Linux- Saltstack自动化运维（一）

最新推荐文章于 2024-05-17 00:42:45 发布

作罢

最新推荐文章于 2024-05-17 00:42:45 发布

阅读量1.2k

点赞数 2

本文链接：https://blog.csdn.net/qq_41880412/article/details/81118679

版权

Saltstack部署:

一、安装 salt
master （server1）
minion （server2 server3）
1、配置yum源（以master为例）

[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo 
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.11.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[slat]
name=slatstack
baseurl=http://172.25.11.250/pub/rhel6
gpgcheck=0

第三方软件库 salt 配置

##注意：rhel6目录必须全是rpm包！
##createrepo -v /var/www/html/pub/rhel6/
##/var/www/html/pub/rhel6/下会生成repodata文件
[kiosk@foundation120 Desktop]$ ls /var/www/html/pub/rhel6/
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm

2、查看yum源

[root@server1 ~]# yum repolist

3、安装 salt-master（minion端安装salt-minion）

[root@server1 ~]# yum install -y salt-master

二、配置 salt
1、master 端

[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim master
# The address of the interface to bind to:
interface: 172.25.11.1
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]
[root@server1 salt]# netstat -antple
tcp        0      0 172.25.11.1:4505            0.0.0.0:*                   LISTEN      0          60983      15176/salt-master - 
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      0          8307       978/master          
tcp        0      0 172.25.11.1:4506            0.0.0.0:*                   LISTEN      0

4505端口：链接用的，发布订阅
4506端口：请求响应，模式为：zmq（消息队列）
2、minion端（两台主机操作一致）

[root@server2 ~]# cd /etc/salt/
[root@server2 salt]# vim minion
 15 # resolved, then the minion will fail to start.
 16 master: 172.25.11.1
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
###启动ok后，会生成 minion_id文件
##注意：修改 IP 或 hostname 时，必须删除该文件
[root@server2 salt]# ls
cloud           cloud.maps.d       master    minion.d   proxy
cloud.conf.d    cloud.profiles.d   master.d  minion_id  proxy.d
cloud.deploy.d  cloud.providers.d  minion    pki        roster

3、master端
显示minion

[root@server1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:

A：全部添加；a：添加指定主机

[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
server3
Proceed? [n/Y] Y
Key for minion server2 accepted.
Key for minion server3 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:

salt-key : 实质上，是将master和minion的公钥互换
master端：(以master.pub为例)

[root@server1 master]# pwd
/etc/salt/pki/master
[root@server1 master]# md5sum master.pub 
1f814dae65362e35c946df1a283a38ce  master.pub
[root@server1 master]#
minion端：
[root@server2 minion]# md5sum minion_master.pub 
1f814dae65362e35c946df1a283a38ce  minion_master.pub
[root@server2 minion]# pwd
/etc/salt/pki/minion

三、查看salt的相关信息
1、master端查看tree结构
（tree需要下载）

[root@server1 pki]# tree .
.
├── master
│   ├── master.pem
│   ├── master.pub
│   ├── minions
│   │   ├── server2
│   │   ├── server3
│   ├── minions_autosign
│   ├── minions_denied
│   ├── minions_pre
│   └── minions_rejected
└── minion
    ├── minion_master.pub
    ├── minion.pem
    └── minion.pub

7 directories, 9 files
[root@server1 pki]#

2、minion查看tree结构

[root@server2 pki]# tree .
.
├── master
└── minion
    ├── minion_master.pub
    ├── minion.pem
    └── minion.pub

2 directories, 3 files
[root@server2 pki]#

3、查看链接情况

[root@server1 pki]# lsof -i :4505
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 15176 root   16u  IPv4  60983      0t0  TCP server1:4505 (LISTEN)
/usr/bin/ 15176 root   20u  IPv4  61234      0t0  TCP server1:4505->server3:39466 (ESTABLISHED)
/usr/bin/ 15176 root   21u  IPv4  61241      0t0  TCP server1:4505->server2:39279 (ESTABLISHED)
[root@server1 pki]# lsof -i :4506
COMMAND     PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 15182 root   24u  IPv4  60993      0t0  TCP server1:4506 (LISTEN)
[root@server1 pki]#

4、查看python端口进程

[root@server1 pki]# yum install -y python-setproctitle.x86_64
[root@server1 pki]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]
[root@server1 pki]# ps ax
15174 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
15181 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17502 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
17509 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17811 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ProcessManager
17812 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
17813 ?        Sl     0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ZeroMQPubServerChannel
17814 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d EventPublisher
17818 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Maintenance
17819 ?        S      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17820 ?        Sl     0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorkerQueue
17827 ?        R      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-0
17828 ?        R      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-1
17829 ?        R      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-2
17830 ?        R      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-3
17831 ?        R      0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-4
18316 pts/1    R+     0:00 ps ax

