学习saltstack (六)
官方源:http://repo.saltstack.com/ (介绍各操作系统安装方法)
centos 6源
1
yum install https:``//repo``.saltstack.com``/yum/redhat/salt-repo-latest-1``.el6.noarch.rpm
centos 7 源
1
yum install https:``//repo``.saltstack.com``/yum/redhat/salt-repo-latest-1``.el7.noarch.rpm
http://repo.saltstack.com/yum/redhat/7/x86_64
基于python开发,提供REST API接口
三大功能: 远程执行、配置管理(状态)、云管理
其它:Puppet(ruby)、ansible(python)
四种运行方式:Local、Minion/Master(C/S)、Syndic(代理,类似zabbix proxy)、Salt SSH
- 安装
服务端
1
yum install salt-master salt-minion -y
客户端
1
yum install salt-minion -y
启动服务端
1
systemctl start salt-master
配置客户端
1
2
3
vim /etc/salt/minion
master: 192.168.137.11 # 配置master地址
id``: # 每台主机的唯一标识,不配置默认为主机名
启动客户端
1
systemctl start salt-minion
启动后/etc/salt下生成minion_id文件,默认为主机名
如果修改id,需要删除minion_id
- master和minion启动后pki介绍
第一次启动minion在/etc/salt下生成pki文件目录
包含minion的公钥minion.pub和私钥minion.pem
第一次启动master在/etc/salt下生成pki文件目录
包含master的公钥master.pub和私钥master.pem
linux-node1.example.com和linux-node2.example.com为minion的公钥,名称为id名
minions_pre为预认证目录
- 认证
1
salt-key
Accepted Keys 已同意的key
Denied Keys 拒绝的key
Unaccepted Keys 未认证的key
1
salt-key -a linux-node1.example.com
指定linux-node1.example.com这台minion被信任
1
salt-key -a linux* # 通配符
说明:-a :accept ,-A:accept-all,-d:delete,-D:delete-all
两台minion已认证成功,此时再次查看master pki文件目录,minion的公钥文件放入了minions目录下
再次查看minion pki文件目录,存在minion_master.pub公钥文件
- 远程执行
语法: 命令 目标 模块.方法 方法参数
检查所有主机状态
1
salt '*' test``.``ping
检查指定主机状态
1
salt "linux-node2.example.com" test``.``ping
指定主机,远程执行shell命令
1
salt "linux-node2.example.com" cmd.run "ls -lrt /root"
重启所有主机的zabbix agent
1
salt "*" cmd.run "systemctl restart zabbix-agent"
- 状态模块
state 写一个描述文件。格式:YAML ,后缀:.sls
YAML介绍(重要)
YAML是"YAML Ain't a Markup Language"(YAML不是一种置标语言)的递归缩写。(可以查看百度百科介绍)
格式:数据结构可以用类似大纲的缩排方式呈现,结构通过缩进来表示,连续的项目通过减号“-”来表示,map结构里面的key/value对用冒号“:”来分隔。
样例如下:
salt管理理解YAML介绍 https://docs.saltstack.com/en/latest/topics/yaml/index.html
salt YAML三个规则:
1)缩进,需要用2个空格,不能使用Tab键;
2)冒号,冒号和缩进共用、键值对(中间有空格)
3)短横线, 于后面的值有空格
- master配置
1
2
vim /etc/salt/master
file_roots # 定义base、测试、灰度、生产环境配置文件路径,base名称不能改
重启master
systemctl restart salt-master
创建配置文件目录
1
2
cd /srv
mkdir salt
- sls文件创建
apache.sls,放入到/srv/salt/web目录下
1
2
3
4
5
6
7
8
9
10
apache-``install``: # 自定义的id,名称
pkg.installed: # 状态模块,salt自带的, 模块.方法
- names: # 参数
- httpd
- httpd-devel
apache-service: # 自定义的id,名称
service.running: # 状态模块,salt自带的, 模块.方法
- name: httpd # 参数
- enable``: True
执行这个文件
1
salt "*" state.sls web.apache
执行流程:
1)master将这个文件发送至minion
2)minion放在/var/cache/salt/minion目录下
3)minion根据这个文件从上往下执行
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: apache-install
4 Function: pkg.installed
5 Name: httpd
6 Result: True
7 Comment: The following packages were installed/updated: httpd
8 Started: 13:12:23.142622
9 Duration: 103093.75 ms
10 Changes:
11 ----------
12 apr:
13 ----------
14 new:
15 1.4.8-3.el7
16 old:
17 apr-util:
18 ----------
19 new:
20 1.5.2-6.el7
21 old:
22 httpd:
23 ----------
24 new:
25 2.4.6-40.el7.centos.4
26 old:
27 httpd-tools:
28 ----------
29 new:
30 2.4.6-40.el7.centos.4
31 old:
32 mailcap:
33 ----------
34 new:
35 2.1.41-2.el7
36 old:
37 ----------
38 ID: apache-install
39 Function: pkg.installed
40 Name: httpd-devel
41 Result: True
42 Comment: The following packages were installed/updated: httpd-devel
43 Started: 13:14:06.266419
44 Duration: 75699.845 ms
45 Changes:
46 ----------
47 apr-devel:
48 ----------
49 new:
50 1.4.8-3.el7
51 old:
52 apr-util-devel:
53 ----------
54 new:
55 1.5.2-6.el7
56 old:
57 cyrus-sasl-devel:
58 ----------
59 new:
60 2.1.26-20.el7_2
61 old:
62 expat-devel:
63 ----------
64 new:
65 2.1.0-8.el7
66 old:
67 httpd-devel:
68 ----------
69 new:
70 2.4.6-40.el7.centos.4
71 old:
72 libdb-devel:
73 ----------
74 new:
75 5.3.21-19.el7
76 old:
77 openldap-devel:
78 ----------
79 new:
80 2.4.40-9.el7_2
81 old:
82 ----------
83 ID: apache-service
84 Function: service.running
85 Name: httpd
86 Result: True
87 Comment: Service httpd has been enabled, and is running
88 Started: 13:15:22.549732
89 Duration: 509.773 ms
90 Changes:
91 ----------
92 httpd:
93 True
94
95 Summary for linux-node2.example.com
96 ------------
97 Succeeded: 3 (changed=3)
98 Failed: 0
99 ------------
100 Total states run: 3
101 Total run time: 179.303 s
102 linux-node1.example.com:
103 ----------
104 ID: apache-install
105 Function: pkg.installed
106 Name: httpd
107 Result: True
108 Comment: Package httpd is already installed
109 Started: 21:12:17.773014
110 Duration: 1030.017 ms
111 Changes:
112 ----------
113 ID: apache-install
114 Function: pkg.installed
115 Name: httpd-devel
116 Result: True
117 Comment: The following packages were installed/updated: httpd-devel
118 Started: 21:12:18.803216
119 Duration: 179505.346 ms
120 Changes:
121 ----------
122 apr-devel:
123 ----------
124 new:
125 1.4.8-3.el7
126 old:
127 apr-util-devel:
128 ----------
129 new:
130 1.5.2-6.el7
131 old:
132 cyrus-sasl-devel:
133 ----------
134 new:
135 2.1.26-20.el7_2
136 old:
137 expat-devel:
138 ----------
139 new:
140 2.1.0-8.el7
141 old:
142 httpd-devel:
143 ----------
144 new:
145 2.4.6-40.el7.centos.4
146 old:
147 libdb-devel:
148 ----------
149 new:
150 5.3.21-19.el7
151 old:
152 openldap-devel:
153 ----------
154 new:
155 2.4.40-9.el7_2
156 old:
157 ----------
158 ID: apache-service
159 Function: service.running
160 Name: httpd
161 Result: True
162 Comment: The service httpd is already running
163 Started: 21:15:18.523234
164 Duration: 62.391 ms
165 Changes:
166
167 Summary for linux-node1.example.com
168 ------------
169 Succeeded: 3 (changed=1)
170 Failed: 0
171 ------------
172 Total states run: 3
173 Total run time: 180.598 s
- top file
默认文件名top.sls,放在base目录下,base目录在file_roots配置项配置
通过top.sls文件可以实现根据不同的minion执行不同的sls文件
1
2
3
4
5
base: # 固定名称,必填
'linux-node1.example.com'``: # minion id
- web.apache # apache.sls
'linux-node2.example.com'``:
- web.apache
1
salt "*" state.highstate
上面命令执行state高级状态,它只会执行入口文件top.sls, 根据top文件中内容执行
生产环境中不建议使用*,需要指定具体主机,先用test测试
1
salt "linux-node1.example.com" state.highstate test``=True
测试正常后执行
1
salt "linux-node1.example.com" state.highstate
########################################################################
- SaltStack与ZeroMQ
SaltStack底层是基于ZeroMQ进行高效的网络通信。
ØMQ (也拼写作ZeroMQ,0MQ或ZMQ)是一个为可伸缩的分布式或并发应用程序设计的高性能异步消息库。它提供一个消息队列, 但是与面向消息的中间件不同,ZeroMQ的运行不需要专门的消息代理(message broker)。该库设计成常见的套接字风格的API。能够提供进程内(inproc)、进程间(IPC)、网络(TCP)和广播方式的消息信道, 并支持扇出(fan-out)、发布-订阅(pub-sub)、任务分发(task distribution)、请求/响应(request-reply)等通信模式。
- SaltStack第一种模式:发布与订阅
ZeroMQ支持Publish/Subscribe,即发布与订阅模式,我们经常简称Pub/Sub。
Salt Master运行两个网络服务,其中一个是ZeroMQ PUB系统,默认监听4505端口。
可以通过修改/etc/salt/master配置文件的publish_port参数设置。
它是salt的消息发布系统,如果查看4505端口,会发现所有的Minion连接到Master的4505端口,TCP状态持续保持为ESTABLISHED。
lsof -i:4505
- SaltStack第一种模式:请求与响应
ZeroMQ支持Request-Reply,即请求与响应模式,我们经常简称REQ/REP。
Salt Master运行的第二个网络服务就是ZeroMQ REP系统,默认监听4506端口,可以通过修改/etc/salt/master配置文件的ret_port参数设置。
它是salt客户端与服务端通信的端口。比如说Minion执行某个命令后的返回值就是发送给Master的4506这个REP端口
如果安装了python-setproctitle软件包,所以我们可以直接看到Salt Master启动的进程的名称。
1
yum install -y python-setproctitle
重启master和minion
1
2
systemctl restart salt-master
systemctl restart salt-minion
1
2
3
4
5
6
7
8
9
10
11
/usr/bin/salt-master -d ProcessManager # 中心进程管理器
/usr/bin/salt-master -d _clear_old_jobs # 清除旧的Jobs文件及更新fileserver
/usr/bin/salt-master -d Publisher # 将任务PUB到Minion端
/usr/bin/salt-master -d EventPublisher # Event Publisher进程
/usr/bin/salt-master -d ReqServer_ProcessManager # ReqServer进程管理器
/usr/bin/salt-master -d MWorker # 工作进程
/usr/bin/salt-master -d MWorker # 工作进程
/usr/bin/salt-master -d MWorker # 工作进程
/usr/bin/salt-master -d MWorker # 工作进程
/usr/bin/salt-master -d MWorker # 工作进程
