一、自动化安装keepalived
1、配置pillar模块
pillar目录下添加自定义模块,更改top文件
vim /srv/pillar/kp.sls
\\\
{% if grains['fqdn'] == 'server2' %}
state: Master
vrid: 51
pri: 100
{% elif grains['fqdn'] == 'server3' %}
state: BACKUP
vrid: 51
pri: 50
{% endif %}
///
vim /srv/pillar/top.sls
\\\
base:
'*':
- pkgs
- kp
///
2、编写keepalived脚本
mkdir /srv/salt/keepalived
vim /srv/salt/keepalived/init.sls
\\\
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid' ]}}
PRI: {{ pillar['pri'] }}
service.running:
- name: keepalived
- reload: true
- watch:
- file: kp-install
///
3、更改主配文件模板
scp keepalived.conf server1:/srv/salt/keepalived #文件发送给1
vim /srv/salt/keepalived/keepalived.conf
4、highstate脚本
vim /srv/salt/top.sls
///
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
\\\
5、apache模块中,ip的位置需要修改为虚拟ip
vim /srv/salt/apache/init.sls
///
apache:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: apache
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/httpd.conf
- template: jinja
- context:
http_port: {{ pillar['port'] }}
http_host: 172.25.51.100
\\\
6、执行测试
salt '*' saltutil.sync_grains
salt '*' state.highstate
7、访问VIP
echo jiajiren server2 > /var/www/html/index.html #server2中
curl 172.25.51.100
8、测试高可用
ip addr show
停掉server2上的keepalived
systemctl stop keepalived.service
ip addr show
再次访问VIP,发现切换到server3默认发布页面:
echo welcome to nginx! > /var/www/html/index.html #server3上
curl 172.25.51.100
开启server2的keepalived发现还原!!!
二、job管理
- Job缓存默认保存24小时
1、minion传递给master
1.server1、2安装MySQL-python
yum install -y MySQL-python.x86_64
2.server1安装mariadb-server
yum install -y mariadb-server.x86_64
systemctl start mariadb.service
3.初始化、导入数据备份
mysql_secure_installation
mysql -pwestos < test.sql
###
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
###
4.登入数据库,授权用户网络访问
mysql -pwestos
> grant all on salt.* to salt@'%' identified by 'salt';
5.server2 配置minion
vim /etc/salt/minion
systemctl restart salt-minion.service
6.测试
salt server2 my_disk.df
mysql -pwestos
>use salt
>select * from salt_returns\G;
2、master从minion收集
- 被动式:无需配置minion也可以被收集
1.server1配置master
vim /etc/salt/master
systemctl restart salt-master.service
2.授权本地用户
mysql -pwestos
>grant all on salt.* to salt@localhost identified by 'salt';
3.测试
salt '*' my_disk.df --return mysql
mysql -pwestos
>select * from salt_returns\G;
三、Salt-ssh
1.swever1安装salt-ssh
yum install -y salt-ssh
2.更改rosster配置文件
vim /etc/salt/roster
3.测试
systemctl stop salt-minion.service #server3中停掉minion
salt-ssh '*' test.ping #依旧能够测试到
四、Salt-syndic
1.新的server4上安装master和syndic
yum install salt-master.noarch salt-syndic.noarch -y
systemctl start salt-master.service
2.server1端配置master
yum install -y salt-syndic
vim /etc/salt/master
systemctl restart salt-master.service
systemctl start salt-syndic.service
3.注册主机
salt-key -L
salt-key -A
4.测试
salt '*' my_disk.df
五、Salt-api
1.安装salt-api
yum install salt-api.noarch -y
2.编辑认证及调用配置文件
vim /etc/salt/master.d/api.conf
///
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
///
vim /etc/salt/master.d/auth.conf
///
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- 'jobs'
///
3.创建saltapi用户
useradd saltapi
echo westos | passwd --stdin saltapi
4.生成密钥
cd /etc/pki/tls/private/
openssl genrsa 1024 > localhost.key
5.生成认证文件
cd /etc/pki/tls/certs/
make testcert
6.启动服务
systemctl restart salt-master.service
systemctl start salt-api.service
7.获取token认证码
curl -sSk https://172.25.51.1:8000/login \
> -H 'Accept: application/x-yaml' \
> -d username=saltapi \
> -d password=westos \
> -d eauth=pam
8.调用api接口
curl -sSk https://172.25.51.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 36cd19d2b4533ff9056ff0e963e2786e73641340' -d username=saltapi -d password=westos -d client=local -d tgt='*' -d fun=test.ping
9.执行saltapi.py
python saltapi.py