学习saltstack (六)
Slatstack 介绍
官方源:http://repo.saltstack.com/ (介绍各操作系统安装方法)
centos 6源
|
1
|
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el6.noarch.rpm |
centos 7 源
|
1
|
yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch.rpm |
http://repo.saltstack.com/yum/redhat/7/x86_64
基于python开发,提供REST API接口
三大功能: 远程执行、配置管理(状态)、云管理
其它:Puppet(ruby)、ansible(python)
四种运行方式:Local、Minion/Master(C/S)、Syndic(代理,类似zabbix proxy)、Salt SSH
快速安装
- 安装
服务端
|
1
|
yum install salt-master salt-minion -y |
客户端
|
1
|
yum install salt-minion -y |
启动服务端
|
1
|
systemctl start salt-master |
配置客户端
|
1
2
3
|
vim /etc/salt/minionmaster: 192.168.137.11 # 配置master地址id: # 每台主机的唯一标识,不配置默认为主机名 |
启动客户端
|
1
|
systemctl start salt-minion |
启动后/etc/salt下生成minion_id文件,默认为主机名
如果修改id,需要删除minion_id
- master和minion启动后pki介绍
第一次启动minion在/etc/salt下生成pki文件目录
包含minion的公钥minion.pub和私钥minion.pem
第一次启动master在/etc/salt下生成pki文件目录
包含master的公钥master.pub和私钥master.pem
linux-node1.example.com和linux-node2.example.com为minion的公钥,名称为id名
minions_pre为预认证目录
- 认证
|
1
|
salt-key |
Accepted Keys 已同意的key
Denied Keys 拒绝的key
Unaccepted Keys 未认证的key
|
1
|
salt-key -a linux-node1.example.com |
指定linux-node1.example.com这台minion被信任
|
1
|
salt-key -a linux* # 通配符 |
说明:-a :accept ,-A:accept-all,-d:delete,-D:delete-all
两台minion已认证成功,此时再次查看master pki文件目录,minion的公钥文件放入了minions目录下
再次查看minion pki文件目录,存在minion_master.pub公钥文件
- 远程执行
语法: 命令 目标 模块.方法 方法参数
检查所有主机状态
|
1
|
salt '*' test.ping |
检查指定主机状态
|
1
|
salt "linux-node2.example.com" test.ping |
指定主机,远程执行shell命令
|
1
|
salt "linux-node2.example.com" cmd.run "ls -lrt /root" |
重启所有主机的zabbix agent
|
1
|
salt "*" cmd.run "systemctl restart zabbix-agent" |
- 状态模块
state 写一个描述文件。格式:YAML ,后缀:.sls
YAML介绍(重要)
YAML是"YAML Ain't a Markup Language"(YAML不是一种置标语言)的递归缩写。(可以查看百度百科介绍)
格式:数据结构可以用类似大纲的缩排方式呈现,结构通过缩进来表示,连续的项目通过减号“-”来表示,map结构里面的key/value对用冒号“:”来分隔。
样例如下:
salt管理理解YAML介绍 https://docs.saltstack.com/en/latest/topics/yaml/index.html
salt YAML三个规则:
1)缩进,需要用2个空格,不能使用Tab键;
2)冒号,冒号和缩进共用、键值对(中间有空格)
3)短横线, 于后面的值有空格
- master配置
|
1
2
|
vim /etc/salt/masterfile_roots # 定义base、测试、灰度、生产环境配置文件路径,base名称不能改 |
重启master
systemctl restart salt-master
创建配置文件目录
|
1
2
|
cd /srvmkdir salt |
- sls文件创建
apache.sls,放入到/srv/salt/web目录下
|
1
2
3
4
5
6
7
8
9
10
|
apache-install: # 自定义的id,名称 pkg.installed: # 状态模块,salt自带的, 模块.方法 - names: # 参数 - httpd - httpd-develapache-service: # 自定义的id,名称 service.running: # 状态模块,salt自带的, 模块.方法 - name: httpd # 参数 - enable: True |
执行这个文件
|
1
|
salt "*" state.sls web.apache |
执行流程:
1)master将这个文件发送至minion
2)minion放在/var/cache/salt/minion目录下
3)minion根据这个文件从上往下执行
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: apache-install
4 Function: pkg.installed
5 Name: httpd
6 Result: True
7 Comment: The following packages were installed/updated: httpd
