Saltstack部署:
一、安装 salt
master (server1)
minion (server2 server3)
1、配置yum源(以master为例)
[root@server1 ~]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.11.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[slat]
name=slatstack
baseurl=http://172.25.11.250/pub/rhel6
gpgcheck=0
第三方软件库 salt 配置
##注意:rhel6目录必须全是rpm包!
##createrepo -v /var/www/html/pub/rhel6/
##/var/www/html/pub/rhel6/下会生成repodata文件
[kiosk@foundation120 Desktop]$ ls /var/www/html/pub/rhel6/
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm
2、查看yum源
[root@server1 ~]# yum repolist
3、安装 salt-master(minion端安装salt-minion)
[root@server1 ~]# yum install -y salt-master
二、配置 salt
1、master 端
[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim master
# The address of the interface to bind to:
interface: 172.25.11.1
[root@server1 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 salt]# netstat -antple
tcp 0 0 172.25.11.1:4505 0.0.0.0:* LISTEN 0 60983 15176/salt-master -
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 8307 978/master
tcp 0 0 172.25.11.1:4506 0.0.0.0:* LISTEN 0
4505端口:链接用的,发布订阅
4506端口:请求响应,模式为:zmq(消息队列)
2、minion端(两台主机操作一致)
[root@server2 ~]# cd /etc/salt/
[root@server2 salt]# vim minion
15 # resolved, then the minion will fail to start.
16 master: 172.25.11.1
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
###启动ok后,会生成 minion_id文件
##注意:修改 IP 或 hostname 时,必须删除该文件
[root@server2 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
3、master端
显示minion
[root@server1 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
server3
Rejected Keys:
A:全部添加;a:添加指定主机
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
server3
Proceed? [n/Y] Y
Key for minion server2 accepted.
Key for minion server3 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
salt-key : 实质上,是将master和minion的公钥互换
master端:(以master.pub为例)
[root@server1 master]# pwd
/etc/salt/pki/master
[root@server1 master]# md5sum master.pub
1f814dae65362e35c946df1a283a38ce master.pub
[root@server1 master]#
minion端:
[root@server2 minion]# md5sum minion_master.pub
1f814dae65362e35c946df1a283a38ce minion_master.pub
[root@server2 minion]# pwd
/etc/salt/pki/minion
三、查看salt的相关信息
1、master端查看tree结构
(tree需要下载)
[root@server1 pki]# tree .
.
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ │ ├── server2
│ │ ├── server3
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
7 directories, 9 files
[root@server1 pki]#
2、minion查看tree结构
[root@server2 pki]# tree .
.
├── master
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
2 directories, 3 files
[root@server2 pki]#
3、查看链接情况
[root@server1 pki]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 15176 root 16u IPv4 60983 0t0 TCP server1:4505 (LISTEN)
/usr/bin/ 15176 root 20u IPv4 61234 0t0 TCP server1:4505->server3:39466 (ESTABLISHED)
/usr/bin/ 15176 root 21u IPv4 61241 0t0 TCP server1:4505->server2:39279 (ESTABLISHED)
[root@server1 pki]# lsof -i :4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/bin/ 15182 root 24u IPv4 60993 0t0 TCP server1:4506 (LISTEN)
[root@server1 pki]#
4、查看python端口进程
[root@server1 pki]# yum install -y python-setproctitle.x86_64
[root@server1 pki]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 pki]# ps ax
15174 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
15181 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17502 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
17509 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17811 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ProcessManager
17812 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MultiprocessingLoggingQueu
17813 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ZeroMQPubServerChannel
17814 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d EventPublisher
17818 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Maintenance
17819 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_ProcessManager
17820 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorkerQueue
17827 ? R 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-0
17828 ? R 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-1
17829 ? R 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-2
17830 ? R 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-3
17831 ? R 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-4
18316 pts/1 R+ 0:00 ps ax
5、测试salt服务
[root@server1 pki]# salt '*' test.ping
server2:
True
server3:
True
四、配置自动化部署
master端:
1、修改配置文件
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim master
file_roots:
base:
- /srv/salt
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
2、配置部署脚本
[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# ls
files install.sls service.sls
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
[root@server1 httpd]#
同样的id,同样的模块,只能调用一次
3、测试、执行脚本
[root@server1 httpd]# salt server2 state.sls httpd.install test=true
server4:
----------
ID: apache-install
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: httpd, php
Started: 07:24:04.461285
Duration: 389.172 ms
Changes:
Summary for server2
------------
Succeeded: 1 (unchanged=1)
Failed: 0
------------
Total states run: 1
Total run time: 389.172 ms
[root@server1 httpd]#
执行,回传结果
[root@server1 httpd]# salt server2 state.sls httpd.install
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 07:47:44.715725
Duration: 1115.073 ms
Changes:
Summary for server2
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
Total run time: 1.115 s
[root@server1 httpd]#
4、minion端查看
[root@server2 pki]# rpm -q httpd php
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64
[root@server2 pki]#
五、salt 服务部署
1、apache 服务部署
[root@server1 httpd]# vim service.sls
[root@server1 httpd]# cat service.sls
apache-service:
service.running:
- name: httpd
- enable: True
[root@server1 httpd]# salt server2 state.sls httpd.service
server2:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 07:55:28.618633
Duration: 88.664 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 07:55:28.711715
Duration: 24.357 ms
Changes:
Summary for server2
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 113.021 ms
[root@server1 httpd]#
查看server2的httpd状态
[root@server2 pki]# netstat -antple | grep http
tcp 0 0 172.25.11.2:80 0.0.0.0:* LISTEN 0 8437 978/httpd
[root@server2 pki]#
2、更改httpd的默认端口
minion端:
[root@server2~]# cd /etc/httpd/conf
[root@server2 conf]# scp httpd.conf server1:/srv/salt/httpd/files
master端:
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# mkdir files
[root@server1 httpd]# vim files/httpd.conf ##修改端口
[root@server1 httpd]# vim service.sls ##修改脚本
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
master再次推送
[root@server1 httpd]# salt server2 state.sls httpd.apache
server2:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 11:43:36.819359
Duration: 63.22 ms
Changes:
----------
diff:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 11:43:36.907022
Duration: 58.512 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
minion端查看:
[root@server2 conf]# netstat -antple | grep http
tcp 0 0 :::8080 :::* LISTEN 0 16263 1684/httpd
4、节偶(安装、管理分开)
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# ls
files install.sls service.sls
[root@server1 httpd]# cat service.sls
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
httpd:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
六、salt源码部署nginx
1、配置nginx目录
[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# mkdir files
[root@server1 files]# ls
nginx-1.10.1.tar.gz
[root@server1 files]# cd ..