/usr/bin/salt-master -d MWorkerQueue # 将Ret接口(ROUTER)数据转发到Worker(DEALER)
########################################################################
- Saltstack数据系统
分为Grains和Pillar
静态数据,当Minion启动的时候收集的MInion本地的相关信息。(包含操作系统版本、内核版本、CPU、内存、硬盘、设备型号等)
备注:不重启minion,这些信息数据是不会改变的。
1)信息管理,包括资产管理;
例:
1
2
3
4
salt 'linux-node1*' grains.``ls # 列出ID为linux-node1的主机,grains的所有key
salt 'linux-node1*' grains.items # 列出主机的详细信息,可用于资产管理
salt '*' grains.item os # 列出所有主机的系统版本
salt '*' grains.item fqdn_ip4 # 列出所有主机的IP地址
2)用于目标选择;(查询具体id的主机,查询系统版本为centos的主机 等场景)
例:
1
2
salt -G 'os:Centos' test``.``ping # 所有主机系统为centos版本ping测试
salt -G 'os:Centos' cmd.run 'echo 123' # 所有主机系统为centos版本执行命令'echo 123'
3)配置管理中使用
自定义grains的item
方式一: 修改配置文件 vim /etc/salt/minion
重启 systemctl restart salt-minion
通过自定义的item,可以实现重启所有角色为apache的主机
1
2
salt '*' grains.item roles # 获取所有主机的roles
salt -G 'roles:apache' cmd.run 'systemctl restart httpd' # 所有主机roles为apache的执行命令systemctl restart httpd
方式二:(生产环境使用)
修改配置文件 vim /etc/salt/grains,写法
1
cloud: openstack
重启 systemctl restart salt-minion
1
salt '*' grains.item cloud # 获取所有主机的cloud
修改/etc/salt/grains不重启服务的方法,刷新命令如下(备注:方式一和方式二修改配置文件,通过此命令都可以不用重启服务)
1
salt '*' saltutil.sync_grains
grains在top FILE中的使用案例
vim /srv/salt/top.sls
1
2
3
4
5
6
base:
'linux-node1.example.com'``:
- web.apache
'roles:apache'``:
- match: grain
- web.apach
grains脚本目录,必须是base下创建_grains目录(如:/srv/salt/_grains)
创建一个python脚本在/srv/salt/_grains目录下
脚本名:my_grains.py
1
2
3
4
5
6
7
8
9
10
11
#!/usr/bin/env python
#-*- coding: utf-8 -*-
def my_grains():
# 初始化grains字典
grains = {}
# 设置字典中的key-value
grains[``'iaas'``] = 'openstack'
grains[``'edu'``] = 'shhnwangjian'
# 返回字典
return grains
通过master同步脚本文件至每台minion
1
salt '*' saltutil.sync_grains
文件放在minion主机的/var/cache/salt/minion/extmods/grains目录下
1
salt '*' grains.item edu # 获取所有主机的edu
grains优先级(item名称相同的情况下): 1. 系统自带 2. grains文件写到 3. minion配置文件写的 4. 自己写的脚本
动态数据,给特定的minion指定特定的数据。只有指定的minion自己能看到自己的数据。
1
salt '*' pillar.items
开启系统自带,修改配置文件
1
vim /etc/salt/master
重启systemctl restart salt-master
执行salt '*' pillar.items 可以看到系统自带的item
piller存在文件路径设置
mkdir /srv/pillar
重启systemctl restart salt-master
实现pillar流程
1)创建一个piller文件,python jinja2写法
1
2
3
mkdir /srv/pillar/web
cd /srv/pillar/web
vim apache.sls
1
2
3
4
5
{% if grains[``'os'``] == 'CentOS' %}
apache: httpd
{% elif grains[``'os'``] == 'Debian' %}
apache: apache2
{% endif %}
2)创建TOP FILE文件
1
vim /srv/pillar/top``.sls
1
2
3
base:
'linux-node2.example.com'``:
- web.apache
1
2
salt '*' saltutil.refresh_pillar # 刷新
salt '*' pillar.items apache
目标选择
1
salt -I 'apache:httpd' test``.``ping
三、Grains VS Pillar****
#######################################################################
- Saltstack远程执行
语法例:salt '*' cmd.run 'w'
- 命令:salt
- 目标:'*'
- 模块:cmd.run,自带150+模块,也可以自己写模块
- 返回:执行后结果返回,Returnners组件
官网文档:https://docs.saltstack.com/en/latest/topics/targeting/index.html
两种定位方法:一种和minion ID有关,一种和monion ID无关
1)minion ID有关的方法
指定具体的minion ID
1
salt 'linux-node2.example.com' test``.``ping
通配符
1
2
3
4
5
6
salt '*' test``.``ping
salt 'linux-node2*' test``.``ping
salt 'linux-node[1|2].example.com' test``.``ping
salt 'linux-node[1-2].example.com' test``.``ping
salt 'linux-node[!2].example.com' test``.``ping
salt 'linux-node?.example.com' test``.``ping
列表
1
salt -L 'linux-node1.example.com,linux-node2.example.com' test``.``ping
正则表达式
1
2
salt -E 'linux-(node1|node2)*' test``.``ping
salt -E 'linux-(node1|node2).example.com' test``.``ping
备注: 所有匹配目标的方式,都可以用到top file里面来指定目标。
minion ID设置方案:IP地址、根据业务来进行设置
1
2
3
4
5
6
例:
redis-node1-redis04-idc04-h5web.example.com
redis-node1 # redis第一个节点
redis04 # 集群
idc04 # 机房
h5web # 业务线
2)minion ID无关的方法
IP地址、子网
1
2
salt -S 192.168.137.12 test``.``ping
salt -S 192.168.137.0``/24 test``.``ping
分组,需要配置master文件
1
vim /etc/salt/master
重启systemctl restart salt-master
1
salt -N web test``.``ping
混合匹配
官方文档 https://docs.saltstack.com/en/latest/topics/targeting/compound.html
批处理 ,可用于重启所有主机或进程场景,百分比或固定数量的一点一点重启主机或进程
官方文档 https://docs.saltstack.com/en/latest/topics/targeting/batch.html
官网文档 https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules
列出salt所有模块,以及如何使用的帮助文档
通过yum默认安装salt所有模块存放路径 /usr/lib/python2.7/site-packages/salt/modules(centos 7)
例:
1
2
3
4
5
6
7
8
9
10
11
salt '*' network.active_tcp # 列出所有主机运行的tcp连接
salt '*' network.arp # 列出所有主机arp
salt '*' service.available sshd # 列出所有主机sshd
salt '*' service.get_all # 列出所有主机的所有运行服务
salt '*' service.status sshd # 列出所有主机sshd运行状态
salt-``cp '*' /etc/hosts /tmp/test # 将master上/etc/hosts文件拷贝到所有主机的/tmp/test
salt '*' state.show_top # 查看top
salt '*' state.single pkg.installed name=``lsof # 所有主机安装lsof
官方文档 https://docs.saltstack.com/en/latest/ref/returners/index.html
1)将返回写入mysql库,是由minion直接写入mysql库
所有minion安装python mysql模块
1
2
3
salt '*' state.single pkg.installed name=MySQL-python
或
salt '*' cmd.run 'yum install MySQL-python -y'
创建salt库
1
2
3
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
1
USE `salt`;
创建表
1
2
3
4
5
6
7
8
9
10
11
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE INDEX jid ON jids(jid) USING BTREE;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
` ```return``` ` mediumtext NOT NULL,
` ```id``` ` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY ` ```id``` ` (` ```id``` `),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
1
2
3
4
5
6
7
8
9
10
11
12
13
14
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
` ```id``` ` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (` ```id``` `),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
授权
1
2
grant all on salt.* to salt@``'%' identified by 'salt@pw'``;
FLUSH PRIVILEGES;
1
2
3
exit
mysql -h192.168.137.11 -usalt -psalt@pw salt
show tables;
配置minion文件
1
2
3
4
5
6
vim /etc/salt/minion
mysql.host: '192.168.137.11'
mysql.user: 'salt'
mysql.pass: 'salt@pw'
mysql.db: 'salt'
mysql.port: 3306
重启 systemctl restart salt-minion
测试
1
salt '*' test``.``ping --``return mysql
1
salt '*' cmd.run 'df -h' --``return mysql
1)放置路径
1
2
cd /srv/salt
mkdir _modules
2) 命名
文件名就是模块名
例: my_disk.py
1
2
3
4
5
vim /srv/salt/_modules/my_disk``.py
def list():
cmd = 'df -h'
ret = __salt__[``'cmd.run'``](cmd)
return ret
3)刷新
1
salt '*' saltutil.sync_modules
会放到指定目标的/var/cache/salt/minion下
4)执行
1
salt '*' my_disk.list
####################################################################
官方文档 https://docs.saltstack.com/en/latest/topics/states/index.html
Salt State SLS描述文件(YAML)
名称ID声明 默认是name声明
备注: 一个ID声明下面。状态模块不能重复使用
例:
1
2
3
4
5
6
7
8
9
10
11
12
13
apache-``install``:
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service: # ID声明,高级状态,ID必须唯一。
service.running: # State声明 状态声明
- name: httpd # 选项声明
- enable``: True
php:
pkg.installed
1)pkg (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#module-salt.states.pkg)
pkg.installed # 安装
pkg.latest # 确保最新版本
pkg.remove # 卸载
pkg.purge # 卸载并删除配置文件
# 同时安装多个包
1
2
3
4
5
6
common_packages:
pkg.installed:
- pkgs:
- unzip
- dos2unix
- salt-minion: 2015.8.5-1.el6
2)file (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file)
salt:// 表示当前环境的根目录。例如:
那么salt://lamp/files/httpd.conf 表示 /srv/salt/lamp/files/httpd.conf
3)service (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#module-salt.states.service)
1
2
3
4
redis:
service.running:
- enable``: True # 开机自启动
- reload: True # 重载
1.安装软件包 pkg
2.修改配置文件 file
3.启动服务 service
lamp.sls文件内容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
lamp-pkg:
pkg.installed:
- pkgs:
- httpd
- php
- mariadb
- mariadb-server
- php-mysql
- php-cli
- php-mbstring
apache-config:
file``.managed:
- name: /etc/httpd/conf/httpd``.conf
- source``: salt:``//lamp/files/httpd``.conf
- user: root
- group: root
- mode: 644
