SaltStack实现中小型企业架构

SaltStack实践案例

1 案例简述

通过SaltStack的配置管理实现“中小型Web架构”的自动化部署和配置管理,主要包括以下功能和服务:

系统初始化

Haproxy服务

Keepalived服务

Nginx服务

PHP(FastCGI)服务

Memcached服务

案例架构图如图1-1所示:

图 1-1 实践案例架构图

案例思路:按照系统初始化、功能模块、业务模块依次进行设计与实现:

 

1系统初始化:操作系统安装完成之后,通常进行的一些初始设置,比如:安装监控代理、调整内核参数、设置域名解析、安装常用工具等

2功能模块: 生产环境使用到的应用,例如、Nginx、PHP、Haproxy、Keepalived等此类应用的安装和管理。

3业务模块: 功能模块已经编写了大量基础的功能状态,在业务层面进行引用,因此功能模块需要尽可能的全,且独立。不同的业务类型可以在Include功能模块里面安装和部署。每个业务使用自己的配置文件,最后我们只需要在top.sls里面指定Minion端的某一业务状态即可。

参考中文文档:http://docs.saltstack.cn/zh_CN/latest/topics/tutorials/starting_states.html

参考英文文档:https://docs.saltstack.com/en/latest/

 

2 环境规划

环境规划包括两种:

1实践案例的网络配置及服务器环境

2SaltStack中file_roots和Pillar_roots定义的SaltStack环境

2.1.1 实现环境设置

需要至少两台以上的虚拟机或者物理机,本教程的实验环境如表2-1所示。

表2-1 案例实验环境

Hostname

IP

Roles

os

saltstack-master

10.1.1.97

master、minion、Haproxy+Keepalived、Nginx+PHP

CentOS 6.8 mininal

saltstack-minion

10.1.1.98

Minion、Memcached、Haproxy+Keepalived、Nginx+PHP

CentOS 6.8 mininal

    

2.1.2 SaltStack环境设置

SaltStack环境设置

使用两个环境base和prod,base环境用来存放初始化的功能,prod环境用于放置生产的配置管理功能:

编辑master配置文件

[root@saltstack-master~]# egrep -v "^#|^$" /etc/salt/master

#Filse Serversettings

file_roots:

  base:

    - /srv/salt/base

  prod:

    - /srv/salt/prod

#Pillar settings

pillar_roots:

  base:

    - /srv/pillar/base

  prod:

    - /srv/pillar/prod

参照上面配置对Master配置文件进行修改,建议修改一致。

 

创建目录结构,默认目录不存在,然后重启saltstack-master:

[root@saltstack-master~]# mkdir -p /srv/salt/base /srv/salt/prod

[root@saltstack-master~]# mkdir -p /srv/pillar/base /srv/pillar/prod

[root@saltstack-master~]# /etc/init.d/saltstack-master restart

Stopping saltstack-masterdaemon:                             [  OK  ]

Starting saltstack-masterdaemon:                              [  OK  ]

2.2 YAML编写技巧

YAML是YAML Ain's Markup Language的首字符编写,和GUN一样,YAML是一个递归着说‘不’的名字,不对的是YAML说不的对象是XML,YAML语法中,结构通过空格展示,项目用“-”代表。键值对使用“:”分割。

YAML语法规则:

1缩进

YAML使用一个固定的缩进风格表示数据层级结构关系。

 

2冒号

Python的字典是简单的键值对,(叫哈希表或关联数组)。

my_key: my_value

 

python中,上面的命令映射为:

{‘my_key’:‘my_value’}

或:

my_key:

     my_value

字典可以嵌套:

first_level_dict_key:

second_level_dict_key:value_in_second_level_dict

Python中上面的命令改写成:

{

‘first_level_dict_key:{

‘second_level_dict_key’:‘value_in_second_level_dict’

}

}

 

3短横杠

想要表示列表项,使用一个短横杠加一个空格,多个项使用同样的缩进级别作为同一列表的一部分:

- list_value_one

- list_value_two

- list_value_three

 

列表表示一个键值对的value,例如:一次性安装多个软件包:

 

my_dictionary:

    - list_value_one

    - list_value_two

-list_value_three

 

Python,上面的命令用python改写:

{‘my_dictionary’:[‘list_value_one’,’’list_value_two,’list_value_three]}

 

Jinja使用技巧

 

Jinja是基于Python的模板引擎,功能类似于PHP的Smarty,J2EE的Freemarker。Salt默认使用yaml_jinja渲染器。yaml_jinja的流程是先用jinja2模板引擎处理SLS,然后在调用YANL解析器。

 

沙箱执行模式,模板的每个部分都在引擎的监督之下执行,模板将会被明确地标记在白名单或黑名单内,这样对于那些不信任的模板也可以执行。

强大的自动HTML转义系统,可以有效地阻止跨站脚本攻击。

模板继承机制,此机制可以使得所有的模板都具有相似一致的布局,也方便了开发人员对模板的修改和管理。

高效的执行效率,Jinja2引擎在模板第一次加载时就把源码转换成Python字节码,加快模板执行时间。

可选的预编译模式。

调试系统融合了标准的Python的TrackBack系统,使得模板编译和运行期间的错误能及时被发现和调试。

语法可配置,可以重新配置Jinja2使得它更好地适应LaTeX或JavaScript的输出。

模板设计人员帮助手册,此手册指导设计人员更好地使用Jinja2引擎的各种方法。[1]

 

Jinja基本使用

1、File状态使用template参数 -template:jinja

2、模板文件里面变量使用{{name}},例如:{{PORT}}

3、File状态模板要指定变量列表:

- defaults

PORT: 8080

Jinja变量使用Grains:

{{grains[‘fqdn_ip4’] }}

Jinja变量使用执行模块:

{{salt[‘network.hw_addr’](‘eth0’) }}

 

Jinja变量使用pillar:

 

{{pilllar[‘apache’][‘PORT’] }}

 

Jinja逻辑关系:

 

Jinja主要可以用来给状态增加逻辑关系,当系统环境同时存在CentOS和Ubuntu,Apache软件包的名字是不同的,通过Jinja的逻辑语法指定(使用Grains来判断服务器的操作系统)

 

{% ifgrains[‘os’] == ‘Redhat’ %}

apache: httpd

{% elifgrains[‘os’] == ‘Debian’ %}

apache: apache2

{% endif %}

 

2.3 系统初始化

通常服务器安装完操作系统之后,都会进行一些基础的设置,生产环境使用SaltStack时,建议将所有的服务器都会进行的基础配置或者软件部署归类放在Base环境下面,本教程中在Base环境下创建一个Init的目录,将系统初始化配置的SLS均放置到Init目录下,可以叫作“初始化模块”。

 

2.3.1 Vim设置

编写测试文件one.sls

[root@saltstack-master ~]# vi /srv/salt/base/init/one.sls

first-sls:

  file.managed:

    - name: /tmp/foo.conf

    - source: salt://init/config/foo.conf

    - user: root

    - group: root

    - mode: 644

#test

[root@saltstack-master init]#salt '*' state.sls init.one test=True

根据使用习惯设置统一的vim配置文件,使用SaltStack的File状态模块的Managed方法管理vimrc文件。

查看指定states的function及指定state用法:

[root@saltstack-master ~]#salt '*' sys.list_state_functions file

salt '*' sys.state_docfile.managed

[root@saltstack-master ~]#mkdir -p /srv/salt/base/init

[root@saltstack-master ~]# mkdir-p /srv/salt/base/config

[root@saltstack-master ~]# cp /etc/vimrc/srv/salt/base/config/

[root@saltstack-master ~]# vim/srv/salt/base/init/vim.sls

/etc/vimrc:

    file.managed:

         - source: salt://init/config/vimrc

         - user: root

         - group: root

         - mode: 644

         - backup: '*'

SLS文件编写完成之后,需要把/etc/vimrc文件放到/srv/salt/base/init/config目录下面。

注:SaltStack环境下面的目录不存在的都需要新建。

[root@saltstack-master ~]#salt '*' state.sls init.vim test=True #test参数测试是否能够同步成功,

[root@saltstack-master ~]#salt '*' sys.doc state | less   #查看stata模块用法

saltstack-master.example.com:

----------

          ID: sync_vimrc

    Function: file.managed

        Name: /etc/vimrc

      Result: True

     Comment: The file/etc/vimrc is in the correct state

     Started: 10:53:08.302890

    Duration: 7.408 ms

     Changes:  

 

Summary

------------

Succeeded: 1

Failed:    0

------------

Total states run:     1

saltstack-minion.example.com:

----------

          ID: sync_vimrc

    Function: file.managed

        Name: /etc/vimrc

      Result: None

     Comment: The file/etc/vimrc is set to be changed

     Started: 10:53:08.967117

    Duration: 6.296 ms

     Changes:  

              ----------

              newfile:

                  /etc/vimrc

 

Summary

------------

Succeeded: 1 (unchanged=1, changed=1)

Failed:    0

------------

Total states run:     1   

2.3.2 DNS设置

生产环境中,DNS解析是比较重要的设置,建议在内网建立自己的内网DNS服务器,同样使用SlatStack的File状态模块中的Managed方法管理resolv.conf文件:

[root@saltstack-master ~]# cp/etc/resolv.conf /srv/salt/base/init/config/

[root@saltstack-master ~]# vim/srv/salt/base/init/dns.sls

/etc/resolv.conf:

    file.managed:

         - source:salt://init/config/resolv.conf

         - user: root

         - group: root

         - mode: 644

         - backup: '*'

dns.sls文件编写完成之后,需要把设置好的resolv.conf放到/srv/salt/base/init/config目录下面。

 

2.3.3 History记录时间

使用history记录时间,可以清楚的知道什么用户什么时间执行了什么命令,对分析系统错误,及安全性有很大帮助,使用SlatStack的File状态模块的Append方法,在/etc/profile里面追加设置:(相当于echo “” >> file)

[root@saltstack-master ~]#salt '*’ sys.state_doc file.append | grep -C 5 append

[root@saltstack-master ~]# vim/srv/salt/base/init/history.sls

/etc/profile:

        file.append:

              - text:

                   - export HISTTIMEFORMAT="%F%T `whoami` "

#注:编写SLS文件时,使用英文输入法,不然会导致相关报错(Illegal tab character)

 

2.3.4 命令操作审计

使用logger将输入的命令写入到memssages的一个简单功能,使用SaltStack的File模块的Append方法。建议将memssages日志文件进行统一收集管理,建议使用ELK Stack(Elasticsearch、LogStach、Kibana)。

append_log:

  file.append:

    - name: /etc/bashrc

    - text:

      - export PROMPT_COMMAND='{ msg=$(history1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who ami):[`pwd`]"$msg"; }'

  cmd.run:

    - name: source /etc/bashrc

 

2.3.5 内核参数优化

初始化时,需要对默认的内核参数进项调优,SaltStack提供了Sysctl状态模块用来检测内核参数的配置,默认调整的内核参数较多,参考:

http://blog.sina.com.cn/s/blog_87113ac20102w4za.html

[root@saltstack-master ~]# cp/etc/sysctl.conf /srv/salt/base/init/config/

[root@saltstack-master ~]# vim/srv/salt/base/init/sysctl.sls

/etc/sysctl.conf:

    file.managed:

         - source:salt://init/config/sysctl.conf

         - user: root

         - group: root

         - mode: 644

通过结果如图2-1

图 2-1

#需要先在本地设置好优化过的内核参数文件,放到/srv/salt/base/init/config目录下面。

参数优化详情可参考上面所示博客,或自行度娘。

[root@saltstack-master ~]#salt '*' state.sls init.sysctl test=True

 

2.3.6 epel仓库

建议设置epel仓库,放到系统初始化配置当中,由于本教程在安装salt-minion时已经安装过epel源,所以此处只贴出例子,是否需要使用建议在env_init.sls文件中设置即可。

[root@saltstack-master ~]# vim/srv/salt/base/init/epel.sls

yum_repo_release:

      pkg.installed:

         - sources:

         - epel-release:http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm

         - unless: rpm -qa | grepepel-release-6-8

 

2.3.7 ssh设置

建议在生产服务器对ssh配件文件进行统一管理,修改默认的连接端口

[root@saltstack-master ~]# sed-i 's/\#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config

[root@saltstack-master ~]# sed-i 's/\#PermitEmptyPasswords no/PermitEmptyPasswords no/' /etc/ssh/sshd_config

#

[root@saltstack-master ~]# cp/etc/ssh/sshd_config /srv/salt/base/init/config/

[root@saltstack-master~]#  vim /srv/salt/base/init/ssh.sls

sync-ssh:

  file.managed:

    - name: /etc/ssh/sshd_config

    - source: salt://init/config/sshd_config

    - user: root

    - group: root

    - mode: 644

  cmd.run:

    - name: /etc/init.d/sshd restart

    - require:

      - file: sync-ssh

  service.running:

    - name: sshd

    - enable: True

    - reload: True

    - require:

      - file: sync-ssh

 

2.3.8 crontab设置

设置定时任务同步系统时间

[root@saltstack-master ~]# vim/srv/salt/base/init/cron.sls

ntpdate-init:

  pkg.installed:

    - name: ntpdate

set-crontab:

  cron.present:

    - name: /usr/bin/ntpdate times.aliyun.com>> /dev/null 2>&1

    - user: root

    - minute: '*5'

[root@saltstack-master ~]# salt '*' state.sls init.cron test=True

 

2.3.9 安装常用命令

[root@saltstack-master ~]# vim/srv/salt/base/init/yum.sls

    yum-list-init:

  pkg.installed:

    - names:

      - gcc

      - gcc-c++

      - man

      - vim-enhanced

      - wget

      - telnet

      - lsof

      - sysstat

      - openssh-clients

      - lrzsz

      - tree

      - hdparm

#

2.3.7 初始化环境引用

本教程编写的初始化功能SLS文件,统一放到init目录下,方便理解和管理,可以通过在编写一个特别的SLS文件,把init目录下面的初始化功能SLS文件包含进去,然后在top.sls直接引用这个sls文件即可:

[root@saltstack-master ~]# vim/srv/salt/base/init/env_init.sls

include:

  - init.one

  - init.vim

  - init.dns

  - init.history

  - init.log

  - init.sysctl

  - init.epel

  - init.ssh

  - init.cron

  - init.yum

其中one.sls文件是最开始为了测试时创建的sls文件,此处建议在开始编写sls进行同步时,先编写one.sls,然后进行单个sls文件同步测试,下面是从saltstack-master同步到*的演示。每新增一个功能模块的sls文件,都需要测试同步,同时saltstack-master,salt-minion中日志的级别建议设置成debug,方便排错。

[root@saltstack-master ~]#salt '*' state.sls init.one

*:

----------

          ID: /tmp/foo.conf

    Function: file.managed

      Result: True

     Comment: File /tmp/foo.conf is in thecorrect state

     Started: 19:05:42.311064

    Duration: 13.934 ms

     Changes:  

 

Summary

------------

Succeeded: 1

Failed:    0

------------

Total states run:     1

 

查看到此我们已经编写的sls文件,通过tree命令,最小化安装的CentOS 6.7默认没安装tree,需自行yum安装即可:

[root@saltstack-master ~]#tree /srv/salt/base/

/srv/salt/base/

├── init

│   ├── config

│   │  ├── foo.conf

│   │  ├── resolv.conf

│   │  ├── sshd_config

│   │  ├── sysctl.conf

│   │  └── vimrc

│   ├── cron.sls

│   ├── del_cron.sls

│   ├── dns.sls

│   ├── env_init.sls

│   ├── epel.sls

│   ├── history.sls

│   ├── log.sls

│   ├── one.sls

│   ├── ssh.sls

│   ├── sysctl.sls

│   ├── vim.sls

│   └── yum.sls

└── top.sls

 

2 directories, 18 files

编写top.sls文件,给Minion指定状态并执行:

[root@saltstack-master ~]# vim/srv/salt/base/top.sls

base:

    '*':

       - init.env_init

 

注意:生产环境中,每次执行状态,强烈建议先进性测试,确定SaltStack会执行那些操作然后在应用状态到服务器上:

测试:

[root@saltstack-master ~]#salt '*' state.highstate test=True

注:建议这里不要用salt ‘*’ state.highstatetest=True,需要指定到那台服务器,用正则匹配到指定服务器,避免导致不必要的错误。

…….

Summary

-------------

Succeeded: 24(unchanged=15, changed=4)

Failed:     0

-------------

Total statesrun:     24

如果出现上图所示,表示编写的sls文件可以正常执行,然后同步到指定的服务器上面。

    #

[root@saltstack-master~]# salt '*' state.highstate

    下面是把初始化设置应用*显示结果:(已成功)

[root@saltstack-master~]# salt '*' state.highstate

*:

----------

          ID: /tmp/foo.conf

    Function: file.managed

      Result: True

     Comment: File /tmp/foo.conf is in thecorrect state

     Started: 19:29:09.696053

    Duration: 6.285 ms

     Changes:  

----------

          ID: /etc/resolv.conf

    Function: file.managed

      Result: True

     Comment: File /etc/resolv.conf is in thecorrect state

     Started: 19:29:09.702465

    Duration: 2.294 ms

     Changes:  

----------

          ID: /etc/salt/minion

    Function: file.managed

      Result: True

     Comment: File /etc/salt/minion is in thecorrect state

     Started: 19:29:09.704881

    Duration: 2.543 ms

     Changes:  

----------

          ID: /etc/profile

    Function: file.append

      Result: True

     Comment: File /etc/profile is in correctstate

     Started: 19:29:09.707537

    Duration: 1.06 ms

     Changes:  

----------

          ID: /etc/sysctl.conf

    Function: file.managed

      Result: True

     Comment: File /etc/sysctl.conf is in thecorrect state

     Started: 19:29:09.708709

    Duration: 2.32 ms

     Changes:  

 

Summary

------------

Succeeded: 5

Failed:    0

------------

Total statesrun:     5

 

 

3 功能模块设置

 

初始化系统完成之后,编写具体的功能模块。参照图1-1案例架构图从上往下进行设计与实现,首先编写Haproxy和Keepalived功能模块

 

3.1 Haproxy配置管理

1Haproxy是一个开源的高性能的反向代理项目,支持四层和七层的负载均衡,多种负载均衡算法和健康检查等。

2Keepalived是一个高可用集群的项目,它是VRRP协议的完美实现,通过Keepalived来管理Haproxy上面的VIP,当注Haproxy发生故障时,将VIP漂移到备用的Haproxy上来继续提供服务。

Haproxy和Keepalived使用源码编译安装的方式,将这两个服务放置在prod环境中。

 

首先创建目录结构,如下所示:

[root@saltstack-master~]# mkdir -p /srv/salt/prod/pkg

[root@saltstack-master~]# mkdir -p /srv/salt/prod/haproxy/package

[root@saltstack-master~]# mkdir -p /srv/salt/prod/keepalived/package

在每个服务的目录线面创建一个package目录用来存放软件的源码包和需要的相关启动脚本、配置文件等。

 

3.1.1 pkg配置

首先需要使用pkg模块将源码编译依赖的各种包都安装上,使用pkg状态的installed方法,同时使用names列表,通过列表的方式把需要的安装包都列出来:

 

[root@saltstack-master~]# vim /srv/salt/prod/pkg/pkg-init.sls

pkg-init:

    pkg.installed:

