Linux运维: Saltstack 自动化运维(二)

企业开发 2018-07-20 16:09:12 阅读次数: 0

一、minion信息查询

  • 测试所有节点
[root@server3 salt]# salt '*' test.ping
server5:
    True
server3:
    True
server4:
    True
1、查询所有信息
[root@server3 salt]# salt server4 grains.items

这里写图片描述

2、查询指定信息
[root@server3 salt]# salt server4 grains.item os
server4:
    ----------
    os:
        RedHat
[root@server3 salt]# salt server4 grains.item fqdn
server4:
    ----------
    fqdn:
        server4
3、过滤指定信息(G:指定静态)
[root@server3 salt]# salt -G 'fqdn:server5' test.ping
server5:
    True
[root@server3 salt]# salt -G 'name:test' test.ping
server4:
    True
4、根据信息匹配主机
  • 关闭minion端服务 
[root@server4 ~]# /etc/init.d/httpd stop
Stopping httpd:                                            [  OK  ]
[root@server5 ~]# /etc/init.d/nginx status
nginx is stopped
  • master端修改发布订阅信息 
[root@server3 salt]# pwd
/srv/salt
[root@server3 salt]# cat top.sls 
base:
  'server3':
    - haproxy.install
  'roles:apache':   ##采用信息匹配方式
    - match: grain
    - httpd.service
  'server5':
    - nginx.server

[root@server3 salt]# salt '*' state.highstate
  • minion端服务开启 
[root@server4 salt]# /etc/init.d/httpd status
httpd (pid  2963) is running...

[root@server5 ~]# /etc/init.d/nginx status
nginx (pid  1887) is running...

二、静态信息grains定义

1、方法1:
[root@server4 salt]# vim minion
120 grains:
121   roles:
122     - apache

[root@server4 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server4 daemon: OK
Starting salt-minion:root:server4 daemon: OK
  • master查看 roles
[root@server3 salt]# salt server4 grains.item roles
server4:
    ----------
    roles:
        - apache
2、方法2:
[root@server4 salt]# vim grains
[root@server4 salt]# cat grains 
name: test

[root@server4 salt]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server4 daemon: OK
Starting salt-minion:root:server4 daemon: OK
  • master查看 name
[root@server3 salt]# salt server4 grains.item name
server4:
    ----------
    name:
        test
3、方法3:
[root@server4 salt]# cat grains 
name: test
state: Running
  • master查看 state
[root@server3 salt]# salt server4 saltutil.sync_grains
server4:
[root@server3 salt]# salt server4 grains.item state
server4:
    ----------
    state:
        Running
4、方法4:
[root@server3 salt]# mkdir _grains
[root@server3 salt]# cd _grains/
[root@server3 _grains]# vim my_grains.py
#!/usr/bin/env python

def my_grains():
    grains = {};
    grains['Age'] = '20'
    return grains

[root@server3 _grains]# salt server4 saltutil.sync_grains
server4:
    - grains.my_grains
[root@server3 _grains]# salt server4 grains.item Age
server4:
    ----------
    Age:
        20
  • minion端同步信息(top.sls信息与master一致)
[root@server4 base]# pwd
/var/cache/salt/minion/files/base
[root@server4 base]# tree .
.
├── _grains
│   └── my_grains.py
├── httpd
│   ├── apache.sls
│   ├── files
│   │   └── httpd.conf
│   ├── install.sls
│   └── service.sls
└── top.sls

三、动态信息 pillar 定义

1、配置文件修改
[root@server3 _grains]# cd /etc/salt/
[root@server3 salt]# vim master
 694 pillar_roots:
 695   base:
 696     - /srv/pillar

[root@server3 salt]# mkdir /srv/pillar
[root@server3 salt]# /etc/init.d/salt-master restart
Stopping salt-master daemon:                               [  OK  ]
Starting salt-master daemon:                               [  OK  ]
2、建立pillar推送信息
[root@server3 salt]# cd /srv/pillar
[root@server3 pillar]# mkdir web
[root@server3 pillar]# vim web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
{% elif grains['fqdn'] == 'server5' %}
webserver: nginx
{% elif grains['fqdn'] == 'server3' %}
webserver: haproxy
{% endif %}

[root@server3 pillar]# vim top.sls
base:
  '*':
    - web.install
3、刷新 piller
[root@server3 pillar]# salt '*' saltutil.refresh_pillar
server3:
    True
server5:
    True
server4:
    True
  • 获取 piller 信息
[root@server3 pillar]# salt '*' pillar.items
server3:
    ----------
    webserver:
        haproxy
server5:
    ----------
    webserver:
        nginx
server4:
    ----------
    webserver:
        httpd
  • 指定信息查询(I:动态信息
[root@server3 pillar]# salt -I 'webserver:nginx' cmd.run hostname
server5:
    server5
[root@server3 pillar]# salt -I 'webserver:haproxy' cmd.run hostname
server3:
    server3
[root@server3 pillar]# salt -I 'webserver:httpd' cmd.run hostname
server4:
    server4
4、查询同一Vlan的活跃主机
[root@server3 pillar]# salt -S 172.25.120.0/24 test.ping
server4:
    True
server5:
    True
server3:
    True