8 Started: 13:12:23.142622
9 Duration: 103093.75 ms
10 Changes:
11 ----------
12 apr:
13 ----------
14 new:
15 1.4.8-3.el7
16 old:
17 apr-util:
18 ----------
19 new:
20 1.5.2-6.el7
21 old:
22 httpd:
23 ----------
24 new:
25 2.4.6-40.el7.centos.4
26 old:
27 httpd-tools:
28 ----------
29 new:
30 2.4.6-40.el7.centos.4
31 old:
32 mailcap:
33 ----------
34 new:
35 2.1.41-2.el7
36 old:
37 ----------
38 ID: apache-install
39 Function: pkg.installed
40 Name: httpd-devel
41 Result: True
42 Comment: The following packages were installed/updated: httpd-devel
43 Started: 13:14:06.266419
44 Duration: 75699.845 ms
45 Changes:
46 ----------
47 apr-devel:
48 ----------
49 new:
50 1.4.8-3.el7
51 old:
52 apr-util-devel:
53 ----------
54 new:
55 1.5.2-6.el7
56 old:
57 cyrus-sasl-devel:
58 ----------
59 new:
60 2.1.26-20.el7_2
61 old:
62 expat-devel:
63 ----------
64 new:
65 2.1.0-8.el7
66 old:
67 httpd-devel:
68 ----------
69 new:
70 2.4.6-40.el7.centos.4
71 old:
72 libdb-devel:
73 ----------
74 new:
75 5.3.21-19.el7
76 old:
77 openldap-devel:
78 ----------
79 new:
80 2.4.40-9.el7_2
81 old:
82 ----------
83 ID: apache-service
84 Function: service.running
85 Name: httpd
86 Result: True
87 Comment: Service httpd has been enabled, and is running
88 Started: 13:15:22.549732
89 Duration: 509.773 ms
90 Changes:
91 ----------
92 httpd:
93 True
94
95 Summary for linux-node2.example.com
96 ------------
97 Succeeded: 3 (changed=3)
98 Failed: 0
99 ------------
100 Total states run: 3
101 Total run time: 179.303 s
102 linux-node1.example.com:
103 ----------
104 ID: apache-install
105 Function: pkg.installed
106 Name: httpd
107 Result: True
108 Comment: Package httpd is already installed
109 Started: 21:12:17.773014
110 Duration: 1030.017 ms
111 Changes:
112 ----------
113 ID: apache-install
114 Function: pkg.installed
115 Name: httpd-devel
116 Result: True
117 Comment: The following packages were installed/updated: httpd-devel
118 Started: 21:12:18.803216
119 Duration: 179505.346 ms
120 Changes:
121 ----------
122 apr-devel:
123 ----------
124 new:
125 1.4.8-3.el7
126 old:
127 apr-util-devel:
128 ----------
129 new:
130 1.5.2-6.el7
131 old:
132 cyrus-sasl-devel:
133 ----------
134 new:
135 2.1.26-20.el7_2
136 old:
137 expat-devel:
138 ----------
139 new:
140 2.1.0-8.el7
141 old:
142 httpd-devel:
143 ----------
144 new:
145 2.4.6-40.el7.centos.4
146 old:
147 libdb-devel:
148 ----------
149 new:
150 5.3.21-19.el7
151 old:
152 openldap-devel:
153 ----------
154 new:
155 2.4.40-9.el7_2
156 old:
157 ----------
158 ID: apache-service
159 Function: service.running
160 Name: httpd
161 Result: True
162 Comment: The service httpd is already running
163 Started: 21:15:18.523234
164 Duration: 62.391 ms
165 Changes:
166
167 Summary for linux-node1.example.com
168 ------------
169 Succeeded: 3 (changed=1)
170 Failed: 0
171 ------------
172 Total states run: 3
173 Total run time: 180.598 s
- top file
默认文件名top.sls,放在base目录下,base目录在file_roots配置项配置
通过top.sls文件可以实现根据不同的minion执行不同的sls文件
|
1
2
3
4
5
|
base: # 固定名称,必填 'linux-node1.example.com': # minion id - web.apache # apache.sls 'linux-node2.example.com': - web.apache |
|
1
|
salt "*" state.highstate |
上面命令执行state高级状态,它只会执行入口文件top.sls, 根据top文件中内容执行
生产环境中不建议使用*,需要指定具体主机,先用test测试
|
1
|
salt "linux-node1.example.com" state.highstate test=True |
测试正常后执行
|
1
|
salt "linux-node1.example.com" state.highstate |
########################################################################
- SaltStack与ZeroMQ
SaltStack底层是基于ZeroMQ进行高效的网络通信。
ZeroMQ简介
ØMQ (也拼写作ZeroMQ,0MQ或ZMQ)是一个为可伸缩的分布式或并发应用程序设计的高性能异步消息库。它提供一个消息队列, 但是与面向消息的中间件不同,ZeroMQ的运行不需要专门的消息代理(message broker)。该库设计成常见的套接字风格的API。能够提供进程内(inproc)、进程间(IPC)、网络(TCP)和广播方式的消息信道, 并支持扇出(fan-out)、发布-订阅(pub-sub)、任务分发(task distribution)、请求/响应(request-reply)等通信模式。
- SaltStack第一种模式:发布与订阅
ZeroMQ支持Publish/Subscribe,即发布与订阅模式,我们经常简称Pub/Sub。
Salt Master运行两个网络服务,其中一个是ZeroMQ PUB系统,默认监听4505端口。
可以通过修改/etc/salt/master配置文件的publish_port参数设置。
它是salt的消息发布系统,如果查看4505端口,会发现所有的Minion连接到Master的4505端口,TCP状态持续保持为ESTABLISHED。
lsof -i:4505
- SaltStack第一种模式:请求与响应
ZeroMQ支持Request-Reply,即请求与响应模式,我们经常简称REQ/REP。
Salt Master运行的第二个网络服务就是ZeroMQ REP系统,默认监听4506端口,可以通过修改/etc/salt/master配置文件的ret_port参数设置。
它是salt客户端与服务端通信的端口。比如说Minion执行某个命令后的返回值就是发送给Master的4506这个REP端口
如果安装了python-setproctitle软件包,所以我们可以直接看到Salt Master启动的进程的名称。
|
1
|
yum install -y python-setproctitle |
重启master和minion
|
1
2
|
systemctl restart salt-mastersystemctl restart salt-minion |
|
1
2
3
4
5
6
7
8
9
10
11
|
/usr/bin/salt-master -d ProcessManager # 中心进程管理器/usr/bin/salt-master -d _clear_old_jobs # 清除旧的Jobs文件及更新fileserver/usr/bin/salt-master -d Publisher # 将任务PUB到Minion端/usr/bin/salt-master -d EventPublisher # Event Publisher进程/usr/bin/salt-master -d ReqServer_ProcessManager # ReqServer进程管理器/usr/bin/salt-master -d MWorker # 工作进程/usr/bin/salt-master -d MWorker # 工作进程/usr/bin/salt-master -d MWorker # 工作进程/usr/bin/salt-master -d MWorker # 工作进程/usr/bin/salt-master -d MWorker # 工作进程/usr/bin/salt-master -d MWorkerQueue # 将Ret接口(ROUTER)数据转发到Worker(DEALER) |
########################################################################
- Saltstack数据系统
分为Grains和Pillar
一、Grains
静态数据,当Minion启动的时候收集的MInion本地的相关信息。(包含操作系统版本、内核版本、CPU、内存、硬盘、设备型号等)
备注:不重启minion,这些信息数据是不会改变的。
1)信息管理,包括资产管理;
例:
|
1
2
3
4
|
salt 'linux-node1*' grains.ls # 列出ID为linux-node1的主机,grains的所有keysalt 'linux-node1*' grains.items # 列出主机的详细信息,可用于资产管理salt '*' grains.item os # 列出所有主机的系统版本salt '*' grains.item fqdn_ip4 # 列出所有主机的IP地址 |
