Saltstack(二)
承接上篇博客
配置管理
haproxy的安装部署
创建相关目录
# 创建配置目录 [root@linux-node1 ~]# mkdir /srv/salt/prod/pkg/ [root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/ # 启动脚本、配置文件放在这里 [root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/files
编写pkg-init文件
[root@linux-node1 ~]# cd /srv/salt/prod/pkg/ [root@linux-node1 pkg]# vim pkg-init.sls pkg-init: # ID describe pkg.installed: # pkg模块 installed方法 - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel
编写方法:
首先自己先安装一遍,然后将步骤移植到sls文件中。
[root@linux-node1 prod]# cd /srv/salt/prod/haproxy/files/ [root@linux-node1 files]# ll -rw-r--r-- 1 root root 1538976 11月 7 09:04 haproxy-1.6.2.tar.gz [root@linux-node1 files]# cp haproxy-1.6.2.tar.gz /usr/local/src/ [root@linux-node1 files]# cd /usr/local/src/ [root@linux-node1 src]# tar zxf haproxy-1.6.2.tar.gz [root@linux-node1 src]# cd haproxy-1.6.2 [root@linux-node1 haproxy-1.6.2]# make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
修改启动文件
[root@linux-node1 examples]# pwd /usr/local/src/haproxy-1.6.2/examples [root@linux-node1 examples]# vim haproxy.init BIN=/usr/local/haproxy/sbin/$BASENAME # 拷贝启动文件到salt目录 [root@linux-node1 examples]# cp haproxy.init /srv/salt/prod/haproxy/files/
编写安装文件
[root@linux-node1 examples]# cd /srv/salt/prod/haproxy/ [root@linux-node1 haproxy]# vim install.sls include: # 导入pkg目录下的pkg-init.sls文件 - pkg.pkg-init haproxy-install: # 定义声明一个ID file.managed: # file模块下的managed方法 - name: /usr/local/src/haproxy-1.6.2.tar.gz # 文件名:拷贝minion端这里,文件名是haproxy-1.6.2.tar.gz - source: salt://haproxy/files/haproxy-1.6.2.tar.gz # 从这里拷贝 - user: root # 用户 - group: root # 组 - mode: 755 # 权限 cmd.run: # 执行命令 - name: cd /usr/local/src/ && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy # 判断是否存在,unless返回值是false时,才执行命令 - require: # 依赖下面的内容 - pkg: pkg-init # pkg是模块 - file: haproxy-install # file也是模块 haproxy-init: # 定义声明一个ID file.managed: - name: /etc/init.d/haproxy - source: salt://haproxy/files/haproxy.init - user: root - group: root - mode: 755 - require: - cmd: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list |grep haproxy - require: - file: haproxy-init net.ipv4.ip_nonlocal_bind: # 定义声明一个ID sysctl.present: # 修改系统的kernel值 - value: 1 # 改值为1 haproxy-config-dir: file.directory: - name: /etc/haproxy - user: root - group: root - mode: 755
查看安装文件并执行
[root@linux-node1 haproxy]# pwd /srv/salt/prod/haproxy [root@linux-node1 haproxy]# tree . ├── files │ ├── haproxy-1.6.2.tar.gz │ └── haproxy.init └── install.sls # 单个执行,另外需要指定环境是prod,不指定默认为base [root@linux-node1 haproxy]# salt 'linux-node1.*' state.sls haproxy.install env=prod
编辑配置文件
# 编辑top文件 [root@linux-node1 cluster]# cd /srv/salt/base/ [root@linux-node1 base]# vim top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside 'linux-node2.example.com': - cluster.haproxy-outside
修改后端RS的端口
[root@linux-node1 base]# vim /etc/httpd/conf/httpd.conf # 端口改成8080,与上面haproxy的配置一样
测试通过后,执行高级状态
[root@linux-node1 base]# salt '*' state.highstate test=True [root@linux-node1 base]# salt '*' state.highstate
在RS上设置index.html
分别色设置,没有的话会报错403
[root@linux-node2 ~]# vim /var/www/html/index.html
访问haproxy的状态
# 用户名密码在haproxy-outside.cfg中配置
keepalived的安装部署
首先自己安装一次
[root@linux-node1 base]# cd /usr/local/src [root@linux-node1 src]# wget http://www.keepalived.org/software/keepalived-1.2.19.tar.gz [root@linux-node1 src]# tar zxf keepalived-1.2.19.tar.gz [root@linux-node1 src]# cd keepalived-1.2.19 [root@linux-node1 keepalived-1.2.19]# ./configure --prefix=/usr/local/keepalived --disable-fwmark [root@linux-node1 keepalived-1.2.19]# make && make install
建立文件放置目录
