欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

Saltstack自动化部署实例

程序员文章站 2022-04-01 20:47:17
Saltstack自动化 4中工作模式(master/minion/syndic/ssh(串行的)) 实验环境: 两台虚拟机 书写语法:-两边必须有空格...
Saltstack自动化

4中工作模式(master/minion/syndic/ssh(串行的))

实验环境:
    两台虚拟机
    书写语法:-两边必须有空格
    书写顺序就是资源启动顺序

[root@salt1 ~]# cat /etc/yum.repos.d/rhel-source.repo 
[Server]
name=Server
baseurl=http://172.25.30.250/rhel6.5
gpgcheck=0


[rhel6]
name=rhel6
baseurl=http://172.25.30.250/rhel6
gpgcheck=0
[root@salt1 ~]# yum list salt*
[root@salt1 ~]# yum install salt-master -y
[root@salt1 ~]# /etc/init.d/salt-master start
Starting salt-master daemon:                               [  OK  ]
[root@salt1 ~]#


[root@salt2 ~]# yum install salit-minion -y
[root@salt2 ~]# vim /etc/salt/minion
....
 16 master: salt1
[root@salt2 ~]# vim /etc/hosts
[root@salt2 ~]# ping salt1
PING salt1 (172.25.30.1) 56(84) bytes of data.
64 bytes from salt1 (172.25.30.1): icmp_seq=1 ttl=64 time=0.762 ms
^C
--- salt1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 846ms
rtt min/avg/max/mdev = 0.762/0.762/0.762/0.000 ms
[root@salt2 ~]# /etc/init.d/salt-minion start
Starting salt-minion:root:salt2 daemon: OK
[root@salt2 ~]# 





[root@salt1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt2
Rejected Keys:
[root@salt1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt2
Proceed? [n/Y] y
Key for minion salt2 accepted.
[root@salt1 ~]# salt-key -L
Accepted Keys:
salt2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt1 ~]# salt salt2 test.ping
salt2:
    True
[root@salt1 ~]# salt salt2 cmd.run hostname
salt2:
    salt2
[root@salt1 ~]# salt salt2 cmd.run uptime
salt2:
     17:33:08 up  1:02,  2 users,  load average: 0.04, 0.05, 0.01
[root@salt1 ~]# 



minon工作原理:
[root@salt ~]# cd /var/cache/salt/
[root@salt salt]# tree
.
└── minion      #server端发送.sls文件到client的此位置
    ├── extmods
    └── proc

3 directories, 0 files
[root@salt salt]# 


&&快:zmq消息队列
    三种模式:
        Publicsher-Subscriber:发布与订阅(客户端请求,发送端响应)
            通过md5hash保持数据一致
                4505:发送端口
                4506:响应端口
[root@salt1 ~]# lsof -i:4505
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 6909 root   16u  IPv4  30972      0t0  TCP *:4505 (LISTEN)
salt-mast 6909 root   18u  IPv4  39785      0t0  TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED)
salt-mast 6909 root   19u  IPv4  39797      0t0  TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED)
[root@salt1 ~]# 
            lsof -i;4505|4506查看

        Request-Reply:
        Parallel-Pipeline:

ansible:简单易用

ZMQ消息队列:
    file:///usr/share/doc/HTML/en-US/index.html

minion_id默认情况下是自己的主机名(在重新修改ip或者主机名之后,需要修改此文件或者删除此u文件重起)



&自己看ansible(在国内用的比较多)




在一个id里面,每个模块只能用一次


[root@salt1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt2
salt3
Rejected Keys:
[root@salt1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt2
salt3
Proceed? [n/Y] y
Key for minion salt2 accepted.
Key for minion salt3 accepted.
[root@salt1 ~]# lsof -i:4505
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 6909 root   16u  IPv4  30972      0t0  TCP *:4505 (LISTEN)
salt-mast 6909 root   18u  IPv4  39785      0t0  TCP 172.25.30.1:4505->salt2:38345 (ESTABLISHED)
salt-mast 6909 root   19u  IPv4  39797      0t0  TCP 172.25.30.1:4505->salt3:52155 (ESTABLISHED)
[root@salt1 ~]# vim /etc/salt/master
[root@salt1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]
[root@salt1 ~]# mkdir -p /srv/salt/nginx
[root@salt1 ~]# cd /srv/salt/nginx/
[root@salt1 nginx]# mkdir files
[root@salt1 nginx]# touch install.sls
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx
[root@salt1 salt]# cd -
/srv/salt/nginx
[root@salt1 nginx]# cd files/
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 nginx]# vim install.sls 
.....
nginx-install:
  file.managed:
    - name: /mnt/nginx-1.12.0.tar.gz
    - source: salt://nginx/files/nginx-1.12.0.tar.gz
.....
[root@salt1 nginx]# salt salt2 state.sls nginx.install