        - name:

          - gcc

          - gcc-c++

          - glibc

          - make

          - autoconf

          - openssl

          - openssl-devel

 

3.1.2 Haproxy服务配置

首先需要将Haproxy的源码包和管理脚本放置在/srv/salt/prod/haproxy/package目录下,通过http://www.haproxy.org/下载软件包,这里使用1.6.5版本。

[root@saltstack-master~]# wget http://fossies.org/linux/misc/haproxy-1.6.5.tar.gz-P /usr/local/src/

由于haproxy官网wget较慢,此处可是使用其他源进行wget或者本地下载完成之后上传到服务器的/usr/local/src目录,建议使用MD5验证文件的完整性。

 

[root@saltstack-master ~]# cd /usr/local/src/

[root@saltstack-mastersrc]# cp haproxy-1.6.5.tar.gz /srv/salt/prod/haproxy/package/

[root@saltstack-mastersrc]# tar zxvf haproxy-1.6.5.tar.gz

[root@saltstack-mastersrc]# cd /usr/local/src/haproxy-1.6.5/examples/

该目录下存放了Haproxy启动脚本,需要修改默认路径:

[root@saltstack-masterexamples]# sed -i's/\/usr\/sbin\/'\$BASENAME'/\/usr\/local\/haproxy\/sbin\/'\$BASENAME'/g'haproxy.init

 

复制Haproxy的启动脚本到/srv/salt/prod/haproxy/package/下面:

[root@saltstack-masterexamples]# cp haproxy.init /srv/salt/prod/haproxy/package/

 

3.1.3 编写Haproxy安装SLS文件

 

编写Haproxy内容如下:

[root@saltstack-master~]# vim /srv/salt/prod/haproxy/install.sls

include:

    - pkg.pkg-init:

haproxy-install:

    file.managed:

        - name: /usr/local/src/haproxy-1.6.5.tar.gz

        - source: salt://haproxy/package/haproxy-1.6.5.tar.gz

        - mode: 755

        - user: root

        - group: root

    cmd.run:

        - name: cd /usr/local/src &&tar zxf haproxy-1.6.5.tar.gz && cd haproxy-1.6.5 && makeTARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy

        - unless: test -d /usr/local/haproxy

        - require:

                 - pkg: pkg-init

                 - file: haproxy-install

 

Haproxy的服务管理脚本如下所示:

 

/etc/init.d/haproxy:

    file.managed:

         - source://haproxy/package/haproxy.init

         - mode: 755

         - user: root

         - group: root

         - require:

                  - cmd: haproxy-install

 

设置可以监听非本地IP:

net.ipv4.ip_nonlocal_bind:

    sysctl.present:

          - value: 1

#Haproxy的配置文件存放目录如下:

 

haproxy-config-dir:

    file.directory:

        - name: /etc/haproxy

        - mode: 755

        - user: root

        - group: root

#设置Haproxy开机自启动

haproxy-init:

    cmd.run:

       - name: chkconfig -add haproxy

       - unless: chkconfig --list | grephaproxy

       - require:

                - file: /etc/init.d/haproxy

本文没有把Haproxy的服务管理放置在install.sls里面,因为Haproxy启动需要依赖配置文件,通过两种方法管理Haproxy的配置文件:

1直接在需要使用Haproxy的地方引用Haproxy的安装,然后加入Haproxy的配置文件和服务管理。优点:简单明了;缺点:不够灵通用。

2使用jinja模板,将Haproxy的基础配置编写完成之后,其他的配置通过Pillar来进行自动生成。优点:灵活通用;缺点:由于需要使用大量的if、for等Jinja模板语法,而且需要配置Pillar来实现配置,比较麻烦,实现起来难度比较大,而且容易出错。

 

3.14 Haproxy业务引用

 

编写一个业务模块Cluster,然后调用Haproxy来完成配置管理,这样做的好处是把基础服务的配置管理和业务分开,例如负载均衡,有可能是对外的,也可能是内部使用,如果都是用Haproxy,那么Haproxy的安装就是基础功能,配置和启动,可以通过放置在业务模块Cluster中来进行集中管理。

 

创建cluster目录,并且在cluster目录下创建config目录,用来存放配置文件:

[root@saltstack-master~]# mkdir -p /srv/salt/prod/cluster/config

将haproxy的配置文件放置在/srv/salt/prod/cluster/config目录下,下面列出本次案例使用的最小化配置:

[root@saltstack-master~]# vim /srv/salt/prod/cluster/config/haproxy-outside.cfg

 

global                                     #  ------全局配置------

        log 127.0.0.1   local0             #日志输出配置,所有日志都记录在本机,通过local0输出

        log 127.0.0.1   local1 notice

        #log loghost    local0 info

        maxconn 100000                     #最大连接数

        chroot /usr/share/haproxy          #chroot运行路径

        uid 99                             #所属用户UID

        gid 99                             #所属运行的GID

        daemon                             #以后台形式运行haproxy

        #debug                             #调试模式,输出启动信息到标准输出

        #quiet                             #安静模式,启动时无输出

defaults                                   #------默认配置-----

        log    global

        mode   http                       #默认模式{tcp|http|health},tcp是4层,http是7层,health只会返回OK

        option httplog                    #日志类别:http日志格式

        option dontlognull                #不记录健康检查的日志信息

        retries 3                          #3次连接失败就认为服务不可用

        option redispatch                #ServerID对应的服务器挂掉后,强制定向到其他健康服务器

        maxconn 100000                     #默认最大连接数

        timeout connect      5000          #连接超时

        timeout client      50000          #客户端超时

        timeout server      50000          #服务端超时

 

listenstatus                              #监控页面设置

        mode http                          #http的7层模式

        bind 0.0.0.0:8888                  #监听端口

        stats enable                        

        stats hide-version                 #隐藏统计页面上的HAproxy版本信息

        stats uri     /haproxy-status      #监控页面URL

        stats auth    haproxy:saltstack    #监控页面用户名和密码

        stats admin if TRUE                #手工启用、禁用后端服务器

 

frontendfrontend_www_vdevops_com

bind 192.168.1.154:80

mode http

option httplog

log global

    default_backend backend_www_vdevops_com

 

backendbackend_www_vdevops_com

optionforwardfor header X-REAL-IP

option httpchkHEAD / HTTP/1.0

balance source

server  web-node1 192.168.1.158:80 cookie server01 checkinter 2000 rise 30 fall 15

server  web-node2 192.168.1.151:80 cookie server02check inter 2000 rise 30 fall 15

##服务器定义(check指健康状况检查,inter 2000指检测频率;rise 2指从离线状态转换至正常状态需要成功检查的次数;fall 3指失败3次即认为服务器不可用)

 

编写Haproxy服务管理的SLS文件

[root@saltstack-master ~]# vim/srv/salt/prod/cluster/haproxy-service.sls

include:

 - haproxy.install

haproxy-service:

 file.managed:

   - name:/etc/haproxy/haproxy.cfg

   - source:salt://cluster/files/haproxy-outside.cfg

   - user: root

   - group: root

   - mode: 644

 service.running:

   - name: haproxy

   - enable: True

   - reload: True

   - require:

     - cmd: haproxy-install

   - watch:

     - file: haproxy-service

3.执行Haproxy状态

编写完成Haproxy的状态配置后,需要在Top file’里面给Minion指定状态。

[root@saltstack-master~]# vim /srv/salt/base/top.sls

base:

  '*':

    - init.env_init

prod:

  '*.example.com':

    - cluster.haproxy-service

测试并执行状态如下所示:

[root@saltstack-master~]# salt '*' state.highstate test=True

--------------------

          ID: haproxy-service

    Function: service.running

        Name: haproxy

      Result: None

     Comment: Service is set to be started

     Started: 08:54:23.478441

    Duration: 11.717 ms

     Changes:  

 

Summary

-------------

Succeeded: 40(unchanged=11, changed=3)

Failed:     0

-------------

Total statesrun:     40

[root@saltstack-master~]# salt '*' state.highstate

----------

          ID: haproxy-service

    Function: service.running

        Name: haproxy

      Result: True

     Comment: Service haproxy is alreadyenabled, and is running

     Started: 09:33:51.822457

    Duration: 72.527 ms

     Changes:  

              ----------

              haproxy:

                  True

 

Summary

-------------

Succeeded: 40(changed=5)

Failed:     0

-------------

Total statesrun:     40

 

3.1.5 查看Haproxy状态

   执行完毕如果没有报错,就表示Haproxy已经正常启动啦,如果有报错查看日志,来定位问题。执行之前确保minion客户端的80和8888端口没有被占用,通过http://IP:8888/status查看haproxy的状态,登录账号:haproxy 密码:saltstack

登录成功如下图所示:

#http://10.1.1.97:8888/status

# http://10.1.1.98:8888/status

由于前后端的web服务还未启动,目前看到的是Down状态。

 

3.2 Keepalived 配置管理

放置源码包、Keepalived的启动脚本、sysconfig配置文件在/srv/salt/prod/keepalived/files目录下。

#Master端

[root@saltstack-master~]# cd /usr/local/src/

[root@saltstack-mastersrc]# wget http://www.keepalived.org/software/keepalived-1.2.22.tar.gz

[root@saltstack-mastersrc]# cd /srv/salt/prod/keepalived/files/

[root@saltstack-masterfiles]# tar zxvf keepalived-1.2.22.tar.gz && cd keepalived-1.2.22

将Keepalived需要的init脚本和sysconfig复制到files目录下:

[[email protected]]# cp keepalived/etc/init.d/keepalived.init/srv/salt/prod/keepalived/files/

[[email protected]]# cp keepalived/etc/init.d/keepalived.sysconfig/srv/salt/prod/keepalived/files/