php-config:
file``.managed:
- name: /etc/php``.ini
- source``: salt:``//lamp/files/php``.ini
- user: root
- group: root
- mode: 644
mysql-config:
file``.managed:
- name: /etc/my``.cnf
- source``: salt:``//lamp/files/my``.cnf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable``: True
- reload: True
mysql-service:
service.running:
- name: mariadb
- enable``: True
- reload: True
命令: salt 'linux-node2*' state.sls lamp.lamp
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: 4 targeted packages were installed/updated.
7 The following packages were already installed: httpd, mariadb-server, mariadb
8 Started: 12:56:16.178765
9 Duration: 194279.377 ms
10 Changes:
11 ----------
12 libzip:
13 ----------
14 new:
15 0.10.1-8.el7
16 old:
17 php:
18 ----------
19 new:
20 5.4.16-36.3.el7_2
21 old:
22 php-cli:
23 ----------
24 new:
25 5.4.16-36.3.el7_2
26 old:
27 php-common:
28 ----------
29 new:
30 5.4.16-36.3.el7_2
31 old:
32 php-mbstring:
33 ----------
34 new:
35 5.4.16-36.3.el7_2
36 old:
37 php-mysql:
38 ----------
39 new:
40 5.4.16-36.3.el7_2
41 old:
42 php-pdo:
43 ----------
44 new:
45 5.4.16-36.3.el7_2
46 old:
47 ----------
48 ID: apache-config
49 Function: file.managed
50 Name: /etc/httpd/conf/httpd.conf
51 Result: True
52 Comment: File /etc/httpd/conf/httpd.conf is in the correct state
53 Started: 12:59:30.519583
54 Duration: 98.547 ms
55 Changes:
56 ----------
57 ID: php-config
58 Function: file.managed
59 Name: /etc/php.ini
60 Result: True
61 Comment: File /etc/php.ini is in the correct state
62 Started: 12:59:30.620067
63 Duration: 36.824 ms
64 Changes:
65 ----------
66 ID: mysql-config
67 Function: file.managed
68 Name: /etc/my.cnf
69 Result: True
70 Comment: File /etc/my.cnf is in the correct state
71 Started: 12:59:30.657074
72 Duration: 58.78 ms
73 Changes:
74 ----------
75 ID: apache-service
76 Function: service.running
77 Name: httpd
78 Result: True
79 Comment: The service httpd is already running
80 Started: 12:59:30.853149
81 Duration: 40.481 ms
82 Changes:
83 ----------
84 ID: mysql-service
85 Function: service.running
86 Name: mariadb
87 Result: True
88 Comment: The service mariadb is already running
89 Started: 12:59:30.893939
90 Duration: 33.928 ms
91 Changes:
92
93 Summary for linux-node2.example.com
94 ------------
95 Succeeded: 6 (changed=1)
96 Failed: 0
97 ------------
98 Total states run: 6
99 Total run time: 194.548 s
第二种方式:
文件lamp2.sls 内容如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
apache-server:
pkg.installed:
- pkgs:
- httpd
- php
file``.managed:
- name: /etc/httpd/conf/httpd``.conf
- source``: salt:``//lamp/files/httpd``.conf
- user: root
- group: root
- mode: 644
service.running:
- name: httpd
- enable``: True
- reload: True
mysql-server:
pkg.installed:
- pkgs:
- mariadb
- mariadb-server
file``.managed:
- name: /etc/my``.cnf
- source``: salt:``//lamp/files/my``.cnf
- user: root
- group: root
- mode: 644
service.running:
- name: mariadb
- enable``: True
- reload: True
php-config:
file``.managed:
- name: /etc/php``.ini
- source``: salt:``//lamp/files/php``.ini
- user: root
- group: root
- mode: 644
命令: salt 'linux-node2*' state.sls lamp.lamp2
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: apache-server
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 13:13:53.886308
8 Duration: 665.948 ms
9 Changes:
10 ----------
11 ID: apache-server
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf is in the correct state
16 Started: 13:13:54.553919
17 Duration: 19.867 ms
18 Changes:
19 ----------
20 ID: apache-server
21 Function: service.running
22 Name: httpd
23 Result: True
24 Comment: The service httpd is already running
25 Started: 13:13:54.574411
26 Duration: 29.927 ms
27 Changes:
28 ----------
29 ID: mysql-server
30 Function: pkg.installed
31 Result: True
32 Comment: All specified packages are already installed
33 Started: 13:13:54.604496
34 Duration: 0.771 ms
35 Changes:
36 ----------
37 ID: mysql-server
38 Function: file.managed
39 Name: /etc/my.cnf
40 Result: True
41 Comment: File /etc/my.cnf is in the correct state
42 Started: 13:13:54.605362
43 Duration: 15.125 ms
44 Changes:
45 ----------
46 ID: mysql-server
47 Function: service.running
48 Name: mariadb
49 Result: True
50 Comment: The service mariadb is already running
51 Started: 13:13:54.620592
52 Duration: 29.75 ms
53 Changes:
54 ----------
55 ID: php-config
56 Function: file.managed
57 Name: /etc/php.ini
58 Result: True
59 Comment: File /etc/php.ini is in the correct state
60 Started: 13:13:54.650496
61 Duration: 17.036 ms
62 Changes:
63
64 Summary for linux-node2.example.com
65 ------------
66 Succeeded: 7
67 Failed: 0
68 ------------
69 Total states run: 7
70 Total run time: 778.424 ms
状态间关系:
1.我依赖谁 require
1
2
3
4
5
6
7
8
apache-service:
service.running:
- name: httpd
- enable``: True
- reload: True
- require:
- pkg: lamp-pkg # pkg ID
- file``: apache-config # file ID
2 我被谁依赖 require_in
1
2
3
4
5
6
7
8
9
mysql-config:
file``.managed:
- name: /etc/my``.cnf
- source``: salt:``//lamp/files/my``.cnf
- user: root
- group: root
- mode: 644
- require_in:
- service: mysql-service
3 我监控谁 watch
1
2
3
4
5
6
7
8
9
10
11
apache-service:
service.running:
- name: httpd
- enable``: True
- reload: True
- require:
- pkg: lamp-pkg
- watch``:
- file``: apache-config
1. 若果apache-config这个``id``的状态发生变化就reload
2. 如果不加reload: True,那么就restart
4 我被谁监控 watch_in
5 我引用谁 include
例:lamp第一种方法中,将安装、配置、启动分别保存3个文件, 由一个总文件引用
init.sls文件内容
1
2
3
4
include:
- lamp.lamp_pkg
- lamp.lamp_config
- lamp.lamp_service
lamp_pkg.sls文件内容
1
2
3
4
5
6
7
8
9
10
lamp-pkg:
pkg.installed:
- pkgs:
- httpd
- php
- mariadb
- mariadb-server
- php-mysql
- php-cli
- php-mbstring
lamp_config.sls文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
apache-config:
file``.managed:
- name: /etc/httpd/conf/httpd``.conf
- source``: salt:``//lamp/files/httpd``.conf
- user: root
- group: root
- mode: 644
php-config:
file``.managed:
- name: /etc/php``.ini
- source``: salt:``//lamp/files/php``.ini
- user: root
- group: root
- mode: 644
mysql-config:
file``.managed:
- name: /etc/my``.cnf
- source``: salt:``//lamp/files/my``.cnf
- user: root
- group: root
- mode: 644
- require_in:
- service: mysql-service
lamp_service.sls文件内容
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apache-service:
service.running:
- name: httpd
- enable``: True
- reload: True
- require:
- pkg: lamp-pkg
- watch``:
- file``: apache-config
mysql-service:
service.running:
- name: mariadb
- enable``: True
- reload: True
执行命令:salt 'linux-node2*' state.sls lamp.init
6 我扩展谁
如何编写SLS技巧:
1.按状态分类 如果单独使用,很清晰。
2.按服务分类 可以被其他的SLS include。例如LNMP include mysql的服务。
文档:http://docs.jinkan.org/docs/jinja2/
模板包含 变量 或 表达式,两种分隔符: {% … %} 和 {{ … }} 。前者用于执行诸如 for 循环 或赋值的语句,后者把表达式的结果打印到模板上。
salt中如何使用jinja2:
文档:https://docs.saltstack.com/en/latest/topics/jinja/index.html
1)告诉File模块,你要使用jinja
1
2
3
4
5
6
7
8
apache-config:
file``.managed:
- name: /etc/httpd/conf/httpd``.conf
- source``: salt:``//lamp/files/httpd``.conf
- user: root
- group: root
- mode: 644
- template: jinja
2)列出参数列表
1
2
3
4
5
6
7
8
9
10
apache-config:
file``.managed:
- name: /etc/httpd/conf/httpd``.conf
- source``: salt:``//lamp/files/httpd``.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
PORT: 8080
3)模板引用
httpd.conf配置文件引用如下
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果:
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 11:15:02.903236
8 Duration: 4591.748 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 11:15:07.558365
17 Duration: 90.859 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -39,7 +39,7 @@
24 # prevent Apache from glomming onto all bound IP addresses.
