Saltstack自动化部署实例
程序员文章站
2022-07-08 11:57:23
Saltstack自动化
4中工作模式(master/minion/syndic/ssh(串行的))
实验环境:
两台虚拟机
书写语法:-两边必须有空格...
Saltstack自动化 4中工作模式(master/minion/syndic/ssh(串行的)) 实验环境: 两台虚拟机 书写语法:-两边必须有空格 书写顺序就是资源启动顺序 [root@salt1 ~]# cat /etc/yum.repos.d/rhel-source.repo [Server] name=Server baseurl=http://172.25.30.250/rhel6.5 gpgcheck=0 [rhel6] name=rhel6 baseurl=http://172.25.30.250/rhel6 gpgcheck=0 [root@salt1 ~]# yum list salt* [root@salt1 ~]# yum install salt-master -y [root@salt1 ~]# /etc/init.d/salt-master start Starting salt-master daemon: [ OK ] [root@salt1 ~]# [root@salt2 ~]# yum install salit-minion -y [root@salt2 ~]# vim /etc/salt/minion .... 16 master: salt1 [root@salt2 ~]# vim /etc/hosts [root@salt2 ~]# ping salt1 PING salt1 (172.25.30.1) 56(84) bytes of data. 64 bytes from salt1 (172.25.30.1): icmp_seq=1 ttl=64 time=0.762 ms ^C --- salt1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 846ms rtt min/avg/max/mdev = 0.762/0.762/0.762/0.000 ms [root@salt2 ~]# /etc/init.d/salt-minion start Starting salt-minion:root:salt2 daemon: OK [root@salt2 ~]# [root@salt1 ~]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: salt2 Rejected Keys: [root@salt1 ~]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: salt2 Proceed? [n/Y] y Key for minion salt2 accepted. [root@salt1 ~]# salt-key -L Accepted Keys: salt2 Denied Keys: Unaccepted Keys: Rejected Keys: [root@salt1 ~]# salt salt2 test.ping salt2: True [root@salt1 ~]# salt salt2 cmd.run hostname salt2: salt2 [root@salt1 ~]# salt salt2 cmd.run uptime salt2: 17:33:08 up 1:02, 2 users, load average: 0.04, 0.05, 0.01 [root@salt1 ~]# minon工作原理: [root@salt ~]# cd /var/cache/salt/ [root@salt salt]# tree . └── minion #server端发送.sls文件到client的此位置 ├── extmods └── proc 3 directories, 0 files [root@salt salt]# &&快:zmq消息队列 三种模式: Publicsher-Subscriber:发布与订阅(客户端请求,发送端响应) 通过md5hash保持数据一致 4505:发送端口 4506:响应端口 [root@salt1 ~]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 6909 root 16u IPv4 30972 0t0 TCP *:4505 (LISTEN) salt-mast 6909 root 18u IPv4 39785 0t0 TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED) salt-mast 6909 root 19u IPv4 39797 0t0 TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED) [root@salt1 ~]# lsof -i;4505|4506查看 Request-Reply: Parallel-Pipeline: ansible:简单易用 ZMQ消息队列: file:///usr/share/doc/HTML/en-US/index.html minion_id默认情况下是自己的主机名(在重新修改ip或者主机名之后,需要修改此文件或者删除此u文件重起) &自己看ansible(在国内用的比较多) 在一个id里面,每个模块只能用一次 [root@salt1 ~]# salt-key -L Accepted Keys: Denied Keys: Unaccepted Keys: salt2 salt3 Rejected Keys: [root@salt1 ~]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: salt2 salt3 Proceed? [n/Y] y Key for minion salt2 accepted. Key for minion salt3 accepted. [root@salt1 ~]# lsof -i:4505 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME salt-mast 6909 root 16u IPv4 30972 0t0 TCP *:4505 (LISTEN) salt-mast 6909 root 18u IPv4 39785 0t0 TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED) salt-mast 6909 root 19u IPv4 39797 0t0 TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED) [root@salt1 ~]# vim /etc/salt/master [root@salt1 ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [ OK ] Starting salt-master daemon: [ OK ] [root@salt1 ~]# mkdir -p /srv/salt/nginx [root@salt1 ~]# cd /srv/salt/nginx/ [root@salt1 nginx]# mkdir files [root@salt1 nginx]# touch install.sls [root@salt1 nginx]# cd .. [root@salt1 salt]# ls nginx [root@salt1 salt]# cd - /srv/salt/nginx [root@salt1 nginx]# cd files/ [root@salt1 files]# pwd /srv/salt/nginx/files [root@salt1 nginx]# vim install.sls ..... nginx-install: file.managed: - name: /mnt/nginx-1.12.0.tar.gz - source: salt://nginx/files/nginx-1.12.0.tar.gz ..... [root@salt1 nginx]# salt salt2 state.sls nginx.install ***此时: [root@salt2 salt]# cd /mnt/ [root@salt2 mnt]# ls nginx-1.12.0.tar.gz ##修改配置文件 [root@salt2 mnt]# tar zxf nginx-1.12.0.tar.gz [root@salt2 mnt]# cd nginx-1.12.0 [root@salt2 cc]# sed 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' gcc [root@salt2 cc]# pwd /mnt/nginx-1.12.0/auto/cc [root@salt2 cc]# cd ../../ auto/ CHANGES.ru configure html/ man/ src/ CHANGES conf/ contrib/ LICENSE README [root@salt2 cc]# cd ../../../ [root@salt2 mnt]# cd nginx-1.12.0 [root@salt2 nginx-1.12.0]# cd src/core/ [root@salt2 core]# sed 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' nginx.h [root@salt1 nginx]# ls files install.sls [root@salt1 nginx]# cd .. [root@salt1 salt]# ls nginx [root@salt1 salt]# mkdir pkgs [root@salt1 salt]# cd pkgs/ [root@salt1 pkgs]# vim make.sls #依赖包 ..... make-install: pkg.installed: - pkgs: - gcc - pcre-devel - openssl-devel ..... [root@salt1 pkgs]# cd ../nginx/ [root@salt1 nginx]# vim install.sls ..... include: - pkgs.make nginx-install: file.managed: - name: /mnt/nginx-1.12.0.tar.gz - source: salt://nginx/files/nginx-1.12.0.tar.gz cmd.run: - name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module && make && make install - creates: /usr/local/nginx .... [root@salt1 nginx]# salt salt2 state.sls nginx.install [root@salt1 nginx]# cd .. [root@salt1 salt]# ls nginx pkgs [root@salt1 salt]# cd nginx/files/ [root@salt1 files]# ls nginx-1.12.0.tar.gz nginx.conf [root@salt1 files]# ll total 964 -rw-r--r--. 1 root root 980831 Nov 4 10:35 nginx-1.12.0.tar.gz -rw-r--r--. 1 root root 2656 Nov 4 11:44 nginx.conf [root@salt1 files]# pwd /srv/salt/nginx/files [root@salt1 files]# ls nginx-1.12.0.tar.gz nginx-1.8.0-1.el6.ngx.x86_64.rpm nginx.conf [root@salt1 files]# mkdir test [root@salt1 files]# mv nginx-1.8.0-1.el6.ngx.x86_64.rpm test/ [root@salt1 files]# cd test/ [root@salt1 test]# rpm2cpio nginx-1.8.0-1.el6.ngx.x86_64.rpm | cpio -div [root@salt1 test]# ls etc nginx-1.8.0-1.el6.ngx.x86_64.rpm usr var [root@salt1 test]# cd etc/rc.d/init.d/ [root@salt1 init.d]# ls nginx [root@salt1 init.d]# cp nginx /srv/salt/nginx/files/ [root@salt1 init.d]# cd .. [root@salt1 rc.d]# cd /srv/salt/nginx/files/ [root@salt1 files]# ls nginx nginx-1.12.0.tar.gz nginx.conf test [root@salt1 files]# rm -fr test/ [root@salt1 files]# ls nginx nginx-1.12.0.tar.gz nginx.conf [root@salt1 files]# pwd /srv/salt/nginx/files [root@salt1 files]# vim nginx ..... 7 # config: /usr/local/nginx/conf/nginx.conf 8 # pidfile: /usr/local/nginx/logs/nginx.pid 35 nginx=${NGINX-/usr/local/nginx/sbin/nginx} 36 prog=`/bin/basename $nginx` 37 conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf} 38 lockfile=${LOCKFILE-/var/lock/subsys/nginx} 39 pidfile=${PIDFILE-/usr/local/nginx/logs/nginx.pid} 40 SLEEPMSEC=${SLEEPMSEC-200000} 41 UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5} 42 RETVAL=0 ..... [root@salt1 files]# pwd /srv/salt/nginx/files [root@salt1 files]# cd .. [root@salt1 nginx]# ls files install.sls [root@salt1 nginx]# vim service.sls ..... include: - nginx.install /usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://nginx/files/nginx.conf - mode: 644 - user: root - group: root nginx-service: file.managed: - name: /etc/init.d/nginx - source: salt://nginx/files/nginx - mode: 755 service.running: - name: nginx - enable: true - reload: true - watch: - /usr/local/nginx/conf/nginx.conf ..... [root@salt1 nginx]# salt salt3 state.sls nginx.service &此时: [root@salt3 ~]# netstat -antlp | grep :80 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5477/nginx [root@salt3 ~]# &&&尝试修改配置文件: [root@salt1 nginx]# pwd /srv/salt/nginx [root@salt1 nginx]# vim files/nginx.conf .... 3 worker_processes auto; ..... [root@salt1 nginx]# salt salt3 state.sls nginx.service ..... -worker_processes 1; +worker_processes auto; ..... [root@salt3 ~]# head /usr/local/nginx/conf/nginx.conf #user nobody; worker_processes auto; .... [root@salt3 ~]# &&&&原码部署haproxy ***在salt2上安装haproxy,此时salt3上已经安装好了nginx #在server1上安装salt-minono,此时salt1即是master又是minion [root@salt1 nginx]# yum install salt-minion -y [root@salt1 nginx]# vim /etc/salt/minion ..... 16 master: salt1 [root@salt1 nginx]# /etc/init.d/salt-minion start [root@salt1 nginx]# salt-key -L Accepted Keys: salt2 salt3 Denied Keys: Unaccepted Keys: salt1 Rejected Keys: [root@salt1 nginx]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: salt1 Proceed? [n/Y] y Key for minion salt1 accepted. [root@salt1 nginx]# salt-key -L Accepted Keys: salt1 salt2 salt3 Denied Keys: Unaccepted Keys: Rejected Keys: [root@salt1 salt]# ls nginx pkgs [root@salt1 salt]# mkdir haproxy [root@salt1 salt]# cd haproxy/ [root@salt1 haproxy]# mkdir files [root@salt1 haproxy]# touch install.sls service.sls [root@salt1 haproxy]# cd files/ [root@salt1 files]# pwd /srv/salt/haproxy/files [root@salt1 files]# ls haproxy-1.6.11.tar.gz [root@salt1 files]# cd .. [root@salt1 haproxy]# vim install.sls include: - pkgs.make haproxy-install: file.managed: - name: /mnt/haproxy-1.6.11.tar.gz - source: salt://haproxy/files/haproxy-1.6.11.tar.gz cmd.run: - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install - creates: /usr/local/haproxy [root@salt1 haproxy]# salt salt2 state.sls haproxy.install &此时: [root@salt2 mnt]# ls haproxy-1.6.11 haproxy-1.6.11.tar.gz [root@salt2 haproxy]# cd /mnt/haproxy-1.6.11 [root@salt2 haproxy-1.6.11]# cd examples/ [root@salt2 examples]# scp haproxy.init root@172.25.30.1:/srv/salt/haproxy/files root@172.25.30.1's password: haproxy.init 100% 2381 2.3KB/s 00:00 [root@salt2 examples]# scp content-sw-sample.cfg root@172.25.30.1:/srv/salt/haproxy/files root@salt1 files]# pwd /srv/salt/haproxy/files [root@salt1 files]# ls content-sw-sample.cfg haproxy-1.6.11.tar.gz haproxy.init [root@salt1 files]# vim haproxy.init 35 BIN=/usr/local/haproxy/sbin/$BASENAME [root@salt1 files]# ls haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init [root@salt1 files]# vim haproxy.cfg [root@salt1 files]# cd ../.. [root@salt1 salt]# mkdir user [root@salt1 salt]# cd user/ [root@salt1 user]# vim nginx.sls nginx-group: group.present: - name: nginx - gid: 800 nginx-user: user.present: - name: nginx - uid: 800 - gid: 800 [root@salt1 user]# cp nginx.sls haproxy.sls [root@salt1 user]# vim haproxy.sls haproxy-group: group.present: - name: haproxy - gid: 200 haproxy-user: user.present: - name: haproxy - uid: 200 - gid: 200 [root@salt1 nginx]# vim service.sls [root@salt1 nginx]# cd files/ [root@salt1 files]# ls nginx nginx-1.12.0.tar.gz nginx.conf [root@salt1 files]# vim nginx.conf ..... 2 user nginx; [root@salt1 nginx]# salt salt3 state.sls nginx.service salt3: 运维社区: https://www.unixhot.com/ [root@salt1 haproxy]# vim service.sls include: - haproxy.install - user.haproxy /etc/haproxy: file.directory: - mode: 755 /etc/haproxy/haproxy.cfg: file.managed: - source: salt://haproxy/files/haproxy.cfg haproxy-service: file.managed: - name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - mode: 755 service.running: - name: haproxy - enable: true - reload: true - watch: - file: /etc/haproxy/haproxy.cfg [root@salt1 haproxy]# salt salt2 state.sls haproxy.service [root@salt1 haproxy]# cat install.sls include: - pkgs.make haproxy-install: file.managed: - name: /mnt/haproxy-1.6.11.tar.gz - source: salt://haproxy/files/haproxy-1.6.11.tar.gz cmd.run: - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install - creates: /usr/local/haproxy &&&部署http服务 &&&grains [root@salt2 ~]# vim /etc/salt/minion ..... 120 grains: 121 roles: 122 - haproxy [root@salt2 ~]# /etc/init.d/salt-minion restart [root@salt1 haproxy]# salt salt2 grains.item roles salt2: ---------- roles: - haproxy [root@salt1 haproxy]# grains:拿到静态信息(在minion端生成的) -G 表示匹配grains -I 表示匹配pillars minon端定义 master端定义(python写) 扩展模块 &&pillar:动态数据,往往定义一些比较敏感的信息,如密码等(在运行的时候自动刷新在master端) [root@salt1 ~]# vim /etc/salt/master ..... 694 pillar_roots: 695 base: 696 - /srv/pillar 697 [root@salt1 ~]# mkdir /srv/pillar [root@salt1 ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: cd /s [ OK ] Starting salt-master daemon: [ OK ] [root@salt1 ~]# cd /scd /srv/pillar/ [root@salt1 ~]# mkdir web [root@salt1 ~]# cd web/ [root@salt1 web]# vim server.sls {% if grains['fqdn'] == 'salt2' %} webserver: haproxy {% elif grains['fqdn'] == 'salt3' %} webserver: nginx {% else %} webserver: httpd {% endif %} [root@salt1 web]# salt salt2 grains.item roles salt2: ---------- roles: - haproxy [root@salt1 web]# salt salt3 grains.item roles salt3: ---------- roles: 发送文件到响应的主机上:salt-cp &&&Saltstack数据系统Grains和Pillar http://www.cnblogs.com/shhnwangjian/p/5985868.html 数据管理: 方法: (1)mysql-python(从minion端做) (2)job-cache(在master端做) &&有时我们需要RPM包中的某个文件,如何解压RPM包呢? RPM包括是使用cpio格式打包的,因此可以先转成cpio然后解压,如下所示: rpm2cpio xxx.rpm | cpio -div &&整合自己写的模块 JINJIA模板