修改源码包里面的init脚本

[root@saltstack-masterfiles]# cd /srv/salt/prod/keepalived/files/

[root@saltstack-masterfiles]# rm -rf keepalived-1.2.22

#vim keepalived.init

#将daemon keepalived ${KEEPALIVED_OPTIONS}

#修改为 daemon /usr/local/keepalived/sbin/keepalived${KEEPALIVED_OPTIONS}

 

 

或者使用sed直接修改:

    # [root@saltstack-masterfiles]# sed -i  's/    daemon keepalived\${KEEPALIVED_OPTIONS}/    daemon\/usr\/local\/keepalived\/sbin\/keepalived \${KEEPALIVED_OPTIONS}/'keepalived.init

[root@saltstack-masterfiles]# grep daemon keepalived.init

# Startup scriptfor the Keepalived daemon

    daemon/usr/local/keepalived/sbin/keepalived${KEEPALIVED_OPTIONS}

 

3.2.1 编写Keepalived安装sls

[root@saltstack-master ~]# vim /srv/salt/prod/keepalived/install.sls

include:

  - pkg.pkg-init

 

keepalived-install:

  file.managed:

    - name:/usr/local/src/keepalived-1.2.22.tar.gz

    - source:salt://keepalived/files/keepalived-1.2.22.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src && tarzxf keepalived-1.2.22.tar.gz && cd keepalived-1.2.22 &&./configure --prefix=/usr/local/keepalived --disable-fwmark && make&& make install

    - unless: test -d /usr/local/keepalived

    - require:

      - file: keepalived-install

 

keepalived-sysconfig:

  file.managed:

    - name: /etc/sysconfig/keepalived

    - source:salt://keepalived/files/keepalived.sysconfig

    - user: root

    - group: root

    - mode: 755

 

keepalived-init:

  file.managed:

    - name: /etc/init.d/keepalived

    - source: salt://keepalived/files/keepalived.init

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: chkconfig keepalived on

    - unless: chkconfig --list | grepkeepalived

    - require:

      - file: keepalived-init

 

keepalived-dir:

  file.directory:

    - name: /etc/keepalived

    - user: root

    - group: root

    - mode: 744

 

3.2.2 业务模块

 

[root@saltstack-master~]# cd /srv/salt/prod/cluster/files/

[root@saltstack-masterfiles]# vim haproxy-service-keepalived.conf

! ConfigurationFile for keepalived

global_defs {

   notification_email {

     [email protected]

   }

   [email protected]

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

   router_id {{ROUTEID}}

}

vrrp_instancehaproxy_ha {

state{{STATEID}}

interface eth0

    virtual_router_id 36

priority{{PRIORITYID}}

    advert_int 1

authentication {

auth_type PASS

        auth_pass 1111

    }

    virtual_ipaddress {

       10.1.1.92

    }

}

在cluster业务目录下面编写haproxy使用Keepalived做高可用的sls文件

[root@saltstack-masterfiles]# cd /srv/salt/prod/cluster/

[root@saltstack-mastercluster]# vim haproxy-service-keepalived.sls

include:

  - keepalived.install

 

keepalived-service:

  file.managed:

    - name: /etc/keepalived/keepalived.conf

    - source:salt://cluster/files/haproxy-service-keepalived.conf

    - user: root

    - group: root

    - mode: 644

    - template: jinja

    {% if grains['fqdn'] =='saltstack-master.example.com' %}

    - ROUTEID: haproxy_ha

    - STATEID: MASTER

    - PRIORITYID: 150

    {% elif grains['fqdn'] == 'saltstack-minion.example.com'%}

    - ROUTEID: haproxy_ha

    - STATEID: BACKUP

    - PRIORITYID: 100

    {% endif %}

 

  service.running:

    - name: keepalived

    - enable: True

    - watch:

      - file: keepalived-service

3.2.3 执行Keepalived状态

编写Keepalived状态管理sls,在top file中指定Minion运行状态。

[root@saltstack-mastercluster]# cd /srv/salt/base/

[root@saltstack-masterbase]# vim top.sls

base:

  '*':

    - init.env_init

prod:

  '*.example.com':

    - cluster.haproxy-service

    - cluster.haproxy-service-keepalived

#

[root@saltstack-master~]# tree /srv/salt/prod/cluster/

/srv/salt/prod/cluster/

├── files

│  ├── haproxy-service.cfg

│  └── haproxy-service-keepalived.conf

├──haproxy-service-keepalived.sls

└──haproxy-service.sls

 

1 directory, 4files

#测试

[root@saltstack-masterbase]# salt '*' state.sls cluster.haproxy-service-keepalived test=True env=prod

[root@saltstack-masterbase]# salt '*' state.highstate test=True

Summary

-------------

Succeeded: 48(unchanged=10, changed=5)

Failed:     0

-------------

#执行

[root@saltstack-masterfiles]# salt '*' state.highstate

Total statesrun:     48

 

----------

          ID: keepalived-service

    Function: service.running

        Name: keepalived

      Result: True

     Comment: Service keepalived is alreadyenabled, and is running

     Started: 10:45:31.813269

    Duration: 104.633 ms

     Changes:  

              ----------

              keepalived:

                  True

 

Summary

-------------

Succeeded: 48(changed=5)

Failed:     0

-------------

Total states run:     48

 

#

3.2.4 haproxy+Keepalived 测试

执行完毕状态后,目前服务器已经正常运行,saltstack-master.example.com是主节点,使用ip ad li 查看目前的VIP是否在该节点:

[root@saltstack-master~]# ip ad li

1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:66:1e:aa brdff:ff:ff:ff:ff:ff

    inet 10.1.1.97/24 brd 10.1.1.255 scopeglobal eth0

    inet 10.1.1.92/32 scope global eth0

    inet6 fe80::20c:29ff:fe66:1eaa/64 scopelink

       valid_lft foreverpreferred_lft forever

#关闭主节点的keepalived进程,模拟服务器宕机,然后再次查看VIP:

#Master节点

[root@saltstack-master~]# ip ad li eth0

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:66:1e:aa brdff:ff:ff:ff:ff:ff

    inet 10.1.1.97/24 brd 10.1.1.255 scopeglobal eth0

    inet6 fe80::20c:29ff:fe66:1eaa/64 scopelink

       valid_lft foreverpreferred_lft forever

#Slave节点

[root@saltstack-minion~]# ip ad li eth0

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:50:56:3b:05:ad brdff:ff:ff:ff:ff:ff

    inet 10.1.1.98/24 brd 10.1.1.255 scopeglobal eth0

    inet 10.1.1.92/32scope global eth0

    inet6 fe80::250:56ff:fe3b:5ad/64 scope link

       valid_lft forever preferred_lft forever

  当master的keepalived down掉后,VIP会飘到backup上。

#重启Master节点的Keepalived进程,发现VIP已经切换到主节点

[root@saltstack-master~]# /etc/init.d/keepalived start

Startingkeepalived:                                       [  OK  ]

[root@saltstack-master~]# ip ad li eth0

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:0c:29:66:1e:aa brdff:ff:ff:ff:ff:ff

    inet 10.1.1.97/24 brd 10.1.1.255 scopeglobal eth0

    inet 10.1.1.92/32scope global eth0

    inet6fe80::20c:29ff:fe66:1eaa/64 scope link

       valid_lft forever preferred_lft forever

#Backup端VIP已不见。

[root@saltstack-minion~]# ip ad li eth0

2: eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen1000

    link/ether 00:50:56:3b:05:ad brdff:ff:ff:ff:ff:ff

    inet 10.1.1.98/24 brd 10.1.1.255 scopeglobal eth0

    inet6 fe80::250:56ff:fe3b:5ad/64 scope link

       valid_lft forever preferred_lft forever

 

3.4 Memcached 配置管理

Memcached是一个高性能的分布式内存对象缓存系统,用于动态web应用以减轻数据库负载,它通过内存中缓存数据和对象来减少读取数据库的次数,从而提高动态数据库驱动网站的访问速度,本次架构使用Memcached来存放存储(后面添加Redis)用户的Session。

负载均衡的环境下遇到的session问题,一般解决方法有三种:

Session保持

Session复制

Session共享

PHP可以在php.ini配置将session存储到memcached中,来实现session共享,这样可以避免后端服务器某一节点宕机时,造成用户请求丢失,用户的访问请求被调度到集群中的其他节点,用户的会话不会丢失。

 

Memcached的安装比较简单,Memcached依赖于libevent,需要先编译安装libevent,然后编译安装Memcached,同时创建一个管理用户的配置文件,Memcached包括后面要配置的Nginx和PHP都需要www用户进行管理。

Libevent 是一个用C语言编写的、轻量级的开源高性能网络库,主要有以下几个亮点:事件驱动(event-driven),高性能;轻量级,专注于网络,不如ACE 那么臃肿庞大;源代码相当精炼、易读;跨平台,支持 Windows、 Linux、 *BSD 和 MacOs;支持多种 I/O 多路复用技术, epoll、 poll、 dev/poll、select 和 kqueue 等;支持 I/O,定时器和信号等事件;注册事件优先级。

 

#Master端,创建目录结构

[root@saltstack-master~]# mkdir -p /srv/salt/prod/libevent/files

[root@saltstack-master~]# mkdir -p /srv/salt/prod/memcached/files

[root@saltstack-master~]# mkdir -p /srv/salt/prod/user

 

3.4.1 www用户配置

启动Memcached使用www用户,后面部署Nginx和PHP也使用www用户。

[root@saltstack-master~]# vim /srv/salt/prod/user/www.sls

www-user-group:

  group.present:

    - name: www

    - gid: 1500

  user.present:

    - name: www

    - fullname: www

    - shell: /sbin/nologin

    - uid: 1500

    - gid: 1500

3.4.2 Libevent配置

[root@saltstack-master~]# cd /usr/local/src/

[root@saltstack-mastersrc]# wget http://ufpr.dl.sourceforge.net/project/levent/release-2.0.22-stable/libevent-2.0.22-stable.tar.gz

[root@saltstack-mastersrc]# cp libevent-2.0.22-stable.tar.gz /srv/salt/prod/libevent/files/

#编写libevent部署SLS:

[root@saltstack-master~]# vim /srv/salt/prod/libevent/install.sls

libevent-source-install:

  file.managed:

    - name:/usr/local/src/libevent-2.0.22-stable.tar.gz

    - source:salt://libevent/files/libevent-2.0.22-stable.tar.gz

    - user: root

    - group: root

    - mode: 644

  cmd.run:

    - name: cd /usr/local/src/ && tarzxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable&& ./configure --prefix=/usr/local/libevent && make &&make install

    - unless: test -d /usr/local/libevent

    - require:

      - file: libevent-source-install

3.2.5 Memcached部署

[root@saltstack-master~]# cd /srv/salt/prod/memcached/files/

[root@saltstack-masterfiles]# wget http://memcached.org/files/memcached-1.4.27.tar.gz

#编写Memcached部署sls

[root@saltstack-masterfiles]# vim /srv/salt/prod/memcached/install.sls

include:

  - libevent.install

 

memcached-source-install:

  file.managed:

    - name: /usr/local/src/memcached-1.4.27.tar.gz

    - source:salt://memcached/files/memcached-1.4.27.tar.gz

    - user: root

    - group: root

    - mode: 644

  cmd.run:

    - name: cd /usr/local/src && tarzxf memcached-1.4.27.tar.gz && cd memcached-1.4.27 &&./configure --prefix=/usr/local/memcached -with-libevent=/usr/local/libevent&& make && make install

    - unless: test -d /usr/local/memcached

    - require:

      - cmd: libevent-source-install

      - file: memcached-source-install

3.2.6 Memcached服务

安装完毕Memcached后,需要启动Memcached,Memcached源码包中提供了init的服务器管理脚本,我们可以将Memcached的参数写入Memcached.conf里面,启动是调用即可。

[root@saltstack-masterfiles]# vim service.sls

include:

  - memcached.install

  - user.www

 

memcached-server:

  cmd.run:

    - name: /usr/local/memcached/bin/memcached-d -m 1024 -p 11211 -c 4096 -u www

    - unless: netstat -nltp | grep 11211

    - require:

      - cmd: memcached-source-install

      - user: www-user-group

 

memcached-daemon:

  cmd.run:

    - name: echo "/usr/local/memcached/bin/memcached-d -m 1024 -p 11211 -c 4096 -u www" >> /etc/rc.d/rc.local

    - unless: grep memcached /etc/rc.d/rc.local

#执行Memcached状态

#在top file对minion进行指定

base:

  '*':

    - init.env_init

prod:

  '*.example.com':

    - cluster.haproxy-service

    - cluster.haproxy-service-keepalived

  'saltstack-minion.example.com'

    - memcached.service

#测试

[root@saltstack-master~]# salt 'saltstack-minion.example.com' state.sls memcached.service test=Trueenv=prod

Summary

------------

Succeeded: 8 (unchanged=8,changed=2)

Failed:    0

------------

Total statesrun:     8

#执行

[root@saltstack-master~]# salt '*' state.highstate test=True

 

3.3 Nginx配置管理

Haproxy+Keepalived自动化配置完成之后,进行Nginx+PHP的自动化配置,同样使用源码包安装的方式进行编译安装。

编写稍微复杂的状态功能模块时,首先进行规划,包括如何设计目录结构,需要应用到那些状态模块和状态件的关系,是否需要Grains和Pillar等。

Nginx+PHP(FastCGI)需要安装的包首先由Nginx和PHP,需要进行编译安装,步骤如下:

1所有源码包的编译安装需要依赖一些基础软件包,像gcc、make,初始化环境编写的pkg-init.sls,需要的地方可以直接调用。

2源码编译安装Nginx是需要依赖PCRE,需要单独编写安装PCRE的模块,然后Nginx调用即可。

3注释:PCRE(Perl Compatible Regular Expressions)是一个Perl库,包括 perl 兼容的正则表达式库。这些在执行正规表达式模式匹配时用与Perl 5同样的语法和语义是很有用的。Boost太庞大了,使用boost regex后,程序的编译速度明显变慢。测试了一下,同样一个程序,使用boost::regex编译时需要3秒,而使用pcre不到1秒。因此改用pcre来解决C语言中使用正则表达式的问题

4需要编译安装PHP,同时除了PHP常用的模块外,还应该支持如Memcached和Redis这样的生产常用的第三方模块。

常用使用到的功能函数如下:

1使用状态模块:file、cmd、service

2使用状态间的关系:require、unless

3SLS之间的调用:include

#Master端 创建目录结构

[root@saltstack-master~]# mkdir -p /srv/salt/prod/pcre/files

[root@saltstack-master~]# mkdir -p /srv/salt/prod/nginx/files

[root@saltstack-master~]# mkdir -p /srv/salt/prod/php/files

#下载所需的源码包,并放到各个服务的files目录下:

[root@saltstack-masterfiles]# cd /srv/salt/prod/pcre/files/

[root@saltstack-masterfiles]# wget https://sourceforge.net/projects/pcre/files/pcre/8.39/pcre-8.39.tar.gz

#nginx

[root@saltstack-master~]# cd /srv/salt/prod/nginx/files/

[root@saltstack-masterfiles]# wget http://nginx.org/download/nginx-1.10.1.tar.gz

#php

[root@saltstack-master~]# cd /srv/salt/prod/php/files/

[root@saltstack-master~]# wget http://php.net/distributions/php-7.0.8.tar.gz

3.3.1 PCRE模块

PCRE模块主要是pcre的安装“

#Master端

  [root@saltstack-masterfiles]# cd /srv/salt/prod/pcre/

  [root@saltstack-masterpcre]# vim install.sls

pcre-install:

  file.managed:

    - name:/usr/local/src/pcre-8.39.tar.gz

    - source:salt://pcre/files/pcre-8.39.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/loca/src&& tar zxf pcre-8.39.tar.gz && cd pcre-8.39 &&./configure --prefix=/usr/local/pcre && make && make install

    - unless: test -d/usr/local/pcre

    - require:

      - file: pcre-install

3.3.2 Nginx模块

#Master端,编写部署nginx的SLS

[root@saltstack-masterpcre]# cd /srv/salt/prod/nginx

[root@saltstack-masternginx]# vim install.sls

include:

  - pcre.install

  - user.www

 

nginx-install:

  file.managed:

    - name: /usr/local/src/nginx-1.10.1.tar.gz

    - source: salt:/nginx/files/nginx-1.10.1.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src && tarzxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && ./configure--prefix=/opt/nginx --user=www --group=www --with-http_ssl_module--with-http_stub_status_module --with-file-aio --with-http_dav_module--with-pcre=/usr/local/src/pcre-8.39 && make && make install&& chown -R www:www /opt/nginx

    - unless: test -d /opt/nginx

    - require:

      - user: www-user-group

      - file: nginx-install

      - pkg: pkg-init

      - cmd: pcre-install

#sed -i -e's/1.10.1//g' -e 's/nginx\//WS/g' -e 's/"NGINX"/"WS"/g'/usr/local/src/nginx-1.10.1/src/core/nginx.h #hidden nginx version

 

#nginx配置文件,配置文件相关参数自行调整

[root@saltstack-masterfiles]# cd /srv/salt/prod/nginx/files/

    [root@saltstack-masterfiles]# vim nginx.conf

user  www www;

worker_processes  2;

 

error_log  logs/error.log;

#error_log  logs/error.log  notice;

#error_log  logs/error.log  info;

 

pid        logs/nginx.pid;

worker_rlimit_nofile65535;

 

events {

    use epoll;

    worker_connections  10240;

}

 

 

http {

    include       mime.types;

    default_type  application/octet-stream;

 

    log_format main  '$remote_addr - $remote_user[$time_local] "$request" '

                      '$status $body_bytes_sent"$http_referer" '

                     '"$http_user_agent" "$http_x_forwarded_for"';

 

    access_log off;

 

#append

    server_names_hash_bucket_size 128;

    client_header_buffer_size 32k;

    large_client_header_buffers 4 32k;

    client_max_body_size 50m;

 

    fastcgi_connect_timeout 300;

    fastcgi_send_timeout 300;

    fastcgi_read_timeout 300;

    fastcgi_buffer_size 64k;

fastcgi_buffer_size64k;

    fastcgi_buffers 4 64k;

    fastcgi_busy_buffers_size 128k;

    fastcgi_temp_file_write_size 256k;

 

    sendfile        on;

    tcp_nopush     on;

 

    keepalive_timeout  65;

 

    gzip on;

    gzip_min_length  1k;

    gzip_buffers     4 16k;

    gzip_http_version 1.1;

    gzip_comp_level 2;

    gzip_types     text/plain application/javascriptapplication/x-javascript text/javascript text/css application/xmlapplication/xml+rss;

    gzip_vary on;

    gzip_proxied   expired no-cache no-store private auth;

    gzip_disable   "MSIE [1-6]\.";

 

    tcp_nodelay on;

    server_tokens off;

 

    server {

        listen       80;

        server_name  127.0.0.1;

 

        #charset koi8-r;

 

        access_log  logs/host.access.log  main;

 

        location / {

            root   html;

            index  index.html index.htm;

        }

 

        error_page  404             /404.html;

location/nginx_status

        {

        stub_status on;

        access_log   off;

        allow 127.0.0.1

        deny all

        }

        # redirect server error pages to thestatic page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

 