25 #
26 #Listen 12.34.56.78:80
27 -Listen 80
28 +Listen 8080
29
30 #
31 # Dynamic Shared Object (DSO) Support
32 ----------
33 ID: php-config
34 Function: file.managed
35 Name: /etc/php.ini
36 Result: True
37 Comment: File /etc/php.ini is in the correct state
38 Started: 11:15:07.649429
39 Duration: 63.754 ms
40 Changes:
41 ----------
42 ID: mysql-config
43 Function: file.managed
44 Name: /etc/my.cnf
45 Result: True
46 Comment: File /etc/my.cnf is in the correct state
47 Started: 11:15:07.713515
48 Duration: 49.273 ms
49 Changes:
50 ----------
51 ID: apache-service
52 Function: service.running
53 Name: httpd
54 Result: True
55 Comment: Service reloaded
56 Started: 11:15:07.800629
57 Duration: 135.15 ms
58 Changes:
59 ----------
60 httpd:
61 True
62 ----------
63 ID: mysql-service
64 Function: service.running
65 Name: mariadb
66 Result: True
67 Comment: The service mariadb is already running
68 Started: 11:15:07.936165
69 Duration: 95.71 ms
70 Changes:
71
72 Summary for linux-node2.example.com
73 ------------
74 Succeeded: 6 (changed=2)
75 Failed: 0
76 ------------
77 Total states run: 6
78 Total run time: 5.026 s
- 模板里面支持: salt执行模块 grinas 进行赋值
例:修改配置文件httpd.conf,将IP地址指向本机IP,通过grains['fqdn_ip4'][0]可以获取本机IP地址
salt 'linux-node2*' grains.item fqdn_ip4
**- **模板里面支持:salt远程执行模块
例:修改配置文件httpd.conf,{{ salt['netwrok.hw_addr']('eth0') }}
salt 'linux-node2*' network.hw_addr eth0
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 11:51:57.213758
8 Duration: 664.953 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 11:51:57.880642
17 Duration: 82.912 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -39,7 +39,9 @@
24 # prevent Apache from glomming onto all bound IP addresses.
25 #
26 #Listen 12.34.56.78:80
27 -Listen 8080
28 +Listen 192.168.137.12:8080
29 +
30 +# MAC IS: 00:0c:29:fd:dd:02
31
32 #
33 # Dynamic Shared Object (DSO) Support
34 ----------
35 ID: php-config
36 Function: file.managed
37 Name: /etc/php.ini
38 Result: True
39 Comment: File /etc/php.ini is in the correct state
40 Started: 11:51:57.963715
41 Duration: 14.577 ms
42 Changes:
43 ----------
44 ID: mysql-config
45 Function: file.managed
46 Name: /etc/my.cnf
47 Result: True
48 Comment: File /etc/my.cnf is in the correct state
49 Started: 11:51:57.978393
50 Duration: 12.482 ms
51 Changes:
52 ----------
53 ID: apache-service
54 Function: service.running
55 Name: httpd
56 Result: True
57 Comment: Service reloaded
58 Started: 11:51:58.021471
59 Duration: 127.043 ms
60 Changes:
61 ----------
62 httpd:
63 True
64 ----------
65 ID: mysql-service
66 Function: service.running
67 Name: mariadb
68 Result: True
69 Comment: The service mariadb is already running
70 Started: 11:51:58.148913
71 Duration: 58.592 ms
72 Changes:
73
74 Summary for linux-node2.example.com
75 ------------
76 Succeeded: 6 (changed=2)
77 Failed: 0
78 ------------
79 Total states run: 6
80 Total run time: 960.559 ms
**- **模板里面支持: salt执行模块 pillar进行赋值
例:修改配置文件httpd.conf,{{ pillar['apache'] }}
salt 'linux-node2*' pillar.item apache
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果:
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 12:01:16.490143
8 Duration: 712.121 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 12:01:17.204369
17 Duration: 93.136 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -42,6 +42,7 @@
24 Listen 192.168.137.12:8080
25
26 # MAC IS: 00:0c:29:fd:dd:02
27 +# pillar: httpd
28
29 #
30 # Dynamic Shared Object (DSO) Support
31 ----------
32 ID: php-config
33 Function: file.managed
34 Name: /etc/php.ini
35 Result: True
36 Comment: File /etc/php.ini is in the correct state
37 Started: 12:01:17.297764
38 Duration: 17.209 ms
39 Changes:
40 ----------
41 ID: mysql-config
42 Function: file.managed
43 Name: /etc/my.cnf
44 Result: True
45 Comment: File /etc/my.cnf is in the correct state
46 Started: 12:01:17.315170
47 Duration: 15.217 ms
48 Changes:
49 ----------
50 ID: apache-service
51 Function: service.running
52 Name: httpd
53 Result: True
54 Comment: Service httpd is already enabled, and is running
55 Started: 12:01:17.331369
56 Duration: 184.591 ms
57 Changes:
58 ----------
59 httpd:
60 True
61 ----------
62 ID: mysql-service
63 Function: service.running
64 Name: mariadb
65 Result: True
66 Comment: The service mariadb is already running
67 Started: 12:01:17.516431
68 Duration: 32.057 ms
69 Changes:
70
71 Summary for linux-node2.example.com
72 ------------
73 Succeeded: 6 (changed=2)
74 Failed: 0
75 ------------
76 Total states run: 6
77 Total run time: 1.054 s
###########################################################################
SaltStack项目实战
- 系统架构图
1、salt环境配置,定义基础环境、生产环境(base、prod)
1
2
3
4
5
6
7
8
9
10
vim /etc/salt/master
修改file_roots
file_roots:
base:
- /srv/salt/base
prod:
- /srv/salt/prod
mkdir -p /srv/salt/base
mkdir -p /srv/salt/prod
pillar配置
1
2
3
4
5
6
7
8
9
10
vim /etc/salt/master
修改pillar_roots
pillar_roots:
base:
- /srv/pillar/base
pord:
- /srv/pillar/prod
mkdir -p /srv/pillar/base
mkdir -p /srv/pillar/prod
服务重启 systemctl restart salt-master
2、salt base环境初始化:
1
2
mkdir -p /srv/salt/base/init # 环境初始化目录
mkdir -p /srv/salt/base/init/files # 配置文件目录
1)dns配置
准备dns配置文件,放入/srv/salt/base/init/files目录下
cp /etc/resolv.conf /srv/salt/base/init/files/
1
2
3
4
5
6
7
vi /srv/salt/base/init/dns``.sls
/etc/resolv``.conf:
file``.managed:
- source``: salt:``//init/files/resolv``.conf
- user: root
- gourp: root
- mode: 644
2)histroy记录时间
1
2
3
4
5
vi /srv/salt/base/init/history``.sls
/etc/profile``:
file``.append:
- text:
- export HISTTIMEFORMAT=```"%F %Twhoami` "``
3)记录命令操作
1
2
3
4
5
vi /srv/salt/base/init/audit``.sls
/etc/bashrc``:
file``.append:
- text:
- export PROMPT_COMMAND=```'{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[pwd`]"$msg"; }'``
4)内核参数优化
1
2
3
4
5
6
7
8
9
10
11
12
13
vi /srv/salt/base/init/sysctl``.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.``file``-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
5)安装yum仓库
1
2
3
4
5
6
vi /srv/salt/base/init/epel``.sls
yum_repo_release:
pkg.installed:
- sources:
- epel-release: http:``//mirrors``.aliyun.com``/epel/epel-release-latest-7``.noarch.rpm
- unless: rpm -qa | grep epel-release-latest-7
6)安装zabbix-agent
准备zabbix-agent配置文件,放入/srv/salt/base/init/files目录下
cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/
修改 vi /etc/zabbix/zabbix_agentd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
vi /srv/salt/base/init/zabbix_agent``.sls
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file``.managed:
- name: /etc/zabbix/zabbix_agentd``.conf
- source``: salt:``//init/files/zabbix_agentd``.conf
- template: jinja
- backup: minion
- defaults:
Server: {{ pillar[``'zabbix-agent'``][``'Zabbix_Server'``] }}
Hostname: {{ grains[``'fqdn'``] }}
- require:
- pkg: zabbix-agent
service.running:
- enable``: True
- watch``:
- pkg: zabbix-agent
- file``: zabbix-agent
zabbix_agentd.d:
file``.directory:
- name: /etc/zabbix/zabbix_agentd``.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file``: zabbix-agent
备注:“- backup: minion”表示备份,如果文件改动,会将之前的文件备份到/var/cache/salt/file_backup目录下
7)编写init.sls总文件,引用其它文件
1
2
3
4
5
6
7
8
vi /srv/salt/base/init/init``.sls
include:
- init.dns
- init.``history
- init.audit
- init.sysctl
- init.epel
- init.zabbix_agent
执行命令: salt "*" state.sls init.init
执行结果
1 linux-node1.example.com:
2 ----------
3 ID: /etc/resolv.conf
4 Function: file.managed
5 Result: True
6 Comment: File /etc/resolv.conf is in the correct state
7 Started: 04:39:32.998314
8 Duration: 181.548 ms
9 Changes:
10 ----------
11 ID: /etc/profile
12 Function: file.append
13 Result: True
14 Comment: File /etc/profile is in correct state
15 Started: 04:39:33.180034
16 Duration: 6.118 ms
17 Changes:
18 ----------
19 ID: /etc/bashrc
20 Function: file.append
21 Result: True
22 Comment: Appended 1 lines
23 Started: 04:39:33.186266
24 Duration: 6.608 ms
25 Changes:
26 ----------
27 diff:
28 ---
29
30 +++
31
32 @@ -90,3 +90,4 @@
33
34 unset -f pathmunge
35 fi
36 # vim:ts=4:sw=4
37 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
38 ----------
39 ID: net.ipv4.ip_local_port_range
40 Function: sysctl.present
41 Result: True
42 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
43 Started: 04:39:33.261448
44 Duration: 212.528 ms
45 Changes:
46 ----------
47 net.ipv4.ip_local_port_range:
48 10000 65000
49 ----------
50 ID: fs.file-max
51 Function: sysctl.present
52 Result: True
53 Comment: Updated sysctl value fs.file-max = 2000000
54 Started: 04:39:33.474197
55 Duration: 122.497 ms
56 Changes:
57 ----------
58 fs.file-max:
59 2000000
60 ----------
61 ID: net.ipv4.ip_forward
62 Function: sysctl.present
63 Result: True
64 Comment: Updated sysctl value net.ipv4.ip_forward = 1
65 Started: 04:39:33.596905
66 Duration: 35.061 ms
67 Changes:
68 ----------
69 net.ipv4.ip_forward:
70 1
71 ----------
72 ID: vm.swappiness
73 Function: sysctl.present
74 Result: True
75 Comment: Updated sysctl value vm.swappiness = 0
76 Started: 04:39:33.632208
77 Duration: 36.226 ms
78 Changes:
79 ----------
80 vm.swappiness:
81 0
82 ----------
83 ID: yum_repo_release
84 Function: pkg.installed
85 Result: True
86 Comment: All specified packages are already installed
87 Started: 04:39:39.085699
88 Duration: 12627.626 ms
89 Changes:
90 ----------
91 ID: zabbix-agent
92 Function: pkg.installed
93 Result: True
94 Comment: Package zabbix-agent is already installed
95 Started: 04:39:51.713592
96 Duration: 6.677 ms
97 Changes:
98 ----------
99 ID: zabbix-agent
100 Function: file.managed
101 Name: /etc/zabbix/zabbix_agentd.conf
102 Result: True
103 Comment: File /etc/zabbix/zabbix_agentd.conf updated
104 Started: 04:39:51.720994
105 Duration: 152.077 ms
106 Changes:
107 ----------
108 diff:
109 ---
110 +++
111 @@ -90,7 +90,7 @@
112 #
113 # Mandatory: no
114 # Default:
115 -Server={{ Server }}
116 +Server=192.168.137.11
117
118 ### Option: ListenPort
119 # Agent will listen on this port for connections from the server.
120 ----------
121 ID: zabbix_agentd.d
122 Function: file.directory
123 Name: /etc/zabbix/zabbix_agentd.d
124 Result: True
125 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
126 Started: 04:39:51.875082
127 Duration: 0.908 ms
128 Changes:
129 ----------
130 ID: zabbix-agent
131 Function: service.running
132 Result: True
133 Comment: Service restarted
134 Started: 04:39:51.932698
135 Duration: 205.223 ms
136 Changes:
137 ----------
138 zabbix-agent:
139 True
140
141 Summary for linux-node1.example.com
142 -------------
143 Succeeded: 12 (changed=7)
144 Failed: 0
145 -------------
146 Total states run: 12
147 Total run time: 13.593 s
148 linux-node2.example.com:
149 ----------
150 ID: /etc/resolv.conf
151 Function: file.managed
152 Result: True
153 Comment: File /etc/resolv.conf is in the correct state
154 Started: 12:46:38.639870
155 Duration: 182.254 ms
156 Changes:
157 ----------
158 ID: /etc/profile
159 Function: file.append
160 Result: True
161 Comment: Appended 1 lines
162 Started: 12:46:38.822236
163 Duration: 3.047 ms
164 Changes:
165 ----------
166 diff:
167 ---
168
169 +++
170
171 @@ -74,3 +74,4 @@
172
173
174 unset i
175 unset -f pathmunge
176 +export HISTTIMEFORMAT="%F %T `whoami` "
177 ----------
178 ID: /etc/bashrc
179 Function: file.append
180 Result: True
181 Comment: Appended 1 lines
182 Started: 12:46:38.825423
183 Duration: 3.666 ms
184 Changes:
185 ----------
186 diff:
187 ---
188
189 +++
190
191 @@ -90,3 +90,4 @@
192
193 unset -f pathmunge
194 fi
195 # vim:ts=4:sw=4
196 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
197 ----------
198 ID: net.ipv4.ip_local_port_range
199 Function: sysctl.present
200 Result: True
201 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
202 Started: 12:46:39.011409
203 Duration: 132.499 ms
204 Changes:
205 ----------
206 net.ipv4.ip_local_port_range:
207 10000 65000
208 ----------
209 ID: fs.file-max
210 Function: sysctl.present
211 Result: True
212 Comment: Updated sysctl value fs.file-max = 2000000
213 Started: 12:46:39.144117
214 Duration: 33.556 ms
215 Changes:
216 ----------
217 fs.file-max:
218 2000000
219 ----------
220 ID: net.ipv4.ip_forward
221 Function: sysctl.present
222 Result: True
223 Comment: Updated sysctl value net.ipv4.ip_forward = 1
224 Started: 12:46:39.177821
225 Duration: 43.489 ms
226 Changes:
227 ----------
228 net.ipv4.ip_forward:
229 1
230 ----------
231 ID: vm.swappiness
232 Function: sysctl.present
233 Result: True
234 Comment: Updated sysctl value vm.swappiness = 0
235 Started: 12:46:39.221788
236 Duration: 39.882 ms
237 Changes:
238 ----------
239 vm.swappiness:
240 0
241 ----------
242 ID: yum_repo_release
243 Function: pkg.installed
244 Result: True
245 Comment: All specified packages are already installed
246 Started: 12:46:47.608597
247 Duration: 13989.554 ms
248 Changes:
249 ----------
250 ID: zabbix-agent
251 Function: pkg.installed
252 Result: True
253 Comment: Package zabbix-agent is already installed
254 Started: 12:47:01.598548
255 Duration: 1.265 ms
256 Changes:
257 ----------
258 ID: zabbix-agent
259 Function: file.managed
260 Name: /etc/zabbix/zabbix_agentd.conf
261 Result: True
262 Comment: File /etc/zabbix/zabbix_agentd.conf updated
263 Started: 12:47:01.600712
264 Duration: 82.425 ms
265 Changes:
266 ----------
267 diff:
268 ---
269 +++
270 @@ -90,8 +90,6 @@
271 #
272 # Mandatory: no
273 # Default:
274 -# Server=
275 -
276 Server=192.168.137.11
277
278 ### Option: ListenPort
279 @@ -117,7 +115,7 @@
280 # Mandatory: no
281 # Range: 0-100
282 # Default:
283 -StartAgents=3
284 +# StartAgents=3
285
286 ##### Active checks related
287
288 @@ -133,7 +131,7 @@
289 # Default:
290 # ServerActive=
291
292 -#ServerActive=192.168.137.11
293 +ServerActive=192.168.137.11
294
295 ### Option: Hostname
296 # Unique, case sensitive hostname.
