Saltstack安装部署及实践

Saltstack

Salt，,一种全新的基础设施管理方式，部署轻松，在几分钟内可运行起来，扩展性好，很容易管理上万台服务器，速度够快，服务器之间秒级通讯。Salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.

安装

环境：
server1：172.25.24.1
server2：172.25.24.2
物理机：172.25.24.250

server1

vim /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.24.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[saltstack]
name=saltstack
baseurl=http://172.25.24.250/saltstack/rhel6
gpgcheck=0

yum install -y salt-master
/etc/init.d/salt-master start

server2

vim /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http://172.25.24.250/rhel6.5
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[saltstack]
name=saltstack
baseurl=http://172.25.24.250/saltstack/rhel6
gpgcheck=0

yum install -y salt-minion
vim /etc/salt/minion

/etc/init.d/salt-minion start     #启动minion

server1

salt-key -L
salt-key -A       # 添加全部节点 -a指定添加节点

salt server2 test.ping        #这里用的是python模块
salt server2 cmd.run hostname

Salt 自动安装httpd

yum install -y python-setproctitle.x86_64
vim /etc/salt/master

mkdir /srv/salt
/etc/init.d/salt-master restart          #重启master	

vim /srv/salt/apache/install.sls        #sls文件有严格语法要求，书写时需注意,可参考官方文档：http://docs.saltstack.cn/topics/yaml/index.html
apache-install:
  pkg.installed:
	- pkgs:
  	  - httpd
  	  - php
  	  - php-mysql

salt server2 state.sls apache.install

在server2查看

server1

mkdir /srv/salt/apache/files
vim /srv/salt/apache/install.sls
apache-install:
pkg.installed:
 - pkgs:
   - httpd
   - php
   - php-mysql

file.managed:
 - name: /etc/httpd/conf/httpd.conf
 - source: salt://apache/files/httpd.conf
 - mode: 644
 - user: root
 - group: root

service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install

server2

scp /etc/httpd/conf/httpd.conf server1:/srv/salt/apache/files

server1

vim /srv/salt/apache/files/httpd.conf       # 修改端口为8080

salt server2 state.sls apache.install

server2

netstat -antlp | grep httpd

Nginx源码编译并启动

cd /srv/salt
mkdir pkgs
mkdir nginx/files -p  #需在/srv/salt/nginx/files/ 中放入nginx源码包，配置文件和启动脚本

vim pkgs/make.sls  #为避免重复，可将依赖包的安装编写在一个文件中
make:
pkg.installed:
 - pkgs:
  - gcc
  - pcre-devel
  - openssl-devel

vim nginx/install.sls 
include:
  - pkgs.make

nginx-install:
  file.managed:
    - name: /mnt/nginx-1.14.0.tar.gz
    - source: salt://nginx/files/nginx-1.14.0.tar.gz

  cmd.run:
    - name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
    - creates: /usr/local/nginx

vim nginx/service.sls 
include:
  - nginx.install

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf

/etc/init.d/nginx:
  file.managed:
    - source: salt://nginx/files/nginx
    - mode: 755

nginx:
  service.running:
    - reload: True
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf


vim top.sls 
base:
  "server2":
    - apache.install
  "server3":
    - nginx.service

[root@server1 salt]# salt '*' state.highstate    
#由于输出结果太长，截图不方便，所以就复制输出结果了，只要全部成功即可

server2:

      ID: apache-install
Function: pkg.installed
  Result: True
 Comment: All specified packages are already installed
 Started: 10:04:34.366456
Duration: 393.858 ms
 Changes:   

      ID: apache-install
Function: file.managed
    Name: /etc/httpd/conf/httpd.conf
  Result: True
 Comment: File /etc/httpd/conf/httpd.conf is in the correct state
 Started: 10:04:34.762244
Duration: 48.336 ms
 Changes:   

      ID: apache-install
Function: service.running
    Name: httpd
  Result: True
 Comment: The service httpd is already running
 Started: 10:04:34.811405
Duration: 25.76 ms
 Changes:   

Summary for server2

Succeeded: 3
Failed:    0

Total states run:     3
Total run time: 467.954 ms

server3:

      ID: make
Function: pkg.installed
  Result: True
 Comment: All specified packages are already installed
 Started: 10:04:34.472311
Duration: 419.621 ms
 Changes:   

      ID: nginx-install
Function: file.managed
    Name: /mnt/nginx-1.14.0.tar.gz
  Result: True
 Comment: File /mnt/nginx-1.14.0.tar.gz is in the correct state
 Started: 10:04:34.893663
Duration: 80.859 ms
 Changes:   