        # proxy the PHP scripts to Apachelistening on 127.0.0.1:80

        #

        #location ~ \.php$ {

        #   proxy_pass   http://127.0.0.1;

        #}

 

        # pass the PHP scripts to FastCGIserver listening on 127.0.0.1:9000

        #

        #location ~ \.php$ {

        #   root           html;

        #   fastcgi_pass   127.0.0.1:9000;

        #   fastcgi_index  index.php;

        #   fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;

        #   include        fastcgi_params;

        #}

 

        # deny access to .htaccess files, ifApache's document root

        # concurs with nginx's one

        #

        #location ~ /\.ht {

        #   deny  all;

             # another virtual host using mix of IP-,name-, and port-based configuration

    #

    #server {

    #    listen      8000;

    #    listen      somename:8080;

    #    server_name somename  alias  another.alias;

 

    #    location / {

    #        root  html;

    #        index index.html index.htm;

    #    }

    #}

 

 

    # HTTPS server

    #

    #server {

    #    listen      443 ssl;

    #    server_name localhost;

 

    #    ssl_certificate      cert.pem;

    #    ssl_certificate_key  cert.key;

 

    #    ssl_session_cache    shared:SSL:1m;

    #    ssl_session_timeout  5m;

 

    #    ssl_ciphers HIGH:!aNULL:!MD5;

    #    ssl_prefer_server_ciphers  on;

 

    #    location / {

    #        root  html;

    #        index index.html index.htm;

    #    }

    #}

include vhost/*.conf;

}

 

#nginx daemon脚本

[root@saltstack-masterfiles]# vim nginx-init

#! /bin/sh

# chkconfig:2345 55 25

# Description:Startup script for nginx webserver on Debian. Place in /etc/init.d and

# run'update-rc.d -f nginx defaults', or use the appropriate command on your

# distro. ForCentOS/Redhat run: 'chkconfig --add nginx'

 

### BEGIN INITINFO

# Provides:          nginx

#Required-Start:    $all

#Required-Stop:     $all

#Default-Start:     2 3 4 5

#Default-Stop:      0 1 6

#Short-Description: starts the nginx web server

#Description:       starts nginx usingstart-stop-daemon

### END INITINFO

 

# Author:   shaonbean

 

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

NAME=nginx

NGINX_BIN=/opt/nginx/sbin/$NAME

CONFIGFILE=/opt/nginx/conf/$NAME.conf

PIDFILE=/opt/nginx/logs/$NAME.pid

 

case"$1" in

    start)

        echo -n "Starting $NAME... "

 

        if netstat -tnpl | grep -q nginx;then

            echo "$NAME (pid `pidof$NAME`) already running."

            exit 1

        fi

 

        $NGINX_BIN -c $CONFIGFILE

 

        if [ "$?" != 0 ] ; then

            echo " failed"

      exit 1

        else

            echo " done"

        fi

        ;;

 

    stop)

        echo -n "Stoping $NAME... "

 

        if ! netstat -tnpl | grep -q nginx;then

            echo "$NAME is notrunning."

            exit 1

        fi

 

        $NGINX_BIN -s stop

 

        if [ "$?" != 0 ] ; then

            echo " failed. Useforce-quit"

            exit 1

        else

            echo " done"

        fi

        ;;

 

    status)

        if netstat -tnpl | grep -q nginx; then

            PID=`pidof nginx`

            echo "$NAME (pid $PID) isrunning..."

        else

            echo "$NAME is stopped"

            exit 0

        fi

        ;;

 

    force-quit)

        echo -n "Terminating $NAME..."

echo -n "Terminating$NAME... "

 

        if ! netstat -tnpl | grep -q nginx;then

            echo "$NAME is notrunning."

            exit 1

        fi

 

        kill `pidof $NAME`

 

        if [ "$?" != 0 ] ; then

            echo " failed"

            exit 1

        else

            echo " done"

        fi

        ;;

 

    restart)

        $0 stop

        sleep 1

        $0 start

        ;;

 

    reload)

        echo -n "Reload service $NAME..."

 

        if netstat -tnpl | grep -q nginx; then

            $NGINX_BIN -s reload

            echo " done"

        else

            echo "$NAME is not running,can't reload."

            exit 1

        fi

        ;;

 

    configtest)

        echo -n "Test $NAME configurefiles... "

        $NGINX_BIN -t

       ;;

 

    *)

        echo "Usage: $0{start|stop|force-quit|restart|reload|status|configtest}"

        exit 1

        ;;

 

esac

#编写nginx服务sls

[root@saltstack-masterfiles]# vim /srv/salt/prod/nginx/service.sls

include:

  - nginx.install

 

nginx-init:

  file.managed:

    - name: /etc/init.d/nginx

    - source: salt://nginx/files/nginx-init

    - mode: 755

    - user: root

    - group: root

  cmd.run:

    - name: chkconfig --add nginx

    - unless: chkconfig --list | grep nginx

    - require:

      - file: nginx-init

 

nginx-conf:

  file.managed:

    - name: /opt/nginx/conf/nginx.conf

    - source: salt://nginx/files/nginx.conf

    - user: www

    - group: www

    - mode: 644

 

nginx-service:

  file.directory:

    - name: /opt/nginx/conf/vhost

    - require:

      - cmd: nginx-install

  service.running:

    - name: nginx

    - enable: True

    - reload: True

    - require:

      - cmd: nginx-init

    - watch:

      - file: /opt/nginx/conf/nginx.conf

#执行测试:

[root@saltstack-masterprod]# salt '*' state.sls nginx.install test=True env=prod

[root@saltstack-masterbase]# salt '*' state.highstate test=True

 

Summary

-------------

Succeeded: 59(unchanged=9, changed=4)

Failed:     0

-------------

Total statesrun:     59

#先配置top file

[root@saltstack-masterbase]# vim top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy-service

    - cluster.haproxy-service-keepalived

    - nginx.service

  'saltstack-minion.example.com':

    - memcached.service

3.3.3 PHP(FastCGI)配置管理

    编译PHP的源码,使用FastCGI模式,

[root@saltstack-masterbase]# cd /srv/salt/prod/php/

#编译安装php依赖包安装

#[root@saltstack-masterphp]# vim pkg-php-init.sls

pkg-php:

  pkg.installed:

    - names:

      - mysql-devel

      - openssl-devel

      - swig

      - libjpeg-turbo

      - libjpeg-turbo-devel

      - libpng

      - libpng-devel

      - freetype

      - freetype-devel

      - libxml2

      - libxml2-devel

      - zlib

      - zlib-devel

      - libcurl

      - libcurl-devel

      - php-pear

 

#php及插件安装

[root@saltstack-masterphp]# vim install.sls

include:

  - php.pkg-php-init

php-install:

  file.managed:

    - name: /usr/local/src/php-7.0.8.tar.gz

    - source: salt://php/files/php-7.0.8.tar.gz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src && tarzxf php-7.0.8.tar.gz && cd php-7.0.8&&  ./configure --prefix=/opt/php-fastcgi--with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd--with-iconv-dir --with-jpeg-dir --with-png-dir --with-zlib --enable-xml  --with-libxml-dir --with-curl --enable-bcmath--enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl--enable-mbstring --with-gd --enable-gd-native-ttf--with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets--with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache--enable-zip --with-config-file-path=/opt/php-fastcgi/etc --enable-fpm--with-fpm-user=www --with-fpm-group=www && make && makeinstall

   - require:

      - file: php-install

      - user: www-user-group

  - unless: test -d /opt/php-fastcgi

pdo-plugin:

  cmd.run:

    - name: cd/usr/local/src/php-7.0.8/ext/pdo_mysql/ && /opt/php-fastcgi/bin/phpize&& ./configure --with-php-config=/opt/php-fastcgi/bin/php-config&& make && make install

    - unless: test -f/opt/php-fastcgi/lib/php/extensions/*/pdo_mysql.so

    - require:

      - cmd: php-install

php-ini:

  file.managed:

    - name: /opt/php-fastcgi/etc/php.ini

    - source:salt://php/files/php.ini-production

    - user: root

    - group: root

    - mode: 644

php-fpm:

  file.managed:

    - name: /opt/php-fastcgi/etc/php-fpm.conf

    - source:salt://php/files/php-fpm.conf.default

    - user: root

    - group: root

    - mode: 644

php-config:

  file.managed:

    - name: /opt/php-fastcgi/etc/php-fpm.d/www.conf

    - source: salt://php/files/www.conf.default

    - user: root

    - group: root

    - mode: 644

php-fastcgi-service:

  file.managed:

    - name: /etc/init.d/php-fpm

    - source: salt://php/files/init.d.php-fpm

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: chkconfig --add php-fpm

    - unless: chkconfig --list | grep php-fpm

    - require:

      - file: php-fastcgi-service

  service.running:

    - name: php-fpm

    - enable: True

    - require:

      - cmd: php-fastcgi-service

    - watch:

      - file: php-ini

      - file: php-fpm

php-info:

  cmd.run:

    - name: echo "<?php phpinfo();?>" >> /opt/nginx/html/phpinfo.php

    - unless: test -f/opt/nginx/html/phpinfo.php

 

#测试执行

[root@saltstack-masterphp]# salt '*' state.sls php.pkg-php-init env=prod

[root@saltstack-masterphp]# salt '*' state.sls php.install test=True env=prod

Summary

-------------

Succeeded: 28

Failed:     0

-------------

Total statesrun:     28

#编写top file 指定minion

[root@saltstack-masterphp]# vim /srv/salt/base/top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy-service

    - cluster.haproxy-service-keepalived

    - nginx.service

    - php.install

  'saltstack-minion.example.com':

    - memcached.service

 

#

[root@saltstack-masterphp]# salt '*' state.highstate test=True

[root@saltstack-masterphp]# salt '*' state.highstate

 