5、测试salt服务

[root@server1 pki]# salt '*' test.ping
server2:
    True
server3:
    True

四、配置自动化部署
master端：
1、修改配置文件

[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
  file_roots:
    base:
      - /srv/salt

[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]

2、配置部署脚本

[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# ls
files  install.sls  service.sls
[root@server1 httpd]# vim install.sls 
[root@server1 httpd]# cat install.sls 
apache-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
[root@server1 httpd]#

同样的id，同样的模块，只能调用一次
3、测试、执行脚本

[root@server1 httpd]# salt server2 state.sls httpd.install test=true
server4:
----------
          ID: apache-install
    Function: pkg.installed
      Result: None
     Comment: The following packages would be installed/updated: httpd, php
     Started: 07:24:04.461285
    Duration: 389.172 ms
     Changes:   

Summary for server2
------------
Succeeded: 1 (unchanged=1)
Failed:    0
------------
Total states run:     1
Total run time: 389.172 ms
[root@server1 httpd]#

执行，回传结果


[root@server1 httpd]# salt server2 state.sls httpd.install
server2:
----------
          ID: apache-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed
     Started: 07:47:44.715725
    Duration: 1115.073 ms
     Changes:   

Summary for server2
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time:   1.115 s
[root@server1 httpd]#

4、minion端查看

[root@server2 pki]# rpm -q httpd php
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64
[root@server2 pki]#

五、salt 服务部署
1、apache 服务部署

[root@server1 httpd]# vim service.sls 
[root@server1 httpd]# cat service.sls
apache-service:
  service.running:
    - name: httpd
    - enable: True
[root@server1 httpd]# salt server2 state.sls httpd.service
server2:
----------
          ID: /etc/httpd/conf/httpd.conf
    Function: file.managed
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: 07:55:28.618633
    Duration: 88.664 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: The service httpd is already running
     Started: 07:55:28.711715
    Duration: 24.357 ms
     Changes:   

Summary for server2
------------
Succeeded: 2
Failed:    0
------------
Total states run:     2
Total run time: 113.021 ms
[root@server1 httpd]#

查看server2的httpd状态

[root@server2 pki]# netstat -antple | grep http
tcp        0      0 172.25.11.2:80              0.0.0.0:*                   LISTEN      0          8437       978/httpd           
[root@server2 pki]#

2、更改httpd的默认端口
minion端：

[root@server2~]# cd /etc/httpd/conf
[root@server2 conf]# scp httpd.conf server1:/srv/salt/httpd/files

master端：

[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# mkdir files
[root@server1 httpd]# vim files/httpd.conf  ##修改端口

[root@server1 httpd]# vim service.sls    ##修改脚本
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config

master再次推送

[root@server1 httpd]# salt server2 state.sls httpd.apache
server2:
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf updated
     Started: 11:43:36.819359
    Duration: 63.22 ms
     Changes:   
              ----------
              diff:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service reloaded
     Started: 11:43:36.907022
    Duration: 58.512 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for server2
------------
Succeeded: 3 (changed=2)
Failed:    0
------------

minion端查看:

[root@server2 conf]# netstat -antple | grep http
tcp        0      0 :::8080                     :::*                        LISTEN      0          16263      1684/httpd

4、节偶（安装、管理分开）

[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# ls
files  install.sls  service.sls
[root@server1 httpd]# cat service.sls 
include:
  - httpd.install

/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root

httpd:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: /etc/httpd/conf/httpd.conf

六、salt源码部署nginx
1、配置nginx目录

[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# mkdir files
[root@server1 files]# ls
nginx-1.10.1.tar.gz
[root@server1 files]# cd ..
[root@server1 nginx]# vim install.sls 
nginx-install:
  pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel

  file.managed:
    - name: /opt/nginx-1.10.1.tar.gz
    - source: salt://nginx/files/nginx-1.10.1.tar.gz

  cmd.run:
    - name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
    - creates: /usr/local/nginx

[root@server1 nginx]# salt server3 state.sls nginx.install
Summary for server3
------------
Succeeded: 5 (changed=1)
Failed:    0
------------

minion端：

[root@server3 opt]# cd /usr/local/nginx/
[root@server3 nginx]# ls
conf  html  logs  sbin