2)用于目标选择;(查询具体id的主机,查询系统版本为centos的主机 等场景)
例:
|
1
2
|
salt -G 'os:Centos' test.ping # 所有主机系统为centos版本ping测试salt -G 'os:Centos' cmd.run 'echo 123' # 所有主机系统为centos版本执行命令'echo 123' |
3)配置管理中使用
自定义grains的item
方式一: 修改配置文件 vim /etc/salt/minion
重启 systemctl restart salt-minion
通过自定义的item,可以实现重启所有角色为apache的主机
|
1
2
|
salt '*' grains.item roles # 获取所有主机的rolessalt -G 'roles:apache' cmd.run 'systemctl restart httpd' # 所有主机roles为apache的执行命令systemctl restart httpd |
方式二:(生产环境使用)
修改配置文件 vim /etc/salt/grains,写法
|
1
|
cloud: openstack |
重启 systemctl restart salt-minion
|
1
|
salt '*' grains.item cloud # 获取所有主机的cloud |
修改/etc/salt/grains不重启服务的方法,刷新命令如下(备注:方式一和方式二修改配置文件,通过此命令都可以不用重启服务)
|
1
|
salt '*' saltutil.sync_grains |
grains在top FILE中的使用案例
vim /srv/salt/top.sls
|
1
2
3
4
5
6
|
base: 'linux-node1.example.com': - web.apache 'roles:apache': - match: grain - web.apach |
grains脚本目录,必须是base下创建_grains目录(如:/srv/salt/_grains)
创建一个python脚本在/srv/salt/_grains目录下
脚本名:my_grains.py
|
1
2
3
4
5
6
7
8
9
10
11
|
#!/usr/bin/env python#-*- coding: utf-8 -*-def my_grains(): # 初始化grains字典 grains = {} # 设置字典中的key-value grains['iaas'] = 'openstack' grains['edu'] = 'shhnwangjian' # 返回字典 return grains |
通过master同步脚本文件至每台minion
|
1
|
salt '*' saltutil.sync_grains |
文件放在minion主机的/var/cache/salt/minion/extmods/grains目录下
|
1
|
salt '*' grains.item edu # 获取所有主机的edu |
grains优先级(item名称相同的情况下): 1. 系统自带 2. grains文件写到 3. minion配置文件写的 4. 自己写的脚本
二、Pillar
动态数据,给特定的minion指定特定的数据。只有指定的minion自己能看到自己的数据。
|
1
|
salt '*' pillar.items |
开启系统自带,修改配置文件
|
1
|
vim /etc/salt/master |
重启systemctl restart salt-master
执行salt '*' pillar.items 可以看到系统自带的item
piller存在文件路径设置
mkdir /srv/pillar
重启systemctl restart salt-master
实现pillar流程
1)创建一个piller文件,python jinja2写法
|
1
2
3
|
mkdir /srv/pillar/webcd /srv/pillar/webvim apache.sls |
|
1
2
3
4
5
|
{% if grains['os'] == 'CentOS' %}apache: httpd{% elif grains['os'] == 'Debian' %}apache: apache2{% endif %} |
2)创建TOP FILE文件
|
1
|
vim /srv/pillar/top.sls |
|
1
2
3
|
base: 'linux-node2.example.com': - web.apache |
|
1
2
|
salt '*' saltutil.refresh_pillar # 刷新salt '*' pillar.items apache |
目标选择
|
1
|
salt -I 'apache:httpd' test.ping |
三、Grains VS Pillar
#######################################################################
- Saltstack远程执行
语法例:salt '*' cmd.run 'w'
- 命令:salt
- 目标:'*'
- 模块:cmd.run,自带150+模块,也可以自己写模块
- 返回:执行后结果返回,Returnners组件
1、指定目标(targeting)
官网文档:https://docs.saltstack.com/en/latest/topics/targeting/index.html
两种定位方法:一种和minion ID有关,一种和monion ID无关
1)minion ID有关的方法
指定具体的minion ID
|
1
|
salt 'linux-node2.example.com' test.ping |
通配符
|
1
2
3
4
5
6
|
salt '*' test.ping salt 'linux-node2*' test.pingsalt 'linux-node[1|2].example.com' test.pingsalt 'linux-node[1-2].example.com' test.pingsalt 'linux-node[!2].example.com' test.pingsalt 'linux-node?.example.com' test.ping |
列表
|
1
|
salt -L 'linux-node1.example.com,linux-node2.example.com' test.ping |
正则表达式
|
1
2
|
salt -E 'linux-(node1|node2)*' test.pingsalt -E 'linux-(node1|node2).example.com' test.ping |
备注: 所有匹配目标的方式,都可以用到top file里面来指定目标。
minion ID设置方案:IP地址、根据业务来进行设置
|
1
2
3
4
5
6
|
例:redis-node1-redis04-idc04-h5web.example.comredis-node1 # redis第一个节点redis04 # 集群idc04 # 机房h5web # 业务线 |
2)minion ID无关的方法
IP地址、子网
|
1
2
|
salt -S 192.168.137.12 test.pingsalt -S 192.168.137.0/24 test.ping |
分组,需要配置master文件
|
1
|
vim /etc/salt/master |
重启systemctl restart salt-master
|
1
|
salt -N web test.ping |
混合匹配
官方文档 https://docs.saltstack.com/en/latest/topics/targeting/compound.html
批处理 ,可用于重启所有主机或进程场景,百分比或固定数量的一点一点重启主机或进程
官方文档 https://docs.saltstack.com/en/latest/topics/targeting/batch.html
2、执行模块
官网文档 https://docs.saltstack.com/en/latest/ref/modules/all/index.html#all-salt-modules
列出salt所有模块,以及如何使用的帮助文档
通过yum默认安装salt所有模块存放路径 /usr/lib/python2.7/site-packages/salt/modules(centos 7)
例:
|
1
2
3
4
5
6
7
8
9
10
11
|
salt '*' network.active_tcp # 列出所有主机运行的tcp连接salt '*' network.arp # 列出所有主机arpsalt '*' service.available sshd # 列出所有主机sshdsalt '*' service.get_all # 列出所有主机的所有运行服务salt '*' service.status sshd # 列出所有主机sshd运行状态salt-cp '*' /etc/hosts /tmp/test # 将master上/etc/hosts文件拷贝到所有主机的/tmp/testsalt '*' state.show_top # 查看topsalt '*' state.single pkg.installed name=lsof # 所有主机安装lsof |
3、返回程序
官方文档 https://docs.saltstack.com/en/latest/ref/returners/index.html
1)将返回写入mysql库,是由minion直接写入mysql库
所有minion安装python mysql模块
|
1
2
3
|
salt '*' state.single pkg.installed name=MySQL-python或salt '*' cmd.run 'yum install MySQL-python -y' |
创建salt库
|
1
2
3
|
CREATE DATABASE `salt` DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci; |
|
1
|
USE `salt`; |
创建表
|
1
2
3
4
5
6
7
8
9
10
11
|
---- Table structure for table `jids`--DROP TABLE IF EXISTS `jids`;CREATE TABLE `jids` ( `jid` varchar(255) NOT NULL, `load` mediumtext NOT NULL, UNIQUE KEY `jid` (`jid`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;CREATE INDEX jid ON jids(jid) USING BTREE; |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
---- Table structure for table `salt_returns`--DROP TABLE IF EXISTS `salt_returns`;CREATE TABLE `salt_returns` ( `fun` varchar(50) NOT NULL, `jid` varchar(255) NOT NULL, `return` mediumtext NOT NULL, `id` varchar(255) NOT NULL, `success` varchar(10) NOT NULL, `full_ret` mediumtext NOT NULL, `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP, KEY `id` (`id`), KEY `jid` (`jid`), KEY `fun` (`fun`)) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
