参考文档:“`
http://outofmemory.cn/saltstack/salt
linux就该这么学参考文档
https://www.linuxprobe.com/saltstack-quick.html
saltstack搭建:
集群 date时间同步 解析 hosts优先级高 不适合大集群 dns时和大集群
4506消息接受端口
中途要是改了主机名字
删除 /etc/slat/min xiade wenjian
相互交换了公要 实现了加密连接
注意防火墙 selinux 解析(没有解析无法显示出等待允许的连接)
本地yum源配置
[slat]
name=slat
baseurl=file:///root/rhel6 ##我的安装包再root下
gpgcheck=0
#
server1上
[root@server1 rhel6]# yum install salt-master -y
[root@server1 rhel6]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 rhel6]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
Rejected Keys:
[root@server1 rhel6]# salt-key -A ###允许连接A所有 a允许单个
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 rhel6]# yum install -y lsof
[root@server1 rhel6]# yum install -y tree
#
server2上
同样配置好yum源
[root@server2 ~]# yum install -y salt-minion
[root@server2 ~]# cd /etc/salt/
[root@server2 salt]# vim minion ###添加
17 master: server1 ###使用的某种语言 见到冒号必须要有空格
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
[root@server2 salt]# yum install -y lsof
[root@server2 salt]# yum install -y tree
#### 发布订阅系统
server1
[root@server1 rhel6]# cd /etc/salt/
[root@server1 salt]# vim master ##打开
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 salt]# mkdir /srv/salt 创建目录
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 httpd]# cd /srv/salt/
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim install.sls ##编写
httpd:
pkg.installed
[root@server1 salt]# salt server2 state.sls httpd.install
server2:
ID: httpd
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: httpd
Started: 10:51:57.907310
Duration: 14765.07 ms
Changes:
----------
apr:
----------
new:
1.3.9-5.el6_2
old:
apr-util:
----------
new:
1.3.9-3.el6_0.1
old:
apr-util-ldap:
----------
new:
1.3.9-3.el6_0.1
old:
httpd:
----------
new:
2.2.15-29.el6_4
old:
httpd-tools:
----------
new:
2.2.15-29.el6_4
old:
mailcap:
----------
new:
2.1.31-2.el6
old:
Summary for server2
Succeeded: 1 (changed=1)
Failed: 0
Total states run: 1
Total run time: 14.765 s
[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# vim install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: True
- reload: True
[root@server1 httpd]# salt server2 state.sls httpd.install
httpd:
True
Summary for server2
Succeeded: 2 (changed=1)
Failed: 0
Total states run: 2
Total run time: 422.676 ms
在server2上
[root@server2 salt]# rpm -qa httpd ##查看是否安装
httpd-2.2.15-29.el6_4.x86_64
[root@server2 salt]# /etc/init.d/httpd stop ##关掉服务在server1上执行
Stopping httpd: [ OK ]
[root@server2 salt]# /etc/init.d/httpd status ##服务启动了
httpd (pid 2354) is running…
[root@server2 salt]# chkconfig –list httpd ###自启动成功
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
server1 当文件发生变更时
[root@server1 httpd]# mkdir files
[root@server1 httpd]# cd files/
[root@server1 files]# scp server2:/etc/httpd/conf/httpd.conf .
[root@server1 files]# ls
httpd.conf
[root@server1 files]# vim httpd.conf ###更改server2httpd端口为8080
136 Listen 8080
[root@server1 files]# md5sum httpd.conf ###查看文件的*
b7ca7a0e786418ba7b5ad84efac70265 httpd.conf
[root@server1 httpd]# cd /srv/salt/httpd
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# salt server2 state.sls httpd.install
apache-install:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: apache-install
#
server2上查看端口 httpd 端口更改为8080了
[root@server2 salt]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 890/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 966/master
tcp 0 0 :::8080 :::* LISTEN 2354/httpd
tcp 0 0 :::22 :::* LISTEN 890/sshd
tcp 0 0 ::1:25 :::* LISTEN 966/master
将安装和启动服务分开
server1上
[root@server1 httpd]# vim install.sls ##安装部分
httpd:
pkg.installed
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
[root@server1 httpd]# vim service.sls ##启动部分
include:
- httpd.install
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service ##
server2上
[root@server2 salt]# /etc/init.d/httpd status
httpd is stopped
[root@server2 salt]# /etc/init.d/httpd status ##服务起来了
httpd (pid 2574) is running…
salt安装nginx
server1
[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim master ##去掉#号
