; some common settings and their meanings. 476 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 477 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 478 | ; recommended coding standards in PHP. For performance reasons, this is the 479 | ; recommend error reporting setting. Your production server shouldn't be wasting 480 | ; resources complaining about best practices and coding standards. That's what 481 | ; development servers and development settings are for. 482 | ; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This 483 | ; means it pretty much reports everything which is exactly what you want during 484 | ; development and early testing. 485 | ; 486 | ; Error Level Constants: 487 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0) 488 | ; E_ERROR - fatal run-time errors 489 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 490 | ; E_WARNING - run-time warnings (non-fatal errors) 491 | ; E_PARSE - compile-time parse errors 492 | ; E_NOTICE - run-time notices (these are warnings which often result 493 | ; from a bug in your code, but it's possible that it was 494 | ; intentional (e.g., using an uninitialized variable and 495 | ; relying on the fact it's automatically initialized to an 496 | ; empty string) 497 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 498 | ; to your code which will ensure the best interoperability 499 | ; and forward compatibility of your code 500 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 501 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 502 | ; initial startup 503 | ; E_COMPILE_ERROR - fatal compile-time errors 504 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 505 | ; E_USER_ERROR - user-generated error message 506 | ; E_USER_WARNING - user-generated warning message 507 | ; E_USER_NOTICE - user-generated notice message 508 | ; E_DEPRECATED - warn about code that will not work in future versions 509 | ; of PHP 510 | ; E_USER_DEPRECATED - user-generated deprecation warnings 511 | ; 512 | ; Common Values: 513 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.) 514 | ; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices) 515 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 516 | ; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.) 517 | ; Default Value: E_ALL & ~E_NOTICE 518 | ; Development Value: E_ALL | E_STRICT 519 | ; Production Value: E_ALL & ~E_DEPRECATED 520 | ; http://php.net/error-reporting 521 | error_reporting = E_ALL & ~E_NOTICE 522 | 523 | ; This directive controls whether or not and where PHP will output errors, 524 | ; notices and warnings too. Error output is very useful during development, but 525 | ; it could be very dangerous in production environments. Depending on the code 526 | ; which is triggering the error, sensitive information could potentially leak 527 | ; out of your application such as database usernames and passwords or worse. 528 | ; It's recommended that errors be logged on production servers rather than 529 | ; having the errors sent to STDOUT. 530 | ; Possible Values: 531 | ; Off = Do not display any errors 532 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 533 | ; On or stdout = Display errors to STDOUT 534 | ; Default Value: On 535 | ; Development Value: On 536 | ; Production Value: Off 537 | ; http://php.net/display-errors 538 | display_errors = Off 539 | 540 | ; The display of errors which occur during PHP's startup sequence are handled 541 | ; separately from display_errors. PHP's default behavior is to suppress those 542 | ; errors from clients. Turning the display of startup errors on can be useful in 543 | ; debugging configuration problems. But, it's strongly recommended that you 544 | ; leave this setting off on production servers. 545 | ; Default Value: Off 546 | ; Development Value: On 547 | ; Production Value: Off 548 | ; http://php.net/display-startup-errors 549 | display_startup_errors = Off 550 | 551 | ; Besides displaying errors, PHP can also log errors to locations such as a 552 | ; server-specific log, STDERR, or a location specified by the error_log 553 | ; directive found below. While errors should not be displayed on productions 554 | ; servers they should still be monitored and logging is a great way to do that. 555 | ; Default Value: Off 556 | ; Development Value: On 557 | ; Production Value: On 558 | ; http://php.net/log-errors 559 | log_errors = On 560 | 561 | ; Set maximum length of log_errors. In error_log information about the source is 562 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 563 | ; http://php.net/log-errors-max-len 564 | log_errors_max_len = 1024 565 | 566 | ; Do not log repeated messages. Repeated errors must occur in same file on same 567 | ; line unless ignore_repeated_source is set true. 568 | ; http://php.net/ignore-repeated-errors 569 | ignore_repeated_errors = Off 570 | 571 | ; Ignore source of message when ignoring repeated messages. When this setting 572 | ; is On you will not log errors with repeated messages from different files or 573 | ; source lines. 574 | ; http://php.net/ignore-repeated-source 575 | ignore_repeated_source = Off 576 | 577 | ; If this parameter is set to Off, then memory leaks will not be shown (on 578 | ; stdout or in the log). This has only effect in a debug compile, and if 579 | ; error reporting includes E_WARNING in the allowed list 580 | ; http://php.net/report-memleaks 581 | report_memleaks = On 582 | 583 | ; This setting is on by default. 584 | ;report_zend_debug = 0 585 | 586 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 587 | ; to On can assist in debugging and is appropriate for development servers. It should 588 | ; however be disabled on production servers. 589 | ; Default Value: Off 590 | ; Development Value: On 591 | ; Production Value: Off 592 | ; http://php.net/track-errors 593 | track_errors = Off 594 | 595 | ; Turn off normal error reporting and emit XML-RPC error XML 596 | ; http://php.net/xmlrpc-errors 597 | ;xmlrpc_errors = 0 598 | 599 | ; An XML-RPC faultCode 600 | ;xmlrpc_error_number = 0 601 | 602 | ; When PHP displays or logs an error, it has the capability of inserting html 603 | ; links to documentation related to that error. This directive controls whether 604 | ; those HTML links appear in error messages or not. For performance and security 605 | ; reasons, it's recommended you disable this on production servers. 606 | ; Note: This directive is hardcoded to Off for the CLI SAPI 607 | ; Default Value: On 608 | ; Development Value: On 609 | ; Production value: Off 610 | ; http://php.net/html-errors 611 | html_errors = Off 612 | 613 | ; If html_errors is set On PHP produces clickable error messages that direct 614 | ; to a page describing the error or function causing the error in detail. 615 | ; You can download a copy of the PHP manual from http://php.net/docs 616 | ; and change docref_root to the base URL of your local copy including the 617 | ; leading '/'. You must also specify the file extension being used including 618 | ; the dot. PHP's default behavior is to leave these settings empty. 619 | ; Note: Never use this feature for production boxes. 620 | ; http://php.net/docref-root 621 | ; Examples 622 | ;docref_root = "/phpmanual/" 623 | 624 | ; http://php.net/docref-ext 625 | ;docref_ext = .html 626 | 627 | ; String to output before an error message. PHP's default behavior is to leave 628 | ; this setting blank. 629 | ; http://php.net/error-prepend-string 630 | ; Example: 631 | ;error_prepend_string = "" 632 | 633 | ; String to output after an error message. PHP's default behavior is to leave 634 | ; this setting blank. 635 | ; http://php.net/error-append-string 636 | ; Example: 637 | ;error_append_string = "" 638 | 639 | ; Log errors to specified file. PHP's default behavior is to leave this value 640 | ; empty. 641 | ; http://php.net/error-log 642 | ; Example: 643 | ;error_log = php_errors.log 644 | ; Log errors to syslog (Event Log on NT, not valid in Windows 95). 645 | ;error_log = syslog 646 | 647 | ;windows.show_crt_warning 648 | ; Default value: 0 649 | ; Development value: 0 650 | ; Production value: 0 651 | 652 | ;;;;;;;;;;;;;;;;; 653 | ; Data Handling ; 654 | ;;;;;;;;;;;;;;;;; 655 | 656 | ; The separator used in PHP generated URLs to separate arguments. 657 | ; PHP's default setting is "&". 658 | ; http://php.net/arg-separator.output 659 | ; Example: 660 | ;arg_separator.output = "&" 661 | 662 | ; List of separator(s) used by PHP to parse input URLs into variables. 663 | ; PHP's default setting is "&". 664 | ; NOTE: Every character in this directive is considered as separator! 665 | ; http://php.net/arg-separator.input 666 | ; Example: 667 | ;arg_separator.input = ";&" 668 | 669 | ; This directive determines which super global arrays are registered when PHP 670 | ; starts up. If the register_globals directive is enabled, it also determines 671 | ; what order variables are populated into the global space. G,P,C,E & S are 672 | ; abbreviations for the following respective super globals: GET, POST, COOKIE, 673 | ; ENV and SERVER. There is a performance penalty paid for the registration of 674 | ; these arrays and because ENV is not as commonly used as the others, ENV is 675 | ; is not recommended on productions servers. You can still get access to 676 | ; the environment variables through getenv() should you need to. 677 | ; Default Value: "EGPCS" 678 | ; Development Value: "GPCS" 679 | ; Production Value: "GPCS"; 680 | ; http://php.net/variables-order 681 | variables_order = "GPCS" 682 | 683 | ; This directive determines which super global data (G,P,C,E & S) should 684 | ; be registered into the super global array REQUEST. If so, it also determines 685 | ; the order in which that data is registered. The values for this directive are 686 | ; specified in the same manner as the variables_order directive, EXCEPT one. 687 | ; Leaving this value empty will cause PHP to use the value set in the 688 | ; variables_order directive. It does not mean it will leave the super globals 689 | ; array REQUEST empty. 690 | ; Default Value: None 691 | ; Development Value: "GP" 692 | ; Production Value: "GP" 693 | ; http://php.net/request-order 694 | request_order = "GP" 695 | 696 | ; Whether or not to register the EGPCS variables as global variables. You may 697 | ; want to turn this off if you don't want to clutter your scripts' global scope 698 | ; with user data. 699 | ; You should do your best to write your scripts so that they do not require 700 | ; register_globals to be on; Using form variables as globals can easily lead 701 | ; to possible security problems, if the code is not very well thought of. 702 | ; http://php.net/register-globals 703 | register_globals = Off 704 | 705 | ; Determines whether the deprecated long $HTTP_*_VARS type predefined variables 706 | ; are registered by PHP or not. As they are deprecated, we obviously don't 707 | ; recommend you use them. They are on by default for compatibility reasons but 708 | ; they are not recommended on production servers. 709 | ; Default Value: On 710 | ; Development Value: Off 711 | ; Production Value: Off 712 | ; http://php.net/register-long-arrays 713 | register_long_arrays = Off 714 | 715 | ; This directive determines whether PHP registers $argv & $argc each time it 716 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 717 | ; is invoked. $argc contains an integer representing the number of arguments 718 | ; that were passed when the script was invoked. These arrays are extremely 719 | ; useful when running scripts from the command line. When this directive is 720 | ; enabled, registering these variables consumes CPU cycles and memory each time 721 | ; a script is executed. For performance reasons, this feature should be disabled 722 | ; on production servers. 723 | ; Note: This directive is hardcoded to On for the CLI SAPI 724 | ; Default Value: On 725 | ; Development Value: Off 726 | ; Production Value: Off 727 | ; http://php.net/register-argc-argv 728 | register_argc_argv = Off 729 | 730 | ; When enabled, the SERVER and ENV variables are created when they're first 731 | ; used (Just In Time) instead of when the script starts. If these variables 732 | ; are not used within a script, having this directive on will result in a 733 | ; performance gain. The PHP directives register_globals, register_long_arrays, 734 | ; and register_argc_argv must be disabled for this directive to have any affect. 735 | ; http://php.net/auto-globals-jit 736 | auto_globals_jit = On 737 | 738 | ; Maximum size of POST data that PHP will accept. 739 | ; http://php.net/post-max-size 740 | post_max_size = 8M 741 | 742 | ; Magic quotes are a preprocessing feature of PHP where PHP will attempt to 743 | ; escape any character sequences in GET, POST, COOKIE and ENV data which might 744 | ; otherwise corrupt data being placed in resources such as databases before 745 | ; making that data available to you. Because of character encoding issues and 746 | ; non-standard SQL implementations across many databases, it's not currently 747 | ; possible for this feature to be 100% accurate. PHP's default behavior is to 748 | ; enable the feature. We strongly recommend you use the escaping mechanisms 749 | ; designed specifically for the database your using instead of relying on this 750 | ; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is 751 | ; scheduled for removal in PHP 6. 752 | ; Default Value: On 753 | ; Development Value: Off 754 | ; Production Value: Off 755 | ; http://php.net/magic-quotes-gpc 756 | magic_quotes_gpc = Off 757 | 758 | ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. 759 | ; http://php.net/magic-quotes-runtime 760 | magic_quotes_runtime = Off 761 | 762 | ; Use Sybase-style magic quotes (escape ' with '' instead of \'). 763 | ; http://php.net/magic-quotes-sybase 764 | magic_quotes_sybase = Off 765 | 766 | ; Automatically add files before PHP document. 767 | ; http://php.net/auto-prepend-file 768 | auto_prepend_file = 769 | 770 | ; Automatically add files after PHP document. 771 | ; http://php.net/auto-append-file 772 | auto_append_file = 773 | 774 | ; By default, PHP will output a character encoding using 775 | ; the Content-type: header. To disable sending of the charset, simply 776 | ; set it to be empty. 777 | ; 778 | ; PHP's built-in default is text/html 779 | ; http://php.net/default-mimetype 780 | default_mimetype = "text/html" 781 | 782 | ; PHP's default character set is set to empty. 783 | ; http://php.net/default-charset 784 | ;default_charset = "iso-8859-1" 785 | 786 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is 787 | ; to disable this feature. 788 | ; http://php.net/always-populate-raw-post-data 789 | ;always_populate_raw_post_data = On 790 | 791 | ;;;;;;;;;;;;;;;;;;;;;;;;; 792 | ; Paths and Directories ; 793 | ;;;;;;;;;;;;;;;;;;;;;;;;; 794 | 795 | ; UNIX: "/path1:/path2" 796 | ;include_path = ".:/php/includes" 797 | ; 798 | ; Windows: "\path1;\path2" 799 | ;include_path = ".;c:\php\includes" 800 | ; 801 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 802 | ; http://php.net/include-path 803 | 804 | ; The root of the PHP pages, used only if nonempty. 805 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 806 | ; if you are running php as a CGI under any web server (other than IIS) 807 | ; see documentation for security issues. The alternate is to use the 808 | ; cgi.force_redirect configuration below 809 | ; http://php.net/doc-root 810 | doc_root = 811 | 812 | ; The directory under which PHP opens the script using /~username used only 813 | ; if nonempty. 814 | ; http://php.net/user-dir 815 | user_dir = 816 | 817 | ; Directory in which the loadable extensions (modules) reside. 818 | ; http://php.net/extension-dir 819 | ; extension_dir = "./" 820 | ; On windows: 821 | ; extension_dir = "ext" 822 | 823 | ; Whether or not to enable the dl() function. The dl() function does NOT work 824 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 825 | ; disabled on them. 826 | ; http://php.net/enable-dl 827 | enable_dl = Off 828 | 829 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 830 | ; most web servers. Left undefined, PHP turns this on by default. You can 831 | ; turn it off here AT YOUR OWN RISK 832 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 833 | ; http://php.net/cgi.force-redirect 834 | ;cgi.force_redirect = 1 835 | 836 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 837 | ; every request. PHP's default behavior is to disable this feature. 838 | ;cgi.nph = 1 839 | 840 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 841 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 842 | ; will look for to know it is OK to continue execution. Setting this variable MAY 843 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 844 | ; http://php.net/cgi.redirect-status-env 845 | ;cgi.redirect_status_env = ; 846 | 847 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 848 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 849 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 850 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 851 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 852 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 853 | ; http://php.net/cgi.fix-pathinfo 854 | ;cgi.fix_pathinfo=1 855 | 856 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 857 | ; security tokens of the calling client. This allows IIS to define the 858 | ; security context that the request runs under. mod_fastcgi under Apache 859 | ; does not currently support this feature (03/17/2002) 860 | ; Set to 1 if running under IIS. Default is zero. 861 | ; http://php.net/fastcgi.impersonate 862 | ;fastcgi.impersonate = 1; 863 | 864 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 865 | ; this feature. 866 | ;fastcgi.logging = 0 867 | 868 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 869 | ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that 870 | ; is supported by Apache. When this option is set to 1 PHP will send 871 | ; RFC2616 compliant header. 872 | ; Default is zero. 873 | ; http://php.net/cgi.rfc2616-headers 874 | ;cgi.rfc2616_headers = 0 875 | 876 | ;;;;;;;;;;;;;;;; 877 | ; File Uploads ; 878 | ;;;;;;;;;;;;;;;; 879 | 880 | ; Whether to allow HTTP file uploads. 881 | ; http://php.net/file-uploads 882 | file_uploads = On 883 | 884 | ; Temporary directory for HTTP uploaded files (will use system default if not 885 | ; specified). 886 | ; http://php.net/upload-tmp-dir 887 | ;upload_tmp_dir = 888 | 889 | ; Maximum allowed size for uploaded files. 890 | ; http://php.net/upload-max-filesize 891 | upload_max_filesize = 2M 892 | 893 | ; Maximum number of files that can be uploaded via a single request 894 | max_file_uploads = 20 895 | 896 | ;;;;;;;;;;;;;;;;;; 897 | ; Fopen wrappers ; 898 | ;;;;;;;;;;;;;;;;;; 899 | 900 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 901 | ; http://php.net/allow-url-fopen 902 | allow_url_fopen = On 903 | 904 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 905 | ; http://php.net/allow-url-include 906 | allow_url_include = Off 907 | 908 | ; Define the anonymous ftp password (your email address). PHP's default setting 909 | ; for this is empty. 910 | ; http://php.net/from 911 | ;from="john@doe.com" 912 | 913 | ; Define the User-Agent string. PHP's default setting for this is empty. 914 | ; http://php.net/user-agent 915 | ;user_agent="PHP" 916 | 917 | ; Default timeout for socket based streams (seconds) 918 | ; http://php.net/default-socket-timeout 919 | default_socket_timeout = 60 920 | 921 | ; If your scripts have to deal with files from Macintosh systems, 922 | ; or you are running on a Mac and need to deal with files from 923 | ; unix or win32 systems, setting this flag will cause PHP to 924 | ; automatically detect the EOL character in those files so that 925 | ; fgets() and file() will work regardless of the source of the file. 926 | ; http://php.net/auto-detect-line-endings 927 | ;auto_detect_line_endings = Off 928 | 929 | ;;;;;;;;;;;;;;;;;;;;;; 930 | ; Dynamic Extensions ; 931 | ;;;;;;;;;;;;;;;;;;;;;; 932 | 933 | ; If you wish to have an extension loaded automatically, use the following 934 | ; syntax: 935 | ; 936 | ; extension=modulename.extension 937 | ; 938 | ; For example, on Windows: 939 | ; 940 | ; extension=msql.dll 941 | ; 942 | ; ... or under UNIX: 943 | ; 944 | ; extension=msql.so 945 | ; 946 | ; ... or with a path: 947 | ; 948 | ; extension=/path/to/extension/msql.so 949 | ; 950 | ; If you only provide the name of the extension, PHP will look for it in its 951 | ; default extension directory. 