297 @@ -144,7 +142,7 @@
298 # Default:
299 # Hostname=
300
301 -Hostname=linux-node2
302 +Hostname=Zabbix server
303
304 ### Option: HostnameItem
305 # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
306 @@ -174,7 +172,7 @@
307 #
308 # Mandatory: no
309 # Default:
310 -HostMetadataItem=system.uname
311 +# HostMetadataItem=
312
313 ### Option: RefreshActiveChecks
314 # How often list of active checks is refreshed, in seconds.
315 ----------
316 ID: zabbix_agentd.d
317 Function: file.directory
318 Name: /etc/zabbix/zabbix_agentd.d
319 Result: True
320 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
321 Started: 12:47:01.684357
322 Duration: 0.93 ms
323 Changes:
324 ----------
325 ID: zabbix-agent
326 Function: service.running
327 Result: True
328 Comment: Service restarted
329 Started: 12:47:01.751277
330 Duration: 275.781 ms
331 Changes:
332 ----------
333 zabbix-agent:
334 True
335
336 Summary for linux-node2.example.com
337 -------------
338 Succeeded: 12 (changed=8)
339 Failed: 0
340 -------------
341 Total states run: 12
342 Total run time: 14.788 s
8)创建top文件
1
2
3
4
vi /srv/salt/base/top``.sls
base:
'*'``:
- init.init
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
3、pillar base初始化
1)zabbix agent配置,指定zabbix server地址,用于sls文件引用
1
2
3
4
mkdir -p /srv/pillar/base/zabbix
vi /srv/pillar/base/zabbix/agent``.sls
zabbix-agent:
Zabbix_Server: 192.168.137.11
编写top,引用/srv/pillar/base/zabbix/agent文件
1
2
3
4
vi /srv/pillar/base/top``.sls
base:
'*'``:
- zabbix.agent
测试 salt '*' pillar.items
1
2
3
4
5
6
7
8
9
mkdir -p /srv/salt/prod/modules/haproxy
mkdir -p /srv/salt/prod/modules/keepalived
mkdir -p /srv/salt/prod/modules/memcached
mkdir -p /srv/salt/prod/modules/nginx
mkdir -p /srv/salt/prod/modules/php
mkdir -p /srv/salt/prod/modules/pkg
mkdir -p /srv/salt/prod/cluster
mkdir -p /srv/salt/prod/modules/haproxy/files/
mkdir -p /srv/salt/prod/cluster/files
1)系统gcc编译包等
1
2
3
4
5
6
7
8
9
10
11
12
13
vi /srv/salt/prod/pkg/make``.sls
make``-pkg:
pkg.installed:
- names:
- gcc
- gcc``-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
- pcre
- pcre-devel
2) 自安装
1
2
3
4
5
6
cd /usr/local/src
tar xvf haproxy-1.6.3.``tar``.gz
cd haproxy-1.6.3/
make TARGET=linux2628 PREFIX=``/usr/local/haproxy-1``.6.3
make install PREFIX=``/usr/local/haproxy-1``.6.3
ln -s /usr/local/haproxy-1``.6.3 /usr/local/haproxy
修改启动脚本,放入salt下
1
2
3
vi /usr/local/src/haproxy-1``.6.3``/examples/haproxy``.init
BIN=``/usr/local/haproxy/sbin/``$BASENAME
cp /usr/local/src/haproxy-1``.6.3``/examples/haproxy``.init /srv/salt/prod/modules/haproxy/files/
haproxy-1.6.3.tar.gz安装包放入/srv/salt/prod/modules/haproxy/files/目录下
3)创建install.sls文件,用于安装haproxy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
vi /srv/salt/prod/modules/haproxy/install``.sls
include:
- modules.pkg.``make
haproxy-``install``:
file``.managed:
- name: /usr/local/src/haproxy-1``.6.3.``tar``.gz
- source``: salt:``//modules/haproxy/files/haproxy-1``.6.3.``tar``.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.3.``tar``.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=``/usr/local/haproxy-1``.6.3 && make install PREFIX=``/usr/local/haproxy-1``.6.3 && ln -s /usr/local/haproxy-1``.6.3 /usr/local/haproxy
- unless: test -L /usr/local/haproxy
- require:
- pkg: make``-pkg
- file``: haproxy-``install
haproxy-init:
file``.managed:
- name: /etc/init``.d``/haproxy
- source``: salt:``//modules/haproxy/files/haproxy``.init
- mode: 755
- user: root
- group: root
- require_in:
- file``: haproxy-``install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list| grep haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-``dir``:
file``.directory:
- name: /etc/haproxy
- mode: 755
- user: root
- group: root
备注: “- unless” 如果unless后面的命令返回为True,那么就不执行当前状态命令
4)创建haproxy配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
vi /srv/salt/prod/cluster/files/haproxy-outside``.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy``.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.137.21:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP``/1``.0
balance source
server web-node1 192.168.137.11:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.137.12:8080 check inter 2000 rise 30 fall 15
创建haproxy-outside.sls文件,用于配置haproxy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
vi /srv/salt/prod/cluster/haproxy-outside``.sls
include:
- modules.haproxy.``install
haproxy-service:
file``.managed:
- name: /etc/haproxy/haproxy``.cfg
- source``: salt:``//cluster/files/haproxy-outside``.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable``: True
- reload: True
- require:
- cmd: haproxy-``install
- watch``:
- file``: haproxy-service
5)配置top file
1
2
3
4
5
6
7
vi /srv/pillar/base/top``.sls
base:
'*'``:
- zabbix.agent
prod:
'linux-node*'``:
- cluster.haproxy-outside
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
结果:
1)创建files目录,将keepalived-1.2.17.tar.gz安装包、keepalived.sysconfig、keepalived.init放入
1
mkdir -p /srv/salt/prod/modules/keepalived/files
2)创建install.sls文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
vi /srv/salt/prod/modules/keepalived/install``.sls
{% set keepalived_tar = 'keepalived-1.2.17.tar.gz' %}
{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}
keepalived-``install``:
file``.managed:
- name: /usr/local/src/``{{ keepalived_tar }}
- source``: {{ keepalived_source }}
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf {{ keepalived_tar }} && cd keepalived-1.2.17 && .``/configure --prefix=``/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file``: keepalived-``install
/etc/sysconfig/keepalived``:
file``.managed:
- source``: salt:``//modules/keepalived/files/keepalived``.sysconfig
- mode: 644
- user: root
- group: root
/etc/init``.d``/keepalived``:
file``.managed:
- source``: salt:``//modules/keepalived/files/keepalived``.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file``: /etc/init``.d``/keepalived
/etc/keepalived``:
file``.directory:
- user: root
- group: root
执行命令:salt '*' state.sls modules.keepalived.install saltenv=prod
3)创建keepalived配置文件haproxy-outside-keepalived.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
! Configuration File for keepalived
global_defs {
notification_email {
saltstack@example.com
}
notification_email_from keepalived@example.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id {{ROUTEID}}
}
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
virtual_router_id 36
priority {{PRIORITYID}}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.137.21
}
}
创建haproxy-outside-keepalived.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
vi /srv/salt/prod/cluster/haproxy-outside-keepalived``.sls
include:
- modules.keepalived.``install
keepalived-server:
file``.managed:
- name: /etc/keepalived/keepalived``.conf
- source``: salt:``//cluster/files/haproxy-outside-keepalived``.conf
- mode: 644
- user: root
- group: root
- template: jinja
{% if grains[``'fqdn'``] == 'linux-node1.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: MASTER
- PRIORITYID: 150
{% elif grains[``'fqdn'``] == 'linux-node2.example.com' %}
- ROUTEID: haproxy_ha
- STATEID: BACKUP
- PRIORITYID: 100
{% endif %}
service.running:
- name: keepalived
- enable``: True
- watch``:
- file``: keepalived-server
4)将keepalived加入top FILE
1
2
3
4
5
6
7
8
vi /srv/salt/base/top``.sls
base:
'*'``:
- init.init
prod:
'linux-node*'``:
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
##########################################################################
1)创建www用户
1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir -p /srv/salt/prod/modules/user
vi /srv/salt/prod/modules/user/www``.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 1000
- gid: 1000
2)libevent,将安装包放入/srv/salt/prod/modules/libevent/files
1
2
3
4
5
6
7
8
9
10
11
12
13
14
mkdir -p /srv/salt/prod/modules/libevent/files
vi /srv/salt/prod/modules/libevent/install``.sls
libevent-``source``-``install``:
file``.managed:
- name: /usr/local/src/libevent-2``.0.22-stable.``tar``.gz
- source``: salt:``//modules/libevent/files/libevent-2``.0.22-stable.``tar``.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.``tar``.gz && cd libevent-2.0.22-stable && .``/configure --prefix=``/usr/local/libevent && make && make install
