Saltstack配置管理
#参考:https://github.com/unixhot/saltbook-code
#修改master端配置文件
vim /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
#重启master端服务
/etc/init.d/salt-master restart
#创建相关目录
mkdir /srv/salt/{base,test,prod} -p
cd /srv/salt/
mv apache.sls top.sls base/
vim /srv/salt/base/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://files/resolv.conf
- user: root
- gruop: root
- mode: 644
mkdir /srv/salt/base/files -p
cp /etc/resolv.conf /srv/salt/base/files/
salt '*' state.sls dns
#######利用top来管理#####
vim /srv/salt/base/top.sls
base:
'*':
- dns
salt '*' state.highstate
#######模版变量用法#####
vim /srv/salt/base/top.sls
base:
'*':
- dns
vim /srv/salt/base/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://files/resolv.conf
- user: root
- gruop: root
- mode: 644
- template: jinja
- defaults:
DNS_SERVER: 10.0.0.2
vim /srv/salt/base/files/resolv.conf
#by zon
# {{ grains['fqdn_ip4'] }}
nameserver {{ DNS_SERVER }}
nameserver 223.6.6.6
salt '*' state.highstate
###
1.系统初始化
2.功能模块
3.业务模块
##系统初始化##
mkdir /srv/salt/base/init -p
cd /srv/salt/base/
mv apache.sls dns.sls files/ /tmp/
cp /tmp/dns.sls init/
vim ./init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- gruop: root
- mode: 644
mkdir /srv/salt/base/init/files -p
cd /srv/salt/base/init
cp /etc/resolv.conf files/
vim history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami`"
vim audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
vim sysctl.sls
vm.swappiness:
sysctl.present:
- value: 1
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 680000
vim env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
cd /srv/salt/base
vim top.sls
base:
'*':
- init.env_init
#测试
salt '*' state.highstate test=Ture
#记录history命令到log中
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
##功能模块##
mkdir /srv/salt/prod/pkg -p
mkdir /srv/salt/prod/haproxy/files -p
cd /srv/salt/prod/pkg/
vim pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
cd /usr/local/src/
rz
tar zxf haproxy-1.6.2.tar.gz
cd haproxy-1.6.2
make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
vim ./examples/haproxy.init
BIN=/usr/local/haproxy/sbin/$BASENAME
#sed -i "s#BIN=/usr/sbin/#BIN=/usr/local/haproxy/sbin/#g" /srv/salt/prod/haproxy/files/haproxy-1.6.2/examples/haproxy.init
cp ./examples/haproxy.init /srv/salt/prod/haproxy/files/
cd /srv/salt/prod/haproxy/
vim install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src/ && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list |grep haproxy
- require:
- file: haproxy-init
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
salt 'linux-node1*' state.sls haproxy.install env=prod
##业务模块##
mkdir /srv/salt/prod/cluster/files -p
cd /srv/salt/prod/cluster/files
vim haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 10.0.0.11:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.7:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.8:8080 check inter 2000 rise 30 fall 15
cd /srv/salt/prod/cluster
vim haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service
cd /srv/salt/base
vim top.sls
base:
'*':
- init.env_init
prod:
'linux-node1.example.com':
- cluster.haproxy-outside
'linux-node2.example.com':
- cluster.haproxy-outside
#测试启动
salt '*' state.highstate test=True
salt '*' state.highstate
#调整10.0.0.7-apache-web服务
sed -i "s#Listen 80#Listen 8080#g" /etc/httpd/conf/httpd.conf
/etc/init.d/httpd start
echo 'linux-node1' >>/var/www/html/index.html
#调整10.0.0.8-apache-web服务
sed -i "s#Listen 80#Listen 8080#g" /etc/httpd/conf/httpd.conf
/etc/init.d/httpd start
echo 'linux-node2' >>/var/www/html/index.html
#登录haproxy-web
http://10.0.0.8:8888/haproxy-status
#用户名密码,24行
cat /srv/salt/prod/cluster/files/haproxy-outside.cfg
###
cd /usr/local/src
wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
tar zxf keepalived-1.2.19.tar.gz
cd keepalived-1.2.19
./configure --prefix=/usr/local/keepalived --disable-fwmark
make && make install
#keepalived启动脚本
vim /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.init
#keepalived模版配置文件
vim /usr/local/src/keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf
#######
mkdir /srv/salt/prod/keepalived/files -p
cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.init /srv/salt/prod/keepalived/files
cp /usr/local/src/keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf /srv/salt/prod/keepalived/files
cp /usr/local/keepalived/etc/sysconfig/keepalived /srv/salt/prod/keepalived/files/keepalived.sysconfig
ll /srv/salt/prod/keepalived/files
cd /srv/salt/prod/keepalived/files
sed -i "s#daemon keepalived#daemon /usr/local/keepalived/sbin/keepalived#g" /srv/salt/prod/keepalived/files/keepalived.init
cd /srv/salt/prod/keepalived
vim install.sls
include:
- pkg.pkg-init
keepalived-install:
file.managed:
- name: /usr/local/src/keepalived-1.2.19.tar.gz
- source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- pkg: pkg-init
- file: keepalived-install
keepalived-init:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived.init
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: keepalived-init
/etc/sysconfig/keepalived:
file.managed:
- source: salt://keepalived/files/keepalived.sysconfig
- user: root
- group: root
- mode: 644
/etc/keepalived:
file.directory:
- user: root
- group: root
- mode: 755
salt '*' state.sls keepalived.install env=prod
##
vim /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
keepalived-service:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://cluster/files/haproxy-outside-keepalived.conf
- user: root
- group: root
- mode: 644
- template: jinja
{% if grains['fqdn'] == 'linux-node1.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains['fqdn'] == 'linux-node2.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable: True
- watch:
- file: keepalived-service
##
vim /srv/salt/prod/cluster/files/haproxy-outside-keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
}
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.11
}
}
salt '*' state.sls cluster.haproxy-outside-keepalived env=prod
##
vim /srv/salt/base/top.sls
base:
'*':
- init.env_init
prod:
'linux-node1.example.com':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'linux-node2.example.com':
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
salt '*' state.highstate
###改轮询#
sed -i "s#balance source#balance roundrobin#g" /srv/salt/prod/cluster/files/haproxy-outside.cfg
salt '*' state.highstate
###zabbix
vim /srv/salt/base/init/zabbix_agent.sls
zabbix-agent-install:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- defaults:
Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
- require:
- pkg: zabbix-agent-install
service.running:
- name: zabbix-agent
- enable: True
- watch:
- pkg: zabbix-agent-install
- file: zabbix-agent-install
##
vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar/base
mkdir /srv/pillar/base
/etc/init.d/salt-master restart
##
vim /srv/pillar/base/top.sls
base:
'*':
- zabbix
##
vim /srv/pillar/base/zabbix.sls
zabbix-agent:
Zabbix_Server: 10.0.0.7
cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/
vim /srv/salt/base/init/files/zabbix_agentd.conf
Server={{ Server }}
##
vim /srv/salt/base/init/env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.zabbix_agent
##
salt '*' state.highstate