***此时:
[root@salt2 salt]# cd /mnt/
[root@salt2 mnt]# ls
nginx-1.12.0.tar.gz

##修改配置文件
[root@salt2 mnt]# tar zxf nginx-1.12.0.tar.gz 
[root@salt2 mnt]# cd nginx-1.12.0
[root@salt2 cc]# sed 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' gcc 
[root@salt2 cc]# pwd
/mnt/nginx-1.12.0/auto/cc
[root@salt2 cc]# cd ../../
auto/       CHANGES.ru  configure   html/       man/        src/
CHANGES     conf/       contrib/    LICENSE     README      
[root@salt2 cc]# cd ../../../
[root@salt2 mnt]# cd nginx-1.12.0
[root@salt2 nginx-1.12.0]# cd src/core/
[root@salt2 core]# sed 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' nginx.h



[root@salt1 nginx]# ls
files  install.sls
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx
[root@salt1 salt]# mkdir pkgs
[root@salt1 salt]# cd pkgs/
[root@salt1 pkgs]# vim make.sls     #依赖包
.....
make-install:
  pkg.installed:
    - pkgs:
      - gcc
      - pcre-devel
      - openssl-devel
.....
[root@salt1 pkgs]# cd ../nginx/
[root@salt1 nginx]# vim install.sls 
.....
include:
  - pkgs.make

nginx-install:
  file.managed:
    - name: /mnt/nginx-1.12.0.tar.gz
    - source: salt://nginx/files/nginx-1.12.0.tar.gz
  cmd.run:
    - name: cd /mnt && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_stub_status_module --with-http_ssl_module && make && make install
    - creates: /usr/local/nginx 
....
[root@salt1 nginx]# salt salt2 state.sls nginx.install
[root@salt1 nginx]# cd ..
[root@salt1 salt]# ls
nginx  pkgs
[root@salt1 salt]# cd nginx/files/
[root@salt1 files]# ls
nginx-1.12.0.tar.gz  nginx.conf
[root@salt1 files]# ll
total 964
-rw-r--r--. 1 root root 980831 Nov  4 10:35 nginx-1.12.0.tar.gz
-rw-r--r--. 1 root root   2656 Nov  4 11:44 nginx.conf
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# ls
nginx-1.12.0.tar.gz  nginx-1.8.0-1.el6.ngx.x86_64.rpm  nginx.conf
[root@salt1 files]# mkdir test
[root@salt1 files]# mv nginx-1.8.0-1.el6.ngx.x86_64.rpm test/
[root@salt1 files]# cd test/
[root@salt1 test]# rpm2cpio nginx-1.8.0-1.el6.ngx.x86_64.rpm | cpio -div
[root@salt1 test]# ls
etc  nginx-1.8.0-1.el6.ngx.x86_64.rpm  usr  var
[root@salt1 test]# cd etc/rc.d/init.d/
[root@salt1 init.d]# ls
nginx
[root@salt1 init.d]# cp nginx /srv/salt/nginx/files/
[root@salt1 init.d]# cd ..
[root@salt1 rc.d]# cd /srv/salt/nginx/files/
[root@salt1 files]# ls
nginx  nginx-1.12.0.tar.gz  nginx.conf  test
[root@salt1 files]# rm -fr test/
[root@salt1 files]# ls
nginx  nginx-1.12.0.tar.gz  nginx.conf
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# vim nginx
.....
  7 # config: /usr/local/nginx/conf/nginx.conf
  8 # pidfile: /usr/local/nginx/logs/nginx.pid
 35 nginx=${NGINX-/usr/local/nginx/sbin/nginx}
 36 prog=`/bin/basename $nginx`
 37 conffile=${CONFFILE-/usr/local/nginx/conf/nginx.conf}
 38 lockfile=${LOCKFILE-/var/lock/subsys/nginx}
 39 pidfile=${PIDFILE-/usr/local/nginx/logs/nginx.pid}
 40 SLEEPMSEC=${SLEEPMSEC-200000}
 41 UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS-5}
 42 RETVAL=0
.....
[root@salt1 files]# pwd
/srv/salt/nginx/files
[root@salt1 files]# cd ..
[root@salt1 nginx]# ls
files  install.sls
[root@salt1 nginx]# vim service.sls
.....
include:
  - nginx.install

