一.saltstack的概念
1.salt的概念:
一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。
salt底层采用动态的连接总线,使其可以用于编配,远程执行,配置管理
Salt 是:
一个配置管理系统,能够维护预定义状态的远程节点(比如,确保指定的报被安装,指定的服务在运行)
一个分布式远程执行系统,用来在远程节点(可以是单个节点,也可以是任意规则挑选出来的节点)上执行命令和查询数据
2.Salt的核心功能
- 使命令发送到远程系统是并行的而不是串行的
- 使用安全加密的协议
- 使用最小最快的网络载荷
- 提供简单的编程接口
Salt同样引入了更加细致化的领域控制系统来远程执行,使得系统成为目标不止可以通过主机名,还可以通过系统属性。
3.salt的主要优势
快速,灵活,易扩展
能够在1台或多台目标机器上快速执行命令的系统。Salt运行快速,安装简单,高度可定制;Salt用相同的远程执行架构满足管理不同数量服务器的需求。Salt基础设施可以集成最好的远程执行工具,增强了Salt的能力及用途,得到功能丰富实用可以适用于任何网络的系统。
二.配置saltstack
1.配置salt的Master端(server1):
1.)安装salt-master
2.)配置文件
[root@server1 2018]# cd /etc/salt/
[root@server1 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
[root@server1 salt]# vim master
664 file_roots:
665 base:
666 - /srv/salt/
3.)开启服务
[root@server1 salt]# systemctl start salt-master.service
4.)查看端口(4505和4506端口)
5)查看端口占用情况
[root@server1 ~]# yum install -y lsof
[root@server1 ~]# lsof -i :4505 ##查看4505端口被哪些进程占用
2.配置salt的minion端(server2,server3)
1.)安装salt-minion
2.)配置文件
[root@server2 2018]# cd /etc/salt/
[root@server2 salt]# ls
cloud cloud.maps.d master minion.d proxy.d
cloud.conf.d cloud.profiles.d master.d pki roster
cloud.deploy.d cloud.providers.d minion proxy
[root@server2 salt]# vim minion
16行 master: 172.25.13.1
3.)开启服务
`[root@server2 salt]# systemctl restart salt-minion.service
同理server3做和server2同样的操作
3.master和minion交换公钥
4.查看master和minion端的公钥
Master端:
[root@server1 ~]# cd /etc/salt/pki/master/
[root@server1 master]# ls
master.pem minions minions_denied minions_rejected
master.pub minions_autosign minions_pre
[root@server1 master]# md5sum master.pub
cb11d019c7a0e9b6c2152b418ff19134 master.pub
[root@server1 master]# cd minions
[root@server1 minions]# md5sum server2
05b0960a9fe8e3fc4868d53d0b7b1609 server2
Minion端:
[root@server2 ~]# cd /etc/salt/pki/minion/
[root@server2 minion]# ls
minion_master.pub minion.pem minion.pub
[root@server2 minion]# md5sum minion_master.pub
cb11d019c7a0e9b6c2152b418ff19134 minion_master.pub
[root@server2 minion]# md5sum minion.pub
05b0960a9fe8e3fc4868d53d0b7b1609 minion.pub
5.配置完成
三.minion端安装部署apache
1.master端配置
1.)创建目录
[root@server1 salt]# mkdir /srv/salt
2.)进入该创建apache目录
[root@server1 salt]# cd /srv/salt/
[root@server1 salt]# mkdir apache
3.)在apache目录,建立install.sls
[root@server1 salt]# cd apache/
[root@server1 apache]# vim install.sls
[root@server1 apache]# cat install.sls
httpd:
pkg.installed
4.)推送:server2安装apache
[root@server1 apache]# salt server2 state.sls apache.install ##server2安装apache
5.)推送:server2安装httpd,php,httpd-tools
[root@server1 apache]# vim install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
[root@server1 apache]# salt server2 state.sls apache.install
7.)推送server2安装apache服务并设置开机启动
[root@server1 apache]# vim install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
service.running:
- name: httpd
- enable: true
- reload: true
[root@server1 apache]# salt server2 state.sls apache.install
8.)推送:server2 apache修改完配置文件后重启动apache服务
[root@server1 apache]# mkdir files
[root@server1 apache]# cd files/
[root@server1 files]# scp server2:/etc/httpd/conf/httpd.conf .
root@server2's password:
httpd.conf 100% 11KB 11.5KB/s 00:00
[root@server1 files]# ls
httpd.conf
[root@server1 apache]# vim install.sls
httpd:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: /etc/httpd/conf/http.conf
/etc/httpd/conf/http.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
[root@server1 apache]# salt server2 state.sls apache.install
9.)server2查看配置
[root@server2 minion]# yum install -y tree
[root@server2 ~]# cd /var/cache/salt/minion/ ##master端所推送的内容保存在该目录
[root@server2 minion]# ls
accumulator extmods files highstate.cache.p pkg_refresh proc sls.p
[root@server2 minion]# tree .
0.)将apache服务安装和配置推送分开
[root@server1 apache]# vim install.sls
httpd-install:
pkg.installed:
- pkgs:
- httpd
- php
- httpd-tools
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
[root@server1 apache]# vim service.sls
include:
- apache.install
httpd-service:
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: httpd-install
[root@server1 apache]# salt server2 state.sls apache.install
四.minion端安装部署nginx
1.在nginx目录下创建files目录
[root@server1 nginx]# mkdir files
2.nginx-1.15.8.tar.gz源码包放到该目录下
[root@server1 nginx]# cd files/
[root@server1 files]# pwd
/srv/salt/nginx/files
[root@server1 files]# ls ##nginx-1.15.8.tar.gz源码包放到该目录下
nginx-1.15.8.tar.gz
3.推送server3源码安装nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
- make
- pcre-devel
- zlib-devel
file.managed:
- name: /mnt/nginx-1.15.8.tar.gz
- source: salt://nginx/files/nginx-1.15.8.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &>/dev/null
- creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.install
4.将nginx.conf配置文件放到master端/srv/salt/nginx/files目录
[root@server3 ~]# ll /usr/local/nginx/conf/nginx.conf
-rw-r--r-- 1 root root 2656 Jun 11 17:16 /usr/local/nginx/conf/nginx.conf
[root@server3 ~]# scp /usr/local/nginx/conf/nginx.conf server1:/srv/salt/nginx/files
root@server1's password:
nginx.conf 100% 2656 2.6KB/s 00:00
5.master端在/srv/salt/nginx/files将配置nginx.service文件
[root@server1 nginx]# cd files/
[root@server1 files]# vim nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
6.推送nginx服务配置
[root@server1 files]# cd ..
[root@server1 nginx]# vim service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /usr/local/nginx/conf/nginx.conf
- source: salt://nginx/files/nginx.conf
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
[root@server1 nginx]# salt server3 state.sls nginx.service
在server3查看nginx部署情况
[root@server3 system]# ps ax
五.高级方式部署
[root@server1 salt]# vim top.sls
base:
'server2':
- apache.service
'server3':
- nginx.service
[root@server1 salt]# salt '*' state.highstate