952 | ; 953 | ; Windows Extensions 954 | ; Note that ODBC support is built in, so no dll is needed for it. 955 | ; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) 956 | ; extension folders as well as the separate PECL DLL download (PHP 5). 957 | ; Be sure to appropriately set the extension_dir directive. 958 | ; 959 | ;extension=php_bz2.dll 960 | ;extension=php_curl.dll 961 | ;extension=php_fileinfo.dll 962 | ;extension=php_gd2.dll 963 | ;extension=php_gettext.dll 964 | ;extension=php_gmp.dll 965 | ;extension=php_intl.dll 966 | ;extension=php_imap.dll 967 | ;extension=php_interbase.dll 968 | ;extension=php_ldap.dll 969 | ;extension=php_mbstring.dll 970 | ;extension=php_exif.dll ; Must be after mbstring as it depends on it 971 | ;extension=php_mysql.dll 972 | ;extension=php_mysqli.dll 973 | ;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client 974 | ;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client 975 | ;extension=php_openssl.dll 976 | ;extension=php_pdo_firebird.dll 977 | ;extension=php_pdo_mssql.dll 978 | ;extension=php_pdo_mysql.dll 979 | ;extension=php_pdo_oci.dll 980 | ;extension=php_pdo_odbc.dll 981 | ;extension=php_pdo_pgsql.dll 982 | ;extension=php_pdo_sqlite.dll 983 | ;extension=php_pgsql.dll 984 | ;extension=php_pspell.dll 985 | ;extension=php_shmop.dll 986 | 987 | ; The MIBS data available in the PHP distribution must be installed. 988 | ; See http://www.php.net/manual/en/snmp.installation.php 989 | ;extension=php_snmp.dll 990 | 991 | ;extension=php_soap.dll 992 | ;extension=php_sockets.dll 993 | ;extension=php_sqlite.dll 994 | ;extension=php_sqlite3.dll 995 | ;extension=php_sybase_ct.dll 996 | ;extension=php_tidy.dll 997 | ;extension=php_xmlrpc.dll 998 | ;extension=php_xsl.dll 999 | ;extension=php_zip.dll 1000 | 1001 | ;;;;;;;;;;;;;;;;;;; 1002 | ; Module Settings ; 1003 | ;;;;;;;;;;;;;;;;;;; 1004 | 1005 | [Date] 1006 | ; Defines the default timezone used by the date functions 1007 | ; http://php.net/date.timezone 1008 | date.timezone = Asia/Shanghai 1009 | 1010 | ; http://php.net/date.default-latitude 1011 | ;date.default_latitude = 31.7667 1012 | 1013 | ; http://php.net/date.default-longitude 1014 | ;date.default_longitude = 35.2333 1015 | 1016 | ; http://php.net/date.sunrise-zenith 1017 | ;date.sunrise_zenith = 90.583333 1018 | 1019 | ; http://php.net/date.sunset-zenith 1020 | ;date.sunset_zenith = 90.583333 1021 | 1022 | [filter] 1023 | ; http://php.net/filter.default 1024 | ;filter.default = unsafe_raw 1025 | 1026 | ; http://php.net/filter.default-flags 1027 | ;filter.default_flags = 1028 | 1029 | [iconv] 1030 | ;iconv.input_encoding = ISO-8859-1 1031 | ;iconv.internal_encoding = ISO-8859-1 1032 | ;iconv.output_encoding = ISO-8859-1 1033 | 1034 | [intl] 1035 | ;intl.default_locale = 1036 | ; This directive allows you to produce PHP errors when some error 1037 | ; happens within intl functions. The value is the level of the error produced. 1038 | ; Default is 0, which does not produce any errors. 1039 | ;intl.error_level = E_WARNING 1040 | 1041 | [sqlite] 1042 | ; http://php.net/sqlite.assoc-case 1043 | ;sqlite.assoc_case = 0 1044 | 1045 | [sqlite3] 1046 | ;sqlite3.extension_dir = 1047 | 1048 | [Pcre] 1049 | ;PCRE library backtracking limit. 1050 | ; http://php.net/pcre.backtrack-limit 1051 | ;pcre.backtrack_limit=100000 1052 | 1053 | ;PCRE library recursion limit. 1054 | ;Please note that if you set this value to a high number you may consume all 1055 | ;the available process stack and eventually crash PHP (due to reaching the 1056 | ;stack size limit imposed by the Operating System). 1057 | ; http://php.net/pcre.recursion-limit 1058 | ;pcre.recursion_limit=100000 1059 | 1060 | [Pdo] 1061 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 1062 | ; http://php.net/pdo-odbc.connection-pooling 1063 | ;pdo_odbc.connection_pooling=strict 1064 | 1065 | ;pdo_odbc.db2_instance_name 1066 | 1067 | [Pdo_mysql] 1068 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1069 | ; http://php.net/pdo_mysql.cache_size 1070 | pdo_mysql.cache_size = 2000 1071 | 1072 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1073 | ; MySQL defaults. 1074 | ; http://php.net/pdo_mysql.default-socket 1075 | pdo_mysql.default_socket= 1076 | 1077 | [Phar] 1078 | ; http://php.net/phar.readonly 1079 | ;phar.readonly = On 1080 | 1081 | ; http://php.net/phar.require-hash 1082 | ;phar.require_hash = On 1083 | 1084 | ;phar.cache_list = 1085 | 1086 | [Syslog] 1087 | ; Whether or not to define the various syslog variables (e.g. $LOG_PID, 1088 | ; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In 1089 | ; runtime, you can define these variables by calling define_syslog_variables(). 1090 | ; http://php.net/define-syslog-variables 1091 | define_syslog_variables = Off 1092 | 1093 | [mail function] 1094 | ; For Win32 only. 1095 | ; http://php.net/smtp 1096 | SMTP = localhost 1097 | ; http://php.net/smtp-port 1098 | smtp_port = 25 1099 | 1100 | ; For Win32 only. 1101 | ; http://php.net/sendmail-from 1102 | ;sendmail_from = me@example.com 1103 | 1104 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 1105 | ; http://php.net/sendmail-path 1106 | ;sendmail_path = 1107 | 1108 | ; Force the addition of the specified parameters to be passed as extra parameters 1109 | ; to the sendmail binary. These parameters will always replace the value of 1110 | ; the 5th parameter to mail(), even in safe mode. 1111 | ;mail.force_extra_parameters = 1112 | 1113 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 1114 | mail.add_x_header = On 1115 | 1116 | ; The path to a log file that will log all mail() calls. Log entries include 1117 | ; the full path of the script, line number, To address and headers. 1118 | ;mail.log = 1119 | 1120 | [SQL] 1121 | ; http://php.net/sql.safe-mode 1122 | sql.safe_mode = Off 1123 | 1124 | [ODBC] 1125 | ; http://php.net/odbc.default-db 1126 | ;odbc.default_db = Not yet implemented 1127 | 1128 | ; http://php.net/odbc.default-user 1129 | ;odbc.default_user = Not yet implemented 1130 | 1131 | ; http://php.net/odbc.default-pw 1132 | ;odbc.default_pw = Not yet implemented 1133 | 1134 | ; Controls the ODBC cursor model. 1135 | ; Default: SQL_CURSOR_STATIC (default). 1136 | ;odbc.default_cursortype 1137 | 1138 | ; Allow or prevent persistent links. 1139 | ; http://php.net/odbc.allow-persistent 1140 | odbc.allow_persistent = On 1141 | 1142 | ; Check that a connection is still valid before reuse. 1143 | ; http://php.net/odbc.check-persistent 1144 | odbc.check_persistent = On 1145 | 1146 | ; Maximum number of persistent links. -1 means no limit. 1147 | ; http://php.net/odbc.max-persistent 1148 | odbc.max_persistent = -1 1149 | 1150 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1151 | ; http://php.net/odbc.max-links 1152 | odbc.max_links = -1 1153 | 1154 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 1155 | ; passthru. 1156 | ; http://php.net/odbc.defaultlrl 1157 | odbc.defaultlrl = 4096 1158 | 1159 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 1160 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 1161 | ; of odbc.defaultlrl and odbc.defaultbinmode 1162 | ; http://php.net/odbc.defaultbinmode 1163 | odbc.defaultbinmode = 1 1164 | 1165 | ;birdstep.max_links = -1 1166 | 1167 | [Interbase] 1168 | ; Allow or prevent persistent links. 1169 | ibase.allow_persistent = 1 1170 | 1171 | ; Maximum number of persistent links. -1 means no limit. 1172 | ibase.max_persistent = -1 1173 | 1174 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1175 | ibase.max_links = -1 1176 | 1177 | ; Default database name for ibase_connect(). 1178 | ;ibase.default_db = 1179 | 1180 | ; Default username for ibase_connect(). 1181 | ;ibase.default_user = 1182 | 1183 | ; Default password for ibase_connect(). 1184 | ;ibase.default_password = 1185 | 1186 | ; Default charset for ibase_connect(). 1187 | ;ibase.default_charset = 1188 | 1189 | ; Default timestamp format. 1190 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 1191 | 1192 | ; Default date format. 1193 | ibase.dateformat = "%Y-%m-%d" 1194 | 1195 | ; Default time format. 1196 | ibase.timeformat = "%H:%M:%S" 1197 | 1198 | [MySQL] 1199 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1200 | ; http://php.net/mysql.allow_local_infile 1201 | mysql.allow_local_infile = On 1202 | 1203 | ; Allow or prevent persistent links. 1204 | ; http://php.net/mysql.allow-persistent 1205 | mysql.allow_persistent = On 1206 | 1207 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1208 | ; http://php.net/mysql.cache_size 1209 | mysql.cache_size = 2000 1210 | 1211 | ; Maximum number of persistent links. -1 means no limit. 1212 | ; http://php.net/mysql.max-persistent 1213 | mysql.max_persistent = -1 1214 | 1215 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1216 | ; http://php.net/mysql.max-links 1217 | mysql.max_links = -1 1218 | 1219 | ; Default port number for mysql_connect(). If unset, mysql_connect() will use 1220 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1221 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1222 | ; at MYSQL_PORT. 1223 | ; http://php.net/mysql.default-port 1224 | mysql.default_port = 1225 | 1226 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1227 | ; MySQL defaults. 1228 | ; http://php.net/mysql.default-socket 1229 | mysql.default_socket = 1230 | 1231 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1232 | ; http://php.net/mysql.default-host 1233 | mysql.default_host = 1234 | 1235 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1236 | ; http://php.net/mysql.default-user 1237 | mysql.default_user = 1238 | 1239 | ; Default password for mysql_connect() (doesn't apply in safe mode). 1240 | ; Note that this is generally a *bad* idea to store passwords in this file. 1241 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") 1242 | ; and reveal this password! And of course, any users with read access to this 1243 | ; file will be able to reveal the password as well. 1244 | ; http://php.net/mysql.default-password 1245 | mysql.default_password = 1246 | 1247 | ; Maximum time (in seconds) for connect timeout. -1 means no limit 1248 | ; http://php.net/mysql.connect-timeout 1249 | mysql.connect_timeout = 60 1250 | 1251 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and 1252 | ; SQL-Errors will be displayed. 1253 | ; http://php.net/mysql.trace-mode 1254 | mysql.trace_mode = Off 1255 | 1256 | [MySQLi] 1257 | 1258 | ; Maximum number of persistent links. -1 means no limit. 1259 | ; http://php.net/mysqli.max-persistent 1260 | mysqli.max_persistent = -1 1261 | 1262 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1263 | ; http://php.net/mysqli.allow_local_infile 1264 | ;mysqli.allow_local_infile = On 1265 | 1266 | ; Allow or prevent persistent links. 1267 | ; http://php.net/mysqli.allow-persistent 1268 | mysqli.allow_persistent = On 1269 | 1270 | ; Maximum number of links. -1 means no limit. 1271 | ; http://php.net/mysqli.max-links 1272 | mysqli.max_links = -1 1273 | 1274 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1275 | ; http://php.net/mysqli.cache_size 1276 | mysqli.cache_size = 2000 1277 | 1278 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1279 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1280 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1281 | ; at MYSQL_PORT. 1282 | ; http://php.net/mysqli.default-port 1283 | mysqli.default_port = 3306 1284 | 1285 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1286 | ; MySQL defaults. 1287 | ; http://php.net/mysqli.default-socket 1288 | mysqli.default_socket = 1289 | 1290 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1291 | ; http://php.net/mysqli.default-host 1292 | mysqli.default_host = 1293 | 1294 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1295 | ; http://php.net/mysqli.default-user 1296 | mysqli.default_user = 1297 | 1298 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1299 | ; Note that this is generally a *bad* idea to store passwords in this file. 1300 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1301 | ; and reveal this password! And of course, any users with read access to this 1302 | ; file will be able to reveal the password as well. 1303 | ; http://php.net/mysqli.default-pw 1304 | mysqli.default_pw = 1305 | 1306 | ; Allow or prevent reconnect 1307 | mysqli.reconnect = Off 1308 | 1309 | [mysqlnd] 1310 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1311 | ; used to tune and monitor MySQL operations. 1312 | ; http://php.net/mysqlnd.collect_statistics 1313 | mysqlnd.collect_statistics = On 1314 | 1315 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1316 | ; used to tune and monitor MySQL operations. 1317 | ; http://php.net/mysqlnd.collect_memory_statistics 1318 | mysqlnd.collect_memory_statistics = Off 1319 | 1320 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1321 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1322 | ;mysqlnd.net_cmd_buffer_size = 2048 1323 | 1324 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1325 | ; bytes. 1326 | ; http://php.net/mysqlnd.net_read_buffer_size 1327 | ;mysqlnd.net_read_buffer_size = 32768 1328 | 1329 | [OCI8] 1330 | 1331 | ; Connection: Enables privileged connections using external 1332 | ; credentials (OCI_SYSOPER, OCI_SYSDBA) 1333 | ; http://php.net/oci8.privileged-connect 1334 | ;oci8.privileged_connect = Off 1335 | 1336 | ; Connection: The maximum number of persistent OCI8 connections per 1337 | ; process. Using -1 means no limit. 1338 | ; http://php.net/oci8.max-persistent 1339 | ;oci8.max_persistent = -1 1340 | 1341 | ; Connection: The maximum number of seconds a process is allowed to 1342 | ; maintain an idle persistent connection. Using -1 means idle 1343 | ; persistent connections will be maintained forever. 1344 | ; http://php.net/oci8.persistent-timeout 1345 | ;oci8.persistent_timeout = -1 1346 | 1347 | ; Connection: The number of seconds that must pass before issuing a 1348 | ; ping during oci_pconnect() to check the connection validity. When 1349 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables 1350 | ; pings completely. 1351 | ; http://php.net/oci8.ping-interval 1352 | ;oci8.ping_interval = 60 1353 | 1354 | ; Connection: Set this to a user chosen connection class to be used 1355 | ; for all pooled server requests with Oracle 11g Database Resident 1356 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to 1357 | ; the same string for all web servers running the same application, 1358 | ; the database pool must be configured, and the connection string must 1359 | ; specify to use a pooled server. 1360 | ;oci8.connection_class = 1361 | 1362 | ; High Availability: Using On lets PHP receive Fast Application 1363 | ; Notification (FAN) events generated when a database node fails. The 1364 | ; database must also be configured to post FAN events. 1365 | ;oci8.events = Off 1366 | 1367 | ; Tuning: This option enables statement caching, and specifies how 1368 | ; many statements to cache. Using 0 disables statement caching. 1369 | ; http://php.net/oci8.statement-cache-size 1370 | ;oci8.statement_cache_size = 20 1371 | 1372 | ; Tuning: Enables statement prefetching and sets the default number of 1373 | ; rows that will be fetched automatically after statement execution. 1374 | ; http://php.net/oci8.default-prefetch 1375 | ;oci8.default_prefetch = 100 1376 | 1377 | ; Compatibility. Using On means oci_close() will not close 1378 | ; oci_connect() and oci_new_connect() connections. 1379 | ; http://php.net/oci8.old-oci-close-semantics 1380 | ;oci8.old_oci_close_semantics = Off 1381 | 1382 | [PostgreSQL] 1383 | ; Allow or prevent persistent links. 1384 | ; http://php.net/pgsql.allow-persistent 1385 | pgsql.allow_persistent = On 1386 | 1387 | ; Detect broken persistent links always with pg_pconnect(). 1388 | ; Auto reset feature requires a little overheads. 1389 | ; http://php.net/pgsql.auto-reset-persistent 1390 | pgsql.auto_reset_persistent = Off 1391 | 1392 | ; Maximum number of persistent links. -1 means no limit. 1393 | ; http://php.net/pgsql.max-persistent 1394 | pgsql.max_persistent = -1 1395 | 1396 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1397 | ; http://php.net/pgsql.max-links 1398 | pgsql.max_links = -1 1399 | 1400 | ; Ignore PostgreSQL backends Notice message or not. 1401 | ; Notice message logging require a little overheads. 1402 | ; http://php.net/pgsql.ignore-notice 1403 | pgsql.ignore_notice = 0 1404 | 1405 | ; Log PostgreSQL backends Notice message or not. 1406 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1407 | ; http://php.net/pgsql.log-notice 1408 | pgsql.log_notice = 0 1409 | 1410 | [Sybase-CT] 1411 | ; Allow or prevent persistent links. 1412 | ; http://php.net/sybct.allow-persistent 1413 | sybct.allow_persistent = On 1414 | 1415 | ; Maximum number of persistent links. -1 means no limit. 1416 | ; http://php.net/sybct.max-persistent 1417 | sybct.max_persistent = -1 1418 | 1419 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1420 | ; http://php.net/sybct.max-links 1421 | sybct.max_links = -1 1422 | 1423 | ; Minimum server message severity to display. 1424 | ; http://php.net/sybct.min-server-severity 1425 | sybct.min_server_severity = 10 1426 | 1427 | ; Minimum client message severity to display. 1428 | ; http://php.net/sybct.min-client-severity 1429 | sybct.min_client_severity = 10 1430 | 1431 | ; Set per-context timeout 1432 | ; http://php.net/sybct.timeout 1433 | ;sybct.timeout= 1434 | 1435 | ;sybct.packet_size 1436 | 1437 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. 1438 | ; Default: one minute 1439 | ;sybct.login_timeout= 1440 | 1441 | ; The name of the host you claim to be connecting from, for display by sp_who. 1442 | ; Default: none 1443 | ;sybct.hostname= 1444 | 1445 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever". 1446 | ; Default: 0 1447 | ;sybct.deadlock_retry_count= 1448 | 1449 | [bcmath] 1450 | ; Number of decimal digits for all bcmath functions. 1451 | ; http://php.net/bcmath.scale 1452 | bcmath.scale = 0 1453 | 1454 | [browscap] 1455 | ; http://php.net/browscap 1456 | ;browscap = extra/browscap.ini 1457 | 1458 | [Session] 1459 | ; Handler used to store/retrieve data. 1460 | ; http://php.net/session.save-handler 1461 | session.save_handler = files 1462 | 1463 | ; Argument passed to save_handler. In the case of files, this is the path 1464 | ; where data files are stored. Note: Windows users have to change this 1465 | ; variable in order to use PHP's session functions. 1466 | ; 1467 | ; The path can be defined as: 1468 | ; 1469 | ; session.save_path = "N;/path" 1470 | ; 1471 | ; where N is an integer. Instead of storing all the session files in 1472 | ; /path, what this will do is use subdirectories N-levels deep, and 1473 | ; store the session data in those directories. This is useful if you 1474 | ; or your OS have problems with lots of files in one directory, and is 1475 | ; a more efficient layout for servers that handle lots of sessions. 1476 | ; 1477 | ; NOTE 1: PHP will not create this directory structure automatically. 1478 | ; You can use the script in the ext/session dir for that purpose. 1479 | ; NOTE 2: See the section on garbage collection below if you choose to 1480 | ; use subdirectories for session storage 1481 | ; 1482 | ; The file storage module creates files using mode 600 by default. 1483 | ; You can change that by using 1484 | ; 1485 | ; session.save_path = "N;MODE;/path" 1486 | ; 1487 | ; where MODE is the octal representation of the mode. Note that this 1488 | ; does not overwrite the process's umask. 1489 | ; http://php.net/session.save-path 1490 | ;session.save_path = "/tmp" 1491 | 1492 | ; Whether to use cookies. 