Linux运维： Saltstack 自动化运维（一）

最新推荐文章于 2021-07-18 15:52:51 发布

For_myself0

最新推荐文章于 2021-07-18 15:52:51 发布

阅读量430

点赞数

分类专栏： linux运维

本文链接：https://blog.csdn.net/For_myself0/article/details/81109812

版权

linux运维专栏收录该内容

13 篇文章 0 订阅

订阅专栏

Saltstack部署

一、安装 salt

1个master（server3）
2个minion（server4、server5）

1、配置yum源（以master为例）

[root@server3 ~]# cat /etc/yum.repos.d/rhel-source.repo 
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.120.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[slat]  
name=slatstack
baseurl=http://172.25.120.250/pub/rhel6
gpgcheck=0

第三方软件库 salt 配置

##注意：rhel6目录必须全是rpm包！
##createrepo -v /var/www/html/pub/rhel6/
##/var/www/html/pub/rhel6/下会生成repodata文件
[kiosk@foundation120 Desktop]$ ls /var/www/html/pub/rhel6/
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm

2、查看yum源

[root@server3 ~]# yum repolist
repo id          repo name                                                status
rhel-source      Red Hat Enterprise Linux 6Server - x86_64 - Source       3,690
slat             slatstack                                                   29
repolist: 3,719

[root@server3 ~]# yum list salt-*
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
salt.noarch                            2016.11.3-1.el6                      slat
salt-api.noarch                        2016.11.3-1.el6                      slat
salt-cloud.noarch                      2016.11.3-1.el6                      slat
salt-master.noarch                     2016.11.3-1.el6                      slat
salt-minion.noarch                     2016.11.3-1.el6                      slat
salt-ssh.noarch                        2016.11.3-1.el6                      slat
salt-syndic.noarch

3、安装 salt-master（minion端安装salt-minion）

[root@server3 ~]# yum install -y salt-master

二、配置 salt

1、master 端

[root@server3 ~]# cd /etc/salt/
[root@server3 salt]# vim master
  14 # The address of the interface to bind to:
  15 interface: 172.25.120.3

[root@server3 salt]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]
[root@server3 salt]# netstat -antple
tcp        0      0 172.25.120.3:4506           0.0.0.0:*                   LISTEN      0          14121      1427/python2.6 
BLISHED 0          17107      1421/python2.6      
tcp        0      0 172.25.120.3:4505

4505端口：链接用的，发布订阅
4506端口：请求响应，模式为：zmq（消息队列）

2、minion端（两台主机操作一致）

[root@server4 ~]# cd /etc/salt/
[root@server4 salt]# vim minion
 15 # resolved, then the minion will fail to start.
 16 master: 172.25.120.3
[root@server4 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server4 daemon: OK

启动ok后，会生成 minion_id文件
注意：修改 IP 或 hostname 时，必须删除该文件

[root@server4 salt]# ls
cloud           cloud.maps.d       master    minion.d   proxy
cloud.conf.d    cloud.profiles.d   master.d  minion_id  proxy.d
cloud.deploy.d  cloud.providers.d  minion    pki        roster

3、master 端

显示minion

[root@server3 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server4
server5
Rejected Keys:

A：全部添加；a：添加指定主机

[root@server3 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4
server5
Proceed? [n/Y] Y
Key for minion server4 accepted.
Key for minion server5 accepted.
[root@server3 salt]# salt-key -L
Accepted Keys:
server4
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:

salt-key : 实质上，是将master和minion的公钥互换

master端：(以master.pub为例)

[root@server3 master]# pwd
/etc/salt/pki/master
[root@server3 master]# ls
master.pem  minions           minions_denied  minions_rejected
master.pub  minions_autosign  minions_pre
[root@server3 master]# md5sum master.pub
c39940d38b03b9ca39417902e632d63c  master.pub

minion端：

[root@server4 minion]# pwd
/etc/salt/pki/minion
[root@server4 minion]# ls
minion_master.pub  minion.pem  minion.pub
[root@server4 minion]# md5sum minion_master.pub
c39940d38b03b9ca39417902e632d63c  minion_master.pub

三、查看salt的相关信息

1、master端查看tree结构

[root@server3 pki]# pwd
/etc/salt/pki
[root@server3 pki]# tree .
.
├── master
│   ├── master.pem
│   ├── master.pub
│   ├── minions
│   │   ├── server4
│   │   └── server5
│   ├── minions_autosign
│   ├── minions_denied
│   ├── minions_pre
│   └── minions_rejected
└── minion

2、minion查看tree结构

[root@server4 salt]# cd pki/
[root@server4 pki]# tree .
.
├── master
└── minion
    ├── minion_master.pub
    ├── minion.pem
    └── minion.pub

3、查看链接情况

[root@server3 pki]# lsof -i :4505
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1421 root   16u  IPv4  14111      0t0  TCP 172.25.120.3:4505 (LISTEN)
salt-mast 1421 root   18u  IPv4  17107      0t0  TCP 172.25.120.3:4505->172.25.120.5:58887 (ESTABLISHED)
salt-mast 1421 root   19u  IPv4  17120      0t0  TCP 172.25.120.3:4505->172.25.120.4:49831 (ESTABLISHED)
[root@server3 pki]# lsof -i :4506
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1427 root   24u  IPv4  14121      0t0  TCP 172.25.120.3:4506 (LISTEN)

4、查看python端口进程

[root@server3 pki]#yum install -y python-setproctitle.x86_64
[root@server3 pki]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]

[root@server3 pki]# ps ax
 3356 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ProcessMan
 3357 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Multiproce
 3358 ?        Sl     0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ZeroMQPubS
 3361 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d EventPubli
 3363 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Maintenanc
 3364 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_
 3365 ?        Sl     0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorkerQue
 3366 ?        Sl     0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-0
 3372 ?        Sl     0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-1
 3374 ?        Sl     0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-2
 3375 ?        Sl     0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-3
 3376 ?        Sl     0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-4

5、测试salt服务

[root@server3 master]# salt '*' test.ping
server5:
    True
server4:
    True

[root@server3 master]# salt '*' cmd.run hostname
server5:
    server5
server4:
    server4

四、配置自动化部署

master端：

1、修改配置文件

[root@server3 ~]# cd /etc/salt/
[root@server3 salt]# vim master
 534 file_roots:
 535   base:
 536     - /srv/salt

[root@server3 salt]# mkdir /srv/salt
[root@server3 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]

2、配置部署脚本

同样的id，同样的模块只能掉用1次！！
yum源必须ok！

[root@server3 salt]# cd /srv/salt
[root@server3 salt]# mkdir httpd
[root@server3 salt]# cd httpd/
[root@server3 httpd]# vim apache.sls
apache-install:     ##格式1
  pkg.installed:
    - pkgs:
      - httpd
      - php

3、测试、执行脚本

测试

[root@server3 httpd]# salt server4 state.sls httpd.apache test=true
server4:
----------
          ID: apache-install
    Function: pkg.installed
      Result: None
     Comment: The following packages would be installed/updated: httpd, php
     Started: 10:53:39.185588
    Duration: 327.12 ms
     Changes:   

Summary for server4
------------
Succeeded: 1 (unchanged=1)
Failed:    0
------------

执行，回传结果

[root@server3 httpd]# salt server4 state.sls httpd.apache 
Summary for server4
------------
Succeeded: 1 (changed=1)
Failed:    0
------------
Total states run:     1
Total run time:  18.215 s

4、minion端查看

[root@server4 ~]# rpm -q httpd php ##安装ok
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64

5、脚本格式2

[root@server3 httpd]# pwd
/srv/salt/httpd
[root@server3 httpd]# cat apache.sls
httpd:
  pkg.installed

php:
  pkg.installed

执行结果：结果反馈ok，说明脚本格式正确！

[root@server3 httpd]# salt server4 state.sls httpd.apache 
server4:
----------
          ID: httpd
    Function: pkg.installed
      Result: True
     Comment: Package httpd is already installed
     Started: 10:55:42.040815
    Duration: 320.055 ms
     Changes:   
----------
          ID: php
    Function: pkg.installed
      Result: True
     Comment: Package php is already installed
     Started: 10:55:42.361039
    Duration: 0.558 ms
     Changes:   

Summary for server4
------------
Succeeded: 2
Failed:    0
------------

五、salt 服务部署

1、apache 服务部署

[root@server3 httpd]# vim apache.sls 
apache-service:
  service.running:
    - name: httpd
    - enable: True

[root@server3 httpd]# salt server4 state.sls httpd.apache 
server4:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 11:35:50.028076
    Duration: 176.266 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for server4
------------
Succeeded: 2 (changed=1)
Failed:    0
------------

查看server4的httpd状态

[root@server4 ~]# netstat -antple | grep http
tcp        0      0 :::80                       :::*                        LISTEN      0          15909      1684/httpd

2、更改httpd的默认端口

minion端：

[root@server4 ~]# cd /etc/httpd/conf
[root@server4 conf]# scp httpd.conf server3:/srv/salt/httpd/files

master端：

[root@server3 httpd]# pwd
/srv/salt/httpd
[root@server3 httpd]# mkdir files
[root@server3 httpd]# vim files/httpd.conf  ##修改端口

[root@server3 httpd]# vim apache.sls    ##修改脚本
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config

master再次推送

[root@server3 httpd]# salt server4 state.sls httpd.apache
server4:
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf updated
     Started: 11:43:36.819359
    Duration: 63.22 ms
     Changes:   
              ----------
              diff:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service reloaded
     Started: 11:43:36.907022
    Duration: 58.512 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for server4
------------
Succeeded: 3 (changed=2)
Failed:    0
------------

minion端查看：

[root@server4 conf]# netstat -antple | grep http
tcp        0      0 :::8080                     :::*                        LISTEN      0          16263      1684/httpd

3、多种格式

[root@server3 httpd]# vim apache.sls
apache-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php

  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-install

[root@server3 httpd]# vim apache.sls
apache-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php

  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-install

/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

4、节耦（安装、管理分开）

[root@server3 httpd]# pwd
/srv/salt/httpd
[root@server3 httpd]# ls
files  install.sls  service.sls
[root@server3 httpd]# cat service.sls 
include:
  - httpd.install

/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

httpd:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: /etc/httpd/conf/httpd.conf

六、salt源码部署nginx

1、配置nginx目录

[root@server3 nginx]# pwd
/srv/salt/nginx
[root@server3 nginx]# mkdir files
[root@server3 files]# ls
nginx-1.10.1.tar.gz
[root@server3 files]# cd ..
[root@server3 nginx]# vim install.sls 
nginx-install:
  pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel

  file.managed:
    - name: /opt/nginx-1.10.1.tar.gz
    - source: salt://nginx/files/nginx-1.10.1.tar.gz

  cmd.run:
    - name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
    - creates: /usr/local/nginx

[root@server3 nginx]# salt server5 state.sls nginx.install
Summary for server5
------------
Succeeded: 5 (changed=1)
Failed:    0
------------

minion端：

[root@server5 opt]# cd /usr/local/nginx/
[root@server5 nginx]# ls
conf  html  logs  sbin

2、配置nginx

pkgs：依赖性；（相当于python的模块）
users：创建用户；

[root@server3 salt]# pwd
/srv/salt
[root@server3 salt]# ls
httpd  nginx  pkgs  users

pkgs内容

[root@server3 salt]# cat pkgs/make.sls 
make:
  pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel

users内容：

[root@server3 salt]# cat users/nginx.sls 
nginx-group:
  group.present:
    - name: nginx
    - gid: 800

nginx-user:
  user.present:
    - name: nginx
    - shell: /sbin/nologin
    - home: /usr/local/nginx
    - createhome: false
    - uid: 800
    - gid: 800

nginx内容：

[root@server3 salt]# ls nginx/
files  install.sls  server.sls
[root@server3 salt]# ls nginx/files/
nginx  nginx-1.10.1.tar.gz  nginx.conf

nginx启动脚本（物理主机：saltstack）
nginx安装脚本

[root@server3 salt]# cat nginx/install.sls 
include:
  - pkgs.make
  - users.nginx

nginx-install:
  file.managed:
    - name: /opt/nginx-1.10.1.tar.gz
    - source: salt://nginx/files/nginx-1.10.1.tar.gz

  cmd.run:
    - name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
    - creates: /usr/local/nginx

nginx管理脚本

[root@server3 salt]# cat nginx/server.sls 
include:
  - nginx.install
  - users.nginx

