Saltstack部署
一、安装 salt
- 1个master(server3)
- 2个minion(server4、server5)
1、配置yum源(以master为例)
[root@server3 ~]# cat /etc/yum.repos.d/rhel-source.repo
[rhel-source]
name=Red Hat Enterprise Linux $releasever - $basearch - Source
baseurl=http:
enabled=1
gpgcheck=1
gpgkey=file:
[slat]
name=slatstack
baseurl=http:
gpgcheck=0
##注意:rhel6目录必须全是rpm包!
##createrepo -v /var/www/html/pub/rhel6/
##/var/www/html/pub/rhel6/下会生成repodata文件
[kiosk@foundation120 Desktop]$ ls /var/www/html/pub/rhel6/
libyaml-0.1.3-4.el6.x86_64.rpm
python-babel-0.9.4-5.1.el6.noarch.rpm
python-backports-1.0-5.el6.x86_64.rpm
python-backports-ssl_match_hostname-3.4.0.2-2.el6.noarch.rpm
python-chardet-2.2.1-1.el6.noarch.rpm
python-cherrypy-3.2.2-4.el6.noarch.rpm
python-crypto-2.6.1-3.el6.x86_64.rpm
python-crypto-debuginfo-2.6.1-3.el6.x86_64.rpm
python-enum34-1.0-4.el6.noarch.rpm
python-futures-3.0.3-1.el6.noarch.rpm
python-impacket-0.9.14-1.el6.noarch.rpm
python-jinja2-2.8.1-1.el6.noarch.rpm
python-msgpack-0.4.6-1.el6.x86_64.rpm
python-ordereddict-1.1-2.el6.noarch.rpm
python-requests-2.6.0-3.el6.noarch.rpm
python-setproctitle-1.1.7-2.el6.x86_64.rpm
python-six-1.9.0-2.el6.noarch.rpm
python-tornado-4.2.1-1.el6.x86_64.rpm
python-urllib3-1.10.2-1.el6.noarch.rpm
python-zmq-14.5.0-2.el6.x86_64.rpm
PyYAML-3.11-1.el6.x86_64.rpm
repodata
salt-2016.11.3-1.el6.noarch.rpm
salt-api-2016.11.3-1.el6.noarch.rpm
salt-cloud-2016.11.3-1.el6.noarch.rpm
salt-master-2016.11.3-1.el6.noarch.rpm
salt-minion-2016.11.3-1.el6.noarch.rpm
salt-ssh-2016.11.3-1.el6.noarch.rpm
salt-syndic-2016.11.3-1.el6.noarch.rpm
zeromq-4.0.5-4.el6.x86_64.rpm
2、查看yum源
[root@server3 ~]# yum repolist
repo id repo name status
rhel-source Red Hat Enterprise Linux 6Server - x86_64 - Source 3,690
slat slatstack 29
repolist: 3,719
[root@server3 ~]# yum list salt-*
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
salt.noarch 2016.11.3-1.el6 slat
salt-api.noarch 2016.11.3-1.el6 slat
salt-cloud.noarch 2016.11.3-1.el6 slat
salt-master.noarch 2016.11.3-1.el6 slat
salt-minion.noarch 2016.11.3-1.el6 slat
salt-ssh.noarch 2016.11.3-1.el6 slat
salt-syndic.noarch
3、安装 salt-master(minion端安装salt-minion)
[root@server3 ~]
二、配置 salt
1、master 端
[root@server3 ~]
[root@server3 salt]
14
15 interface: 172.25.120.3
[root@server3 salt]
Starting salt-master daemon: [ OK ]
[root@server3 salt]
tcp 0 0 172.25.120.3:4506 0.0.0.0:* LISTEN 0 14121 1427/python2.6
BLISHED 0 17107 1421/python2.6
tcp 0 0 172.25.120.3:4505
- 4505端口:链接用的,发布订阅
- 4506端口:请求响应,模式为:zmq(消息队列)
2、minion端(两台主机操作一致)
[root@server4 ~]
[root@server4 salt]
15
16 master: 172.25.120.3
[root@server4 salt]
Starting salt-minion:root:server4 daemon: OK
- 启动ok后,会生成 minion_id文件
- 注意:修改 IP 或 hostname 时,必须删除该文件
[root@server4 salt]# ls
cloud cloud.maps.d master minion.d proxy
cloud.conf.d cloud.profiles.d master.d minion_id proxy.d
cloud.deploy.d cloud.providers.d minion pki roster
3、master 端
[root@server3 salt]
Accepted Keys:
Denied Keys:
Unaccepted Keys:
server4
server5
Rejected Keys:
[root@server3 salt]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4
server5
Proceed? [n/Y] Y
Key for minion server4 accepted.
Key for minion server5 accepted.