1493 | ; http://php.net/session.use-cookies 1494 | session.use_cookies = 1 1495 | 1496 | ; http://php.net/session.cookie-secure 1497 | ;session.cookie_secure = 1498 | 1499 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1500 | ; the session id. We encourage this operation as it's very helpful in combatting 1501 | ; session hijacking when not specifying and managing your own session id. It is 1502 | ; not the end all be all of session hijacking defense, but it's a good start. 1503 | ; http://php.net/session.use-only-cookies 1504 | session.use_only_cookies = 1 1505 | 1506 | ; Name of the session (used as cookie name). 1507 | ; http://php.net/session.name 1508 | session.name = PHPSESSID 1509 | 1510 | ; Initialize session on request startup. 1511 | ; http://php.net/session.auto-start 1512 | session.auto_start = 0 1513 | 1514 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1515 | ; http://php.net/session.cookie-lifetime 1516 | session.cookie_lifetime = 0 1517 | 1518 | ; The path for which the cookie is valid. 1519 | ; http://php.net/session.cookie-path 1520 | session.cookie_path = / 1521 | 1522 | ; The domain for which the cookie is valid. 1523 | ; http://php.net/session.cookie-domain 1524 | session.cookie_domain = 1525 | 1526 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1527 | ; http://php.net/session.cookie-httponly 1528 | session.cookie_httponly = 1529 | 1530 | ; Handler used to serialize data. php is the standard serializer of PHP. 1531 | ; http://php.net/session.serialize-handler 1532 | session.serialize_handler = php 1533 | 1534 | ; Defines the probability that the 'garbage collection' process is started 1535 | ; on every session initialization. The probability is calculated by using 1536 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1537 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1538 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1539 | ; the gc will run on any give request. 1540 | ; Default Value: 1 1541 | ; Development Value: 1 1542 | ; Production Value: 1 1543 | ; http://php.net/session.gc-probability 1544 | session.gc_probability = 1 1545 | 1546 | ; Defines the probability that the 'garbage collection' process is started on every 1547 | ; session initialization. The probability is calculated by using the following equation: 1548 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1549 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1550 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1551 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1552 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1553 | ; this is a more efficient approach. 1554 | ; Default Value: 100 1555 | ; Development Value: 1000 1556 | ; Production Value: 1000 1557 | ; http://php.net/session.gc-divisor 1558 | session.gc_divisor = 1000 1559 | 1560 | ; After this number of seconds, stored data will be seen as 'garbage' and 1561 | ; cleaned up by the garbage collection process. 1562 | ; http://php.net/session.gc-maxlifetime 1563 | session.gc_maxlifetime = 1440 1564 | 1565 | ; NOTE: If you are using the subdirectory option for storing session files 1566 | ; (see session.save_path above), then garbage collection does *not* 1567 | ; happen automatically. You will need to do your own garbage 1568 | ; collection through a shell script, cron entry, or some other method. 1569 | ; For example, the following script would is the equivalent of 1570 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1571 | ; find /path/to/sessions -cmin +24 | xargs rm 1572 | 1573 | ; PHP 4.2 and less have an undocumented feature/bug that allows you to 1574 | ; to initialize a session variable in the global scope, even when register_globals 1575 | ; is disabled. PHP 4.3 and later will warn you, if this feature is used. 1576 | ; You can disable the feature and the warning separately. At this time, 1577 | ; the warning is only displayed, if bug_compat_42 is enabled. This feature 1578 | ; introduces some serious security problems if not handled correctly. It's 1579 | ; recommended that you do not use this feature on production servers. But you 1580 | ; should enable this on development servers and enable the warning as well. If you 1581 | ; do not enable the feature on development servers, you won't be warned when it's 1582 | ; used and debugging errors caused by this can be difficult to track down. 1583 | ; Default Value: On 1584 | ; Development Value: On 1585 | ; Production Value: Off 1586 | ; http://php.net/session.bug-compat-42 1587 | session.bug_compat_42 = Off 1588 | 1589 | ; This setting controls whether or not you are warned by PHP when initializing a 1590 | ; session value into the global space. session.bug_compat_42 must be enabled before 1591 | ; these warnings can be issued by PHP. See the directive above for more information. 1592 | ; Default Value: On 1593 | ; Development Value: On 1594 | ; Production Value: Off 1595 | ; http://php.net/session.bug-compat-warn 1596 | session.bug_compat_warn = Off 1597 | 1598 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1599 | ; HTTP_REFERER has to contain this substring for the session to be 1600 | ; considered as valid. 1601 | ; http://php.net/session.referer-check 1602 | session.referer_check = 1603 | 1604 | ; How many bytes to read from the file. 1605 | ; http://php.net/session.entropy-length 1606 | session.entropy_length = 0 1607 | 1608 | ; Specified here to create the session id. 1609 | ; http://php.net/session.entropy-file 1610 | ; On systems that don't have /dev/urandom /dev/arandom can be used 1611 | ; On windows, setting the entropy_length setting will activate the 1612 | ; Windows random source (using the CryptoAPI) 1613 | ;session.entropy_file = /dev/urandom 1614 | 1615 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1616 | ; or leave this empty to avoid sending anti-caching headers. 1617 | ; http://php.net/session.cache-limiter 1618 | session.cache_limiter = nocache 1619 | 1620 | ; Document expires after n minutes. 1621 | ; http://php.net/session.cache-expire 1622 | session.cache_expire = 180 1623 | 1624 | ; trans sid support is disabled by default. 1625 | ; Use of trans sid may risk your users security. 1626 | ; Use this option with caution. 1627 | ; - User may send URL contains active session ID 1628 | ; to other person via. email/irc/etc. 1629 | ; - URL that contains active session ID may be stored 1630 | ; in publically accessible computer. 1631 | ; - User may access your site with the same session ID 1632 | ; always using URL stored in browser's history or bookmarks. 1633 | ; http://php.net/session.use-trans-sid 1634 | session.use_trans_sid = 0 1635 | 1636 | ; Select a hash function for use in generating session ids. 1637 | ; Possible Values 1638 | ; 0 (MD5 128 bits) 1639 | ; 1 (SHA-1 160 bits) 1640 | ; This option may also be set to the name of any hash function supported by 1641 | ; the hash extension. A list of available hashes is returned by the hash_algos() 1642 | ; function. 1643 | ; http://php.net/session.hash-function 1644 | session.hash_function = 0 1645 | 1646 | ; Define how many bits are stored in each character when converting 1647 | ; the binary hash data to something readable. 1648 | ; Possible values: 1649 | ; 4 (4 bits: 0-9, a-f) 1650 | ; 5 (5 bits: 0-9, a-v) 1651 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1652 | ; Default Value: 4 1653 | ; Development Value: 5 1654 | ; Production Value: 5 1655 | ; http://php.net/session.hash-bits-per-character 1656 | session.hash_bits_per_character = 5 1657 | 1658 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1659 | ; form/fieldset are special; if you include them here, the rewriter will 1660 | ; add a hidden field with the info which is otherwise appended 1661 | ; to URLs. If you want XHTML conformity, remove the form entry. 1662 | ; Note that all valid entries require a "=", even if no value follows. 1663 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 1664 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1665 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1666 | ; http://php.net/url-rewriter.tags 1667 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 1668 | 1669 | [MSSQL] 1670 | ; Allow or prevent persistent links. 1671 | mssql.allow_persistent = On 1672 | 1673 | ; Maximum number of persistent links. -1 means no limit. 1674 | mssql.max_persistent = -1 1675 | 1676 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1677 | mssql.max_links = -1 1678 | 1679 | ; Minimum error severity to display. 1680 | mssql.min_error_severity = 10 1681 | 1682 | ; Minimum message severity to display. 1683 | mssql.min_message_severity = 10 1684 | 1685 | ; Compatibility mode with old versions of PHP 3.0. 1686 | mssql.compatability_mode = Off 1687 | 1688 | ; Connect timeout 1689 | ;mssql.connect_timeout = 5 1690 | 1691 | ; Query timeout 1692 | ;mssql.timeout = 60 1693 | 1694 | ; Valid range 0 - 2147483647. Default = 4096. 1695 | ;mssql.textlimit = 4096 1696 | 1697 | ; Valid range 0 - 2147483647. Default = 4096. 1698 | ;mssql.textsize = 4096 1699 | 1700 | ; Limits the number of records in each batch. 0 = all records in one batch. 1701 | ;mssql.batchsize = 0 1702 | 1703 | ; Specify how datetime and datetim4 columns are returned 1704 | ; On => Returns data converted to SQL server settings 1705 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss 1706 | ;mssql.datetimeconvert = On 1707 | 1708 | ; Use NT authentication when connecting to the server 1709 | mssql.secure_connection = Off 1710 | 1711 | ; Specify max number of processes. -1 = library default 1712 | ; msdlib defaults to 25 1713 | ; FreeTDS defaults to 4096 1714 | ;mssql.max_procs = -1 1715 | 1716 | ; Specify client character set. 1717 | ; If empty or not set the client charset from freetds.conf is used 1718 | ; This is only used when compiled with FreeTDS 1719 | ;mssql.charset = "ISO-8859-1" 1720 | 1721 | [Assertion] 1722 | ; Assert(expr); active by default. 1723 | ; http://php.net/assert.active 1724 | ;assert.active = On 1725 | 1726 | ; Issue a PHP warning for each failed assertion. 1727 | ; http://php.net/assert.warning 1728 | ;assert.warning = On 1729 | 1730 | ; Don't bail out by default. 1731 | ; http://php.net/assert.bail 1732 | ;assert.bail = Off 1733 | 1734 | ; User-function to be called if an assertion fails. 1735 | ; http://php.net/assert.callback 1736 | ;assert.callback = 0 1737 | 1738 | ; Eval the expression with current error_reporting(). Set to true if you want 1739 | ; error_reporting(0) around the eval(). 1740 | ; http://php.net/assert.quiet-eval 1741 | ;assert.quiet_eval = 0 1742 | 1743 | [COM] 1744 | ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs 1745 | ; http://php.net/com.typelib-file 1746 | ;com.typelib_file = 1747 | 1748 | ; allow Distributed-COM calls 1749 | ; http://php.net/com.allow-dcom 1750 | ;com.allow_dcom = true 1751 | 1752 | ; autoregister constants of a components typlib on com_load() 1753 | ; http://php.net/com.autoregister-typelib 1754 | ;com.autoregister_typelib = true 1755 | 1756 | ; register constants casesensitive 1757 | ; http://php.net/com.autoregister-casesensitive 1758 | ;com.autoregister_casesensitive = false 1759 | 1760 | ; show warnings on duplicate constant registrations 1761 | ; http://php.net/com.autoregister-verbose 1762 | ;com.autoregister_verbose = true 1763 | 1764 | ; The default character set code-page to use when passing strings to and from COM objects. 1765 | ; Default: system ANSI code page 1766 | ;com.code_page= 1767 | 1768 | [mbstring] 1769 | ; language for internal character representation. 1770 | ; http://php.net/mbstring.language 1771 | ;mbstring.language = Japanese 1772 | 1773 | ; internal/script encoding. 1774 | ; Some encoding cannot work as internal encoding. 1775 | ; (e.g. SJIS, BIG5, ISO-2022-*) 1776 | ; http://php.net/mbstring.internal-encoding 1777 | ;mbstring.internal_encoding = EUC-JP 1778 | 1779 | ; http input encoding. 1780 | ; http://php.net/mbstring.http-input 1781 | ;mbstring.http_input = auto 1782 | 1783 | ; http output encoding. mb_output_handler must be 1784 | ; registered as output buffer to function 1785 | ; http://php.net/mbstring.http-output 1786 | ;mbstring.http_output = SJIS 1787 | 1788 | ; enable automatic encoding translation according to 1789 | ; mbstring.internal_encoding setting. Input chars are 1790 | ; converted to internal encoding by setting this to On. 1791 | ; Note: Do _not_ use automatic encoding translation for 1792 | ; portable libs/applications. 1793 | ; http://php.net/mbstring.encoding-translation 1794 | ;mbstring.encoding_translation = Off 1795 | 1796 | ; automatic encoding detection order. 1797 | ; auto means 1798 | ; http://php.net/mbstring.detect-order 1799 | ;mbstring.detect_order = auto 1800 | 1801 | ; substitute_character used when character cannot be converted 1802 | ; one from another 1803 | ; http://php.net/mbstring.substitute-character 1804 | ;mbstring.substitute_character = none; 1805 | 1806 | ; overload(replace) single byte functions by mbstring functions. 1807 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1808 | ; etc. Possible values are 0,1,2,4 or combination of them. 1809 | ; For example, 7 for overload everything. 1810 | ; 0: No overload 1811 | ; 1: Overload mail() function 1812 | ; 2: Overload str*() functions 1813 | ; 4: Overload ereg*() functions 1814 | ; http://php.net/mbstring.func-overload 1815 | ;mbstring.func_overload = 0 1816 | 1817 | ; enable strict encoding detection. 1818 | ;mbstring.strict_detection = Off 1819 | 1820 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1821 | ; is activated. 1822 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1823 | ;mbstring.http_output_conv_mimetype= 1824 | 1825 | ; Allows to set script encoding. Only affects if PHP is compiled with --enable-zend-multibyte 1826 | ; Default: "" 1827 | ;mbstring.script_encoding= 1828 | 1829 | ;[gd] 1830 | ; Tell the jpeg decode to ignore warnings and try to create 1831 | ; a gd image. The warning will then be displayed as notices 1832 | ; disabled by default 1833 | ; http://php.net/gd.jpeg-ignore-warning 1834 | ;gd.jpeg_ignore_warning = 0 1835 | 1836 | [exif] 1837 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1838 | ; With mbstring support this will automatically be converted into the encoding 1839 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1840 | ; is used. For the decode settings you can distinguish between motorola and 1841 | ; intel byte order. A decode setting cannot be empty. 1842 | ; http://php.net/exif.encode-unicode 1843 | ;exif.encode_unicode = ISO-8859-15 1844 | 1845 | ; http://php.net/exif.decode-unicode-motorola 1846 | ;exif.decode_unicode_motorola = UCS-2BE 1847 | 1848 | ; http://php.net/exif.decode-unicode-intel 1849 | ;exif.decode_unicode_intel = UCS-2LE 1850 | 1851 | ; http://php.net/exif.encode-jis 1852 | ;exif.encode_jis = 1853 | 1854 | ; http://php.net/exif.decode-jis-motorola 1855 | ;exif.decode_jis_motorola = JIS 1856 | 1857 | ; http://php.net/exif.decode-jis-intel 1858 | ;exif.decode_jis_intel = JIS 1859 | 1860 | [Tidy] 1861 | ; The path to a default tidy configuration file to use when using tidy 1862 | ; http://php.net/tidy.default-config 1863 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1864 | 1865 | ; Should tidy clean and repair output automatically? 1866 | ; WARNING: Do not use this option if you are generating non-html content 1867 | ; such as dynamic images 1868 | ; http://php.net/tidy.clean-output 1869 | tidy.clean_output = Off 1870 | 1871 | [soap] 1872 | ; Enables or disables WSDL caching feature. 1873 | ; http://php.net/soap.wsdl-cache-enabled 1874 | soap.wsdl_cache_enabled=1 1875 | 1876 | ; Sets the directory name where SOAP extension will put cache files. 1877 | ; http://php.net/soap.wsdl-cache-dir 1878 | soap.wsdl_cache_dir="/tmp" 1879 | 1880 | ; (time to live) Sets the number of second while cached file will be used 1881 | ; instead of original one. 1882 | ; http://php.net/soap.wsdl-cache-ttl 1883 | soap.wsdl_cache_ttl=86400 1884 | 1885 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1886 | soap.wsdl_cache_limit = 5 1887 | 1888 | [sysvshm] 1889 | ; A default size of the shared memory segment 1890 | ;sysvshm.init_mem = 10000 1891 | 1892 | [ldap] 1893 | ; Sets the maximum number of open links or -1 for unlimited. 1894 | ldap.max_links = -1 1895 | 1896 | [mcrypt] 1897 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1898 | 1899 | ; Directory where to load mcrypt algorithms 1900 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1901 | ;mcrypt.algorithms_dir= 1902 | 1903 | ; Directory where to load mcrypt modes 1904 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1905 | ;mcrypt.modes_dir= 1906 | 1907 | [dba] 1908 | ;dba.default_handler= 1909 | 1910 | [xsl] 1911 | ; Write operations from within XSLT are disabled by default. 1912 | ; XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_WRITE_FILE = 44 1913 | ; Set it to 0 to allow all operations 1914 | ;xsl.security_prefs = 44 1915 | 1916 | ; Local Variables: 1917 | ; tab-width: 4 1918 | ; End: 1919 | [apc] 1920 | extension = apc.so 1921 | ; Options for the apc module 1922 | apc.enabled=1 1923 | apc.optimization=1 1924 | apc.shm_size=512M 1925 | apc.ttl=60 1926 | apc.user_ttl=60 1927 | apc.num_files_hint=1024 1928 | apc.mmap_file_mask=/dev/zero 1929 | apc.enable_cli=1 1930 | apc.cache_by_default=1 1931 | ; Enable apc extension module 1932 | 1933 | [redis] 1934 | extension = redis.so 1935 | 1936 | [zeromq] 1937 | extension = zmq.so 1938 | 1939 | [msgpack] 1940 | extension = msgpack.so 1941 | ; Enable bcmath extension module 1942 | ;[bcmath] 1943 | ;extension=bcmath.so 1944 | ; Enable curl extension module 1945 | ;[curl] 1946 | ;extension=curl.so 1947 | ; Enable dbase extension module 1948 | [dbase] 1949 | extension=dbase.so 1950 | ; Enable dom extension module 1951 | ;[dom] 1952 | ;extension=dom.so 1953 | ; Enable gd extension module 1954 | ;[gd] 1955 | ;extension=gd.so 1956 | ; Enable mbstring extension module 1957 | ;[mbstring] 1958 | ;extension=mbstring.so 1959 | ; Enable mcrypt extension module 1960 | [mcrtpt] 1961 | extension=mcrypt.so 1962 | ; Enable memcache extension module 1963 | [memcache] 1964 | extension=memcache.so 1965 | memcache.hash_strategy = "consistent" 1966 | memcache.hash_function = "crc32" 1967 | [mmseg] 1968 | extension=mmseg.so 1969 | mmseg.area_dic="/home/www/v2/dict/areas_ext.dic" 1970 | mmseg.area_level=2000 1971 | mmseg.comm_dic="/home/www/v2/dict/communities_ext.dic" 1972 | mmseg.comm_level=3000 1973 | 1974 | ;[eaccelerator] 1975 | ;extension="eaccelerator.so" 1976 | ;eaccelerator.shm_size="512" 1977 | ;eaccelerator.cache_dir="/opt/local/php-fpm/tmp/eaccelerator" 1978 | ;eaccelerator.enable="1" 1979 | ;eaccelerator.optimizer="1" 1980 | ;eaccelerator.check_mtime="1" 1981 | ;eaccelerator.debug="0" 1982 | ;eaccelerator.filter="" 1983 | ;eaccelerator.shm_max="0" 1984 | ;eaccelerator.shm_ttl="0" 1985 | ;eaccelerator.shm_prune_period="120" 1986 | ;eaccelerator.shm_only="0" 1987 | ;eaccelerator.compress="0" 1988 | ;eaccelerator.compress_level="9" 1989 | 1990 | ; Enable mysqli extension module 1991 | 1992 | ;[mysqli] 1993 | ;extension=mysqli.so 1994 | ; Enable mysql extension module 1995 | ;[mysql] 1996 | ;extension=mysql.so 1997 | ; Enable pdo extension module 1998 | ;[pdo] 1999 | ;extension=pdo.so 2000 | ; Enable pdo_mysql extension module 2001 | ;[pdo_mysql] 2002 | ;extension=pdo_mysql.so 2003 | ; Enable pdo_sqlite extension module 2004 | ;[pdo_sqlite] 2005 | ;extension=pdo_sqlite.so 2006 | ; Enable wddx extension module 2007 | ;[wddx] 2008 | ;extension=wddx.so 2009 | ; Enable xmlreader extension module 2010 | ;[xmlreader] 2011 | ;extension=xmlreader.so 2012 | ; Enable xmlwriter extension module 2013 | ;[xmlwriter] 2014 | ;extension=xmlwriter.so 2015 | ; Enable xsl extension module 2016 | ;[xsl] 2017 | ;extension=xsl.so 2018 | ; Enable zip extension module 2019 | ;[zip] 2020 | ;extension=zip.so 2021 | -------------------------------------------------------------------------------- /salt_configuration/files/python/init-python.