2、配置nginx
pkgs：依赖性；（相当于python的模块）
users：创建用户；

[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# ls
httpd  nginx  pkgs  users

pkgs内容

[root@server1 salt]# cat pkgs/make.sls 
make:
  pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel

users内容：

[root@server1 salt]# cat users/nginx.sls 
nginx-group:
  group.present:
    - name: nginx
    - gid: 800

nginx-user:
  user.present:
    - name: nginx
    - shell: /sbin/nologin
    - home: /usr/local/nginx
    - createhome: false
    - uid: 800
    - gid: 800

nginx内容：

[root@server1 salt]# ls nginx/
files  install.sls  server.sls
[root@server1 salt]# ls nginx/files/
nginx  nginx-1.10.1.tar.gz  nginx.conf

nginx启动脚本（物理主机：saltstack）
nginx安装脚本

[root@server1 salt]# cat nginx/install.sls 
include:
  - pkgs.make
  - users.nginx

nginx-install:
  file.managed:
    - name: /opt/nginx-1.10.1.tar.gz
    - source: salt://nginx/files/nginx-1.10.1.tar.gz

  cmd.run:
    - name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
    - creates: /usr/local/nginx

nginx管理脚本:

[root@server1 salt]# cat nginx/server.sls 
include:
  - nginx.install
  - users.nginx

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf

nginx-service:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx
    - mode: 755

  service.running:
    - name: nginx
    - reload: True
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

3、minion测试
master端：修改配置文件，指定用户组：nginx，进程：2

[root@server3 init.d]# ps aux
nobody    1527  0.0  0.1  45652  1800 ?        S    01:21   0:00 nginx: worker process      
nobody    1528  0.0  0.1  45652  1776 ?        S    01:21   0:00 nginx: worker process

七、一键部署haproxy
1、部署多节点（3个节点，master主机安装minion）

[root@server1 salt]# yum install -y salt-minion
[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim minion     ##master指向：本机，172.25.11.1
[root@server1 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server1 daemon: OK
Starting salt-minion:root:server1 daemon: OK

2、配置yum源

[root@server1 salt]# vim /etc/yum.repos.d/rhel-source.repo

[root@server1 salt]# yum list haproxy
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
haproxy.x86_64                        1.4.24-2.el6                        LoadBalancer

3、配置salt

[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] Y
Key for minion server1 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:

4、配置haproxy

[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# mkdir haproxy  ##haproxy配置
[root@server1 salt]# vim haproxy/install.sls
haproxy-install:
  pkg.installed:
    - pkgs:
      - haproxy

[root@server1 haproxy]# salt server1 state.sls haproxy.install  ##安装haproxy
server1:
----------
          ID: haproxy-install
    Function: pkg.installed
      Result: True

Summary for server1
------------
Succeeded: 1
Failed:    0
------------

[root@server1 salt]# cd haproxy/
[root@server1 haproxy]# cp /etc/haproxy/haproxy.cfg .
[root@server1 haproxy]# mkdir files ##haproxy源码
[root@server1 haproxy]# mv haproxy.cfg files/
[root@server1 haproxy]# vim install.sls
haproxy-install:
  pkg.installed:
    - pkgs:
      - haproxy

  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://haproxy/files/haproxy.cfg

  service.running:
    - name: haproxy
    - reload: True
    - watch:
      - file: haproxy-install

[root@server1 haproxy]# vim files/haproxy.cfg   ##haproxy配置文件
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend  main *:80
   # acl url_static       path_beg       -i /static /images /javascript /stylesheets
   # acl url_static       path_end       -i .jpg .gif .png .css .js

   # use_backend static          if url_static
    default_backend             app

backend app
    balance     roundrobin
    server  app1 172.25.11.2:80 check
    server  app2 172.25.11.3:80 check

[root@server1 salt]# vim top.sls    ##注意：httpd端口和默认发布文件
base:
  'server1':
    - haproxy.install
  'server2':
    - httpd.service
  'server3':
    - nginx.server
##高级推送
[root@server1 salt]# salt '*' state.highstate

5、访问 172.25.11.1 （出现轮询ok）
server2：

[root@server2 ~]# cat /var/www/html/index.html
server2

server3：

[root@server3 ~]# cat /usr/local/nginx/html/index.html
server3

轮询测试:

[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]# curl 172.25.11.1
server3
[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]# curl 172.25.11.1
server3
[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]#

作罢

关注

2
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Linux- Saltstack自动化运维（一）

Saltstack部署:一、安装 salt master （server1） minion （server2 server3） 1、配置yum源（以master为例）[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo [rhel-source]name=Red Hat Enterprise Linux $releas...
复制链接

扫一扫