---- Table structure for table `salt_events`--DROP TABLE IF EXISTS `salt_events`;CREATE TABLE `salt_events` (`id` BIGINT NOT NULL AUTO_INCREMENT,`tag` varchar(255) NOT NULL,`data` mediumtext NOT NULL,`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,`master_id` varchar(255) NOT NULL,PRIMARY KEY (`id`),KEY `tag` (`tag`)) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
授权
|
1
2
|
grant all on salt.* to salt@'%' identified by 'salt@pw';FLUSH PRIVILEGES; |
|
1
2
3
|
exitmysql -h192.168.137.11 -usalt -psalt@pw saltshow tables; |
配置minion文件
|
1
2
3
4
5
6
|
vim /etc/salt/minionmysql.host: '192.168.137.11'mysql.user: 'salt'mysql.pass: 'salt@pw'mysql.db: 'salt'mysql.port: 3306 |
重启 systemctl restart salt-minion
测试
|
1
|
salt '*' test.ping --return mysql |
|
1
|
salt '*' cmd.run 'df -h' --return mysql |
4、编写执行模块
1)放置路径
|
1
2
|
cd /srv/saltmkdir _modules |
2) 命名
文件名就是模块名
例: my_disk.py
|
1
2
3
4
5
|
vim /srv/salt/_modules/my_disk.pydef list(): cmd = 'df -h' ret = __salt__['cmd.run'](cmd) return ret |
3)刷新
|
1
|
salt '*' saltutil.sync_modules |
会放到指定目标的/var/cache/salt/minion下
4)执行
|
1
|
salt '*' my_disk.list |
####################################################################
官方文档 https://docs.saltstack.com/en/latest/topics/states/index.html
配置管理之SLS
Salt State SLS描述文件(YAML)
名称ID声明 默认是name声明
备注: 一个ID声明下面。状态模块不能重复使用
例:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
apache-install: pkg.installed: - names: - httpd - httpd-develapache-service: # ID声明,高级状态,ID必须唯一。 service.running: # State声明 状态声明 - name: httpd # 选项声明 - enable: True php: pkg.installed |
常用状态模块介绍
1)pkg (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#module-salt.states.pkg)
pkg.installed # 安装
pkg.latest # 确保最新版本
pkg.remove # 卸载
pkg.purge # 卸载并删除配置文件
# 同时安装多个包
|
1
2
3
4
5
6
|
common_packages: pkg.installed: - pkgs: - unzip - dos2unix - salt-minion: 2015.8.5-1.el6 |
2)file (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file)
salt:// 表示当前环境的根目录。例如:
那么salt://lamp/files/httpd.conf 表示 /srv/salt/lamp/files/httpd.conf
3)service (https://docs.saltstack.com/en/latest/ref/states/all/salt.states.service.html#module-salt.states.service)
|
1
2
3
4
|
redis: service.running: - enable: True # 开机自启动 - reload: True # 重载 |
LAMP架构slat实现安装、配置、启动
1.安装软件包 pkg
2.修改配置文件 file
3.启动服务 service
lamp.sls文件内容如下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
lamp-pkg: pkg.installed: - pkgs: - httpd - php - mariadb - mariadb-server - php-mysql - php-cli - php-mbstringapache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644php-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644apache-service: service.running: - name: httpd - enable: True - reload: Truemysql-service: service.running: - name: mariadb - enable: True - reload: True |
命令: salt 'linux-node2*' state.sls lamp.lamp
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: 4 targeted packages were installed/updated.