四、不同主机设定不同参数(jinja模板)

  • {% %}:定义
  • {{ }}:取值
1、配置httpd服务端口
  • 脚本定义固定端口
[root@server3 salt]# vim httpd/service.sls 
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root
    - template: jinja
    - contest:
      port: 8080
  • 配置文件 port 设为变量
[root@server3 salt]# vim httpd/files/httpd.conf 
 135 #Listen 12.34.56.78:80
 136 Listen {{ port }}

[root@server3 salt]# salt server4 state.sls httpd.service
              ----------
              diff:
                  ---  
                  +++  
                  @@ -133,7 +133,7 @@
                   # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
                   #
                   #Listen 12.34.56.78:80
                  -Listen 80
                  +Listen 8080

                   #
                   # Dynamic Shared Object (DSO) Support
----------
2、定义为动态信息(无需刷新)
[root@server3 salt]# vim /srv/pillar/web/install.sls 
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
port: 80    ##不同主机指定不同参数
{% elif grains['fqdn'] == 'server5' %}
webserver: nginx
{% elif grains['fqdn'] == 'server3' %}
webserver: haproxy
{% endif %}

[root@server3 salt]# vim httpd/service.sls 
/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root
    - template: jinja
    - contest:      ##取值 port
      port: {{ pillar['port'] }}

[root@server3 salt]# salt server4 state.sls httpd.service
              ----------
              diff:
                  ---  
                  +++  
                  @@ -133,7 +133,7 @@
                   # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
                   #
                   #Listen 12.34.56.78:80
                  -Listen 8080
                  +Listen 80

                   #
                   # Dynamic Shared Object (DSO) Support
----------
3、模板导入的格式
[root@server3 salt]# vim lib.sls
{% set bind = '172.25.120.4' %}

[root@server3 salt]# vim httpd/files/httpd.conf
   1 {% from 'lib.sls' import bind with context %}
 136 #Listen 12.34.56.78:80
 137 Listen {{ bind }}:{{ port }}
  • 推送ok
[root@server3 salt]# salt server4 state.sls httpd.service
                  @@ -133,7 +134,7 @@
                   #Listen 12.34.56.78:80
                  -Listen 8080
                  +Listen 172.25.120.4:8080
  • 改变监听端口,需要重启(修改脚本,reload-> restart)
[root@server4 ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [FAILED]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using 172.25.120.4 for ServerName
                                                           [  OK  ]
[root@server4 ~]# netstat -antuple | grep http
tcp        0      0 172.25.120.4:8080           0.0.0.0:*                   LISTEN      0          14850      3517/httpd
4、grains方法
[root@server3 salt]# vim httpd/files/httpd.conf     ##注释:模块
   1 #{% from 'lib.sls' import bind with context %}
 136 #Listen 12.34.56.78:80
 137 Listen {{ bind }}:{{ port }}

[root@server3 salt]# vim httpd/service.sls
    - template: jinja
    - contest:
      port: {{ pillar['port'] }}
      bind: {{ grains['ipv4'][-1] }}

[root@server3 salt]# salt server4 state.sls httpd.service
------------
Succeeded: 3 (changed=2)
Failed:    0
------------
5、pillar、grains取值
[root@server3 salt]# vim httpd/service.sls
#    - contest:
#      port: {{ pillar['port'] }}
#      bind: {{ grains['ipv4'][-1] }}

[root@server3 salt]# vim /srv/pillar/web/install.sls
port: 80

[root@server3 salt]# vim httpd/files/httpd.conf 
 136 #Listen 12.34.56.78:80
 137 Listen {{ grains['fqdn_ip4'][0] }}:{{ pillar['port'] }}

[root@server3 salt]# salt server4 state.sls httpd.service
                   #Listen 12.34.56.78:80
                  -Listen 172.25.120.4:8080
                  +Listen 172.25.120.4:80
6、pillar方法
[root@server3 salt]# vim httpd/service.sls 
    - template: jinja
    - contest:
      port: {{ pillar['port'] }}
      bind: {{ pillar['bind'] }}

[root@server3 salt]# vim /srv/pillar/web/install.sls
{% if grains['fqdn'] == 'server4' %}
webserver: httpd
port: 80
bind: 172.25.120.4

