soltstack的部署
[root@server1 ~]# tar zxf *.gz
[root@server1 ~]# yum install -y *.rpm
[root@server1 ~]# cd /etc/salt
[root@server1 salt]# systemctl start salt-master
[root@server1 salt]# systemctl enable salt-master
客户机配置(server2 与server3)
[root@server2 salt]# yum install -y *.rpm
[root@server2 ~]# cd /etc/salt
[root@server2 salt]# vi minion
16 master: 172.25.32.1
[root@server2 ~]# systemctl start salt-minion
[root@server2 ~]# systemctl enable salt-minion
[root@server3 salt]# yum install -y *.rpm
[root@server3 ~]# cd /etc/salt
[root@server3 salt]# vi minion
16 master: 172.25.32.1
[root@server3 ~]# systemctl start salt-minion
[root@server3 ~]# systemctl enable salt-minion
与客户端建立连接
master端开启服务后,打开4505与4506端口与slave建立连接
[root@server1 salt]# salt-key -L##列出建立连接的用户
[root@server1 salt]# salt-key -A##建立连接
[root@server1 salt]# salt ‘*’ test.ping##测试
查看master端的端口信息
若建立连接,则master段的master.pub与从节点的minion_master.pub发现公钥是相同的
[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# cd pki/master/
[root@server1 master]# md5sum master.pub
0da1617f36950c9c34f409e058b330ed master.pub
[root@server2 minion]# md5sum minion_master.pub
0da1617f36950c9c34f409e058b330ed minion_master.pub
[root@server2 minion]# pwd
/etc/salt/pki/minion
[root@server3 ~]# md5sum /etc/salt/pki/minion/minion_master.pub
0da1617f36950c9c34f409e058b330ed /etc/salt/pki/minion/minion_master.pub
soltstack 部署apache
[root@server1 apache]# vim /etc/salt/master
[root@server1 apache]# systemctl restart salt-master
[root@server1 apache]# cd /srv/salt
[root@server1 salt]# mkdir apache
[root@server1 salt]# cd apache
[root@server1 apache]# vim install.sls
[root@server1 apache]# cat install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
service.running:
- name: httpd
- enable: true
- reload: true
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
[root@server1 apache]# mkdir files
[root@server1 apache]# cd files
[root@server1 apache]# cp /etc/httpd/conf/httpd.conf files/
[root@server1 apache]# salt server2 state.sls apache.install##apache.install表示在apache目录下的install文件
nginx服务的源码推送
1.拆解nginx压缩包
[root@server1 salt]# mkdir nginx
[root@server1 salt]# cd nginx
[root@server1 nginx]# mkdir files
[root@server1 nginx]# vim install.sls
[root@server1 files]# ls
nginx-1.8.1 nginx-1.8.1.tar.gz
[root@server1 nginx]# cat install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- make
- pcre-devel
- zlib-devel
file.managed:
- name: /mnt/nginx-1.8.1.tar.gz
- source: salt://nginx/files/nginx-1.8.1.tar.gz
cmd.run:
- name: cd /mnt/ && tar zxf nginx-1.8.1.tar.gz && cd nginx-1.8.1
- creates: /mnt/nginx-1.8.1
[root@server1 nginx]# salt server3 state.sls nginx.install##推送
在server3端查看
2.添加编译安装部分
[root@server1 files]# vim ../install.sls
[root@server1 files]# cat ../install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- make
- pcre-devel
- zlib-devel
file.managed:
- name: /mnt/nginx-1.8.1.tar.gz
- source: salt://nginx/files/nginx-1.8.1.tar.gz
cmd.run:
- name: cd /mnt/ && tar zxf nginx-1.8.1.tar.gz && cd nginx-1.8.1 sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx && make && make install
- creates: /mnt/nginx-1.8.1
在server3端查看
3.将nginx启动服务脚本放到server3的相应目录下进行测试
[root@server1 system]# cd /srv/salt/nginx/
[root@server1 nginx]# cd files
[root@server1 files]# cat nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true
[Install]
WantedBy=multi-user.target
[root@server1 files]# scp nginx.service root@172.25.32.3:/usr/lib/systemd/system
在server3端查看
[root@server3 nginx]# systemctl status nginx
[root@server3 nginx]# systemctl start nginx
[root@server3 nginx]# systemctl status nginx
4.关闭server3的nginx服务并配置server1上nginx的sls文件,然后推送检测
[root@server3 logs]# systemctl stop nginx.service
[root@server1 files]# cp nginx-1.8.1/conf/nginx.conf .
[root@server1 files]# ls
nginx-1.8.1 nginx-1.8.1.tar.gz nginx.conf nginx.service
[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# vim service.sls
[root@server1 nginx]# cat service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
server3验证:
在顶层文件编辑条件推送
[root@server1 salt]# cd apache
[root@server1 apache]# ls
files install.sls
[root@server1 apache]# cd ../nginx/
[root@server1 nginx]# ls
files install.sls service.sls
[root@server1 nginx]# cd ..
[root@server1 salt]# salt '*' state.highstate
[root@server1 salt]# cat top.sls
base:
'server2':
- apache.install
'server3':
- nginx.service
[root@server1 salt]# salt ‘*’ state.highstate##推送测试