saltstack实现对多Nginx配置同步和重启

简介

Saltstack是基于python开发的一套C/S架构配置管理工具
使用SSL证书签方的方式进行认证管理
底层使用ZeroMQ消息队列pub/sub方式通信
号称世界上最快的消息队列ZeroMQ能快速在成千上万台主机上进行各种操作
采用RSA Key方式确认身

工作机制

Master和Minion都以守护进程的方式运行
Master监听配置文件里定义的ret_port(接收minion请求),和publish_port(发布消息)的端口
当Minion运行时,它会自动连接到配置文件里定义的Master地址ret_port端口进行连接认证
当Master和Minion可以正常通信后,就可以进行各种各样的配置管理工作了

测试环境

主机地址	名称	节点功能
172.16.3.89	Zabbix.qfc	Master ,Minion
172.16.3.90	qfc-ntp	Minion

两台设备已经安装Nginx

安装环境

官方安装指导：https://repo.saltproject.io/#rhel

选择需要centos8（两台都需要安装）

dnf install -y python3

Run the following commands to install the SaltStack repository and key:

sudo rpm --import https://repo.saltproject.io/py3/redhat/8/x86_64/latest/SALTSTACK-GPG-KEY.pub
curl -fsSL https://repo.saltproject.io/py3/redhat/8/x86_64/latest.repo | sudo tee /etc/yum.repos.d/salt.repo

Run

sudo yum clean expire-cache

Install the salt-minion, salt-master, or other Salt components:

sudo yum install salt-master
sudo yum install salt-minion
sudo yum install salt-ssh
sudo yum install salt-syndic
sudo yum install salt-cloud
sudo yum install salt-api

master节点

sudo systemctl restart salt-minion salt-master
systemctl enable --now salt-master salt-minion

minion节点

sudo systemctl restart salt-minion
systemctl enable --now  salt-minion

查看服务是否正常：

netstat -anplt| grep 45

两台防火墙加入端口：

firewall-cmd --permanent --add-port={4505,4506}/tcp
firewall-cmd --reload

修改hosts

vi /etc/hosts 

最下方添加

172.16.3.89  Zabbix.qfc
172.16.3.90  qfc-ntp

修改配置文件
master节点：

[root@Zabbix ~]# egrep -v '^#|^$' /etc/salt/master
file_roots:
  base:
    - /srv/salt
[root@Zabbix ~]# egrep -v '^#|^$' /etc/salt/minion
master: Zabbix.qfc

slave节点：

[root@qfc-ntp ~]# egrep -v '^#|^$' /etc/salt/minion
master: Zabbix.qfc

重启两台全部服务

master节点接受公钥并且查看：

salt-key -A

[root@Zabbix ~]# salt-key -L
Accepted Keys:
Zabbix.qfc
qfc-ntp
Denied Keys:
Unaccepted Keys:
Rejected Keys:

测试是否正常：

[root@Zabbix ~]#  salt '*' test.ping
Zabbix.qfc:
    True
qfc-ntp:
    True

salt-自定义模块

在master端创建目录：

mkdir -p /srv/salt/_modules

新建一个测试脚本：

[root@Zabbix ~]# cat /srv/salt/_modules/my_disk.py 
#! /usr/bin/env python

def df():
        return __salt__['cmd.run']('df -h')

推送脚本：

salt '*' saltutil.sync_modules

查看脚本是否推送成功

[root@Zabbix minion]# cd /var/cache/salt/minion/
[root@Zabbix minion]# tree
.
├── extmods
│   └── modules
│       ├── my_disk.py
├── files
│   └── base
│       └── _modules
│           ├── my_disk.py
│           └── nginx.py
├── module_refresh
└── proc

6 directories, 5 files

测试：

[root@Zabbix minion]# salt '*' my_disk.df     
Zabbix.qfc:
    Filesystem           Size  Used Avail Use% Mounted on
    devtmpfs             1.9G     0  1.9G   0% /dev
    tmpfs                1.9G  320K  1.9G   1% /dev/shm
    tmpfs                1.9G  172M  1.7G  10% /run
    tmpfs                1.9G     0  1.9G   0% /sys/fs/cgroup
    /dev/mapper/cl-root   46G   26G   20G  56% /
    /dev/vda1           1014M  201M  814M  20% /boot
    tmpfs                373M     0  373M   0% /run/user/0
qfc-ntp:
    Filesystem           Size  Used Avail Use% Mounted on
    devtmpfs             3.8G     0  3.8G   0% /dev
    tmpfs                3.8G  100K  3.8G   1% /dev/shm
    tmpfs                3.8G  8.6M  3.8G   1% /run
    tmpfs                3.8G     0  3.8G   0% /sys/fs/cgroup
    /dev/mapper/cl-root   62G   15G   47G  24% /
    /dev/mapper/cl-home   30G  246M   30G   1% /home
    /dev/vda1           1014M  201M  814M  20% /boot
    tmpfs                777M     0  777M   0% /run/user/0

Nginx同步脚本

新建一个nginx相关的salt脚本

cd /srv/salt/_modules 
vi nginx.py

分享一个脚本代码：

# -*- coding: utf-8 -*-
'''
Support for nginx
'''
from __future__ import absolute_import

# Import 3rd-party libs
from salt.ext.six.moves.urllib.request import urlopen as _urlopen  # pylint: disable=no-name-in-module,import-error

# Import salt libs
import salt.utils
import salt.utils.decorators as decorators

import re


# Cache the output of running which('nginx') so this module
# doesn't needlessly walk $PATH looking for the same binary
# for nginx over and over and over for each function herein
@decorators.memoize
def __detect_os():
    #return salt.utils.which('nginx')
   return '/usr/local/tengine/sbin/nginx'   ####可以写死自己的Nginx目录，如果只有一个可以用上面默认which



def __virtual__():
    '''
    Only load the module if nginx is installed
    '''
    if __detect_os():
        return True
    return (False, 'The nginx execution module cannot be loaded: nginx is not installed.')


def version():
    '''
    Return server version from nginx -v

    CLI Example:

    .. code-block:: bash

        salt '*' nginx.version
    '''
    cmd = '{0} -v'.format(__detect_os())
    out = __salt__['cmd.run'](cmd).splitlines()
    ret = out[0].split(': ')
    return ret[-1]


def build_info():
    '''
    Return server and build arguments

    CLI Example:

    .. code-block:: bash

        salt '*' nginx.build_info
    '''
    ret = {'info': []}
    out = __salt__['cmd.run']('{0} -V'.format(__detect_os()))

    for i in out.splitlines():
        if i.startswith('configure argument'):
            ret['build arguments'] = re.findall(r"(?:[^\s]*'.*')|(?:[^\s]+)", i)[2:]
            continue

        ret['info'].append(i)

    return ret


def configtest():
    '''
    test configuration and exit

    CLI Example:

    .. code-block:: bash

        salt '*' nginx.configtest
    '''
    ret = {}

    cmd = '{0} -t'.format(__detect_os())
    out = __salt__['cmd.run_all'](cmd)
  #  print(#######################,out)

    if out['retcode'] != 0:
        ret['comment'] = 'Syntax Error'
        ret['stderr'] = out['stderr']
        ret['result'] = False

        return ret

    ret['comment'] = 'Syntax OK'
    ret['stdout'] = out['stderr']
    ret['result'] = True

    return ret


def signal(signal=None):
    '''
    Signals nginx to start, reload, reopen or stop.

    CLI Example:

    .. code-block:: bash

        salt '*' nginx.signal reload
    '''
    valid_signals = ('start', 'reopen', 'stop', 'quit', 'reload')

    if signal not in valid_signals:
        return

    # Make sure you use the right arguments
    if signal == "start":
        arguments = ''
    else:
        arguments = ' -s {0}'.format(signal)
    cmd = __detect_os() + arguments
    out = __salt__['cmd.run_all'](cmd)