7 The following packages were already installed: httpd, mariadb-server, mariadb
8 Started: 12:56:16.178765
9 Duration: 194279.377 ms
10 Changes:
11 ----------
12 libzip:
13 ----------
14 new:
15 0.10.1-8.el7
16 old:
17 php:
18 ----------
19 new:
20 5.4.16-36.3.el7_2
21 old:
22 php-cli:
23 ----------
24 new:
25 5.4.16-36.3.el7_2
26 old:
27 php-common:
28 ----------
29 new:
30 5.4.16-36.3.el7_2
31 old:
32 php-mbstring:
33 ----------
34 new:
35 5.4.16-36.3.el7_2
36 old:
37 php-mysql:
38 ----------
39 new:
40 5.4.16-36.3.el7_2
41 old:
42 php-pdo:
43 ----------
44 new:
45 5.4.16-36.3.el7_2
46 old:
47 ----------
48 ID: apache-config
49 Function: file.managed
50 Name: /etc/httpd/conf/httpd.conf
51 Result: True
52 Comment: File /etc/httpd/conf/httpd.conf is in the correct state
53 Started: 12:59:30.519583
54 Duration: 98.547 ms
55 Changes:
56 ----------
57 ID: php-config
58 Function: file.managed
59 Name: /etc/php.ini
60 Result: True
61 Comment: File /etc/php.ini is in the correct state
62 Started: 12:59:30.620067
63 Duration: 36.824 ms
64 Changes:
65 ----------
66 ID: mysql-config
67 Function: file.managed
68 Name: /etc/my.cnf
69 Result: True
70 Comment: File /etc/my.cnf is in the correct state
71 Started: 12:59:30.657074
72 Duration: 58.78 ms
73 Changes:
74 ----------
75 ID: apache-service
76 Function: service.running
77 Name: httpd
78 Result: True
79 Comment: The service httpd is already running
80 Started: 12:59:30.853149
81 Duration: 40.481 ms
82 Changes:
83 ----------
84 ID: mysql-service
85 Function: service.running
86 Name: mariadb
87 Result: True
88 Comment: The service mariadb is already running
89 Started: 12:59:30.893939
90 Duration: 33.928 ms
91 Changes:
92
93 Summary for linux-node2.example.com
94 ------------
95 Succeeded: 6 (changed=1)
96 Failed: 0
97 ------------
98 Total states run: 6
99 Total run time: 194.548 s
第二种方式:
文件lamp2.sls 内容如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
apache-server: pkg.installed: - pkgs: - httpd - php file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 service.running: - name: httpd - enable: True - reload: Truemysql-server: pkg.installed: - pkgs: - mariadb - mariadb-server file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 service.running: - name: mariadb - enable: True - reload: Truephp-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644 |
命令: salt 'linux-node2*' state.sls lamp.lamp2
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: apache-server
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 13:13:53.886308
8 Duration: 665.948 ms
9 Changes:
10 ----------
11 ID: apache-server
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf is in the correct state
16 Started: 13:13:54.553919
17 Duration: 19.867 ms
18 Changes:
19 ----------
20 ID: apache-server
21 Function: service.running
22 Name: httpd
23 Result: True
24 Comment: The service httpd is already running
25 Started: 13:13:54.574411
26 Duration: 29.927 ms
27 Changes:
28 ----------
29 ID: mysql-server
30 Function: pkg.installed
31 Result: True
32 Comment: All specified packages are already installed
33 Started: 13:13:54.604496
34 Duration: 0.771 ms
35 Changes:
36 ----------
37 ID: mysql-server
38 Function: file.managed
39 Name: /etc/my.cnf
40 Result: True
41 Comment: File /etc/my.cnf is in the correct state
42 Started: 13:13:54.605362
43 Duration: 15.125 ms
44 Changes:
45 ----------
46 ID: mysql-server
47 Function: service.running
48 Name: mariadb
49 Result: True
50 Comment: The service mariadb is already running
