了解saltstack
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
通过部署SaltStack,我们可以在成千万台服务器上做到批量执行命令,根据不同业务进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。
SaltStack 采用 C/S模式,server端就是salt的master,client端就是minion,minion与master之间通过ZeroMQ消息队列通信.
saltstack实验环境
物理主机:172.25.254.96
server1 172.25.254.1 master
server2 172.25.254.2 minion
server3 172.25.254.3 minion
环境部署
物理主机:将rhel6放到/var/www/html/发布目录中
在server1、server2、server3添加【saltstack】yum源
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.254.96/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[saltstack]
name=saltstack
baseurl=http://172.25.254.96/rhel6
enabled=1
gpgcheck=0
server1部署master
server2和server3部署minion
[root@server1 ~]# yum install salt-master -y
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
534 file_roots:
535 base:
536 - /srv/salt # 打开注释
537
[root@server1 ~]# /etc/init.d/salt-master start
netstat -antlp # 查看端口是否打开
4505端口:用来链接slave,发布订阅
4506端口:请求响应,模式为:zmq(消息队列)
[root@server2 salt]# yum install salt-minion -y
[root@server2 salt]# vim minion ## server3 也需要更改
master: 172.25.254.1
[root@server2 salt]# /etc/init.d/salt-minion start
[root@server1 ~]# salt-key -L
# server2是被拒绝的
交换公钥并检测salt服务
salt-key常用参数
分别在master和minion端查看两者的公钥 :
master:
minion:
测试连通性
[root@server1 ~]# salt server2 test.ping
server2:
True
[root@server1 ~]# salt server2 cmd.run hostname
server2:
server2
[root@server1 ~]# salt server2 cmd.run 'df -h'
server2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 971M 17G 6% /
tmpfs 246M 16K 246M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
配置自动化部署
[一] 安装httpd服务
1、修改master端的配置文件
cd /etc/salt/
vim master
534 file_roots:
535 base:
536 - /srv/salt # 这个目录没有,自己建立
mkdir /srv/salt
/etc/init.d/salt-master restart
2、配置自动化安装httpd的脚本
mkdir /srv/salt
cd /srv/salt/
mkdir apache
cd apache
vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- mode: 644
- user: root
- group: root
3.测试脚本的运行
在server2上查看httpd和php的安装情况
[二]自动重启httpd服务,将httpd的默认端口80改为8080
1、在minion端将httpd服务的配置文件发送给master
[root@server1 master]# cd /srv/salt/
[root@server1 apache]# mkdir files 在/srv/salt/apache中建立目录files,保存配置文件
[root@server2 minion]# scp /etc/httpd/conf/httpd.conf root@172.25.254.1:/srv/salt/apache/files # 将server2的httpd配置文件放在files下
[root@server1 files]# vim httpd.conf # 编辑配置文件,修改httpd服务的端口为8080
2、编辑自动化加载配置文件的脚本
[root@server1 apache]# vim service.sls
include:
- apache.install
apache-service:
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install
3、测试脚本的运行
[root@server1 apache]# salt server2 state.sls apache.service
4、在minino端查看httpd的端口是否改变
[root@server2 minion]# netstat -anplt | grep 8080
tcp 0 0 :::8080 :::* LISTEN 2554/httpd
[三] salt源码编译安装nginx
1、在master端:
mkdir /srv/salt/nginx/files
cd files # 将nginx的源码包放进去
vim /srv/salt/nginx/install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/define NGINX_VER "nginx\/" NGINX_VERSION/define NGINX_VER "nginx"'/g src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-threads --with-http_ssl_module --with-file-aio --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx
2、执行脚本
[root@server1 nginx]# salt server3 state.sls nginx.install
3、在server3中查看是否已经安装nginx
[root@server3 local]# cd /usr/local/nginx/
[root@server3 nginx]# ls
conf html logs sbin
[四] salt自动重新加载nginx的配置文件
1、将所需的配置文件和nginx启动脚本放在files中
[root@server1 nginx]# ls
files install.sls
[root@server1 nginx]# ls
files install.sls service.sls
[root@server1 nginx]# cd files
[root@server1 files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf ## nginx:启动脚本 nginx.conf:配置文件(来源:server3)
2、编辑自动加载nginx配置文件的service.sls
[root@server1 nginx]# vim service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
/etc/init.d/nginx:
file.managed:
- source: salt://nginx/files/nginx
- mode: 755
nginx:
service.running:
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
3、在server3上启动nginx
[root@server3 conf]# /etc/init.d/nginx start
[root@server3 conf]# /etc/init.d/nginx stop
Stopping nginx: [ OK ]
[五].saltstack一键部署负载均衡集群
1.在salt上的master端安装salt-minion,把server1也当作一个minion
2.将server1这个节点也与自身的master节点交换密钥
3、在/srv/salt下创建haproxy目录&&pkgs目录/make
<1> 编辑pkgs/make.sls文件
[root@server1 salt]# mkdir pkgs
[root@server1 salt]# cd pkgs/
[root@server1 pkgs]# vim make.sls
gcc-make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
<2> 将源码包放到files中,编辑install.sls文件
[root@server1 files]# ls
haproxy-1.6.11.tar.gz
[root@server1 haproxy]# vim install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd ..