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf
    - mode: 644
    - user: root
    - group: root

nginx-service:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://nginx/files/nginx
    - mode: 755

  service.running:
    - name: nginx
    - enable: true
    - reload: true
    - watch:  
      - /usr/local/nginx/conf/nginx.conf
.....
[root@salt1 nginx]# salt salt3 state.sls nginx.service


&此时:
[root@salt3 ~]# netstat -antlp | grep :80
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      5477/nginx          
[root@salt3 ~]# 


&&&尝试修改配置文件:
[root@salt1 nginx]# pwd
/srv/salt/nginx
[root@salt1 nginx]# vim files/nginx.conf 
....
  3 worker_processes  auto;
.....
[root@salt1 nginx]# salt salt3 state.sls nginx.service
.....
                  -worker_processes  1;
                  +worker_processes  auto;
.....
[root@salt3 ~]# head /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  auto;
....
[root@salt3 ~]#



&&&&原码部署haproxy
 ***在salt2上安装haproxy,此时salt3上已经安装好了nginx

#在server1上安装salt-minono,此时salt1即是master又是minion

[root@salt1 nginx]# yum install salt-minion -y
[root@salt1 nginx]# vim /etc/salt/minion
.....
 16 master: salt1
[root@salt1 nginx]# /etc/init.d/salt-minion start
[root@salt1 nginx]# salt-key -L
Accepted Keys:
salt2
salt3
Denied Keys:
Unaccepted Keys:
salt1
Rejected Keys:
[root@salt1 nginx]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
salt1
Proceed? [n/Y] y
Key for minion salt1 accepted.
[root@salt1 nginx]# salt-key -L
Accepted Keys:
salt1
salt2
salt3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt1 salt]# ls
nginx  pkgs
[root@salt1 salt]# mkdir haproxy
[root@salt1 salt]# cd haproxy/
[root@salt1 haproxy]# mkdir files
[root@salt1 haproxy]# touch install.sls service.sls
[root@salt1 haproxy]# cd files/
[root@salt1 files]# pwd
/srv/salt/haproxy/files
[root@salt1 files]# ls
haproxy-1.6.11.tar.gz
[root@salt1 files]# cd ..
[root@salt1 haproxy]# vim install.sls 
include:
  - pkgs.make

haproxy-install:
  file.managed:
    - name: /mnt/haproxy-1.6.11.tar.gz
    - source: salt://haproxy/files/haproxy-1.6.11.tar.gz

  cmd.run:
    - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
    - creates: /usr/local/haproxy

[root@salt1 haproxy]# salt salt2 state.sls haproxy.install

&此时:
[root@salt2 mnt]# ls
haproxy-1.6.11  haproxy-1.6.11.tar.gz
[root@salt2 haproxy]# cd /mnt/haproxy-1.6.11
[root@salt2 haproxy-1.6.11]# cd examples/
[root@salt2 examples]# scp haproxy.init root@172.25.30.1:/srv/salt/haproxy/files
root@172.25.30.1's password: 
haproxy.init                                100% 2381     2.3KB/s   00:00    
[root@salt2 examples]# scp content-sw-sample.cfg root@172.25.30.1:/srv/salt/haproxy/files


root@salt1 files]# pwd
/srv/salt/haproxy/files
[root@salt1 files]# ls
content-sw-sample.cfg  haproxy-1.6.11.tar.gz  haproxy.init
[root@salt1 files]# vim haproxy.init 
 35 BIN=/usr/local/haproxy/sbin/$BASENAME
[root@salt1 files]# ls
haproxy-1.6.11.tar.gz  haproxy.cfg  haproxy.init
[root@salt1 files]# vim haproxy.cfg 
[root@salt1 files]# cd ../..
[root@salt1 salt]# mkdir user
[root@salt1 salt]# cd user/
[root@salt1 user]# vim nginx.sls
nginx-group:
  group.present:
    - name: nginx
    - gid: 800

