概述

saltstack是一个服务器基础设施管理工具,它具有配置管理、远程执行、监控等功能。saltstack由python语言编写,是非常简单易用和轻量级的管理工具。

saltstack原理

saltstack由master和minion构成,Master是服务端,表示一台服务器;Minion是客户服务端,表示多台服务器。在Master上发送命令给符合条件的Minion,Minion就会执行相应的命令,Master和Minion之间通过ZeroMQ(消息队列)进行通信的。

SaltStack常用模块

  • pkg模块:包管理,包括增删更新。
  • file模块:管理文件操作,包括同步文件、设置文件权限和所属用户组、删除文件等操作。
  • cmd模块:在Minion上执行命令或者脚本。
  • user模块:管理系统账号操作。
  • service模块:管理系统服务操作。
  • cron模块:管理cron服务操作。

SaltStack批量部署并配置Apache

部署环境

三台服务器的部署参数如表所示:
自动化运维之saltstack

操作步骤

1.SaltStack安装

1)设置三台服务器的名称和hosts文件,重启服务器便于系统识别。

master:
[root@master salt]# vim /etc/hostname 
master.saltstack.com
[root@master salt]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com

minion1:
[root@web01 ~]# vim /etc/hostname 
web01.saltstack.com
[root@web01 ~]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com

minion2:
[root@web01 ~]# vim /etc/hostname 
web02.saltstack.com
[root@web01 ~]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com
~                                   

2)三台服务上都需要安装epel源

[root@master salt]# yum install epel-release -y

3)在主控端(master)上安装saltstack软件。

[root@master salt]# yum install salt-master -y

4)配置主控端文件/etc/salt/master。

[root@master salt]# vim /etc/salt/master 
interface: 192.168.126.138          #15行      /监听地址本地地址

auto_accept: True    #215行      /自动认证被控端的认证

file_roots:          #416行       /saltstack文件根目录位置,注意这个目录默认是没有的,需要创建。
  base:
    - /srv/salt

pillar_roots:      #529行       /修改pillar的主目录,需要创建。
  base:
    - /srv/pillar

pillar_opts: True    #552行     /开启pillar功能

nodegroups:          #710行       /组的分类
  group1: 'web01.saltstack.com'
  group2: 'web02.saltstack.com'

5)查看主控端修改的内容

[root@master ~]#  cat /etc/salt/master | grep -v ^$ | grep -v ^#
interface: 192.168.126.138
auto_accept: True
file_roots:
  base:
    - /srv/salt
pillar_roots:
  base:
    - /srv/pillar
pillar_opts: True
nodegroups:
  group1: 'web01.saltstack.com'
  group2: 'web02.saltstack.com'

6)创建salt根目录及pillar目录

[root@master ~]# mkdir /srv/salt  
[root@master ~]# mkdir /srv/pillar

7)开启salt-master服务并查看4505端口和4506端口是否开启

[root@master ~]#systemctl stop firewalld.service
[root@master ~]#setenforce 0
[root@master ~]#systemctl start salt-master.service
[root@master ~]# netstat -ntap | egrep '4505|4506'
tcp        0      0 192.168.126.138:4505    0.0.0.0:*               LISTEN      5918/python         
tcp        0      0 192.168.126.138:4506    0.0.0.0:*               LISTEN      5936/python 

8)在两台被控端(minion)上安装saltstack软件

[root@web01 ~]#yum install salt-minion -y

9)配置两台被控端配置文件/etc/salt/minion

[root@web01 ~]#vim /etc/salt/minion   
master: 192.168.126.138      #16行     /指定主控端IP

id: web01.saltstack.com      #78行     /指定被控主机名  

10)分别启动两台被控端服务

[root@web01 ~]#systemctl stop firewalld.service
[root@web01 ~]#setenforce 0
[root@web01 ~]#systemctl start salt-minion.service 

11)测试主控端与被控端的通信状态

[root@master ~]# salt '*' test.ping 
web01.saltstack.com:
    True
web02.saltstack.com:
    True

