SaltStack基本介绍:
SaltStack作用于仆从和主拓扑。
SaltStack与特定的命令结合使用可以在一个或多个下属执行。
实现这一点,此时Salt Master可以发出命令,如salt ‘*’ cmd.run ‘ls -l /’。
除了运行远程命令,SaltStack允许管理员使用“grain”。
grain可以在SaltStack仆从运行远程查询,因此收集仆从的状态信息并允许管理员在一个中央位置存储信息。
SaltStack也可以帮助管理员定义目标系统上的期望状态。
这些状态在应用时会用到.sls文件,其中包含了如何在系统上获得所需的状态非常具体的要求。
由于它提供了在管理远程系统的灵活性,SaltStack-based产品迅速获得利益。
该功能可以对比由状态管理系统提供的功能,如Puppet和Ansible。
SaltStack很大程度上得益于快速的采用率,它包括一个在管理系统上运行远程命令的有效方式
配置环境(rhel6.5虚拟机)
172.25.3.5 server5
172.25.3.6 server6
1.配置yum源
[root@server5 ~]# vim /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.3.250/source6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[salt]
name=saltstack
baseurl=http://172.25.3.250/saltstack/rhel6
enabled=1
gpgcheck=0
[root@server5 ~]# yum clean all
[root@server5 ~]# yum repolist
[root@server5 ~]# yum list salt-*
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
salt.noarch 2016.11.3-1.el6 salt
salt-api.noarch 2016.11.3-1.el6 salt
salt-cloud.noarch 2016.11.3-1.el6 salt
salt-master.noarch 2016.11.3-1.el6 salt
salt-minion.noarch 2016.11.3-1.el6 salt
salt-ssh.noarch 2016.11.3-1.el6 salt
salt-syndic.noarch 2016.11.3-1.el6 salt
[root@server5 ~]# yum install salt-master -y
[root@server5 ~]# cd /etc/salt/
[root@server5 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
[root@server5 salt]# vim master
[root@server5 salt]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@server5 salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server6
Rejected Keys:
[root@server5 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server6
Proceed? [n/Y] y
Key for minion server6 accepted.
[root@server5 salt]# salt-key -L
Accepted Keys:
server6
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server5 salt]# salt server6 test.ping
server6:
True
[root@server5 salt]# salt server6 cmd.run hostname
server6:
server6
[root@server5 salt]# salt server6 cmd.run 'df -h'
server6:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root 19G 970M 17G 6% /
tmpfs 499M 16K 499M 1% /dev/shm
/dev/vda1 485M 33M 427M 8% /boot
在server6中:
yum源配置与server5相同
[root@server6 ~]# yum install salt-minion -y
[root@server6 ~]# cd /etc/salt/
[root@server6 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
编辑minion文件
[root@server6 salt]# vim minion
[root@server6 salt]# /etc/init.d/salt-minion start
Starting salt-minion:root:server6 daemon: OK
实现远程安装软件
首先更改salt-master配置文件
[root@server5 salt]# vim master
[root@server5 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
创建目录,建立sls文件
[root@server5 salt]# mkdir /srv/salt
[root@server5 salt]# cd /srv/salt/
[root@server5 salt]# mkdir httpd
[root@server5 salt]# cd httpd/
[root@server5 httpd]# pwd
/srv/salt/httpd
[root@server5 httpd]# vim install.sls
编辑 install.sls内容为:
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
[root@server5 httpd]# salt server6 state.sls httpd.install
在server6查看:
实现远程设置httpd开机自启动,
编辑 install.sls内容为:
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
执行 salt server6 state.sls httpd.install
在server6上:netstat -antlp查看
已设置开机自启
更改httpd默认文件后会重新加载
编辑 install.sls内容为:
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
将server6上的httpd主配置文件传到server5上
修改其端口:
执行salt server6 state.sls httpd.install
在server6上:netstat -antlp查看
2、一键部署源码安装nginx
先要准备nginx源码安装的依赖性,在base目录下建立pkgs目录,编辑install.sls
[root@server5 salt]# mkdir pkgs
[root@server5 salt]# cd pkgs/
[root@server5 pkgs]# ls
[root@server5 pkgs]# vim make.sls
make-gcc:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- gcc
在准备一台机器,server6做minion来安装部署ngxin
[root@server5 salt]# salt-key -L
[root@server5 salt]# salt-key -A
[root@server5 salt]# salt-key -L
[root@server5 salt]# salt server6 test.ping