[root@server3 salt]# salt server4 state.sls httpd.service

五、Saltstack一键部署keepalived

  • 业余版:
[root@server3 keepalived]# salt server3 state.sls keepalived.install
include:
  - pkgs.make

keepalived-install:
  file.managed:
    - name: /opt/keepalived-1.4.3.tar.gz
    - source: salt://keepalived/files/keepalived-1.4.3.tar.gz

  cmd.run:
    - name: cd /opt && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make > /dev/null && make install > /dev/null && cd /usr/local/keepalived/etc/rc.d/init.d && chmod +x keepalived && ln -s /usr/local/keepalived/etc/keepalived/ /etc&& ln -s /usr/local/keepalived/etc/sysconfig/keepalived  /etc/sysconfig/ && ln -s /usr/local/keepalived/etc/rc.d/init.d/keepalived  /etc/init.d/ && ln -s /usr/local/keepalived/sbin/keepalived /sbin/
    - creates: /usr/local/keepalived
1、准备配置文件(可以先推送业余版)
[root@server3 salt]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf keepalived/files/
[root@server3 salt]# cp /usr/local/keepalived/etc/rc.d/init.d/keepalived keepalived/files/
[root@server3 salt]# ls keepalived/files/keepalived 
keepalived  keepalived-1.4.3.tar.gz  keepalived.conf
2、修改配置文件
[root@server3 salt]# vim keepalived/files/keepalived.conf 
  3 global_defs {
  4    notification_email {
  5         root@localhost
  6    }
  7    notification_email_from keepalived@localhost
  8    smtp_server 127.0.0.1
 12    #vrrp_strict     ##注释,否则火墙会出问题
 18     state {{ STATE }}   ##获取变量值
 20     virtual_router_id {{ vrid }}
 21     priority {{ priority }}
 27     virtual_ipaddress { ##配置VIP
 28         172.25.120.100
 29     }
3、编写脚本
[root@server3 salt]# vim keepalived/install.sls 
include:
  - pkgs.make
keepalived-install:
  file.managed:
    - name: /opt/keepalived-1.4.3.tar.gz
    - source: salt://keepalived/files/keepalived-1.4.3.tar.gz
  cmd.run:
    - name: cd /opt && tar zxf keepalived-1.4.3.tar.gz && cd keepalived-1.4.3 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make > /dev/null && make install > /dev/null
    - creates: /usr/local/keepalived
/etc/sysconfig/keepalived:
  file.symlink:
    - target : /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
  file.symlink:
    - target : /usr/local/keepalived/sbin/keepalived
/etc/keepalived:
  file.directory:
    - mode: 755

[root@server3 salt]# vim keepalived/service.sls
include:
  - keepalived.install

/etc/keepalived/keepalived.conf:
  file.managed:
    - source: salt://keepalived/files/keepalived.conf
    - template: jinja
    - context:
      STATE: {{ pillar['state'] }}
      vrid: {{ pillar['vrid'] }}
      priority: {{ pillar['priority'] }}

keepalived-service:
  file.managed:
    - name: /etc/init.d/keepalived
    - source: salt://keepalived/files/keepalived
    - mode: 755

  service.running:
    - name: keepalived
    - reload: True
    - watch:
      - file: /etc/keepalived/keepalived.conf
4、定义变量
[root@server3 salt]# cd ..
[root@server3 srv]# cd pillar/
[root@server3 pillar]# mkdir keepalived
[root@server3 pillar]# cp web/install.sls keepalived/install.sls
[root@server3 pillar]# vim keepalived/install.sls 
{% if grains['fqdn'] == 'server3' %}
state: MASTER
vrid: 120
priority: 100
{% elif grains['fqdn'] == 'server6' %}
state: BACKUP
vrid: 120
priority: 50
{% endif %}
5、修改base
[root@server3 pillar]# vim top.sls 
base:
  'server4':
    - web.install
  'server5':
    - web.install
  'server3':
    - keepalived.install
  'server6':
    - keepalived.install

[root@server3 pillar]# cd ..
[root@server3 srv]# cd salt/
[root@server3 salt]# vim top.sls
base:
  'server3':
    - haproxy.install
    - keepalived.service
  'server6':
    - haproxy.install
    - keepalived.service
  'roles:apache':
    - match: grain
    - httpd.service
  'server5':
    - nginx.server
6、推送
[root@server3 salt]# salt '*' state.highstate
  • ok后查看VIP
[root@server3 salt]# ip addr
2: eth0:
    inet 172.25.120.3/24 brd 172.25.120.255 scope global eth0
    inet 172.25.120.100/32 scope global eth0
7、keepalived测试
  • 访问vip出现轮询
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5
  • 测试高可用
[root@server3 salt]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5
[root@server3 salt]# curl 172.25.120.100
server4
[root@server3 salt]# curl 172.25.120.100
server5

猜你喜欢

转载自blog.csdn.net/For_myself0/article/details/81111890
今日推荐
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
Java自定义时间格式
同步整形电路
在开发中最最最常用的字符串的属性大集合
Linux 查看端口占用并杀掉
Java基础四:ArrayList
多线程之死锁就是这么简单
mysql 基础命令集
awk 命令详解
Centos6.3编译安装nginx+php步骤
OCR (Optical Character Recognition,光学字符识别)
每日归档
更多
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022