一、SaltStack简介
Salt是一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,一般可以理解为简化版的puppet和加强版的func。SaltStack基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。
通过部署SaltStack环境,我们可以在成千上万台服务器上做到批量执行命令,根据不同业务特性进行配置集中化管理、分发文件、采集服务器数据、操作系统基础及软件包管理等,SaltStack是运维人员提高工作效率、规范业务配置与操作的利器。
既然这么强大,那我们赶紧来体验下吧
二、SaltStack基础安装与配置
为方便交流学习,将本次实验的脚本上传到csdn了,有需要的可以下载来看看:srv.tar.gz
里面包含本次实验的所有脚本,以及部分源码,由于资源大小限制,mysql-boost-5.7.17.tar.gz 分开上传的,地址:mysql-boost-5.7.17.tar.gz
1.本次测试环境
系统环境 | IP地址 | hostname | 角色 |
redhat6.5 | 172.25.27.5 | server5 | master |
redhat6.5 | 172.25.27.6 | server6 | minion |
2.安装
官方文档 : http://docs.saltstack.cn/topics/installation/rhel.html
- master端
[root@server5 ~]# vim /etc/yum.repos.d/salt.repo ##配置yum源
[saltstack-repo]
name=SaltStack repo for RHEL/CentOS $releasever
baseurl=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest
enabled=1
gpgcheck=1
gpgkey=https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub
[root@server5 ~]# yum clean all
[root@server5 ~]# yum repolist
[root@server5 ~]# yum install -y salt-master
[root@server5 ~]# scp /etc/yum.repos.d/salt.repo server6:/etc/yum.repos.d
- minion端
[root@server6 ~]# yum install -y salt-minion
安装完成,接下来配置SaltStack
3.SaltStack配置
- master端
[root@server5 ~]# /etc/init.d/salt-master start
- minion端
[root@server6 ~]# vim /etc/salt/minion
master: server5
[root@server6 ~]# /etc/init.d/salt-minion start
[root@server6 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 888/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 966/master
tcp 0 0 172.25.27.6:22 172.25.27.250:39334 ESTABLISHED 1015/sshd
tcp 0 0 172.25.27.6:47171 172.25.27.5:4506 ESTABLISHED 1733/python2.6
tcp 0 0 :::22 :::* LISTEN 888/sshd
tcp 0 0 ::1:25 :::* LISTEN 966/master
- master端
[root@server5 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server6
Rejected Keys:
[root@server5 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server6
Proceed? [n/Y] y
Key for minion server6 accepted.
[root@server5 ~]# salt-key -L
Accepted Keys:
server6
Denied Keys:
Unaccepted Keys:
Rejected Keys:
- minion端
[root@server6 ~]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 888/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 966/master
tcp 0 0 172.25.27.6:47173 172.25.27.5:4506 TIME_WAIT -
tcp 0 0 172.25.27.6:47175 172.25.27.5:4506 TIME_WAIT -
tcp 0 0 172.25.27.6:39463 172.25.27.5:4505 ESTABLISHED 1733/python2.6
tcp 0 0 172.25.27.6:22 172.25.27.250:39334 ESTABLISHED 1015/sshd
tcp 0 0 172.25.27.6:47171 172.25.27.5:4506 TIME_WAIT -
tcp 0 0 172.25.27.6:47174 172.25.27.5:4506 TIME_WAIT -
tcp 0 0 :::22 :::* LISTEN 888/sshd
tcp 0 0 ::1:25 :::* LISTEN 966/master
- 查看连接的服务(非必须)
- master端
[root@server5 ~]# yum install -y lsof
[root@server5 ~]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1458 root 16u IPv4 14542 0t0 TCP *:4505 (LISTEN)
salt-mast 1458 root 18u IPv4 17087 0t0 TCP server5:4505->server6:39463 (ESTABLISHED)
三、用SaltStack实现自动部署lamp架构
1.Apache安装
[root@server5 ~]# mkdir -p /srv/salt
[root@server5 ~]# /etc/init.d/salt-master restart
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server5 ~]# cd /srv/salt
[root@server5 salt]# mkdir apache
[root@server5 salt]# cd apache/
[root@server5 apache]# mkdir files
[root@server5 apache]# cd files/
[root@server5 files]# wget http://mirror.bit.edu.cn/apache/httpd/httpd-2.2.34.tar.bz2
[root@server5 files]# cd ..
