saltstack自动化部署平台

最新推荐文章于 2024-05-30 16:53:59 发布

Lucky__Strike

最新推荐文章于 2024-05-30 16:53:59 发布

阅读量1.2k

点赞数

文章标签： saltstack saltstack+负载均衡

本文链接：https://blog.csdn.net/weixin_40658000/article/details/80494361

版权

参考文档：“`
http://outofmemory.cn/saltstack/salt

linux就该这么学参考文档

https://www.linuxprobe.com/saltstack-quick.html


saltstack搭建：

集群 date时间同步解析 hosts优先级高不适合大集群 dns时和大集群

4506消息接受端口

中途要是改了主机名字
删除 /etc/slat/min xiade wenjian
相互交换了公要实现了加密连接

注意防火墙 selinux 解析（没有解析无法显示出等待允许的连接）

本地yum源配置
[slat]
name=slat
baseurl=file:///root/rhel6 ##我的安装包再root下
gpgcheck=0

#

server1上

[root@server1 rhel6]# yum install salt-master -y
[root@server1 rhel6]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server1 rhel6]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server2
Rejected Keys:
[root@server1 rhel6]# salt-key -A ###允许连接A所有 a允许单个
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 rhel6]# yum install -y lsof
[root@server1 rhel6]# yum install -y tree

#

server2上

同样配置好yum源
[root@server2 ~]# yum install -y salt-minion
[root@server2 ~]# cd /etc/salt/
[root@server2 salt]# vim minion ###添加
17 master: server1 ###使用的某种语言见到冒号必须要有空格
[root@server2 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server2 daemon: OK
[root@server2 salt]# yum install -y lsof
[root@server2 salt]# yum install -y tree

#### 发布订阅系统

server1

[root@server1 rhel6]# cd /etc/salt/
[root@server1 salt]# vim master ##打开
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 salt]# mkdir /srv/salt 创建目录
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 httpd]# cd /srv/salt/
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd/
[root@server1 httpd]# vim install.sls ##编写
httpd:
pkg.installed
[root@server1 salt]# salt server2 state.sls httpd.install

server2:

      ID: httpd
Function: pkg.installed
  Result: True
 Comment: The following packages were installed/updated: httpd
 Started: 10:51:57.907310
Duration: 14765.07 ms
 Changes:   
          ----------
          apr:
              ----------
              new:
                  1.3.9-5.el6_2
              old:
          apr-util:
              ----------
              new:
                  1.3.9-3.el6_0.1
              old:
          apr-util-ldap:
              ----------
              new:
                  1.3.9-3.el6_0.1
              old:
          httpd:
              ----------
              new:
                  2.2.15-29.el6_4
              old:
          httpd-tools:
              ----------
              new:
                  2.2.15-29.el6_4
              old:
          mailcap:
              ----------
              new:
                  2.1.31-2.el6
              old:

Summary for server2

Succeeded: 1 (changed=1)

Failed: 0

Total states run: 1
Total run time: 14.765 s

[root@server1 httpd]# pwd
/srv/salt/httpd
[root@server1 httpd]# vim install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: True
- reload: True
[root@server1 httpd]# salt server2 state.sls httpd.install
httpd:
True

Summary for server2

Succeeded: 2 (changed=1)

Failed: 0

Total states run: 2
Total run time: 422.676 ms

在server2上

[root@server2 salt]# rpm -qa httpd ##查看是否安装
httpd-2.2.15-29.el6_4.x86_64
[root@server2 salt]# /etc/init.d/httpd stop ##关掉服务在server1上执行
Stopping httpd: [ OK ]
[root@server2 salt]# /etc/init.d/httpd status ##服务启动了
httpd (pid 2354) is running…
[root@server2 salt]# chkconfig –list httpd ###自启动成功
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

server1 当文件发生变更时

[root@server1 httpd]# mkdir files
[root@server1 httpd]# cd files/
[root@server1 files]# scp server2:/etc/httpd/conf/httpd.conf .
[root@server1 files]# ls
httpd.conf
[root@server1 files]# vim httpd.conf ###更改server2httpd端口为8080
136 Listen 8080
[root@server1 files]# md5sum httpd.conf ###查看文件的*
b7ca7a0e786418ba7b5ad84efac70265 httpd.conf
[root@server1 httpd]# cd /srv/salt/httpd
[root@server1 httpd]# vim install.sls
[root@server1 httpd]# salt server2 state.sls httpd.install
apache-install:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf

/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: apache-install

#

server2上查看端口 httpd 端口更改为8080了

[root@server2 salt]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 890/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 966/master
tcp 0 0 :::8080 :::* LISTEN 2354/httpd
tcp 0 0 :::22 :::* LISTEN 890/sshd
tcp 0 0 ::1:25 :::* LISTEN 966/master

将安装和启动服务分开

server1上

[root@server1 httpd]# vim install.sls ##安装部分
httpd:
pkg.installed

/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf

[root@server1 httpd]# vim service.sls ##启动部分
include:
- httpd.install

apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service ##

server2上

[root@server2 salt]# /etc/init.d/httpd status
httpd is stopped
[root@server2 salt]# /etc/init.d/httpd status ##服务起来了
httpd (pid 2574) is running…

salt安装nginx

server1

[root@server1 salt]# cd /etc/salt/
[root@server1 salt]# vim master ##去掉#号
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# mkdir nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# mkdir files
[root@server1 nginx]# mv nginx-1.12.0.tar.gz files ##把安装包放到files里面
[root@server1 nginx]# vim install.sls
include:
- pkgs.install

nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz

cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak ‘s/#define NGINX_VER “nginx\/” NGINX_VERSION/#define NGINX_VER “nginx”/g’ src/core/nginx.h && sed -i.bak ‘s/CFLAGS=” $CFLAGS -g"/#CCFLAGS="$ CFLAGS -g”/g’ auto/cc/gcc && ./configure –prefix=/usr/local/nginx –with-http_ssl_module –with-http_stub_status_module –with-threads –with-file-aio &>/dev/null && make &>/dev/null && make install &>/dev/null
- creates: /usr/local/nginx

命令：修改文件中的某一条

sed -i.bak ‘s/#define NGINX_VER “nginx\/” NGINX_VERSION/#define NGINX_VER “nginx”/g’ nginx.h ##去掉版本号
sed -i.bak ‘s/CFLAGS=” $CFLAGS -g"/#CCFLAGS="$ CFLAGS -g”/g’ auto/cc/gcc
###关掉debug

[root@server1 salt]# cd /srv/salt
[root@server1 salt]# mkdir pkgs
[root@server1 pkgs]# vim install.sls
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel

#下午

#

server2上

[root@server2 conf]# scp nginx.conf 172.25.3.1:/srv/salt/nginx/files
[root@server2 init.d]# scp nginx 172.25.3.1:/srv/salt/nginx/files

#

server1

[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# vim service.sls
include: ##包含nginx的安装
- nginx.install

/etc/init.d/nginx: ##启动脚本的权限
file.managed:
- source: salt://nginx/files/nginx
- mode: 755

/usr/local/nginx/conf/nginx.conf: ##推送nginx.conf文件
file.managed:
- source: salt://nginx/files/nginx.conf

nginx-service: ##ngixn服务重启自启动等
service.running:
- name: nginx
- enable: True
- reload: True
- watch: ##监控 ngixn.conf这个文件
- file: /usr/local/nginx/conf/nginx.conf

[root@server1 nginx]# vim install.sls
include:
- pkgs.install
- users.install ##包含调用
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz

[root@server1 nginx]# cd /srv/salt/
[root@server1 salt]# mkdir users
[root@server1 salt]# cd users/
[root@server1 users]# vim install.sls
nginx-group: ##新建一个
group.present:
- name: nginx
- gid: 800

nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin ##禁止nginx用户登陆

[root@server1 salt]# vim top.sls
base:
‘server2’:
- httpd.service
- httpd.service

‘server3’: ##定义不同主机开启不同服务

- nginx.service

[root@server1 salt]# salt ‘*’ state.highstate

安装haproxy

[root@server1 salt]# mkdir haproxy
[root@server1 salt]# cd haproxy
[root@server1 haproxy]# vim install.sls

把server1当成minion 安装haproxy

[root@server1 haproxy]# yum install -y salt-minion
[root@server1 haproxy]# cd /etc/salt/
[root@server1 salt]# vim minion ##添加
17 master: server1
[root@server1 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server1 daemon: OK
[root@server1 salt]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
server1
Rejected Keys:
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] y
Key for minion server1 accepted
[root@server1 salt]# salt server1 test.ping ##测试一下
server1:
True

配置yum源安装haproxy要用

[root@server1 salt]# vim /etc/yum.repos.d/rhel-source.repo
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.3.250/rhel6.5/LoadBalancer
gpgcheck=0
[root@server1 salt]# yum repolist
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LoadBalancer | 3.9 kB 00:00
LoadBalancer/primary_db | 7.0 kB 00:00
rhel-source | 3.9 kB 00:00
slat | 2.9 kB 00:00 …
repo id repo name status
LoadBalancer LoadBalancer 4
rhel-source Red Hat Enterprise 3,690
slat slat 29
repolist: 3,723
[root@server1 salt]# cd /srv/salt/haproxy/
[root@server1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- enable: True
- watch:
- file: haproxy-install

[root@server1 haproxy]# mkdir files
[root@server1 haproxy]# yum install -y haproxy
[root@server1 files]# pwd
/srv/salt/haproxy/files
[root@server1 files]# cp /etc/haproxy/haproxy.cfg .
[root@server1 files]# vim haproxy.cfg ##更改
60 #———————————————————————
61 # main frontend which proxys to the backends
62 #———————————————————————
63 frontend main *:80
64 default_backend static
65
66 #———————————————————————
67 # static backend for serving up images, stylesheets and such
68 #———————————————————————
69 backend static
70 balance roundrobin
71 server server2 172.25.3.2:80 check
server server3 172.25.3.3:80 check

[root@server1 haproxy]# salt server1 state.sls haproxy.install

[root@server1 haproxy]# cd /srv/salt/
[root@server1 salt]# vim top.sls ##给不同的主机安装不同的服务
base:
‘server1’:
- haproxy.install
‘server2’:
- httpd.service

‘server3’:

- nginx.service

[root@server1 salt]# salt ‘*’ state.highstate

测试

[root@server2 html]# cd /var/www/html/
[root@server2 html]# vim index.html
22222222
[root@server1 files]# cd /usr/local/nginx/html/
root@server1 html]# vim index.html
11111111

浏览器访问172.25.3.1 会看见3 和2 的默认发布内容

这里注意如果有一台不成功，则检查端口是否匹配

特征筛选

[root@server1 html]# salt server2 grains.item os
server2:
———-
os:
RedHat
[root@server1 html]# salt server2 grains.item ipv4
server2:
———-
ipv4:
- 127.0.0.1
- 172.25.3.2

更改server2的类型

[root@server2 html]# cd /etc/salt/
[root@server2 salt]# vim minion
120 grains:
121 roles:
122 - httpd
[root@server2 salt]# /etc/init.d/salt-minion restart

server1 上进行筛选

root@server1 html]# salt server2 grains.item fqdn
server2:
———-
fqdn:
server2
[root@server1 html]# salt server2 grains.item roles ##上面填写的时httpd
server2:
———-
roles:
- httpd
[root@server1 html]# salt -G ‘os:Redhat’ test.ping
server1:
True
server2:
True
[root@server1 html]# salt -G ‘roles:httpd’ test.ping
server2:
True
[root@server1 html]# salt server2 saltutil.sync_grains
server2:

当把之前server2里面

[root@server2 salt]# pwd
/etc/salt
[root@server2 salt]# vim grains ##注释起来
120 #grains:
121 # roles:
122 # - httpd
[root@server2 salt]# vim grains
[root@server2 salt]# pwd
/etc/salt
roles: nginx
westos: linux

#

server1 上看见的是nginx grants 筛选指定特征

[root@server1 html]# salt server2 grains.item roles
server2:
———-
roles:
nginx
[root@server1 html]# salt server2 grains.item westos
server2:
———-
westos:
linux

server1

[root@server1 html]# cd /srv/salt/
[root@server1 salt]# vim top.sls ###根据不同的特征选取不同的服务安装
base:
‘server1’:
- haproxy.install
‘os:Redhat’:
- httpd.service

‘server3’:

- nginx.service

[root@server1 salt]# pwd
/srv/salt

[root@server1 salt]# vim top.sls ##更改
base:
‘server1’:
- haproxy.install
‘roles:httpd’:
- match: grain
- httpd.service
‘roles:nginx’:
- match: grain
- nginx.service

‘server3’:

- nginx.service

[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py

!/usr/bin/env python

def my_grain():
grains = {}
grains[‘hello’] = ‘world’
grains[‘salt’] = ‘saltstack’
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains
server2:
- grains.my_grains

效果

[root@server1 _grains]# salt server2 grains.item salt
server2:
———-
salt:
saltstack

[root@server1 _grains]# cd /etc/salt/
[root@server1 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 salt]# cd /srv/pillar/
[root@server1 pillar]# mkdir web
[root@server1 pillar]# cd web/
[root@server1 web]# vim apache.sls
{% if grains[‘fqdn’] == ‘server2’ %}
apache: httpd
{% elif grains[‘fqdn’] == ‘server1’ %}
apache: nginx
{% endif %}

[root@server1 pillar]# cd /srv/pillar
[root@server1 pillar]# vim top.sls
base:
‘*’:
- web.apache
[root@server1 pillar]# salt server[1,2] saltutil.refresh_pillar
server2:
True
server1:
True
[root@server1 web]# salt server2 pillar.items
server2:
———-
apache:
httpd
[root@server1 web]# salt server2 pillar.item apache
server2:
———-
apache:
httpd
[root@server1 web]# salt server1 pillar.item apache
server1:
———-
apache:
nginx
[root@server1 web]# salt -I ‘apache:httpd’ test.ping
server2:
True
[root@server1 web]# salt -I ‘apache:nginx’ test.ping
server1:
True
[root@server1 web]# salt -S 172.25.3.0/24 test.ping
server2:
True
server1:
True

server2

14 directories, 18 files

#

template: jinja
context:
bind: 127.0.0.1

通过saltstack做

用jinjia模板keepalived 做一个高可用

“`

Lucky__Strike

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
saltstack自动化部署平台

参考文档：“` http://outofmemory.cn/saltstack/saltsaltstack搭建：集群 date时间同步解析 hosts优先级高不适合大集群 dns时和大集群4506消息接受端口中途要是改了主机名字删除 /etc/slat/min xiade wenjian 相互交换了公要实现了加密连接注意防火墙 selinu...
复制链接

扫一扫