1 环境说明
主机名 | IP | 安装服务 |
---|---|---|
master | 192.168.25.146 | salt-master |
minion | 192.168.25.147 | salt-minion |
2 项目简介
此实验项目为使用saltstack
自动化工具,在受控端minion
上首先安装LAMP
架构,然后再使用saltstack
在minion
上搭建zabbix监控服务
3 项目实验流程
3.1 首先在saltstack控制主机上的测试环境/srv/salt/base
编写LAMP
架构的状态模块,然后使用使用salt '*' state.sls
命令进行测试安装。测试环境中架构的模式如下:
[root@master salt]# tree base/
base/
├── apache
│ ├── files
│ │ ├── apr-1.7.0.tar.gz
│ │ ├── apr-util-1.6.1.tar.gz
│ │ ├── httpd-2.4.48.tar.gz
│ │ ├── httpd.conf
│ │ ├── httpd.service
│ │ ├── index.php
│ │ └── install.sh
│ └── install.sls
├── mysql
│ ├── files
│ │ ├── install.sh
│ │ ├── my.cnf
│ │ ├── mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
│ │ ├── mysqld.service
│ │ └── mysql.server
│ └── install.sls
└── php
├── files
│ ├── install.sh
│ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ ├── php-8.0.10.tar.xz
│ ├── php-fpm
│ ├── php-fpm.conf
│ ├── php-fpm.service
│ └── www.conf
└── install.sls
安装apache的状态文件
[root@minion base]# cat apache/install.sls
"Development Tools":
pkg.group_installed
apache-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
apache:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
apache-download:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://lamp/apache/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://lamp/apache/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.48.tar.gz:
- source: salt://lamp/apache/files/httpd-2.4.48.tar.gz
/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://lamp/apache/files/httpd.service
- user: root
- group: root
- mode: '0644'
salt://lamp/apache/files/install.sh:
cmd.script
/usr/local/apache/conf/httpd.conf:
file.managed:
- source: salt://lamp/apache/files/httpd.conf
- user: root
- group: root
- mode: '0644'
/usr/local/apache/htdocs/zhaojie:
file.directory:
- user: apache
- group: apache
- dir_mode: '755'
/usr/local/apache/htdocs/zhaojie/index.php:
file.managed:
- source: salt://lamp/apache/files/index.php
- user: root
- group: root
- mode: '0644'
apache-service:
service.running:
- name: httpd
- enable: true
[root@minion base]# cat apache/files/install.sh
#! /bin/bash
cd /usr/src
rm -rf apr-1.7.0 apr-util-1.6.1 httpd-2.4.48
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.48.tar.gz
#编译apr
cd /usr/src/apr-1.7.0
sed -i '/$RM "$cfgfile"/d' configure
./configure --prefix=/usr/local/apr && make && make install
#编译apr-util
cd /usr/src/apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
#编译httpd
cd /usr/src/httpd-2.4.48
./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork && make && make install &&
systemctl daemon-reload
安装mysql的状态文件
[root@master base]# cat mysql/install.sls
ncurses-compat-libs:
pkg.installed
mysql:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
create-datadir:
file.directory:
- name: /opt/data
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
/etc/my.cnf:
file.managed:
- source: salt://lamp/mysql/files/my.cnf
- user: root
- group: root
- mode: '0644'
/usr/src/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz:
file.managed:
- source: salt://lamp/mysql/files/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
- user: root
- group: root
- mode: '0644'
salt://lamp/mysql/files/install.sh:
cmd.script
/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://lamp/mysql/files/mysqld.service
mysqld.service:
service.running:
- enable: true
set-password:
cmd.run:
- name: /usr/local/mysql/bin/mysql -e "set password=password('123');"
[root@master base]# cat mysql/files/install.sh
#! /bin/bash
cd /usr/src
tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local
ln -s /usr/local/mysql-5.7.35-linux-glibc2.12-x86_64 /usr/local/mysql
chown -R mysql.mysql /usr/local/mysql*
/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /usr/local/mysql/support-files/mysql.server
sed -ri "s#^(datadir=).*#\1/opt/data#g" /usr/local/mysql/support-files/mysql.server
安装php状态文件
[root@master base]# cat php/install.sls
/usr/local/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /usr/local/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
dep-package-install:
pkg.installed:
- pkgs:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
- libzip-devel
- libsqlite3x-devel
/usr/src/php-8.0.10.tar.xz:
file.managed:
- source: salt://lamp/php/files/php-8.0.10.tar.xz
- user: root
