自动化运维工具Saltstack
Saltstack是一个新的基础设施管理工具。saltstack的两大功能:远程执行和配置管理。
Saltstack使用Python开发,是一个非常简单易用和轻量级的管理工具。由Master和Minion构成,通过ZeroMQ进行通信。
Saltstack的master端监听4505与4506端口,4505为salt的消息发布系统,4506为salt客户端与服务端通信的端口;salt客户端程序不监听端口,客户端启动后,会主动连接master端注册,然后一直保持该TCP连接,master通过这条TCP连接对客户端控制,如果连接断开,master对客户端就无能为力了。
安装
官方文档 : http://docs.saltstack.cn/topics/installation/rhel.html
测试环境
master 主机:server1 IP:172.25.21.1
minion 主机:server2 IP:172.25.21.2
master端
配置yum源
vim /etc/yum.repos.d/salt.repo
[salt-latest]
name=SaltStack Latest Release Channel for RHEL/Centos $releasever
baseurl=https://repo.saltstack.com/yum/redhat/6.5/x86_64/2016.11/
enabled=1
gpgchec=0
yum clean all
yum repolist
yum install -y salt-master #安装master端程序
scp /etc/yum.repos.d/salt.repo server2:/etc/yum.repos.d/ #发送yum源到server2
minion端
yum clean all
yum repolist
yum install -y salt-minion #安装minion端程序
安装过程中的报错
1.
Error: Package: yum-utils-1.1.30-30.el6.noarch (saltstack-repo)
Requires: yum >= 3.2.29-56
Installed: yum-3.2.29-40.el6.noarch (@anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5)
yum = 3.2.29-40.el6
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
提示yum版本过低,下载大于3.2.29-56版本的yum即可
yum install -y yum-3.2.29-69.el6.centos.noarch.rpm
2.
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID de57bfbe: NOKEY
Public key for python-futures-3.0.3-1.el6.noarch.rpm is not installed
安装minion时的报错
执行时加上”–nogpgcheck”参数
yum install salt-minion -y --nogpgcheck
配置
minion端更改配置文件
vim /etc/salt/minion
master: server1 #需要解析,在/etc/hosts中添加
master端
/etc/init.d/salt-master start #启动
minion端
/etc/init.d/salt-minion start #启动
netstat -antlp #查看端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 894/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 970/master
tcp 0 0 172.25.21.2:22 172.25.21.250:59317 ESTABLISHED 1359/sshd
tcp 0 0 172.25.21.2:45653 172.25.21.1:4506 ESTABLISHED 2102/python2.6
tcp 0 0 :::22 :::* LISTEN 894/sshd
tcp 0 0 ::1:25 :::* LISTEN 970/master
master端
[root@server1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
Rejected Keys:
[root@server1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 ~]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
minion端
netstat -antlp #查看端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 894/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 970/master
tcp 0 0 172.25.21.2:57201 172.25.21.1:4505 ESTABLISHED 2102/python2.6
tcp 0 0 172.25.21.2:22 172.25.21.250:59317 ESTABLISHED 1359/sshd
tcp 0 0 :::22 :::* LISTEN 894/sshd
tcp 0 0 ::1:25 :::* LISTEN 970/master
SaltStack自动部署LAMP
安装apache
master端
vim /etc/salt/master 更改配置文件
file_roots:
base:
- /srv/salt
mkdir /srv/salt #创建目录
cd /srv/salt
mkdir apache
cd apache/
mkdir files
cd files/
wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.2.34.tar.bz2 #下载apache源码包
在/srv/salt/apache下创建脚本
vim install.sls #配置安装脚本
include:
- pkg.depends
- useradd.www
apache-install:
file.managed:
- name: /mnt/httpd-2.2.34.tar.bz2
- source: salt://apache/files/httpd-2.2.34.tar.bz2
cmd.run:
- name: cd /mnt && tar jxf httpd-2.2.34.tar.bz2 && cd httpd-2.2.34 && ./configure --prefix=/usr/local/apache --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-static-support --disable-userdir && make && make install
- creates: /usr/local/apache
/usr/local/apache/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
/etc/init.d/httpd:
file.managed:
- source: salt://apache/files/httpd
- mode: 755
vim start.sls #配置启动脚本
include:
- apache.install
apache-start:
service.running:
- name: apachectl
- enable: true
- reload: true
- watch:
- file: /usr/local/apache/conf/httpd.conf
- file: /var/www/virthost/index.html
在/srv/salt/pkg下配置安装依赖包脚本
vim install.sls
install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
在/srv/salt/useradd下配置添加用户脚本
www:
group.present:
- gid: 800
user.present:
- uid: 800
- gid: 800
- shell: /sbin/nologin
- home: /usr/local/apache
- createhome: false
在/srv/salt/下添加top.sls脚本
vim top.sls
base:
'server2':
- apache.start
salt 'server2' state.highstate #安装top中的内容,当前为安装apache
files下的文件
httpd #启动脚本
httpd.conf #配置文件
httpd-2.2.34.tar.bz2 #源码包
启动脚本为源码包解压后httpd-2.2.34/build/rpm/httpd.init
其中启动脚本下面需要修改
httpd=${HTTPD-/usr/sbin/httpd}
pidfile=${PIDFILE-/var/log/httpd/${prog}.pid}
lockfile=${LOCKFILE-/var/lock/subsys/${prog}}
修改为
httpd=${HTTPD-/usr/local/apache/bin/httpd}
pidfile=${PIDFILE-/usr/local/apache/logs/${prog}.pid}
lockfile=${LOCKFILE-/var/lock/subsys/${prog}}
mysql安装
在/srv/salt/useradd下添加创建用户脚本
vim mysql.sls
mysql:
group.present:
- gid: 900
user.present:
- uid: 900
- gid: 900
- shell: /sbin/nologin
- home: /usr/local/mysql
- createhome: false
在/srv/salt/pkg下添加安装mysql依赖包脚本
vim mysql.sls #安装mysql依赖包
depends-mysql:
pkg.installe:
- pkgs:
- gcc-c++
- pcre-devel
- openssl-devel
- zlib-devel
- ncurses
- ncurses-devel
- bison
在/srv/salt/mysql下创建脚本
mkdir /srv/salt/mysql
cd /srv/salt/mysql
vim install.sls #安装mysql脚本
include:
- pkg.mysql
- useradd.mysql
cmake-install:
file.managed:
- name: /mnt/cmake-2.8.12.2-4.el6.x86_64.rpm
- source: salt://mysql/files/cmake-2.8.12.2-4.el6.x86_64.rpm
cmd.run:
- name: cd /mnt && yum install -y cmake-2.8.12.2-4.el6.x86_64.rpm
mysql-install:
file.managed:
- name: /mnt/mysql-boost-5.7.17.tar.gz
- source: salt://mysql/files/mysql-boost-5.7.17.tar.gz
cmd.run:
- name: cd /mnt && tar -zxf mysql-boost-5.7.17.tar.gz && cd mysql-5.7.17 && cp -r boost/boost_1_59_0 /usr/local && rm -rf CMakeCache.txt && cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DWITH_BOOST=/usr/local/boost_1_59_0/ -DSYSCONFDIR=/etc -DEFAULT_CHARSET=utf8mb4 -DDEFAULT_COLLATION=utf8mb4_general_ci -DENABLED_LOCAL_INFILE=1 -DEXTRA_CHARSETS=all && make && make install
- creates: /usr/local/mysql
创建初始化脚本
vim initialize.sls
include:
- mysql.install
mysql-initialize:
cmd.run:
- name: chown -R mysql:mysql /usr/local/mysql && sed -i.bak '\/datadir=\/var\/lib\/mysql/i\character_set_server=gbk' /etc/my.cnf && sed -i.bak 'N;2idefault-character-set=gbk' /etc/my.cnf && sed -i.bak 'N;2i[client]' /etc/my.cnf && cd /usr/local/mysql/&& sed -i.bak 's/socket=\/var\/lib\/mysql\/mysql.sock/socket=\/tmp\/mysql.sock/g' /etc/my.cnf && ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data && cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld && ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql && chkconfig --add mysqld
- creates: /usr/local/mysql/data/mysql
创建启动脚本
vim start.sls
include:
- mysql.initialize
mysql-start:
service.running:
- name: mysqld
- enable: True
- reload: true
- require:
- file: /etc/init.d/mysqld
- watch:
- file: /etc/my.cnf
files下的文件
下载mysql-boost-5.7.17.tar.gz 和 cmake-2.8.12.2-4.el6.x86_64.rpm到/srv/saltmysql/files/目录下
更改top.sls
vim top.sls
base:
'server2':
- apache.start
- mysql.start
安装php
创建php安装依赖包脚本
vim pkg/php.sls
depends-php:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
- libxml2-devel.x86_64
- openssl-devel.x86_64
- bzip2-devel.x86_64
- t1lib.x86_64
- libjpeg-turbo-devel.x86_64
- libpng-devel.x86_64
- freetype-devel.x86_64
在/srv/salt/php下创建脚本
mkdir /srv/salt/php
cd /srv/salt/php
vim install.sls #安装脚本
libmcrypt_pkg:
file.managed:
- name: /mnt/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
- source: salt://php/files/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
libmcrypt-devel_pkg:
file.managed:
- name: /mnt/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
- source: salt://php/files/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
include:
- pkg.php
php-install:
file.managed:
- name: /mnt/php-5.6.31.tar.bz2
- source: salt://php/files/php-5.6.31.tar.bz2
cmd.run:
- name: cd /mnt && yum install -y libmcrypt-* && tar xjf php-5.6.31.tar.bz2 && cd php-5.6.31 && ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-sockets --enable-exif --disable-ipv6 && make -j2 && make install
- creates: /usr/local/php
/usr/local/php/etc:
file.directory:
- mode: 755
/usr/local/php/etc/php.ini:
file.managed:
- source: salt://php/files/php.ini
files下的文件
php-5.6.31.tar.bz2
libmcrypt-2.5.7-5.el6.art.x86_64.rpm
libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
php.ini #配置文件
更改top.sls
vim top.sls
base:
'server2':
- apache.start
- mysql.start
- php.install
salt 'server2' state.highstate #自动化安装
可以完整地推送到一台minion机器上