在base目录下建立ngix目录,编辑install.sls,将tar包放在nginx目录下的files下
root@server5 salt]# mkdir nginx
[root@server5 salt]# cd nginx/
[root@server5 nginx]# pwd
/srv/salt/nginx
[root@server5 nginx]# mkdir files
[root@server5 nginx]# cd files/
[root@server5 files]# ls
nginx-1.14.0.tar.gz
[root@server5 nginx]# vim install.sls
include:
- pkgs.make ##调用pkgs
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak s'/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/nginx ##检测是否创建
[root@server5 nginx]# salt server6 state.sls nginx.install
在server6 minion端将nginx.conf配置放到server4 master的指定目录下
在files里有配置文件和写好的启动ngixn脚本
在server6中ps ax ###查看进程编译在进行
在server6上:
netstat -antlp ###查看已开启
实现创建ngxin用户并且自动启动加载
在master端,base目录下建立users/编辑创建用户和用户组
[root@server5 salt]#mkdir users
[root@server5 salt]# cd users/
[root@server5 users]#vim nginx.sls
编辑nginx的service.sls这个也可以更改部署配置文件信息
[root@server5 nginx]# vim service.sls
内容如下:
include:
- users.nginx ##调用之前的用户和组建立
- nginx.install ##调用nginx源码编译
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx.service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True ###让其在更改nginx配置文件后可以重载
- watch:
- file: /usr/local/nginx/conf/nginx.conf
测试:将/srv/salt/nginx/files/nginx.conf更改
[root@server5 nginx]# salt server6 state.sls nginx.service 推送一下
在server6上查看id nginx,发现成功建立
三、一键部署haproxy并实现负载均衡
server4 :httpd
server5 : haproxy
server6 : nginx
新开一个虚拟机server4,设置和之前相同的yum源
安装yum install salt-minion -y,并打开
在server5主机(master上)
[root@server5 httpd]# salt server4 state.sls httpd.install
先远程给server4的虚拟机安装一个httpd
[root@server5 ~]# yum install salt-minion -y
[root@server5 ~]# /etc/init.d/salt-minion start
[root@server5 ~]# salt-key -L
Accepted Keys:
server6
Denied Keys:
Unaccepted Keys:
server4
server5
Rejected Keys:
[root@server5 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4
server5
Proceed? [n/Y] y
Key for minion server4 accepted.
Key for minion server5 accepted.
[root@server5 ~]# salt-key -L
Accepted Keys:
server4
server5
server6
Denied Keys:
Unaccepted Keys:
Rejected Keys:
修改yum源,添加负载均衡模块
[root@server5 httpd]# vim /etc/yum.repos.d/rhel-source.repo
[root@server5 httpd]# yum repolist
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
LoadBalancer | 3.9 kB 00:00
LoadBalancer/primary_db | 7.0 kB 00:00
rhel-source | 3.9 kB 00:00
salt | 2.9 kB 00:00
repo id repo name status
LoadBalancer LoadBalancer 4
rhel-source Red Hat Enterprise Linux 6Server - x86_64 - Source 3,690
salt saltstack 29
repolist: 3,723
[root@server5 salt]# mkdir haproxy
[root@server5 salt]# cd haproxy/
[root@server5 haproxy]# mkdir files
[root@server5 haproxy]# vim install.sls
内容如下:
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
[root@server5 haproxy]# salt server5 state.sls haproxy.install
[root@server5 haproxy]# cd /etc/haproxy/
[root@server5 haproxy]# cp haproxy.cfg /srv/salt/haproxy/files/
[root@server5 haproxy]# cd /srv/salt/haproxy/
[root@server5 haproxy]# vim install.sls
内容如下:
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
[root@server5 haproxy]# vim files/haproxy.cfg
[root@server5 haproxy]# salt server5 state.sls haproxy.install
[root@server5 salt]# vim top.sls
内容如下:
base:
'server5':
- haproxy.install
'server4':
- httpd.install
'server6':
- nginx.service
[root@server5 salt]# salt '*' test.ping
server5:
True
server4:
True
server6:
True
[root@server5 salt]# salt ‘*’ state.highstate
在浏览器访问172.25.3.5实现轮询
三、grains和pillar
grains负责采集客户端的一些基本信息;pillar数据是存储在master端的,而在客户端有缓存,通常pillar数据是一些配置信息
1、grins配置
在master查看minion的grains的值
[root@server5 ~]# salt server6 grains.item ipv4
server6:
----------
ipv4:
- 127.0.0.1
- 172.25.3.6
[root@server5 ~]# salt server6 grains.item os
server6:
----------
os:
RedHat
第一种:种在minion配置文件里找到grains节点进行添加或编辑
[root@server5 ~]# salt server6 saltutil.sync_grains
server6:
在server4中:
[root@server4 ~]# vim /etc/salt/minion
[root@server4 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server4 daemon: OK
Starting salt-minion:root:server4 daemon: OK
第二种方法:在/etc/salt建立编写grains文件
在server6上:
[root@server6 ~]# vim /etc/salt/grains
[root@server6 ~]# cat /etc/salt/grains
查看规则已添加
第三种方法:在master的base目录下建python文件来从minion上取得环境参数
[root@server5 salt]# mkdir _grains
[root@server5 salt]# cd _grains/
[root@server5 _grains]# vim my_grains.py
[root@server5 _grains]# salt server6 saltutil.sync_grains
server6:
- grains.my_grains
my_grains.py文件内容如下:
[root@server5 ~]# salt '*' grains.item hello
[root@server5 ~]# salt '*' grains.item salt
并且grains可以和一键推送结合,可以配合grains的指定值来推送
[root@server5 ~]# cd /srv/salt/
[root@server5 salt]# vim top.sls
base:
'server5':
- haproxy.install
'roles:apache':
- match: grain
- httpd.install
'roles:nginx':
- match: grain
- nginx.service
[root@server5 salt]# salt ‘*’ state.highstate ###推一下状态
2、pillar配置
首先需要在master配置文件中修改pillar根目录
[root@server5 ~]# vim /etc/salt/master
这个目录没有,需要自己建立,完成后重启服务,并在目录下可以建立目录,编辑pillar数据
[root@server5 ~]# mkdir /srv/pillar
[root@server5 ~]# cd /srv/pillar/
[root@server5 pillar]# pwd
/srv/pillar
[root@server5 pillar]# mkdir web
[root@server5 pillar]# cd web/
[root@server5 web]# pwd
/srv/pillar/web
[root@server5 web]# vim install.sls
[root@server5 web]# cd ..
[root@server5 pillar]# ls
web
[root@server5 pillar]# vim top.sls
[root@server5 pillar]# /etc/init.d/salt-minion restart
top.sls内容如下:
[root@server5 pillar]# salt '*' saltutil.refresh_pillar
##可以通过命令来刷新minion的pillar数据
[root@server5 pillar]# salt '*' pillar.items
[root@server5 pillar]# salt -G 'roles:apache' test.ping
[root@server5 pillar]# salt -G 'roles:nginx' test.ping
[root@server5 pillar]# salt -I 'webserver:httpd' test.ping
[root@server5 pillar]# salt -I 'webserver:nginx' test.ping
saltstack的自动化推送更改配置文件
第一种
[root@server5 salt]# cd httpd/
[root@server5 httpd]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.3.6
port: 8080
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server5 httpd]# cd files/
[root@server5 files]# vim httpd.conf
[root@server5 files]# salt server6 state.sls httpd.install
##推给server6
在server6中查看配置文件发现已更改
在server5中写上ip,vim httpd/files/httpd.conf,进行赋值
salt server6 state.sls httpd.install 再次推下,同步成功
方法二
[root@server5 httpd]# pwd
/srv/salt/httpd
[root@server5 httpd]# vim lib.sls
[root@server5 httpd]# ls
files install.sls lib.sls
lib.sls文件内容如下:
[root@server5 httpd]# cd files/
[root@server5 files]# ls
httpd.conf
[root@server5 files]# vim httpd.conf
在files/httpd.conf文件第一行写入
{% from 'httpd/lib.sls' import port with context %}
[root@server5 files]# salt server6 state.sls httpd.install
在server6上查看,已同步
方法三
[root@server5 ~]# cd /srv/salt/httpd/
[root@server5 httpd]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ grains['ipv4'][-1] }}
port: 8080
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
vim /srv/salt/httpd/files/httpd.conf
#删除掉首行
Listen {{ grains['ipv4'][-1] }}:{{ port }}
# 截取ipv4列表的最后一个元素
推送 salt server4 state.sls httpd.install
方法四
vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
bind: 172.25.3.4
port: 9090
{% elif grains['fqdn'] == 'server6' %}
webserver: nginx
{% endif %}
cd /srv/salt/httpd/
vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ pillar['bind'] }}
port: {{ pillar['port'] }}
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
vim files/httpd.conf
Listen {{ pillar['bind'] }}:{{ pillar['port'] }}
推送 salt server4 state.sls httpd.install
在server4上查看/etc/httpd/conf/httpd.conf