Saltstack自动化部署实例
程序员文章站
2022-04-01 20:47:17
Saltstack自动化
4中工作模式(master/minion/syndic/ssh(串行的))
实验环境:
两台虚拟机
书写语法:-两边必须有空格...
Saltstack自动化
4中工作模式(master/minion/syndic/ssh(串行的))
实验环境:
两台虚拟机
书写语法:-两边必须有空格
书写顺序就是资源启动顺序
[root@salt1 ~]# cat /etc/yum.repos.d/rhel-source.repo
[Server]
name=Server
baseurl=http://172.25.30.250/rhel6.5
gpgcheck=0
[rhel6]
name=rhel6
baseurl=http://172.25.30.250/rhel6
gpgcheck=0
[root@salt1 ~]# yum list salt*
[root@salt1 ~]# yum install salt-master -y
[root@salt1 ~]# /etc/init.d/salt-master start
Starting salt-master daemon: [ OK ]
[root@salt1 ~]#
[root@salt2 ~]# yum install salit-minion -y
[root@salt2 ~]# vim /etc/salt/minion
....
16 master: salt1
[root@salt2 ~]# vim /etc/hosts
[root@salt2 ~]# ping salt1
PING salt1 (172.25.30.1) 56(84) bytes of data.
64 bytes from salt1 (172.25.30.1): icmp_seq=1 ttl=64 time=0.762 ms
^C
--- salt1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 846ms
rtt min/avg/max/mdev = 0.762/0.762/0.762/0.000 ms
[root@salt2 ~]# /etc/init.d/salt-minion start
Starting salt-minion:root:salt2 daemon: OK
[root@salt2 ~]#
[root@salt1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt2
Rejected Keys:
[root@salt1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt2
Proceed? [n/Y] y
Key for minion salt2 accepted.
[root@salt1 ~]# salt-key -L
Accepted Keys:
salt2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt1 ~]# salt salt2 test.ping
salt2:
True
[root@salt1 ~]# salt salt2 cmd.run hostname
salt2:
salt2
[root@salt1 ~]# salt salt2 cmd.run uptime
salt2:
17:33:08 up 1:02, 2 users, load average: 0.04, 0.05, 0.01
[root@salt1 ~]#
minon工作原理:
[root@salt ~]# cd /var/cache/salt/
[root@salt salt]# tree
.
└── minion #server端发送.sls文件到client的此位置
├── extmods
└── proc
3 directories, 0 files
[root@salt salt]#
&&快:zmq消息队列
三种模式:
Publicsher-Subscriber:发布与订阅(客户端请求,发送端响应)
通过md5hash保持数据一致
4505:发送端口
4506:响应端口
[root@salt1 ~]# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 6909 root 16u IPv4 30972 0t0 TCP *:4505 (LISTEN)
salt-mast 6909 root 18u IPv4 39785 0t0 TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED)
salt-mast 6909 root 19u IPv4 39797 0t0 TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED)
[root@salt1 ~]#
lsof -i;4505|4506查看
Request-Reply:
Parallel-Pipeline:
ansible:简单易用
ZMQ消息队列:
file:///usr/share/doc/HTML/en-US/index.html
minion_id默认情况下是自己的主机名(在重新修改ip或者主机名之后,需要修改此文件或者删除此u文件重起)
&自己看ansible(在国内用的比较多)
在一个id里面,每个模块只能用一次
[root@salt1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt2
salt3
Rejected Keys:
[root@salt1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt2
salt3
Proceed? [n/Y] y
Key for minion salt2 accepted.
Key for minion salt3 accepted.
[root@salt1 ~]# lsof -i:4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 6909 root 16u IPv4 30972 0t0 TCP *:4505 (LISTEN)
salt-mast 6909 root 18u IPv4 39785 0t0 TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED)
salt-mast 6909 root 19u IPv4 39797 0t0 TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED)
[root@salt1 ~]# vim /etc/salt/master
[root@salt1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@salt1 ~]# mkdir -p /srv/salt/nginx
[root@salt1 ~]# cd /srv/salt/nginx/
[root@salt1 nginx]# mkdir files
[root@salt1 nginx]# touch install.sls
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx
[root@salt1 salt]# cd -
/srv/salt/nginx
[root@salt1 nginx]# cd files/
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 nginx]# vim install.sls
.....
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
.....
[root@salt1 nginx]# salt salt2 state.sls nginx.install
***此时:
[root@salt2 salt]# cd /mnt/
[root@salt2 mnt]# ls
nginx-1.12.0.tar.gz
##修改配置文件
[root@salt2 mnt]# tar zxf nginx-1.12.0.tar.gz
[root@salt2 mnt]# cd nginx-1.12.0
[root@salt2 cc]# sed 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' gcc
[root@salt2 cc]# pwd
/mnt/nginx-1.12.0/auto/cc
[root@salt2 cc]# cd ../../
auto/ CHANGES.ru configure html/ man/ src/
CHANGES conf/ contrib/ LICENSE README
[root@salt2 cc]# cd ../../../
[root@salt2 mnt]# cd nginx-1.12.0
[root@salt2 nginx-1.12.0]# cd src/core/
[root@salt2 core]# sed 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' nginx.h
[root@salt1 nginx]# ls
files install.sls
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx
[root@salt1 salt]# mkdir pkgs
[root@salt1 salt]# cd pkgs/
[root@salt1 pkgs]# vim make.sls #依赖包
.....
make-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
.....
[root@salt1 pkgs]# cd ../nginx/
[root@salt1 nginx]# vim install.sls
.....
include:
- pkgs.make
nginx-install:
file.managed:
- name: /mnt/nginx-1.12.0.tar.gz
- source: salt://nginx/files/nginx-1.12.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module && make && make install
- creates: /usr/local/nginx
....
[root@salt1 nginx]# salt salt2 state.sls nginx.install
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx pkgs
[root@salt1 salt]# cd nginx/files/
[root@salt1 files]# ls
nginx-1.12.0.tar.gz nginx.conf
[root@salt1 files]# ll
total 964
-rw-r--r--. 1 root root 980831 Nov 4 10:35 nginx-1.12.0.tar.gz
-rw-r--r--. 1 root root 2656 Nov 4 11:44 nginx.conf
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# ls
nginx-1.12.0.tar.gz nginx-1.8.0-1.el6.ngx.x86_64.rpm nginx.conf
[root@salt1 files]# mkdir test
[root@salt1 files]# mv nginx-1.8.0-1.el6.ngx.x86_64.rpm test/
[root@salt1 files]# cd test/
[root@salt1 test]# rpm2cpio nginx-1.8.0-1.el6.ngx.x86_64.rpm | cpio -div
[root@salt1 test]# ls
etc nginx-1.8.0-1.el6.ngx.x86_64.rpm usr var
[root@salt1 test]# cd etc/rc.d/init.d/
[root@salt1 init.d]# ls
nginx
[root@salt1 init.d]# cp nginx /srv/salt/nginx/files/
[root@salt1 init.d]# cd ..
[root@salt1 rc.d]# cd /srv/salt/nginx/files/
[root@salt1 files]# ls
nginx nginx-1.12.0.tar.gz nginx.conf test
[root@salt1 files]# rm -fr test/
[root@salt1 files]# ls
nginx nginx-1.12.0.tar.gz nginx.conf
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# vim nginx
.....
7 # config: /usr/local/nginx/conf/nginx.conf
8 # pidfile: /usr/local/nginx/logs/nginx.pid
35 nginx=${NGINX-/usr/local/nginx/sbin/nginx}
36 prog=`/bin/basename $nginx`
37 conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf}
38 lockfile=${LOCKFILE-/var/lock/subsys/nginx}
39 pidfile=${PIDFILE-/usr/local/nginx/logs/nginx.pid}
40 SLEEPMSEC=${SLEEPMSEC-200000}
41 UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5}
42 RETVAL=0
.....
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# cd ..
[root@salt1 nginx]# ls
files install.sls
[root@salt1 nginx]# vim service.sls
.....
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
- mode: 644
- user: root
- group: root
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- /usr/local/nginx/conf/nginx.conf
.....
[root@salt1 nginx]# salt salt3 state.sls nginx.service
&此时:
[root@salt3 ~]# netstat -antlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5477/nginx
[root@salt3 ~]#
&&&尝试修改配置文件:
[root@salt1 nginx]# pwd
/srv/salt/nginx
[root@salt1 nginx]# vim files/nginx.conf
....
3 worker_processes auto;
.....
[root@salt1 nginx]# salt salt3 state.sls nginx.service
.....
-worker_processes 1;
+worker_processes auto;
.....
[root@salt3 ~]# head /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes auto;
....
[root@salt3 ~]#
&&&&原码部署haproxy
***在salt2上安装haproxy,此时salt3上已经安装好了nginx
#在server1上安装salt-minono,此时salt1即是master又是minion
[root@salt1 nginx]# yum install salt-minion -y
[root@salt1 nginx]# vim /etc/salt/minion
.....
16 master: salt1
[root@salt1 nginx]# /etc/init.d/salt-minion start
[root@salt1 nginx]# salt-key -L
Accepted Keys:
salt2
salt3
Denied Keys:
Unaccepted Keys:
salt1
Rejected Keys:
[root@salt1 nginx]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt1
Proceed? [n/Y] y
Key for minion salt1 accepted.