2.saltstack批量部署Apache

1)修改配置文件/etc/salt/master

[root@master ~]# vim /etc/salt/master
file_roots:
   base:
       - /srv/salt/

注意:环境:base、dev(开发环境)、test(测试环境)、prod(生成环境)

2)创建top.sls文件并写入以下内容

[root@master ~]# vim /srv/salt/top.sls

base:
  '*':        #表示在所有的客户端执行apache模块
   - apache
~                    

3)创建apache.sls文件并写入以下内容

[root@master ~]# vim /srv/salt/apache.sls

apache-service:
 pkg.installed:
   - names:
     - httpd
     - httpd-devel
 service.running:
   - name: httpd
   - enable: True

4)重启salt-master服务

[root@master ~]#systemctl restart salt-master

5)刷新state配置命令,让两台被控端去执行安装apache并配置。

[root@master salt]# salt '*' state.highstate
web02.saltstack.com:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 15:41:54.228461
    Duration: 157517.576 ms
     Changes:   
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-3.el7_4.1
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 15:44:31.928768
    Duration: 61210.573 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-3.el7_4.1
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-gssapi:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-lib:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-md5:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-plain:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-scram:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
                      5.3.21-20.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
                      5.3.21-20.el7
              openldap:
                  ----------
                  new:
                      2.4.44-15.el7_5
                  old:
                      2.4.44-5.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-15.el7_5
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 15:45:33.717897
    Duration: 4787.005 ms
     Changes:   
              ----------
              httpd:
                  True

Summary
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
web01.saltstack.com:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 15:41:54.383424
    Duration: 157125.605 ms
     Changes:   
              ----------
              apr:
                  ----------
                  new:
                      1.4.8-3.el7_4.1
                  old:
              apr-util:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              httpd:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: pkg.installed
        Name: httpd-devel
      Result: True
     Comment: The following packages were installed/updated: httpd-devel
     Started: 15:44:31.684541
    Duration: 63010.684 ms
     Changes:   
              ----------
              apr-devel:
                  ----------
                  new:
                      1.4.8-3.el7_4.1
                  old:
              apr-util-devel:
                  ----------
                  new:
                      1.5.2-6.el7
                  old:
              cyrus-sasl:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-devel:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
              cyrus-sasl-gssapi:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-lib:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-md5:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-plain:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              cyrus-sasl-scram:
                  ----------
                  new:
                      2.1.26-23.el7
                  old:
                      2.1.26-21.el7
              expat-devel:
                  ----------
                  new:
                      2.1.0-10.el7_3
                  old:
              httpd-devel:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              libdb:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
                      5.3.21-20.el7
              libdb-devel:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
              libdb-utils:
                  ----------
                  new:
                      5.3.21-24.el7
                  old:
                      5.3.21-20.el7
              openldap:
                  ----------
                  new:
                      2.4.44-15.el7_5
                  old:
                      2.4.44-5.el7
              openldap-devel:
                  ----------
                  new:
                      2.4.44-15.el7_5
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 15:45:35.659786
    Duration: 4142.607 ms
     Changes:   
              ----------
              httpd:
                  True

Summary
------------
Succeeded: 3 (changed=3)
Failed:    0
------------
Total states run:     3
通过执行结果看到了三个ID,它们相当于三个任务,第一个安装,第二个配置,第三个启动。而且显示三个都成功了,失败为零。

6)查看被控端httpd是否安装80端口是否开启

[root@web02 ~]# rpm -q httpd
httpd-2.4.6-80.el7.centos.1.x86_64
[root@web02 ~]# netstat -ntap | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      4550/httpd 

[root@web01 ~]# rpm -q httpd
httpd-2.4.6-80.el7.centos.1.x86_64
[root@web01 ~]# netstat -ntap | grep 80
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1280/dnsmasq        
tcp6       0      0 :::80                   :::*                    LISTEN      4688/httpd 

部署成功