Saltstack的安裝部署
一、實驗環境
vir1 master 172.25.18.21
vir2 minion 172.25.18.22
vir3 minion 172.25.18.23
二、saltstack快速安裝
為了安裝saltstack的一些包,首先要擴充套件YUM源。
[root@vir1 ~]# cat /etc/yum.repos.d/yum.repo
[rhel6]
name="YUM 6"
baseurl=http://172.25.18.18/rhel6 ##這是真實主機的路徑
enabled=1
gpgcheck=0
[[email protected] ~]# yum repolist
repo id repo name status
Yum "YUM 7.3" 4,751
rhel7 "YUM 7" 19
repolist: 4,770
安裝並啟動salt-master
[root@vir1 ~]# yum install -y salt-master
[root@vir1 ~]# systemctl restart salt-master
在minion端:
[root@vir1 ~]# yum install -y salt-minion
[root@vir2 ~]# vim /etc/salt/minion ##slave端配置檔案
master: 172.25.18.21
[root@vir2 ~]# systemctl start salt-minion
SaltStack認證
建立連線:
[root@vir1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
vir2
Rejected Keys:
[root@vir1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
vir2
Proceed? [n/Y] Y
Key for minion vir2 accepted.
salt-key :
# List all accepted, unaccepted and rejected minion keys:
salt-key -L
# Accept a minion key by name:
salt-key -a MINION_ID
# Reject a minion key by name:
salt-key -r MINION_ID
# Print fingerprints of all public keys:
salt-key -F
測試一下saltstack:
[[email protected] ~]# salt vir2 test.ping
vir2:
True
[[email protected] ~]# salt vir2 cmd.run hostname
vir2:
vir2
##再開一臺minion測下
[[email protected] haproxy]# salt vir? test.ping
vir2:
True
vir1:
True
[[email protected] haproxy]# salt vir* test.ping
vir1:
True
vir2:
True
[[email protected] ~]# salt vir2 cmd.run 'df -h'
vir2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 17G 1.2G 16G 7% /
devtmpfs 234M 0 234M 0% /dev
tmpfs 245M 12K 245M 1% /dev/shm
tmpfs 245M 4.5M 240M 2% /run
tmpfs 245M 0 245M 0% /sys/fs/cgroup
/dev/vda1 1014M 139M 876M 14% /boot
tmpfs 49M 0 49M 0% /run/user/0
通過測試,salt master可以訪問控制minion端。而且public key也被master接受到。 Salt master 重啟或 Salt minion 解除驗證後,該可變動的 AES 金鑰均會自動更新。
[root@vir1 ~]# md5sum /etc/salt/pki/master/master.pub
9c1d3238bf403fdfcd6e2a287299f36d /etc/salt/pki/master/master.pub
[root@vir2 salt]# md5sum /etc/salt/pki/minion/minion_master.pub
9c1d3238bf403fdfcd6e2a287299f36d /etc/salt/pki/minion/minion_master.pub
[[email protected] master]# tree .
.
├── master.pem
├── master.pub
├── minions
│ └── vir2
├── minions_autosign
├── minions_denied
├── minions_pre
└── minions_rejected
三、SLS檔案編寫:
SLS(代表SaLt State檔案)是Salt State系統的核心。SLS描述了系統的目標狀態,由格式簡單的資料構成。
本次以apache&php為例:
首先設定salt管理的root路徑
[root@vir1 master]# vim /etc/salt/master
##開啟master'
file_roots:
base:
- /srv/salt
[root@vir1 master]# mkdir /srv/salt
[root@vir1 salt]# mkdir httpd
##安裝apache
[root@vir1 salt]# vim httpd/install.sls
apache-install:
pkg.installed: ##注意格式,不能使用Tab鍵
- pkgs:
- httpd
- php
啟動服務並更改配置檔案等
[root@vir1 salt]# yum install python-setproctitle.x86_64 -y ##用於修改程序
[root@vir1 httpd]# mkdir files ##建立目錄存放SLS執行需要使用到的配置,安裝包等
[root@vir1 httpd]# ls
files install.sls
##配置檔案並且修改埠測試
[root@vir2 salt]# scp /etc/httpd/conf/httpd.conf vir1:/srv/salt/httpd/files/
[root@vir1 httpd]# vim files/httpd.conf
Listen 8080
##注意:此時兩個檔案的md5校驗碼不同
[root@vir2 salt]# md5sum /etc/httpd/conf/httpd.conf f5e7449c0f17bc856e86011cb5d152ba /etc/httpd/conf/httpd.conf
[root@vir1 httpd]# md5sum files/httpd.conf
04e9239e7bd5d5b9b85864226d60eee5 files/httpd.conf
[[email protected] httpd]# vim install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php ##安裝的包
##配置檔案
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
##開啟服務
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[[email protected] httpd]# systemctl restart salt-master
[[email protected] httpd]# salt vir2 state.sls httpd.install
vir2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 23:06:56.411742
Duration: 485.055 ms
Changes:
----------
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:06:56.932617
Duration: 24.896 ms
Changes:
----------
diff:
---
+++
@@ -39,7 +39,7 @@
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-install
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 23:06:56.958266
Duration: 169.688 ms
Changes:
----------
httpd:
True
Summary for vir2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 679.639 ms
顯示httpd安裝成功,我們再測試一下埠和服務狀態:
[root@vir2 salt]# systemctl status httpd | grep Active
Active: active (running) since Thu 2018-08-16 23:06:57 EDT; 23s ago
[root@vir2 salt]# netstat -antlp | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 12666/httpd
而且,檔案的md5 checksums都一致了。
[root@vir1 httpd]# md5sum files/httpd.conf
04e9239e7bd5d5b9b85864226d60eee5 files/httpd.conf
[root@vir2 salt]# md5sum /etc/httpd/conf/httpd.conf 04e9239e7bd5d5b9b85864226d60eee5 /etc/httpd/conf/httpd.conf
四、使用SaltStack搭建Haproxy叢集
使用原始碼安裝Nginx:
[[email protected] salt]# mkdir nginx
[[email protected] salt]# vim nginx/install.sls
nginx-install:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- gcc ##依賴的安裝包
file.managed: ##將nginx安裝包從source路徑傳送到minion端
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module && make && make install && ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx
- creates: /usr/local/nginx
[[email protected] salt]# salt vir2 state.sls nginx.install
vir2:
----------
ID: nginx-install
Function: pkg.installed
Result: True
Comment: 3 targeted packages were installed/updated.
Started: 02:03:28.277506
Duration: 26908.018 ms
Changes:
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.14.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.14.0.tar.gz updated
Started: 02:03:55.188380
Duration: 189.225 ms
Changes:
----------
diff:
New file
mode:
0644
----------
ID: nginx-install
Summary for vir2
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 54.129 s
除了編譯,還需要新增nginx使用者:
[[email protected] salt]# vim nginx/nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- uid: 800
- gid: 800
[[email protected] salt]# salt vir2 state.sls nginx.nginx
vir2:
----------
ID: nginx-group
Function: group.present
Name: nginx
Result: True
Comment: New group nginx created
Changes:
----------
gid:
800
members:
name:
nginx
passwd:
x
----------
ID: nginx-user
Function: user.present
Name: nginx
Result: True
Changes:
----------
fullname:
gid:
800
groups:
- nginx
home:
/home/nginx
homephone:
name:
nginx
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
800
workphone:
Summary for vir2
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 663.453 ms
Haproxy配置
[root@vir1 salt]# pwd
/etc/salt
[root@vir1 salt]# mkdir /srv/salt/haproxy
[root@vir1 salt]# cd haproxy/
[root@vir1 haproxy]# mkdir files
[root@vir1 haproxy]# cp /etc/haproxy/haproxy.cfg ./files/
[root@vir1 haproxy]# vim install.sls
[root@vir1 haproxy]# vim install.sls
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
[root@vir1 haproxy]# vim files/haproxy.cfg
frontend main *:80
default_backend app
backend app
balance roundrobin
server app1 172.25.18.2:80 check
server app2 172.25.18.3:80 check
[root@vir1 haproxy]# cd ..