      ID: nginx-install
Function: cmd.run
    Name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER          "nginx\/" NGINX_VERSION/#define NGINX_VER          "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
  Result: True
 Comment: /usr/local/nginx exists
 Started: 10:04:34.975302
Duration: 0.391 ms
 Changes:   

      ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
  Result: True
 Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
 Started: 10:04:34.975791
Duration: 36.894 ms
 Changes:   

      ID: /etc/init.d/nginx
Function: file.managed
  Result: True
 Comment: File /etc/init.d/nginx is in the correct state
 Started: 10:04:35.012823
Duration: 36.426 ms
 Changes:   

      ID: nginx
Function: service.running
  Result: True
 Comment: The service nginx is already running
 Started: 10:04:35.050192
Duration: 35.975 ms
 Changes:   

Summary for server3
------------
Succeeded: 6
Failed:    0
------------
Total states run:     6
Total run time: 610.166 ms

部署haproxy实现负载均衡

vim haproxy/install.sls 
include:
  - pkgs.make
  - users.haproxy

haproxy-install:
  file.managed:
    - name: /mnt/haproxy-1.6.11.tar.gz
    - source: salt://haproxy/files/haproxy-1.6.11.tar.gz
  cmd.run:
    - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install &> /dev/null && cd .. && rm -fr haproxy-1.6.11
    - creates: /usr/local/haproxy

/etc/haproxy:
  file.directory:
    - mode: 755

/usr/sbin/haproxy:
  file.symlink:
    - target: /usr/local/haproxy/sbin/haproxy


vim haproxy/service.sls 
include:
  - haproxy.install

/etc/haproxy/haproxy.cfg:
  file.managed:
    - source: salt://haproxy/files/haproxy.cfg

haproxy-service:
  file.managed:
    - name: /etc/init.d/haproxy
    - source: salt://haproxy/files/haproxy.init
    - mode: 755
  service.running:
    - name: haproxy
    - reload: True
    - watch:
      - file: /etc/haproxy/haproxy.cfg

解压haproxy源码包，在haproxy-1.6.11/examples中将配置文件content-sw-sample.cfg和启动脚本拷到server1的 /srv/salt/haproxy/files中
tar zxf haproxy-1.6.11.tar.gz
cd haproxy-1.6.11/examples/
scp content-sw-sample.cfg server1:/srv/slat/haproxy/files
scp haproxy.init server1:/srv/salt/haproxy/files


cd /srv/salt/haproxy/files
mv content-sw-sample.cfg haproxy.cfg
vim haproxy/files/haproxy.cfg
global
        maxconn         10000
        stats socket    /var/run/haproxy.stat mode 600 level admin
        log             127.0.0.1 local0
        uid             200
        gid             200
        chroot          /var/empty
        daemon

defaults
        mode            http
        log             global
        option          httplog
        option          dontlognull
        monitor-uri     /monitoruri
        maxconn         8000
        timeout client  30s
        retries         2
        option redispatch
        timeout connect 5s
        timeout server  30s
        timeout queue   30s
        stats uri       /admin/stats

frontend public
        bind            *:80 name clear
        default_backend dynamic

backend dynamic
        balance         roundrobin
        server          dynsrv1 172.25.24.2:80 check inter 1000
        server          dynsrv2 172.25.24.3:80 check inter 1000


vim top.sls 
base:
  "server1":
    - haproxy.service
  "server2":
    - apache.install
  "server3":
   - nginx.service


salt '*' state.highstate

在server2与server3默认发布页面编辑一个页面


实现负载均衡

{% %} #变量赋值
{{ }} #引用变量

grains

可参考官方文档： http://docs.saltstack.cn/topics/grains/index.html

salt server2 grains.items     #查看所有信息
salt server2 grains.item os   #查看指定信息
salt -G 'os:redhat' cmd.run hostname #所有操作系统为redhat的节点执行hostname命令  -G 匹配

Server2

vim /etc/salt/minion

/etc/init.d/salt-minion restart

Server1

salt server2 grains.item roles

上述方法每次都需要修改主配置文件，不太好，所以可以在minion端编写/etc/salt/grains文件
Server3
vim  /etc/salt/grains
roles: nginx