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | tar xvf /root/init-python/setuptools-1.4.2.tar.gz 4 | cd setuptools-1.4.2 5 | python2.7 setup.py install && python2.7 -m easy_install pip && mv /root/init-python/pip-2.7 /usr/bin/ 6 | python 2.7 -m virtualenv || python2.7 -m pip install virtualenv && mv /root/init-python/virtualenv-2.7 /usr/bin/ 7 | -------------------------------------------------------------------------------- /salt_configuration/files/python/pip-2.7: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2.7 2 | # EASY-INSTALL-ENTRY-SCRIPT: 'pip==1.4.1','console_scripts','pip-2.7' 3 | __requires__ = 'pip==1.4.1' 4 | import sys 5 | from pkg_resources import load_entry_point 6 | 7 | if __name__ == '__main__': 8 | sys.exit( 9 | load_entry_point('pip==1.4.1', 'console_scripts', 'pip-2.7')() 10 | ) 11 | -------------------------------------------------------------------------------- /salt_configuration/files/python/setuptools-1.4.2.tar.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kerncai/saltstack/841807b6979b6f59cda26ce89b72f0ffbd9bd5fd/salt_configuration/files/python/setuptools-1.4.2.tar.gz -------------------------------------------------------------------------------- /salt_configuration/files/python/virtualenv-2.7: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python2.7 2 | # EASY-INSTALL-ENTRY-SCRIPT: 'virtualenv','console_scripts','virtualenv-2.7' 3 | __requires__ = 'virtualenv' 4 | import sys 5 | from pkg_resources import load_entry_point 6 | 7 | if __name__ == '__main__': 8 | sys.exit( 9 | load_entry_point('virtualenv', 'console_scripts', 'virtualenv-2.7')() 10 | ) 11 | -------------------------------------------------------------------------------- /salt_configuration/files/salt-minion/minion: -------------------------------------------------------------------------------- 1 | ##### Primary configuration settings ##### 2 | ########################################## 3 | 4 | # Per default the minion will automatically include all config files 5 | # from minion.d/*.conf (minion.d is a directory in the same directory 6 | # as the main minion config file). 7 | #default_include: minion.d/*.conf 8 | 9 | # Set the location of the salt master server, if the master server cannot be 10 | # resolved, then the minion will fail to start. 11 | master: salt 12 | 13 | # Set whether the minion should connect to the master via IPv6 14 | #ipv6: False 15 | 16 | # Set the number of seconds to wait before attempting to resolve 17 | # the master hostname if name resolution fails. Defaults to 30 seconds. 18 | # Set to zero if the minion should shutdown and not retry. 19 | # retry_dns: 30 20 | 21 | # Set the port used by the master reply and authentication server 22 | #master_port: 4506 23 | 24 | # The user to run salt 25 | #user: root 26 | 27 | # Specify the location of the daemon process ID file 28 | #pidfile: /var/run/salt-minion.pid 29 | 30 | # The root directory prepended to these options: pki_dir, cachedir, log_file, 31 | # sock_dir, pidfile. 32 | #root_dir: / 33 | 34 | # The directory to store the pki information in 35 | #pki_dir: /etc/salt/pki/minion 36 | 37 | # Explicitly declare the id for this minion to use, if left commented the id 38 | # will be the hostname as returned by the python call: socket.getfqdn() 39 | # Since salt uses detached ids it is possible to run multiple minions on the 40 | # same machine but with different ids, this can be useful for salt compute 41 | # clusters. 42 | #id: 43 | 44 | # Append a domain to a hostname in the event that it does not exist. This is 45 | # useful for systems where socket.getfqdn() does not actually result in a 46 | # FQDN (for instance, Solaris). 47 | #append_domain: 48 | 49 | # Custom static grains for this minion can be specified here and used in SLS 50 | # files just like all other grains. This example sets 4 custom grains, with 51 | # the 'roles' grain having two values that can be matched against: 52 | #grains: 53 | # roles: 54 | # - webserver 55 | # - memcache 56 | # deployment: datacenter4 57 | # cabinet: 13 58 | # cab_u: 14-15 59 | 60 | # Where cache data goes 61 | #cachedir: /var/cache/salt/minion 62 | 63 | # Verify and set permissions on configuration directories at startup 64 | #verify_env: True 65 | 66 | # The minion can locally cache the return data from jobs sent to it, this 67 | # can be a good way to keep track of jobs the minion has executed 68 | # (on the minion side). By default this feature is disabled, to enable 69 | # set cache_jobs to True 70 | #cache_jobs: False 71 | 72 | # set the directory used to hold unix sockets 73 | #sock_dir: /var/run/salt/minion 74 | 75 | # Set the default outputter used by the salt-call command. The default is 76 | # "nested" 77 | #output: nested 78 | # 79 | # By default output is colored, to disable colored output set the color value 80 | # to False 81 | #color: True 82 | 83 | # Backup files that are replaced by file.managed and file.recurse under 84 | # 'cachedir'/file_backups relative to their original location and appended 85 | # with a timestamp. The only valid setting is "minion". Disabled by default. 86 | # 87 | # Alternatively this can be specified for each file in state files: 88 | # 89 | # /etc/ssh/sshd_config: 90 | # file.managed: 91 | # - source: salt://ssh/sshd_config 92 | # - backup: minion 93 | # 94 | backup_mode: minion 95 | 96 | # When waiting for a master to accept the minion's public key, salt will 97 | # continuously attempt to reconnect until successful. This is the time, in 98 | # seconds, between those reconnection attempts. 99 | #acceptance_wait_time: 10 100 | 101 | # If this is nonzero, the time between reconnection attempts will increase by 102 | # acceptance_wait_time seconds per iteration, up to this maximum. If this is 103 | # set to zero, the time between reconnection attempts will stay constant. 104 | #acceptance_wait_time_max: 0 105 | 106 | # When the master key changes, the minion will try to re-auth itself to receive 107 | # the new master key. In larger environments this can cause a SYN flood on the 108 | # master because all minions try to re-auth immediately. To prevent this and 109 | # have a minion wait for a random amount of time, use this optional parameter. 110 | # The wait-time will be a random number of seconds between 111 | # 0 and the defined value. 112 | #random_reauth_delay: 60 113 | 114 | 115 | # If you don't have any problems with syn-floods, dont bother with the 116 | # three recon_* settings described below, just leave the defaults! 117 | # 118 | # The ZeroMQ pull-socket that binds to the masters publishing interface tries 119 | # to reconnect immediately, if the socket is disconnected (for example if 120 | # the master processes are restarted). In large setups this will have all 121 | # minions reconnect immediately which might flood the master (the ZeroMQ-default 122 | # is usually a 100ms delay). To prevent this, these three recon_* settings 123 | # can be used. 124 | # 125 | # recon_default: the interval in milliseconds that the socket should wait before 126 | # trying to reconnect to the master (100ms = 1 second) 127 | # 128 | # recon_max: the maximum time a socket should wait. each interval the time to wait 129 | # is calculated by doubling the previous time. if recon_max is reached, 130 | # it starts again at recon_default. Short example: 131 | # 132 | # reconnect 1: the socket will wait 'recon_default' milliseconds 133 | # reconnect 2: 'recon_default' * 2 134 | # reconnect 3: ('recon_default' * 2) * 2 135 | # reconnect 4: value from previous interval * 2 136 | # reconnect 5: value from previous interval * 2 137 | # reconnect x: if value >= recon_max, it starts again with recon_default 138 | # 139 | # recon_randomize: generate a random wait time on minion start. The wait time will 140 | # be a random value between recon_default and recon_default + 141 | # recon_max. Having all minions reconnect with the same recon_default 142 | # and recon_max value kind of defeats the purpose of being able to 143 | # change these settings. If all minions have the same values and your 144 | # setup is quite large (several thousand minions), they will still 145 | # flood the master. The desired behaviour is to have timeframe within 146 | # all minions try to reconnect. 147 | 148 | # Example on how to use these settings: 149 | # The goal: have all minions reconnect within a 60 second timeframe on a disconnect 150 | # 151 | # The settings: 152 | #recon_default: 1000 153 | #recon_max: 59000 154 | #recon_randomize: True 155 | # 156 | # Each minion will have a randomized reconnect value between 'recon_default' 157 | # and 'recon_default + recon_max', which in this example means between 1000ms 158 | # 60000ms (or between 1 and 60 seconds). The generated random-value will be 159 | # doubled after each attempt to reconnect. Lets say the generated random 160 | # value is 11 seconds (or 11000ms). 161 | # 162 | # reconnect 1: wait 11 seconds 163 | # reconnect 2: wait 22 seconds 164 | # reconnect 3: wait 33 seconds 165 | # reconnect 4: wait 44 seconds 166 | # reconnect 5: wait 55 seconds 167 | # reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max) 168 | # reconnect 7: wait 11 seconds 169 | # reconnect 8: wait 22 seconds 170 | # reconnect 9: wait 33 seconds 171 | # reconnect x: etc. 172 | # 173 | # In a setup with ~6000 thousand hosts these settings would average the reconnects 174 | # to about 100 per second and all hosts would be reconnected within 60 seconds. 175 | #recon_default: 100 176 | #recon_max: 5000 177 | #recon_randomize: False 178 | 179 | # The loop_interval sets how long in seconds the minion will wait between 180 | # evaluating the scheduler and running cleanup tasks. This defaults to a 181 | # sane 60 seconds, but if the minion scheduler needs to be evaluated more 182 | # often lower this value 183 | #loop_interval: 60 184 | 185 | # When healing, a dns_check is run. This is to make sure that the originally 186 | # resolved dns has not changed. If this is something that does not happen in 187 | # your environment, set this value to False. 188 | #dns_check: True 189 | 190 | # Windows platforms lack posix IPC and must rely on slower TCP based inter- 191 | # process communications. Set ipc_mode to 'tcp' on such systems 192 | #ipc_mode: ipc 193 | # 194 | # Overwrite the default tcp ports used by the minion when in tcp mode 195 | #tcp_pub_port: 4510 196 | #tcp_pull_port: 4511 197 | 198 | # The minion can include configuration from other files. To enable this, 199 | # pass a list of paths to this option. The paths can be either relative or 200 | # absolute; if relative, they are considered to be relative to the directory 201 | # the main minion configuration file lives in (this file). Paths can make use 202 | # of shell-style globbing. If no files are matched by a path passed to this 203 | # option then the minion will log a warning message. 204 | # 205 | # 206 | # Include a config file from some other path: 207 | # include: /etc/salt/extra_config 208 | # 209 | # Include config from several files and directories: 210 | #include: 211 | # - /etc/salt/extra_config 212 | # - /etc/roles/webserver 213 | 214 | ##### Minion module management ##### 215 | ########################################## 216 | # Disable specific modules. This allows the admin to limit the level of 217 | # access the master has to the minion 218 | #disable_modules: [cmd,test] 219 | #disable_returners: [] 220 | # 221 | # Modules can be loaded from arbitrary paths. This enables the easy deployment 222 | # of third party modules. Modules for returners and minions can be loaded. 223 | # Specify a list of extra directories to search for minion modules and 224 | # returners. These paths must be fully qualified! 225 | #module_dirs: [] 226 | #returner_dirs: [] 227 | #states_dirs: [] 228 | #render_dirs: [] 229 | # 230 | # A module provider can be statically overwritten or extended for the minion 231 | # via the providers option, in this case the default module will be 232 | # overwritten by the specified module. In this example the pkg module will 233 | # be provided by the yumpkg5 module instead of the system default. 234 | # 235 | #providers: 236 | # pkg: yumpkg5 237 | # 238 | # Enable Cython modules searching and loading. (Default: False) 239 | #cython_enable: False 240 | # 241 | 242 | ##### State Management Settings ##### 243 | ########################################### 244 | # The state management system executes all of the state templates on the minion 245 | # to enable more granular control of system state management. The type of 246 | # template and serialization used for state management needs to be configured 247 | # on the minion, the default renderer is yaml_jinja. This is a yaml file 248 | # rendered from a jinja template, the available options are: 249 | # yaml_jinja 250 | # yaml_mako 251 | # yaml_wempy 252 | # json_jinja 253 | # json_mako 254 | # json_wempy 255 | # 256 | #renderer: yaml_jinja 257 | # 258 | # The failhard option tells the minions to stop immediately after the first 259 | # failure detected in the state execution, defaults to False 260 | #failhard: False 261 | # 262 | # autoload_dynamic_modules Turns on automatic loading of modules found in the 263 | # environments on the master. This is turned on by default, to turn of 264 | # autoloading modules when states run set this value to False 265 | #autoload_dynamic_modules: True 266 | # 267 | # clean_dynamic_modules keeps the dynamic modules on the minion in sync with 268 | # the dynamic modules on the master, this means that if a dynamic module is 269 | # not on the master it will be deleted from the minion. By default this is 270 | # enabled and can be disabled by changing this value to False 271 | #clean_dynamic_modules: True 272 | # 273 | # Normally the minion is not isolated to any single environment on the master 274 | # when running states, but the environment can be isolated on the minion side 275 | # by statically setting it. Remember that the recommended way to manage 276 | # environments is to isolate via the top file. 277 | #environment: None 278 | # 279 | # If using the local file directory, then the state top file name needs to be 280 | # defined, by default this is top.sls. 281 | #state_top: top.sls 282 | # 283 | # Run states when the minion daemon starts. To enable, set startup_states to: 284 | # 'highstate' -- Execute state.highstate 285 | # 'sls' -- Read in the sls_list option and execute the named sls files 286 | # 'top' -- Read top_file option and execute based on that file on the Master 287 | #startup_states: '' 288 | # 289 | # list of states to run when the minion starts up if startup_states is 'sls' 290 | #sls_list: 291 | # - edit.vim 292 | # - hyper 293 | # 294 | # top file to execute if startup_states is 'top' 295 | #top_file: '' 296 | 297 | ##### File Directory Settings ##### 298 | ########################################## 299 | # The Salt Minion can redirect all file server operations to a local directory, 300 | # this allows for the same state tree that is on the master to be used if 301 | # copied completely onto the minion. This is a literal copy of the settings on 302 | # the master but used to reference a local directory on the minion. 303 | 304 | # Set the file client. The client defaults to looking on the master server for 305 | # files, but can be directed to look at the local file directory setting 306 | # defined below by setting it to local. 307 | #file_client: remote 308 | 309 | # The file directory works on environments passed to the minion, each environment 310 | # can have multiple root directories, the subdirectories in the multiple file 311 | # roots cannot match, otherwise the downloaded files will not be able to be 312 | # reliably ensured. A base environment is required to house the top file. 313 | # Example: 314 | # file_roots: 315 | # base: 316 | # - /srv/salt/ 317 | # dev: 318 | # - /srv/salt/dev/services 319 | # - /srv/salt/dev/states 320 | # prod: 321 | # - /srv/salt/prod/services 322 | # - /srv/salt/prod/states 323 | # 324 | #file_roots: 325 | # base: 326 | # - /srv/salt 327 | 328 | # The hash_type is the hash to use when discovering the hash of a file in 329 | # the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 330 | # and sha512 are also supported. 331 | #hash_type: md5 332 | 333 | # The Salt pillar is searched for locally if file_client is set to local. If 334 | # this is the case, and pillar data is defined, then the pillar_roots need to 335 | # also be configured on the minion: 336 | #pillar_roots: 337 | # base: 338 | # - /srv/pillar 339 | 340 | ###### Security settings ##### 341 | ########################################### 342 | # Enable "open mode", this mode still maintains encryption, but turns off 343 | # authentication, this is only intended for highly secure environments or for 344 | # the situation where your keys end up in a bad state. If you run in open mode 345 | # you do so at your own risk! 346 | #open_mode: False 347 | 348 | # Enable permissive access to the salt keys. This allows you to run the 349 | # master or minion as root, but have a non-root group be given access to 350 | # your pki_dir. To make the access explicit, root must belong to the group 351 | # you've given access to. This is potentially quite insecure. 352 | #permissive_pki_access: False 353 | 354 | # The state_verbose and state_output settings can be used to change the way 355 | # state system data is printed to the display. By default all data is printed. 356 | # The state_verbose setting can be set to True or False, when set to False 357 | # all data that has a result of True and no changes will be suppressed. 358 | #state_verbose: True 359 | # 360 | # The state_output setting changes if the output is the full multi line 361 | # output for each changed state if set to 'full', but if set to 'terse' 362 | # the output will be shortened to a single line. 363 | #state_output: full 364 | # 365 | # Fingerprint of the master public key to double verify the master is valid, 366 | # the master fingerprint can be found by running "salt-key -F master" on the 367 | # salt master. 368 | #master_finger: '' 369 | 370 | ###### Thread settings ##### 371 | ########################################### 372 | # Disable multiprocessing support, by default when a minion receives a 373 | # publication a new process is spawned and the command is executed therein. 374 | #multiprocessing: True 375 | 376 | ##### Logging settings ##### 377 | ########################################## 378 | # The location of the minion log file 379 | # The minion log can be sent to a regular file, local path name, or network 380 | # location. Remote logging works best when configured to use rsyslogd(8) (e.g.: 381 | # ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI 382 | # format is: ://:/ 383 | #log_file: /var/log/salt/minion 384 | #log_file: file:///dev/log 385 | #log_file: udp://loghost:10514 386 | # 387 | #log_file: /var/log/salt/minion 388 | #key_logfile: /var/log/salt/key 389 | # 390 | # The level of messages to send to the console. 391 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. 392 | # Default: 'warning' 393 | #log_level: warning 394 | # 395 | # The level of messages to send to the log file. 396 | # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. 397 | # Default: 'warning' 398 | #log_level_logfile: 399 | 400 | # The date and time format used in log messages. Allowed date/time formating 401 | # can be seen here: http://docs.python.org/library/time.html#time.strftime 402 | #log_datefmt: '%H:%M:%S' 403 | #log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' 404 | # 405 | # The format of the console logging messages. Allowed formatting options can 406 | # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes 407 | #log_fmt_console: '[%(levelname)-8s] %(message)s' 408 | #log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' 409 | # 410 | # This can be used to control logging levels more specificically. This 411 | # example sets the main salt library at the 'warning' level, but sets 412 | # 'salt.modules' to log at the 'debug' level: 413 | # log_granular_levels: 414 | # 'salt': 'warning', 415 | # 'salt.modules': 'debug' 416 | # 417 | #log_granular_levels: {} 418 | 419 | ###### Module configuration ##### 420 | ########################################### 421 | # Salt allows for modules to be passed arbitrary configuration data, any data 422 | # passed here in valid yaml format will be passed on to the salt minion modules 423 | # for use. It is STRONGLY recommended that a naming convention be used in which 424 | # the module name is followed by a . and then the value. Also, all top level 425 | # data must be applied via the yaml dict construct, some examples: 426 | # 427 | # You can specify that all modules should run in test mode: 428 | #test: True 429 | # 430 | # A simple value for the test module: 431 | #test.foo: foo 432 | # 433 | # A list for the test module: 434 | #test.bar: [baz,quo] 435 | # 436 | # A dict for the test module: 437 | #test.baz: {spam: sausage, cheese: bread} 438 | 439 | 440 | ###### Update settings ###### 441 | ########################################### 442 | # Using the features in Esky, a salt minion can both run as a frozen app and 443 | # be updated on the fly. These options control how the update process 444 | # (saltutil.update()) behaves. 445 | # 446 | # The url for finding and downloading updates. Disabled by default. 447 | #update_url: False 448 | # 449 | # The list of services to restart after a successful update. Empty by default. 450 | #update_restart_services: [] 451 | 452 | 453 | ###### Keepalive settings ###### 454 | ############################################ 455 | # ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by 456 | # the OS. If connections between the minion and the master pass through 457 | # a state tracking device such as a firewall or VPN gateway, there is 458 | # the risk that it could tear down the connection the master and minion 459 | # without informing either party that their connection has been taken away. 460 | # Enabling TCP Keepalives prevents this from happening. 461 | # 462 | # Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) 463 | # or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. 464 | #tcp_keepalive: True 465 | # 466 | # How long before the first keepalive should be sent in seconds. Default 300 467 | # to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds 468 | # on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. 469 | #tcp_keepalive_idle: 300 470 | # 471 | # How many lost probes are needed to consider the connection lost. Default -1 472 | # to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. 473 | #tcp_keepalive_cnt: -1 474 | # 475 | # How often, in seconds, to send keepalives after the first one. Default -1 to 476 | # use OS defaults, typically 75 seconds on Linux, see 477 | # /proc/sys/net/ipv4/tcp_keepalive_intvl. 478 | #tcp_keepalive_intvl: -1 479 | 480 | 481 | ###### Windows Software settings ###### 482 | ############################################ 483 | # Location of the repository cache file on the master 484 | #win_repo_cachefile: 'salt://win/repo/winrepo.p' 485 | -------------------------------------------------------------------------------- /salt_configuration/files/squid/rm_cache_swap_log.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | LOG_PATH=/var/log/squid 3 | CODE=`du -sh ${LOG_PATH} | sed 's/\(.*\)G.*/\1/'` 4 | 5 | if [ ${CODE} -gt 14 ];then 6 | 7 | > ${LOG_PATH}/cache_swap_log.05 8 | > ${LOG_PATH}/cache_swap_log.04 9 | 10 | fi 11 | -------------------------------------------------------------------------------- /salt_configuration/files/squid/root: -------------------------------------------------------------------------------- 1 | 0 2 * * * /bin/bash /root/scripts/rm_cache_swap_log.sh 2 | -------------------------------------------------------------------------------- /salt_configuration/files/squid/squid: -------------------------------------------------------------------------------- 1 | ######################################################################### 2 | #File Name: squid.sh 3 | #this script is used to start or shutdown the squid! 4 | #Author: kerncai 5 | #mail: kernkerncai@gmail.com 6 | #Created Time: 2013年12月13日 星期五 16时56分05秒 7 | ######################################################################### 8 | #!/bin/bash 9 | #squid=/usr/local/squid-2.7/sbin/squid 10 | #squid_config=/usr/local/squid-2.7/etc/squid.conf 11 | #squid_pid=/var/run/squid.pid 12 | 13 | PATH=/usr/bin:/sbin:/bin:/usr/sbin 14 | export PATH 15 | 16 | # Source function library. 17 | . /etc/rc.d/init.d/functions 18 | 19 | # Source networking configuration. 20 | . /etc/sysconfig/network 21 | 22 | #SQUID_OPTS=${SQUID_OPTS:-"-D"} 23 | #Open the DNS whether demand 24 | 25 | # don't raise an error if the config file is incomplete 26 | # set defaults instead: 27 | SQUID_PIDFILE_TIMEOUT=${SQUID_PIDFILE_TIMEOUT:-20} 28 | SQUID_SHUTDOWN_TIMEOUT=${SQUID_SHUTDOWN_TIMEOUT:-100} 29 | 30 | squid=/usr/local/squid-2.7/sbin/squid 31 | squid_config=/usr/local/squid-2.7/etc/squid.conf 32 | squid_pid=/var/run/squid.pid 33 | pid=`cat /var/run/squid.pid` 34 | # determine the name of the squid binary 35 | [ -f $squid ] && prog="squid" 36 | 37 | # determine which one is the cache_swap directory 38 | CACHE_SWAP=`sed -e 's/#.*//g' $squid_config | grep cache_dir | awk '{ print $3 }'` 39 | 40 | [ -z "$CACHE_SWAP" ] && CACHE_SWAP=/var/log/squid 41 | 42 | RETVAL=0 43 | 44 | start() { 45 | if [ ! -f $squid_config ]; then 46 | echo "Configuration file $squid_config does not exist" 1>&2 47 | exit 6 48 | fi 49 | if [ -z "$squid" ]; then 50 | echo "Insufficient privilege" 1>&2 51 | exit 4 52 | fi 53 | for adir in $CACHE_SWAP; do 54 | if [ ! -d $adir/00 ]; then 55 | echo -n "init_cache_dir $adir... " 56 | $squid -z -f $squid_config >> /data1/logs/squid/cache.log 57 | fi 58 | done 59 | echo -n $"Starting $prog: " 60 | $squid $SQUID_OPTS -s -f $squid_config >> /data1/logs/squid/cache.log 2>&1 61 | RETVAL=$? 62 | if [ $RETVAL -eq 0 ]; then 63 | timeout=0; 64 | while : ; do 65 | [ ! -f $squid_pid ] || break 66 | if [ $timeout -ge $SQUID_PIDFILE_TIMEOUT ]; then 67 | RETVAL=1 68 | break 69 | fi 70 | sleep 1 71 | timeout=$((timeout+1)) 72 | done 73 | fi 74 | [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog 75 | [ $RETVAL -eq 0 ] && echo_success 76 | [ $RETVAL -ne 0 ] && echo_failure 77 | [ $RETVAL -ne 0 ] && echo "The squid is running PID $pid" 78 | echo 79 | return $RETVAL 80 | } 81 | 82 | stop() { 83 | echo -n $"Stopping $prog: " 84 | $squid -k check -f $squid_config >> /data1/logs/squid/cache.log 2>&1 85 | RETVAL=$? 86 | if [ $RETVAL -eq 0 ] ; then 87 | $squid -k shutdown -f $squid_config & 88 | rm -f /var/lock/subsys/$prog 89 | timeout=0 90 | while : ; do 91 | [ -f $squid_pid ] || break 92 | if [ $timeout -ge $SQUID_SHUTDOWN_TIMEOUT ]; then 93 | echo 94 | return 1 95 | fi 96 | sleep 2 97 | timeout=$((timeout+2)) 98 | done 99 | echo_success 100 | echo 101 | else 102 | echo_failure 103 | if [ ! -e /var/lock/subsys/$prog ]; then 104 | RETVAL=0 105 | fi 106 | echo 107 | fi 108 | return $RETVAL 109 | } 110 | 111 | reload() { 112 | $squid -k reconfigure -f $squid_config 113 | echo -n $"reload_config $prog: " 114 | echo_success 115 | echo 116 | } 117 | 118 | restart() { 119 | stop 120 | sleep 5 121 | start 122 | } 123 | 124 | condrestart() { 125 | [ -e /var/lock/subsys/squid ] && restart || : 126 | } 127 | 128 | configtest() { 129 | $squid -k parse -f $squid_config 130 | echo -n $"The configuration file $squid_config $prog is " 131 | echo_success 132 | echo 133 | } 134 | 135 | 136 | rhstatus() { 137 | status $squid && $squid -k check -f $squid_config 138 | } 139 | 140 | probe() { 141 | return 0 142 | } 143 | 144 | case "$1" in 145 | start) 146 | start 147 | ;; 148 | 149 | stop) 150 | stop 151 | ;; 152 | 153 | reload) 154 | reload 155 | ;; 156 | 157 | restart) 158 | restart 159 | ;; 160 | 161 | configtest) 162 | configtest 163 | ;; 164 | 165 | condrestart) 166 | condrestart 167 | ;; 168 | 169 | status) 170 | rhstatus 171 | ;; 172 | 173 | probe) 174 | exit 0 175 | ;; 176 | 177 | *) 178 | echo $"Usage: $0 {configtest|start|stop|status|reload|restart|condrestart}" 179 | exit 2 180 | esac 181 | 182 | exit $? 183 | -------------------------------------------------------------------------------- /salt_configuration/files/squid/squid.conf: -------------------------------------------------------------------------------- 1 | {% if grains['ip_interfaces'].get('eth0')[0].startswith('10.20') %} 2 | 3 | ## ACCESS CONTROLS 4 | #IDC20 image cache 5 | acl all src all 6 | acl manager proto cache_object 7 | acl localhost src 127.0.0.1/32 8 | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 9 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 10 | acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 11 | acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 12 | 13 | acl SSL_ports port 443 # 14 | acl Safe_ports port 80 # http 15 | acl Safe_ports port 21 # ftp 16 | acl Safe_ports port 443 # https 17 | acl Safe_ports port 70 # gopher 18 | acl Safe_ports port 210 # wais 19 | acl Safe_ports port 1025-65535 # unregistered ports 20 | acl Safe_ports port 280 # http-mgmt 21 | acl Safe_ports port 488 # gss-http 22 | acl Safe_ports port 591 # filemaker 23 | acl Safe_ports port 777 # multiling http 24 | 25 | acl CONNECT method CONNECT 26 | acl PURGE method PURGE 27 | 28 | #http_access allow manager localnet 29 | #http_access deny manager 30 | http_access allow manager all 31 | http_access deny !Safe_ports 32 | http_access deny CONNECT !SSL_ports 33 | http_access allow PURGE localnet 34 | http_access allow all 35 | icp_access allow localnet 36 | icp_access deny all 37 | 38 | 39 | ## NETWORK OPTIONS 40 | http_port 3128 transparent 41 | 42 | ## OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM 43 | cache_peer 10.20.10.100 parent 8080 0 no-query originserver login=PASS name=idc1021 44 | 45 | cache_peer_domain idc1021 .ajkimg.com 46 | cache_peer_domain idc1021 images16.anj24ic.com 47 | cache_peer_domain idc1021 images18.anj24tatic.com 48 | 49 | ## MEMORY CACHE OPTIONS 50 | cache_mem {{ grains['cache_mem_size'] }} GB 51 | ## DISK CACHE OPTIONS 52 | cache_dir aufs /cache1 {{ grains['cache_disk_size'] }} 16 256 53 | cache_dir aufs /cache2 {{ grains['cache_disk_size'] }} 16 256 54 | cache_dir aufs /cache3 {{ grains['cache_disk_size'] }} 16 256 55 | 56 | ## LOGFILE OPTIONS 57 | logformat combined %tr %>a %h" "%{User-Agent}>h" %Ss:%Sh 58 | access_log /data1/logs/squid/access.log combined 59 | cache_log /data1/logs/squid/cache.log 60 | cache_store_log /data1/logs/squid/store.log 61 | logfile_rotate 0 62 | strip_query_terms off 63 | pid_filename /var/run/squid.pid 64 | ## OPTIONS FOR TUNING THE CACHE 65 | refresh_pattern . 43200 100% 43200 ignore-reload 66 | negative_ttl 0 seconds 67 | 68 | ## ADMINISTRATIVE PARAMETERS 69 | cache_effective_user squid 70 | cache_effective_group squid 71 | visible_hostname {{ grains['host'] }} 72 | 73 | ## SNMP OPTIONS 74 | acl snmpcommunity snmp_community public 75 | snmp_port 3401 76 | snmp_access allow snmpcommunity localnet localhost 77 | snmp_access deny all 78 | 79 | ## OPTIONS INFLUENCING REQUEST FORWARDING 80 | never_direct allow all 81 | 82 | 83 | {% else %} 84 | 85 | #IDC10 js/html/ cache 86 | ## ACCESS CONTROLS 87 | acl all src all 88 | acl manager proto cache_object 89 | acl localhost src 127.0.0.1/32 90 | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 91 | acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 92 | acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 93 | acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 94 | 95 | acl SSL_ports port 443 96 | acl Safe_ports port 80 # http 97 | acl Safe_ports port 21 # ftp 98 | acl Safe_ports port 443 # https 99 | acl Safe_ports port 70 # gopher 100 | acl Safe_ports port 210 # wais 101 | acl Safe_ports port 1025-65535 # unregistered ports 102 | acl Safe_ports port 280 # http-mgmt 103 | acl Safe_ports port 488 # gss-http 104 | acl Safe_ports port 591 # filemaker 105 | acl Safe_ports port 777 # multiling http 106 | 107 | acl CONNECT method CONNECT 108 | acl PURGE method PURGE 109 | 110 | http_access allow manager localnet 111 | http_access deny manager 112 | http_access deny !Safe_ports 113 | http_access deny CONNECT !SSL_ports 114 | http_access allow PURGE localnet 115 | http_access allow all 116 | icp_access allow localnet 117 | icp_access deny all 118 | 119 | 120 | ## NETWORK OPTIONS 121 | http_port 3128 transparent 122 | 123 | ## OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM 124 | cache_peer 10.10.6.7 parent 80 0 no-query originserver login=PASS name=test 125 | #cache_peer 10.10.6.6 parent 80 0 no-query originserver login=PASS name=IDC10_IN 126 | 127 | cache_peer_domain test .454om 128 | cache_peer_domain test .ai45.com 129 | cache_peer_domain test .hao454zu.com 130 | cache_peer_domain test .ji45u.com 131 | #cache_peer_domain IDC1455450_EX inc.232434b456bs.123cdn.com 132 | #cache_peer_domain IDC154540_EX pages.h64545n.com 133 | #cache_peer_domain IDC4545410_IN inc.64.com 134 | 135 | ## MEMORY CACHE OPTIONS 136 | cache_mem {{ grains['cache_mem_size'] }} GB 137 | 138 | ## DISK CACHE OPTIONS 139 | cache_dir aufs /data1/squid 51200 16 256 140 | 141 | ## LOGFILE OPTIONS 142 | logformat combined %tr %>a %h" "%{User-Agent}>h" %Ss:%Sh 143 | access_log /data1/logs/squid/access.log combined 144 | cache_log /data1/logs/squid/cache.log 145 | cache_store_log /data1/logs/squid/store.log 146 | logfile_rotate 0 147 | strip_query_terms off 148 | 149 | ## OPTIONS FOR TUNING THE CACHE 150 | refresh_pattern . 43200 100% 43200 ignore-reload 151 | negative_ttl 0 seconds 152 | 153 | ## ADMINISTRATIVE PARAMETERS 154 | cache_effective_user squid 155 | cache_effective_group squid 156 | visible_hostname {{ grains['host'] }} 157 | 158 | ## SNMP OPTIONS 159 | acl snmpcommunity snmp_community public 160 | snmp_port 3401 161 | snmp_access allow snmpcommunity localnet localhost 162 | snmp_access deny all 163 | 164 | ## OPTIONS INFLUENCING REQUEST FORWARDING 165 | never_direct allow all 166 | {% endif %} 167 | -------------------------------------------------------------------------------- /salt_configuration/files/squid/squid_log: -------------------------------------------------------------------------------- 1 | /data1/logs/squid/*.log { 2 | daily 3 | rotate 7 4 | copytruncate 5 | create 644 squid squid 6 | compress 7 | dateext 8 | ifempty 9 | missingok 10 | postrotate 11 | [ ! -f /usr/local/squid-2.7/var/logs/squid.pid ] || /usr/local/squid-2.7/sbin/squid -k rotate && /bin/chmod 644 /data1/logs/squid/*.log* 12 | endscript 13 | } 14 | 15 | -------------------------------------------------------------------------------- /salt_configuration/files/system/limits.conf: -------------------------------------------------------------------------------- 1 | # /etc/security/limits.conf 2 | # 3 | #Each line describes a limit for a user in the form: 4 | # 5 | # 6 | # 7 | #Where: 8 | # can be: 9 | # - an user name 10 | # - a group name, with @group syntax 11 | # - the wildcard *, for default entry 12 | # - the wildcard %, can be also used with %group syntax, 13 | # for maxlogin limit 14 | # 15 | # can have the two values: 16 | # - "soft" for enforcing the soft limits 17 | # - "hard" for enforcing hard limits 18 | # 19 | # can be one of the following: 20 | # - core - limits the core file size (KB) 21 | # - data - max data size (KB) 22 | # - fsize - maximum filesize (KB) 23 | # - memlock - max locked-in-memory address space (KB) 24 | # - nofile - max number of open files 25 | # - rss - max resident set size (KB) 26 | # - stack - max stack size (KB) 27 | # - cpu - max CPU time (MIN) 28 | # - nproc - max number of processes 29 | # - as - address space limit 30 | # - maxlogins - max number of logins for this user 31 | # - maxsyslogins - max number of logins on the system 32 | # - priority - the priority to run user process with 33 | # - locks - max number of file locks the user can hold 34 | # - sigpending - max number of pending signals 35 | # - msgqueue - max memory used by POSIX message queues (bytes) 36 | # - nice - max nice priority allowed to raise to 37 | # - rtprio - max realtime priority 38 | # 39 | # 40 | # 41 | * soft nofile 265535 42 | * hard nofile 265535 43 | 44 | #* soft core 0 45 | #* hard rss 10000 46 | #@student hard nproc 20 47 | #@faculty soft nproc 20 48 | #@faculty hard nproc 50 49 | #ftp hard nproc 0 50 | #@student - maxlogins 4 51 | 52 | # End of file 53 | -------------------------------------------------------------------------------- /salt_configuration/files/system/motd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #define the filename to use as output 3 | motd="/etc/motd" 4 | # Collect useful information about your system 5 | # $USER is automatically defined 6 | HOSTNAME=`uname -n` 7 | KERNEL=`uname -r` 8 | #CPU=`uname -p` 9 | MODEL=`dmidecode -s system-product-name` 10 | ARCH=`uname -m` 11 | MEM=`free -m|sed -n "2p" |awk '{print $2}'` 12 | CPU=`cat /proc/cpuinfo |awk -F: '$0~/model name/{print $2}'|head -n 1|sed '1,$s/ //g'` 13 | CPUNUM=`cat /proc/cpuinfo |awk -F: '$1~/processor/'|wc -l` 14 | VIDEO=`lspci | grep -i 'VGA' |awk -F":" '{print $3}'` 15 | SYSTEM=`lsb_release -id|sed -n '2p' |awk -F":" '{print $2}' |sed "s/^[\t]*//"` 16 | 17 | # The different colours as variables 18 | W="\033[01;37m" 19 | B="\033[01;34m" 20 | R="\033[01;31m" 21 | G="\033[01;32m" 22 | X="\033[00;37m" 23 | clear > $motd # to clear the screen when showing up 24 | echo -e "$G#=============================================================================#" >> $motd 25 | echo -e " $W Welcome $B $USER $W to $B $HOSTNAME " >> $motd 26 | echo -e " $G OWNER1 $W= $R$OWNER " >> $motd 27 | echo -e " $G OWNER2 $W= $R$OWNER2 " >> $motd 28 | echo -e " $R Model $W= $MODEL " >> $motd 29 | echo -e " $R System $W= $SYSTEM " >> $motd 30 | echo -e " $R Arch $W= $ARCH " >> $motd 31 | echo -e " $R Kernel $W= $KERNEL " >> $motd 32 | echo -e " $R Cpu $W=$CPU x $CPUNUM " >> $motd 33 | echo -e " $R Memory $W= ${MEM}MB " >> $motd 34 | echo -e " $R Video $W=$VIDEO " >> $motd 35 | echo -e "" >> $motd 36 | echo -e " the keychain may ask passphrase of private key of gitcorp. " >> $motd 37 | echo -e " please just ignore it ;) " >> $motd 38 | echo -e "$G#=============================================================================#" >> $motd 39 | echo -e "$X" >> $motd 40 | -------------------------------------------------------------------------------- /salt_configuration/files/system/resolv.conf: -------------------------------------------------------------------------------- 1 | {% for nameserver in pillar['nameservers'] %} 2 | nameserver {{nameserver}} 3 | {% endfor %} 4 | search i.ajkdns.com 5 | -------------------------------------------------------------------------------- /salt_configuration/files/system/sshd_config: -------------------------------------------------------------------------------- 1 | Port 22 2 | ListenAddress 0.0.0.0 3 | Protocol 2 4 | SyslogFacility AUTH 5 | SyslogFacility AUTHPRIV 6 | LogLevel INFO 7 | LoginGraceTime 2m 8 | PermitRootLogin yes 9 | StrictModes yes 10 | MaxAuthTries 6 11 | RSAAuthentication yes 12 | PubkeyAuthentication yes 13 | AuthorizedKeysFile .ssh/authorized_keys 14 | IgnoreRhosts yes 15 | PermitEmptyPasswords no 16 | PasswordAuthentication no 17 | ChallengeResponseAuthentication no 18 | GSSAPIAuthentication no 19 | UsePAM yes 20 | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 21 | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 22 | AcceptEnv LC_IDENTIFICATION LC_ALL 23 | X11Forwarding no 24 | UseDNS no 25 | PidFile /var/run/sshd.pid 26 | Subsystem sftp /usr/libexec/openssh/sftp-server 27 | -------------------------------------------------------------------------------- /salt_configuration/files/system/sudoers: -------------------------------------------------------------------------------- 1 | Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool 2 | Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum 3 | Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig 4 | Cmnd_Alias LOCATE = /usr/bin/updatedb 5 | Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount 6 | Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 7 | Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall 8 | Cmnd_Alias DRIVERS = /sbin/modprobe 9 | Defaults requiretty 10 | Defaults env_reset 11 | Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ 12 | LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ 13 | LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ 14 | LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ 15 | LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ 16 | _XKB_CHARSET XAUTHORITY" 17 | root ALL=(ALL) ALL 18 | evans ALL=(ALL) NOPASSWD:ALL 19 | %wheel ALL=(ALL) NOPASSWD:ALL 20 | -------------------------------------------------------------------------------- /salt_configuration/files/system/sysctl.conf: -------------------------------------------------------------------------------- 1 | # Kernel sysctl configuration file for Red Hat Linux 2 | # 3 | # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and 4 | # sysctl.conf(5) for more details. 