[root@vir1 salt]# vim /srv/salt/top.sls
base:
‘vir1’:
- haproxy.install
'vir2':
- httpd.install
'vir3':
- nginx.service
[root@vir1 haproxy]# salt master state.sls haproxy.install
五、grains配置
[[email protected] haproxy]# salt vir2 grains.item ipv4
vir2:
----------
ipv4:
- 127.0.0.1
- 172.25.18.22
[[email protected] haproxy]# salt vir2 grains.item os
vir2:
----------
os:
RedHat
[[email protected] mnt]# vim /etc/salt/minion
grains:
roles:
- apache
[[email protected] mnt]# systemctl restart salt-minion
[[email protected] haproxy]# salt '*' grains.item roles
vir2:
----------
roles:
- apache
vir3:
----------
roles:
vir1:
----------
[[email protected] srv]# vim /etc/salt/grains
[[email protected] srv]# systemctl restart salt-minion
roles:
nginx
[[email protected] haproxy]# salt '*' grains.item roles
vir1:
----------
roles:
vir2:
----------
roles:
- apache
vir3:
----------
roles:
nginx
[[email protected] salt]# mkdir _grains
[[email protected] salt]# cd _grains/
[[email protected] _grains]# vim grains.py
---==---==---==---==---==---==---==---==---==---==---==---==
#!/usr/bin/enc python
def my_grains():
grains = {}
grains['hello'] = 'kitty'
grains['west'] = 'cow'
return grains
---==---==---==---==---==---==---==---==---==---==---==---==
[[email protected] _grains]# salt vir2 saltutil.sync_grains
vir2:
- grains.grains
[[email protected] _grains]# salt vir2 grains.item hello
vir2:
----------
hello:
kitty
[[email protected] _grains]# salt '*' grains.item west
vir3:
----------
west:
vir2:
----------
west:
cow
vir1:
----------
west:
[[email protected] httpd]# cat install.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ grains['ipv4'][-1] }}
port: 8080
[[email protected] httpd]# salt minion1 state.sls httpd.install
六、pillar
pillar和grains不一樣,pillar是在master上定義的,並且是針對minion定義的資訊,他不需要到minion上進行操作。 像一些重要的資料密碼都可以儲存在pillar上,pillar儲存的是動態資訊。 |
pillar是儲存在master端,快取在minion端,儲存的是minion的一些配置資訊。
- pillar是儲存在master端,快取在minion端,儲存的是minion端的配置資訊,是動態資料,不需要在minion上操作。需要在master的配置檔案上開啟pillar,並給每個pillar定義一個top入口。
- grains是儲存在minion端,快取在master端,儲存的是minion在剛啟動時收集的靜態資料,如系統、cpu、記憶體等資訊。需要在minion上定義grains。
[root@vir1 pillar]# vim /etc/salt/master
pillar_roots: ##新增pillar根路徑
base:
- /srv/pillar
[[email protected] pillar]# vim top.sls
base:
'*':
- web.install
[[email protected] pillar]# salt '*' saltutil.refresh_pillar
vir3:
True
vir2:
True
vir1:
True
[[email protected] pillar]# salt '*' pillar.items
vir1:
----------
vir2:
----------
webserver:
httpd
vir3:
----------
webserver:
nginx
[root@vir1 pillar]# vim web/install.sls
{% if grains['fqdn'] == 'vir2' %}
