SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
通过部署SaltStack,我们可以在成千万台服务器上做到批量执行命令,根据不同业务进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等。
主机:
将saltstack 软件仓库挂载到apache的默认发布目录上
server1
vim /etc/yum.repos.d/dvd.repo
[dvd]
name=dvd
baseurl=http://172.25.12.250/rhel7.6
gpgcheck=0
[saltstack]
name=saltstack
baseurl=http://172.25.12.250/3000
gpgcheck=0
yum repolist
yum list salt-*
yum install - y salt-master.noarch
systemctl enable --now salt-master.service
netstat -antlp 4505 4506
server2 /server3
yum install -y salt-minion
vim /etc/salt/minion
16 master: 172.25.12.1
systemctl enable --now salt-minion.service
```cd
server1
```bash
salt-key -L #列出
salt-key -A #添加
salt '*' test.ping
salt-key -d server2 #删除
安装查看进程的软件
yum install -y python-setproctitle.x86_64
systemctl restart salt-master.service
server1
创建模块目录:
mkdir /srv/salt/_modules
编写模块文件:
vim /srv/salt/_modules/mydisk.py
def df():
return_salt_['cmd.run']
同步模块:
salt server2 saltutil.sync_modules
server1
mkdir /srv/salt/apache -p
cd /src/salt/apache
server2
cd /etc/httpd/conf/
scp httpd.conf server1:/srv/salt/apache
server1
vim httpd.conf
vim init.sls
1 apache:
2 pkg.installed:
3 - pkgs:
4 - httpd
5 - php
6
7 file.managed:
8 - name: /etc/httpd/conf/httpd.conf
9 - source: salt://apache/httpd.conf
10
11 service.running:
12 - name: httpd
13 - enable: true
14 - reload: true
15 - watch:
16 - file: apache
salt server2 state.sls apache #同步模块
server1
mkdir /srv/salt/nginx/
vim init.sls
1 nginx-install:
2 pkg.installed:
3 - pkgs:
4 - gcc
5 - pcre-devel
6 - openssl-devel
7 file.managed:
8 - name: /mnt/nginx-1.20.1.tar.gz
9 - source: salt://nginx/nginx-1.20.1.tar.gz
10
11 cmd.run:
12 - name: cd /mnt && tar zxf nginx-1.20.1.tar.gz && cd nginx-1.20.1/&& sed -i 's/C FLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/ local/nginx --with-http_ssl_module --with-threads --with-file-aio &> /dev/null && ma ke &>/dev/null && make install &> /dev/null
13 - creates: /user/local/nginx
server3
cd /usr/local/nginx/conf
scp nginx.conf server1:/srv/salt/nginx
server1
编写nginx.service文件
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
编写nginx.conf
user nginx;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 65535;
}
编写service.sls文件
cd /srv/salt/nginx/
vim service.sls
1 include:
2 - nginx
3
4 nginx-user:
5 user.present:
6 - name: nginx
7 - shell: /sbin/nologin
8 - home: /usr/loacl/nginx
9 - createhome: false
10
11 /usr/local/nginx/conf/nginx.conf:
12 file.managed:
13 - source: salt://nginx/nginx.conf
14
15 nginx-service:
16 file.managed:
17 - name: /usr/lib/systemd/system/nginx.service
18 - source: salt://nginx/nginx.service
19 service.running:
20 - name: nginx
21 - enable: true
22 - reload: true
23 - watch:
24 - file: /usr/local/nginx/conf/nginx.conf
salt server3 state.sls nginx.service
salt '*' saltutil.sync_grains #同步脚本至受控端
salt '*' state.highstate #该命令直接调用top.sls
server1
cd srv
mkdir pillar
cd pillar/
vim pkgs.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: nginx
{% endif }
vim top.sls
base:
'*':
- pkgs
server3
systemctl stop nginx ##关闭nginx防止端口冲突
vim /src/salt/apache/httpd.conf
salt '*' state.sls apache