1.配置环境:
libsodium-1.0.16-1.el7.x86_64.rpm PyYAML-3.11-1.el7.x86_64.rpm
openpgm-5.2.122-2.el7.x86_64.rpm repodata
python2-libcloud-2.0.0-2.el7.noarch.rpm salt-2018.3.3-1.el7.noarch.rpm
python-cherrypy-5.6.0-2.el7.noarch.rpm salt-api-2018.3.3-1.el7.noarch.rpm
python-crypto-2.6.1-2.el7.x86_64.rpm salt-cloud-2018.3.3-1.el7.noarch.rpm
python-futures-3.0.3-1.el7.noarch.rpm salt-master-2018.3.3-1.el7.noarch.rpm
python-msgpack-0.4.6-1.el7.x86_64.rpm salt-minion-2018.3.3-1.el7.noarch.rpm
python-psutil-2.2.1-1.el7.x86_64.rpm salt-ssh-2018.3.3-1.el7.noarch.rpm
python-tornado-4.2.1-1.el7.x86_64.rpm salt-syndic-2018.3.3-1.el7.noarch.rpm
python-zmq-15.3.0-3.el7.x86_64.rpm zeromq-4.1.4-7.el7.x86_64.rpm
yum install * -y ##安装环境
2.主节点机配置
systemctl start salt-master ##开启服务
3.部署机配置
cd /etc/salt/
vim minion ##设定主机IP
16 master: 172.25.30.1
4.主机链接部署机,并对密钥加密
salt-key -L ##列出所有链接主机
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:
salt-key -A ##设定接受主机为安全
检验主机链接部署机
salt server2 test.ping ##检查是否可以ping通
server2:
True
salt server2 cmd.run hostname ##得到server2的主机名
server2:
server2
salt server2 cmd.run 'df -h' ##查看server2的挂载
对主机公钥进行加密验证:
cd /etc/salt/
cd pki/
cd master/
md5sum master.pub ##对公钥加密验证,此时部署机会生成文件minion_master.pub,公钥验证相同
41e055308856b3415c861650cc981106 master.pub
环境部署完成。
5主机配置推送nginx
cd /etc/salt/
systemctl restart salt-master ##重启服务,公钥生效
mkdir /srv/salt ##创建配置目录。存放文件
cd /srv/salt/
mkdir nginx ##创建nginx服务部署目录
配置nginx安装配置文件
cd nginx/
vim install.sls
vim install.sls 注意格式,内容为源码编译nginx操作
include:
- pkgs.make ##引用salt/pkgs下的文件make
- users.nginx ##引用salt/users下文件nginx
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.2.tar.gz ##/mnt与nginx/files下有nginx压缩包
- source: salt://nginx/files/nginx-1.14.2.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.2.tar.gz && cd nginx-1.14.2 && sed -i.bak 's/define NGINX_VER "nginx\/" NGINX_VERSION/define NGINX_VER "nginx"'/g src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-threads --with-http_ssl_modul