- unless: test -d /usr/local/libevent
- require:
- file``: libevent-``source``-``install
3)创建files目录,将memcached-1.4.24.tar.gz安装包放入
1
mkdir -p /srv/salt/prod/modules/memcached/files
4)创建install.sls文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
vi /srv/salt/prod/modules/memcached/install``.sls
include:
- modules.libevent.``install
memcached-``source``-``install``:
file``.managed:
- name: /usr/local/src/memcached-1``.4.24.``tar``.gz
- source``: salt:``//modules/memcached/files/memcached-1``.4.24.``tar``.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf memcached-1.4.24.``tar``.gz && cd memcached-1.4.24&& .``/configure --prefix=``/usr/local/memcached --``enable``-64bit --with-libevent=``/usr/local/libevent && make && make install
- unless: test -d /usr/local/memcached
- require:
- cmd: libevent-``source``-``install
- file``: memcached-``source``-``install
5)负责业务部分的放入一个目录,如bbs
1
2
3
4
5
6
7
8
9
10
11
12
13
mkdir -p /srv/salt/prod/bbs
vi /srv/salt/prod/bbs/memcached``.sls
include:
- modules.memcached.``install
- modules.user.www
memcached-service:
cmd.run:
- name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www
- unless: netstat -ntlp | grep 11211
- require:
- cmd: memcached-``source``-``install
- user: www-user-group
6)将memcached加入top FILE
1
2
3
4
5
6
7
8
9
10
11
vi /srv/salt/base/top``.sls
base:
'*'``:
- init.init
prod:
'linux-node*'``:
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
'linux-node2*'``:
- bbs.memcached
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
1)php安装包和相关文件放入/srv/salt/prod/modules/php/files
1
mkdir -p /srv/salt/prod/modules/php/files
2)创建install.sls
vi /srv/salt/prod/modules/php/install.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
include:
- modules.pkg.``make
- modules.user.www
pkg-php:
pkg.installed:
- names:
- swig
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- zlib
- zlib-devel
- libcurl
- libcurl-devel
php-``source``-``install``:
file``.managed:
- name: /usr/local/src/php-5``.6.9.``tar``.gz
- source``: salt:``//modules/php/files/php-5``.6.9.``tar``.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf php-5.6.9.``tar``.gz && cd php-5.6.9&& .``/configure --prefix=``/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-``dir --with-png-``dir --with-zlib --``enable``-xml --with-libxml-``dir --with-curl --``enable``-bcmath --``enable``-shmop --``enable``-sysvsem --``enable``-inline-optimization --``enable``-mbregex --with-openssl --``enable``-mbstring --with-gd --``enable``-gd-native-ttf --with-freetype-``dir``=``/usr/lib64 --with-gettext=``/usr/lib64 --``enable``-sockets --with-xmlrpc --``enable``-zip --``enable``-soap --disable-debug --``enable``-opcache --``enable``-zip --with-config-``file``-path=``/usr/local/php-fastcgi/etc --``enable``-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
- require:
- file``: php-``source``-``install
- user: www-user-group
- unless: test -d /usr/local/php-fastcgi
pdo-plugin:
cmd.run:
- name: cd /usr/local/src/php-5``.6.9``/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && .``/configure --with-php-config=``/usr/local/php-fastcgi/bin/php-config && make``&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/``*``/pdo_mysql``.so
- require:
- cmd: php-``source``-``install
php-fpm:
file``.managed:
- name: /usr/local/php-fastcgi/etc/php-fpm``.conf
- source``: salt:``//modules/php/files/php-fpm``.conf.default
- user: root
- group: root
- mode: 644
php-fastcgi-service:
file``.managed:
- name: /etc/init``.d``/php-fpm
- source``: salt:``//modules/php/files/init``.d.php-fpm
- user: root
- group: root
- mode: 755
cmd.run:
- name: chkconfig --add php-fpm
- unless: chkconfig --list | grep php-fpm
- require:
- file``: php-fastcgi-service
创建php-memcache.sls
vi /srv/salt/prod/modules/php/php-memcache.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
memcache-plugin:
file``.managed:
- name: /usr/local/src/memcache-2``.2.7.tgz
- source``: salt:``//modules/php/files/memcache-2``.2.7.tgz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && .``/configure --``enable``-memcache --with-php-config=``/usr/local/php-fastcgi/bin/php-config && make``&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/``*``/memcache``.so
require:
- file``: memcache-plugin
- cmd: php-``install
创建php-redis.sls
vi /srv/salt/prod/modules/php/php-redis.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
redis-plugin:
file``.managed:
- name: /usr/local/src/redis-2``.2.7.tgz
- source``: salt:``//modules/php/files/redis-2``.2.7.tgz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && .``/configure --with-php-config=``/usr/local/php-fastcgi/bin/php-config && make``&& make install
- unless: test -f /usr/local/php-fastcgi/lib/php/extensions/``*``/redis``.so
require:
- file``: redis-plugin
- cmd: php-``install
执行命令:salt '*' state.sls modules.php.install saltenv=prod
1)nginx安装包和相关文件放入/srv/salt/prod/modules/nginx/files
1
mkdir -p /srv/salt/prod/modules/nginx/files
2)创建install.sls
vi /srv/salt/prod/modules/nginx/install.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
include:
- modules.pkg.``make
- modules.user.www
nginx-``source``-``install``:
file``.managed:
- name: /usr/local/src/nginx-1``.9.1.``tar``.gz
- source``: salt:``//modules/nginx/files/nginx-1``.9.1.``tar``.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.9.1.``tar``.gz && cd nginx-1.9.1&& .``/configure --prefix=``/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-``file``-aio --with-http_dav_module && make && make install && chown -R www:www /usr/local/nginx
- unless: test -d /usr/local/nginx
- require:
- user: www-user-group
- file``: nginx-``source``-``install
- pkg: make``-pkg
创建service.sls
vi /srv/salt/prod/modules/nginx/service.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
include:
- modules.nginx.``install
nginx-init:
file``.managed:
- name: /etc/init``.d``/nginx
- source``: salt:``//modules/nginx/files/nginx-init
- mode: 755
- user: root
- group: root
cmd.run:
- name: chkconfig --add nginx
- unless: chkconfig --list | grep nginx
- require:
- file``: nginx-init
/usr/local/nginx/conf/nginx``.conf:
file``.managed:
- source``: salt:``//modules/nginx/files/nginx``.conf
- user: www
- group: www
- mode: 644
nginx-service:
service.running:
- name: nginx
- enable``: True
- reload: True
- require:
- cmd: nginx-init
- watch``:
- file``: /usr/local/nginx/conf/nginx``.conf
- file``: nginx-online
nginx-online:
file``.directory:
- name: /usr/local/nginx/conf/vhost_online
nginx-offline:
file``.directory:
- name: /usr/local/nginx/conf/vhost_offline
执行命令:salt '*' state.sls modules.nginx.install saltenv=prod
4)/srv/salt/prod/bbs/files/nginx-bbs.conf
1
2
3
4
5
6
7
8
9
10
11
server {
listen 8080;
root /usr/local/nginx/html``;
index index.htm index.html index.php;
location ~ \.php$
{
fastcgi_pass unix:``/usr/local/php-fastcgi/php-fpm``.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
5)/srv/salt/prod/bbs目录下创建web.sls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
include:
- modules.php.``install
- modules.php.php-memcache
- modules.php.php-redis
- modules.nginx.service
bbs-php:
file``.managed:
- name: /usr/local/php-fastcgi/etc/php``.ini
- source``: salt:``//bbs/files/php``.ini-production
- user: root
- group: root
- mode: 644
service.running:
- name: php-fpm
- enable``: True
- require:
- cmd: php-fastcgi-service
- watch``:
- file``: bbs-php
web-bbs:
file``.managed:
- name: /usr/local/nginx/conf/vhost_online/bbs``.conf
- source``: salt:``//bbs/files/nginx-bbs``.conf
- user: root
- group: root
- mode: 644
- require:
- service: bbs-php
- watch_in:
- service: nginx-service
执行命令:salt '*' state.sls bbs.web saltenv=prod
6)将php、nginx加入top FILE
vi /srv/salt/base/top.sls
1
2
3
4
5
6
7
8
9
10
11
base:
'*'``:
- init.init
prod:
'linux-node*'``:
- cluster.haproxy-outside
- cluster.haproxy-outside-keepalived
- bbs.web
'linux-node2*'``:
- bbs.memcached
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
###########################################################################
配置文件/etc/salt/master
1
2
cachedir: /var/cache/salt/master # cache路径
keep_jobs: 24 # job保存时间
salt执行模块官方文档 https://docs.saltstack.com/en/latest/ref/modules/all/index.html
- 如何将master的返回加入mysql数据库?