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# mkdir nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# mkdir files
[root@server1 nginx]# mv nginx-1.12.0.tar.gz files ##把安装包放到files里面
[root@server1 nginx]# vim install.sls
include:
- pkgs.install
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak ‘s/#define NGINX_VER “nginx\/” NGINX_VERSION/#define NGINX_VER “nginx”/g’ src/core/nginx.h && sed -i.bak ‘s/CFLAGS=”CFLAGS -g"/#CCFLAGS="
CFLAGS -g"/#CCFLAGS="
CFLAGS -g”/g’ auto/cc/gcc && ./configure –prefix=/usr/local/nginx –with-http_ssl_module –with-http_stub_status_module –with-threads –with-file-aio &>/dev/null && make &>/dev/null && make install &>/dev/null
- creates: /usr/local/nginx
命令:修改文件中的某一条
sed -i.bak ‘s/#define NGINX_VER “nginx\/” NGINX_VERSION/#define NGINX_VER “nginx”/g’ nginx.h ##去掉版本号
sed -i.bak ‘s/CFLAGS=”CFLAGS -g"/#CCFLAGS="
CFLAGS -g"/#CCFLAGS="
CFLAGS -g”/g’ auto/cc/gcc
###关掉debug
[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir pkgs
[root@server1 pkgs]# vim install.sls
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
#下午
#
server2上
[root@server2 conf]# scp nginx.conf 172.25.3.1:/srv/salt/nginx/files
[root@server2 init.d]# scp nginx 172.25.3.1:/srv/salt/nginx/files
#
server1
[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# vim service.sls
include: ##包含nginx的安装
- nginx.install
/etc/init.d/nginx: ##启动脚本的权限
file.managed:
- source: salt://nginx/files/nginx
- mode: 755
/usr/local/nginx/conf/nginx.conf: ##推送nginx.conf文件
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service: ##ngixn服务重启 自启动等
service.running:
- name: nginx
- enable: True
- reload: True
- watch: ##监控 ngixn.conf这个文件
- file: /usr/local/nginx/conf/nginx.conf
[root@server1 nginx]# vim install.sls
include:
- pkgs.install
- users.install ##包含调用
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak ‘s/#define NGINX_VER “nginx\/” NGINX_VERSION/#define NGINX_VER “nginx”/g’ src/core/nginx.h && sed -i.bak ‘s/CFLAGS=”CFLAGS -g"/#CCFLAGS="
CFLAGS -g"/#CCFLAGS="
CFLAGS -g”/g’ auto/cc/gcc && ./configure –prefix=/usr/local/nginx –with-http_ssl_module –with-http_stub_status_module –with-threads –with-file-aio &>/dev/null && make &>/dev/null && make install &>/dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# cd /srv/salt/
[root@server1 salt]# mkdir users
[root@server1 salt]# cd users/
[root@server1 users]# vim install.sls
nginx-group: ##新建一个
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin ##禁止nginx用户登陆
[root@server1 salt]# vim top.sls
base:
‘server2’:
- httpd.service
- httpd.service
‘server3’: ##定义不同主机 开启不同服务
- nginx.service
[root@server1 salt]# salt ‘*’ state.highstate
安装haproxy
[root@server1 salt]# mkdir haproxy
[root@server1 salt]# cd haproxy
[root@server1 haproxy]# vim install.sls
把server1当成minion 安装haproxy
[root@server1 haproxy]# yum install -y salt-minion
[root@server1 haproxy]# cd /etc/salt/
[root@server1 salt]# vim minion ##添加
17 master: server1
[root@server1 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server1 daemon: OK
[root@server1 salt]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
server1
Rejected Keys:
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] y
Key for minion server1 accepted
[root@server1 salt]# salt server1 test.ping ##测试一下
server1:
True
配置yum源 安装haproxy要用
[root@server1 salt]# vim /etc/yum.repos.d/rhel-source.repo
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.3.250/rhel6.5/LoadBalancer
gpgcheck=0
[root@server1 salt]# yum repolist
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LoadBalancer | 3.9 kB 00:00
LoadBalancer/primary_db | 7.0 kB 00:00
rhel-source | 3.9 kB 00:00
slat | 2.9 kB 00:00 …
repo id repo name status
LoadBalancer LoadBalancer 4
rhel-source Red Hat Enterprise 3,690
slat slat 29
repolist: 3,723
[root@server1 salt]# cd /srv/salt/haproxy/
[root@server1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- enable: True
- watch:
- file: haproxy-install
[root@server1 haproxy]# mkdir files
[root@server1 haproxy]# yum install -y haproxy
[root@server1 files]# pwd
/srv/salt/haproxy/files
[root@server1 files]# cp /etc/haproxy/haproxy.cfg .
[root@server1 files]# vim haproxy.cfg ##更改
60 #———————————————————————
61 # main frontend which proxys to the backends
62 #———————————————————————
63 frontend main *:80
64 default_backend static
65
66 #———————————————————————
67 # static backend for serving up images, stylesheets and such
68 #———————————————————————
69 backend static
70 balance roundrobin
71 server server2 172.25.3.2:80 check
server server3 172.25.3.3:80 check
[root@server1 haproxy]# salt server1 state.sls haproxy.install
[root@server1 haproxy]# cd /srv/salt/
[root@server1 salt]# vim top.sls ##给不同的主机安装不同的服务
base:
‘server1’:
- haproxy.install
‘server2’:
- httpd.service
‘server3’:
- nginx.service
[root@server1 salt]# salt ‘*’ state.highstate
测试
[root@server2 html]# cd /var/www/html/
[root@server2 html]# vim index.html
22222222
[root@server1 files]# cd /usr/local/nginx/html/
root@server1 html]# vim index.html
11111111
浏览器访问172.25.3.1 会看见3 和2 的默认发布内容
这里注意如果有一台不成功,则检查端口是否匹配
特征筛选
[root@server1 html]# salt server2 grains.item os
server2:
———-
os:
RedHat
[root@server1 html]# salt server2 grains.item ipv4
server2:
———-
ipv4:
- 127.0.0.1
- 172.25.3.2
更改server2的 类型
[root@server2 html]# cd /etc/salt/
[root@server2 salt]# vim minion
120 grains:
121 roles:
122 - httpd
[root@server2 salt]# /etc/init.d/salt-minion restart
server1 上进行筛选
root@server1 html]# salt server2 grains.item fqdn
server2:
———-
fqdn:
server2
[root@server1 html]# salt server2 grains.item roles ##上面填写的时httpd
server2:
———-
roles:
- httpd
[root@server1 html]# salt -G ‘os:Redhat’ test.ping
server1:
True
server2:
True
[root@server1 html]# salt -G ‘roles:httpd’ test.ping
server2:
True
[root@server1 html]# salt server2 saltutil.sync_grains
server2:
当把之前server2里面
[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# vim grains ##注释起来
120 #grains:
121 # roles:
122 # - httpd
[root@server2 salt]# vim grains
[root@server2 salt]# pwd
/etc/salt
roles: nginx
westos: linux
#
server1 上看见的是nginx grants 筛选指定特征
[root@server1 html]# salt server2 grains.item roles
server2:
———-
roles:
nginx
[root@server1 html]# salt server2 grains.item westos
server2:
———-
westos:
linux
server1
[root@server1 html]# cd /srv/salt/
[root@server1 salt]# vim top.sls ###根据不同的特征选取不同的服务安装
base:
‘server1’:
- haproxy.install
‘os:Redhat’:
- httpd.service
‘server3’:
- nginx.service
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# vim top.sls ##更改
base:
‘server1’:
- haproxy.install
‘roles:httpd’:
- match: grain
- httpd.service
‘roles:nginx’:
- match: grain
- nginx.service
‘server3’:
- nginx.service
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
!/usr/bin/env python
def my_grain():
grains = {}
grains[‘hello’] = ‘world’
grains[‘salt’] = ‘saltstack’
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains
server2:
- grains.my_grains
效果
[root@server1 _grains]# salt server2 grains.item salt
server2:
———-
salt:
saltstack
[root@server1 _grains]# cd /etc/salt/
[root@server1 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 salt]# cd /srv/pillar/
[root@server1 pillar]# mkdir web
[root@server1 pillar]# cd web/
[root@server1 web]# vim apache.sls
{% if grains[‘fqdn’] == ‘server2’ %}
apache: httpd
{% elif grains[‘fqdn’] == ‘server1’ %}
apache: nginx
{% endif %}
[root@server1 pillar]# cd /srv/pillar
[root@server1 pillar]# vim top.sls
base:
‘*’:
- web.apache
[root@server1 pillar]# salt server[1,2] saltutil.refresh_pillar
server2:
True
server1:
True
[root@server1 web]# salt server2 pillar.items
server2:
———-
apache:
httpd
[root@server1 web]# salt server2 pillar.item apache
server2:
———-
apache:
httpd
[root@server1 web]# salt server1 pillar.item apache
server1:
———-
apache:
nginx
[root@server1 web]# salt -I ‘apache:httpd’ test.ping
server2:
True
[root@server1 web]# salt -I ‘apache:nginx’ test.ping
server1:
True
[root@server1 web]# salt -S 172.25.3.0/24 test.ping
server2:
True
server1:
True
server2
[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# cd /var/cache/salt/
[root@server2 salt]# tree .
.
-- minion
– grains
|-- accumulator
|-- extmods
|
| |– my_grains.py
| -- my_grains.pyc
– base
|-- files
|
| |– _grains
| | -- my_grains.py
– httpd.conf
| |-- httpd
| | |-- files
| | |
| | |– install.sls
| | -- service.sls
– nginx.conf
| |-- nginx
| | |-- files
| | | |-- nginx
| | | |-- nginx-1.12.0.tar.gz
| | |
| | |– install.sls
| | -- service.sls
– install.sls
| |-- pkgs
| |
| |– top.sls
| -- users
– install.sls
|
|– highstate.cache.p
|– module_refresh
|– pkg_refresh
|– proc
`– sls.p
14 directories, 18 files
#
- template: jinja
- context:
bind: 127.0.0.1
通过saltstack做
用jinjia模板keepalived 做一个高可用
“`