Linux运维: Saltstack 自动化运维(二)
程序员文章站
2022-07-05 22:24:54
...
一、minion信息查询
- 测试所有节点
[aaa@qq.com salt]# salt '*' test.ping
server5:
True
server3:
True
server4:
True1、查询所有信息
[root@server3 salt]# salt server4 grains.items2、查询指定信息
[root@server3 salt]# salt server4 grains.item os
server4:
----------
os:
RedHat
[root@server3 salt]# salt server4 grains.item fqdn
server4:
----------
fqdn:
server43、过滤指定信息(G:指定静态)
[root@server3 salt]# salt -G 'fqdn:server5' test.ping
server5:
True
[root@server3 salt]# salt -G 'name:test' test.ping
server4:
True4、根据信息匹配主机
- 关闭minion端服务
[root@server4 ~]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@server5 ~]# /etc/init.d/nginx status
nginx is stopped- master端修改发布订阅信息
[root@server3 salt]# pwd
/srv/salt
[root@server3 salt]# cat top.sls
base:
'server3':
- haproxy.install
'roles:apache': ##采用信息匹配方式
- match: grain
- httpd.service
'server5':
- nginx.server
[root@server3 salt]# salt '*' state.highstate- minion端服务开启
[root@server4 salt]# /etc/init.d/httpd status
httpd (pid 2963) is running...
[root@server5 ~]# /etc/init.d/nginx status
nginx (pid 1887) is running...二、静态信息grains定义
1、方法1:
[root@server4 salt]# vim minion
120 grains:
121 roles:
122 - apache
[root@server4 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server4 daemon: OK
Starting salt-minion:root:server4 daemon: OK- master查看 roles
[aaa@qq.com salt]# salt server4 grains.item roles
server4:
----------
roles:
- apache2、方法2:
[root@server4 salt]# vim grains
[root@server4 salt]# cat grains
name: test
[root@server4 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server4 daemon: OK
Starting salt-minion:root:server4 daemon: OK- master查看 name
[aaa@qq.com salt]# salt server4 grains.item name
server4:
----------
name:
test3、方法3:
[root@server4 salt]# cat grains
name: test
state: Running- master查看 state
[root@server3 salt]# salt server4 saltutil.sync_grains
server4:
[root@server3 salt]# salt server4 grains.item state
server4:
----------
state:
Running4、方法4:
[root@server3 salt]# mkdir _grains
[root@server3 salt]# cd _grains/
[root@server3 _grains]# vim my_grains.py
#!/usr/bin/env python
def my_grains():
grains = {};
grains['Age'] = '20'
return grains
[root@server3 _grains]# salt server4 saltutil.sync_grains
server4:
- grains.my_grains
[root@server3 _grains]# salt server4 grains.item Age
server4:
----------
Age:
20
- minion端同步信息(top.sls信息与master一致)
[aaa@qq.com base]# pwd
/var/cache/salt/minion/files/base
[aaa@qq.com base]# tree .
.
