saltstack 安装和基本配置使用

原创

霍金181 2018-11-04 16:31:10 ©著作权

文章标签 请填标签 文章分类 运维

©著作权归作者所有：来自51CTO博客作者霍金181的原创作品，请联系作者获取转载授权，否则将追究法律责任

环境： rhel6.5 server1master server2 minion server3 minion 配置yum安装包：rhel6 [root@server1 ~]# yum install salt-master [root@server1 ~]# /etc/init.d/salt-master start [root@server2 ~]# yum install salt-minion [root@server2 ~]# vim /etc/salt/minion master: 172.25.135.1 [root@server2 ~]# /etc/init.d/salt-minion start [root@server1 ~]# salt-key -A The following keys are going to be accepted: Unaccepted Keys: server2 Proceed? [n/Y] y Key for minion server2 accepted. [root@server1 ~]# salt-key -L Accepted Keys: server2 Denied Keys: Unaccepted Keys: Rejected Keys: [root@server1 ~]# salt server2 test.ping server2: True [root@server1 ~]# salt server2 cmd.run hostname server2: server2 [root@server1 ~]# salt server2 cmd.run df server2: Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/vg_server0-lv_root 18102140 2078072 15104516 13% / tmpfs 510200 16 510184 1% /dev/shm /dev/vda1 495844 34532 435712 8% /boot [root@server1 ~]# salt server2 cmd.run poweroff #测试关机 server2: [root@server1 ~]# vim /etc/salt/master [root@server1 ~]# cd /srv/salt/ [root@server1 salt]# ls [root@server1 salt]# mkdir apache [root@server1 salt]# cd apache/ [root@server1 apache]# vim install.sls httpd: pkg.installed #写个简单的http安装 [root@server1 apache]# salt server2 state.sls apache.install [root@server1 apache]# mkdir files [root@server2 ~]# scp /etc/httpd/conf/httpd.conf server1:/srv/salt/apache/files [root@server1 apache]# cd files/ [root@server1 files]# ls httpd.conf [root@server1 files]# vim httpd.conf #简单修改一下80端口为8080 [root@server1 apache]# ls files install.sls [root@server1 apache]# vim install.sls apache-install: pkg.installed: - pkgs: - httpd - php - php-mysql

file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - mode: 644 - user: root - group: root

service.running: - name: httpd - enable: Ture - watch: - file: apache-install [root@server1 apache]# salt server2 state.sls apache.install #server2上apache自动修改端口为8080 [root@server1 salt]# mkdir pkgs #自动推送源码nginx [root@server1 salt]# cd pkgs [root@server1 pkgs]# vim make.sls gcc-make: pkg.installed: - pkgs: - gcc - pcre-devel - openssl-devel

[root@server1 pkgs]# ls make.sls [root@server1 pkgs]# cd .. [root@server1 salt]# ls apache nginx pkgs [root@server1 salt]# cd nginx/ [root@server1 nginx]# ls files install.sls [root@server1 nginx]# vim install.sls include:

pkgs.make

nginx-install: file.managed: - name: /mnt/nginx-1.14.0.tar.gz - source: salt://nginx/files/nginx-1.14.0.tar.gz

cmd.run: - name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CCFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &>/dev/null && make &>/dev/null && make install &>/dev/null && cd .. && rm -fr nginx-1.14.0 - creates: /usr/local/nginx [root@server1 nginx]# salt server3 state.sls nginx.install 写启动脚本修改一些 [root@server1 nginx]# vim service.sls include:

nginx.install

/usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://nginx/files/nginx.conf

/etc/init.d/nginx: file.managed: - source: salt://nginx/files/nginx - mode: 755

nginx: service.running: - reload: True - watch: - file: /usr/local/nginx/conf/nginx.conf [root@server1 files]# ls nginx nginx-1.14.0.tar.gz nginx.conf #将启动脚步和配置文件放到nginx中的files文件夹内 [root@server1 salt]# vim top.sls base: "server2": - apache.service "server3": - nginx.service
[root@server1 salt]# salt '*' state.highstate 负载均衡haproxy [root@server1 salt]# yum install salt-minion [root@server1 salt]# vim /etc/salt/minion #修改master端口 [root@server1 salt]# /etc/init.d/salt-minion start [root@server1 salt]# salt-key -a server1 [root@server1 salt]# mkdir haproxy [root@server1 salt]# cd haproxy/ [root@server1 haproxy]# mkdir files [root@server1 haproxy]# cd files/ [root@server1 files]# ls #包和配置文件拷贝过来 haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init [root@server1 haproxy]# vim install.sls include:

pkgs.make

haproxy-install: file.managed: - name: /mnt/haproxy-1.6.11.tar.gz - source: salt://haproxy/files/haproxy-1.6.11.tar.gz cmd.run: - name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install - creates: /usr/local/haproxy

/etc/haproxy: file.directory: - mode: 755

/usr/sbin/haproxy: file.symlink: - target: /usr/local/haproxy/sbin/haproxy [root@server1 haproxy]# vim service.sls include:

haproxy.install
users.haproxy

/etc/haproxy/haproxy.cfg: file.managed: - source: salt://haproxy/files/haproxy.cfg

haproxy-service: file.managed: - name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - mode: 755 service.running: - name: haproxy - relpad: True - watch: - file: /etc/haproxy/haproxy.cfg