    # A non-zero return code means fail
    if out['retcode'] and out['stderr']:
        ret = out['stderr'].strip()
    # 'nginxctl configtest' returns 'Syntax OK' to stderr
    elif out['stderr']:
        ret = out['stderr'].strip()
    elif out['stdout']:
        ret = out['stdout'].strip()
    # No output for something like: nginxctl graceful
    else:
        ret = 'Command: "{0}" completed successfully!'.format(cmd)
    return ret


def status(url="http://127.0.0.1/status"):
    """
    Return the data from an Nginx status page as a dictionary.
    http://wiki.nginx.org/HttpStubStatusModule

    url
        The URL of the status page. Defaults to 'http://127.0.0.1/status'

    CLI Example:

    .. code-block:: bash

        salt '*' nginx.status
    """
    resp = _urlopen(url)
    status_data = resp.read()
    resp.close()

    lines = status_data.splitlines()
    if not len(lines) == 4:
        return
    # "Active connections: 1 "
    active_connections = lines[0].split()[2]
    # "server accepts handled requests"
    # "  12 12 9 "
    accepted, handled, requests = lines[2].split()
    # "Reading: 0 Writing: 1 Waiting: 0 "
    _, reading, _, writing, _, waiting = lines[3].split()
    return {
        'active connections': int(active_connections),
        'accepted': int(accepted),
        'handled': int(handled),
        'requests': int(requests),
        'reading': int(reading),
        'writing': int(writing),
        'waiting': int(waiting),
    }

立即推动脚本：

salt '*' saltutil.sync_modules

新建目录

mkdir -p  /srv/salt/out/
cd  /srv/salt/out/

把需要的nginx.conf上传改目录，并且创建同步重启脚本：

#!/bin/bash

salt  'qfc-ntp' cmd.run 'cp -f /usr/local/tengine/conf/nginx.conf /usr/local/tengine/conf/nginx.conf_bak'
salt  'qfc-ntp' cp.get_file salt://out/nginx.conf /usr/local/tengine/conf/nginx.conf
salt  'qfc-ntp' cmd.run 'md5sum /usr/local/tengine/conf/nginx.conf'
salt  'qfc-ntp' nginx.configtest
if [ $? -eq 0 ]
  then
   salt  'qfc-ntp'   nginx.signal reload
fi

salt  'Zabbix.qfc' cmd.run 'cp -f /usr/local/tengine/conf/nginx.conf /usr/local/tengine/conf/nginx.conf_bak'
salt  'Zabbix.qfc' cp.get_file salt://nginx/out/nginx.conf /usr/local/tengine/conf/nginx.conf
salt  'Zabbix.qfc' cmd.run 'md5sum /usr/local/tengine/conf/nginx.conf'
salt  'Zabbix.qfc' nginx.configtest
if [ $? -eq 0 ]
  then
   salt  'Zabbix.qfc'   nginx.signal reload
fi

测试

[root@Zabbix out]# sh sync_nginx_conf-new.sh 
qfc-ntp:
qfc-ntp:
    /usr/local/tengine/conf/nginx.conf
qfc-ntp:
    2a960f6d1544e7843132dd06ff6bae4d  /usr/local/tengine/conf/nginx.conf
qfc-ntp:
    ----------
    comment:
        Syntax OK
    result:
        True
    stdout:
        nginx: the configuration file /usr/local/tengine2.3.3/conf/nginx.conf syntax is ok
        nginx: configuration file /usr/local/tengine2.3.3/conf/nginx.conf test is successful
qfc-ntp:
    Command: "/usr/local/tengine/sbin/nginx -s reload" completed successfully!
Zabbix.qfc:
Zabbix.qfc:
Zabbix.qfc:
    2a960f6d1544e7843132dd06ff6bae4d  /usr/local/tengine/conf/nginx.conf
Zabbix.qfc:
    ----------
    comment:
        Syntax OK
    result:
        True
    stdout:
        nginx: the configuration file /usr/local/tengine2.3.3/conf/nginx.conf syntax is ok
        nginx: configuration file /usr/local/tengine2.3.3/conf/nginx.conf test is successful
Zabbix.qfc:
    Command: "/usr/local/tengine/sbin/nginx -s reload" completed successfully!

引用的链接：
https://blog.csdn.net/chaos_oper/article/details/92844881
https://blog.csdn.net/aaaaaab_/article/details/81750299
https://www.cnblogs.com/lianglab/p/14146896.html
https://blog.51cto.com/daemonsa/1427894