saltstack-自动化(2)
执行的命令写入mysql
[root@node1]#yum install MySQL-python -y
[root@node1]#vim /etc/salt/master
master_job_cache: mysql ###把master的job写如mysql里面 mysql.host: '10.240.17.103' ###mysql地址 mysql.user: 'salt' ###连接mysql用户名 mysql.pass: 'salt' ###mysql的密码 mysql.db: 'salt' ###连接mysql的库
mysql.port: 3306 ###mysql的连接端口
[root@node1]#yum install mysql-server
[root@node1]#/etc/init,d/mysqld start
[root@node1]#mysql_secure_installation ##安全初始化
第一次直接回车
第二次是否为root配置密码 Y 输入密码
第三次是否删除匿名用户 Y
第四次是否禁止root远程登录 Y
第五次是否删除test数据库 Y
第六次是否刷新授权表 Y
[root@node1]#mysql -u root -p 123.com
https://www.unixhot.com/docs/saltstack/ref/returners/all/salt.returners.mysql.html#module-salt.returners.mysql ##官网地址 CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; USE `salt`; -- -- Table structure for table `jids` -- DROP TABLE IF EXISTS `jids`; CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE INDEX jid ON jids(jid) USING BTREE; -- -- Table structure for table `salt_returns` -- DROP TABLE IF EXISTS `salt_returns`; CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- -- Table structure for table `salt_events` -- DROP TABLE IF EXISTS `salt_events`; CREATE TABLE `salt_events` ( `id` BIGINT NOT NULL AUTO_INCREMENT, `tag` varchar(255) NOT NULL, `data` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, `master_id` varchar(255) NOT NULL, PRIMARY KEY (`id`), KEY `tag` (`tag`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; grant all on salt.* to salt@10.240.17.103 identified by 'salt';
[root@node1]#/etc/init.d/salt-master restart
[root@node1]#mysql -h 10.240.17.103 -u salt -p salt
use salt; select * from salt_returns; [root@node1]#salt '*' test.ping select * from salt_returns; ##发现salt-master的命令已经存入数据库
https://www.unixhot.com/docs/saltstack/topics/targeting/globbing.html salt-master日常操作方法
salt '*' network.active_tcp ###获取网络信息 salt '*' network.arp ###获取ARP信息 salt '*' network.connect archlinux.org 80 ###连通性测试 到这个域名的80端口 https://www.unixhot.com/docs/saltstack/ref/modules/all/salt.modules.network.html#module-salt.modules.network
salt 'node1' state.show_top ##查看node1的都有那些状态
include: ##引用web.下的httpd.sls来做配置
- web.httpd
###############################################
salt-run manage.status #####做状态管理
salt- run manage.versions ###查看版本是什么
################################################
自动化安装zabbix-agent
[root@node1 base]#mkdir init zabbix logstash
[root@node1 base]#cd init && mkdir files &&cd files
[root@node1 files]# wget http://mirrors.aliyun.com/repo/epel-7.repo
[root@node1 init]# vim yum_repo.sls
/etc/yum.repos.d/epel-7.repo: ##状态名 直接是路径名
file.managed:
- source: salt://init/files/epel-7.repo
- user: root
- group: root
- mode: 644
[root@node1 base]#cd zabbix && mkdir files && vim zabbix-agent.sls
include:
- init.yum_repo
zabbix-agent: pkg.installed: - name: zabbix22-agent
- require:
- file: /etc/yum.repos.d/epel-7.repo ##依赖这个名称ID
file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://zabbix/files/zabbix_agentd.conf - user: root - group: root - mode: 644 - template: jinja ###变成jinja模版 - defaults: ## 声明以下变量 ZABBIX_SERVER: 10.240.17.103
AGENT_HOSTNAME: {{ grains['fqdn'] }} ###通过grains来获取主机名
- require: ###依赖与zabbix-agent,如果安装成功才执行file.managed
- pkg: zabbix-agent
service.running: ######状态管理
- name: zabbix-agent
- enable: True
- watch: ###依赖于
- file: zabbix-agent ##文件变更就重启
- pkg: zabbix-agent ##包变更就重启
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix/zabbix_agentd.conf.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent ##依赖包 zabbix-agent
- file: zabbix-agent ##依赖文件zabbix-agent
[root@node1 zabbix]#sz /etc/zabbix_agentd.conf
[root@node1 files]#vim zabbix_agentd.conf
Server={{ ZABBIX_SERVER }}
Hostname={{ AGENT_HOSTNAME }}
INCLUDE=/etc/zabbix_agentd.conf.d/
[root@node1 prod]# mkdir -p modules/{apache,haproxy,keeplived,mysql,redis}
[root@node1 prod]# mkdir redis-cluster
[root@node1 prod]# cd modules && cd redis
[root@node1 redis]# vim redis-install.sls ######redis安装
redis-install:
pkg.installed:
- name: redis
[root@node1 redis-cluster]# mkdir files && vim redis-master.sls
include:
- modules.redis.redis-install
redis-master-config:
file.managed:
- name: /etc/redis.conf
- source: salt://redis-cluseter/files/redis-master.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
REDIS_MEM: 1G
redis-master-reivice:
service.running:
- name: redis
- enable: True
- wath:
- file: redis-master-config
[root@node1 redis-cluster]# cd files && sz redis.conf && mv redis.conf redis-master.conf
[root@node1 files]# vim redis-master.conf
61 bind 0.0.0.0
128 daemonize yes
537 maxmemory {{ REDIS_MEM }}
[root@node1 prod]#salt 'node1' state.sls redis-cluster.redis-master test=True saltenv=prod
redis-cli -h 10.240.17.100
https://github.com/unixhot/saltbook-code/tree/master/salt/prod/keepalived
salt-ssh配置
[root@node1 ~]#yum install salt-ssh -y
[root@node1 ~]#vim /etc/salt/roster
node1: host: 10.240.17.100 user: root passwd: 123.com port: 22 node2: host: 10.240.17.103 user: root passwd: 123.com port: 22
[root@node1 ~]#salt-ssh '*' test.ping -i
[root@node1 ~]#salt-ssh '*' -r 'w'
https://www,unixhot.com/docs/saltstack/ref/netapi/all/salt.netapi.rest_cherrypy.html#a--rest-api-for-salt
#########salt-api
[root@node1 ~]#yum install salt-api
[root@node1 ~]# rpm -qa |grep cherry
[root@node1 ~]# yum install pyOpenSSL
[root@node1 ~]# salt-call --local tls.create_self_signed_cert
[root@node1 ~]# vim /etc/salt/master
12 default_include: master.d/*.conf
[root@node1 salt]#mkdir master.d && master.d
[root@node1 master.d]vim api.conf
rest_cherrypy: host: 10.240.17.103 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key
[root@node1 salt]#useradd -M -s /sbin/nologin saltapi ##不创建家目录
[root@node1 salt]#echo "saltapi" |passwd saltapi --stdin ##创建非交互的密码
[root@node1 master.d]#vim auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
[root@node1 salt]# /etc/init.d/salt-master restart
[root@node1 salt]#/etc/init.d/salt-api restart
[root@node1 salt]# netstat- ntlp |grep 8000
[root@node1 salt] #curl -sSk https://10.240.17.103:8000/login \
-H 'Accept: application/x-yaml' \
-d username='saltapi' \
-d password='saltapi' \
-d eauth='pam'
[root@node2 ~]# curl -sSk https://10.240.17.103:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3eb37a72cc8ba6ade1be9bb73753514e746658c4' -d client=local -d tgt='*' -d fun=test.ping
[root@node2 ~]# curl -sSk https://10.240.17.103:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 3eb37a72cc8ba6ade1be9bb73753514e746658c4' -d client=local -d tgt='*' -d fun=cmd.run -d arg='uptime'
########salt-master 集群架构
[root@node1]#vim /etc/master
master:
- 10.240.17.100
- 10.240.17.103
[root@node2]# yum install salt-master -y
[root@node1]#sz /etc/salt/master 传到salt2 /etc/salt/
[root@node1]#yum install nfs-utils -y
[root@node1]#vim /etc/export
/etc/salt/pki/master 10.240.17.100 *(rw,sync,no_root_squash,no_all_squash)
/srv/salt 10.240.17.100 *(rw,sync,no_root_squash,no_all_squash)
[root@node1]# /etc/init.d/nfs start
[root@node2]#showmount -e 10.240.17.103
[root@node2]#mkdir /etc/salt/pki/master
[root@node2]#mkdir /srv/salt
[root@node2]#mount -t nfs 10.240.17.103:/etc/salt/pki/master /etc/salt/pki/master
[root@node2]#mount -t nfs 10.240.17.103:/srv/salt /srv/salt
[root@node2]# systemctl start salt-master
1.master配置文件一样 2.master file_roots一样 3.master公钥和私钥一样4.修改salt-minion配置,设置2个master并重启 5.在另外一台master上同意设置
altStack生产实践建议 1.不建议使用Salt的File模块 目录管理 进行代码部署 命令编排的状态管理 压缩包,file.managed cmd.run 执行部署 2.配置管理,不建议使用salt管理项目代码的配置文件。 分层管理,salt只管理服务例如Nginx Tomcat Apache 3.如果你有固定的文件服务器,可以使用source: salt:// http:// ftp:// 4.SLS版本化 1.创建一个git项目。 2.找一个测试环境,编写SLS,测试,git commit && git push到版本仓库 3.生产环境git pull,测试。全部执行。 1.谁 什么时间 干了什么 输出是什么 5. 使用Master Job Cache保存job的输出到SQL 停机维护: 1.登录到xxx机器 检查:执行hostname检查主机 执行ifconfig检查ip地址 2.执行xxx。关闭xxx 检查:执行netstat -ntlp | grep 80检查端口 执行ps aux | grep nginx检查进程 SaLtStack 二次开发 1.Master Job cache将所有的job输出保存到MySQL 2.如果做管理平台,可以将User id和Jid做关联 3.使用List做目标选择 回忆过去: 1.SLS YAML ID NAME 2.状态模块 pkg file service cmd 3.状态间关系 require require_in watch watch_in unless 4.include minion_id怎么改 1.停止minion服务 2.salt-key -d minionid 删除minion 3.rm -f /etc/salt/minion_id 4.rm -rf /etc/salt/pki 5.修改配置文件id: 6.启动minion. 系统初始化: 1.DNS file.managed 2.防火墙 service.dead 3.selinux file.managed 4.limit设置 file.managed 5.SSH useDNS设置,改端口 file.managed 6.systctl 内核参数调优 systctl 7.关闭不需要的服务 service 8.时间同步 file.managed cron 9.基础软件包 pkg.installed 10.yum源 file.managed 生产环境按项目走 modules/ 基础状态 - files redis-cluster 公用服务 - files sms/ - redis-cluster/redis-master.sls redis-slave.sls - mysql-cluster/mysql-master.sls mysql-slave.sls - nginx shop/ user/
