企业入门实战--saltstack的基本部署

一.saltstack的简介

在安装salt之前，先理解salt架构中各个角色，主要区分是salt-master和salt-minion，顾名思义master是中心控制系统，minion是被管理的客户端。

salt架构中的一种就是master > minion。

二.saltstack的简单部署

实验环境：
准备三台全新的虚拟机
server1： salt-master
server2/3：salt-minion

物理机
将saltstack 软件仓库挂载到apache的默认发布目录上

server1

vim /etc/yum.repos.d/dvd.repo



[dvd]
name=dvd
baseurl=http://172.25.5.250/rhel7.6
gpgcheck=0
[saltstack]
name=saltstack
baseurl=http://172.25.5.250/3000
gpgcheck=0

查看软件仓库是否搭建完成

 yum repolist

列出saltstack的安装包

 yum list salt-*
 

server1

yum install - y salt-master.noarch
systemctl enable --now salt-master.service

查看端口

netstat -antlp|grep 4505 4506

server2/3

 yum install -y salt-minion
vim /etc/salt/minion
master: 172.25.5.1
systemctl enable --now salt-minion.service

server1

salt-key -L列出
salt-key -A 添加
 salt '*' test.ping
salt-key -d server2 删除

salt-key -L列出

salt-key -A 添加

salt ‘*’ test.ping

salt-key -d server2 删除

安装查看进程名称的软件

yum install -y python-setproctitle.x86_64
systemctl restart salt-master.service
ps ax

三.编写远程执行模块

查看磁盘信息

server1

mkdir /srv/salt/_modules -p ##创建模块目录
vim /srv/salt/_modules/mydisk.py  ##编写模块文件

同步：


在server2上查看模块同步：

cd /var/cache/
cd salt/
tree minion/

为server2修改apache端口

首先将server2的/etc/httpd/conf/httpd.conf 放到server1下/srv/salt/apache 下 并修改端口为8080

mkdir /srv/salt/apache -p
vim init.sls
apache:
  pkg.installed:
    - pkgs:
      - httpd
      - php
 
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/httpd.conf
 
  service.running:
    - name: httpd
    - enable: true
    - watch:
      - file: apache

salt server2 state.sls apache

server3安装nginx

mkdir /srv/salt/nginx/ 
vim init.sls
nginx-install:
  pkg.installed:
    - pkgs:
      - gcc
      - openssl-devel
      - pcre-devel
 
  file.managed:
    - name: /mnt/nginx-1.20.1.tar.gz
    - source: salt://nginx/nginx-1.20.1.tar.gz
 
  cmd.run:
    - name: cd /mnt && tar zxf nginx-1.20.1.tar.gz && cd nginx-1.20.1 && se -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
    - creates: /usr/local/nginx

编写nginx.service：

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
 
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
 
[Install]
WantedBy=multi-user.target

server2

scp /usr/local/nginx/cong/nginx.conf  server1:/srv/salt/nginx

server1
编写nginx.conf

user  nginx;
worker_processes  auto;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
 
 
events {
    worker_connections  65535;
}

编写service.sls

include:
  - nginx
 
nginx-user:
  user.present:
    - name: nginx
    - shell: /sbin/nologin
    - home: /usr/local/nginx
    - createhome: false
 
/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/nginx.conf
 
nginx-service:
  file.managed:
    - name: /usr/lib/systemd/system/nginx.service
    - source: salt://nginx/nginx.service
  service.running:
    - name: nginx
    - enable: true
    - reload: true
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

四.grains

通过修改配置文件添加角色

server2

cd /etc/salt
vim minion
grains:
 roles: apache
 systemctl restart salt-minion.service

server1

salt server2 grains.item  roles

修改grains添加角色

server3

cd /etc/salt/
vim grains
roles:  nginx

server1

不同角色执行不同策略

cd /srv/salt
vim top.sls

base:
  'roles:apache':
    - match: grain
    - apache
  'roles:nginx':
    - match: grain
    - nginx.service

salt '*' state.highstate

五.pillar

server1

cd srv
mkdir pillar
cd pillar/
vim pkgs.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: nginx
{% endif }

vim top.sls
base: 
  '*':
    - pkgs

六.jinja模板

server3
首先停掉nginx
nginx 和httpd 端口冲突

systemctl stop  nginx

server1

cd /srv/pillar
vim pkgs.sls

{% if grains['fqdn'] == 'server3' %}
package: httpd
port: 80
{% elif grains['fqdn'] == 'server2' %}
package: httpd
port: 8080
{% endif }

cd /srv/salt/apac
vim init.sls
[root@server1 apache]# cat init.sls 
apache:
  pkg.installed:
    - pkgs:
      - {{ pillar['package'] }}
 
 
  service.running:
    - name: httpd
    - enable: true
    - reload: true
    - watch:
      - file: /etc/httpd/conf/httpd.conf
 
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://apache/httpd.conf
    - template: jinja
    - context:
      http_port: {{ pillar['port'] }}
      http_host: {{ grains['ipv4'][-1]}}

vim httpd.conf
Listen {{ http_host}}:{{http_port

执行

salt '*' state.sls apac

httpd.conf中Listen调用的变量 {{ http_host}}:{{http_port}})在init.sls中定义
http_port 中调用的变量{{ pillar[‘port’]}}在 pillar下的pkgs.sls中定义