#

3.3.4 PHP Redis模块安装

[root@saltstack-master ~]# cd /srv/salt/prod/php/files/

[root@saltstack-master files]# wget http://pecl.php.net/get/redis-3.0.0.tgz

[root@saltstack-master files]# cd /srv/salt/prod/php/

[root@saltstack-master php]# vim php-redis.sls

include:

  - php.install

 

redis-plugin:

  file.managed:

    - name:/usr/local/src/php-redis-3.0.0.tgz

    - source:salt://php/files/redis-3.0.0.tgz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src&& tar zxf php-redis-3.0.0.tgz && cd php-redis-3.0.0 &&/opt/php-fastcgi/bin/phpize && ./configure--with-php-config=/opt/php-fastcgi/bin/php-config && make &&make install

    - unless: test -f/opt/php-fastcgi/lib/php/extensions/*/redis.so

    - require:

      - file: redis-plugin

 

enable-redis:

  file.append:

    - name: /opt/php-fastcgi/etc/php.ini

    - text:

      - extension=redis.so

#PHP Memcache 插件安装

#[root@saltstack-master files]# wget http://pecl.php.net/get/memcache-3.0.8.tgz

[root@saltstack-master ~]# cd /srv/salt/prod/php/files/

[root@saltstack-master php]# vim php-memcache.sls

include:

  - php.install

 

memcached-plugin:

  file.managed:

    - name:/usr/local/src/php-memcached-3.0.8.tgz

    - source:salt://php/files/memcached-3.0.8.tgz

    - user: root

    - group: root

    - mode: 755

  cmd.run:

    - name: cd /usr/local/src&& tar zxf php-memcached-3.0.8.tgz && cd php-memcached-3.0.8&& /opt/php-fastcgi/bin/phpize && ./configure --enable-memcache--with-php-config=/opt/php-fastcgi/bin/php-config && make &&make install

    - unless: test -f/opt/php-fastcgi/lib/php/extensions/*/memcached.so

    - require:

      - file: memcached-plugin

 

enable-memcached:

  file.append:

    - name:/opt/php-fastcgi/etc/php.ini

    - text:

      - extension=memcached.so

 

3.5 业务模块

3.5.1 BBS论坛

使用Nginx+PHP(FastCGI)环境,使用Memcached作为缓存服务器,搭建简单的BBS论坛。

[root@saltstack-master~]# mkdir -p /srv/salt/prod/web/files

[root@saltstack-master files]# vim bbs.conf

server {

listen 2000;

root /opt/nginx/html;

index index.htm index.html index.php;

location ~ \.php\$

  {

     fastcgi_passunix:/opt/php-fastcgi/php-fpm.sock;

     fastcgi_index index.php

  include fastcgi.conf;

  }

}

 

#编写bbs sls

[root@saltstack-master files]# cd ..

[root@saltstack-master web]# vim bbs.sls

include:

  - php.install

  - nginx.service

 

web-bbs:

  file.managed:

    - name:/opt/nginx/conf/vhost/bbs.conf

    - source:salt://web/files/bbs.conf

    - user: root

    - group: root

    - mode: 644

    - require:

      - service:php-fastcgi-service

    - watch_in:

      - service: nginx-service

 

#修改top file,指定minion安装相应模块服务

[root@saltstack-master web]# vim /srv/salt/base/top.sls

base:

  '*':

    - init.env_init

prod:

  '*':

    - cluster.haproxy-service

    -cluster.haproxy-service-keepalived

    - web.bbs

  'saltstack-minion.example.com':

    - memcached.service

#到此完成中小型web架构案例编写,查看目录结构。

[root@saltstack-master ~]# tree /srv/salt/base/

/srv/salt/base/

├── init

│?? ├── config

│?? │?? ├── foo.conf

│?? │?? ├── minion

│?? │?? ├── resolv.conf

│?? │?? ├── sshd_config

│?? │?? ├── sysctl.conf

│?? │?? └── vimrc

│?? ├── cron.sls

│?? ├── del_cron.sls

│?? ├── dns.sls

│?? ├── env_init.sls

│?? ├── epel.sls

│?? ├── history.sls

│?? ├── log.sls

│?? ├── minion.sls

│?? ├── one.sls

│?? ├── ssh.sls

│?? ├── sysctl.sls

│?? ├── vim.sls

│?? └── yum.sls

├── _returners

│?? ├── local_return.py

│?? ├── mysql_return.py

│?? └── select

└── top.sls

 

#prod

[root@saltstack-master ~]# tree /srv/salt/prod

/srv/salt/prod

├── cluster

│   ├── files

│   │   ├── haproxy-service.cfg

│   │   └── haproxy-service-keepalived.conf

│   ├── haproxy-service-keepalived.sls

│   └── haproxy-service.sls

├── haproxy

│   ├── files

│   │   ├── haproxy-1.6.5.tar.gz

│   │   └── haproxy.init

│   └── install.sls

├── keepalived

│   ├── files

│   │   ├── keepalived-1.2.22.tar.gz

│   │   ├── keepalived.init

│   │   └── keepalived.sysconfig

│   └── install.sls

├── libevent

│   ├── files

│   │   └── libevent-2.0.22-stable.tar.gz

│   └── install.sls

├── memcached

│   ├── files

│   │   └── memcached-1.4.27.tar.gz

│   ├── install.sls

│   └── service.sls

├── nginx

│   ├── files

│   │   ├── nginx-1.10.1.tar.gz

│   │   ├── nginx.conf

│   │   ├── nginx.conf_bak

│   │   └── nginx-init

│   ├── install.sls

│   └── service.sls

├── pcre

│   ├── files

│   │   └── pcre-8.39.tar.gz

│   └── install.sls

├── php

│   ├── files

│   │   ├── init.d.php-fpm

│   │   ├── memcache-3.0.8.tgz

│   │   ├── php-7.0.8.tar.gz

│   │   ├── php-fpm.conf.default

│   │   ├── php.ini

│   │   ├── php.ini-production

│   │   ├── redis-3.0.0.tgz

│   │   └── www.conf.default

│   ├── install.sls

│   ├── php-memcache.sls

│   ├── php-redis.sls

│   └── pkg-php-init.sls

├── pkg

│   └── pkg-init.sls

├── user

│   └── www.sls

└── web

    ├── bbs.sls

    └── files

        └── bbs.conf

#测试执行

[root@saltstack-master ~]# salt '*' state.highstate test=True

[root@saltstack-master ~]# salt '*' state.highstate

Summary

-------------

Succeeded: 85 (changed=4)

Failed:     0

-------------

Total states run:     85

 

#先测试,在执行。

 

二、salt实现mysql准备及zabbix分布式监控

1.1、saltstack安装MySQL

环境准备:

MySQL-master

10.1.1.100

CentOS 6.8

 

Mysql-slave

10.1.1.101

CentOS 6.8

 

Zabbix-Server

10.1.1.103

CentOS 6.8

 

2.1、软件包下载

 wget -chttp://liquidtelecom.dl.sourceforge.net/project/boost/boost/1.59.0/boost_1_59_0.tar.gz-P /usr/local/src/

 wget -c http://git.typecodes.com/libs/ccpp/cmake-3.2.1.tar.gz

 wget -c http://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.12.tar.gz-P /usr/local/src/

#

root@saltstack-master[00:57:33]:~$mkdir -p/srv/salt/prod/mysql/files/

root@saltstack-master[00:58:20]:~$cd /srv/salt/prod/mysql/

root@saltstack-master[00:58:28]:/srv/salt/prod/mysql$vimpkg-install.sls

pkg-install:

  pkg.installed:

    - names:

      - gcc

      - gcc-c++

      - autoconf

      - automake

      - zlib-devel

      - ncurses

      - ncurses-devel

      - libtool-ltdl

      - libtool-ltdl-devel

      - libxml++

      - libxml++-devel

      - cmake

      - bison

#安装boost

root@saltstack-master[01:02:26]:/srv/salt/prod/mysql$vimboost-init.sls

  boost-init:                                                                                                                                                                     

    file.managed:

      - name:/usr/local/src/boost_1_59_0.tar.gz

      - source:salt://mysql/files/boost_1_59_0.tar.gz

    cmd.run:

      - name: cd/usr/local/src && tar zxf boost_1_59_0.tar.gz && mkdir -p/data/mysql/data && mv boost_1_59_0 /data/boost

      - unless: test -d /data/mysql

      - require:

        - file: boost-init

#安装MySQL

root@saltstack-master[01:04:06]:/srv/salt/prod/mysql$vim install.sls

include:                                                                                                                                                                        

    - mysql.pkg-install

    - mysql.boost-init

  

  mysql-user:

    user.present:

      - name: mysql

    group.present:

      - name: mysql

  

  mysql-init:

    file.managed:

      - name:/usr/local/src/mysql-5.7.12.tar.gz

      - source:salt://mysql/files/mysql-5.7.12.tar.gz

    cmd.run:

      - name: cd/usr/local/src && tar zxf mysql-5.7.12.tar.gz && cdmysql-5.7.12 && cmake -DCMAKE_INSTALL_PREFIX=/data/mysql -DMYSQL_DATADIR=/data/mysql/data-DSYSCONFDIR=/etc -D

      - unless: test -d/data/mysql/bin

      - require:

        - file: mysql-init

  

  mysql-conf:

    file.managed:

      - name: /etc/my.cnf

      - source:salt://mysql/files/my.cnf

  

  mysql-env:

    file.append:

      - name: /etc/profile

      - text:

        - exportPATH=/data/mysql/bin:$PATH

    cmd.run:

      - name: chown -Rmysql:mysql /data/mysql && chmod -R go-rwx /data/mysql/data &&source /etc/profile

      - require:

        - file: mysql-init

#mysql-log:

  #  file.directory:

  #    - name: /var/log/mysql

  #    - user: mysql

  #    - group: mysql

  #    - mode: 755

  

  mysql-daemon:

    file.managed:

      - name:/etc/init.d/mysqld

      - source:salt://mysql/files/mysql.server

    cmd.run:

      - name: chkconfig mysqldon && chmod +x /etc/init.d/mysqld 

      - require:

        - file: mysql-daemon

  

  mysql-service:

    cmd.run:

      - name:/etc/init.d/mysqld start

      - unless: ps -ef | grepmysqld | grep -v grep

    service.running:

      - name: mysqld

      - enable: True

      - require:

        - file: mysql-init

  

  #mysql-safe:

  #  cmd.run:

  #    - name: /data/mysql/bin/mysqld--initialize-insecure --user=mysql --basedir=/data/mysql--basedir=/data/mysql/data && mysqld_safe --user=mysql--datadir=/data/mysql/data/ -

  # initial mysql database

  # mysql_secure_installationit's important 

#files目录相关文件请准备好

root@saltstack-master[01:05:38]:/srv/salt/prod/mysql/files$ls

boost_1_59_0.tar.gz cmake-3.2.1.tar.gz  my.cnf  mysql-5.7.12.tar.gz  mysql.server url.txt

#详情参考github:https://github.com/wh211212/ops-saltstack

 

#测试

注意:建议测试的时候指定特定的env环境以及特定的sls文件,由于install.sls较多,建议注释全部,单个执行避免报错。

Mysql-master同步成功之后,同步mysql-slave,然后配置各自的my.cnf,实现mysql主从,参考我的博文Mysql主从同步实现,报错mysql5.6,5.7

博文链接:http://blog.sina.com.cn/s/blog_87113ac20102w3x7.html

 

#Saltstack结合zabbix实现自动监控服务器

设定zabbix的salt环境为dev

root@saltstack-master[01:11:09]:~$mkdir -p/srv/salt/dev/zabbix/files/

    base:

      - /srv/salt/base

  #   dev:

  #     - /srv/salt/dev/services

  #     - /srv/salt/dev/states

    prod:

      - /srv/salt/prod

  #     - /srv/salt/prod/states

    dev:

     - /srv/salt/dev   #新增

#修改master配置文件之后重启salt-master服务

#files目录下文件准备

root@saltstack-master[01:12:45]:/srv/salt/dev/zabbix/files$ls

my.cnf  services  url.txt zabbix-3.0.3.tar.gz zabbix_agentd  zabbix_agentd.conf  zabbix.conf.php  zabbix_server zabbix_server.conf

#Zabbix源码包下载

# wget http://jaist.dl.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/3.0.3/zabbix-3.0.3.tar.gz

#参考上面github链接

root@saltstack-master[01:14:01]:/srv/salt/dev/zabbix$catpkg-init.sls

zabbix-pkg-init:

  pkg.installed:

    - names:

      - net-snmp-devel

      - curl

      - libcurl-devel

      - gcc-c++

#      - mysql-devel

#saltstack同步zabbix-server的sls文件编写

include:                                                                                                                                                                        

    - zabbix.pkg-init

  

  zabbix-user:

    user.present:

      - name: zabbix

      - shell: /sbin/nologin

    group.present:

      - name: zabbix

  

  zabbix-server-init:

    file.managed:

      - name:/usr/local/src/zabbix-3.0.3.tar.gz

      - source:salt://zabbix/files/zabbix-3.0.3.tar.gz

      - unless: test -f/usr/local/src/zabbix-3.0.3.tar.gz

    cmd.run:

      - name: cd/usr/local/src && tar zxf zabbix-3.0.3.tar.gz && cdzabbix-3.0.3 && ./configure --prefix=/opt/zabbix --enable-server--enable-agent --with-libcurl --with-mysql=/d

      - unless: test -d/opt/zabbix

      - require:

        - file:zabbix-server-init

  

  zabbix-server-conf:

    file.managed:

      - name:/opt/zabbix/etc/zabbix_server.conf

      - source:salt://zabbix/files/zabbix_server.conf

  

  zabbix-agentd-conf:

    file.managed:

      - name:/opt/zabbix/etc/zabbix_agentd.conf

      - source:salt://zabbix/files/zabbix_agentd.conf

  

  zabbix-db-set:

    file.managed:

      - name: /root/.my.cnf

      - source:salt://zabbix/files/my.cnf

    cmd.run:

      - name:/data/mysql/bin/mysql -e "create database zabbix character set utf8collate utf8_bin;"  &&/data/mysql/bin/mysql -e "grant all privileges on zabbix.* to zabbix@local

      - unless:/data/mysql/bin/mysql -e "use zabbix;"

      - require:

        - file: zabbix-db-set

  

  zabbix-sql-set:

    cmd.run:

      - name: cd/usr/local/src/zabbix-3.0.3/database/mysql && /data/mysql/bin/mysql-uzabbix [email protected] zabbix < schema.sql && /data/mysql/bin/mysql-uzabbix [email protected] zabbi

      - unless:/data/mysql/bin/mysql -e "show create table zabbix.users"

   

  zabbix-port-set:

    file.managed:

      - name: /etc/services

      - source:salt://zabbix/files/services

  

  zabbix-log-set:

    file.directory:

      - name: /var/log/zabbix

      - unless: test -d/var/log/zabbix

    cmd.run:

      - name: chown -Rzabbix:zabbix /var/log/zabbix

      - unless: ls -l/var/log/zabbix | awk '/zabbix/{print $3"\t"$4}'

      - require:

        - file: zabbix-log-set

  

  zabbix-server-daemon:

    file.managed:

      - name:/etc/init.d/zabbix_server

      - source: salt://zabbix/files/zabbix_server

      - user: root

      - group: root

      - mode: 755

    cmd.run:

      - name: chkconfigzabbix_server on && ln -s /data/mysql/lib/libmysqlclient.so.20/usr/lib64/ && /etc/init.d/zabbix_server start

      - unless: ps -ef | grepzabbix_server | grep -v grep                                                                                                                        

      - require:

        - file:zabbix-server-daemon

zabbix-pid-set:             

    file.directory:          

      - name: /opt/zabbix/pid

      - unless: test -d/opt/zabbix/pid           

    cmd.run:                 

      - name: chown -Rzabbix:zabbix /opt/zabbix/pid

      - unless: ls -l/opt/zabbix/pid | awk '/zabbix/{print $3"\t"$4}'

      - require:             

        - file:zabbix-pid-set 

  

  zabbix-agentd-daemon:

    file.managed:

      - name:/etc/init.d/zabbix_agentd

      - source:salt://zabbix/files/zabbix_agentd

      - user: root

      - group: root

      - mode: 755

    cmd.run:

      - name: chkconfigzabbix_agentd on && /etc/init.d/zabbix_agentd start

      - unless: ps -ef | grepzabbix_agentd | grep -v grep

      - require:

        - file:zabbix-agentd-daemon

  

  zabbix-front-set:

    cmd.run:

      - name: cp -rf/usr/local/src/zabbix-3.0.3/frontends/php /opt/nginx/html/zabbix &&chown -R www:www /opt/nginx/html/zabbix

      - unless: test -d/opt/nginx/html/zabbix

  

  zabbix-conf-php:

    file.managed:

      - name: /opt/nginx/html/zabbix/conf/zabbix.conf.php

      - source:salt://zabbix/files/zabbix.conf.php

      - user: zabbix

      - group: zabbix

      - mode: 644

#saltstack实现同步zabbix-agent编写sls文件

  zabbix-agent-init:                                                                                                                                                              

    pkg.installed:

      - name: gcc-c++

    user.present:

      - name: zabbix

      - shell: /sbin/nologin

    group.present:

      - name: zabbix

    file.managed:

      - name:/usr/local/src/zabbix-3.0.3.tar.gz

      - source:salt://zabbix/files/zabbix-3.0.3.tar.gz

      - unless: test -f/usr/local/src/zabbix-3.0.3.tar.gz

    cmd.run:

      - name: cd/usr/local/src && tar zxf zabbix-3.0.3.tar.gz && cdzabbix-3.0.3 && ./configure --prefix=/opt/zabbix --enable-agent&& make && make install

      - unless: test -d/opt/zabbix

      - require:

        - file:zabbix-agent-init

  

  zabbix-agentd-conf:

    file.managed:

      - name:/opt/zabbix/etc/zabbix_agentd.conf

      - source:salt://zabbix/files/zabbix_agentd.conf

      - require:

        - file:zabbix-agent-init

       

  zabbix-port-set:

    file.managed:

      - name: /etc/services

      - source:salt://zabbix/files/services

       

  zabbix-log-set:

    file.directory:

      - name: /var/log/zabbix

      - unless: test -d/var/log/zabbix

    cmd.run:

      - name: chown -Rzabbix:zabbix /var/log/zabbix

      - unless: ll /var/log/zabbix/| grep zabbix*

      - require:

        - file: zabbix-log-set

 

  zabbix-pid-set:            

    file.directory:          

      - name: /opt/zabbix/pid

      - unless: test -d/opt/zabbix/pid           

    cmd.run:                 

      - name: chown -Rzabbix:zabbix /opt/zabbix/pid

      - unless: ll/opt/zabbix/pid | grep zabbix*

      - require:             

        - file: zabbix-pid-set

  

  zabbix-agentd-daemon:

    file.managed:

      - name:/etc/init.d/zabbix_agentd

      - source: salt://zabbix/files/zabbix_agentd

      - user: root

      - group: root

      - mode: 755

    cmd.run:

      - name: chkconfigzabbix_agentd on && /etc/init.d/zabbix_agentd start

      - unless: ps -ef | grepzabbix_agentd | grep -v grep

      - require:

        - file:zabbix-agentd-daemon     

#

你可能感兴趣的:(saltstack)