使用saltstack编译安装lnmp环境
思路
- master端安装saltstack环境,推送salt-minion到各minion端
- 在saltstack的base目录下创建目录,将lnmp所需依赖包放到对应目录中
- 为了在后续使用中更方便,将lnmp的搭建过程写成脚本,放入对应目录中,后续minion端执行安装脚本即可
- 编写sls文件并执行
环境
终端 | 地址 | 系统 | selinux | firewalld | master文件路径 | minion文件路径 |
---|
master | 192.168.10.36 | centos7 | disable | off | /etc/salt/master | /etc/salt/minion |
minion | 192.168.10.54 | centos7 | disable | off | /etc/salt/master | /etc/salt/minion |
master安装saltstack
下载安装包并安装saltstack
[root@master ~]# rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@master ~]# yum -y install salt salt-cloud salt-master salt-minion salt-ssh salt-syndic
启动saltstack服务端和客户端,并设置开机自启动
[root@master ~]# systemctl enable salt-master && systemctl start salt-master && echo $?
[root@master ~]# systemctl enable salt-minion && systemctl start salt-minion && echo $?
master推送salt-minion到minion端
设置saltstack的根目录(grep用法:筛选文件中以" file_roots"开头的行以及其后两行)
[root@master ~]# cat /etc/salt/master|grep "^ file_roots" -A 2
file_roots:
base:
- /srv/salt/base
推送salt-minion所需文件的结构
[root@master ~]# cd /srv/salt/base/
[root@master base]# tree
.
└── salt-minion
├── files
│ └── minion
├── minion.sls
├── repo
│ └── salt-latest.repo
└── repo.sls
3 directories, 4 files
将salt-minion安装repo源,验证key以及配置文件复制到相应目录中,以便一起推送到minion端,从而顺利完成安装,且无需手动到minion端再修改配置文件
[root@master base]# cp /etc/salt/minion salt-minion/files/
[root@master base]# cp /etc/yum.repos.d/salt-latest.repo salt-minion/repo/
[root@master base]# cp /etc/pki/rpm-gpg/saltstack-signing-key salt-minion/repo/
修改minion配置文件,指明id;此处使用了变量,该变量在后面的sls文件中进行定义,主要是为了在不手动修改的情况下使配置文件中的id随minion端的ip一致(默认是hostname)
[root@master base]# sed -i '/^#id:/a id: {{ ID }}' salt-minion/files/minion
[root@master base]# sed -n '/^id/p' salt-minion/files/minion
id: {{ ID }}
配置sls文件,告知minion端:安装salt-minion服务,指定使用的配置文件路径以及开启salt-minion服务
[root@master base]# vim salt-minion/minion.sls
#安装salt-minion
salt-minion-install:
pkg.installed:
- name: salt-minion
#该服务的配置文件放在minion端的/etc/salt/minion下,是由/srv/salt/base/salt-minion/files/minion文件复制而来的;属主和属组为root,权限是644;使用jinja为默认模板,在配置文件中{{ ID }}这个变量等于minion端的ip地址;这个步骤执行的条件是salt-minion这个服务成功安装完
salt-minion-conf:
file.managed:
- name: /etc/salt/minion
- source: salt://salt-minion/files/minion
- user: root
- group: root
- mode: 644
- template: jinja
- default:
ID: {{ grains['ipv4'] [1] }}
- require:
- pkg: salt-minion-install
#启动salt-minion服务,并设为开机自启,配置文件使用/etc/salt/minion
salt-minion-service:
service.running:
- name: salt-minion
- enable: True
- start: True
- watch:
- file: /etc/salt/minion
配置sls文件,从master端推送安装salt-minion所必要的文件
[root@master base]# cat salt-minion/repo.sls
#推送repo源
salt-repo:
file.managed:
- name: /etc/yum.repos.d/salt-latest.repo
- source: salt://salt-minion/repo/salt-latest.repo
- user: root
- group: root
- mode: 644
#推送验证key
salt-key:
file.managed:
- name: /etc/pki/rpm-gpg/saltstack-signing-key
- source: salt://salt-minion/repo/saltstack-signing-key
- user: root
- group: root
- mode: 644
由于minion端未安装salt-minion,因此需要使用salt-ssh来进行推送,首先配置roster文件,指定minion端的ip,用户名及密码
[root@master base]# cat /etc/salt/roster
minion:
host: 192.168.10.54
user: root
passwd: 1
让系统不进行主机验证
[root@master base]# cat /root/.ssh/config
StrictHostKeyChecking no
测试连通性
[root@master base]# salt-ssh '*' test.ping
minion:
True
测试sls文件执行情况(注意顺序,先执行repo.sls,再执行minion.sls)
[root@master base]# salt-ssh '*' state.sls salt-minion.repo test=true
minion:
----------
ID: salt-repo
Function: file.managed
Name: /etc/yum.repos.d/salt-latest.repo
Result: True
Comment: The file /etc/yum.repos.d/salt-latest.repo is in the correct state
Started: 14:52:42.095239
Duration: 18.521 ms
Changes:
----------
ID: salt-key
Function: file.managed
Name: /etc/pki/rpm-gpg/saltstack-signing-key
Result: True
Comment: The file /etc/pki/rpm-gpg/saltstack-signing-key is in the correct state
Started: 14:52:42.113889
Duration: 1.488 ms
Changes:
Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 20.009 ms
[root@master base]# salt-ssh '*' state.sls salt-minion.minion test=true
minion:
----------
ID: salt-minion-install
Function: pkg.installed
Name: salt-minion
Result: None
Comment: The following packages would be installed/updated: salt-minion
Started: 14:53:14.847661
Duration: 483.856 ms
Changes:
----------
ID: salt-minion-conf
Function: file.managed
Name: /etc/salt/minion
Result: None
Comment: The file /etc/salt/minion is set to be changed
Started: 14:53:15.333994
Duration: 46.145 ms
Changes:
----------
ID: salt-minion-service
Function: service.running
Name: salt-minion
Result: None
Comment: Service salt-minion not present; if created in this state run, it would have been started
Started: 14:53:15.384007
Duration: 15.751 ms
Changes:
Summary for minion
------------
Succeeded: 3 (unchanged=3)
Failed: 0
------------
Total states run: 3
Total run time: 545.752 ms
测试成功,进行实际推送
[root@master base]# salt-ssh '*' state.sls salt-minion.repo
minion:
----------
ID: salt-repo
Function: file.managed
Name: /etc/yum.repos.d/salt-latest.repo
Result: True
Comment: File /etc/yum.repos.d/salt-latest.repo is in the correct state
Started: 15:23:03.659846
Duration: 20.03 ms
Changes:
----------
ID: salt-key
Function: file.managed
Name: /etc/pki/rpm-gpg/saltstack-signing-key
Result: True
Comment: File /etc/pki/rpm-gpg/saltstack-signing-key is in the correct state
Started: 15:23:03.679990
Duration: 2.681 ms
Changes:
Summary for minion
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
Total run time: 22.711 ms
[root@master base]# salt-ssh '*' state.sls salt-minion.minion
minion:
----------
ID: salt-minion-install
Function: pkg.installed
Name: salt-minion
Result: True
Comment: The following packages were installed/updated: salt-minion
Started: 15:23:22.349061
Duration: 53450.911 ms
Changes:
----------
salt-minion:
----------
new:
2019.2.0-1.el7
old:
----------
ID: salt-minion-conf
Function: file.managed
Name: /etc/salt/minion
Result: True
Comment: File /etc/salt/minion updated
Started: 15:24:15.806301
Duration: 82.874 ms
Changes:
----------
diff:
---
+++
@@ -14,6 +14,7 @@
# Set the location of the salt master server. If the master server cannot be
# resolved, then the minion will fail to start.
#master: salt
+master: 192.168.10.54
# Set http proxy information for the minion when doing requests
#proxy_host:
mode:
0644
----------
ID: salt-minion-service
Function: service.running
Name: salt-minion
Result: True
Comment: Service salt-minion has been enabled, and is running
Started: 15:24:16.580018
Duration: 321.46 ms
Changes:
----------
salt-minion:
True
Summary for minion
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 53.855 s
查看当前证书情况,发现待接受的证书中有minion端,说明minion端服务安装成功,且id改为了自己的ip
[root@master base]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
192.168.10.36
192.168.10.54
Rejected Keys:
到minion端查看配置文件,发现id确实改为了自己的ip
[root@minion ~]# cat /etc/salt/minion|grep "^id:"
id: 192.168.10.54
将lnmp安装到minion端中
接受minion端的证书
[root@master base]# salt-key -a 192.168.10.54
The following keys are going to be accepted:
Unaccepted Keys:
192.168.10.54
Proceed? [n/Y] y
Key for minion 192.168.10.54 accepted.