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
4、测试install.sls文件
[root@server1 salt]# salt server1 state.sls haproxy.install
5、将/mnt/haproxy-1.6.11/examples/content-sw-sample.cfg 和 haproxy.init文件移动到/srv/salt/haproxy/files中,并修改名字或者做软链接
[root@server1 examples]# cp haproxy.init /srv/salt/haproxy/files/ ##启动脚本
[root@server1 examples]# cp content-sw-sample.cfg /srv/salt/haproxy/files/ ##配置文件
[root@server1 examples]# cd /srv/salt/haproxy/files/
[root@server1 files]# mv content-sw-sample.cfg haproxy.cfg ##改名字
[root@server1 files]# ls
haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
6、编辑haproxy.cfg文件
global
maxconn 10000
stats socket /var/run/haproxy.stat mode 600 level admin
log 127.0.0.1 local0
uid 200
gid 200
chroot /var/empty
daemon
# The public 'www' address in the DMZ
defaults
mode http
log global
option httplog
option dontlognull
monitor-uri /monitoruri
maxconn 8000
timeout client 30s
retries 2
option redispatch
timeout connect 5s
timeout server 30s
timeout queue 30s
frontend public
bind *:80 name clear
stats uri /admin/stats
default_backend dynamic
backend dynamic
balance roundrobin
server dynsrv1 172.25.254.2:80 check inter 1000
server dynsrv2 172.25.254.3:80 check inter 1000
7、编辑user/haproxy.sls文件
[root@server1 salt]# mkdir user
[root@server1 user]# vim haproxy.sls
haproxy-group:
group.present:
- name: haproxy
- gid: 200
haproxy-user:
user.present:
- name: haproxy
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: False
7、编辑service.sls文件
include:
- haproxy.install
- user.haproxy
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init ##启动脚本
- mode: 755
service.running:
- name: haproxy
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg ##负载均衡 配置文件
8、测试
[root@server1 haproxy]# salt server1 state.sls haproxy.service
9 编辑server2和server3的发布页面
[root@server2 ~]# vim /var/www/html/index.html
[root@server2 ~]# cat /var/www/html/index.html
<h1>apache!</h1>
[root@server3 html]# vim index.html
[root@server3 html]# cat index.html
<h1>nginx!</h1>
[root@server3 html]# pwd
/usr/local/nginx/html
测试:172.25.254.1
10、多节点推送
[1] 高级推方法
[root@server1 salt]# vim top.sls //脚本名字必须是top.sls
base:
'server1':
- haproxy.install
'server2':
- apache.service
'server3':
- nginx.service
[root@server2 html]# /etc/init.d/httpd stop
浏览器一直会访问server3的页面
[root@server1 files]# salt '*' state.highstate //会调用top.sls脚本实现多节点推送
浏览器访问的是server2和server3页面 # # 浏览器搜索172.25.254.1 , 负载均衡ok!
[2] grains 实现版本
first!第一种修改grains的方式
[root@server2 ~]# vim /etc/salt/minion ## 修改grains配置文件
120 grains:
121 roles:
122 - apache
[root@server2 ~]# /etc/init.d/salt-minion restart
server1端查看roles
second!第二种修改grains的方式(需要刷新)
[root@server3 ~]# vim /etc/salt/grains ## 手动编辑文件,添加nginx
roles:
nginx
[root@server1 salt]# salt server3 saltutil.sync_grains ##刷新
server1端查看roles
[root@server1 salt]# vim top.sls //修改top.sls
base:
'server1':
- haproxy.install
'roles:apache':
- match: grain
- apache.service
'roles:nginx':
- match: grain
- nginx.service
[root@server1 salt]# salt '*' state.highstate
# # 浏览器搜索172.25.254.1 , 负载均衡ok!