今天来学习一下如何通过编写 Saltstack 状态脚本来实现自动化批量部署Nginx、Redis
能力有限,内容为自身所学认知之文,不敢苟才,希望能够给有兴趣者一丁点帮助启发即可
Redis
我们现在 salt-master 的家目录下创建一个 Redis 目录,用来存放相关文件
mkdir /home/salt/redis/files -pv
创建好之后,根据自己需要将定制的redis的配置文件和注册服务文件放在files目录下
[root@server1 ~]# ll /home/salt/redis/files/
redis.conf
redis-server.service
redis-6.2.6.tar.gz
开始编写sls脚本
vim /home/salt/redis/install.sls
我们这次安装redis的版本为 6.2.6 版本
{% set VERSION = '6.2.6' %}
创建redis存放数据目录、日志目录、配置文件目录
redisdata_dir:
file.directory:
- name: /var/lib/redis
- user: root
- group: root
- makedirs: True
- unless:
- test -e /var/lib/redis
redislog_dir:
file.directory:
- name: /var/log/redis
- user: root
- group: root
- makedirs: True
- require:
- file: redisdata_dir
- unless:
- test -e /var/log/redis
redisconf_dir:
file.directory:
- name: /etc/redis
- user: root
- group: root
- makedirs: True
- require:
- file: redislog_dir
- unless:
- test -e /etc/redis
接着我们将 redis 压缩包分发到每台minion上
PS:redis的工作目录在 /opt/redis-6.2.6/ 下
redis_source:
file.managed:
- name: /opt/redis-{{VERSION}}.tar.gz
- source: salt://redis/files/redis-{{VERSION}}.tar.gz
- require:
- file: redisconf_dir
- unless:
- test -e /opt/redis-{{VERSION}}.tar.gz
然后解压缩
redis_extract:
cmd.run:
- cwd: /opt
- names:
- tar zxf redis- {{VERSION}}.tar.gz
- require:
- file: redis_source
- unless:
- test -e /opt/redis-{{VERSION}}
编译安装redis
redis_complie:
cmd.run:
- cwd: /opt/redis-{{VERSION}}
- names:
- make clean && make > /dev/null && make install > /dev/null
- require:
- cmd: redis_extract
- unless:
- test -e /usr/local/bin/redis-server
下发 Redis 服务配置文件并重新加载服务配置文件
redis_system:
file.managed:
- name: /usr/lib/systemd/system/redis-server.service
- source: salt://redis/files/redis-server.service
- require:
- cmd: redis_complie
- unless:
- test -e /usr/lib/systemd/system/redis-server.service
redis_service_reload:
cmd.run:
- names:
- systemctl daemon-reload
- require:
- file: redis_system
下发 Redis 配置文件
redis_conf:
file.managed:
- name: /etc/redis/redis.conf
- source: salt://redis/files/redis.conf
- require:
- cmd: redis_service_reload
- unless:
- test -e /etc/redis/redis.conf
启动Redis并加入到开机自启动中
redis_enable:
cmd.run:
- names:
- systemctl enable redis-server
- systemctl start redis-server
- unless:
- systemctl status redis-server
编写完之后我们在 master 上执行 salt 命令
salt ip地址 state.sls redis.install
完整脚本如下:
{% set VERSION = '6.2.6' %}
redisdata_dir:
file.directory:
- name: /var/lib/redis
- user: root
- group: root
- makedirs: True
- unless:
- test -e /var/lib/redis
redislog_dir:
file.directory:
- name: /var/log/redis
- user: root
- group: root
- makedirs: True
- require:
- file: redisdata_dir
- unless:
- test -e /var/log/redis
redisconf_dir:
file.directory:
- name: /etc/redis
- user: root
- group: root
- makedirs: True
- require:
- file: redislog_dir
- unless:
- test -e /etc/redis
redis_source:
file.managed:
- name: /opt/redis-{{VERSION}}.tar.gz
- source: salt://redis/files/redis-{{VERSION}}.tar.gz
- require:
- file: redisconf_dir
- unless:
- test -e /opt/redis-{{VERSION}}.tar.gz
redis_extract:
cmd.run:
- cwd: /opt
- names:
- tar zxf redis- {{VERSION}}.tar.gz
- require:
- file: redis_source
- unless:
- test -e /opt/redis-{{VERSION}}
redis_complie:
cmd.run:
- cwd: /opt/redis-{{VERSION}}
- names:
- make clean && make > /dev/null && make install > /dev/null
- require:
- cmd: redis_extract
- unless:
- test -e /usr/local/bin/redis-server
redis_system:
file.managed:
- name: /usr/lib/systemd/system/redis-server.service
- source: salt://redis/files/redis-server.service
- require:
- cmd: redis_complie
- unless:
- test -e /usr/lib/systemd/system/redis-server.service
redis_service_reload:
cmd.run:
- names:
- systemctl daemon-reload
- require:
- file: redis_system
redis_conf:
file.managed:
- name: /etc/redis/redis.conf
- source: salt://redis/files/redis.conf
- require:
- cmd: redis_service_reload
- unless:
- test -e /etc/redis/redis.conf
redis_enable:
cmd.run:
- names:
- systemctl enable redis-server
- systemctl start redis-server
- unless:
- systemctl status redis-server
Nginx
我们在 salt-master 的家目录下创建 Nginx 目录来存放相关脚本文件
mkdir -pv /home/salt/nginx/files
- conf.sls:负责nginx的文件下发 init.sls:saltstack执行sls脚本顺序
- install.sls:负责nginx的安装前准备以及编译安装
- files:存放nginx配置文件以及注册服务文件,比如说nginx.conf、nginx.service
创建好之后,根据自己需要将定制的 Nginx 的配置文件和注册服务文件放在files目录下
编写 init.sls 文件
vim /home/salt/nginx/init.sls
include:
- nginx.install
- nginx.conf
下面开始进行 Nginx 的安装,这里我写了两个脚本,分别对应Nginx的不同安装方式:
1、一个源码编译安装 Nginx
2、一个是 yum 安装 Nginx
源码编译安装Nginx
首先编写安装脚本
vim /home/salt/nginx/install.sls
编译安装Nginx的话我们指定安装版本
{% set VERSION = '1.15.4' %}
创建Nginx工作目录、日志目录
data_dir:
file.directory:
- name: /var/lib/nginx
- user: root
- group: root
- makedirs: True
- unless:
- test -e /var/lib/nginx
log_dir:
file.directory:
- name: /var/log/nginx
- user: root
- group: root
- makedirs: True
- require:
- file: data_dir
- unless:
- test -e /var/log/nginx
下发 Nginx 压缩包到minio,接着进行解压缩
nginx_source:
file.managed:
- name: /opt/nginx-{{VERSION}}.tar.gz
- source: salt://nginx/nginx-{{VERSION}}.tar.gz
- require:
- file: log_dir
- unless:
- test -e /opt/nginx-{{VERSION}}.tar.gz
nginx_extract:
cmd.run:
- cwd: /opt
- names:
- tar zxf nginx- {{VERSION}}.tar.gz
- require:
- file: nginx_source
- unless:
- test -e /opt/nginx-{{VERSION}}
安装编译安装时所需要的工具包
nginx_pkg:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
- zlib-devel
- require:
- file: nginx_extract
编译安装Nginx
指定Nginx的工作目录为:/opt/nginx
nginx_compile:
cmd.run:
- cwd: /opt/nginx-{{version}}
- names:
- ./configure --prefix=/opt/nginx --with-http_stub_status_module --with-file-aio --with-http_ssl_module && make && make install
- require:
- pkg: nginx_pkg
- unless: test -d /opt/nginx
接着编写配置下发脚本
vim /home/salt/nginx/conf.sls
创建Nginx配置文件目录软连接(个人习惯)
nginx_softlink:
cmd.run:
- name: ln -s /opt/nginx/conf/ /etc/nginx
下发Nginx配置文件
nginx_conf:
file.managed:
- name: /etc/nginx/nginx.conf
- source: salt://nginx/files/nginx.conf
- require:
- cmd: nginx_softlink
- unless:
- test -e /etc/nginx/nginx.conf
下发Nginx注册服务文件,并重新加载
nginx_system:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
- require:
- file: nginx_conf
- unless:
- test -e /usr/lib/systemd/system/nginx.service
nginx_systemreload:
cmd.run:
- name:
- systemctl daemon-reload
- require:
- file: nginx_system
Nginx内核参数调优
nginx_kernel:
cmd.run:
- cwd: /etc/sysctl.conf
file.append:
- text:
- #set nginx kernel args
- net.ipv4.tcp_keepalive_time = 30
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_tw_buckets = 15000
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_fin_timeout = 30
- net.core.somaxconn = 65535
- net.core.netdev_max_backlog = 262144
- net.ipv4.tcp_max_orphans = 262144
- net.ipv4.tcp_max_syn_backlog = 262144
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 1
- net.ipv4.tcp_syn_retries = 1
- unless: grep "#set nginx kernel args" /etc/sysctl.conf
cmd.run:
- name: /sbin/sysctl -p
启动 Nginx 并加入到开机自启动中
nginx_start:
cmd.run:
- name:
- systemctl start nginx
- systemctl enable nginx
- require:
- cmd: nginx_systemreload
- unless:
- systemctl status nginx
编写完之后我们在 master 上执行 salt 命令
salt ip地址 state.sls nginx.init
完整脚本如下:
install.sls
{% set VERSION = '1.15.4' %}
data_dir:
file.directory:
- name: /var/lib/nginx
- user: root
- group: root
- makedirs: True
- unless:
- test -e /var/lib/nginx
log_dir:
file.directory:
- name: /var/log/nginx
- user: root
- group: root
- makedirs: True
- require:
- file: data_dir
- unless:
- test -e /var/log/nginx
nginx_source:
file.managed:
- name: /opt/nginx-{{VERSION}}.tar.gz
- source: salt://nginx/nginx-{{VERSION}}.tar.gz
- require:
- file: log_dir
- unless:
- test -e /opt/nginx-{{VERSION}}.tar.gz
nginx_extract:
cmd.run:
- cwd: /opt
- names:
- tar zxf nginx- {{VERSION}}.tar.gz
- require:
- file: nginx_source
- unless:
- test -e /opt/nginx-{{VERSION}}
nginx_pkg:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel
- zlib-devel
- require:
- file: nginx_extract
nginx_compile:
cmd.run:
- cwd: /opt/nginx-{{version}}
- names:
- ./configure --prefix=/opt/nginx --with-http_stub_status_module --with-file-aio --with-http_ssl_module && make && make install
- require:
- pkg: nginx_pkg
- unless: test -d /opt/nginx
conf.sls
nginx_softlink:
cmd.run:
- name: ln -s /opt/nginx/conf/ /etc/nginx
nginx_conf:
file.managed:
- name: /etc/nginx/nginx.conf
- source: salt://nginx/files/nginx.conf
- require:
- cmd: nginx_softlink
- unless:
- test -e /etc/nginx/nginx.conf
nginx_system:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
- require:
- file: nginx_conf
- unless:
- test -e /usr/lib/systemd/system/nginx.service
nginx_systemreload:
cmd.run:
- name:
- systemctl daemon-reload
- require:
- file: nginx_system
nginx_kernel:
cmd.run:
- cwd: /etc/sysctl.conf
file.append:
- text:
- #set nginx kernel args
- net.ipv4.tcp_keepalive_time = 30
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_tw_buckets = 15000
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_fin_timeout = 30
- net.core.somaxconn = 65535
- net.core.netdev_max_backlog = 262144
- net.ipv4.tcp_max_orphans = 262144
- net.ipv4.tcp_max_syn_backlog = 262144
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 1
- net.ipv4.tcp_syn_retries = 1
- unless: grep "#set nginx kernel args" /etc/sysctl.conf
cmd.run:
- name: /sbin/sysctl -p
nginx_start:
cmd.run:
- name:
- systemctl start nginx
- systemctl enable nginx
- require:
- cmd: nginx_systemreload
- unless:
- systemctl status nginx
yum安装Nginx
编写 install.sls
vim /home/salt/nginx/install.sls
update_yum:
cmd.run:
- name: yum update -y
nginx_install:
pkg.installed:
- pkgs:
- epel-release
- nginx
- require:
- cmd: update_yum
- unless:
- systemctl status nginx
编写 conf.sls
vim /home/salt/nginx/conf.sls
yum 安装 Nginx配置目录在 /etc/nginx 下
下发 Nginx 配置文件
nginx_conf:
file.managed:
- name: /etc/nginx/nginx.conf
- source: salt://nginx/files/nginx.conf
- unless:
- test -e /etc/nginx/nginx.conf
Nginx 内核参数调优
nginx_kernel:
cmd.run:
- cwd: /etc/sysctl.conf
file.append:
- text:
- #set nginx kernel args
- net.ipv4.tcp_keepalive_time = 30
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_tw_buckets = 15000
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_fin_timeout = 30
- net.core.somaxconn = 65535
- net.core.netdev_max_backlog = 262144
- net.ipv4.tcp_max_orphans = 262144
- net.ipv4.tcp_max_syn_backlog = 262144
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 1
- net.ipv4.tcp_syn_retries = 1
- unless: grep "#set nginx kernel args" /etc/sysctl.conf
cmd.run:
- name: /sbin/sysctl -p
启动 Nginx 并加入到开机自启动中
nginx_start:
cmd.run:
- name:
- systemctl start nginx
- systemctl enable nginx
- require:
- file: nginx_conf
- unless:
- systemctl status nginx
完整脚本如下:
install.sls
update_yum:
cmd.run:
- name: yum update -y
nginx_install:
pkg.installed:
- pkgs:
- epel-release
- nginx
- require:
- cmd: update_yum
- unless:
- systemctl status nginx
conf.sls
nginx_conf:
file.managed:
- name: /etc/nginx/nginx.conf
- source: salt://nginx/files/nginx.conf
- unless:
- test -e /etc/nginx/nginx.conf
nginx_kernel:
cmd.run:
- cwd: /etc/sysctl.conf
file.append:
- text:
- #set nginx kernel args
- net.ipv4.tcp_keepalive_time = 30
- net.ipv4.ip_local_port_range = 1024 65000
- net.ipv4.tcp_max_tw_buckets = 15000
- net.ipv4.tcp_tw_reuse = 1
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_fin_timeout = 30
- net.core.somaxconn = 65535
- net.core.netdev_max_backlog = 262144
- net.ipv4.tcp_max_orphans = 262144
- net.ipv4.tcp_max_syn_backlog = 262144
- net.ipv4.tcp_timestamps = 0
- net.ipv4.tcp_synack_retries = 1
- net.ipv4.tcp_syn_retries = 1
- unless: grep "#set nginx kernel args" /etc/sysctl.conf
cmd.run:
- name: /sbin/sysctl -p
nginx_start:
cmd.run:
- name:
- systemctl start nginx
- systemctl enable nginx
- require:
- file: nginx_conf
- unless:
- systemctl status nginx