[root@server3 salt]# salt-key -L
Accepted Keys:
server4
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:
salt-key : 实质上,是将master和minion的公钥互换
[root@server3 master]
/etc/salt/pki/master
[root@server3 master]
master.pem minions minions_denied minions_rejected
master.pub minions_autosign minions_pre
[root@server3 master]
c39940d38b03b9ca39417902e632d63c master.pub
[root@server4 minion]# pwd
/etc/salt/pki/minion
[root@server4 minion]# ls
minion_master.pub minion.pem minion.pub
[root@server4 minion]# md5sum minion_master.pub
c39940d38b03b9ca39417902e632d63c minion_master.pub
三、查看salt的相关信息
1、master端查看tree结构
[root@server3 pki]
/etc/salt/pki
[root@server3 pki]
.
├── master
│ ├── master.pem
│ ├── master.pub
│ ├── minions
│ │ ├── server4
│ │ └── server5
│ ├── minions_autosign
│ ├── minions_denied
│ ├── minions_pre
│ └── minions_rejected
└── minion
2、minion查看tree结构
[root@server4 salt]# cd pki/
[root@server4 pki]# tree .
.
├── master
└── minion
├── minion_master.pub
├── minion.pem
└── minion.pub
3、查看链接情况
[root@server3 pki]# lsof -i :4505
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1421 root 16u IPv4 14111 0t0 TCP 172.25.120.3:4505 (LISTEN)
salt-mast 1421 root 18u IPv4 17107 0t0 TCP 172.25.120.3:4505->172.25.120.5:58887 (ESTABLISHED)
salt-mast 1421 root 19u IPv4 17120 0t0 TCP 172.25.120.3:4505->172.25.120.4:49831 (ESTABLISHED)
[root@server3 pki]# lsof -i :4506
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
salt-mast 1427 root 24u IPv4 14121 0t0 TCP 172.25.120.3:4506 (LISTEN)
4、查看python端口进程
[root@server3 pki]
[root@server3 pki]
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server3 pki]
3356 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ProcessMan
3357 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Multiproce
3358 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ZeroMQPubS
3361 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d EventPubli
3363 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d Maintenanc
3364 ? S 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d ReqServer_
3365 ? Sl 0:00 /usr/bin/python2.6 /usr/bin/salt-master -d MWorkerQue
3366 ? Sl 0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-0
3372 ? Sl 0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-1
3374 ? Sl 0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-2
3375 ? Sl 0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-3
3376 ? Sl 0:01 /usr/bin/python2.6 /usr/bin/salt-master -d MWorker-4
5、测试salt服务
[root@server3 master]# salt '*' test.ping
server5:
True
server4:
True
[root@server3 master]# salt '*' cmd.run hostname
server5:
server5
server4:
server4
四、配置自动化部署
1、修改配置文件
[root@server3 ~]
[root@server3 salt]
534 file_roots:
535 base:
536 - /srv/salt
[root@server3 salt]
[root@server3 salt]
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
2、配置部署脚本
- 同样的id,同样的模块只能掉用1次!!
- yum源必须ok!
[root@server3 salt]
[root@server3 salt]
[root@server3 salt]
[root@server3 httpd]
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
3、测试、执行脚本
[root@server3 httpd]# salt server4 state.sls httpd.apache test=true
ID: apache-install
Function: pkg.installed
Result: None
Comment: The following packages would be installed/updated: httpd, php
Started: 10:53:39.185588
Duration: 327.12 ms
Changes:
Succeeded: 1 (unchanged=1)
[root@server3 httpd]# salt server4 state.sls httpd.apache
Succeeded: 1 (changed=1)
Total states run: 1
Total run time: 18.215 s
4、minion端查看
[root@server4 ~]# rpm -q httpd php ##安装ok
httpd-2.2.15-29.el6_4.x86_64
php-5.3.3-26.el6.x86_64
5、脚本格式2
[root@server3 httpd]# pwd
/srv/salt/httpd
[root@server3 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
[root@server3 httpd]# salt server4 state.sls httpd.apache
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 10:55:42.040815
Duration: 320.055 ms
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 10:55:42.361039
Duration: 0.558 ms
Changes:
Succeeded: 2
五、salt 服务部署
1、apache 服务部署
[root@server3 httpd]# vim apache.sls
apache-service:
service.running:
- name: httpd
- enable: True
[root@server3 httpd]# salt server4 state.sls httpd.apache
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 11:35:50.028076
Duration: 176.266 ms
Changes:
----------
httpd:
True
Succeeded: 2 (changed=1)
[root@server4 ~]
tcp 0 0 :::80 :::* LISTEN 0 15909 1684/httpd
2、更改httpd的默认端口
[root@server4 ~]
[root@server4 conf]
[root@server3 httpd]# pwd
[root@server3 httpd]# mkdir files
[root@server3 httpd]# vim files/httpd.conf ##修改端口
[root@server3 httpd]# vim apache.sls ##修改脚本
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
[root@server3 httpd]# salt server4 state.sls httpd.apache
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 11:43:36.819359
Duration: 63.22 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 11:43:36.907022
Duration: 58.512 ms
Changes:
----------
httpd:
True
Succeeded: 3 (changed=2)
[root@server4 conf]
tcp 0 0 :::8080 :::* LISTEN 0 16263 1684/httpd
3、多种格式
[root@server3 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
[root@server3 httpd]# vim apache.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-install
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
4、节耦(安装、管理分开)
[root@server3 httpd]# pwd
[root@server3 httpd]# ls
files install.sls service.sls
[root@server3 httpd]# cat service.sls
include:
- httpd.install
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
httpd:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
六、salt源码部署nginx
1、配置nginx目录
[root@server3 nginx]# pwd
[root@server3 nginx]# mkdir files
[root@server3 files]# ls
nginx-1.10.1.tar.gz
[root@server3 files]# cd ..