- group: root
- mode: '0644'
salt://lamp/php/files/install.sh:
cmd.script
copy-php:
file.managed:
- names:
- /etc/init.d/php-fpm:
- source: salt://lamp/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/local/php8/etc/php-fpm.conf:
- source: salt://lamp/php/files/php-fpm.conf
- /usr/local/php8/etc/php-fpm.d/www.conf:
- source: salt://lamp/php/files/www.conf
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://lamp/php/files/php-fpm.service
php-fpm.service:
service.running:
- enable: true
[root@master base]# cat php/files/install.sh
#! /bin/bash
cd /usr/src
rm -rf php-8.0.10
tar xf php-8.0.10.tar.xz
cd php-8.0.10
./configure --prefix=/usr/local/php8 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix &&
make && make install
3.2 测试LAMP架构可以运行和正常访问之后就要将状态模块拆分将共性部分单独拆分出来然后所以服务的配置文件提供,最后将其组合到一起用于成产环境。生产环境的架构如下
[root@master salt]# tree prod/
prod/
├── modules
│ ├── application
│ │ └── php
│ │ ├── files
│ │ │ ├── install.sh
│ │ │ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ │ │ ├── php-7.4.24.tar.xz
│ │ │ ├── php-fpm
│ │ │ ├── php-fpm.conf
│ │ │ ├── php-fpm.service
│ │ │ └── www.conf
│ │ └── install.sls
│ ├── database
│ │ └── mysql
│ │ ├── files
│ │ │ ├── install.sh
│ │ │ ├── mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
│ │ │ ├── mysqld.service
│ │ │ └── mysql.server
│ │ └── install.sls
│ └── web
│ └── apache
│ ├── files
│ │ ├── apr-1.7.0.tar.gz
│ │ ├── apr-util-1.6.1.tar.gz
│ │ ├── httpd-2.4.48.tar.gz
│ │ ├── httpd.conf
│ │ ├── httpd.service
│ │ ├── index.php
│ │ └── install.sh
│ └── install.sls
└── zabbix
├── apache.sls
├── config.sls
├── files
│ ├── index.php
│ ├── install.sh
│ ├── my.cnf
│ ├── mysql.conf
│ ├── php.ini
│ ├── zabbix-5.4.4.tar.gz
│ ├── zabbix_server.conf
│ └── zabbix-vhosts.conf
├── main.sls
├── mysql.sls
└── zabbix.sls
apache的安装部分(不包含配置文件和启动服务)
[root@master prod]# cat modules/web/apache/install.sls
yum -y install epel-release:
cmd.run
apache-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make
apache:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
apache-download:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/apache/files/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/apache/files/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.48.tar.gz:
- source: salt://modules/web/apache/files/httpd-2.4.48.tar.gz
/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://modules/web/apache/files/httpd.service
- user: root
- group: root
- mode: '0644'
salt://modules/web/apache/files/install.sh:
cmd.script
/usr/local/apache/conf/httpd.conf:
file.managed:
- source: salt://modules/web/apache/files/httpd.conf
- user: root
- group: root
- mode: '0644'
[root@master prod]# cat modules/web/apache/files/install.sh
#! /bin/bash
cd /usr/src
rm -rf apr-1.7.0 apr-util-1.6.1 httpd-2.4.48
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.48.tar.gz
#编译apr
cd /usr/src/apr-1.7.0
sed -i '/$RM "$cfgfile"/d' configure
./configure --prefix=/usr/local/apr && make && make install
#编译apr-util
cd /usr/src/apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install
#编译httpd
cd /usr/src/httpd-2.4.48
./configure --prefix=/usr/local/apache \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util/ \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork && make && make install &&
systemctl daemon-reload
mysql的安装部分(不包含启动服务和设置密码)
[root@master prod]# cat modules/database/mysql/install.sls
ncurses-compat-libs:
pkg.installed
mysql:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
create-datadir:
file.directory:
- name: /opt/data
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
/usr/src/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz:
file.managed:
- source: salt://modules/database/mysql/files/mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz
- user: root
- group: root
- mode: '0644'
salt://modules/database/mysql/files/install.sh:
cmd.script
/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.service
[root@master prod]# cat modules/database/mysql/files/install.sh
#! /bin/bash
cd /usr/src
tar xf mysql-5.7.35-linux-glibc2.12-x86_64.tar.gz -C /usr/local
ln -s /usr/local/mysql-5.7.35-linux-glibc2.12-x86_64 /usr/local/mysql
chown -R mysql.mysql /usr/local/mysql*
/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/
echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
sed -ri "s#^(basedir=).*#\1/usr/local/mysql#g" /usr/local/mysql/support-files/mysql.server
sed -ri "s#^(datadir=).*#\1/opt/data#g" /usr/local/mysql/support-files/mysql.server
因为php不需要修改配置文件,所以安装后直接启动服务
[root@master prod]# cat modules/application/php/install.sls
/usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- mode: '0644'
cmd.run:
- name: yum -y install /usr/src/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
dep-package-install:
pkg.installed:
- pkgs:
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- libmcrypt
- libmcrypt-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- mhash
- mhash-devel
- php-mysqlnd
- libzip-devel
- libsqlite3x-devel
/usr/src/php-7.4.24.tar.xz:
file.managed:
- source: salt://modules/application/php/files/php-7.4.24.tar.xz
- user: root
- group: root
- mode: '0644'
salt://modules/application/php/files/install.sh:
cmd.script
copy-php:
file.managed:
- names:
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/local/php8/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf
- /usr/local/php8/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service
php-fpm.service:
service.running:
- enable: true
3.3 zabbix项目部署
[root@master prod]# cat zabbix/main.sls
include:
- zabbix.apache
- zabbix.mysql
- modules.application.php.install
- zabbix.zabbix
[root@master prod]# cat zabbix/apache.sls
"Development Tools":
pkg.group_installed
include:
- modules.web.apache.install
/usr/include/httpd:
file.symlink:
- target: /usr/local/apache/include/
/usr/local/apache/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mkdor: '0755'
- makedirs: true
/usr/local/apache/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/files/index.php
- user: root
- group: root
- mode: '0644'
/usr/local/apache/conf/extra/zabbix-vhosts.conf:
file.managed:
- source: salt://zabbix/files/zabbix-vhosts.conf
zabbix-apache-service:
service.running:
- name: httpd
- enable: true
[root@master prod]# cat zabbix/mysql.sls
lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel
include:
- modules.database/mysql/install
provides-mysql-file:
file.managed:
- user: root
- group: root
- mode: '0644'
- names:
- /etc/my.cnf:
- source: salt://zabbix/files/my.cnf
- /etc/ld.so.conf.d/mysql.conf:
- source: salt://zabbix/files/mysql.conf
/usr/local/include/mysql:
file.symlink:
- target: /usr/local/mysql/include/
mysqld.service:
service.running:
- enable: true
mysqld-set-password:
cmd.run:
- name: /usr/local/mysql/bin/mysql -e "set password = password('123')"
[root@master prod]# cat zabbix/zabbix.sls
zabbix-dep-package:
pkg.installed:
- pkgs:
- net-snmp-devel
- libevent-devel
zabbix:
user.present:
- shell: /sbin/nologin
- createhome: false
- system: true
/usr/src/zabbix-5.4.4.tar.gz:
file.managed:
- source: salt://zabbix/files/zabbix-5.4.4.tar.gz
salt://zabbix/files/install.sh:
cmd.script
/usr/local/etc/zabbix_server.conf:
file.managed:
- source: salt://zabbix/files/zabbix_server.conf
- user: root
- group: root
- mode: '0644'
/var/lib/mysql/:
file.directory:
- user: mysql
- group: mysq
- dir_mode: '0755'
- makedirs: true
/var/lib/mysql/:
file.symlink:
- target: /tmp/mysql.sock
include:
- zabbix.config
[root@master prod]# cat zabbix/config.sls
'zabbix_server':
cmd.run
'zabbix_sgentd':
cmd.run
/etc/php.ini:
file.managed:
- source: salt://zabbix/files/php.ini
php-service:
service.running:
- name: php-fpm
- restart: true
[root@master prod]# cat zabbix/files/install.sh
#! /bin/bash
cd /usr/src
rm -rf zabbix-5.4.4
tar xf zabbix-5.4.4.tar.gz
/usr/local/mysql/bin/mysql -uroot -p123 -e "create database zabbix character set utf8 collate utf8_bin;"
/usr/local/mysql/bin/mysql -uroot -p123 -e "grant all privileges on zabbix.* to zabbix@localhost identified by 'zabbix';"
/usr/local/mysql/bin/mysql -uroot -p123 -e "flush privileges;"
cd /usr/src/zabbix-5.4.4/database/mysql/
/usr/local/mysql/bin/mysql -uzabbix -pzabbix zabbix < schema.sql
/usr/local/mysql/bin/mysql -uzabbix -pzabbix zabbix < images.sql
/usr/local/mysql/bin/mysql -uzabbix -pzabbix zabbix < data.sql
cd /usr/src/zabbix-5.4.4/
./configure --enable-server \
--enable-agent \
--with-mysql \
--with-net-snmp \
--with-libcurl \
--with-libxml2 &&
make install &&
cp -a ui/* /usr/local/httpd/htdocs/zabbix/
然后之后测试安装之后就可以直接去浏览器访问,访问结果如下: