目录
1.3、ntp时间同步#先使用pkg模块安装ntp服务,再使用cron模块加入计划任务
2.3、主库配置mariadb-server.cnf,并更改server_id,以及创建主从用户
2.4、从库配置文件的server_id和开启主上的log-bin功能
# shell脚本获取主库获取bin-log值和pos值并授权从库同步
一、系统初始化
# 当我们的服务器上架并安装好操作系统后,都会有一些基础的操作,所以生产环境中使用SaltStack,建议将所有服务器都会涉及的基础配置或者软件部署归类放在base环境下。此处,在base环境下创建一个init目录,将系统初始化配置的sls均放置到init目录下,称为“初始化模块”。
# 以下操作仅为部分示例,具体情况需要提前确认测试
1.1、开启pillar
[root@linux-node1 srv]# mkdir -p /srv/pillar/{base,prod}
[root@linux-node1 salt]# vi /etc/salt/master
pillar_opts: True
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
test:
- /srv/salt/test
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod1.2、系统初始化配置脚本实例
1.1、selinux初始化
# 使用了file模块的managed方法,配置文件disable
[root@linux-node1 init]# cat selinux-init.sls
selinux-config:
file.managed:
- name: /etc/selinux/config
- source: salt://init/files/selinux-config
- user: root
- group: root
- mode: 644
[root@linux-node1 init]# cp /etc/selinux/config files/selinux-config1.2、firewalld初始化
#使用service模块的dead方法,直接关闭firewalld,并禁止开机启动
[root@linux-node1 init]# cat firewalld-init.sls
firewall-stop:
service.dead:
- name: firewalld.service
- enable: False1.3、ntp时间同步#先使用pkg模块安装ntp服务,再使用cron模块加入计划任务
[root@linux-node1 init]# cat ntp-init.sls
ntp-install:
pkg.installed:
- name: ntpdate
cron-ntpdate:
cron.present:
- name: ntpdate time1.aliyun.com
- user: root
- minute: 51.4、内核优化
#使用sysctl模块的present方法,此处演示一部分,这里没有使用name参数,所以id就相当于是name
[root@linux-node1 init]# cat sysctl-init.sls
net.ipv4.tcp_fin_timeout:
sysctl.present:
- value: 2
net.ipv4.tcp_tw_reuse:
sysctl.present:
- value: 1
net.ipv4.tcp_tw_recycle:
sysctl.present:
- value: 1
net.ipv4.tcp_syncookies:
sysctl.present:
- value: 1
net.ipv4.tcp_keepalive_time:
sysctl.present:
- value: 6001.5、DNS解析
[root@linux-node1 init]# vim dns-init.sls
dns-config:
file.managed:
- name: /etc/resolv.conf
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@linux-node1 init]# cp /etc/resolv.conf files/1.6、历史记录优化history
#使用file.append扩展修改HISTTIMEFORMAT的值
[root@linux-node1 init]# vim history-init.sls
history-config:
file.append:
- name: /etc/profile
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
- export HISTSIZE=5
- export HISTFILESIZE=51.7、配置yum源
[root@linux-node1 files]# wget http://mirrors.aliyun.com/repo/epel-7.repo
[root@linux-node1 init]# cat yum-repo.sls
/etc/yum.repos.d/epel-7.repo:
file.managed:
- source: salt://init/files/epel-7.repo
- user: root
- group: root
- mode: 6441.8、基础用户
#增加基础管理用户www,使用user.present和group.present
[root@linux-node1 init]# vim user-www.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/bash
- uid: 1000
- gid: 1000
1.9、常用基础命令
#这里因为各软件包会依赖源,所以使用include讲yum源包含进来,并在pkg.installed最后增加require依赖
[root@linux-node1 init]# vim pkg-base.sls
include:
- init.yum-repo
base-install:
pkg.installed:
- pkgs:
- screen
- lrzsz
- tree
- openssl
- telnet
- iotop
- wget
- lsof
- net-tools
- unzip
- vim
- bind-utils
- require:
- file: /etc/yum.repos.d/epel-7.repo1.10、编写一个总的状态,并写入top file中
[root@linux-node1 init]# cat init-all.sls
include:
- init.yum-repo
- init.firewalld-init
- init.history-init
- init.ntp-init
- init.selinux-init
- init.sysctl-init
- init.user-www[root@linux-node1 base]# cat top.sls
base:
'linux-node(1|2).example.com':
- match: pcre
- init.init-all
[root@linux-node1 ~]# salt '*' state.highstate test=True二、SaltStack部署数据库主从
2.1、准备工作
# 需求分析:
配置MySQL主从的有以下步骤:
(1)MySQL安装初始化---->mysql-install.sls
(2)MySQL的主配置文件my.cnf配置不同的server_id-->mariadb-server-master.cnf、mariadb-server-slave.cnf
(3)创建主从同步用户-->master.sls
(4)master获取bin-log和post值-->通过脚本实现
(5)slave上,change master && start slave-->slave.sls
# 在prod环境下载创建modules和mysql目录
[root@linux-node1 ~]# mkdir -p /srv/salt/prod/modules/mysql/files
# 因为我之前有测试过,为了保证环境原始性,卸载mysql所有数据,各位根据自己情况判断
彻底卸载mysql方法:https://blog.csdn.net/zhwyj1019/article/details/80274269
# 这是部署过程出现的部分问题记录
ERROR
1198 (HY000) at line 1: This operation cannot be performed as you have a running slave ''; run STOP SLAVE '' first
MariaDB [(none)]> slave stop;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'slave stop' at line 1
MariaDB [(none)]> stop slave;
Query OK, 0 rows affected (0.00 sec)ERROR
you need (at least one of) the SUPER, REPLICATION CLIENT privilege(s) for this operation
mysql -u root -p123456 -e "grant replication client on *.* to mqslave@'192.168.56.0/255.255.255.0' identified by 'mqslave';flush privileges;"2.2、配置安装和配置状态文件install.sls
# yum源配置
[root@linux-node1 mysql]# cat repo.sls
repo:
file.managed:
- name: /etc/yum.repos.d/MariaDB.repo
- source: salt://modules/mysql/files/MariaDB.repo
- user: root
- group: root
- mode: 0644# 安装mariadb、拷贝配置文件、监测服务状态
[root@linux-node1 mysql]# cat install.sls
include:
- modules.mysql.repo
mysql-install:
pkg.installed:
- pkgs:
- MariaDB-client
- MariaDB-server
mysql-config:
file.managed:
- name: /etc/my.cnf
# 新版mariadb安装默认无此文件
- source: salt://modules/mysql/files/my.cnf
- user: root
- gourp: root
- mode: 644
mysql-service:
service.running:
- name: mariadb
- enable: True# files目录存放的源文件和通用默认配置文件
[root@linux-node1 mysql]# cat files/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.2/centos7-amd64
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1[root@linux-node1 mysql]# cat files/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#所有配置写入此文件易混乱,include利用目录管理配置
[client-server]
!includedir /etc/my.cnf.d# 安装mariadb数据库,执行sls脚本
[root@linux-node1 mysql]# salt '*' state.sls modules.mysql.install saltenv=prod test=True2.3、主库配置mariadb-server.cnf,并更改server_id,以及创建主从用户
# 配置主库信息、创建复制用户并授权
[root@linux-node1 mysql]# cat master.sls
include:
- modules.mysql.install
master-config:
file.managed:
- name: /etc/my.cnf.d/mariadb-server.cnf
#主从主要区别在于id与log-bin功能
- source: salt://modules/mysql/files/mariadb-server-master.cnf
- user: root
- group: root
- mode: 0644
master-grant:
cmd.run:
#slave和client权限都需要,slave用来配置主从同步认证、地址为从节点、若无该用户则创建
- name: mysqladmin -u root password '123456';mysql -u root -p123456 -e "grant replication slave,replication client on *.* to slave@'192.168.56.0/255.255.255.0' identified by 'slave';flush privileges;"# files目录存放的主库配置文件
[root@linux-node1 mysql]# cat files/mariadb-server-master.cnf
[mysqld]
server_id=11
log-bin=mysql-bin# 配置主库信息,执行sls脚本
[root@linux-node1 mysql]# salt 'linux-node1*' state.sls modules.mysql.master saltenv=prod test=True2.4、从库配置文件的server_id和开启主上的log-bin功能
# 从库配置、认证信息获取
[root@linux-node1 mysql]# cat slave.sls
include:
- modules.mysql.install
slave-config:
file.managed:
- name: /etc/my.cnf.d/mariadb-server.cnf
- source: salt://modules/mysql/files/mariadb-server-slave.cnf
- user: root
- group: root
- mode: 0644
start-slave:
file.managed:
- name: /tmp/start-slave.sh
- source: salt://modules/mysql/files/start-slave.sh
- user: root
- group: root
- mode: 755
cmd.run:
- name: /bin/bash /tmp/start-slave.sh# files目录存放的从库配置文件
[root@linux-node1 mysql]# cat files/mariadb-server-slave.cnf
[mysqld]
server_id=22# shell脚本获取主库获取bin-log值和pos值并授权从库同步
[root@linux-node1 mysql]# cat files/start-slave.sh
#!/bin/bash
#若新装mysql密码为空,脚本不易识别,根据情况使用
#mysqladmin -h 192.168.56.12 -u root password '123456'
mysql -uroot -p123456 -e "stop slave;"
for i in `seq 1 10`
do
mysql -h 192.168.56.11 -uslave -pslave -e "exit"
if [ $? -eq 0 ];then
Bin_log=`mysql -h 192.168.56.11 -uslave -pslave -e "show master status;"|awk 'NR==2{print $1}'`
POS=`mysql -h 192.168.56.11 -uslave -pslave -e "show master status;"|awk 'NR==2{print $2}'`
#授权操作为从库root用户才有权限
mysql -uroot -p123456 -e "change master to master_host='192.168.56.11', master_user='slave',master_port=3306, master_password='slave', master_log_file='$Bin_log', master_log_pos=$POS;start slave;"
exit;
else
sleep 60;
fi
done# 配置从库信息,执行sls脚本
[root@linux-node1 mysql]# salt 'linux-node2*' state.sls modules.mysql.slave saltenv=prod test=True2.5、验证工作
权限分配:
master: root用户登陆数据库修改数据
salve: root用户登陆确认是否同步修改
salve: slave用户相当于主从配置的协助者,主要负责从库获取bin-log值和pos值三、mysql主从修改端口后如何恢复同步状态
3.1、修改默认端口为13306,此时主从同步失败
[root@linux-node1 mysql]# cat /etc/my.cnf.d/server.cnf | grep port
port=13306
[root@linux-node1 mysql]# systemctl restart mysql3.2、主库操作
[root@linux-node1 mysql]# mysql -uroot -p123456
# 如果此前该账号已经授权,可从库直接访问主库,直接使用
# 我之前怀疑需要新建用户,最终确认为访问命令未加端口导致失败报错
# ERROR 2002 (HY000): Can't connect to MySQL server on '192.168.56.11' (115)
MariaDB [mysql]> grant replication client,replication slave on *.* to ssslave@'192.168.56.11:13306' identified by 'ssslave';
#锁定数据库,防止master状态更改
MariaDB [(none)]> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
#记录二进制日志信息
MariaDB [(none)]> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000006
Position: 528
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.00 sec)!!!此时开始搞从库端,配置完成后回来!!!
#解锁
MariaDB [(none)]> unlock tables;
Query OK, 0 rows affected (0.00 sec)
#刷新权限
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)3.3、从库操作
[root@linux-node2 ~]# mysql -uroot -p123456
#停止slave
MariaDB [(none)]> stop slave;
Query OK, 0 rows affected (0.01 sec)
#更新从库权限,host为主库地址,log_file和log_pos参照上文,master_port参数默认3306可以不加,此时必须指定
MariaDB [(none)]> change master to master_host='192.168.56.11',master_port=13306,master_user='slave', master_password='slave',master_log_file='mysql-bin.000006',master_log_pos=528;
Query OK, 0 rows affected (0.00 sec)
#开启slave
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
#显示slave状态
#注意Log_Pos与Log_Pos是否与主库对应,Slave_IO_Running和Slave_SQL_Running为Yes
MariaDB [(none)]> show slave status\G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.56.11
Master_User: slave
Master_Port: 13306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 528
Relay_Log_File: linux-node2-relay-bin.000002
Relay_Log_Pos: 555
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
#此时回到主库解锁、刷新权限、重启服务、测试结果即可