[root@linux-node1 etc]# pwd /usr/local/src/keepalived-1.2.19/keepalived/etc [root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/ [root@linux-node1 etc]# mkdir /srv/salt/prod/keepalived/files [root@linux-node1 etc]# cp init.d/keepalived.init /srv/salt/prod/keepalived/files/ [root@linux-node1 etc]# cp keepalived/keepalived.conf /srv/salt/prod/keepalived/files/ [root@linux-node1 etc]# cp /usr/local/src/keepalived-1.2.19.tar.gz /srv/salt/prod/keepalived/files/ [root@linux-node1 init.d]# cp /usr/local/src/keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/ # files中的文件有 [root@linux-node1 sysconfig]# cd /srv/salt/prod/keepalived/files/ [root@linux-node1 files]# ll 总用量 336 -rw-r--r-- 1 root root 330164 1月 2 23:47 keepalived-1.2.19.tar.gz -rw-r--r-- 1 root root 3562 1月 2 23:46 keepalived.conf -rwxr-xr-x 1 root root 1335 1月 2 23:51 keepalived.init -rw-r--r-- 1 root root 667 1月 3 00:13 keepalived.sysconfig
修改启动脚本
[root@linux-node1 files]# vim keepalived.init daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
编辑安装文件
[root@linux-node1 keepalived]# pwd /srv/salt/prod/keepalived [root@linux-node1 keepalived]# cat install.sls include: - pkg.pkg-init keepalived-install: file.managed: - name: /usr/local/src/keepalived-1.2.19.tar.gz - source: salt://keepalived/files/keepalived-1.2.19.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - pkg: pkg-init - file: keepalived-install keepalived-init: file.managed: - name: /etc/init.d/keepalived - source: salt://keepalived/files/keepalived.init - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: keepalived-init /etc/sysconfig/keepalived: file.managed: - source: salt://keepalived/files/keepalived.sysconfig - user: root - group: root - mode: 644 /etc/keepalived: file.directory: - user: root - group: root - mode: 755
执行安装
[root@linux-node1 keepalived]# salt '*' state.sls keepalived.install env=prod
业务模块
keepalived的配置文件
[root@linux-node1 ~]# cd /srv/salt/prod/cluster/files/ [root@linux-node1 files]# vim haproxy-outside-keepalived.conf ! Configuration File for keepalived global_defs { notification_email { saltstack@example.com } notification_email_from keepalived@example.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ROUTEID}} } vrrp_instance haproxy_ha { state {{STATEID}} interface eth0 virtual_router_id 36 priority {{PRIORITYID}} advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.0.11 # 这个VIP在haproxy的配置文件中也有 } }
keepalived的启动文件
其中定义了上面需要的变量,用到了jinja模版
[root@linux-node1 cluster]# cd /srv/salt/prod/cluster/ [root@linux-node1 cluster]# vim haproxy-outside-keepalived.sls include: - keepalived.install keepalived-service: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - user: root - group: root - mode: 644 - template: jinja {% if grains['fqdn'] == 'linux-node1.example.com' %} - ROUTEID: haproxy_ha - STATEID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == 'linux-node2.example.com' %} - ROUTEID: haproxy_ha - STATEID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-service
编辑top文件
[root@linux-node1 base]# cd /srv/salt/base/ [root@linux-node1 base]# cat top.sls base: '*': - init.env_init prod: 'linux-node1.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'linux-node2.example.com': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived
执行高级状态
先单独执行下,看有没有错误在执行高级状态
[root@linux-node1 cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod [root@linux-node1 cluster]# salt '*' state.highstate
查看结果
[root@linux-node1 base]# ip a |grep eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 10.0.0.7/24 brd 10.0.0.255 scope global eth0 inet 10.0.0.11/32 scope global eth0 当master的keepaliveddown掉后,VIP会飘到backup上
haproxy的调度设置
[root@linux-node1 base]# grep "balance" /srv/salt/prod/cluster/files/haproxy-outside.cfg balance roundrobin #轮询;source:固定不变 可以在haproxy-status页面上查看到变化
如图
zabbix-agent的安装部署
开启pillar
[root@linux-node1 init]# vim /etc/salt/master pillar_roots: base: - /srv/pillar/base [root@linux-node1 init]# mkdir /srv/pillar/base [root@linux-node1 init]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定]
编写zabbix-agent安装文件