├── _grains
│ └── my_grains.py
├── httpd
│ ├── apache.sls
│ ├── files
│ │ └── httpd.conf
│ ├── install.sls
│ └── service.sls
└── top.sls三、动态信息 pillar 定义
1、配置文件修改
[root@server3 _grains]# cd /etc/salt/
[root@server3 salt]# vim master
694 pillar_roots:
695 base:
696 - /srv/pillar
[root@server3 salt]# mkdir /srv/pillar
[root@server3 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]2、建立pillar推送信息
[root@server3 salt]# cd /srv/pillar
[root@server3 pillar]# mkdir web
[root@server3 pillar]# vim web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
{% elif grains['fqdn'] == 'server5' %}
webserver: nginx
{% elif grains['fqdn'] == 'server3' %}
webserver: haproxy
{% endif %}
[root@server3 pillar]# vim top.sls
base:
'*':
- web.install3、刷新 piller
[aaa@qq.com pillar]# salt '*' saltutil.refresh_pillar
server3:
True
server5:
True
server4:
True- 获取 piller 信息
[aaa@qq.com pillar]# salt '*' pillar.items
server3:
----------
webserver:
haproxy
server5:
----------
webserver:
nginx
server4:
----------
webserver:
httpd- 指定信息查询(I:动态信息)
[root@server3 pillar]# salt -I 'webserver:nginx' cmd.run hostname
server5:
server5
[root@server3 pillar]# salt -I 'webserver:haproxy' cmd.run hostname
server3:
server3
[root@server3 pillar]# salt -I 'webserver:httpd' cmd.run hostname
server4:
server44、查询同一Vlan的活跃主机
[aaa@qq.com pillar]# salt -S 172.25.120.0/24 test.ping
server4:
True
server5:
True
server3:
True四、不同主机设定不同参数(jinja模板)
- {% %}:定义
- {{ }}:取值
1、配置httpd服务端口
- 脚本定义固定端口
[aaa@qq.com salt]# vim httpd/service.sls
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- contest:
port: 8080- 配置文件 port 设为变量
[aaa@qq.com salt]# vim httpd/files/httpd.conf
135 #Listen 12.34.56.78:80
136 Listen {{ port }}
[aaa@qq.com salt]# salt server4 state.sls httpd.service
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------2、定义为动态信息(无需刷新)
[aaa@qq.com salt]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
port: 80 ##不同主机指定不同参数
{% elif grains['fqdn'] == 'server5' %}
webserver: nginx
{% elif grains['fqdn'] == 'server3' %}
webserver: haproxy
{% endif %}
[aaa@qq.com salt]# vim httpd/service.sls
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- contest: ##取值 port
port: {{ pillar['port'] }}
[aaa@qq.com salt]# salt server4 state.sls httpd.service
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 8080
+Listen 80
#
# Dynamic Shared Object (DSO) Support
----------3、模板导入的格式
[root@server3 salt]# vim lib.sls
{% set bind = '172.25.120.4' %}
[root@server3 salt]# vim httpd/files/httpd.conf
1 {% from 'lib.sls' import bind with context %}
136 #Listen 12.34.56.78:80
137 Listen {{ bind }}:{{ port }}- 推送ok
[root@server3 salt]# salt server4 state.sls httpd.service
@@ -133,7 +134,7 @@
#Listen 12.34.56.78:80
-Listen 8080
+Listen 172.25.120.4:8080- 改变监听端口,需要重启(修改脚本,reload-> restart)
[aaa@qq.com ~]# /etc/init.d/httpd restart
Stopping httpd: [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.120.4 for ServerName
[ OK ]
[aaa@qq.com ~]# netstat -antuple | grep http
tcp 0 0 172.25.120.4:8080 0.0.0.0:* LISTEN 0 14850 3517/httpd4、grains方法
[root@server3 salt]# vim httpd/files/httpd.conf ##注释:模块
1 #{% from 'lib.sls' import bind with context %}
136 #Listen 12.34.56.78:80
137 Listen {{ bind }}:{{ port }}
[root@server3 salt]# vim httpd/service.sls
- template: jinja
- contest:
port: {{ pillar['port'] }}
bind: {{ grains['ipv4'][-1] }}
[root@server3 salt]# salt server4 state.sls httpd.service
------------
Succeeded: 3 (changed=2)
Failed: 0
------------5、pillar、grains取值
[root@server3 salt]# vim httpd/service.sls
# - contest:
# port: {{ pillar['port'] }}
# bind: {{ grains['ipv4'][-1] }}
[root@server3 salt]# vim /srv/pillar/web/install.sls
port: 80
[root@server3 salt]# vim httpd/files/httpd.conf
136 #Listen 12.34.56.78:80
137 Listen {{ grains['fqdn_ip4'][0] }}:{{ pillar['port'] }}
