Salt is a powerful configuration management tool. In this guide you will create Salt state files that are capable of installing and configuring Apache on Ubuntu 18.04, Debian 9, or CentOS 7.
Before You Begin
You will need at least two Linodes with Salt installed. If you have not already, read our Getting Started with Salt - Basic Installation and Setup Guide and follow the instructions for setting up a Salt master and minion.
The following steps will be performed on your Salt master.
NoteThe steps in this guide require root privileges. Be sure to run the steps below asroot
or with thesudo
prefix. For more information on privileges, see our Users and Groups guide.
Setting Up Your Salt Master and Managed Files
Salt Master SLS Files
- Create the
/srv/salt
directory if it does not already exist:mkdir /srv/salt
- Create a Salt top file in
/srv/salt
that will be Salt’s entry point to the Apache configuration:- /srv/salt/top.sls
This top file uses compound matching to target your minions by operating system using Salt Grains. This will allow Salt to choose the appropriate Apache configuration depending on the Linux distribution. These matchers could be extended to be even more specific. For instance, if you wanted to only target minions with the ID ofweb-server
that are running on Ubuntu, you can typeweb* and G@os:Ubuntu
.
Pillar Files
- Create the
/srv/pillar
directory if it does not already exist:mkdir /srv/pillar
- Create a Pillar top file. This top file references the
apache.sls
Pillar file that you will create in the next step:- /srv/pillar/top.sls
- Create the
apache.sls
file that was referenced in the previous step. This file defines Pillar data that will be used inside our Apache state file in the next section, in this case your domain name. Replaceexample.com
with your domain:- /srv/pillar/apache.sls
Website Files
- Create a directory for your website files in the
/srv/salt
directory. Replaceexample.com
with your website domain name:mkdir /srv/salt/example.com
This directory will be accessible from your Salt state files atsalt://example.com
. - Create an
index.html
file for your website in the/srv/salt/example.com
directory, substitutingexample.com
for the folder name you chose in the previous step. You will use this file as a test to make sure your website is functioning correctly.- /srv/salt/example.com/index.html
Configuration Files
- Create a folder for your additional configuration files at
/srv/salt/files
. These files will be accessible atsalt://files
.mkdir /srv/salt/files
- Create a file called
tune_apache.conf
in/srv/salt/files
and paste in the following block:- /srv/salt/files/tune_apache.conf
This MPM prefork module provides additional tuning for your Apache installation. This file will be managed by Salt and installed into the appropriate configuration directory in a later step. - If you will be installing Apache on a CentOS machine, create a file called
include_sites_enabled.conf
in/srv/salt/files
and paste in the following:- /srv/salt/files/include_sites_enabled.conf
This file will allow us to use file directories like those found on Debian installations to help organize the Apache configuration.
Creating the Apache State File for Debian and Ubuntu
Individual Steps
This guide will be going through the process of creating the Apache for Debian and Ubuntu state file step by step. If you would like to view the entirety of the state file, you can view it at the end of this section.
- Create a state file named
apache-debian.sls
in/srv/salt
and open it in a text editor of your choice. - Instruct Salt to install the
apache2
package and start theapache2
service:- /srv/salt/apache-debian.sls
Here Salt makes sure theapache2
package is installed withpkg.installed
. Likewise, it ensures theapache2
service is running and enabled underservice.running
. Also underservice.running
,apache-debian.sls
usesrequire
to ensure that this command does not run before theapache2
package is installed. Thisrequire
step will be repeated throughoutapache-debain.sls
.Lastly, awatch
statement is employed to restart theapache2
service if your site’s configuration file changes. You will define that configuration file in a later step. Note that this configuration file is named using the domain you supplied when creating your Salt Pillar file in the first section. This Pillar data will be used throughoutapache-debian.sls
. - Turn off KeepAlive:
- /srv/salt/apache-debian.sls
KeepAlive allows multiple requests to be sent over the same TCP connection. For the purpose of this guide KeepAlive will be disabled. To disable it, Salt is instructed to find the KeepAlive directive in/etc/apache2/apache2.conf
by matching a pattern and replacing it withKeepAlive Off
.show_changes
instructs Salt to display any changes it has made during a highstate. - Transfer
tune_apache.conf
to your minion and enable it:- /srv/salt/apache-debian.sls
This step takes thetune_apache.conf
file you created in the Configuration Files step and transfers it to your Salt minion. Then, Salt enables that configuration file with the apache_conf module. - Create the necessary directories:
- /srv/salt/apache-debian.sls
- Disable the default virtual host configuration file:
- /srv/salt/apache-debian.sls
This step uses Salt’s apache_site module to disable the default Apache virtual host configuration file, and is the same as runninga2dissite
on a Debian-based machine. - Create your site’s virtual host configuration file:
- /srv/salt/apache-debian.sls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
... /etc/apache2/sites-available/{{ pillar['domain'] }}.conf: apache.configfile: - config: - VirtualHost: this: '*:80' ServerName: - {{ pillar['domain'] }} ServerAlias: - www.{{ pillar['domain'] }} DocumentRoot: /var/www/html/{{ pillar['domain'] }}/public_html ErrorLog: /var/www/html/{{ pillar['domain'] }}/log/error.log CustomLog: /var/www/html/{{ pillar['domain'] }}/log/access.log combined ...