[root@linux-node1 base]# cd /srv/salt/base/init/ [root@linux-node1 init]# vim zabbix_agent.sls zabbix-agent-install: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} - require: - pkg: zabbix-agent-install service.running: - name: zabbix-agent - enable: True - watch: - pkg: zabbix-agent-install - file: zabbix-agent-install
编写top文件
[root@linux-node1 base]# cd /srv/pillar/base/ [root@linux-node1 base]# vim top.sls base: '*': - zabbix
编写zabbix.sls
[root@linux-node1 base]# vim zabbix.sls zabbix-agent: Zabbix_Server: 10.0.0.7 这里对应上面Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
配置文件拷贝修改
[root@linux-node1 base]# cd /srv/salt/base/init/files [root@linux-node1 init]# cp /etc/zabbix/zabbix_agentd.conf . [root@linux-node1 init]# grep 'Server' zabbix_agentd.conf Server={{ Server }} # 对应上面zabbix_agent.sls中的server
编辑env_init文件
[root@linux-node1 init]# vim env_init.sls include: - init.dns - init.history - init.audit - init.sysctl - init.zabbix_agent
[root@linux-node1 init]# tree /srv/salt/base/init/
/srv/salt/base/init/
├── audit.sls
├── dns.sls
├── env_init.sls
├── files
│ ├── resolv.conf
│ └── zabbix_agentd.conf
├── history.sls
├── sysctl.sls
└── zabbix_agent.sls
另外epel的sls文件
[root@linux-node1 init]# vim epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm - unless: rpm -qa | grep epel-release-6-8
安装libevent
[root@linux-node1 ~]# cd /srv/salt/prod/ [root@linux-node1 prod]# mkdir -pv libevent/files [root@linux-node1 prod]# cd /srv/salt/prod/libevent [root@linux-node1 libevent]# vim install.sls libevent-source-install: file.managed: - name: /usr/local/src/libevent-2.0.22-stable.tar.gz - source: salt://libevent/files/libevent-2.0.22-stable.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install - unless: test -d /usr/local/libevent - require: - file: libevent-source-install [root@linux-node1 libevent]# pwd /srv/salt/prod/libevent [root@linux-node1 libevent]# tree . ├── files │ └── libevent-2.0.22-stable.tar.gz └── install.sls [root@linux-node1 files]# salt '*' state.sls libevent.install env=prod [root@linux-node1 files]# salt '*' state.highstate
新建用户,且不允许登录
[root@linux-node1 prod]# mkdir user [root@linux-node1 prod]# cd user/ [root@linux-node1 user]# vim www.sls www-user-group: group.present: - name: www - gid: 1000 user.present: - name: www - fullname: www - shell: /sbin/nologin - uid: 1000 - gid: 1000
安装memcahe
[root@linux-node1 prod]# cd /srv/salt/prod/ [root@linux-node1 prod]# mkdir -p memcache/files [root@linux-node1 prod]# cd memcache/files/ [root@linux-node1 files]# cp memcached-1.4.24.tar.gz /usr/local/src/ [root@linux-node1 memcache]# vim install.sls include: - libevent.install # 将libevent文件包含进来 memcached-source-install: file.managed: - name: /usr/local/src/memcached-1.4.24.tar.gz - source: salt://memcached/files/memcached-1.4.24.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install - unless: test -d /usr/local/memcached - require: - cmd: libevent-source-install # libevent的ID - file: memcached-source-install
安装pcre
[root@linux-node1 prod]# mkdir /srv/salt/prod/pcre/files -p [root@linux-node1 prod]# cd /srv/salt/prod/pcre/files/ [root@linux-node1 files]# cp pcre-8.37.tar.gz /usr/local/src/ [root@linux-node1 prod]# cd /srv/salt/prod/pcre [root@linux-node1 pcre]# cat install.sls pcre-source-install: file.managed: - name: /usr/local/src/pcre-8.37.tar.gz - source: salt://pcre/files/pcre-8.37.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install - unless: test -d /usr/local/pcre - require: - file: pcre-source-install
安装nginx