webserver: httpd
{% elif grains['fqdn'] == 'vir3' %}
webserver: nginx
{% endif %}
[root@vir1 pillar]# salt -G 'roles:apache' test.ping
vir2:
True
[root@vir1 pillar]# salt -G 'roles:nginx' test.ping
vir3:
True
[[email protected] pillar]# salt -I 'webserver:httpd' test.ping
vir2:
True
[[email protected] pillar]# salt -I 'webserver:nginx' test.ping
vir3:
True
七、Jinja模板
Jinja2是Python下一個被廣泛應用的模版引擎。這是使用jinja模板在進行
[[email protected] pillar]# vim /srv/salt/httpd/install.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf: ##配置檔案
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.18.2 ##檔案中新增的變數,便於批量管理
port: 8080
[[email protected] salt]# vim httpd/files/httpd.conf
Listen {{ bind }}:{{ port }}
[[email protected] salt]# salt vir2 state.sls httpd.install
vir2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 05:57:12.068949
Duration: 580.286 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 05:57:12.649426
Duration: 0.55 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 05:57:12.652392
Duration: 59.618 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 05:57:12.712211
Duration: 36.321 ms
Changes:
Summary for vir2
------------
Succeeded: 4
Failed: 0
------------
Total states run: 4
Total run time: 676.775 ms
再minion端檢測:
[root@vir2 mnt]# netstat -antlup | grep :80
tcp6 0 0 :::8080 :::* LISTEN 12666/httpd
前面是直接在salt state檔案中更改,除此之外,可以另外寫一個SLS,再匯入配置中,效果相同。
[[email protected] httpd]# vim lib.sls
[[email protected] httpd]# cat lib.sls
{% set port = 80 %}
[[email protected] httpd]# cat install.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.54.2
port: 8080
[[email protected] httpd]# vim files/httpd.conf
{% from 'httpd/lib.sls' import port with context %} ##在首行新增
[[email protected] httpd]# salt minion1 state.sls httpd.install
+==+==+==+==+==+==+==+==+==+==+==+==+==+==+==+==
[[email protected] minion]# cat /etc/httpd/conf/httpd.conf | head -n 137 | tail -n 1
Listen 172.25.54.2:80
[[email protected] minion]#
相關推薦
saltstack安裝部署與入門使用
部署 centos6x saltstack 一、saltstack簡介 SaltStack 一種基於 C/S 架構的服務器基礎架構集中化管理平臺,管理端稱為 Master,客戶端稱為 Minion。SaltStack 具備配置管理、遠程執行、監控等功能,一般可以理解為是簡化版的 Puppe
1-saltstack安裝部署
art ping raw div hostname cti special ast color master端安裝 rpm -ivh https://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm y
自動化運維工具---SaltStack安裝部署及簡單案例
com 常用模塊 分類 fire thead 批量部署 配置 出現 nio SaltStack原理 SaltStack由Master(服務端)和Minion(客戶端)組成,Master和Minion之間通過ZeroMQ(消息隊列)進行通訊,Master和Minion分別監
自動化運維saltstack 安裝部署以及一鍵部署實現負載均衡
saltstack介紹 SaltStack是一個伺服器基礎架構集中化管理平臺,SaltStack基於Python語言實現,也是基於C/S架構,結合輕量級訊息佇列(ZeroMQ)與Python第三方模組(Pyzmq、PyCrypto、Pyjinjia2、pyth