nginx-user:
  user.present:
    - name: nginx
    - uid: 800
    - gid: 800
[root@salt1 user]# cp nginx.sls haproxy.sls
[root@salt1 user]# vim haproxy.sls 
haproxy-group:
  group.present:
    - name: haproxy
    - gid: 200

haproxy-user:
  user.present:
    - name: haproxy
    - uid: 200
    - gid: 200

[root@salt1 nginx]# vim service.sls 
[root@salt1 nginx]# cd files/
[root@salt1 files]# ls
nginx  nginx-1.12.0.tar.gz  nginx.conf
[root@salt1 files]# vim nginx.conf 
.....
  2 user  nginx;
[root@salt1 nginx]# salt salt3 state.sls nginx.service
salt3:



运维社区:
    https://www.unixhot.com/


[root@salt1 haproxy]# vim service.sls 
include:
  - haproxy.install
  - user.haproxy

/etc/haproxy:
  file.directory:
    - mode: 755

/etc/haproxy/haproxy.cfg:
  file.managed:
    - source: salt://haproxy/files/haproxy.cfg

haproxy-service:
  file.managed:
    - name: /etc/init.d/haproxy
    - source: salt://haproxy/files/haproxy.init
    - mode: 755

  service.running:
    - name: haproxy
    - enable: true
    - reload: true
    - watch:
      - file: /etc/haproxy/haproxy.cfg

[root@salt1 haproxy]# salt salt2 state.sls haproxy.service


[root@salt1 haproxy]# cat install.sls 
include:
  - pkgs.make

haproxy-install:
  file.managed:
    - name: /mnt/haproxy-1.6.11.tar.gz
    - source: salt://haproxy/files/haproxy-1.6.11.tar.gz

  cmd.run:
    - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy && make TARGET=linux26 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
    - creates: /usr/local/haproxy


&&&部署http服务











&&&grains

[root@salt2 ~]# vim /etc/salt/minion
.....
120 grains:
121   roles:
122     - haproxy
[root@salt2 ~]# /etc/init.d/salt-minion restart
[root@salt1 haproxy]# salt salt2 grains.item roles
salt2:
    ----------
    roles:
        - haproxy
[root@salt1 haproxy]# 




grains:拿到静态信息(在minion端生成的)
  -G 表示匹配grains
  -I 表示匹配pillars

minon端定义

master端定义(python写)
扩展模块









&&pillar:动态数据,往往定义一些比较敏感的信息,如密码等(在运行的时候自动刷新在master端)


[root@salt1 ~]# vim /etc/salt/master
.....
 694 pillar_roots:
 695   base:
 696     - /srv/pillar
 697 
[root@salt1 ~]# mkdir /srv/pillar
[root@salt1 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: cd /s                     [  OK  ]
Starting salt-master daemon:                               [  OK  ]
[root@salt1 ~]# cd /scd /srv/pillar/
[root@salt1 ~]# mkdir web
[root@salt1 ~]# cd web/
[root@salt1 web]# vim server.sls 
{% if grains['fqdn'] == 'salt2' %}
webserver: haproxy
{% elif grains['fqdn'] == 'salt3' %}
webserver: nginx
{% else %}
webserver: httpd
{% endif %}

[root@salt1 web]# salt salt2 grains.item roles
salt2:
    ----------
    roles:
        - haproxy
[root@salt1 web]# salt salt3 grains.item roles
salt3:
    ----------
    roles:




发送文件到响应的主机上:salt-cp








&&&Saltstack数据系统Grains和Pillar
    http://www.cnblogs.com/shhnwangjian/p/5985868.html
数据管理:
方法:
(1)mysql-python(从minion端做)
(2)job-cache(在master端做)



&&有时我们需要RPM包中的某个文件,如何解压RPM包呢?
RPM包括是使用cpio格式打包的,因此可以先转成cpio然后解压,如下所示:

rpm2cpio xxx.rpm | cpio -div




&&整合自己写的模块


JINJIA模板