[root@linux-node1 nginx]# mkdir -p /srv/salt/prod/nginx/files [root@linux-node1 nginx]# cd /srv/salt/prod/nginx/files/ [root@linux-node1 files]# cp nginx-1.9.1.tar.gz /usr/local/src/ [root@linux-node1 nginx]# cat install.sls include: - pcre.install - user.www - pkg.pkg-init nginx-source-install: file.managed: - name: /usr/local/src/nginx-1.9.1.tar.gz - source: salt://nginx/files/nginx-1.9.1.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx - unless: test -d /usr/local/nginx - require: - user: www-user-group - file: nginx-source-install - pkg: pkg-init - cmd: pcre-source-install [root@linux-node1 nginx]# cat service.sls include: - nginx.install nginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://nginx/files/nginx-init - mode: 755 - user: root - group: root cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list | grep nginx - require: - file: nginx-init /usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://nginx/files/nginx.conf - user: www - group: www - mode: 644 nginx-service: file.directory: - name: /usr/local/nginx/conf/vhost - require: - cmd: nginx-source-install service.running: - name: nginx - enable: True - reload: True - require: - cmd: nginx-init - watch: - file: /usr/local/nginx/conf/nginx.conf [root@linux-node1 nginx]# tree . ├── files │ ├── nginx-1.9.1.tar.gz │ ├── nginx.conf │ └── nginx-init ├── install.sls └── service.sls
PHP+memcahce/redis的安装
基础环境
[root@linux-node1 ~]# mkdir /srv/salt/prod/php/files -p [root@linux-node1 ~]# cd /srv/salt/prod/php/files/ [root@linux-node1 files]# ll 总用量 18120 -rw-r--r-- 1 root root 2362 11月 14 23:06 init.d.php-fpm -rw-r--r-- 1 root root 36459 11月 14 23:06 memcache-2.2.7.tgz -rw-r--r-- 1 root root 18281659 11月 14 23:06 php-5.6.9.tar.gz -rw-r--r-- 1 root root 22252 11月 14 23:06 php-fpm.conf.default -rw-r--r-- 1 root root 69599 11月 14 23:06 php.ini-production -rw-r--r-- 1 root root 134340 11月 14 23:06 redis-2.2.7.tgz
安装文件
[root@linux-node1 files]# cd .. [root@linux-node1 php]# vim install.sls pkg-php: pkg.installed: - names: - mysql-devel - openssl-devel - swig - libjpeg-turbo - libjpeg-turbo-devel - libpng - libpng-devel - freetype - freetype-devel - libxml2 - libxml2-devel - zlib - zlib-devel - libcurl - libcurl-devel php-source-install: file.managed: - name: /usr/local/src/php-5.6.9.tar.gz - source: salt://php/files/php-5.6.9.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&& ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install - require: - file: php-source-install - user: www-user-group - unless: test -d /usr/local/php-fastcgi pdo-plugin: cmd.run: - name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so - require: - cmd: php-source-install php-ini: file.managed: - name: /usr/local/php-fastcgi/etc/php.ini - source: salt://php/files/php.ini-production - user: root - group: root - mode: 644 php-fpm: file.managed: - name: /usr/local/php-fastcgi/etc/php-fpm.conf - source: salt://php/files/php-fpm.conf.default - user: root - group: root - mode: 644 php-fastcgi-service: file.managed: - name: /etc/init.d/php-fpm - source: salt://php/files/init.d.php-fpm - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm - unless: chkconfig --list | grep php-fpm - require: - file: php-fastcgi-service service.running: - name: php-fpm - enable: True - require: - cmd: php-fastcgi-service - watch: - file: php-ini - file: php-fpm
memcache
[root@linux-node1 php]# cat php-memcache.sls memcache-plugin: file.managed: - name: /usr/local/src/memcache-2.2.7.tgz - source: salt://php/files/memcache-2.2.7.tgz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so require: - file: memcache-plugin - cmd: php-install /usr/local/php-fastcgi/etc/php.ini: file.append: - text: - extension=memcache.so
redis
[root@linux-node1 php]# cat php-redis.sls redis-plugin: file.managed: - name: /usr/local/src/phpredis-2.2.7.tgz - source: salt://php/files/phpredis-2.2.7.tgz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf phpredis-2.2.7.tgz && cd phpredis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so require: - file: redis-plugin - cmd: php-install /usr/local/php-fastcgi/etc/php.ini: file.append: - text: - extension=redis.so
作者:曹小贱
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