[root@server5 apache]# vim install.sls
include:
- pkg.depends
- useradd.www
apache-install:
file.managed:
- name: /mnt/httpd-2.2.34.tar.bz2
- source: salt://apache/files/httpd-2.2.34.tar.bz2
cmd.run:
- name: cd /mnt && tar xjf httpd-2.2.34.tar.bz2 && cd httpd-2.2.34 && ./configure --prefix=/usr/local/apache --with-included-apr --enable-so --enable-deflate=shared --enable-expires=shared --enable-rewrite=shared --enable-static-support --disable-userdir && make && make install
# - cmd.apache
- creates: /usr/local/apache
/var/www/virthost/:
file.directory:
- mode: 755
/var/www/virthost/index.html:
file.managed:
- source: salt://apache/files/index.html
/usr/local/apache/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
/usr/local/apache/conf/extra/httpd-vhosts.conf:
file.managed:
- source: salt://apache/files/httpd-vhosts.conf
/usr/local/apache/conf/extra/httpd-default.conf:
file.managed:
- source: salt://apache/files/httpd-default.conf
/usr/local/apache/conf/extra/httpd-mpm.conf:
file.managed:
- source: salt://apache/files/httpd-mpm.conf
/etc/init.d/apachectl:
file.managed:
- source: salt://apache/files/apachectl
- mode: 755
[root@server5 salt]# mkdir pkg
[root@server5 salt]# cd pkg/
[root@server5 pkg]# vim depends.sls
depends:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
[root@server5 salt]# mkdir useradd
[root@server5 salt]# vim useradd/www.sls
www:
group.present:
- gid: 110
user.present:
- uid: 110
- gid: 110
- shell: /sbin/nologin
- home: /usr/local/apache
- createhome: false
[root@server5 salt]# vim apache/start.sls
include:
- apache.install
apache-start:
service.running:
- name: apachectl
- enable: true
# - reload: true
- watch:
- file: /usr/local/apache/conf/httpd.conf
- file: /usr/local/apache/conf/extra/httpd-default.conf
- file: /usr/local/apache/conf/extra/httpd-vhosts.conf
- file: /usr/local/apache/conf/extra/httpd-mpm.conf
- file: /var/www/virthost/index.html
需要在 /srv/salt/apache/files 文件夹下准备以下文件:
apachectl ##启动脚本
httpd-2.2.34.tar.bz2 ##安装包
httpd.conf ##apache配置文件
httpd-default.conf ##缺省配置文件
httpd-mpm.conf ##Apache进程管理
httpd-vhosts.conf ##Apache虚拟主机
index.html ##发布页面,内容随意
接下来测试
[root@server5 ~]# vim /srv/salt/top.sls
base:
'server6':
- apache.start
[root@server5 salt]# tree
├── apache
│ ├── files
│ │ ├── apachectl
│ │ ├── httpd-2.2.34.tar.bz2
│ │ ├── httpd.conf
│ │ ├── httpd-default.conf
│ │ ├── httpd-mpm.conf
│ │ ├── httpd-vhosts.conf
│ │ └── index.html
│ ├── install.sls
│ ├── start.sls
│ └── start.sls.bak
├── pkg
│ └── apache.sls
├── top.sls
└── useradd
└── www.sls
[root@server5 salt]# vim apache/files/index.html
<h1> my apache test</h1>
[root@server5 ~]# salt 'server6' state.highstate
没有报错则安装成功
2.mysql安装
1.依赖解决
[root@server5 salt]# vim pkg/mysql.sls
depends-mysql:
pkg.installed:
- pkgs:
- pcre-devel
- openssl-devel
- zlib-devel
- gcc-c++
- bison
- ncurses
- ncurses-devel
2.用户添加
mysql:
group.present:
- gid: 111
user.present:
- uid: 111
- gid: 111
- shell: /sbin/nologin
- home: /usr/local/mysql
- createhome: false
3.mysql安装
[root@server5 salt]# mkdir -p mysql/files
[root@server5 salt]# vim mysql/install.sls
include:
- pkg.mysql
- useradd.mysql
cmake-install:
file.managed:
- name: /mnt/cmake-2.8.12.1.tar.gz
- source: salt://mysql/files/cmake-2.8.12.1.tar.gz
cmd.run:
- name: cd /mnt && tar -zxf cmake-2.8.12.1.tar.gz && cd cmake-2.8.12.1 && ./bootstrap && gmake && gmake install
- creates: /usr/local/bin/cmake
mysql-install:
file.managed:
- name: /mnt/mysql-boost-5.7.17.tar.gz
- source: salt://mysql/files/mysql-boost-5.7.17.tar.gz
cmd.run:
- name: cd /mnt && tar -zxf mysql-boost-5.7.17.tar.gz && cd mysql-5.7.17 && cp -r boost/boost_1_59_0 /usr/local && rm -rf CMakeCache.txt && cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql -DMYSQL_DATADIR=/usr/local/mysql/data -DWITH_BOOST=/usr/local/boost_1_59_0/ -DSYSCONFDIR=/etc -DEFAULT_CHARSET=utf8mb4 -DDEFAULT_COLLATION=utf8mb4_general_ci -DENABLED_LOCAL_INFILE=1 -DEXTRA_CHARSETS=all && make -j2 && make install
- creates: /usr/local/mysql
4.mysql 初始化
[root@server5 salt]# vim mysql/initialize.sls
include:
- mysql.install
mysql-initialize:
cmd.run:
- name: chown -R mysql:mysql /usr/local/mysql && sed -i.bak '\/datadir=\/var\/lib\/mysql/i\character_set_server=gbk' /etc/my.cnf && sed -i.bak 'N;2idefault-character-set=gbk' /etc/my.cnf && sed -i.bak 'N;2i[client]' /etc/my.cnf && cd /usr/local/mysql/&& sed -i.bak 's/socket=\/var\/lib\/mysql\/mysql.sock/socket=\/tmp\/mysql.sock/g' /etc/my.cnf && ./bin/mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data && cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld && ln -s /usr/local/mysql/bin/mysql /usr/local/bin/mysql && chkconfig --add mysqld
- creates: /usr/local/mysql/data/mysql
5.启动mysql服务
[root@server5 salt]# vim mysql/start.sls
include:
- mysql.initialize
mysql-start:
service.running:
- name: mysqld
- enable: True
- reload: true
- require:
- file: /etc/init.d/mysqld
- watch:
- file: /etc/my.cnf
6.准备相应的包和配置文件
官网下载MySQL源码
官网: http://www.mysql.com
下载下来的文件为:mysql-boost-5.7.17.tar.gz
放到/srv/salt/mysql/files 目录下,也可以下载最新版的,脚本需要相应的作以改动
[root@server5 salt]# cd mysql/files/
[root@server5 files]# wget https://cmake.org/files/v2.8/cmake-2.8.12.1.tar.gz
7.安装测试
[root@server5 salt]# vim top.sls
base:
'server6':
- apache.start
- mysql.start
├── apache
│ ├── files
│ │ ├── apachectl
│ │ ├── httpd-2.2.34.tar.bz2
│ │ ├── httpd.conf
│ │ ├── httpd-default.conf
│ │ ├── httpd-mpm.conf
│ │ ├── httpd-vhosts.conf
│ │ └── index.html
│ ├── install.sls
│ ├── start.sls
│ └── start.sls.bak
├── mysql
│ ├── files
│ │ ├── cmake-2.8.12.1.tar.gz
│ │ └── mysql-boost-5.7.17.tar.gz
│ ├── initialize.sls
│ ├── install.sls
│ └── start.sls
├── pkg
│ ├── apache.sls
│ └── mysql.sls
├── top.sls
└── useradd
├── mysql.sls
└── www.sls
[root@server5 salt]# salt 'server6' state.highstate
测试登陆mysql 并修改数据库密码,密码在 /var/log/mysqld.log 文件里
[root@server6 ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.17 Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set password for root@localhost=password('mypasswd');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql>
mysql> exit
Bye
[root@server6 ~]# mysql -uroot -pmypasswd
3.php安装
1.依赖解决
[root@server5 salt]# vim pkg/php.sls
depends-php:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
- zlib-devel
- libxml2-devel.x86_64
- openssl-devel.x86_64
- bzip2-devel.x86_64
- t1lib.x86_64
- libjpeg-turbo-devel.x86_64
- libpng-devel.x86_64
- freetype-devel.x86_64
- /mnt/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
- /mnt/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
2.安装php
[root@server5 salt]# mkdir -p php/files