5 | 6 | # Controls IP packet forwarding 7 | #net.ipv4.ip_forward = 0 8 | 9 | # Controls source route verification 10 | net.ipv4.conf.default.rp_filter = 1 11 | 12 | # Do not accept source routing 13 | net.ipv4.conf.default.accept_source_route = 0 14 | 15 | # Controls the System Request debugging functionality of the kernel 16 | kernel.sysrq = 0 17 | 18 | # Controls whether core dumps will append the PID to the core filename 19 | # Useful for debugging multi-threaded applications 20 | kernel.core_uses_pid = 1 21 | 22 | # Controls the use of TCP syncookies 23 | net.ipv4.tcp_syncookies = 1 24 | 25 | #Controls the arp 26 | #net.ipv4.conf.eth0.arp_ignore = 1 27 | #net.ipv4.conf.eth0.arp_announce = 2 28 | #net.ipv4.conf.eth1.arp_ignore = 1 29 | #net.ipv4.conf.eth1.arp_announce = 2 30 | 31 | kernel.msgmnb = 65536 32 | kernel.msgmax = 65536 33 | kernel.shmmax = 68719476736 34 | kernel.shmall = 4294967296 35 | 36 | net.ipv4.tcp_tw_reuse = 1 37 | net.ipv4.tcp_tw_recycle = 1 38 | net.ipv4.tcp_fin_timeout = 30 39 | net.ipv4.tcp_keepalive_time = 1200 40 | net.ipv4.tcp_keepalive_probes = 30 41 | net.ipv4.tcp_keepalive_intvl = 3 42 | net.ipv4.tcp_max_syn_backlog = 8192 43 | net.ipv4.tcp_retries2 = 5 44 | net.ipv4.ip_local_port_range = 1024 65000 45 | 46 | net.core.rmem_max = 16777216 47 | net.core.wmem_max = 16777216 48 | net.ipv4.tcp_rmem = 4096 87380 16777216 49 | net.ipv4.tcp_wmem = 4096 87380 16777216 50 | #net.ipv4.tcp_mem = 50576 64768 98152 51 | net.ipv4.tcp_mem = 78643200 104857600 157286400 52 | #net.ipv4.netfilter.ip_conntrack_max = 1048576 53 | net.ipv4.tcp_max_tw_buckets = 30000 54 | -------------------------------------------------------------------------------- /salt_configuration/files/system/syslog.conf: -------------------------------------------------------------------------------- 1 | # Log all kernel messages to the console. 2 | # Logging much else clutters up the screen. 3 | #kern.* /dev/console 4 | 5 | # Log anything (except mail) of level info or higher. 6 | # Don't log private authentication messages! 7 | *.info;mail.none;authpriv.none;cron.none /var/log/messages 8 | *.info;mail.none;authpriv.none;cron.none @10.10.6.228 9 | #*.info;mail.none;authpriv.none;cron.none @10.11.8.58 10 | 11 | # The authpriv file has restricted access. 12 | authpriv.* /var/log/secure 13 | authpriv.* @10.10.6.228 14 | #authpriv.* @10.11.8.58 15 | 16 | # Log all the mail messages in one place. 17 | mail.* -/var/log/maillog 18 | 19 | 20 | # Log cron stuff 21 | cron.* /var/log/cron 22 | 23 | # Everybody gets emergency messages 24 | *.emerg * 25 | 26 | # Save news errors of level crit and higher in a special file. 27 | uucp,news.crit /var/log/spooler 28 | 29 | # Save boot messages also to boot.log 30 | local7.* /var/log/boot.log 31 | local5.info -/var/log/hist.log 32 | local5.info @10.10.6.228 33 | user.* -/var/log/user.log 34 | user.* @10.10.6.228 35 | -------------------------------------------------------------------------------- /salt_configuration/files/system/vimrc: -------------------------------------------------------------------------------- 1 | let mapleader = ";" 2 | 3 | set nocompatible 4 | syntax enable 5 | filetype on 6 | filetype plugin on 7 | filetype indent on 8 | set shortmess=atI 9 | 10 | set vb t_vb= 11 | 12 | set background=dark 13 | set t_Co=256 14 | "colorscheme desert 15 | 16 | "缩进 17 | set autoindent 18 | set smartindent 19 | set cindent 20 | 21 | set nu 22 | set showcmd 23 | set nobackup 24 | 25 | "搜索 26 | set incsearch 27 | set hlsearch 28 | set ignorecase 29 | 30 | "tab转化为四个字符 31 | set expandtab 32 | set smarttab 33 | set shiftwidth=4 34 | set tabstop=4 35 | 36 | "字符编码 37 | set encoding=utf8 38 | set fileencodings=utf8,gb2312,gb18030,big5,ucs-bom,latin1 39 | 40 | "从系统剪切板中复制,剪切,粘贴 41 | map "+y 42 | map "+x 43 | map "+p 44 | set pastetoggle= 45 | 46 | 47 | "状态栏 48 | set laststatus=2 49 | highlight StatusLine cterm=bold ctermfg=yellow ctermbg=blue 50 | "获取当前路径,将$HOME转化为~ 51 | function! CurDir() 52 | let curdir = substitute(getcwd(),$HOME,"~","g") 53 | return curdir 54 | endfunction 55 | set statusline=[%n]\ %f%m%r%h\ \|\ %{CurDir()}\ \|%=\|\ %l,%c\ %p%%\ \|\ %{$USER}\ @\ %{hostname()} 56 | 57 | set modeline 58 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/nginx_status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=Active,/usr/local/zabbix-agent-ops/bin/nginx_status.sh Active 2 | UserParameter=Reading,/usr/local/zabbix-agent-ops/bin/nginx_status.sh Reading 3 | UserParameter=Writing,/usr/local/zabbix-agent-ops/bin/nginx_status.sh Writing 4 | UserParameter=Waiting,/usr/local/zabbix-agent-ops/bin/nginx_status.sh Waiting 5 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/nginx_status.sh: -------------------------------------------------------------------------------- 1 | ######################################################################### 2 | # File Name: nginx_status.sh 3 | # Author: kerncai 4 | # mail: kernkerncai@gmail.com 5 | # Created Time: 2013年10月28日 星期一 11时44分52秒 6 | ######################################################################### 7 | #!/bin/bash 8 | Active(){ 9 | wget --quiet -O - http://localhost:40080/nginx_status?auto |awk 'NR==1 {print$3}' 10 | } 11 | Reading(){ 12 | wget --quiet -O - http://localhost:40080/nginx_status?auto |awk 'NR==4 {print$2}' 13 | } 14 | Writing(){ 15 | wget --quiet -O - http://localhost:40080/nginx_status?auto |awk 'NR==4 {print$4}' 16 | } 17 | Waiting(){ 18 | wget --quiet -O - http://localhost:40080/nginx_status?auto |awk 'NR==4 {print$6}' 19 | } 20 | $1 21 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/php-fpm_status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=idle.processe,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh idle 2 | UserParameter=total.processes,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh total 3 | UserParameter=active.processes,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh active 4 | UserParameter=max.active.processes,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh mactive 5 | UserParameter=listen.queue.len,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh listenqueuelen 6 | UserParameter=listen.queue,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh listenqueue 7 | UserParameter=start.since,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh since 8 | UserParameter=accepted.conn,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh conn 9 | UserParameter=check.alive,/usr/local/zabbix-agent-ops/bin/php-fpm_status.sh check 10 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/php-fpm_status.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ######################################################################### 3 | # File Name: php-fpm_status.sh 4 | # Author: kerncai 5 | # mail: kernkerncai@gmail.com 6 | # Created Time: 2013年10月28日 星期一 11时44分52秒 7 | ######################################################################### 8 | 9 | idle(){ 10 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "idle processes" |awk '{print$3}' 11 | } 12 | 13 | total(){ 14 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "total processes" |awk '{print$3}' 15 | } 16 | 17 | active(){ 18 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "active" |awk '{print$3}'|grep -v "process" 19 | } 20 | 21 | mactive(){ 22 | 23 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "max active processes:" |awk '{print$4}' 24 | } 25 | 26 | listenqueuelen(){ 27 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "listen queue len" |awk '{print$4}' 28 | } 29 | 30 | listenqueue(){ 31 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "listen queue:"|grep -vE "len|max"|awk '{print$3}' 32 | } 33 | 34 | since(){ 35 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "start since: " |awk '{print$3}' 36 | } 37 | 38 | conn(){ 39 | wget --quiet -O - http://127.0.0.1:40080/php-fpm_status?auto |grep "accepted conn" |awk '{print$3}' 40 | } 41 | 42 | check(){ 43 | curl -I 'http://127.0.0.1:40080/php-fpm_status?auto' 2>/dev/null | awk 'NR==1 {print $2}' 44 | } 45 | 46 | $1 47 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/squid_status.conf: -------------------------------------------------------------------------------- 1 | UserParameter=five.ratios,/usr/local/zabbix-agent-ops/bin/squid_status.sh five_ratios 2 | UserParameter=six.ratios,/usr/local/zabbix-agent-ops/bin/squid_status.sh six_ratios 3 | UserParameter=objects,/usr/local/zabbix-agent-ops/bin/squid_status.sh objects 4 | UserParameter=space,/usr/local/zabbix-agent-ops/bin/squid_status.sh space 5 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/squid_status.sh: -------------------------------------------------------------------------------- 1 | ######################################################################## 2 | # File Name: check_squid_status.sh 3 | # Author: kerncai 4 | # mail: kernkerncai@gmail.com 5 | # Created Time: 2013年11月12日 星期二 10时30分05秒 6 | ######################################################################### 7 | #!/bin/bash 8 | 9 | five_ratios(){ 10 | /usr/local/squid-2.7/bin/squidclient -h localhost -p 3128 mgr:info |grep 'Request Hit Ratios:' |awk '{print$5/100}' 11 | } 12 | 13 | six_ratios(){ 14 | /usr/local/squid-2.7/bin/squidclient -h localhost -p 3128 mgr:info |grep 'Request Hit Ratios:' |awk '{print$7/100}' 15 | } 16 | 17 | objects(){ 18 | /usr/local/squid-2.7/bin/squidclient -h localhost -p 3128 mgr:info |grep 'on-disk objects' |awk '{print$1/100000000}' 19 | } 20 | 21 | space(){ 22 | 23 | /usr/local/squid-2.7/bin/squidclient -hlocalhost -p 3128 mgr:storedir |grep 'Filesystem Space in use:' |awk -F '/' '{print$1}'|awk '{s+=$5};END{printf "%4.2f\n",s/1024/1024}' 24 | 25 | } 26 | 27 | $1 28 | -------------------------------------------------------------------------------- /salt_configuration/files/zabbix/zabbix_agentd.conf: -------------------------------------------------------------------------------- 1 | 2 | ListenIP={{ grains['ip_interfaces'].get('eth0')[0] }} 3 | SourceIP={{ grains['ip_interfaces'].get('eth0')[0] }} 4 | 5 | {% for Server in pillar['zabbixserver'] %} 6 | Server={{Server}} 7 | ServerActive={{Server}} 8 | {% endfor %} 9 | ListenPort=10050 10 | Include=/usr/local/zabbix-agent-ops/etc/extra.conf 11 | Include=/usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/ 12 | UnsafeUserParameters=1 13 | -------------------------------------------------------------------------------- /salt_configuration/inc/resolv.sls: -------------------------------------------------------------------------------- 1 | resolv: 2 | file.managed: 3 | - name: /etc/resolv.conf 4 | - source: salt://files/system/resolv.conf 5 | - template: jinja 6 | -------------------------------------------------------------------------------- /salt_configuration/inc/vim.sls: -------------------------------------------------------------------------------- 1 | vim: 2 | pkg: 3 | - installed 4 | - name: {{ pillar['vim'] }} 5 | file.managed: 6 | - name: /root/.vimrc 7 | - source: salt://files/system/vimrc 8 | - user: root 9 | - mode: 644 10 | - require: 11 | - pkg: vim 12 | -------------------------------------------------------------------------------- /salt_configuration/inc/yum.sls: -------------------------------------------------------------------------------- 1 | yum: 2 | pkg: 3 | - installed 4 | /etc/yum.repos.d/: 5 | file.recurse: 6 | - source: salt://files/system/yum.repos.d 7 | -------------------------------------------------------------------------------- /salt_configuration/install.sls: -------------------------------------------------------------------------------- 1 | ############初始化环境,仅适用于salt-ssh 2 | yum: 3 | pkg: 4 | - installed 5 | file.managed: 6 | - name: /etc/yum.repos.d/base.repo 7 | - source: salt://files/system/yum.repos.d/base.repo 8 | - require: 9 | - pkg: yum 10 | 11 | /etc/yum.repos.d/centos_new.repo: 12 | file: 13 | - absent 14 | 15 | /etc/yum.repos.d/rhel-debuginfo.repo: 16 | file: 17 | - absent 18 | include: 19 | - inc.resolv 20 | - inc.vim 21 | ssh: 22 | pkg: 23 | - installed 24 | - name: openssh-server 25 | file.managed: 26 | - name: /etc/ssh/sshd_config 27 | - source: salt://files/system/sshd_config 28 | - user: root 29 | - mode: 600 30 | - require: 31 | - pkg: ssh 32 | service.running: 33 | - name: sshd 34 | - enable: True 35 | - reload: True 36 | - watch: 37 | - file: ssh 38 | key: 39 | file.managed: 40 | - name: /root/.ssh/authorized_keys 41 | - source: salt://files/system/root_ssh_keys 42 | - user: root 43 | - mode: 600 44 | 45 | motd: 46 | file.managed: 47 | - name: /root/motd.sh 48 | - source: salt://files/system/motd.sh 49 | - user: root 50 | - mode: 755 51 | cmd.run: 52 | - name: /root/motd.sh 53 | - user: root 54 | - watch: 55 | - file: /root/motd.sh 56 | sudo: 57 | file.managed: 58 | - name: /etc/sudoers 59 | - source: salt://files/system/sudoers 60 | - user: root 61 | - mode: 440 62 | 63 | iptables: 64 | service: 65 | - dead 66 | 67 | syslog: 68 | pkg: 69 | - installed 70 | - name: sysklogd 71 | file.managed: 72 | - name: /etc/syslog.conf 73 | - source: salt://files/system/syslog.conf 74 | - user: root 75 | - mode: 644 76 | service.running: 77 | - name: syslog 78 | - enable: True 79 | - reload: True 80 | - watch: 81 | - file: syslog 82 | -------------------------------------------------------------------------------- /salt_configuration/mendian.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - nginx 3 | - php 4 | 5 | {{ pillar['ngx_conf_dir'] }}/conf.d: 6 | file.recurse: 7 | - source: salt://files/mendian_webserver/conf.d 8 | - require: 9 | - pkg: nginx 10 | - watch_in: 11 | - service: nginx 12 | -------------------------------------------------------------------------------- /salt_configuration/my_webserver.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - nginx 3 | - php 4 | 5 | {{ pillar['ngx_conf_dir'] }}/conf.d: 6 | file.recurse: 7 | - source: salt://files/my_webserver/conf.d 8 | - require: 9 | - pkg: nginx 10 | - watch_in: 11 | - service: nginx 12 | /home/www/indexes: 13 | file.recurse: 14 | - source: salt://files/my_webserver/my_indexes 15 | - user: evans 16 | - group: nginx 17 | -------------------------------------------------------------------------------- /salt_configuration/nginx.sls: -------------------------------------------------------------------------------- 1 | nginx: 2 | pkg: 3 | - installed 4 | user.present: 5 | - home: {{ pillar['ngx_home_dir'] }} 6 | - shell: /sbin/nologin 7 | - require: 8 | - group: nginx 9 | group.present: 10 | - require: 11 | - pkg: nginx 12 | service.running: 13 | - enable: True 14 | - reload: True 15 | - require: 16 | - file: /etc/init.d/nginx 17 | - file: /data1/logs/nginx 18 | - watch: 19 | - file: {{ pillar['ngx_conf_dir'] }}/nginx.conf 20 | - file: {{ pillar['ngx_conf_dir'] }}/fastcgi.conf 21 | - pkg: nginx 22 | 23 | {{ pillar['ngx_conf_dir'] }}/nginx.conf: 24 | file.managed: 25 | - source: salt://files/nginx/nginx.conf 26 | - user: root 27 | - mode: 644 28 | - template: jinja 29 | - require: 30 | - pkg: nginx 31 | 32 | {{ pillar['ngx_conf_dir'] }}/fastcgi.conf: 33 | file.managed: 34 | - source: salt://files/nginx/fastcgi.conf 35 | - user: root 36 | - mode: 644 37 | - require: 38 | - pkg: nginx 39 | 40 | /etc/init.d/nginx: 41 | file.managed: 42 | - source: salt://files/nginx/nginx.ini 43 | - user: root 44 | - mode: 755 45 | - require: 46 | - pkg: nginx 47 | 48 | /data1/logs/nginx: 49 | file.directory: 50 | - user: root 51 | - mode: 755 52 | - makedirs: True 53 | - require: 54 | - pkg: nginx 55 | -------------------------------------------------------------------------------- /salt_configuration/person.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - nginx 3 | - php 4 | {{ pillar['ngx_conf_dir'] }}/conf.d: 5 | file.recurse: 6 | - source: salt://files/mendian_webserver/person/nginx_conf.d 7 | - require: 8 | - pkg: nginx 9 | - watch_in: 10 | - service: nginx 11 | -------------------------------------------------------------------------------- /salt_configuration/php.sls: -------------------------------------------------------------------------------- 1 | php: 2 | pkg: 3 | - name: ajk-phpfpm 4 | - installed 5 | user.present: 6 | - name: php-fpm 7 | - home: {{ pillar['php_home_dir'] }} 8 | - shell: /sbin/nologin 9 | - require: 10 | - group: php-fpm 11 | group.present: 12 | - name: php-fpm 13 | - require: 14 | - pkg: ajk-phpfpm 15 | service.running: 16 | - name: php-fpm 17 | - enable: True 18 | - reload: True 19 | - watch: 20 | - file: {{ pillar['php_conf_dir'] }}/pear.conf 21 | - file: {{ pillar['php_conf_dir'] }}/php.ini 22 | - file: {{ pillar['php_conf_dir'] }}/php-fpm.conf 23 | - pkg: ajk-phpfpm 24 | 25 | {{ pillar['php_conf_dir'] }}/pear.conf: 26 | file.managed: 27 | - source: salt://files/php/pear.conf 28 | - user: root 29 | - mode: 644 30 | - require: 31 | - pkg: ajk-phpfpm 32 | 33 | {{ pillar['php_conf_dir'] }}/php.ini: 34 | file.managed: 35 | - source: salt://files/php/php.ini 36 | - user: root 37 | - mode: 644 38 | - require: 39 | - pkg: ajk-phpfpm 40 | 41 | {{ pillar['php_conf_dir'] }}/php-fpm.conf: 42 | file.managed: 43 | - source: salt://files/php/php-fpm.conf 44 | - user: root 45 | - mode: 644 46 | - require: 47 | - pkg: ajk-phpfpm 48 | 49 | -------------------------------------------------------------------------------- /salt_configuration/pillar/pillar.sls: -------------------------------------------------------------------------------- 1 | ############IDC################ 2 | {% if grains['ip_interfaces'].get('eth0')[0].startswith('10.10') %} 3 | nameservers: ['10.10.11.251','10.10.11.252'] 4 | zabbixserver: ['2.3.4.5'] 5 | {% else %} 6 | nameservers: ['10.20.11.75'] 7 | zabbixserver: ['10.20.111.234'] 8 | {% endif %} 9 | 10 | ############OS################# 11 | {% if grains['os_family'] == 'Redhat' %} 12 | vim: vim-enhanced 13 | {% elif grains['os_family'] == 'Ubuntu' %} 14 | vim: vim-nox 15 | {% else %} 16 | vim: vim-enhanced 17 | {% endif %} 18 | 19 | ######## nginx,php,squid路径 ######## 20 | ngx_home_dir: /var/cache/nginx 21 | ngx_conf_dir: /etc/nginx 22 | 23 | php_home_dir: /opt/local/php-fpm 24 | php_conf_dir: /opt/local/php-fpm/etc 25 | 26 | squid_home_dir: /usr/local/squid-2.7 27 | squid_conf_dir: /usr/local/squid-2.7/etc 28 | ######## 线上代码路径 ######## 29 | code_dir: /home/www/v2 30 | -------------------------------------------------------------------------------- /salt_configuration/pillar/schedule.sls: -------------------------------------------------------------------------------- 1 | schedule: 2 | highstate: 3 | function: state.highstate 4 | minutes: 30 5 | -------------------------------------------------------------------------------- /salt_configuration/pillar/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - pillar 4 | #- schedule 5 | 6 | -------------------------------------------------------------------------------- /salt_configuration/python.sls: -------------------------------------------------------------------------------- 1 | python: 2 | pkg: 3 | - installed 4 | - name: ajk-python 5 | 6 | /root/init-python/setuptools-1.4.2.tar.gz: 7 | file.managed: 8 | - source: salt://files/python/setuptools-1.4.2.tar.gz 9 | - require: 10 | - pkg: python 11 | 12 | /root/init-python/pip-2.7: 13 | file.managed: 14 | - source: salt://files/python/pip-2.7 15 | - mode: 755 16 | - require: 17 | - pkg: python 18 | 19 | /root/init-python/virtualenv-2.7: 20 | file.managed: 21 | - source: salt://files/python/virtualenv-2.7 22 | - mode: 755 23 | - require: 24 | - pkg: python 25 | 26 | /root/init-python/init-python.sh: 27 | cmd.run: 28 | - prereq: 29 | - file: /root/init-python/init-python.sh 30 | - unless: python2.7 -m pip && python2.7 -m virtualenv 31 | file.managed: 32 | - source: salt://files/python/init-python.sh 33 | - mode: 755 34 | - require: 35 | - pkg: python 36 | -------------------------------------------------------------------------------- /salt_configuration/salt-minion.sls: -------------------------------------------------------------------------------- 1 | salt-minion: 2 | pkg: 3 | - installed 4 | service.running: 5 | - enable: True 6 | - reload: True 7 | - watch: 8 | - file: /etc/salt/minion 9 | 10 | /etc/salt/minion: 11 | file.managed: 12 | - source: salt://files/salt-minion/minion 13 | - user: root 14 | - mode: 644 15 | - require: 16 | - pkg: salt-minion 17 | -------------------------------------------------------------------------------- /salt_configuration/squid.sls: -------------------------------------------------------------------------------- 1 | squid: 2 | pkg: 3 | - name: ajk-squid 4 | - installed 5 | user.present: 6 | - home: {{ pillar['squid_home_dir'] }} 7 | - shell: /sbin/nologin 8 | - require: 9 | - group: squid 10 | group.present: 11 | - name: squid 12 | - require: 13 | - pkg: ajk-squid 14 | service.running: 15 | - enable: True 16 | - reload: True 17 | - require: 18 | - file: /etc/init.d/squid 19 | - watch: 20 | - file: {{ pillar['squid_conf_dir'] }}/squid.conf 21 | 22 | /etc/init.d/squid: 23 | file.managed: 24 | - source: salt://files/squid/squid 25 | - user: root 26 | - mode: 755 27 | - require: 28 | - pkg: ajk-squid 29 | /root/scripts/rm_cache_swap_log.sh: 30 | file.managed: 31 | - source: salt://files/squid/rm_cache_swap_log.sh 32 | - user: root 33 | - mode: 755 34 | 35 | /var/spool/cron/root: 36 | file.managed: 37 | - source: salt://files/squid/root 38 | - user: root 39 | - mode: 644 40 | 41 | /etc/logrotate.d/squid: 42 | file.managed: 43 | - source: salt://files/squid/squid_log 44 | - user: root 45 | - mode: 644 46 | 47 | {{ pillar['squid_conf_dir'] }}/squid.conf: 48 | file.managed: 49 | - source: salt://files/squid/squid.conf 50 | - user: root 51 | - mode: 644 52 | - template: jinja 53 | - require: 54 | - pkg: ajk-squid 55 | -------------------------------------------------------------------------------- /salt_configuration/system.