Server1

salt server3 saltutil.sync_grains      #需要刷新server3 的grains信息才能匹配到
salt server3 grains.item roles

vim /srv/salt/top.sls   #使用grains可以不用指定主机
base:
  "server1":
    - haproxy.service
  "roles:apache":
    - match: grain
    - apache.install
  "roles:nginx":
    - match: grain
    - nginx.service

salt '*' state.highstate      # 没有报错

mkdir /srv/salt/_grains
vim /srv/salt/_grains/grains.py 
#!/usr/local/env python

def grains():
    grains = {}
    grains['salt'] = 'stack'
    return grains


salt server3 saltutil.sync_grains
salt server3 grains.item salt

在Pillar中存储静态数据

可参考官方文档：http://docs.saltstack.cn/topics/pillar/index.html

vim /etc/salt/master

/etc/init.d/salt-master restart    
mkdir /srv/pillar
cd /srv/pillar
mkdir web
vim web/webserver.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% endif %}

vim top.sls
base:
  '*':
    - web.webserver

salt '*' saltutil.refresh_pillar   #需要刷新pillar

salt server2 pillar.item webserver

salt -I 'webserver:nginx' test.ping  #匹配webserver为nginx的节点执行ping ,-I 匹配

salt -S 172.25.24.0/24 test.ping  #匹配所有在网段172.25.24.0/24中的节点执行ping

Jinja

可参考官方文档：
http://docs.saltstack.cn/ref/renderers/all/salt.renderers.jinja.html#module-salt.renderers.jinja

vim /srv/salt/apache/files/httpd.conf

vim /srv/salt/apache/install.sls
apache-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - php-mysql

  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - mode: 644
    - user: root
    - group: root
    - template: jinja
    - context:
      port: 8080
      bind: {{ grains['ipv4'][-1] }}

  service.running:
    - name: httpd
    - enable: True
    - watch:
      - file: apache-install

salt server2 state.sls apache.install

netstat -antlp |grep httpd   #server2查看

Jinja在普通文件内使用

1. vim apache/lib.sls
   {% set port = 80 %}
   {% set bind = ‘172.25.24.2’ %}
   vim apache/files/httpd.conf
   在文件开头添加
   {% from ‘apache/lib.sls’ import bind with context %}
   {% from ‘apache/lib.sls’ import port with context %}
   

之前在/srv/salt/apache/install.sls文件中也配置了监听地址和端口我们试一下是那个文件生效

salt server2 state.sls apache.install   #没有报错

在server2查看发现是lib.sls文件中定义的变量生效，这是因为install.sls 文件先生效，lib.sls文件后生效覆盖了之前install.sls文件中已生效的变量

2)结合pillar

vim /srv/pillar/apache.sls
{% if grains['fqdn'] == 'server2' %}
port: 80
bind: 172.25.254.2
{% endif %}

vim /srv/pillar/top.sls
base:
  'server2':
- apache

vim apache/install.sls

vim apache/files/httpd.conf          #删除之前在开头添加那两行参数

salt server2 state.sls apache.install        #没有报错

在server2上查看,配置成功

vim /etc/httpd/conf/httpd.conf

将job返回结果存入数据库中

可参考官方文档：http://docs.saltstack.cn/topics/jobs/external_cache.html
关于配置文件修改及salt数据库导入可参考官方文档：
http://docs.saltstack.cn/ref/returners/all/salt.returners.mysql.html#module-salt.returners.mysql

将job返回结果存入数据库中有两种方式
1.minion发送两个jib返回结果，一个返回master，一个存入数据库
图解：

Server2
vim /etc/salt/minion
mysql.host: ‘172.25.24.1’
mysql.user: ‘salt’
mysql.pass: ‘redhat’
mysql.db: ‘salt’
mysql.port: 3306

yum install -y MySQL-python
/etc/init.d/salt-minion restart

Server1

yum install -y mysql-server
/etc/init.d/mysqld start
vim add.sql      #由于数据库版本较低所以注释第17行，
CREATE DATABASE  `salt`
  DEFAULT CHARACTER SET utf8
  DEFAULT COLLATE utf8_general_ci;

USE `salt`;

--
-- Table structure for table `jids`
--

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
  `jid` varchar(255) NOT NULL,
  `load` mediumtext NOT NULL,
  UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
#CREATE INDEX jid ON jids(jid) USING BTREE;

--
-- Table structure for table `salt_returns`
--

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
  `fun` varchar(50) NOT NULL,
  `jid` varchar(255) NOT NULL,
  `return` mediumtext NOT NULL,
  `id` varchar(255) NOT NULL,
  `success` varchar(10) NOT NULL,
  `full_ret` mediumtext NOT NULL,
  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  KEY `id` (`id`),
  KEY `jid` (`jid`),
  KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_events`
--

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

mysql < add.sql
mysql
grant all on salt.* to salt@'%' identified by 'redhat';

salt server2 test.ping --return mysql
mysql
use salt
select * from salt_returns;

2.Minion将job返回结果发给master，然后由master来存入数据库
图解：

vim /etc/salt/master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'redhat'
mysql.db: 'salt'
mysql.port: 3306

yum install -y MySQL-python
mysql
grant all on salt.* to salt@'localhost' identified by 'redhat';

/etc/init.d/salt-master restart
salt server3 cmd.run df   #因为我们对minion端server3 没有进行配置，所以用server3来测试

mysql
use salt
select * from salt_returns;