[root@server5 salt]# vim php/install.sls
libmcrypt-pkg:
file.managed:
- name: /mnt/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
- source: salt://php/files/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
libmcrypt-devel-pkg:
file.managed:
- name: /mnt/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
- source: salt://php/files/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
include:
- pkg.php
php-install:
file.managed:
- name: /mnt/php-5.6.31.tar.bz2
- source: salt://php/files/php-5.6.31.tar.bz2
cmd.run:
- name: cd /mnt && tar xjf php-5.6.31.tar.bz2 && cd php-5.6.31 && ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/apache/bin/apxs --with-config-file-path=/usr/local/php/etc --with-mysql=/usr/local/mysql --with-libxml-dir --with-gd --with-jpeg-dir --with-png-dir --with-freetype-dir --with-iconv-dir --with-zlib-dir --with-bz2 --with-openssl --with-mcrypt --enable-soap --enable-gd-native-ttf --enable-ftp --enable-mbstring --enable-sockets --enable-exif --disable-ipv6 && make -j2 && make install
- creates: /usr/local/php
/usr/local/php/etc:
file.directory:
- mode: 755
/usr/local/php/etc/php.ini:
file.managed:
- source: salt://php/files/php.ini
3准备相应的包和配置文件
[root@server5 salt]# cd php/files/
[root@server5 salt]# wget http://cn2.php.net/distributions/php-5.6.31.tar.bz2
[root@server5 salt]# wget http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/libmcrypt-2.5.7-5.el6.art.x86_64.rpm
[root@server5 salt]# wget http://www6.atomicorp.com/channels/atomic/centos/6/x86_64/RPMS/libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
[root@server5 salt]# tree
.
├── apache
│ ├── files
│ │ ├── apachectl
│ │ ├── httpd-2.2.34.tar.bz2
│ │ ├── httpd.conf
│ │ ├── httpd-default.conf
│ │ ├── httpd-mpm.conf
│ │ ├── httpd-vhosts.conf
│ │ └── index.html
│ ├── install.sls
│ ├── start.sls
│ └── start.sls.bak
├── mysql
│ ├── files
│ │ ├── cmake-2.8.12.1.tar.gz
│ │ ├── cmake-2.8.12.2-2.el7.x86_64.rpm
│ │ └── mysql-boost-5.7.17.tar.gz
│ ├── initialize.sls
│ ├── install.sls
│ └── start.sls
├── php
│ ├── files
│ │ ├── libmcrypt-2.5.7-5.el6.art.x86_64.rpm
│ │ ├── libmcrypt-devel-2.5.7-5.el6.art.x86_64.rpm
│ │ ├── my.cnf
│ │ ├── php-5.6.31.tar.bz2
│ │ └── php.ini
│ └── install.sls
├── pkg
│ ├── apache.sls
│ ├── mysql.sls
│ └── php.sls
├── top.sls
└── useradd
├── mysql.sls
└── www.sls
3.测试
[root@server5 salt]# vim top.sls
base:
'server6':
- apache.start
- mysql.start
- php.install
[root@server5 salt]# salt 'server6' state.highstate
值得注意的是
在完成部署之后,你访问lamp服务器可能显示是你写进去的代码,并没有用php解析,或者弹出一个下载文件的提示框,这个时候就是你的apache配置文件写的有问题,注意修改以下几行,如果下载的是我上传的文件,这几行也是需要做修改的
vim /srv/salt/apache/files/httpd.conf
Listen 80
LoadModule deflate_module modules/mod_deflate.so
LoadModule expires_module modules/mod_expires.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so
User www
Group www
ServerName localhost:80
DocumentRoot "/var/www/virthost/"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
# Deny from all
Allow from all
</Directory>
<Directory "/var/www/virthost/">
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
ErrorLog "logs/error_log"
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-info.conf
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
结语
至此,自动化运维工具SaltStack详细部署及用SaltStack实现自动部署lamp架构成功,可以完整地推到一台新的机器上