- 先使用saltstack实现一些功能
- 查询资料去了解stackstack
- 相关拓展
使用saltstack实现简单部署nginx,apache
环境:rhel6.5
server1:172.25.4.1 master 端
server2:172.25.4.2 minion端
server3:172.25.4.3 minion端
由于我们需要使用很多软件包及其相关依赖软件包,我们需要构建一个yum源仓库,并且在每台虚拟你的repo文件里添加。
由于使用别人已经生成好的yum仓库文件,导致在虚拟机里yum repolist的时候或出现403错误,我的解决方法是直接设置该目录递归的777权限
了解yum的工作原理我们知道,使用createrepo -v 命令可以生成一个yum仓库。
除此之外,我们还需要使主机和虚拟机的防火墙和selinux不得生效
最后将这个文件发送到server2和server3中使得server2和3都可以使用这个yum仓库。
在server1端安装salt-master在server2和3端安装salt-minion并且进行简单的配置
server1
server2和server3都需要修改配置文件
server2
server3
当配置完成后进行几个简单几个小测试
在master端扫描查找minon端并相互接受公钥
测试
[root@server1 ~]# yum install lsof -y
我们发现master4505端口和minion端是长连接
简单的测试已经完成
升级版本:使用saltstack进行远程安装软件和启动软件,配置软件。
由于我们需要使用yaml标记语言,这个语言依赖python所以在master端需要安装python相关的包。
server1上安装
[root@server1 ~]# yum install python-setproctitle -y
修改master端的配置文件使得它支持这个功能,修改之后重新启动服务
在server2上远程安装mysql
在server3上远程安装mysql-server
第一次尝试
修改install.sls文件后第二次尝试
实验结果
mysql-server:
pkg.installed
mysql:
service.running:
- name: mysqld
- enable: True
我们观察这个文件:
mysql-server是要安装软件的名称,然后我们调用pkgs的installed方法
而第二个冒号mysql是我们随意可以命名的,在这个下面我们调用了service的running方法,我们还需要设置要启动服务的名称,设置开机自启动
远程修改mysqld的配置文件
查看结果,需要重新启动服务
mysql-server:
pkg.installed
mysql:
service.running:
- name: mysqld
- enable: True
/etc/my.cnf:
file.managed:
- source: salt://mysql/files/my.cnf
- mode: 644
- user: root
- group: root
我们给这个文件用户,用户组并且设置权限
这个脚本有个问题就是需要重新启动服务才能生效
mysql-install:
pkg.installed:
- pkgs:
- mysql-server
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
- mode: 644
- user: root
- group: root
service.running:
- name: mysqld
- enabed: True
- watch:
- file: mysql-install
这个脚本解决了那个问题,监控mysql-install里的文件,当minion端mysqld服务运行时,minion端文件发生变化,这个服务就会重载,如果服务处于停止状态就会开启服务
可以查看运行结果发现同样的running方法执行的效果是不一样的
使用saltstack部署一个集群并且实现负载均衡
看这个结构,当这个架构搭建起来后,我们仅仅需要推一个top.sls文件就可以实现部署一个负载均衡集群了。我们逐个分析。
1、首先看top.sls文件。
[root@server1 salt]# cat top.sls
base:
"sever1":
- haproxy.service
"sever2":
- apache.service
"sever3":
- nginx.service
分别在server1上部署了haproxy,server2上部署了apache,server3上部署了nginx
2、查看pkgs下的make.sls文件
[root@server1 pkgs]# cat make.sls
gcc-make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
我们可以发现这个文件实现了安装之前的一些准备
3、apache部分
[root@server1 apache]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- mode: 644
- user: root
- group: root
[root@server1 apache]# cat service.sls
include:
- apache.install
apache-service:
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install
[root@server1 apache]# cd files/
[root@server1 files]# ls
httpd.conf
和之前我们在一台主机上安装mysql一样,apache部分完成了httpd的安装,以及服务的运行,以及当配置文件修改时,服务的重载。
4、nginx部分
[root@server1 nginx]# cat install.sls
include:
- pkgs.make
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
- creates: /usr/local/nginx
install.sls文件实现了远程发送源码包,并且控制编译,安装.
[root@server1 nginx]# cat service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
/etc/init.d/nginx:
file.managed:
- source: salt://nginx/files/nginx
- mode: 755
nginx:
service.running:
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
service.sls文件实现了服务的运行,运行脚本的设置,配置文件的推送以及监控
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf
[root@server1 files]#
推送三个文件,源码安装包,配置文件,以及运行脚本
5、haproxy部分
[root@server1 haproxy]# cat install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd .. && rm -fr haproxy-1.6.11
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
haproxy的安装
[root@server1 haproxy]# cat service.sls
include:
- haproxy.install
- users.haproxy
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
service.running:
- name: haproxy
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
haproxy的安装,用户的创建,配置文件的推送,监控,服务的运行,脚本的推送,服务的运行
[root@server1 haproxy]# cd files/
[root@server1 files]# ls
haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
要推送的文件
[root@server1 users]# ls
haproxy.sls
[root@server1 users]# cat haproxy.sls
haproxy-group:
group.present:
- name: haproxy
- gid: 200
haproxy-user:
user.present:
- name: haproxy
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: False
组的创建,用户的创建
我们需要在server1上也安装salt-minion并且1与server1上的salt-master相互认证
[root@server1 files]# salt '*' state.highstate
server1:
----------
ID: gcc-make
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:05.704218
Duration: 467.83 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /mnt/haproxy-1.6.11.tar.gz
Result: True
Comment: File /mnt/haproxy-1.6.11.tar.gz is in the correct state
Started: 17:10:06.174853
Duration: 88.401 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd .. && rm -fr haproxy-1.6.11
Result: True
Comment: /usr/local/haproxy exists
Started: 17:10:06.264156
Duration: 0.465 ms
Changes:
----------
ID: /etc/haproxy
Function: file.directory
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 17:10:06.264730
Duration: 0.569 ms
Changes:
----------
ID: /usr/sbin/haproxy
Function: file.symlink
Result: True
Comment: Symlink /usr/sbin/haproxy is present and owned by root:root
Started: 17:10:06.265401
Duration: 1.69 ms
Changes:
----------
ID: haproxy-group
Function: group.present
Name: haproxy
Result: True
Comment: Group haproxy is present and up to date
Started: 17:10:06.267571
Duration: 0.452 ms
Changes:
----------
ID: haproxy-user
Function: user.present
Name: haproxy
Result: True
Comment: User haproxy is present and up to date
Started: 17:10:06.268769
Duration: 1.034 ms
Changes:
----------
ID: /etc/haproxy/haproxy.cfg
Function: file.managed
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 17:10:06.269919
Duration: 41.829 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 17:10:06.311892
Duration: 40.758 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: The service haproxy is already running
Started: 17:10:06.353689
Duration: 40.86 ms
Changes:
Summary for server1
-------------
Succeeded: 10
Failed: 0
-------------
Total states run: 10
Total run time: 683.888 ms
server3:
----------
ID: gcc-make
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:06.144686
Duration: 772.717 ms
Changes:
----------
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.14.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.14.0.tar.gz is in the correct state
Started: 17:10:06.921598
Duration: 121.84 ms
Changes:
----------
ID: nginx-install
Function: cmd.run
Name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
Result: True
Comment: /usr/local/nginx exists
Started: 17:10:07.045073
Duration: 0.929 ms
Changes:
----------
ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
Result: True
Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
Started: 17:10:07.046247
Duration: 48.099 ms
Changes:
----------
ID: /etc/init.d/nginx
Function: file.managed
Result: True
Comment: File /etc/init.d/nginx is in the correct state
Started: 17:10:07.094576
Duration: 33.84 ms
Changes:
----------
ID: nginx
Function: service.running
Result: True
Comment: The service nginx is already running
Started: 17:10:07.129652
Duration: 44.447 ms
Changes:
Summary for server3
------------
Succeeded: 6
Failed: 0
------------
Total states run: 6
Total run time: 1.022 s
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:05.941277
Duration: 693.077 ms
Changes:
----------
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:10:06.637655
Duration: 68.213 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 8080
+Listen 80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 17:10:06.742833
Duration: 207.852 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 969.142 ms
我们在server2上的httpd发布页面,和server3上的nginx的发布页面设置发布页
真机上测试:
我们完成了一个负载均衡集群的部署
关于grains
[root@server1 salt]# salt server2 grains.items
server2:
----------
SSDs:
biosreleasedate:
01/01/2011
biosversion:
Bochs
cpu_flags:
- fpu
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- syscall
- nx
- lm
- up
- rep_good
- unfair_spinlock
- pni
- cx16
- hypervisor
- lahf_lm
- abm
cpu_model:
QEMU Virtual CPU version 1.5.3
cpuarch:
x86_64
disks:
- ram0
- ram1
- ram2
- ram3
- ram4
- ram5
- ram6
- ram7
- ram8
- ram9
- ram10
- ram11
- ram12
- ram13
- ram14
- ram15
- loop0
- loop1
- loop2
- loop3
- loop4
- loop5
- loop6
- loop7
- vda
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
ip6_nameservers:
nameservers:
options:
search:
- server1
sortlist:
domain:
fqdn:
server2
fqdn_ip4:
- 172.25.4.2
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
Device 0100
vendor:
unknown
groupname:
root
host:
server2
hwaddr_interfaces:
----------
eth0:
52:54:00:87:64:90
lo:
00:00:00:00:00:00
id:
server2
init:
upstart
ip4_interfaces:
----------
eth0:
- 172.25.4.2
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::5054:ff:fe87:6490
lo:
- ::1
ip_interfaces:
----------
eth0:
- 172.25.4.2
- fe80::5054:ff:fe87:6490
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 172.25.4.2
ipv6:
- ::1
- fe80::5054:ff:fe87:6490
kernel:
Linux
kernelrelease:
2.6.32-431.el6.x86_64
locale_info:
----------
defaultencoding:
UTF8
defaultlanguage:
en_US
detectedencoding:
UTF8
localhost:
server2
manufacturer:
Red Hat
master:
172.25.4.1
mdadm:
mem_total:
996
nodename:
server2
num_cpus:
1
num_gpus:
1
os:
RedHat
os_family:
RedHat
osarch:
x86_64
oscodename:
Santiago
osfinger:
Red Hat Enterprise Linux Server-6
osfullname:
Red Hat Enterprise Linux Server
osmajorrelease:
6
osrelease:
6.5
osrelease_info:
- 6
- 5
path:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
pid:
1332
productname:
KVM
ps:
ps -efH
pythonexecutable:
/usr/bin/python2.6
pythonpath:
- /usr/bin
- /usr/lib64/python26.zip
- /usr/lib64/python2.6
- /usr/lib64/python2.6/plat-linux2
- /usr/lib64/python2.6/lib-tk
- /usr/lib64/python2.6/lib-old
- /usr/lib64/python2.6/lib-dynload
- /usr/lib64/python2.6/site-packages
- /usr/lib64/python2.6/site-packages/gtk-2.0
- /usr/lib/python2.6/site-packages
pythonversion:
- 2
- 6
- 6
- final
- 0
saltpath:
/usr/lib/python2.6/site-packages/salt
saltversion:
2016.11.3
saltversioninfo:
- 2016
- 11
- 3
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
server_id:
1398511438
shell:
/bin/sh
uid:
0
username:
root
uuid:
8b617290-6a33-4364-90b5-3a64aff9fc96
virtual:
kvm
zmqversion:
4.0.5
使用grains可以查看minion端的主机的信息
使用匹配去查询主机
pass