[root@server1 nginx]# vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /opt/nginx-1.10.1.tar.gz
- source: salt://nginx/files/nginx-1.10.1.tar.gz
cmd.run:
- name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.install
Summary for server3
------------
Succeeded: 5 (changed=1)
Failed: 0
------------
minion端:
[root@server3 opt]# cd /usr/local/nginx/
[root@server3 nginx]# ls
conf html logs sbin
2、配置nginx
pkgs:依赖性;(相当于python的模块)
users:创建用户;
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# ls
httpd nginx pkgs users
pkgs内容
[root@server1 salt]# cat pkgs/make.sls
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
users内容:
[root@server1 salt]# cat users/nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- shell: /sbin/nologin
- home: /usr/local/nginx
- createhome: false
- uid: 800
- gid: 800
nginx内容:
[root@server1 salt]# ls nginx/
files install.sls server.sls
[root@server1 salt]# ls nginx/files/
nginx nginx-1.10.1.tar.gz nginx.conf
nginx启动脚本(物理主机:saltstack)
nginx安装脚本
[root@server1 salt]# cat nginx/install.sls
include:
- pkgs.make
- users.nginx
nginx-install:
file.managed:
- name: /opt/nginx-1.10.1.tar.gz
- source: salt://nginx/files/nginx-1.10.1.tar.gz
cmd.run:
- name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
- creates: /usr/local/nginx
nginx管理脚本:
[root@server1 salt]# cat nginx/server.sls
include:
- nginx.install
- users.nginx
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
3、minion测试
master端:修改配置文件,指定用户组:nginx,进程:2
[root@server3 init.d]# ps aux
nobody 1527 0.0 0.1 45652 1800 ? S 01:21 0:00 nginx: worker process
nobody 1528 0.0 0.1 45652 1776 ? S 01:21 0:00 nginx: worker process
七、一键部署haproxy
1、部署多节点(3个节点,master主机安装minion)
[root@server1 salt]# yum install -y salt-minion
[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim minion ##master指向:本机,172.25.11.1
[root@server1 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server1 daemon: OK
Starting salt-minion:root:server1 daemon: OK
2、配置yum源
[root@server1 salt]# vim /etc/yum.repos.d/rhel-source.repo
[root@server1 salt]# yum list haproxy
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
haproxy.x86_64 1.4.24-2.el6 LoadBalancer
3、配置salt
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] Y
Key for minion server1 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
4、配置haproxy
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# mkdir haproxy ##haproxy配置
[root@server1 salt]# vim haproxy/install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
[root@server1 haproxy]# salt server1 state.sls haproxy.install ##安装haproxy
server1:
----------
ID: haproxy-install
Function: pkg.installed
Result: True
Summary for server1
------------
Succeeded: 1
Failed: 0
------------
[root@server1 salt]# cd haproxy/
[root@server1 haproxy]# cp /etc/haproxy/haproxy.cfg .
[root@server1 haproxy]# mkdir files ##haproxy源码
[root@server1 haproxy]# mv haproxy.cfg files/
[root@server1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
[root@server1 haproxy]# vim files/haproxy.cfg ##haproxy配置文件
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:80
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
default_backend app
backend app
balance roundrobin
server app1 172.25.11.2:80 check
server app2 172.25.11.3:80 check
[root@server1 salt]# vim top.sls ##注意:httpd端口和默认发布文件
base:
'server1':
- haproxy.install
'server2':
- httpd.service
'server3':
- nginx.server
##高级推送
[root@server1 salt]# salt '*' state.highstate
5、访问 172.25.11.1 (出现轮询ok)
server2:
[root@server2 ~]# cat /var/www/html/index.html
server2
server3:
[root@server3 ~]# cat /usr/local/nginx/html/index.html
server3
轮询测试:
[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]# curl 172.25.11.1
server3
[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]# curl 172.25.11.1
server3
[root@server1 httpd]# curl 172.25.11.1
server2
[root@server1 httpd]#