文章目录
1. pillar
1.1 pillar简介
- pillar和grains-样也是一个数据系统,但是应用场景不同。
- pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用户名密码等),而且可以指定某一个minion才 可以看到对应的信息。
- pillar更加适合在配置管理中运用
1.2 常用命令
- 刷新pillar数据
salt '*' saltutil.refresh_pillar
- 查询pillar数据
salt '*' pillar.items
salt '*' pillar.item XXX
- 数据匹配
salt -I XXX:XXX test.ping
1.3 定义pillar
- 创建pillar默认目录
mkdir /srv/pillar
- 自定义pillar项
vim /srv/pillar/package.sls
{
% if grains['fqdn'] == 'server3' %}
package: nginx
{
% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.17.2
{
% endif %}
vim /srv/pillar/top.sls
base:
'*':
- package
- 刷新pillar数据
salt '*' saltutil.refresh_pillar
- 查询pillar数据
salt '*' pillar.items
salt '*' pillar.item package
- 数据匹配
salt -I package:nginx test.ping
1.4 应用于apache
vim /srv/pillar/package.sls
{
% if grains['fqdn'] == 'server3' %}
package: nginx
{
% elif grains['fqdn'] == 'server2' %}
port: 8080
bind: 192.168.17.2
{
% endif %}
vim /srv/salt/apache/init.sls
apache:
pkg.installed:
- pkgs:
- httpd
file.managed:
- source: salt://apache/files/httpd.conf
- name: /etc/httpd/conf/httpd.conf
- template: jinja
- context:
port: {
{
pillar['port'] }}
bind: {
{
pillar['bind'] }}
service.running:
- name: httpd
- enable: true
- watch:
- file: apache
vim /srv/salt/apache/files/httpd.conf
Listen {
{
bind }}:{
{
port }}
salt server2 state.sls apache
1.5 应用于jinja模板import导入变量
vim /srv/salt/apache/lib.sls
{
% set port = 80 %}
vim /srv/salt/apache/files/httpd.conf
{
% from 'apache/lib.sls' import port %}#做完实验删除
Listen {
{
bind }}:{
{
port }}
salt server2 state.sls apache
【发现在 /srv/pillar/package.sls 和 /srv/salt/apache/lib.sls 都定义了port
变量,最后读取的才被使用,lib.sls
的port80被使用】
2. keepalived自动化
2.1 配置
vim /srv/salt/apache/files/httpd.conf
Listen {
{
port }}
- 建立keepalived目录
mkdir /srv/salt/keepalived
mkdir /srv/salt/keepalived/files
vim /srv/salt/keepalived/init.sls
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {
{
pillar['state'] }}
VRID: {
{
pillar['vrid'] }}
PRI: {
{
pillar['pri'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
vim /srv/pillar/package.sls
{
% if grains['fqdn'] == 'server3' %}
package: nginx
state: BACKUP
vrid: 51
pri: 50
{
% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 192.168.17.2
state: MASTER
vrid: 51
pri: 100
{
% endif %}
vim /srv/salt/keepalived/files/keepalived.conf
:编辑jinja模板
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {
{
STATE }}
interface ens33#自己的接口名
virtual_router_id {
{
VRID }}
priority {
{
PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.17.100
}
}
vim /srv/salt/top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
salt '*' state.highstate
2.2 测试
- 查看实验结果:
- 当停掉server2的keepalived时,BACKUP端:server3自动开启
- 再次
salt '*' state.highstate
,server2的keepalived自动开启,自动添加VIP
3. 自动化部署zabbix监控平台
master端:server1:192.168.17.1
zabbix-server端:server2:192.168.17.2
zabbix-数据库端:server3:192.168.17.3
3.1 文件结构
mkdir -p /srv/salt/zabbix-server/files
mkdir -p /srv/salt/mysql/files
3.2 模板文件
server2文件可通过如下命令得到
salt server2 state.sls zabbix-server
server3文件可通过如下命令得到
salt server3 state.sls mysql
my.cnf
scp server3:/etc/my.cnf /srv/salt/mysql/files/
vim /srv/salt/mysql/files/my.cnf
log-bin=mysql-bin
character-set-server=utf8
create.sql
cd /srv/salt/mysql/files/
scp server2:/usr/share/doc/zabbix-server-mysql-4.0.5/create.sql.gz .
gunzip create.sql.gz
zabbix_server.conf
scp server2:/etc/zabbix/zabbix_server.conf /srv/salt/zabbix-server/files/
vim /srv/salt/zabbix-server/files/zabbix_server.conf
91 DBHost=192.168.17.3#数据库端IP
100 DBName=zabbix
116 DBUser=zabbix
124 DBPassword=westos
zabbix.conf
scp server2:/etc/httpd/conf.d/zabbix.conf /srv/salt/zabbix-server/files/
vim /srv/salt/zabbix-server/files/zabbix.conf
:修改时区为:Asia/Shanghai
zabbix.conf.php:初始化文件(避免初始化)
scp server2:/etc/zabbix/web/zabbix.conf.php /srv/salt/zabbix-server/files/
(在zabbix平台部署好之后,在前端页面初始化即可在zabbix-server端生成该文件)
3.3 编写.sls文件
/srv/salt/zabbix-server/init.sls
zabbix-server:
pkgrepo.managed:
- name: zabbix
- humanname: zabbix 4.0
- baseurl: http://192.168.17.1/4.0/#软件仓库
- gpgcheck: 0
pkg.installed:
- pkgs:
- zabbix-server-mysql
- zabbix-agent
- zabbix-web-mysql
file.managed:
- name: /etc/zabbix/zabbix_server.conf
- source: salt://zabbix-server/files/zabbix_server.conf
service.running:
- name: zabbix-server
- enable: true
- watch:
- file: zabbix-server
zabbix-agent:
service.running
zabbix-web:
file.managed:
- name: /etc/httpd/conf.d/zabbix.conf
- source: salt://zabbix-server/files/zabbix.conf
service.running:
- name: httpd
- enable: true
- watch:
- file: zabbix-web
/etc/zabbix/web/zabbix.conf.php:
file.managed:
- source: salt://zabbix-server/files/zabbix.conf.php
/srv/salt/mysql/init.sls
mysql-install:
pkg.installed:
- pkgs:
- mariadb-server
- MySQL-python
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
service.running:
- name: mariadb
- enable: true
- watch:
- file: mysql-install
mysql-config:
mysql_database.present:
- name: zabbix
mysql_user.present:
- name: zabbix
- host: '%'
- password: "westos"
mysql_grants.present:
- grant: all privileges
- database: zabbix.*
- user: zabbix
- host: '%'
file.managed:
- name: /mnt/create.sql
- source: salt://mysql/files/create.sql
cmd.run:
- name: mysql zabbix < /mnt/create.sql && touch /mnt/zabbix.lock
- creates: /mnt/zabbix.lock
/srv/salt/top.sls
base:
'roles:apache':
- match: grain
- zabbix-server
'roles:nginx':
- match: grain
- mysql
salt '*' state.highstate
:高级推