This step uses Salt’s apache module, (not to be confused with theapache_site
module used in the previous step), to create your site’s virtual host configuration file. Thethis
variable signifies what would traditionally be include withVirtualHost
within angle brackets in an Apache configuration file:<VirtualHost *:80>
. - Enable your new virtual host configuration file:
- /srv/salt/apache-debian.sls
This step uses the sameapache_site
module you used to disable the default virtual host file to enable your newly created virtual host file.apache_site.enabled
creates a symlink from/etc/apache2/sites-available/example.com.conf
to/etc/apache2/sites-enabled/example.com.conf
and is the same as runninga2ensite
on a Debian-based machine. - Transfer your
index.html
website file to your minion:- /srv/salt/apache-debian.sls
Any changes made to yourindex.html
file on your Salt master will be propagated to your minion.Note
Complete State File
The complete
apache-debian.sls
file looks like this:- /srv/salt/apache-debian.sls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69
apache2: pkg.installed apache2 Service: service.running: - name: apache2 - enable: True - require: - pkg: apache2 Turn Off KeepAlive: file.replace: - name: /etc/apache2/apache2.conf - pattern: 'KeepAlive On' - repl: 'KeepAlive Off' - show_changes: True - require: - pkg: apache2 /etc/apache2/conf-available/tune_apache.conf: file.managed: - source: salt://files/tune_apache.conf - require: - pkg: apache2 Enable tune_apache: apache_conf.enabled: - name: tune_apache - require: - pkg: apache2 /var/www/html/{{ pillar['domain'] }}: file.directory /var/www/html/{{ pillar['domain'] }}/log: file.directory /var/www/html/{{ pillar['domain'] }}/backups: file.directory /var/www/html/{{ pillar['domain'] }}/public_html: file.directory 000-default: apache_site.disabled: - require: - pkg: apache2 /etc/apache2/sites-available/{{ pillar['domain'] }}.conf: apache.configfile: - config: - VirtualHost: this: '*:80' ServerName: - {{ pillar['domain'] }} ServerAlias: - www.{{ pillar['domain'] }} DocumentRoot: /var/www/html/{{ pillar['domain'] }}/public_html ErrorLog: /var/www/html/{{ pillar['domain'] }}/log/error.log CustomLog: /var/www/html/{{ pillar['domain'] }}/log/access.log combined {{ pillar['domain'] }}: apache_site.enabled: - require: - pkg: apache2 /var/www/html/{{ pillar['domain'] }}/public_html/index.html: file.managed: - source: salt://{{ pillar['domain'] }}/index.html
Creating an Apache State File for CentOS
Individual Steps
- Create a file called
apache-centos.sls
in/srv/salt
and open it in a text editor of your choice. - On CentOS Apache is named
httpd
. Instruct Salt to installhttpd
and run thehttpd
service:- /srv/salt/apache-centos.sls
Here Salt makes sure thehttpd
package is installed withpkg.installed
. Likewise, it ensures thehttpd
service is running and enabled underservice.running
. Also underservice.running
,apache-debian.sls
usesrequire
to ensure that this command does not run before thehttpd
package is installed. Thisrequire
step will be repeated throughoutapache-centos.sls
.Lastly, awatch
statement is employed to restart thehttpd
service if your site’s configuration file changes. You will define that configuration file in a later step. Note that this configuration file is named using the domain you supplied when creating your Salt Pillar file in the first section. This Pillar data will be used throughoutapache-centos.sls
. - Turn off KeepAlive:
- /srv/salt/apache-centos.sls
KeepAlive allows multiple requests to be sent over the same TCP connection. For the purpose of this guide KeepAlive will be disabled. To disable it, Salt is instructed to find the KeepAlive directive in/etc/httpd/conf/httpd.conf
by matching a pattern and replacing it withKeepAlive Off
.show_changes
instructs Salt to display any changes it has made during a highstate. - Change the DocumentRoot:
- /srv/salt/apache-centos.sls
Similar to the last step, in this stepsalt-centos.sls
instructs Salt to search for the DocumentRoot directive in Apache’shttpd.conf
file, and replaces that line with the new document root. This allows for the use of a Debian-style site directory architecture. - Transfer the
tune_apache.conf
andinclude_sites_enabled.conf
to your minion.- /srv/salt/apache-centos.sls
- Create the necessary directories:
- srv/salt/apache-centos.sls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
... /etc/httpd/sites-available: file.directory /etc/httpd/sites-enabled: file.directory /var/www/html/{{ pillar['domain'] }}: file.directory /var/www/html/{{ pillar['domain'] }}/backups: file.directory /var/www/html/{{ pillar['domain'] }}/public_html: file.directory ...