[root@server3 salt]# salt server4 state.sls httpd.service
#Listen 12.34.56.78:80
-Listen 172.25.120.4:8080
+Listen 172.25.120.4:806、pillar方法
[root@server3 salt]# vim httpd/service.sls
- template: jinja
- contest:
port: {{ pillar['port'] }}
bind: {{ pillar['bind'] }}
[root@server3 salt]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
port: 80
bind: 172.25.120.4
[root@server3 salt]# salt server4 state.sls httpd.service五、Saltstack一键部署keepalived
- 业余版:
[aaa@qq.com keepalived]# salt server3 state.sls keepalived.install
include:
- pkgs.make
keepalived-install:
file.managed:
- name: /opt/keepalived-1.4.3.tar.gz
- source: salt://keepalived/files/keepalived-1.4.3.tar.gz
cmd.run:
- name: cd /opt && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make > /dev/null && make install > /dev/null && cd /usr/local/keepalived/etc/rc.d/init.d && chmod +x keepalived && ln -s /usr/local/keepalived/etc/keepalived/ /etc&& ln -s /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/ && ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived /etc/init.d/ && ln -s /usr/local/keepalived/sbin/keepalived /sbin/
- creates: /usr/local/keepalived1、准备配置文件(可以先推送业余版)
[root@server3 salt]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived/files/
[root@server3 salt]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived keepalived/files/
[root@server3 salt]# ls keepalived/files/keepalived
keepalived keepalived-1.4.3.tar.gz keepalived.conf2、修改配置文件
[root@server3 salt]# vim keepalived/files/keepalived.conf
3 global_defs {
4 notification_email {
5 root@localhost
6 }
7 notification_email_from keepalived@localhost
8 smtp_server 127.0.0.1
12 #vrrp_strict ##注释,否则火墙会出问题
18 state {{ STATE }} ##获取变量值
20 virtual_router_id {{ vrid }}
21 priority {{ priority }}
27 virtual_ipaddress { ##配置VIP
28 172.25.120.100
29 }3、编写脚本
[aaa@qq.com salt]# vim keepalived/install.sls
include:
- pkgs.make
keepalived-install:
file.managed:
- name: /opt/keepalived-1.4.3.tar.gz
- source: salt://keepalived/files/keepalived-1.4.3.tar.gz
cmd.run:
- name: cd /opt && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make > /dev/null && make install > /dev/null
- creates: /usr/local/keepalived
/etc/sysconfig/keepalived:
file.symlink:
- target : /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
file.symlink:
- target : /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
file.directory:
- mode: 755
[aaa@qq.com salt]# vim keepalived/service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
vrid: {{ pillar['vrid'] }}
priority: {{ pillar['priority'] }}
keepalived-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf4、定义变量
[root@server3 salt]# cd ..
[root@server3 srv]# cd pillar/
[root@server3 pillar]# mkdir keepalived
[root@server3 pillar]# cp web/install.sls keepalived/install.sls
[root@server3 pillar]# vim keepalived/install.sls
{% if grains['fqdn'] == 'server3' %}
state: MASTER
vrid: 120
priority: 100
{% elif grains['fqdn'] == 'server6' %}
state: BACKUP
vrid: 120
priority: 50
{% endif %}5、修改base
[aaa@qq.com pillar]# vim top.sls
base:
'server4':
- web.install
'server5':
- web.install
'server3':
- keepalived.install
'server6':
- keepalived.install
[aaa@qq.com pillar]# cd ..
[aaa@qq.com srv]# cd salt/
[aaa@qq.com salt]# vim top.sls
base:
'server3':
- haproxy.install
- keepalived.service
'server6':
- haproxy.install
- keepalived.service
'roles:apache':
- match: grain
- httpd.service
'server5':
- nginx.server6、推送
[root@server3 salt]# salt '*' state.highstate- ok后查看VIP
[root@server3 salt]# ip addr
2: eth0:
inet 172.25.120.3/24 brd 172.25.120.255 scope global eth0
inet 172.25.120.100/32 scope global eth07、keepalived测试
- 访问vip出现轮询
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5- 测试高可用
[root@server3 salt]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5