一、基础介绍
1、简介
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
通过部署SaltStack环境,我们可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。
2、特性
(1)、部署简单、方便;
(2)、支持大部分UNIX/Linux及Windows环境;
(3)、主从集中化管理;
(4)、配置简单、功能强大、扩展性强;
(5)、主控端(master)和被控端(minion)基于证书认证,安全可靠;
(6)、支持API及自定义模块,可通过Python轻松扩展。
3、说明
Saltstack 比 Puppet 出来晚几年,是基于Python 开发的,也是基于 C/S 架构,服务端 master 和客户端 minions ;Saltstack 和 Puppet 很像,可以说 Saltstatck 整合了 Puppet和Chef的功能,更加强大,更适合大规模批量管理服务器,并且它比Puppet 更容易配置。
三大功能: 远程命令执行,配置管理(服务,文件,cron,用户,组),云管理。
支持系统:大多数都支持,windows 上不支持安装 master。
二、SaltStack部署及案例—httpd
案例一:rpm部署安装httpd
1.修改配置文件
[root@server1 ~]# vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 ~]# mkdir /srv/salt
[root@server1 ~]# /etc/init.d/salt-master restart
2.部署脚本
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
3.测试、执行推送
[root@server1 httpd]# salt server2 state.sls httpd.apache test=true
[root@server1 httpd]# salt server2 state.sls httpd.apache
4.minion端查看,安装成功
[root@server2 ~]# rpm -q httpd php
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64
另一种方法:
[root@server1 httpd]# vim apache.sls
httpd:
pkg.installed
php:
pkg.installed
案例二:部署安装&启动httpd
1.部署脚本
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
apache-service:
service.running:
- name: httpd
- enable: True
2.执行推送
[root@server1 httpd]# salt server2 state.sls httpd.apache
2.minion端查看,开启80端口,启动成功
案例三:安装&启动&配置httpd
1.在httpd中创建files目录用于存放httpd配置文件
[root@server1 ~]# cd /srv/salt/httpd/
[root@server1 httpd]# ls
apache.sls
[root@server1 httpd]# mkdir files
2.minion将配置文件传给master
[root@server2 ~]# scp /etc/httpd/conf/httpd.conf server1:/srv/salt/httpd/files
3.master中更改httpd的端口号为8080
[root@server1 files]# pwd
/srv/salt/httpd/files
[root@server1 files]# vim httpd.conf
136 Listen 8080
4.部署脚本
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
5.执行推送
[root@server1 httpd]# salt server2 state.sls httpd.apache
6.minion端查看,minion(server2)的配置文件端口改为8080,但8080端口未开启,并未加载服务,只有当重启httpd服务时,才会成功加载服务
[root@server2 ~]# vim /etc/httpd/conf/httpd.conf
案例四:安装&启动&配置&加载httpd
注意:只有执行更改配置文件操作后,才会生效
方法一:
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
方法二:
[root@server1 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
- reload: True
- watch: ##监控触发
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
案例五:安装&启动&配置&加载httpd—文件分离
1.安装
[root@server1 httpd]# ls
apache.sls files
[root@server1 httpd]# mv apache.sls install.sls
[root@server1 httpd]# vim service.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
[root@server1 httpd]# salt server2 state.sls httpd.install
2.加载服务
[root@server1 httpd]# vim service.sls
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
3.安装&加载服务
将以上两个文件结合起来,重新写入service.sls文件
[root@server1 httpd]# vim service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache.service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
三、SaltStack部署及案例—源码编译并启动nginx
1.源码编译nginx
1>下载安装包到/srv/salt/nginx/files目录下
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir nginx
[root@server1 salt]# ls
httpd nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# mkdir files
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx-1.12.0.tar.gz
2>部署脚本
[root@server1 nginx]# vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"'/g src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.install
3>执行推送
[root@server1 nginx]# salt server3 state.sls nginx.install
4>测试
minion端(server3)查看进程,则编译成功
2.启动(触发)
1>创建make.sls安装包
make.sls中包含源码编译必须安装的插件
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir pkgs
[root@server1 salt]# cd pkgs/
[root@server1 pkgs]# vim make.sls
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
2>nginx源码编译脚本
[root@server1 salt]# cd nginx/
[root@server1 nginx]# vim install.sls
include:
- pkgs.make
- users.nginx
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"'/g src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
3>创建nginx用户相关信息脚本
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- shell: /sbin/nologin
- home: /usr/local/nginx
- createhome: false
- uid: 800
- gid: 800
4>nginx管理脚本
[root@server1 nginx]# vim service.sls
include:
- nginx.install
- users.nginx
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
5>nginx启脚本
将server2的httpd的启动脚本拷贝给server3,进行修改为nginx启动脚本
[root@server2 ~]# scp /etc/init.d/httpd server3:/etc/init.d/nginx
在server3主机上进行nginx启动脚本的测试
将启动脚本拷贝到master的目录下:
[root@server3 ~]# scp /etc/init.d/nginx server1:/srv/salt/nginx/files
6>master上修改nginx的配置文件
[root@server3 ~]# scp /usr/local/nginx/conf/nginx.conf server1:/srv/salt/nginx/files
3.执行推送,进行测试
[root@server1 nginx]# salt server3 state.sls nginx.service
四、SaltStack部署—多节点推送实现haproxy负载均衡
实验环境:
master:
server1:172.25.51.1
minion:
server1:172.25.51.1
server2:172.25.51.2
server3:172.25.51.3
具体部署如下:
1.添加并配置server1节点为minion
[root@server1 ~]# yum install -y salt-minion -y
[root@server1 ~]# vim /etc/salt/minion
17 master: 172.25.51.1
[root@server1 ~]# /etc/init.d/salt-minion start
[root@server1 ~]# salt-key -L
[root@server1 ~]# salt-key -a server1
2.配置yum源(BalanceLoader),使其具有haproxy安装包
[root@server1 ~]# vim /etc/yum.repos.d/rhel-source.repo
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.51.250/rhel6.5/LoadBalancer
gpgcheck=0
3.部署haproxy脚本,并执行推送于server1
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# ls
httpd nginx pkgs users
[root@server1 salt]# mkdir haproxy
[root@server1 salt]# cd haproxy/
[root@server1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
[root@server1 haproxy]# salt server1 state.sls haproxy.install
4.部署安装&启动脚本
[root@server1 haproxy]# mkdir files
[root@server1 haproxy]# cd files/
[root@server1 files]# cp /etc/haproxy/haproxy.cfg .
[root@server1 files]# cd ..
[root@server1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
5.修改配置文件,负载均衡
[root@server1 files]# vim haproxy.cfg
6.base文件(高级推送)
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# vim top.sls
base:
'server1':
- haproxy.install
'server2':
- httpd.service
'server3':
- nginx.service
7.测试:
1>关闭服务
[root@server2 ~]# /etc/init.d/httpd stop
[root@server3 ~]# /etc/init.d/nginx stop
2>配置测试页
[root@server2 ~]# cd /var/www/html/
[root@server2 html]# vim index.html
server2
[root@server3 ~]# cd /usr/local/nginx/html/
[root@server3 html]# ls
50x.html index.html
[root@server3 html]# vim index.html
server3
3.执行高级推送
[root@server1 salt]# salt '*' state.highstate
4.网页访问172.25.51.1,不断刷新页面,实现负载均衡