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf

nginx-service:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx
    - mode: 755

  service.running:
    - name: nginx
    - reload: True
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

3、minion测试

master端：修改配置文件，指定用户组：nginx，进程：2

[root@server5 init.d]# ps aux
nginx     5197  0.0  0.2  45636  1976 ?        S    16:14   0:00 nginx: worker process
nginx     5198  0.0  0.2  45636  1908 ?        S    16:14   0:00 nginx: worker process

七、一键部署haproxy

1、部署多节点（3个节点，master主机安装minion）

[root@server3 salt]# yum install -y salt-minion
[root@server3 salt]# cd /etc/salt/
[root@server3 salt]# vim minion     ##master指向：本机，172.25.120.3
[root@server3 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server3 daemon: OK
Starting salt-minion:root:server3 daemon: OK

2、配置yum源

[root@server3 salt]# vim /etc/yum.repos.d/rhel-source.repo

[root@server3 salt]# yum list haproxy
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
haproxy.x86_64                        1.4.24-2.el6                        LoadBalancer

3、配置salt

[root@server3 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server3
Proceed? [n/Y] Y
Key for minion server3 accepted.
[root@server3 salt]# salt-key -L
Accepted Keys:
server3
server4
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:

4、配置haproxy

[root@server3 salt]# cd /srv/salt/
[root@server3 salt]# mkdir haproxy  ##haproxy配置
[root@server3 salt]# vim haproxy/install.sls
haproxy-install:
  pkg.installed:
    - pkgs:
      - haproxy

[root@server3 haproxy]# salt server3 state.sls haproxy.install  ##安装haproxy
server3:
----------
          ID: haproxy-install
    Function: pkg.installed
      Result: True

Summary for server3
------------
Succeeded: 1
Failed:    0
------------

[root@server3 salt]# cd haproxy/
[root@server3 haproxy]# cp /etc/haproxy/haproxy.cfg .
[root@server3 haproxy]# mkdir files ##haproxy源码
[root@server3 haproxy]# mv haproxy.cfg files/
[root@server3 haproxy]# vim install.sls
haproxy-install:
  pkg.installed:
    - pkgs:
      - haproxy

  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://haproxy/files/haproxy.cfg

  service.running:
    - name: haproxy
    - reload: True
    - watch:
      - file: haproxy-install

[root@server3 haproxy]# vim files/haproxy.cfg   ##haproxy配置文件
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main *:80
   # acl url_static       path_beg       -i /static /images /javascript /stylesheets
   # acl url_static       path_end       -i .jpg .gif .png .css .js

   # use_backend static          if url_static
    default_backend             app

backend app
    balance     roundrobin
    server  app1 172.25.120.4:80 check
    server  app2 172.25.120.5:80 check

[root@server3 salt]# vim top.sls    ##注意：httpd端口和默认发布文件
base:
  'server3':
    - haproxy.install
  'server4':
    - httpd.service
  'server5':
    - nginx.server
##高级推送
[root@server3 salt]# salt '*' state.highstate

5、访问 172.25.120.3 （出现轮询ok）

server4：

[root@server4 ~]# cat /var/www/html/index.html
server4

server5：

[root@server5 ~]# cat /usr/local/nginx/html/index.html
server5

轮询测试

[root@server3 ~]# curl 172.25.120.3
server4
[root@server3 ~]# curl 172.25.120.3
server5
[root@server3 ~]# curl 172.25.120.3
server4
[root@server3 ~]# curl 172.25.120.3
server5

For_myself0

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Linux运维： Saltstack 自动化运维（一）

Saltstack部署一、安装 salt1个master（server3）2个minion（server4、server5） 1、配置yum源（以master为例）[root@server3 ~]# cat /etc/yum.repos.d/rhel-source.repo [rhel-source]name=Red Hat Enterprise Linux $rel...
复制链接

扫一扫