企业入门实战--saltstack的基本部署
一.saltstack的简介
在安装salt之前,先理解salt架构中各个角色,主要区分是salt-master和salt-minion,顾名思义master是中心控制系统,minion是被管理的客户端。
salt架构中的一种就是master > minion。
二.saltstack的简单部署
实验环境:
准备三台全新的虚拟机
server1: salt-master
server2/3:salt-minion
物理机
将saltstack 软件仓库挂载到apache的默认发布目录上
server1
vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=http://172.25.5.250/rhel7.6
gpgcheck=0
[saltstack]
name=saltstack
baseurl=http://172.25.5.250/3000
gpgcheck=0
查看软件仓库是否搭建完成
yum repolist
列出saltstack的安装包
yum list salt-*
server1
yum install - y salt-master.noarch
systemctl enable --now salt-master.service
查看端口
netstat -antlp|grep 4505 4506
server2/3
yum install -y salt-minion
vim /etc/salt/minion
master: 172.25.5.1
systemctl enable --now salt-minion.service
server1
salt-key -L列出
salt-key -A 添加
salt '*' test.ping
salt-key -d server2 删除
salt-key -L列出
salt-key -A 添加
salt ‘*’ test.ping
salt-key -d server2 删除
安装查看进程名称的软件
yum install -y python-setproctitle.x86_64
systemctl restart salt-master.service
ps ax
三.编写远程执行模块
查看磁盘信息
server1
mkdir /srv/salt/_modules -p ##创建模块目录
vim /srv/salt/_modules/mydisk.py ##编写模块文件
同步:
在server2上查看模块同步:
cd /var/cache/
cd salt/
tree minion/
为server2修改apache端口
首先将server2的/etc/httpd/conf/httpd.conf 放到server1下/srv/salt/apache 下 并修改端口为8080
mkdir /srv/salt/apache -p
vim init.sls
apache:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/httpd.conf
service.running:
- name: httpd
- enable: true
- watch:
- file: apache
salt server2 state.sls apache
server3安装nginx
mkdir /srv/salt/nginx/
vim init.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
file.managed:
- name: /mnt/nginx-1.20.1.tar.gz
- source: salt://nginx/nginx-1.20.1.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.20.1.tar.gz && cd nginx-1.20.1 && se -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
编写nginx.service:
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
server2
scp /usr/local/nginx/cong/nginx.conf server1:/srv/salt/nginx
server1
编写nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
}
编写service.sls
include:
- nginx
nginx-user:
user.present:
- name: nginx
- shell: /sbin/nologin
- home: /usr/local/nginx
- createhome: false
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/nginx.conf
nginx-service:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/nginx.service
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
四.grains
通过修改配置文件添加角色
server2
cd /etc/salt
vim minion
grains:
roles: apache
systemctl restart salt-minion.service
server1
salt server2 grains.item roles
修改grains添加角色
server3
cd /etc/salt/
vim grains
roles: nginx
server1
不同角色执行不同策略
cd /srv/salt
vim top.sls
base:
'roles:apache':
- match: grain
- apache
'roles:nginx':
- match: grain
- nginx.service
salt '*' state.highstate
五.pillar
server1
cd srv
mkdir pillar
cd pillar/
vim pkgs.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: nginx
{% endif }
vim top.sls
base:
'*':
- pkgs
六.jinja模板
server3
首先停掉nginx
nginx 和httpd 端口冲突
systemctl stop nginx
server1
cd /srv/pillar
vim pkgs.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
port: 80
{% elif grains['fqdn'] == 'server2' %}
package: httpd
port: 8080
{% endif }
cd /srv/salt/apac
vim init.sls
[root@server1 apache]# cat init.sls
apache:
pkg.installed:
- pkgs:
- {{ pillar['package'] }}
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/httpd.conf
- template: jinja
- context:
http_port: {{ pillar['port'] }}
http_host: {{ grains['ipv4'][-1]}}
vim httpd.conf
Listen {{ http_host}}:{{http_port
执行
salt '*' state.sls apac
httpd.conf中Listen调用的变量 {{ http_host}}:{{http_port}})在init.sls中定义
http_port 中调用的变量{{ pillar[‘port’]}}在 pillar下的pkgs.sls中定义