[root@server3 nginx]# vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
file.managed:
- name: /opt/nginx-1.10.1.tar.gz
- source: salt://nginx/files/nginx-1.10.1.tar.gz
cmd.run:
- name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
- creates: /usr/local/nginx
[root@server3 nginx]# salt server5 state.sls nginx.install
Summary for server5
------------
Succeeded: 5 (changed=1)
Failed: 0
------------
[root@server5 opt]
[root@server5 nginx]
conf html logs sbin
2、配置nginx
- pkgs:依赖性;(相当于python的模块)
- users:创建用户;
[root@server3 salt]
/srv/salt
[root@server3 salt]
httpd nginx pkgs users
[root@server3 salt]# cat pkgs/make.sls
make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
[root@server3 salt]# cat users/nginx.sls
nginx-group:
group.present:
- name: nginx
- gid: 800
nginx-user:
user.present:
- name: nginx
- shell: /sbin/nologin
- home: /usr/local/nginx
- createhome: false
- uid: 800
- gid: 800
[root@server3 salt]# ls nginx/
files install.sls server.sls
[root@server3 salt]# ls nginx/files/
nginx nginx-1.10.1.tar.gz nginx.conf
- nginx启动脚本(物理主机:saltstack)
- nginx安装脚本
[root@server3 salt]# cat nginx/install.sls
include:
- pkgs.make
- users.nginx
nginx-install:
file.managed:
- name: /opt/nginx-1.10.1.tar.gz
- source: salt://nginx/files/nginx-1.10.1.tar.gz
cmd.run:
- name: cd /opt && tar zxf nginx-1.10.1.tar.gz && cd nginx-1.10.1 && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make > /dev/null && make install > /dev/null
- creates: /usr/local/nginx
[root@server3 salt]# cat nginx/server.sls
include:
- nginx.install
- users.nginx
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
3、minion测试
- master端:修改配置文件,指定用户组:nginx,进程:2
[root@server5 init.d]# ps aux
nginx 5197 0.0 0.2 45636 1976 ? S 16:14 0:00 nginx: worker process
nginx 5198 0.0 0.2 45636 1908 ? S 16:14 0:00 nginx: worker process
七、一键部署haproxy
1、部署多节点(3个节点,master主机安装minion)
[root@server3 salt]
[root@server3 salt]
[root@server3 salt]
[root@server3 salt]
Stopping salt-minion:root:server3 daemon: OK
Starting salt-minion:root:server3 daemon: OK
2、配置yum源
[root@server3 salt]
[root@server3 salt]
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Available Packages
haproxy.x86_64 1.4.24-2.el6 LoadBalancer
3、配置salt
[root@server3 salt]
The following keys are going to be accepted:
Unaccepted Keys:
server3
Proceed? [n/Y] Y
Key for minion server3 accepted.
[root@server3 salt]
Accepted Keys:
server3
server4
server5
Denied Keys:
Unaccepted Keys:
Rejected Keys:
4、配置haproxy
[root@server3 salt]
[root@server3 salt]
[root@server3 salt]
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
[root@server3 haproxy]
server3:
----------
ID: haproxy-install
Function: pkg.installed
Result: True
Summary for server3
------------
Succeeded: 1
Failed: 0
------------
[root@server3 salt]
[root@server3 haproxy]
[root@server3 haproxy]
[root@server3 haproxy]
[root@server3 haproxy]
haproxy-install:
pkg.installed:
- pkgs:
- haproxy
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://haproxy/files/haproxy.cfg
service.running:
- name: haproxy
- reload: True
- watch:
- file: haproxy-install
[root@server3 haproxy]
frontend main *:80
default_backend app
backend app
balance roundrobin
server app1 172.25.120.4:80 check
server app2 172.25.120.5:80 check
[root@server3 salt]
base:
'server3':
- haproxy.install
'server4':
- httpd.service
'server5':
- nginx.server
[root@server3 salt]
5、访问 172.25.120.3 (出现轮询ok)
[root@server4 ~]
server4
[root@server5 ~]
server5
轮询测试
[root@server3 ~]
server4
[root@server3 ~]
server5
[root@server3 ~]
server4
[root@server3 ~]
server5