Saltstack批量安裝部署Zabbix代理(附zabbix自動註冊詳解)
自動化 zabbix 運維 新上線的服務器需要部署zabbix客戶端,並且加入到zabbix監控中,由於新服務器數量較大,所以采用全自動安裝部署,文中使用了saltstack的批量部署和zabbix的自動註冊結合完成全部需求環境介紹:Centos6.5saltstack 2015.5.10
saltstack 與常用服務部署 常用服務安裝部署
常用服務安裝部署 學了前面的Linux基礎,想必童鞋們是不是更感興趣了?接下來就學習常用服務部署吧! 安裝環境: centos7 + vmware + xshell 即將登場的是: mysql(mariadb) redis
Saltstack自動化安裝部署httpd,php
一.Saltstack簡介 SaltStack是一個伺服器基礎架構集中化管理平臺,具備配置管理、遠端執行、監控等功能,基於Python語言實現,結合輕量級訊息佇列 (ZeroMQ)與Python第三方模組構建。通過部署SaltStack,我們可以在成千上萬臺伺服
Saltstack的安裝部署
一、實驗環境 vir1 master 172.25.18.21 vir2 minion 172.25.18.22 vir3 minion 172.25.18.23 二、saltstack快速安裝 為了安裝saltstack的一些包,
fuel6.0安裝部署
信息 記錄 修改 ont pan compute spl auto 網絡配置 在經過一系列安裝openstack方式後,個人覺得fuel的安裝方式相對簡易,接下來記錄下安裝部署fuel6.0的過程。本教程適合想把fuel6.0部署後,雲主機需要連接外網的需求。 安裝
【原創 Spark動手實踐 1】Hadoop2.7.3安裝部署實際動手
dmi 遠程 nag proc host 一個 error img 連接 目錄: 第一部分:操作系統準備工作: 1. 安裝部署CentOS7.3 1611 2. CentOS7軟件安裝(net-tools, wget, vim等) 3. 更新CentOS
saltstack 安裝
zip yum安裝 覆蓋 需要 messages 基本配置 tar 開機 locale centos 6.5 saltstack 2015.5.10 (Lithium) tips:上個版本2015.5.3或者5.5有個bug,Python調用salt的unzip模塊報錯;
LNP 安裝部署
lnp一、安裝nginx1.安裝依賴包:yum install openssl openssl-devel pcre GeoIP perl-devel perl perl-ExtUtils-Embed GeoIP-devel libatomic libatomic_ops-devel2.安裝zlibtar -
Unity3D中tolua的“安裝部署和使用“教程
替換 部署 ref 比對 text asset gin 系統 .com 棄坑Cocos2d-x,轉戰Unity3D 考慮到項目一定會使用熱更,花了不少時間比對了lua的支持方案,最後定為tolua,原因不解釋。 俗話說,萬事開頭難,中間難,最後難……我反正是沒有找到如何安裝
saltstack安裝+基本命令
download 查看 pac 部分 接收 ping tab ask rest 環境: node1:172.16.1.60 OS:centos 7.3 master hostname:centos7u3-1 node2:172.16.1.61 OS:centos 7.3
hadoop分布式安裝部署具體視頻教程(網盤附配好環境的CentOS虛擬機文件/hadoop配置文件)
down hdf lan nag home 開機啟動 prop baidu ifcfg-eth 參考資源下載:http://pan.baidu.com/s/1ntwUij3視頻安裝教程:hadoop安裝.flvVirtualBox虛擬機:hadoop.part1-part
Confluence 安裝部署
all extract pro 技術分享 create read 1-1 expr starting Confluence安裝與部署 下載安裝包及破解包 安裝包下載地址:https://www.atlassian.com/software/confluence/down
ZooKeeper安裝部署
sa0x01 簡介Zookeeper是一個很好的集群管理工具,被大量用於分布式計算。如Hadoop以及Storm系統中。Apache ZooKeeper是一個為分布式應用所設計開源協調服務,其設計目是為了減輕分布式應用程序所承擔的協調任務。可以為用戶提供同步、配置管理、分組和命名服務。0x02 環境說明在三臺
zookeeper與kafka安裝部署及java環境搭建
3.4 項目目錄 tin bytes result zxvf util ise cat 1. ZooKeeper安裝部署 本文在一臺機器上模擬3個zk server的集群安裝。 1.1. 創建目錄、解壓 cd /usr/ #創建項目目錄 mkdir zookeepe
ELK 日誌服務器安裝部署
搜索引擎 應用程序 服務器 安全性 數據源 高清原文 烏龜運維 wuguiyunwei.com簡單介紹:ELK是三個開源工具組成,簡單解釋如下:Elasticsearch是個開源分布式搜索引擎,它的特點有:分布式,零配置,自動發現,索引自動分片,索引副本機制,restful風格接口,多數據
openfire 安裝部署
doc 系統啟動 clas mpp 壓縮 resource 7月 article 管理 1. openfire安裝和配置 本文介紹openfire 在linux上安裝部署過程 linux上有兩種安裝方式,一個是RPM包方式。還有一個是tar.gz壓縮包方式,