[root@salt1 nginx]# salt-key -L
Accepted Keys:
salt1
salt2
salt3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt1 salt]# ls
nginx pkgs
[root@salt1 salt]# mkdir haproxy
[root@salt1 salt]# cd haproxy/
[root@salt1 haproxy]# mkdir files
[root@salt1 haproxy]# touch install.sls service.sls
[root@salt1 haproxy]# cd files/
[root@salt1 files]# pwd
/srv/salt/haproxy/files
[root@salt1 files]# ls
haproxy-1.6.11.tar.gz
[root@salt1 files]# cd ..
[root@salt1 haproxy]# vim install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
[root@salt1 haproxy]# salt salt2 state.sls haproxy.install
&此时:
[root@salt2 mnt]# ls
haproxy-1.6.11 haproxy-1.6.11.tar.gz
[root@salt2 haproxy]# cd /mnt/haproxy-1.6.11
[root@salt2 haproxy-1.6.11]# cd examples/
[root@salt2 examples]# scp haproxy.init root@172.25.30.1:/srv/salt/haproxy/files
root@172.25.30.1's password:
haproxy.init 100% 2381 2.3KB/s 00:00
[root@salt2 examples]# scp content-sw-sample.cfg root@172.25.30.1:/srv/salt/haproxy/files
root@salt1 files]# pwd
/srv/salt/haproxy/files
[root@salt1 files]# ls
content-sw-sample.cfg haproxy-1.6.11.tar.gz haproxy.init
[root@salt1 files]# vim haproxy.init
35 BIN=/usr/local/haproxy/sbin/$BASENAME
[root@salt1 files]# ls
haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
[root@salt1 files]# vim haproxy.cfg
[root@salt1 files]# cd ../..
[root@salt1 salt]# mkdir user
[root@salt1 salt]# cd user/
[root@salt1 user]# vim nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
[root@salt1 user]# cp nginx.sls haproxy.sls
[root@salt1 user]# vim haproxy.sls
haproxy-group:
group.present:
- name: haproxy
- gid: 200
haproxy-user:
user.present:
- name: haproxy
- uid: 200
- gid: 200
[root@salt1 nginx]# vim service.sls
[root@salt1 nginx]# cd files/
[root@salt1 files]# ls
nginx nginx-1.12.0.tar.gz nginx.conf
[root@salt1 files]# vim nginx.conf
.....
2 user nginx;
[root@salt1 nginx]# salt salt3 state.sls nginx.service
salt3:
运维社区:
https://www.unixhot.com/
[root@salt1 haproxy]# vim service.sls
include:
- haproxy.install
- user.haproxy
/etc/haproxy:
file.directory:
- mode: 755
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
service.running:
- name: haproxy
- enable: true
- reload: true
- watch:
- file: /etc/haproxy/haproxy.cfg
[root@salt1 haproxy]# salt salt2 state.sls haproxy.service
[root@salt1 haproxy]# cat install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
- creates: /usr/local/haproxy
&&&部署http服务
&&&grains
[root@salt2 ~]# vim /etc/salt/minion
.....
120 grains:
121 roles:
122 - haproxy
[root@salt2 ~]# /etc/init.d/salt-minion restart
[root@salt1 haproxy]# salt salt2 grains.item roles
salt2:
----------
roles:
- haproxy
[root@salt1 haproxy]#
grains:拿到静态信息(在minion端生成的)
-G 表示匹配grains
-I 表示匹配pillars
minon端定义
master端定义(python写)
扩展模块
&&pillar:动态数据,往往定义一些比较敏感的信息,如密码等(在运行的时候自动刷新在master端)
[root@salt1 ~]# vim /etc/salt/master
.....
694 pillar_roots:
695 base:
696 - /srv/pillar
697
[root@salt1 ~]# mkdir /srv/pillar
[root@salt1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: cd /s [ OK ]
Starting salt-master daemon: [ OK ]
[root@salt1 ~]# cd /scd /srv/pillar/
[root@salt1 ~]# mkdir web
[root@salt1 ~]# cd web/
[root@salt1 web]# vim server.sls
{% if grains['fqdn'] == 'salt2' %}
webserver: haproxy
{% elif grains['fqdn'] == 'salt3' %}
webserver: nginx
{% else %}
webserver: httpd
{% endif %}
[root@salt1 web]# salt salt2 grains.item roles
salt2:
----------
roles:
- haproxy
[root@salt1 web]# salt salt3 grains.item roles
salt3:
----------
roles:
发送文件到响应的主机上:salt-cp
&&&Saltstack数据系统Grains和Pillar
http://www.cnblogs.com/shhnwangjian/p/5985868.html
数据管理:
方法:
(1)mysql-python(从minion端做)
(2)job-cache(在master端做)
&&有时我们需要RPM包中的某个文件,如何解压RPM包呢?
RPM包括是使用cpio格式打包的,因此可以先转成cpio然后解压,如下所示:
rpm2cpio xxx.rpm | cpio -div
&&整合自己写的模块
JINJIA模板 上一篇: Java算法--公交站间的距离