- Create your site’s virtual host configuration file:
- /srv/salt/apache-centos.sls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
... /etc/httpd/sites-available/{{ pillar['domain'] }}.conf: apache.configfile: - config: - VirtualHost: this: '*:80' ServerName: - {{ pillar['domain'] }} ServerAlias: - www.{{ pillar['domain'] }} DocumentRoot: /var/www/html/{{ pillar['domain'] }}/public_html file.symlink: - target: /etc/httpd/sites-enabled/{{ pillar['domain'] }}.conf - force: True ...
This step uses Salt’s apache module to create your site’s virtual host configuration file. Thethis
variable signifies what would traditionally be include withVirtualHost
within angle brackets in an Apache configuration file:<VirtualHost *:80>
. - Transfer your
index.html
website file to your minion:- /srv/salt/apache-debian.sls
Any changes made to yourindex.html
file on your Salt master will be propigated to your minion. - Configure your firewall to allow http and https traffic:
- /srv/salt/apache-centos.sls
Note
It is imperative that you list all ports you need open to your machine in this section. Failure to list these ports will result in their closure by Salt.
Complete State File
The complete
apache-centos.sls
file looks like this:- /srv/salt/apache-centos.sls
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
httpd: pkg.installed httpd Service: service.running: - name: httpd - enable: True - require: - pkg: httpd - watch: - file: /etc/httpd/sites-available/{{ pillar['domain'] }}.conf Turn off KeepAlive: file.replace: - name: /etc/httpd/conf/httpd.conf - pattern: 'KeepAlive On' - repl: 'KeepAlive Off' - show_changes: True - require: - pkg: httpd Change DocumentRoot: file.replace: - name: /etc/httpd/conf/httpd.conf - pattern: 'DocumentRoot "/var/www/html"' - repl: 'DocumentRoot "/var/www/html/{{ pillar['domain'] }}/public_html"' - show_changes: True - require: - pkg: httpd /etc/httpd/conf.d/tune_apache.conf: file.managed: - source: salt://files/tune_apache.conf - require: - pkg: httpd /etc/httpd/conf.d/include_sites_enabled.conf: file.managed: - source: salt://files/include_sites_enabled.conf - require: - pkg: httpd /etc/httpd/sites-available: file.directory /etc/httpd/sites-enabled: file.directory /var/www/html/{{ pillar['domain'] }}: file.directory /var/www/html/{{ pillar['domain'] }}/backups: file.directory /var/www/html/{{ pillar['domain'] }}/public_html: file.directory /etc/httpd/sites-available/{{ pillar['domain'] }}.conf: apache.configfile: - config: - VirtualHost: this: '*:80' ServerName: - {{ pillar['domain'] }} ServerAlias: - www.{{ pillar['domain'] }} DocumentRoot: /var/www/html/{{ pillar['domain'] }}/public_html file.symlink: - target: /etc/httpd/sites-enabled/{{ pillar['domain'] }}.conf - force: True /var/www/html/{{ pillar['domain'] }}/public_html/index.html: file.managed: - source: salt://{{ pillar['domain'] }}/index.html Configure Firewall: firewalld.present: - name: public - ports: - 22/tcp - 80/tcp - 443/tcp
Running the Apache State File
On your Salt master, issue a highstate command:
salt '*' state.apply
After a few moments you should see a list of Salt commands and a summary of their successes. Navigate to your website’s domain name if you have your DNS set up already, or your website’s public IP address. You should see your
index.html
file. You have now used Salt to configure Apache. Visit the links in the section below for more information.More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
Không có nhận xét nào:
Đăng nhận xét