1)数据库表结构创建可参考 http://www.cnblogs.com/shhnwangjian/p/5986964.html 的第三节“返回程序”
2)yum install -y MySQL-python 创建python的mysql模块
3)修改master配置文件
1
2
3
4
5
6
7
vi /etc/salt/master
master_job_cache: mysql
mysql.host: '192.168.137.11'
mysql.user: 'salt'
mysql.pass: 'salt@pw'
mysql.db: 'salt'
mysql.port: 3306
4)重启 systemctl restart salt-master.service
5)测试:
1
2
salt '*' test``.``ping
数据中查询 select * from salt_returns;
- 如何kill salt正在执行的任务?
salt '*' saltutil.running # 查看正在运行的任务,找到jid
salt '*' saltutil.kill_job jid # 根据jid杀掉任务
salt '*' saltutil.clear_cache # 清除minion缓存
备注:
1)正在执行的salt任务,job id会存在minion端的/var/cache/salt/minion/proc目录下
2)正在执行的salt任务,根据上面master cache的配置,Job的路径/var/cache/salt/master/jobs目录下
官方文档 https://docs.saltstack.com/en/latest/ref/runners/index.html
命令:salt-run
举例:
1
2
salt-run jobs.list_jobs # 列出当前保存在job cache中的历史执行任务
salt-run jobs.lookup_jid jid # 查看历史jid执行结果
备注: 我们通过salt命令开头执行时,所有的命令master端分发至minion端,由minion端自己执行,如果一个模块在master存在,在minion端不存在,就会出现执行失败的情况。为了解决这个问题,提供salt runners模块,它是将所有的命令在master端执行。
salt-run manage.status # 查看minion的状态
1
2
salt-run manage.down
salt-run manage.up
salt-run manage.versions # 查看minion的版本
#######################################################################
- Masterless架构,无Master
实现方式:
1)关闭minion进程
2)修改配置文件
1
2
vi /etc/salt/minion
file_client: local
备注:其它配置项如file_roots、pillar_roots跟master一样,区别在于上面的配置项,将从master获取cache数据,改成了从本地获取cache数据。
3)编写SLS文件
4)执行命令:salt-call --local state.highstate
- 多master架构
实现方式:
1)minion配置
1
2
3
4
vi /etc/salt/minion
master:
- 192.168.137.11
- 192.168.137.21
2)SLS使用git或者SVN管理
另一种方式: NFS共享keys 、file_roots、pillar_roots,但是不安全。
###################################################################
- Saltstack之Syndic
1、salt syndic必须运行在一台master上
2、salt syndic必须依赖更高级的master
1
yum install -y salt-syndic
1
2
vi /etc/salt/master
syndic_master: 192.168.137.12
备注:syndic和master共用一个配置文件
重启master: systemctl restart salt-master
启动sydic: systemctl start salt-syndic
更高级master修改配置(上图中第一排的master)
1
2
vi /etc/salt/master
order_masters: True # 管理syndic
启动高级master:systemctl start salt-master
1)认证,master与syndic需要认证
1
salt-key -A
2)master执行命令,通过syndic分发到个minion,然后返回结果
重点:syndic的file_roots和pillar_rotts必须与高级master一致。
缺点:高级master并不知道自己到底有多少minion。
#################################################################
- Saltstack之SSH
1
yum install -y salt-``ssh
官方文档 https://docs.saltstack.com/en/latest/topics/ssh/index.html
管理/etc/salt/roster文件,配置需要管理的所有主机
1
2
3
4
5
6
7
8
9
10
vi /etc/salt/roster
linux-node1.example.com:
host: 192.168.137.11
user: root
port: 22
linux-node2.example.com:
host: 192.168.137.12
user: root
port: 22
如何通过证书认证?
1)执行 salt-ssh '*' test.ping -i,提示输入密码;
2)用户输入一次密码后salt-ssh会将公钥发送到对应主机,例如:/root/.ssh/authorized_keys;
3)/etc/salt/pki/master/ssh目录下存master公钥和私钥。
备注:取消证书提示
1
2
vi /root/``.``ssh``/config
StricHostKeyChecking no
1
salt-``ssh '*' -r 'df -h' # -r参数直接执行Linux命令
1、不使用minion,通过salt-ssh控制所有主机
2、minion升级、重启,通过salt-ssh可以实现
###########################################################################
Saltstack-API
官方文档 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
使用条件:1)https调用,需要生成证书 2)配置文件 3)使用PAM验证 4)启动salt-api
1
yum install -y salt-api
1)创建用户useradd -M -s /sbin/nologin saltapi
2)设置密码passwd saltapi
3)生成自签名证书
cd /etc/pki/tls/certs
mv localhost.crt /tmp
make testcert
cd /etc/pki/tls/private
如果上面生成证书时输入了密码,需要取消密码
openssl rsa -in localhost.key -out salt_nopass.key
4)安装Cherrypy模块,版本3.2.6
1
pip install Cherrypy==3.2.6
备注:centos6、7可以使用3.2.6版本,centos5安装时不要选版本号
5)修改master配置文件
1
2
vi /etc/salt/master
default_include: master.d/*.conf
6)创建api配置文件
1
2
3
4
5
6
7
cd /etc/salt/master``.d/
vi api.conf
rest_cherrypy:
host: 192.168.137.11
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost``.crt
ssl_key: /etc/pki/tls/private/salt_nopass``.key
备注:如果加disable_ssl: True,可以通过http请求。
性能优化:
1
2
thread_pool: 100
socket_queue_size: 30
7)认证文件
1
2
3
4
5
6
7
vi eauth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
备注: .* # 所有模块可执行, '@wheel' # salt key
centos5.9上yum安装的salt,eauth.conf配置需要注意,如下配置
1
2
3
4
5
6
7
8
9
10
external_auth:
pam:
saltapi:
- .*
- '@local'
- '@local_async'
- '@wheel'
- '@wheel_async'
- '@runner'
- '@runner_async'
8)重启master
1
systemctl restart salt-master.service
9)启动api
1
systemctl restart salt-api
10)需要修改master的配置对saltapi用户进行授权
1
2
3
4
5
6
7
8
9
[root@test1 ~]``# vim /etc/salt/master
external_auth:
pam:
saltapi:
- .*
- '@wheel'
[root@test1 ~]``# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
1)登录测试,使用curl请求
1
2
3
4
5
curl -k https:``//192``.168.137.11:8000``/login \
-H 'Accept: application/x-yaml' \
-d username=saltapi \
-d password=saltapi \
-d eauth=pam
登录成功后系统返回token,用于后续交互使用。
2)获取minion资产数据测试,节点为linux-node1.example.com主机
1
2
3
curl -k https:``//192``.168.137.11:8000``/minions/linux-node1``.example.com \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: token内容'
3)查看所有minion存活主机
1
2
3
4
5
curl -k https:``//192``.168.137.11:8000/ \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: token内容' \
-d client=``'runner' \
-d fun=``'manage.status'
备注:client='runner'指的是在master执行,client='local'指的是在minion执行
4)ping测试
1
2
3
4
5
6
curl -k https:``//192``.168.137.11:8000/ \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: token内容' \
-d client=``'local' \
-d tgt=``'*' \
-d fun=``'test.ping'
tgt表示目标,可以指定某一台minion
5)查看jobs
1
2
3
curl -k https:``//192``.168.137.11:8000``/jobs \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: token内容'
6)查看具体一个jobs的执行结果
1
2
3
curl -k https:``//192``.168.137.11:8000``/jobs/jobid \
-H 'Accept: application/x-yaml' \
-H 'X-Auth-Token: token内容'
#############################################################
Saltstack异步执行命令
salt执行命令有时候会有超时的问题,就是命令下发下去了,部分主机没有返回信息,这时候就很难判断命令或任务是否执行成功。因此,salt提供异步执行的功能,发出命令后立即返回一个jid。然后我们就可以根据这个jid来查询任务是否执行成功。
参数--async,返回job ID,根据job ID我们可以查询执行结果。
1
salt --async '*' test``.``ping
1
salt-run jobs.lookup_jid 20161117163153353501
-v参数在返回结果的同时,一同返回本次任务的jid,如果超时还是会返回jid
1
salt -``v '*' test``.``ping
任务执行代码样例,通过async方法执行异步命令获取返回job id,通过job方法查看执行结果。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
import requests
import json
def async(fun, tgt):
""``"
异步任务,获取jid
""``"
params = {``'client'``: 'local_async'``, 'fun'``: fun, 'tgt'``: tgt}
headers = {``'X-Auth-Token'``: 登陆时获取的token}
try:
ret = requests.post(https:``//ip``:port/, data=params, headers=headers, verify=False)
ret = json.loads(ret.text)
return ret[``'return'``][0][``'jid'``]
except Exception as err:
print err
def jobs_all(jid=None):
""``"
job_id=None, 查看salt cache中所有的job任务的执行结果
job_id传值时,查看指定job id``的执行结果
""``"
headers = {``'X-Auth-Token'``: 登陆时获取的token}
try:
if jid is None:
ret = requests.get(https:``//ip``:port``/jobs``, headers=headers, verify=False)
else``:
ret = requests.get(``'https://ip:port/jobs' + jid, headers=headers, verify=False)
ret = json.loads(ret.text)
return ret
except Exception as err:
logger.error(err)
jid = async(``'test.ping'``, '*'``)
jobs_all()
jobs_all(jid=jid)
查看官方文档获取详细帮助 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#id1
#######################################################################
在windows下通过Salt-Minion-xxxx.xx.x-AMD64-Setup.exe安装salt-minion的时候,默认是安装并开机启动salt-minion服务。但是如果以服务的方式启动salt-minion的话,windows的可视化操作是不能被控制的。为了能够通过salt-minion来操控windows的可视化界面,需要禁用salt-minion服务,并且用进程的方式启动salt-minion。
1. 开始>>运行>>services.msc 将salt-minion服务给停止并将启动类型设为手动
2.命令行方式运行C:\salt\salt-minion.exe
3.将C:\salt\salt-minion.exe加入启动,以后服务器重启可以实现salt自启动
手机扫一扫
移动阅读更方便
你可能感兴趣的文章