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - inc.resolv 3 | - inc.yum 4 | - inc.vim 5 | 6 | ssh: 7 | pkg: 8 | - installed 9 | - name: openssh-server 10 | file.managed: 11 | - name: /etc/ssh/sshd_config 12 | - source: salt://files/system/sshd_config 13 | - user: root 14 | - mode: 600 15 | - require: 16 | - pkg: ssh 17 | service.running: 18 | - name: sshd 19 | - enable: True 20 | - reload: True 21 | - watch: 22 | - file: ssh 23 | - pkg: ssh 24 | 25 | key: 26 | file.managed: 27 | - name: /root/.ssh/authorized_keys 28 | - source: salt://files/system/root_ssh_keys 29 | - user: root 30 | - mode: 600 31 | 32 | motd: 33 | file.managed: 34 | - name: /root/motd.sh 35 | - source: salt://files/system/motd.sh 36 | - user: root 37 | - mode: 755 38 | cmd.run: 39 | - name: /root/motd.sh 40 | - user: root 41 | - watch: 42 | - file: /root/motd.sh 43 | 44 | sudo: 45 | file.managed: 46 | - name: /etc/sudoers 47 | - source: salt://files/system/sudoers 48 | - user: root 49 | - mode: 440 50 | 51 | iptables: 52 | service: 53 | - dead 54 | 55 | syslog: 56 | pkg: 57 | - installed 58 | - name: sysklogd 59 | file.managed: 60 | - name: /etc/syslog.conf 61 | - source: salt://files/system/syslog.conf 62 | - user: root 63 | - mode: 644 64 | service.running: 65 | - name: syslog 66 | - enable: True 67 | - reload: True 68 | - watch: 69 | - file: syslog 70 | - pkg: syslog 71 | -------------------------------------------------------------------------------- /salt_configuration/test.sls: -------------------------------------------------------------------------------- 1 | /tmp/hosts: 2 | file.comment: 3 | - backup: .saltbak 4 | - regex: ^127.0.0.1 5 | 6 | /tmp/tmp2/hosts: 7 | file.copy: 8 | - source: /tmp/hosts 9 | - makedirs: True 10 | - require: 11 | - file: /tmp/hosts 12 | -------------------------------------------------------------------------------- /salt_configuration/top.sls: -------------------------------------------------------------------------------- 1 | ##################################################################################### 2 | 3 | ### system 系统基本设置(resolv,yum,vim,ssh,key,motd,sudo,iptables,syslog) 4 | ### salt-minion salt-minion安装及配置 5 | ### clear 清理puppet, mcollective 6 | 7 | ### user 用户管理 8 | ### cron crontab管理 9 | ### zabbix zabbix监控系统部署 10 | 11 | ### python 安装ajk-python2.7并添加模块setuptools, pip, virtualenv 12 | ### virtualenv 新建python虚拟环境 13 | 14 | ### nginx nginx安装与配置 15 | ### php phpfpm安装与配置 16 | ### squid squid图片缓存安装与配置 17 | ### city_webserver city部署web服务 18 | ### my_webserver my部署web服务 19 | 20 | ### city_code city代码配置 21 | ### user_code user代码配置 22 | 23 | #写模块测试的时候不要用'*'去匹配机器,请直接使用主机名 24 | ##################################################################################### 25 | 26 | base: 27 | '*': 28 | - system 29 | - salt-minion 30 | - zabbix 31 | 32 | dns: 33 | - match: nodegroup 34 | 35 | my_app: 36 | - match: nodegroup 37 | - my_webserver 38 | 39 | squid_20: 40 | - match: nodegroup 41 | - squid 42 | 43 | mendian: 44 | - match: nodegroup 45 | - mendian 46 | 47 | person: 48 | - match: nodegroup 49 | - person 50 | -------------------------------------------------------------------------------- /salt_configuration/user.sls: -------------------------------------------------------------------------------- 1 | #testuser: 2 | # user.present: 3 | # - fullname: yunlongxiao 4 | # - shell: /bin/bash 5 | # - home: /home/testuser 6 | # - groups: 7 | # - wheel 8 | 9 | #testuser: 10 | # user.absent 11 | -------------------------------------------------------------------------------- /salt_configuration/virtualenv.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - python 3 | 4 | /opt/virtualenv: 5 | virtualenv.managed: 6 | - pip_bin: /usr/bin/virtualenv-2.7 7 | - system-site-package: False 8 | #- requirements: salt://files/virtualenv/REQ.txt 9 | - require: 10 | - sls: python 11 | 12 | -------------------------------------------------------------------------------- /salt_configuration/zabbix.sls: -------------------------------------------------------------------------------- 1 | zabbix-agent-ops: 2 | pkg: 3 | - installed 4 | 5 | service.running: 6 | - enable: True 7 | - reload: True 8 | - watch: 9 | - file: /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf 10 | - file: /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/nginx_status.conf 11 | - file: /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/php-fpm_status.conf 12 | - file: /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/squid_status.conf 13 | - file: /usr/local/zabbix-agent-ops/bin/nginx_status.sh 14 | - file: /usr/local/zabbix-agent-ops/bin/php-fpm_status.sh 15 | - file: /usr/local/zabbix-agent-ops/bin/squid_status.sh 16 | - pkg: zabbix-agent-ops 17 | 18 | 19 | 20 | /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf: 21 | file.managed: 22 | - source: salt://files/zabbix/zabbix_agentd.conf 23 | - user: root 24 | - template: jinja 25 | - require: 26 | - pkg: zabbix-agent-ops 27 | 28 | 29 | ####################check_nginx########################### 30 | /usr/local/zabbix-agent-ops/bin/nginx_status.sh: 31 | file.managed: 32 | - source: salt://files/zabbix/nginx_status.sh 33 | - user: root 34 | - mode: 755 35 | - require: 36 | - pkg: zabbix-agent-ops 37 | /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/nginx_status.conf: 38 | file.managed: 39 | - source: salt://files/zabbix/nginx_status.conf 40 | - user: root 41 | - mode: 644 42 | - require: 43 | - pkg: zabbix-agent-ops 44 | 45 | ####################check_php-fpm########################### 46 | /usr/local/zabbix-agent-ops/bin/php-fpm_status.sh: 47 | file.managed: 48 | - source: salt://files/zabbix/php-fpm_status.sh 49 | - user: root 50 | - mode: 755 51 | - require: 52 | - pkg: zabbix-agent-ops 53 | /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/php-fpm_status.conf: 54 | file.managed: 55 | - source: salt://files/zabbix/php-fpm_status.conf 56 | - user: root 57 | - mode: 644 58 | - require: 59 | - pkg: zabbix-agent-ops 60 | 61 | ####################check_squid########################### 62 | /usr/local/zabbix-agent-ops/bin/squid_status.sh: 63 | file.managed: 64 | - source: salt://files/zabbix/squid_status.sh 65 | - user: root 66 | - mode: 755 67 | - require: 68 | - pkg: zabbix-agent-ops 69 | /usr/local/zabbix-agent-ops/etc/zabbix_agentd.conf.d/squid_status.conf: 70 | file.managed: 71 | - source: salt://files/zabbix/squid_status.conf 72 | - user: root 73 | - mode: 644 74 | - require: 75 | - pkg: zabbix-agent-ops 76 | -------------------------------------------------------------------------------- /saltmaster配置文件选项说明.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: post 3 | title: salt master 配置文件选项说明 4 | keywords: codepiano 5 | description: salt master 配置文件选项说明 6 | categories: [tech, sa] 7 | tags: [linux, tech, salt] 8 | group: archive 9 | icon: globe 10 | --- 11 | {% include codepiano/setup %} 12 | 13 | 原文出处:http://blog.coocla.org/301.html 14 | 15 | Salt系统的配置是令人惊讶的简单,对于salt的两个系统都有各自的配置文件,salt-master是通过一个名为master的文件配置,salt-minion是通过一个名为minion的文件配置。 salt-master的配置文件位于/etc/salt/master,可用选项如下: 16 | 17 | interface 18 | 默认接口:0.0.0.0(所有的网络地址接口) 19 | 绑定到本地的某个网络接口 20 | 21 | interface: 192.168.0.1 22 | 23 | 24 | publish_port 25 | 26 | 默认值:4505 27 | 28 | 设置master与minion的认证通信端口 29 | 30 | publish_port: 4505 31 | 32 | user 33 | 34 | 默认值:root 35 | 36 | 运行salt进程的用户 37 | 38 | user: root 39 | 40 | max_open_files 41 | 42 | 默认值:100000 43 | 44 | 每一个minion连接到master,至少要使用一个文件描述符,如果足够多的minion连接到master上,你将会从控制台上看到 45 | 46 | salt-master crashes: 47 | Too many open files (tcp_listener.cpp:335) 48 | Aborted (core dumped) 49 | 50 | 默认值这个值取决于ulimit -Hn的值,即系统的对打开文件描述符的硬限制 51 | 52 | 如果你希望重新设置改值或者取消设置,记住这个值不能超过硬限制,提高硬限制取决于你的操作系统或分配,一个好的方法是internet找到对应操作系统的硬限制设置,比如这样搜索: 53 | 54 | raise max open files hard limit debian 55 | 56 | max_open_files: 100000 57 | 58 | worker_threads 59 | 60 | 默认值:5 61 | 62 | 启动用来接收或应答minion的线程数。如果你有很多minion,而且minion延迟你的应答,你可以适度的提高该值. 在点对点的系统环境中使用时,该值不要被设置为3以下,但是可以将其设置为1 63 | 64 | worker_threads: 5 65 | 66 | ret_port 67 | 68 | 默认值:4506 69 | 70 | 这个端口是master用来发送命令或者接收minions的命令执行返回信息 71 | 72 | ret_port: 4506 73 | 74 | pidfile 75 | 76 | 默认值:/var/run/salt-master.pid 77 | 78 | 指定master的pid文件位置 79 | 80 | pidfile: /var/run/salt-master.pid 81 | 82 | root_dir 83 | 84 | 默认值:/ 85 | 86 | 指定该目录为salt运行的根目录,改变它可以使salt从另外一个目录开始运行,好比chroot 87 | 88 | root_dir: / 89 | 90 | pki_dir 91 | 92 | 默认值:/etc/salt/pki 93 | 94 | 这个目录是用来存放pki认证秘钥 95 | 96 | pki_dir: /etc/salt/pki 97 | 98 | cachedir 99 | 100 | 默认值:/var/cache/salt 101 | 102 | 这个目录是用来存放缓存信息,特别是salt工作执行的命令信息 103 | 104 | cachedir: /var/cache/salt 105 | 106 | keep_jobs 107 | 108 | 默认值:24 109 | 110 | 设置保持老的工作信息的过期时间,单位小时 111 | job_cache 112 | 113 | 默认值:True 114 | 115 | 设置master维护的工作缓存,这是一个很好的功能,当你的Minons超过5000台时,他将很好的承担这个大的架构,关闭这个选项,之前的工作执行以及工作系统将无法被利用,一般不推荐关掉改选项,开启改选项将会是很明智的,他将使master获得更快的IO系统 116 | ext_job_cache 117 | 118 | 默认值:'' 119 | 120 | 对所有的minions使用指定的默认值returner,当使用了这个参数来指定一个returner并且配置正确,minions将会一直将返回的数据返回到returner,这也会默认值禁用master的本地缓存 121 | 122 | ext_job_cache: redis 123 | 124 | minion_data_cache 125 | 126 | 默认值:True 127 | 128 | minion data cache是关于minion信息存储在master上的参数,这些信息主要是pillar 和 grains数据.这些数据被缓存在cachedir定义的目录下的minion目录下以minion名为名的目录下并且预先确定哪些minions将从执行回复 129 | 130 | minion_cache_dir: True 131 | 132 | enforce_mine_cache 133 | 134 | 默认值:False 135 | 136 | 默认情况下当关闭了minion_data_cache,mine将会停止工作,因为mine是基于缓存数据,通过启用这个选项,我们将会显示的开启对于mine系统的缓存功能 137 | 138 | enforce_mine_cache: False 139 | 140 | sock_dir 141 | 142 | 默认值:/tmp/salt-unix 143 | 144 | 指定unix socket主进程通信的socket创建路径 145 | master的安全配置 146 | open_mode 147 | 148 | 默认值:False 149 | 150 | open_mode是一个危险的安全特性,当master遇到pki认证系统,秘钥混淆和身份验证失效时,打开open_mode,master将会接受所有的身份验证。这将会清理掉pki秘钥接受的minions。通常情况下open_mode不应该被打开,它只适用于短时间内清理pki keys,若要打开它,可将值调整为True 151 | 152 | open_mode: False 153 | 154 | auto_accept 155 | 156 | 默认值:False 157 | 158 | 开启auto_accept。这个设置将会使master自动接受所有发送公钥的minions 159 | 160 | auto_accept: True 161 | 162 | autosign_file 163 | 164 | 默认值:/etc/salt/autosign.conf 165 | 166 | 如果autosign_file的值被指定,那么autosign_file将会通过该输入允许所有的匹配项,首先会搜索字符串进行匹配,然后通过正则表达式进行匹配。这是不安全的 167 | 168 | autosign_file: /etc/salt/autosign.conf 169 | 170 | client_acl 171 | 172 | 默认值:{} 173 | 174 | 开启对系统上非root的系统用户在master上执行特殊的模块,这些模块名可以使用正则表达式进行表示 175 | 176 | client_acl: 177 | fred: 178 | - test.ping 179 | - pkg.* 180 | 181 | client_acl_blacklist 182 | 183 | 默认值:{} 184 | 185 | 黑名单用户或模块 186 | 187 | 这个例子表示所有非sudo用户以及root都无法通过cmd这个模块执行命令,默认情况改配置是完全禁用的 188 | 189 | client_acl_blacklist: 190 | users: 191 | - root 192 | - '^(?!sudo_).*$' # all non sudo users 193 | modules: 194 | - cmd 195 | 196 | external_auth 197 | 198 | 默认值:{} 199 | 200 | salt的认证模块采用外部的认证系统用来做认证和验证用户在salt系统中的访问区域 201 | 202 | external_auth: 203 | pam: 204 | fred: 205 | - test.* 206 | 207 | token_expire 208 | 209 | 默认:43200 210 | 211 | 新令牌生成的时间间隔,单位秒,默认是12小时 212 | 213 | token_expire: 43200 214 | 215 | file_recv 216 | 217 | 默认值:False 218 | 219 | 允许minions推送文件到master上,这个选项默认是禁用的,出于安全考虑 220 | 221 | file_recv: False 222 | 223 | master模块管理 224 | runner_dirs 225 | 226 | 默认值:[] 设置搜索runner模块的额外路径 227 | 228 | runner_dirs: [] 229 | 230 | cython_enable 231 | 232 | 默认值:False 233 | 234 | 设置为true来开启对cython模块的编译 235 | 236 | cython_enable: False 237 | 238 | master状态系统设置 239 | state_verbose 240 | 241 | 默认:False 242 | 243 | state_verbose允许从minions返回更多详细的信息,通常清空下只返回失败或者已经更改,但是将state_verbose设置为True,将会返回所有的状态检查 244 | 245 | state_verbose: True 246 | 247 | state_output 248 | 249 | 默认值:full 250 | 251 | state_output的设置将会改变信息输出的格式,当被设置为”full”时,将全部的输出一行一行的显示输出;当被设置为”terse“时,将会被缩短为一行进行输出;当被设置为”mixed”时,输出样式将会是简洁的,除非状态失败,这种情况下将会全部输出;当被设置为”change”时,输出将会完全输出除非状态没有改变 252 | 253 | state_output: full 254 | 255 | state_top 256 | 257 | 默认值:top.sls 258 | 259 | 状态系统使用一个入口文件告诉minions在什么环境下使用什么模块,这个状态入口文件被定义在基础环境的相对根路径下 260 | 261 | state_top: top.sls 262 | 263 | external_nodes 264 | 265 | 默认值:None 266 | 267 | 这个外部节点参数允许salt来收集一些数据,通常被放置在一个入口文件或外部节点控制器.外部节点的选择是可执行的,将会返回ENC数据,记住如果两者都启用的话salt会将外部节点和入口文件的结果进行综合汇总。 268 | 269 | external_nodes: cobbler-ext-nodes 270 | 271 | renderer 272 | 273 | 默认值:yaml_jinja 274 | 275 | 使用渲染器用来渲染minions的状态数据 276 | 277 | renderer: yaml_jinja 278 | 279 | failhard 280 | 281 | 默认值:False 282 | 283 | 设置一个全局的failhard表示,当单个的状态执行失败后,将会通知所有的状态停止运行状态 284 | 285 | failhard: False 286 | 287 | test 288 | 289 | 默认值:False 290 | 291 | 如果真的要作出改变或者仅仅通知将要执行什么改变时设置所有的状态调用为test 292 | 293 | test: False 294 | 295 | master文件服务器设置 296 | fileserver_backend 297 | 298 | 默认值: 299 | 300 | fileserver_backend: 301 | - roots 302 | 303 | salt支持模块化的后端文件系统服务器,它允许salt通过第三方的系统来管理收集文件并提供给minions使用,可以配置多个后端文件系统,这里支持gitfs、hgfs、roots、s3fs文件调用的搜索顺序按照后台文件系统的配置顺序来搜索,默认的设置只开启了标准的后端服务器roots,具体的根选项配置通过file_roots参数设置 304 | 305 | fileserver_backend: 306 | - roots 307 | - gitfs 308 | 309 | file_roots 310 | 311 | 默认值: 312 | 313 | base: 314 | - /srv/salt 315 | 316 | salt运行一个轻量级的文件服务器通过ZeroMQ对minions进行文件传输,因此这个文件服务器是构造在master的守护进程中,并且不需要依赖于专用的端口 文件服务器的工作环境传递给master,每一个环境可以有多个跟目录,但是相同环境下多个文件的子目录不能相同,否则下载的文件将不能被可靠的保证,一个基础环境依赖于主的入口文件,如: 317 | 318 | file_roots: 319 | base: 320 | - /srv/salt 321 | dev: 322 | - /srv/salt/dev/services 323 | - /srv/salt/dev/states 324 | prod: 325 | - /srv/salt/prod/services 326 | - /srv/salt/prod/states 327 | 328 | hash_type 329 | 330 | 默认值:md5 331 | 332 | hash_type是用来当发现在master上需要对一个文件进行hash时的hash使用的算法,默认是md5.但是它也支持sha1,sha224,shar256,shar384,shar512 333 | 334 | hash_type: md5 335 | 336 | file_buffer_size 337 | 338 | 默认值:1048576 339 | 340 | 文件服务器的缓存区大小 341 | 342 | file_buffer_size: 1048576 343 | 344 | pillar配置 345 | pillar_roots 346 | 347 | 默认值: 348 | 349 | base: 350 | - /srv/pillar 351 | 352 | 设置不同的环境对应的存放pillar数据的目录,这个配置和file_roots参数配置一样 353 | 354 | pillar_roots: 355 | base: 356 | - /srv/pillar 357 | dev: 358 | - /srv/pillar/dev 359 | prod: 360 | - /srv/pillar/prod 361 | 362 | ext_pillar 363 | 364 | 当进行pillar数据收集时,这个ext_pillar参数允许调用任意数量的外部pillar接口,这个配置是基于ext_pillar函数,你可以从这个找到这个函数https://github.com/saltstack/salt/blob/develop/salt/pillar 365 | 366 | 默认情况下,这个ext_pillar接口没有配置运行 367 | 368 | 默认值:None 369 | 370 | ext_pillar: 371 | - hiera: /etc/hiera.yaml 372 | - cmd_yaml: cat /etc/salt/yaml 373 | - reclass: 374 | inventory_base_uri: /etc/reclass 375 | 376 | 从这里可以查到pillar的一些额外细节 377 | syndic server配置 378 | 379 | syncdic是salt master用来通过从整体架构中高于自己层级的master或者syndic接收命令传递给minions的中间角色。使用syndic非常简单,如果这个master在整体架构中,他的下级存在syndic server,那么需要将master的配置文件中的”order_master”值设置为True,如果这个master还需要运行一个syndic进程,扮演另外一个角色,那么需要设置主master server的信息(上一级master) 380 | 381 | 千万别忘记了,这将意味着它将与其他master共享它的minion的id和pki_dir 382 | order_masters 383 | 384 | 默认值:False 385 | 386 | 当额外的数据需要发送和传递,并且这个master控制的minions是被低等级的master或syndic直接管理下,那么”order_masters”这个值必须得设置为True 387 | 388 | order_master: False 389 | 390 | syndic_master 391 | 392 | 默认值:None 393 | 394 | 如果这个master运行的salt-syndic连接到了一个更高层级的master,那么这个参数需要配置成连接到的这个高层级的master的地址 395 | 396 | syndic_master: masterofmasters 397 | 398 | syndic_master_port 399 | 400 | 默认值:4506 401 | 402 | 如果这个master运行的salt-syndic连接到了一个更高层级的master,那么这个参数需要配置成连接到的这个高层级master的监听端口 403 | 404 | syndic_master_port: 4506 405 | 406 | syndic_log_file 407 | 408 | 默认值:syndic.log 409 | 410 | 为syndic进程指定日志文件 411 | 412 | syndic_log_file: salt-syndic.log 413 | 414 | syndic_pidfile 415 | 416 | 默认值:salt-syndic.pid 417 | 418 | 为syndic进程指定pid文件 419 | 420 | syndic_pidfile: syndic.pid 421 | 422 | Peer Publish设置 423 | 424 | salt minions可以向其他minions发送命令,但是仅仅在minion允许的情况下。默认情况下”Peer Publication”是关闭的,当需要开启的时候,需要开启对应的minion和对应的命令,这样可以允许根据个人的minions安全的划分出命令 425 | peer 426 | 427 | 默认值:{} 428 | 429 | 这个配置使用正则表达式去匹配minions并且是一个正则表达式列表函数,下面这个例子将允许名为foo.example.com的minion认证通过后执行test和pkg模块中的函数 430 | 431 | peer: 432 | foo.example.com: 433 | - test.* 434 | - pkg.* 435 | 436 | 这将允许所有的minion执行所有的命令 437 | 438 | peer: 439 | .*: 440 | - .* 441 | 442 | 这样的配置是极不推荐的,因为任何人得到架构中的任何一个minion即可拥有所有的minions,这是不安全的 443 | peer_run 444 | 445 | 默认值:{} 446 | 447 | peer_run参数是用来打开runners在master所允许的minions上,peer_run的配置匹配格式和peer参数的配置一样 下面这个例子允许foo.example.com的minion执行manage.up runner 448 | 449 | peer_run: 450 | foo.example.com: 451 | - manage.up 452 | 453 | nodegroups 454 | 455 | 默认值:{} 456 | 457 | minions允许通过node groups来分成多个逻辑组,每个组由一个组名和复合模式组成 458 | 459 | nodegroups: 460 | group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com or bl*.domain.com' 461 | group2: 'G@os:Debian and foo.domain.com' 462 | 463 | Master日志设置 464 | log_file 465 | 466 | 默认值:/var/log/salt/master 467 | 468 | master的日志可以发送到一个普通文件,本地路径名或者网络位置,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_file 469 | 470 | 例如: 471 | 472 | log_file: /var/log/salt/master 473 | log_file: file:///dev/log 474 | log_file: udp://loghost:10514 475 | 476 | log_level 477 | 478 | 默认值:warning 479 | 480 | 按照日志级别发送信息到控制台,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_level 481 | 482 | log_level: warning 483 | 484 | log_level_logfile 485 | 486 | 默认值:warning 487 | 488 | 按照日志级别发送信息到日志文件,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_level_logfile 489 | 490 | log_level_logfile: warning 491 | 492 | log_datefmt 493 | 494 | 默认值:%H:%M:%S 495 | 496 | 发送到控制台信息所用的日期时间格式,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_datefmt 497 | 498 | log_datefmt: '%H:%M:%S' 499 | 500 | log_datefmt_logfile 501 | 502 | 默认值: %Y-%m-%d %H:%M:%S 503 | 504 | 发送到日志文件信息所用的日期时间格式,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_datefmt_logfile 505 | 506 | log_datefmt_logfile: '%Y-%m-%d %H:%M:%S' 507 | 508 | log_fmt_console 509 | 510 | 默认值: [%(levelname)-8s] %(message)s 511 | 512 | 控制台日志信息格式,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_fmt_console 513 | 514 | log_fmt_console: '[%(levelname)-8s] %(message)s' 515 | 516 | log_fmt_logfile 517 | 518 | 默认值: %(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s 519 | 520 | %(asctime)s:2003-07-08 16:49:45 521 | 522 | %(msecs)03.0f:当前时间的毫秒部分 523 | 524 | %(name):日志记录调用器的名字 525 | 526 | %(levelname):日志记录级别 527 | 528 | %(message)s:日志详细信息 529 | 530 | 日志文件信息格式,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_fmt_logfile 531 | 532 | log_fmt_logfile: '%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s' 533 | 534 | log_granular_levels 535 | 536 | 默认值:{} 537 | 538 | 这可以更加具体的控制日志记录级别,更多详情请访问 http://docs.saltstack.com/ref/configuration/logging/index.html#std:conf-log-log_granular_levels 539 | Include 配置 540 | 541 | default_include 542 | 543 | 默认值:master.d/*.conf 544 | 545 | master可以从其他文件读取配置,默认情况下master将自动的将master.d/*.conf中的配置读取出来并应用,其中master.d目录是相对存在于主配置文件所在的目录 546 | include 547 | 548 | 默认值:not defined 549 | 550 | master可以包含其他文件中的配置,要启用此功能,通过此参数定义路径或文件,此路径可以是相对的也可以是绝对的,相对的,会被看作相对于主配置文件所在的目录,路径中还可以使用类似于shell风格的通配符,如果没有文件匹配的路径传递给此选项,那么master将会在日志中记录一条警告的消息 551 | 552 | 553 | 554 | # Include files from a master.d directory in the same 555 | # directory as the master config file 556 | include: master.d/* 557 | 558 | # Include a single extra file into the configuration 559 | include: /etc/roles/webserver 560 | 561 | # Include several files and the master.d directory 562 | include: 563 | - extra_config 564 | - master.d/* 565 | - /etc/roles/webserver 566 | 567 | -------------------------------------------------------------------------------- /saltstack的安装与简单配置.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: post 3 | title: saltstack运维自动化-安装 4 | keywords: codepiano 5 | description: saltstack 运维自动化-安装 6 | categories: [tech, sa] 7 | tags: [linux, tech, salt] 8 | group: archive 9 | icon: globe 10 | --- 11 | {% include codepiano/setup %} 12 | 13 | 14 |

15 | 之前使用puppet,各种笨重、各种不爽;之后有看过chef、ansible等,一直没啥兴趣;后面发现了saltstack后,一见钟情。 16 |

17 | 优点: 18 | 19 | 1. 首先,他速度快,基于消息队列+线程,跑完多台设备,都是毫秒级别的 20 | 2. 其次,非常灵活,源码是python,方便理解和自定义模块(python 语言相对于其他的perl、ruby等还是很好理解的) 21 | 3. 命令简单,功能强大 22 | 23 |

24 | 25 | 一、salt-master的安装 26 | ------------------- 27 | 28 |

29 | centos、redhat等系统的安装:

30 | 31 | 32 | 33 | 现在centos下的yum源内有最新的salt-master源码包,安装的话,直接 34 | yum install salt-master -y #服务端 35 | yum install salt-minion -y #客户端 36 | 37 |

38 | ubuntu下的安装:

39 | 40 | 13.04的软件源收录有salt,版本比较老0.12.0版本。但是13.04以下的版本并没有收录,需要添加PPA源 41 | sudo apt-get install salt-master #服务端 42 | sudo apt-get install salt-minion #客户端 43 | 44 |

45 | 13.04以下的版本,需要手工添加ppa源,才可以用包管理器安装saltstack:

46 | 47 | sudo apt-get install python-software-properties 48 | echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee 49 | /etc/apt/sources.list.d/saltstack.list 50 | wget -q -O- "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6" |sudo apt-key add - 51 | sudo apt-get update 52 | sudo apt-get install salt-master 53 | sudo apt-get install salt-minion 54 | 55 | 56 | ---------- 57 | 58 | 59 | 二、配置 60 | ------------- 61 |

62 | server端的配置:vim /etc/salt/master (master的配置文件时默认在这条目录下面的)

63 | user: root 64 | auto_accept: True #自动接收minion端的key并验证 65 | /etc/init.d/salt-master restart 66 |

67 | minion端的配置: vim /etc/salt/minion (minion配置文件的默认路径)

68 | 69 | master: salt (这里填写的是服务端的hostname,我的server名字就是salt) 70 | /etc/init.d/salt-minion restart 71 | salt minion和master的认证过程: 72 | 73 | minion在第一次启动时,会在/etc/salt/pki/minion/下自动生成minion.pem(private key), minion.pub(public key),然后将minion.pub发送给master 74 | master在接收到minion的public key后,通过salt-key命令accept minion public key,这样在master的/etc/salt/pki/master/minions下的将会存放以minion id命名的public key, 然后master就能对minion发送指令了 75 | 76 | 来到master端: 77 | 78 | #salt-key -L # 验证minion的key是否接收 79 | Accepted Keys: 80 | sa10-007 81 | Unaccepted Keys: 82 | Rejected Keys: 83 | 可以发现,是正常接收到minion端(sa10-007)的key;这里的自动接收起源于上文提到的auto_accept: True这个参数,这个参数开启,表示只要有minion起来就会自动被salt的server端所接收 84 | 85 | salt-key的基本命令: 86 | 87 | salt-key -L #检测当前server端所有minion端key的情况,三种:接收、等待接收和拒绝 88 | salt-key -a hostname #指定接收某台minion的key 89 | salt-key -A #接收Unaccepted Keys下所有的minion 90 | salt-key -d hostname #删除已经接收的机器中指定机器minion key (Accepted Keys:) 91 | salt-key -D #删除已经接收的所有机器(Accepted Keys:) 92 | 93 | 验证server和minion的通信(server端进行): 94 | 95 | #salt '*' test.ping 96 | sa10-007: 97 | True 98 | 可以发现,server端和minion端是可以正常通信的,至此,saltstack的master和minion正常安装以及配置完成 99 | ,后续 将整理salt的基本使用 -------------------------------------------------------------------------------- /salt匹配minion以及自定义用户组nodegroup.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 前提:操作在master在进行 4 | minion id minion的唯一标示。默认情况minion id是minion的主机名(FQDN),你可以通过id来指定minion的名字. 5 | salt默认使用shell样式,当然也可以在states.sls中定义。本文主要记录的是匹配minion,以为只有正确的匹配,才是你以后批量管理机器的前提。 6 | 7 | 匹配当前所有的minion: 8 | 9 | root@salt ~ # salt '*' test.ping 10 | cdn20-002: 11 | True 12 | cdn20-001: 13 | True 14 | app10-104: 15 | True 16 | cdn20-003: 17 | True 18 | 其中 '*' 是匹配当前saltmaster接收到所有minion客户端;test.ping是salt默认的验证通信命令 19 | 匹配以cdn开头的所有机器: 20 | 21 | root@salt ~ # salt 'cdn*' test.ping 22 | cdn20-002: 23 | True 24 | cdn20-005: 25 | True 26 | cdn20-004: 27 | True 28 | cdn20-001: 29 | True 30 | cdn20-003: 31 | True 32 | 匹配cdn20-001/004的机器: 33 | 34 | root@salt ~ # salt 'cdn20-00[1-4]' test.ping 35 | cdn20-002: 36 | True 37 | cdn20-001: 38 | True 39 | cdn20-003: 40 | True 41 | cdn20-004: 42 | True 43 | minion也可以通过Perl-compatible正则表达式进行匹配.匹配cdn和sa的机器 44 | 45 | root@salt ~ # salt -E 'cdn|sa' test.ping 46 | cdn20-005: 47 | True 48 | cdn20-002: 49 | True 50 | sa10-003: 51 | True 52 | cdn20-004: 53 | True 54 | cdn20-001: 55 | True 56 | cdn20-003: 57 | True 58 | 指定特定的机器进行匹配,比如,我想匹配cdn20-002\cdn20-004: 59 | 60 | root@salt ~ # salt -L 'cdn20-002,cdn20-004' test.ping 61 | cdn20-002: 62 | True 63 | cdn20-004: 64 | True 65 | 66 | 67 | ---------- 68 | 自定义组进行匹配: 69 | ---- 70 | 使用组进行匹配的前提,必要要在master里面定于组的相关信息 71 | 72 | root@salt ~ # vim /etc/salt/master.d/nodegroups.conf 73 | master.d之前的记录已经介绍过,在master里面开启default_include: master.d/*.conf 74 | root@salt ~ # cat /etc/salt/master.d/nodegroups.conf 75 | nodegroups: 76 | my_app: 'app10-091' 77 | squid_20: 'cdn20-*' 78 | mendian: 'app10-114' 79 | person: 'L@app10-112,app10-113' 80 | 查看squid_20这个组的相关信息: 81 | 82 | root@salt ~ # salt -N 'squid_20' test.ping 83 | cdn20-002: 84 | True 85 | cdn20-005: 86 | True 87 | cdn20-004: 88 | True 89 | cdn20-003: 90 | True 91 | cdn20-001: 92 | True 93 | 94 | 95 | 96 | 97 | -------------------------------------------------------------------------------- /salt的grains使用以及cmd.run.md: -------------------------------------------------------------------------------- 1 | grains.items主要用来收集minion端的信息,方便进行信息采集,后续的piller使用,根据硬件信息自动匹配配置文件等。 2 | 基本用法 3 | ----- 4 | grains.ls 5 | 6 | salt '*' grains.ls 显示所有minion的item 7 | 8 | grains.items 9 | 10 | salt '*' grains.items 显示所有minion的item值 11 | 12 | grains.item 13 | 14 | salt '*' grains.item os 显示os的相关信息。如下 : 15 | root@salt ~ # salt 'sa10-003' grains.item os 16 | sa10-003: 17 | os: RedHat 18 | 如果想同时获取多个item,可以在后面接空格后,直接相关item,如下: 19 | 20 | root@salt ~ # salt 'sa10-003' grains.item os osrelease oscodename 21 | sa10-003: 22 | os: RedHat 23 | oscodename: Tikanga 24 | osrelease: 5.8 25 | 26 | 27 | 28 | ---------- 29 | 30 | 31 | 自定义grains: 32 | 首先,现在salt的根目录下(/srv/salt)建一个目录_grains 33 | 34 | mkdir /srv/salt/_grains 35 | cd /srv/salt/_grains 36 | 假设我要取minion端内存的信息 事例如下: 37 | vim mem.py 38 | 39 | # -*- coding: utf-8 -*- 40 | 41 | ''' 42 | Module for squid disk information by python 43 | ''' 44 | import commands 45 | import os 46 | 47 | def cache(): 48 | ''' 49 | Return the memory usage information for volumes mounted on this minion 50 | ''' 51 | grains={} 52 | m = commands.getoutput("free -g|awk '$0~/Mem/ {print$2+1}'") 53 | grains['mem_test']=int(m) 54 | 55 | return grains 56 | 57 | 58 | 同步到minion端 59 | 60 | root@salt _grains # salt 'sa10-003' saltutil.sync_all 61 | sa10-003: 62 | ---------- 63 | grains: 64 | - grains.mem #已经同步过来了 65 | modules: 66 | outputters: 67 | renderers: 68 | returners: 69 | states: 70 | 如果需要更改模块,更改完成后,可以使用下面命令重载: 71 | 72 | salt sa10-003 sys.reload_modules 73 | 验证下之前的自定义grains: 74 | 75 | root@salt _grains # salt sa10-003 grains.item mem_test 76 | sa10-003: 77 | mem_test: 2 78 | sa10-003的内存信息: 79 | 80 | [root@sa10-003 salt]# free -m 81 | total used free shared buffers cached 82 | Mem: 2012 1766 246 0 286 1207 83 | -/+ buffers/cache: 272 1739 84 | Swap: 0 0 0 85 | 在saltmaster上面自定义grains取到的信息和本机是一致的 86 | 87 | 88 | ---------- 89 | 除了salt自带和我们自定义的items可以取到系统信息之外,我们还可以使用shell命令在来达到目的;当然,这需要salt的另外一个强大的命令,cmd.run 90 | 我要取sa10-003的内存信息,可以使用下面的命令: 91 | 92 | root@salt _grains # salt sa10-003 cmd.run 'free -m' 93 | sa10-003: 94 | total used free shared buffers cached 95 | Mem: 2012 1769 242 0 286 1207 96 | -/+ buffers/cache: 275 1736 97 | Swap: 0 0 0 98 | 99 | cmd.run在master端进行操作,后面跟着的是系统相关的shell命令,这种方式,可以实现minion端几乎所有的命令。 100 | 101 | -------------------------------------------------------------------------------- /salt的pillar定义以及使用.md: -------------------------------------------------------------------------------- 1 | Pillar是Salt非常重要的一个组件,它用于给特定的minion定义任何你需要的数据,这些数据可以被Salt的其他组件使用。这里可以看出Pillar的一个特点,Pillar数据是与特定minion关联的,也就是说每一个minion都只能看到自己的数据,所以Pillar可以用来传递敏感数据(在Salt的设计中,Pillar使用独立的加密session,也是为了保证敏感数据的安全性)。 2 | 另外还可以在Pillar中处理平台差异性,比如针对不同的操作系统设置软件包的名字,然后在State中引用等。 3 | 4 | 定义pillar数据 5 | ---- 6 | 7 | 默认情况下,master配置文件中的所有数据都添加到Pillar中,且对所有minion可用。默认如下: 8 | 9 | #pillar_opts: True 10 | master上配置文件中定义pillar_roots,用来指定pillar的数据存储在哪个目录 11 | 12 | pillar_roots: 13 | base: 14 | - /srv/salt/pillar 15 | 16 | 首先,和state系统一样,pillar也是需要一个top.sls文件作为一个入口,用来指定对象。 17 | 18 | base: 19 | '*': 20 | - pillar #这里指定了一个pillar模块 21 | pillar.sls文件: 22 | 23 | ############IDC################ 24 | {% if grains['ip_interfaces'].get('eth0')[0].startswith('10.10') %} 25 | nameservers: ['10.10.9.31','10.10.9.135'] 26 | zabbixserver: ['10.10.9.234'] 27 | {% else %} 28 | nameservers: ['10.20.9.75'] 29 | zabbixserver: ['10.20.9.234'] 30 | {% endif %} 31 | 32 | ######## nginx ######## 33 | ngx_home_dir: /var/cache/nginx 34 | 35 | 上文的IDC这块是我自己整理的通过ip来划分不同的nameserver等,这里只是放出来参考,在State文件中将可以引用Pillar数据,比如引用ngx_home_dir: 36 | 37 | nginx: 38 | pkg: 39 | - installed 40 | user.present: 41 | - home: {{ pillar['ngx_home_dir'] }} 42 | - shell: /sbin/nologin 43 | - require: 44 | - group: nginx 45 | group.present: 46 | - require: 47 | - pkg: nginx 48 | service.running: 49 | - enable: True 50 | - reload: True 51 | - require: 52 | - file: /etc/init.d/nginx 53 | - file: /data1/logs/nginx 54 | - watch: 55 | - file: {{ pillar['ngx_conf_dir'] }}/nginx.conf 56 | - file: {{ pillar['ngx_conf_dir'] }}/fastcgi.conf 57 | - pkg: nginx 58 | 59 | ······ 后面关于配置就省略了 60 | 61 | 在pillar内可以提前将不同的部分根据在pillar内定义好,这样统一配置的时候就可以实现根据机器实际情况配置;比如根据机器的硬件情况配置nginx的worker_processes: 62 | 63 | user nginx; 64 | {% if grains['num_cpus'] < 8 %} 65 | worker_processes {{ grains['num_cpus'] }}; 66 | {% else %} 67 | worker_processes 8; 68 | {% endif %} 69 | worker_rlimit_nofile 65535; 70 | ``````````具体配置省略 71 | 72 | 很多定义的时候,都可以使用到pillar来进行自定义相关数据,具体情况可以自行摸索,这里只是个举例。 -------------------------------------------------------------------------------- /salt的state.sls的使用.md: -------------------------------------------------------------------------------- 1 | 2 | SLS(代表SaLt State文件)是Salt State系统的核心。SLS描述了系统的目标状态,由格式简单的数据构成。这经常被称作配置管理 3 | 首先,在master上面定义salt的主目录,默认是在/srv/salt/下面,vim /etc/salt/master: 4 | 5 | file_roots: 6 | base: 7 | - /srv/salt 8 | dev: 9 | - /srv/salt-dev 10 | 11 | 然后,在/srv/salt下面创建top.sls文件(如果有的话,就不用创建了,直接编辑好了) 12 | vim top.sls 13 | 14 | base: 15 | '*': 16 | top.sls 默认从 base 标签开始解析执行,下一级是操作的目标,可以通过正则,grain模块,或分组名,来进行匹配,再下一级是要执行的state文件 17 | 18 | base: 19 | '*': #通过正则去匹配所有minion 20 | - nginx #这里都是我自己写的state.sls模块名 这里可以无视 后面会提到 21 | 22 | my_app: #通过分组名去进行匹配 必须要定义match:nodegroup 23 | - match: nodegroup 24 | - nginx 25 | 26 | 'os:Redhat': #通过grains模块去匹配,必须要定义match:grain 27 | - match: grain 28 | - nginx 29 | 30 | 整个top.sls大概的格式就是这个样子,编写完top.sls后,编写state.sls文件; 31 | 32 | cd /srv/salt 33 | vim nginx.sls 34 | nginx.sls内容: 35 | 36 | nginx: 37 | pkg: #定义使用(pkg state module) 38 | - installed #安装nginx(yum安装) 39 | service.running: #保持服务是启动状态 40 | - enable: True 41 | - reload: True 42 | - require: 43 | - file: /etc/init.d/nginx 44 | - watch: #检测下面两个配置文件,有变动,立马执行上述/etc/init.d/nginx 命令reload操作 45 | - file: /etc/nginx/nginx.conf 46 | - file: /etc/nginx/fastcgi.conf 47 | - pkg: nginx 48 | /etc/nginx/nginx.conf: #绝对路径 49 | file.managed: 50 | - source: salt://files/nginx/nginx.conf #nginx.conf配置文件在salt上面的位置 51 | - user: root 52 | - mode: 644 53 | - template: jinja #salt使用jinja模块 54 | - require: 55 | - pkg: nginx 56 | 57 | /etc/nginx/fastcgi.conf: 58 | file.managed: 59 | - source: salt://files/nginx/fastcgi.conf 60 | - user: root 61 | - mode: 644 62 | - require: 63 | - pkg: nginx 64 | 65 | 在当前目录下面(salt的主目录)创建files/nginx/nginx.conf、files/nginx/fastcgi.conf文件,里面肯定是你自己项配置的nginx配置文件的内容啦;使用salt做自动化,一般nginx都是挺熟悉的,这里不做详细解释了 66 | 67 | 测试安装: 68 | 69 | root@salt salt # salt 'sa10-003' state.sls nginx test=True 70 | ··········这里省略输出信息 71 | Summary 72 | ------------ 73 | Succeeded: 8 74 | Failed: 0 75 | ------------ 76 | Total: 8 77 | 78 | 往minion上面进行推送的时候,一般salt 'sa10-003' state.sls nginx 这种命令;当然,也可以执行 79 | salt sa10-003 state.highstate 这种命令会默认匹配所有的state.sls模块。其中test=True 是指测试安装 80 | ,也就是不进行实际操作,只是查看测试效果。 81 | ---------- 82 | state的逻辑关系列表: 83 | 84 | include: 包含某个文件 85 | 比如我新建的一个my_webserver.sls文件内,就可以继承nginx和php相关模块配置,而不必重新编写 86 | 87 | root@salt salt # cat my_webserver.sls 88 | include: 89 | - nginx 90 | - php 91 | match: 配模某个模块,比如 之前定义top.sls时候的 match: grain match: nodegroup 92 | require: 依赖某个state,在运行此state前,先运行依赖的state,依赖可以有多个 93 | 比如文中的nginx模块内,相关的配置必须要先依赖nginx的安装 94 | 95 | - require: 96 | - pkg: nginx 97 | watch: 在某个state变化时运行此模块,文中的配置,相关文件变化后,立即执行相应操作 98 | 99 | - watch: 100 | - file: /etc/nginx/nginx.conf 101 | - file: /etc/nginx/fastcgi.conf 102 | - pkg: nginx 103 | order: 优先级比require和watch低,有order指定的state比没有order指定的优先级高,假如一个state模块内安装多个服务,或者其他依赖关系,可以使用 104 | 105 | nginx: 106 | pkg.installed: 107 | - order:1 108 | 想让某个state最后一个运行,可以用last 109 | -------------------------------------------------------------------------------- /test: -------------------------------------------------------------------------------- 1 | test 2 | test 3 | test 4 | test 5 | test 6 | test 7 | test 8 | -------------------------------------------------------------------------------- /基于saltstack的grains和pillar自动化配置squid.md: -------------------------------------------------------------------------------- 1 | 之前的几篇记录了salt的安装、配置、以及各个模块的使用,今天主要基于salt的grains和pillar自动化部署squid缓存服务。 2 | 3 | 动手之前先确定下当前需求: 4 | 5 | 1. 我们有两个机房,两个机房的ip地址是不同的,一个是10.10.开头,另外一个是10.20.开头; 6 | 2. 10.10.开头的机房主要用来缓存js、css等,另外一个机房的squid机器主要用来缓存图片,这两个的配置文件肯定是不同的 7 | 3. 缓存图片服务的squid机器硬盘大小不同,也就是说要做的cache大小肯定也是不同的 8 | 4. 机器的内存并不是统一大小 9 | 10 | 整理如下: 11 | 12 | 1.首先要通过salt自动安装squid服务 13 | 2.要自己编写grains模块收集机器的内存和硬盘大小 14 | 3.要使用pillar确认机器的ip地址是以什么开头的,以此来确认是用来缓存的具体对象 15 | 4.整理具体配置分发到不同服务的squid配置文件内 16 | 17 | 一、先整理squid的安装包 18 | -------------- 19 | 20 | 自己整理好的squid-2.7的rpm包,通过yum的方式来安装 21 | 编写state.sls文件 22 | 在根目录下/srv/salt下进行,vim squid.sls 23 | 24 | squid: 25 | pkg: 26 | - name: ajk-squid #我自己打的rpm包 27 | - installed 28 | user.present: #检测用户,如果没有就创建 squid用户,设置为nologin状态 29 | - home: {{ pillar['squid_home_dir'] }} 30 | - shell: /sbin/nologin 31 | - require: 32 | - group: squid 33 | group.present: #用户组squid 和用户对应 34 | - name: squid 35 | - require: 36 | - pkg: ajk-squid 37 | service.running: #这里保持squid服务是正常运行的状态 38 | - enable: True 39 | - reload: True 40 | - require: 41 | - file: /etc/init.d/squid #squid的启动脚本,也是打包在安装包内的,检测下面的watch内的服务,有变化就执行 42 | - watch: 43 | - file: {{ pillar['squid_conf_dir'] }}/squid.conf 44 | {{ pillar['squid_conf_dir'] }}/squid.conf: 45 | 46 | file.managed: 47 | - source: salt://files/squid/squid.conf # 定义salt内的squid.conf配置文件 48 | - user: root 49 | - mode: 644 50 | - template: jinja #使用jinja模板,这里是为了配置文件内使用pillar 51 | - require: 52 | - pkg: ajk-squid #依赖关系 53 | 54 | {{ pillar['squid_home_dir'] }} 这里在pillar内定义好的,我是为了美观方便;之前填写下面的目录也是可以的 55 | 56 | squid_home_dir: /usr/local/squid-2.7 57 | squid_conf_dir: /usr/local/squid-2.7/etc 58 | 59 | 目前,squid服务的state.sls模块就已经写好了 60 | 61 | 二、收集服务器端的硬件信息 62 | ------------- 63 | 64 | 还是要使用python脚本,在_grains下面编写脚本,编写脚本前确认下配置;我的需求是squid的内存设置为总内存的45%,我squid的硬盘会有三块,挂载为目录cache1、cache2、cache3 。每块盘取90%,如果90%之后大于65G,直接取值65,少于65的话,直接使用90%的值。 65 | 脚本如下: 66 | 67 | vim squid.py 68 | 69 | # -*- coding: utf-8 -*- 70 | 71 | ''' 72 | Module for squid disk information by python2.7.3 73 | ''' 74 | 75 | 76 | import commands 77 | import os 78 | 79 | def cache(): 80 | ''' 81 | Return the cache usage information for volumes mounted on this minion 82 | ''' 83 | grains={} 84 | m = commands.getoutput("free -g|awk '$0~/Mem/ {print$2+1}'") 85 | grains['cache_mem_size']=int(int(m)*(0.45)) 86 | 87 | file = commands.getoutput("df -Th |awk '{print$7}'") 88 | cache = 'cache' 89 | 90 | if cache in file: 91 | 92 | a = commands.getoutput("df -Th |grep cache |awk 'NR==1 {print$3}' |sed 's/G//g'") 93 | b = int(int(a)*(0.9)) 94 | if b >= 65: 95 | grains['cache_disk_size'] = 65*1024 96 | else: 97 | grains['cache_disk_size'] = int(b*1024) 98 | else: 99 | grains['cache_disk_size'] = 'The cache of partition does not exist' 100 | 101 | return grains 102 | 103 | 我的squid机器在salt上面定义了一个组: 104 | root@salt _grains # cat /etc/salt/master.d/nodegroups.conf 105 | 106 | nodegroups: 107 | squid_20: 'cdn20-* 108 | 109 | '然后,加载编写的模块,命令如下 : 110 | 111 | salt -N squid_20 saltutil.sync_all 112 | 113 | 查询编写的模块取值,根据disk信息取值: 114 | 115 | root@salt _grains # salt -N 'squid_20' grains.item cache_disk_size 116 | cdn20-005: 117 | cache_disk_size: 43008 118 | cdn20-001: 119 | cache_disk_size: 66560 120 | 121 | 查询内存信息取值: 122 | 123 | root@salt _grains # salt -N 'squid_20' grains.item cache_mem_size 124 | cdn20-005: 125 | cache_mem_size: 7 126 | cdn20-001: 127 | cache_mem_size: 14 128 | 129 | 三、编写squid.conf的配置文件 130 | ------------------- 131 | 根据上文的目录定义,路径在/srv/salt/files/squid下 132 | vim squid.conf 133 | 134 | {#% if grains['ip_interfaces'].get('eth0')[0].startswith('10.20') %#} (#去掉) 135 | ...........省略具体配置 136 | ## MEMORY CACHE OPTIONS 137 | cache_mem {{ grains['cache_mem_size'] }} GB #内存的大小 138 | ## DISK CACHE OPTIONS 139 | cache_dir aufs /cache1 {{ grains['cache_disk_size'] }} 16 256 #cache的大小 140 | cache_dir aufs /cache2 {{ grains['cache_disk_size'] }} 16 256 141 | cache_dir aufs /cache3 {{ grains['cache_disk_size'] }} 16 256 142 | visible_hostname {{ grains['host'] }} #机器名 143 | {#% else %#} (#去掉) 144 | 缓存js等的配置文件,此处省略 145 | {#% endif %#}(#去掉) 146 | 147 | 这里只是说明下salt需要配置的东西,至于squid具体的配置文件,这里就不多说了 148 | 当然,上述的判断可以在pillar里面做完而不用在配置文件的时候做判断,只不过我感觉那样要多一层逻辑,就直接判断了 ··· 其实是我比较懒···· 149 | 150 | 这样,一个squid的基本安装配置基本就成功了,可以找机器进行测试 151 | 后续,添加机器的话,可以进行直接部署了 152 | 153 | salt hostname state.highstate 或者 salt hostname state.sls squid -------------------------------------------------------------------------------- /基于saltstack的webui的搭建使用halite.md: -------------------------------------------------------------------------------- 1 | salt的运维自动化,肯定不可能一直在终端执行命令去进行批量处理;salt本身提供了一个web ui,叫做halite。本质是在页面执行管理,后端使用的是saltstack api 2 | 3 | 4 | ---------- 5 | 搭建过程: 6 | 7 | git clone https://github.com/saltstack/halite 8 | 克隆halite官方的源码 9 | 10 | cd halite/halite 11 | 12 | python genindex.py -C # 生成index文件 13 | 14 | 安装salt-api,使用python的pip管理安装 15 | 16 | 首先安装pip管理 17 | 18 | wget http://python-distribute.org/distribute_setup.py 19 | 20 | sudo python distribute_setup.py 21 | 22 | wget https://github.com/pypa/pip/raw/master/contrib/get-pip.py 23 | 24 | sudo python get-pip.py 25 | 26 | 安装salt-api 27 | 28 | pip install salt-api 29 | pip install cherrypy 30 | 31 | 在master文件问添加: 32 | 33 | rest_cherrypy: 34 | host: 10.10.3.191 35 | port: 8080 36 | debug: true 37 | static: /halite/halite 38 | app: /halite/halite/index.html 39 | external_auth: 40 | pam: 41 | admin: 42 | - '*' 43 | - '@runner' 44 | - '@wheel' 45 | 46 | 启动: 47 | 48 | #python server_bottle.py -d -C -l debug -s cherrypy 49 | 20140115_102828.079512 Bottle: Running web application server 'cherrypy' on 0.0.0.0:8080. 50 | 20140115_102828.080180 Bottle: CORS is disabled. 51 | 20140115_102828.080669 Bottle: TLS/SSL is disabled. 52 | 20140115_102828.081155 Bottle: Server options: 53 | {} 54 | Bottle v0.12-dev server starting up (using CherryPyServer())... 55 | Listening on http://0.0.0.0:8080/ 56 | Hit Ctrl-C to quit. 57 | 58 | debug模式 查看相关信息,可以得出是以0.0.0.0:8080端口启动的 59 | 60 | 直接salt-api -d启动 61 | 62 | 至此,halite搭建完成,可以通过http://localhost:8080去访问了 63 | 64 | 我这边是在服务器上面搭建的,线下不能直接访问http://localhost:8080,所以,添加到nginx进行转发 65 | 66 | 配置如下: 67 | 68 | [root@sa10-007 halite]# cat /etc/nginx/conf.d/salt.api.conf 69 | server { 70 | listen 80; 71 | server_name 10.10.3.191; 72 | 73 | location / { 74 | proxy_pass http://0.0.0.0:8080; 75 | } 76 | } 77 | 78 | 这样 我就可以在线下直接访问http://10.10.3.191:80 就可以看到halite的web界面了 79 | 80 | 只不过,好像官方的这个halite看起来很纠结,页面操作各种不爽,准备通过api自己写ui了 --------------------------------------------------------------------------------