一、Saltstack 自动化运维工具
什么是saltstack
• Saltstack是基于python开发的一套C/S架构配置管理工具
• 使用SSL证书签方的方式进行认证管理
• 底层使用ZeroMQ消息队列pub/sub方式通信
– 号称世界上最快的消息队列ZeroMQ能快速在成千上万台主机上进行各种操作
– 采用RSA Key方式确认身
主要功能
• Saltstack最主要的两个功能是:配置管理与远程执行
• Saltstack不只是一个配置管理工具,还是一个云计算与数据中心架构编排的利器
• Saltstack已经支持Docker相关模块
• 在友好地支持各大云平台之后,配合Saltstack的Mine实时发现功能可以实现各种云平台业务的自动扩展
SaltStack架构
• SaltStack基于C/S架构
– 服务器端称作Master
– 客户端称作Minion
• 可以实现传统处理方式,即:客户端发送请求给服务器,服务器收到请求后处理请求,再将结果返回
• 也可以使用消息队列中的发布与订阅(pub/sub)服务模式
实验环境:
rhel6.5
server1 salt-master salt-minion haproxy
server2 salt-minion httpd
server3 salt-minion nginx
二、SaltStack 源码编译nginx
1. 安装SaltStack
- 配置yum源
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source baseurl=http://172.25.77.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[salt]
name=saltstack
baseurl=http://172.25.77.250/saltstack/rhel6
enabled=1
gpgcheck=0
- serevr1上安装salt-master minion
yum list salt-*
[root@server1 salt]# yum install -y salt-minion
[root@server1 salt]# vim /etc/salt/minion
修改master
[root@server1 salt]# vim /etc/salt/master //文件里面不能使用Tab,直接用空格键
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 salt]# mkdir /srv/salt
[root@server1 salt]# /etc/init.d/salt-minion start
[root@server1 salt]# /etc/init.d/salt-master start
- server2,server3 安装minion
步骤同serevr1 - 测试公钥
[root@server1 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server1
Proceed? [n/Y] y
Key for minion server1 accepted.
[root@server1 salt]# salt-key -L
Accepted Keys:
server1
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
2.源码编译nginx
- 创建nginx用户
在/srv/salt/下建立users目录,在users目录下编写创建nginx用户的文件nginx.sls
[root@server1 master]# cd /srv/salt/
[root@server1 salt]# mkdir nginx
[root@server1 salt]# mkdir users //存放nginx用户信息
[root@server1 salt]# cd users
[root@server1 users]# cat nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin
- createhome: False
- home: /usr/local/nginx
- 编译nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# ls
files install.sls
[root@server1 nginx]# cat install.sls
nginx_install:
pkg.installed:
- pkgs:
- gcc-c++
- openssl-devel
- pcre-devel
- zlib-devel
file.managed:
- name: /root/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /root/ && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-file-aio --with-threads --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &>/dev/null && make install &>/dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.install
推送给server3 进行编译安装nginx
推送编译安装成功
在server3处
1)将脚本发送到 server1 :/srv/salt/nginx/files/
2)将/usr/local/nginx/conf/nginx.conf 发送到server1 :/srv/salt/nginx/files/
- nginx管理启动脚本
[root@server1 files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf
[root@server1 nginx]# cat service.sls
include:
- nginx.install
nginx-service:
file.managed:
- name: /usr/local/nginx/conf/nginx.conf
- source: salt://nginx/files/nginx.conf
service.running:
- name: nginx
- enable: True
- reload: True
- watch:
- file: nginx-service
推送nginx启动脚本到server3
salt server3 state.sls nginx.service
在server3 端查看nginx 是否开启
[root@server3 init.d]# netstat -antlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5156/nginx
[root@server3 init.d]#
到此nginx的自动编译安装开启完成
**
**
三、部署安装apache && 开启apache服务
**
[root@server1 master]# cd /srv/salt/
[root@server1 salt]# mkdir apache
[root@server1 salt]# cd apache
[root@server1 apache]# vim apache.sls //部署脚本,文件里面不能使用Tab,直接用空格键
[root@server1 apache]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /var/www/html/index.php
- source: salt://apache/files/index.php
- mode: 644
- user: root
- group: root
ap-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[root@server1 apache]# cat service.sls
include:
- apache.install
apache-service:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-service
[root@server1 files]# ls
httpd.conf index.php
[root@server1 files]# cat index.php
<?php
phpinfo()
?>
推送给server2 salt server2 state.sls
四、saltstack多节点推送实现haproxy负载均衡集群
1.在server1上安装haproxy
完善yun源
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source baseurl=http://172.25.77.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[salt]
name=saltstack
baseurl=http://172.25.77.250/saltstack/rhel6
enabled=1
gpgcheck=0
[LoadBalancer]
name=LoadBalancer
baseurl=http://172.25.77.250/rhel6.5/LoadBalancer
gpgcheck=0
[root@server1 haproxy]# vim install.sls //编辑部署haproxy脚本
[root@server1 haproxy]# cat install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
推送进行安装
[root@server1 haproxy]# cd /mnt/
[root@server1 mnt]# ls
haproxy-1.6.11 haproxy-1.6.11.tar.gz
[root@server1 mnt]# cd haproxy-1.6.11
[root@server1 haproxy-1.6.11]# find -name *init*
./examples/haproxy.init
./examples/init.haproxy
[root@server1 haproxy-1.6.11]# cd examples/
[root@server1 examples]# cp haproxy.init /srv/salt/haproxy/files/
[root@server1 examples]# cp content-sw-sample.cfg /srv/salt/haproxy/files/
[root@server1 /]# cd /srv/salt/haproxy/
[root@server1 haproxy]# cd files/
[root@server1 files]# ls
content-sw-sample.cfg haproxy-1.6.11.tar.gz haproxy.init
[root@server1 files]# mv content-sw-sample.cfg haproxy.cfg
在/srv/salt/下建立user目录,在user目录下创建haproxy用户的文件haproxy.sls
[root@server1 salt]# mkdir user
[root@server1 salt]# cd user
[root@server1 user]# vim haproxy.sls
haproxy:
group.present:
- name: haproxy
- gid: 200
user.present:
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: False
在/srv/salt/下建立pkgs目录,在pkgs目录下编写安装依赖包的文件make.sls
[root@server1 salt]# cd pkgs
[root@server1 pkgs]# cat make.sls
make-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
[root@server1 haproxy]# vim install.sls
[root@server1 haproxy]# cat install.sls
include:
- pkgs.make
- user.haproxy
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
[root@server1 files]# vim haproxy.cfg //修改配置文件
63 frontend main *:80
64 default_backend app
65
66 backend app
67 balance roundrobin
68 server app1 172.25.77.2:80 check
69 server app2 172.25.77.3:80 check
[root@server1 haproxy]# vim service.sls
[root@server1 haproxy]# cat service.sls
include:
- haproxy.install
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
/etc/init.d/haproxy:
file.managed:
- source: salt://haproxy/files/haproxy.init
- mode: 755
haproxy-service:
service.running:
- name: haproxy
- enable: True
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
[root@server1 files]# salt server1 state.sls haproxy.service
2.在网页测试:不断刷新页面,实现负载均衡
3.多节点推送
在/srv/salt/目录下编写top.sls文件
[root@server1 salt]# cat top.sls
base:
'server1':
- haproxy.service
'server2':
- apache.service
'server3':
- nginx.service
在salt-master端给salt-minion端推top.sls文件,实现在minion端安装haproxy,apache,nginx