[root@master base]# salt-key -L
Accepted Keys:
192.168.10.54
Denied Keys:
Unaccepted Keys:
192.168.10.36
Rejected Keys:
编译安装lnmp所需文件结构
[root@master base]# cd lnmp/
[root@master lnmp]# tree
.
├── mysql
│ ├── install.sls
│ ├── scripts
│ │ └── mysql_install.sh
│ └── src
│ └── mysql-5.6.35.tar.gz
├── nginx
│ ├── install.sls
│ ├── scripts
│ │ ├── nginx
│ │ └── nginx_install.sh
│ └── src
│ └── nginx-1.15.2.tar.gz
└── php
├── install.sls
├── scripts
│ └── php_install.sh
└── src
└── php-5.6.36.tar.gz
9 directories, 10 files
配置nginx安装的sls文件
[root@master lnmp]# cat nginx/install.sls
##推送nginx源码包
nginx_src:
file.managed:
- name: /root/nginx-1.15.2.tar.gz
- source: salt://lnmp/nginx/src/nginx-1.15.2.tar.gz
##推送nginx安装脚本1
nginx_scripts1:
file.managed:
- name: /root/nginx_install.sh
- source: salt://lnmp/nginx/scripts/nginx_install.sh
##推送nginx安装脚本2
nginx_scripts2:
file.managed:
- name: /root/nginx
- source: salt://lnmp/nginx/scripts/nginx
##命令minion端执行安装脚本,然后添加环境变量
nginx_install:
cmd.run:
- name: bash /root/nginx_install.sh && source /etc/profile.d/nginx.sh
配置nginx的安装脚本
[root@master lnmp]# cat nginx/scripts/nginx_install.sh
##定义变量
#!/bin/bash
SRC_PATH=/root/
INSTALL_PATH=/usr/local/nginx
nginx=${INSTALL_PATH}/sbin/nginx
##安装依赖包
yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++
if [ $? -ne 0 ];then
exit 2
fi
##创建nginx用户及日志目录
useradd -r -M -s /sbin/nologin nginx
mkdir -p ${INSTALL_PATH}/log
chown -R nginx.nginx ${INSTALL_PATH}/log
##安装工具包
yum -y groups mark install 'Development Tools'
cd ${SRC_PATH}
tar xf nginx-1.15.2.tar.gz
cd nginx-1.15.2
##编译nginx
./configure \
--prefix=${INSTALL_PATH} \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=${INSTALL_PATH}/log/access.log \
--error-log-path=${INSTALL_PATH}/log/error.log
make && make install
if [ $? -eq 0 ];then
echo "nginx install successful"
else
echo "nginx install fail"
exit 3
fi
##nginx编辑脚本实现使用service命令来控制其服务,并设置开机自启
cd -
mv nginx /etc/init.d/
chmod +x /etc/init.d/nginx
chkconfig --add nginx
##添加环境变量,启动nginx
echo "export PATH=${INSTALL_PATH}/sbin:$PATH" > /etc/profile.d/nginx.sh
service nginx start
编辑nginx开机自启脚本
[root@master lnmp]# cat nginx/scripts/nginx
#!/bin/bash
#chkconfig:2345 80 80
#description:nginx
#processname:nginx
nginx=/usr/local/nginx/sbin/nginx
case $1 in
start)
echo "Starting Nginx..."
$nginx
echo "done."
;;
stop)
echo "Stopping Nginx..."
$nginx -s stop
echo "done"
;;
reload)
echo "Reloading Nginx..."
