######1、实验环境
- 172.25.29.1 salt-master server1
- 172.25.29.2 salt-minion server2
- 172.25.29.3 salt-minion server3
######2、saltstack的部署
#########主机共享rhel6的yum源
[root@foundation29 html]# pwd
/var/www/html
[root@foundation29 html]# ls //共享rel6源
rhel6 rhel6.5 rhel7.3
#########server1:
[root@server1 salt]# cd /etc/yum.repos.d/
[root@server1 yum.repos.d]# vim rhel-source.repo //扩展yum源,添加salt
[salt]
name=saltstack
baseurl=http://172.25.29.250/rhel6
gpgcheck=0
[root@server1 yum.repos.d]# yum install salt-master -y
[root@server1 yum.repos.d]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
[root@server1 salt]# /etc/init.d/salt-master start
[root@server1 salt]# netstat -antlp
#########server2:
[root@server2 ~]# yum install salt-minion -y
[root@server2 salt]# vim minion
[root@server2 ~]# cd /etc/salt/
17 master: 172.25.29.1 //注意ip前有空格
[root@server2 salt]# /etc/init.d/salt-minion start
#########server3配置同server2
#########server1:
[root@server1 salt]# salt-key -A //交换公钥
[root@server1 salt]# salt-key -L
[root@server1 master]# pwd
/etc/salt/pki/master
[root@server1 master]# md5sum master.pub
9a0202b65520c45c49aa7f41ae87b2e0 master.pub
[root@server1 minions]# cd minions
[root@server1 minions]# ls
server2 server3
[root@server1 minions]# md5sum server2
f587ed09fcb04dd9063d543afc647ed8 server2
#########server2:
[root@server2 salt]# cd pki/minion/
[root@server2 minion]# md5sum minion_master.pub
9a0202b65520c45c49aa7f41ae87b2e0 minion_master.pub
[root@server2 minion]# md5sum minion.pub //交换公钥成功
f587ed09fcb04dd9063d543afc647ed8 minion.pub
#########测试:
[root@server1 master]# salt '*' test.ping //test是一个模块,ping是模块内的方法
[root@server1 master]# salt '*' cmd.run hostname //cmd模块的run方法
[root@server1 ~]# salt server2 cmd.run 'df -h'
[root@server1 master]# yum install lsof -y
[root@server1 master]# lsof -i :4505 //zmq连接
######3、远程安装httpd、php
#########server1:
[root@server1 ~]# vim /etc/salt/master
534 file_roots:
535 base:
536 - /srv/salt
[root@server1 ~]# /etc/init.d/salt-master restart
[root@server1 ~]# mkdir /srv/salt/
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir httpd
[root@server1 salt]# cd httpd
[root@server1 httpd]# vim apache.sls //每个缩进级别由两个空格组成,不允许tab
apache-install: //声明,要有唯一性,一个声明下的模块要有唯一性
pkg.installed: //调用模块,方法
- pkgs:
- httpd //短横杠后,有空格
- php
[root@server1 httpd]# salt server2 state.sls httpd.apache
#########server2:
[root@server2 ~]# rpm -q httpd
httpd-2.2.15-29.el6_4.x86_64
[root@server2 ~]# rpm -q php
php-5.3.3-38.el6.x86_64
[root@server2 ~]# netstat -antlp |grep httpd
[root@server2 ~]# /etc/init.d/httpd status
httpd is stopped
[root@server2 ~]# chkconfig --list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
#########server1:
[root@server1 httpd]# vim apache.sls //添加模块
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server1 httpd]# salt server2 state.sls httpd.apache
#########server2:
[root@server2 conf]# netstat -antlp|grep httpd
tcp 0 0 :::80 :::* LISTEN 8265/httpd
[root@server2 conf]# /etc/init.d/httpd status
httpd (pid 8265) is running...
[root@server2 conf]# chkconfig --list httpd
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
#########server1:
[root@server1 httpd]# mkdir files
[root@server1 httpd]# cd files/
[root@server1 files]# pwd
/srv/salt/httpd/files
[root@server1 files]# ls
httpd.conf //server2处拷贝而来
[root@server1 files]# vim httpd.conf
136 Listen 8080
[root@server1 files]# salt server2 state.sls httpd.apache
#########server2:
[root@server2 conf]# netstat -antlp|grep httpd
tcp 0 0 :::8080 :::* LISTEN 8265/httpd
server1处,修改httpd.conf配置文件,向server2推送,server2会相应改变。
######4、远程源码安装nginx
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir nginx
[root@server1 salt]# mkdir pkgs
[root@server1 salt]# mkdir users
[root@server1 salt]# cd nginx/
[root@server1 nginx]# mkdir files
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf //nginx启动脚本、安装包、配置文件
[root@server1 salt]# cd /srv/salt/pkgs/
[root@server1 pkgs]# vim make.sls //编译必需的安装包
make:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- gcc
[root@server1 pkgs]# cd ../users/
[root@server1 users]# vim users.sls //管理的用户
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
- shell: /sbin/nologin
- home: /usr/local/nginx
- createhome: False
[root@server1 users]# cd ../nginx
[root@server1 nginx]# vim nginx.sls //源码编译
include:
- pkgs.make
- users.users
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
-
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
- crestes: /usr/local/nginx
[root@server1 nginx]# vim service.sls //管理
include:
- nginx.nginx
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf