Saltstack安装部署及实践
Saltstack
Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。Salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
安装
环境:
server1:172.25.24.1
server2:172.25.24.2
物理机:172.25.24.250
server1
vim /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.24.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[saltstack]
name=saltstack
baseurl=http://172.25.24.250/saltstack/rhel6
gpgcheck=0
yum install -y salt-master
/etc/init.d/salt-master start
server2
vim /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.24.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[saltstack]
name=saltstack
baseurl=http://172.25.24.250/saltstack/rhel6
gpgcheck=0
yum install -y salt-minion
vim /etc/salt/minion
/etc/init.d/salt-minion start #启动minion
server1
salt-key -L
salt-key -A # 添加全部节点 -a指定添加节点
salt server2 test.ping #这里用的是python模块
salt server2 cmd.run hostname
Salt 自动安装httpd
yum install -y python-setproctitle.x86_64
vim /etc/salt/master
mkdir /srv/salt
/etc/init.d/salt-master restart #重启master
vim /srv/salt/apache/install.sls #sls文件有严格语法要求,书写时需注意,可参考官方文档:http://docs.saltstack.cn/topics/yaml/index.html
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
salt server2 state.sls apache.install
在server2查看
server1
mkdir /srv/salt/apache/files
vim /srv/salt/apache/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- mode: 644
- user: root
- group: root
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install
server2
scp /etc/httpd/conf/httpd.conf server1:/srv/salt/apache/files
server1
vim /srv/salt/apache/files/httpd.conf # 修改端口为8080
salt server2 state.sls apache.install
server2
netstat -antlp | grep httpd
Nginx源码编译并启动
cd /srv/salt
mkdir pkgs
mkdir nginx/files -p #需在/srv/salt/nginx/files/ 中放入nginx源码包,配置文件和启动脚本
vim pkgs/make.sls #为避免重复,可将依赖包的安装编写在一个文件中
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
vim nginx/install.sls
include:
- pkgs.make
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
- creates: /usr/local/nginx
vim nginx/service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
/etc/init.d/nginx:
file.managed:
- source: salt://nginx/files/nginx
- mode: 755
nginx:
service.running:
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
vim top.sls
base:
"server2":
- apache.install
"server3":
- nginx.service
[root@server1 salt]# salt '*' state.highstate
#由于输出结果太长,截图不方便,所以就复制输出结果了,只要全部成功即可
server2:
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 10:04:34.366456
Duration: 393.858 ms
Changes:
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 10:04:34.762244
Duration: 48.336 ms
Changes:
ID: apache-install
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 10:04:34.811405
Duration: 25.76 ms
Changes:
Summary for server2
Succeeded: 3
Failed: 0
Total states run: 3
Total run time: 467.954 ms
server3:
ID: make
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 10:04:34.472311
Duration: 419.621 ms
Changes:
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.14.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.14.0.tar.gz is in the correct state
Started: 10:04:34.893663
Duration: 80.859 ms
Changes:
ID: nginx-install
Function: cmd.run
Name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
Result: True
Comment: /usr/local/nginx exists
Started: 10:04:34.975302
Duration: 0.391 ms
Changes:
ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
Result: True
Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
Started: 10:04:34.975791
Duration: 36.894 ms
Changes:
ID: /etc/init.d/nginx
Function: file.managed
Result: True
Comment: File /etc/init.d/nginx is in the correct state
Started: 10:04:35.012823
Duration: 36.426 ms
Changes:
ID: nginx
Function: service.running
Result: True
Comment: The service nginx is already running
Started: 10:04:35.050192
Duration: 35.975 ms
Changes:
Summary for server3
------------
Succeeded: 6
Failed: 0
------------
Total states run: 6
Total run time: 610.166 ms
部署haproxy实现负载均衡
vim haproxy/install.sls
include:
- pkgs.make
- users.haproxy
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install &> /dev/null && cd .. && rm -fr haproxy-1.6.11
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
vim haproxy/service.sls
include:
- haproxy.install
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
service.running:
- name: haproxy
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
解压haproxy源码包,在haproxy-1.6.11/examples中将配置文件content-sw-sample.cfg和启动脚本拷到server1的 /srv/salt/haproxy/files中
tar zxf haproxy-1.6.11.tar.gz
cd haproxy-1.6.11/examples/
scp content-sw-sample.cfg server1:/srv/slat/haproxy/files
scp haproxy.init server1:/srv/salt/haproxy/files
cd /srv/salt/haproxy/files
mv content-sw-sample.cfg haproxy.cfg
vim haproxy/files/haproxy.cfg
global
maxconn 10000
stats socket /var/run/haproxy.stat mode 600 level admin
log 127.0.0.1 local0
uid 200
gid 200
chroot /var/empty
daemon
defaults
mode http
log global
option httplog
option dontlognull
monitor-uri /monitoruri
maxconn 8000
timeout client 30s
retries 2
option redispatch
timeout connect 5s
timeout server 30s
timeout queue 30s
stats uri /admin/stats
frontend public
bind *:80 name clear
default_backend dynamic
backend dynamic
balance roundrobin
server dynsrv1 172.25.24.2:80 check inter 1000
server dynsrv2 172.25.24.3:80 check inter 1000
vim top.sls
base:
"server1":
- haproxy.service
"server2":
- apache.install
"server3":
- nginx.service
salt '*' state.highstate
在server2与server3默认发布页面编辑一个页面
实现负载均衡
{% %} #变量赋值
{{ }} #引用变量
grains
可参考官方文档: http://docs.saltstack.cn/topics/grains/index.html
salt server2 grains.items #查看所有信息
salt server2 grains.item os #查看指定信息
salt -G 'os:redhat' cmd.run hostname #所有操作系统为redhat的节点执行hostname命令 -G 匹配
Server2
vim /etc/salt/minion
/etc/init.d/salt-minion restart
Server1
salt server2 grains.item roles
上述方法每次都需要修改主配置文件,不太好,所以可以在minion端编写/etc/salt/grains文件
Server3
vim /etc/salt/grains
roles: nginx
Server1
salt server3 saltutil.sync_grains #需要刷新server3 的grains信息才能匹配到
salt server3 grains.item roles
vim /srv/salt/top.sls #使用grains可以不用指定主机
base:
"server1":
- haproxy.service
"roles:apache":
- match: grain
- apache.install
"roles:nginx":
- match: grain
- nginx.service
salt '*' state.highstate # 没有报错
mkdir /srv/salt/_grains
vim /srv/salt/_grains/grains.py
#!/usr/local/env python
def grains():
grains = {}
grains['salt'] = 'stack'
return grains
salt server3 saltutil.sync_grains
salt server3 grains.item salt
在Pillar中存储静态数据
可参考官方文档:http://docs.saltstack.cn/topics/pillar/index.html
vim /etc/salt/master
/etc/init.d/salt-master restart
mkdir /srv/pillar
cd /srv/pillar
mkdir web
vim web/webserver.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% endif %}
vim top.sls
base:
'*':
- web.webserver
salt '*' saltutil.refresh_pillar #需要刷新pillar
salt server2 pillar.item webserver
salt -I 'webserver:nginx' test.ping #匹配webserver为nginx的节点执行ping ,-I 匹配
salt -S 172.25.24.0/24 test.ping #匹配所有在网段172.25.24.0/24中的节点执行ping
Jinja
可参考官方文档:
http://docs.saltstack.cn/ref/renderers/all/salt.renderers.jinja.html#module-salt.renderers.jinja
vim /srv/salt/apache/files/httpd.conf
vim /srv/salt/apache/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja
- context:
port: 8080
bind: {{ grains['ipv4'][-1] }}
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install
salt server2 state.sls apache.install
netstat -antlp |grep httpd #server2查看
Jinja在普通文件内使用
- vim apache/lib.sls
{% set port = 80 %}
{% set bind = ‘172.25.24.2’ %}
vim apache/files/httpd.conf
在文件开头添加
{% from ‘apache/lib.sls’ import bind with context %}
{% from ‘apache/lib.sls’ import port with context %}
之前在/srv/salt/apache/install.sls文件中也配置了监听地址和端口我们试一下是那个文件生效
salt server2 state.sls apache.install #没有报错
在server2查看发现是lib.sls文件中定义的变量生效,这是因为install.sls 文件先生效,lib.sls文件后生效覆盖了之前install.sls文件中已生效的变量
2)结合pillar
vim /srv/pillar/apache.sls
{% if grains['fqdn'] == 'server2' %}
port: 80
bind: 172.25.254.2
{% endif %}
vim /srv/pillar/top.sls
base:
'server2':
- apache
vim apache/install.sls
vim apache/files/httpd.conf #删除之前在开头添加那两行参数
salt server2 state.sls apache.install #没有报错
在server2上查看,配置成功
vim /etc/httpd/conf/httpd.conf
将job返回结果存入数据库中
可参考官方文档:http://docs.saltstack.cn/topics/jobs/external_cache.html
关于配置文件修改及salt数据库导入可参考官方文档:
http://docs.saltstack.cn/ref/returners/all/salt.returners.mysql.html#module-salt.returners.mysql
将job返回结果存入数据库中有两种方式
1.minion发送两个jib返回结果,一个返回master,一个存入数据库
图解:
Server2
vim /etc/salt/minion
mysql.host: ‘172.25.24.1’
mysql.user: ‘salt’
mysql.pass: ‘redhat’
mysql.db: ‘salt’
mysql.port: 3306
yum install -y MySQL-python
/etc/init.d/salt-minion restart
Server1
yum install -y mysql-server
/etc/init.d/mysqld start
vim add.sql #由于数据库版本较低所以注释第17行,
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
mysql < add.sql
mysql
grant all on salt.* to salt@'%' identified by 'redhat';
salt server2 test.ping --return mysql
mysql
use salt
select * from salt_returns;
2.Minion将job返回结果发给master,然后由master来存入数据库
图解:
vim /etc/salt/master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'redhat'
mysql.db: 'salt'
mysql.port: 3306
yum install -y MySQL-python
mysql
grant all on salt.* to salt@'localhost' identified by 'redhat';
/etc/init.d/salt-master restart
salt server3 cmd.run df #因为我们对minion端server3 没有进行配置,所以用server3来测试
mysql
use salt
select * from salt_returns;