$nginx -s reload
echo "done"
;;
status)
a=$(ps -ef|grep nginx|wc -l)
if [ $a -eq 4 ];then
echo "Nginx has been stopped"
else
echo "Nginx is starting"
fi
;;
*)
echo "Usage: service nginx {start|reload|stop|status}"
;;
esac
配置mysql的安装sls文件
[root@master lnmp]# cat mysql/install.sls
#推送mysql源码包
mysql_src:
file.managed:
- name: /root/mysql-5.6.35.tar.gz
- source: salt://lnmp/mysql/src/mysql-5.6.35.tar.gz
#推送mysql编译安装脚本
mysql_scripts:
file.managed:
- name: /root/mysql_install.sh
- source: salt://lnmp/mysql/scripts/mysql_install.sh
#命令minion端执行mysql安装脚本,并添加环境变量
mysql_install:
cmd.run:
- name: bash /root/mysql_install.sh && source /etc/profile.d/mysql.sh
#配置myusql编译安装脚本
[root@master lnmp]# cat mysql/scripts/mysql_install.sh
##定义变量
#!/bin/bash
SRC_PATH=/root
SRC_NAME=mysql-5.6.35
INSTALL_PATH=/usr/local/mysql
mkdir -p ${INSTALL_PATH}/data
##安装依赖包
yum -y install gcc gcc++ ncurses-devel openssl-devel openssl cmake mariadb-devel autoconf perl perl-devel
if [ $? -ne 0 ];then
exit 2
fi
##添加mysql用户
useradd -r -M -s /sbin/nologin mysql
cd ${SRC_PATH}
tar xf ${SRC_NAME}.tar.gz
cd ${SRC_NAME}
##编译安装mysql
cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DINSTALL_DATADIR=/usr/local/mysql/data \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1
make && make install
if [ $? -eq 0 ];then
echo "mysql install successful"
else
echo "mysql install fail"
exit 1
fi
chown -R mysql.mysql ${INSTALL_PATH}
cd ${INSTALL_PATH}
##初始化mysql,配置环境变量
./scripts/mysql_install_db --user=mysql --basedir=${INSTALL_PATH} --datadir=${INSTALL_PATH}/data/
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
##配置mysql开机自启动并启动mysql服务
\cp -a ${INSTALL_PATH}/support-files/mysql.server /etc/init.d/mysql
\cp -a ${INSTALL_PATH}/support-files/my-default.cnf /etc/my.cnf
service mysql start
chkconfig --add mysql
#配置php编译安装sls文件
[root@master lnmp]# cat php/install.sls
##推送php源码包
php_src:
file.managed:
- name: /root/php-5.6.36.tar.gz
- source: salt://lnmp/php/src/php-5.6.36.tar.gz
##推送php安装脚本
php_scripts:
file.managed:
- name: /root/php_install.sh
- source: salt://lnmp/php/scripts/php_install.sh
##命令minion端执行php安装脚本,并添加环境变量
php_isntall:
cmd.run:
- name: bash /root/php_install.sh && source /etc/profile.d/php.sh
#配置php编译安装脚本
[root@master lnmp]# cat php/scripts/php_install.sh
##配置变量
#!/bin/bash
SRC_PATH=/root
SRC_NAME=php-5.6.36
SRC_ZIP=tar.gz
##安装依赖包
yum -y install libxml2 libxml2-devel openssl openssl-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel libpcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel php72w-mysqlnd
if [ $? -ne 0 ];then
exit 2
fi
cd ${SRC_PATH}
tar xf ${SRC_NAME}.${SRC_ZIP}
cd ${SRC_NAME}
##编译php
./configure --prefix=/usr/local/php7 \
--with-config-file-path=/etc \
--enable-fpm \
--enable-inline-optimization \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-zlib-dir \
--with-freetype-dir \
--with-gettext \
--enable-json \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--enable-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix
if [ $? -ne 0 ];then
exit 3
fi
make && make install
if [ $? -ne 0 ];then
exit 4
fi
##配置环境变量
echo 'export PATH=/usr/local/php7/bin:$PATH' > /etc/profile.d/php7.sh
##配置php开启自启动和其自身的配置文件
\cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/rc.d/init.d/php-fpm
cp /usr/local/php7/etc/php-fpm.conf.default /usr/local/php7/etc/php-fpm.conf
cp /usr/local/php7/etc/php-fpm.d/www.conf.default /usr/local/php7/etc/php-fpm.d/www.conf
cat >> /usr/local/php7/etc/php-fpm.conf <<EOF
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 2
pm.max_spare_servers = 8
EOF
service php-fpm start
chkconfig --add php-fpm
配置top文件,指定minion端需要执行的sls文件(格式含义:lnmp.nginx.install即为执行/srv/salt/base/lnmp/nginx/install.sls文件;lnmp之前的路径即为master这个配置文件里指定的salt的根目录)
[root@master base]# cat top.sls
base:
192.168.10.54:
- lnmp.nginx.install
- lnmp.mysql.install
- lnmp.php.install
开始执行向minion端安装lnmp环境
[root@master base]# salt '*' state.highstate
...
Summary for 192.168.10.54
------------
Succeeded: 9 (changed=9)
Failed: 0
------------
Total states run: 10
Total run time: 359.897 s
到minion端进行确认,发现服务成功启动,自启动也成功开启
[root@minion ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 80 :::3306 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25
[root@minion ~]# chkconfig --list
mysql 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
php-fpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off