[root@server1 salt]# mkdir users [root@server1 users]# vim haproxy.sls haproxy-group: group.present: - name: haproxy - gid: 200

haproxy-user: user.present: - name: haproxy - uid: 200 - gid: 200 - shell: /sbin/nologin - home: /usr/local/haproxy - createhome: False [root@server1 salt]# vim top.sls base: "server1": - haproxy.service "server2": - apache.service "server3": - nginx.service [root@server1 haproxy]# ls files install.sls service.sls [root@server1 haproxy]# cd files/ [root@server1 files]# ls haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init [root@server1 files]# vim haproxy.cfg #修改配置文件 [root@server1 files]# salt '*' state.highstate #推送完毕，给server2 和server3发布目录写个测试页面 [root@server1 files]# for i in {1..6}; do curl 172.25.135.1; done #测试 nginx apache nginx apache nginx apache 批量主机定义： [root@server1 salt]# salt server3 grains.item os server3: ---------- os: RedHat [root@server1 salt]# salt server2 grains.item os server2: ---------- os: RedHat [root@server1 salt]# salt -G 'os:redhat' cmd.run hostname server2: server2 server1: server1 server3: server3 [root@server2 ~]# vim /etc/salt/minion grains: roles: - apache

[root@server2 ~]# /etc/init.d/salt-minion restart [root@server3 ~]# cd /etc/salt/ [root@server3 salt]# vim grains roles: nginx [root@server1 salt]# salt server2 grains.item roles server2: ---------- roles: - apache [root@server1 salt]# salt server3 grains.item roles server3: ---------- roles: nginx [root@server1 salt]# vim top.sls base: "server1": - haproxy.service "roles:apache": - match: grain - apache.service "roles:nginx": - match: grain - nginx.service [root@server1 salt]# salt '*' state.highstate

[root@server1 salt]# mkdir _grains [root@server1 salt]# cd _grains/ [root@server1 _grains]# vim my_grains.py #! /usr/bin/env python def my_grains(): grains = {}; grains['hello'] = 'world' grains['salt'] = 'stack' return grains [root@server1 _grains]# salt server2 saltutil.sync_grains [root@server1 _grains]# salt server2 grains.item hello server2: ---------- hello: world [root@server1 salt]# cd /etc/salt [root@server1 salt]# mkdir /srv/pillar/ [root@server1 pillar]# /etc/init.d/salt-master restart [root@server1 pillar]# mkdir web [root@server1 pillar]# cd web/ [root@server1 web]# ls [root@server1 web]# vim install.sls {% if grains['fqdn'] == 'server2' %} webserver: httpd {% elif grains['fqdn'] == 'server3'%} webserver: nginx {% endif %}

[root@server1 web]# cd .. [root@server1 pillar]# ls web [root@server1 pillar]# vim top.sls base: '': - web.install [root@server1 pillar]# salt '' pillar.items server2: ---------- webserver: httpd server1: ---------- server3: ---------- webserver: nginx [root@server1 pillar]# salt '' saltutil.refresh_pillar server2: True server3: True server1: True [root@server1 pillar]# salt '' pillar.items webserver server3: ---------- webserver: nginx server1: ---------- webserver: server2: ---------- webserver: httpd [root@server1 pillar]# salt -I 'webserver:nginx' test.ping server3: True [root@server1 pillar]# salt -S 172.25.135.0/24 test.ping server3: True server2: True server1: True 金佳模版： [root@server1 salt]# cd apache/ [root@server1 apache]# vim install.sls apache-install: pkg.installed: - pkgs: - httpd - php - php-mysql

file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - mode: 644 - user: root - group: root - template: jinja - context: port: 80 bind: {{ grains['ipv4'][1] }} [root@server1 apache]# vim files/httpd.conf #修改监听端口 Listen {{ bind }}:{{ port }} [root@server1 apache]# salt server2 state.sls apache.install 拓展模块： [root@server1 salt]# mkdir _modules/ [root@server1 _modules]# vim my_disk.py #! /usr/bin/env python

def df(): cmd = 'df -h' return salt'cmd.run'

[root@server1 _modules]# salt '*' saltutil.sync_modules server1: - modules.my_disk server2: - modules.my_disk server3: - modules.my_disk server4: - modules.my_disk [root@server1 _modules]# salt server2 my_disk.df server2: Filesystem Size Used Avail Use% Mounted on /dev/mapper/vg_server0-lv_root 18G 2.1G 15G 13% / tmpfs 499M 16K 499M 1% /dev/shm /dev/vda1 485M 34M 426M 8% /boot [root@server1 _modules]# vim /etc/salt/master syndic_master: 172.25.135.4 [root@server1 _modules]# salt-key -d server4 [root@server4 ~]# /etc/init.d/salt-minion stop [root@server4 ~]# chkconfig salt-minion off [root@server4 ~]# yum install salt-master [root@server4 ~]# vim /etc/salt/master order_masters: True

[root@server4 ~]# /etc/init.d/salt-master start [root@server4 ~]# salt-key -L [root@server4 ~]# salt-key -A [root@server1 _modules]# yum install salt-syndic [root@server1 _modules]# /etc/init.d/salt-master restart [root@server1 _modules]# salt-key -L [root@server1 _modules]# /etc/init.d/salt-syndic start [root@server4 ~]# salt '' my_disk.df [root@server4 ~]# salt '' test.ping salt-ssh 推送 [root@server1 _modules]# yum install salt-ssh [root@server1 _modules]# vim /etc/salt/roster server2: host: 172.25.135.2 user: root passwd: redhat server3: host: 172.25.135.3 user: root passwd: redhat

停掉server2和server3上salt-minion [root@server1 _modules]# salt-ssh '*' test.ping