51 Started: 13:13:54.620592
52 Duration: 29.75 ms
53 Changes:
54 ----------
55 ID: php-config
56 Function: file.managed
57 Name: /etc/php.ini
58 Result: True
59 Comment: File /etc/php.ini is in the correct state
60 Started: 13:13:54.650496
61 Duration: 17.036 ms
62 Changes:
63
64 Summary for linux-node2.example.com
65 ------------
66 Succeeded: 7
67 Failed: 0
68 ------------
69 Total states run: 7
70 Total run time: 778.424 ms
配置管理之状态间关系
状态间关系:
1.我依赖谁 require
|
1
2
3
4
5
6
7
8
|
apache-service: service.running: - name: httpd - enable: True - reload: True - require: - pkg: lamp-pkg # pkg ID - file: apache-config # file ID |
2 我被谁依赖 require_in
|
1
2
3
4
5
6
7
8
9
|
mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 - require_in: - service: mysql-service |
3 我监控谁 watch
|
1
2
3
4
5
6
7
8
9
10
11
|
apache-service: service.running: - name: httpd - enable: True - reload: True - require: - pkg: lamp-pkg - watch: - file: apache-config1. 若果apache-config这个id的状态发生变化就reload2. 如果不加reload: True,那么就restart |
4 我被谁监控 watch_in
5 我引用谁 include
例:lamp第一种方法中,将安装、配置、启动分别保存3个文件, 由一个总文件引用
init.sls文件内容
|
1
2
3
4
|
include: - lamp.lamp_pkg - lamp.lamp_config - lamp.lamp_service |
lamp_pkg.sls文件内容
lamp_config.sls文件内容
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644php-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 - require_in: - service: mysql-service |
lamp_service.sls文件内容
执行命令:salt 'linux-node2*' state.sls lamp.init
6 我扩展谁
如何编写SLS技巧:
1.按状态分类 如果单独使用,很清晰。
2.按服务分类 可以被其他的SLS include。例如LNMP include mysql的服务。
jinja2
文档:http://docs.jinkan.org/docs/jinja2/
模板包含 变量 或 表达式,两种分隔符: {% ... %} 和 {{ ... }} 。前者用于执行诸如 for 循环 或赋值的语句,后者把表达式的结果打印到模板上。
salt中如何使用jinja2:
文档:https://docs.saltstack.com/en/latest/topics/jinja/index.html
1)告诉File模块,你要使用jinja
|
1
2
3
4
5
6
7
8
|
apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja |
2)列出参数列表
|
1
2
3
4
5
6
7
8
9
10
|
apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja - defaults: PORT: 8080 |
3)模板引用
httpd.conf配置文件引用如下
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果:
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 11:15:02.903236
8 Duration: 4591.748 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 11:15:07.558365
17 Duration: 90.859 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -39,7 +39,7 @@
24 # prevent Apache from glomming onto all bound IP addresses.
25 #
26 #Listen 12.34.56.78:80
27 -Listen 80
28 +Listen 8080
29
30 #
31 # Dynamic Shared Object (DSO) Support
32 ----------
33 ID: php-config
34 Function: file.managed
35 Name: /etc/php.ini
36 Result: True
37 Comment: File /etc/php.ini is in the correct state
38 Started: 11:15:07.649429
39 Duration: 63.754 ms
40 Changes:
41 ----------
42 ID: mysql-config
43 Function: file.managed
44 Name: /etc/my.cnf
45 Result: True
46 Comment: File /etc/my.cnf is in the correct state
47 Started: 11:15:07.713515
48 Duration: 49.273 ms
49 Changes:
50 ----------
51 ID: apache-service
52 Function: service.running
53 Name: httpd
54 Result: True
55 Comment: Service reloaded
56 Started: 11:15:07.800629
57 Duration: 135.15 ms
58 Changes:
59 ----------
60 httpd:
61 True
62 ----------
63 ID: mysql-service
64 Function: service.running
65 Name: mariadb
66 Result: True
67 Comment: The service mariadb is already running
68 Started: 11:15:07.936165
69 Duration: 95.71 ms
70 Changes:
71
72 Summary for linux-node2.example.com
73 ------------
74 Succeeded: 6 (changed=2)
75 Failed: 0
76 ------------
77 Total states run: 6
78 Total run time: 5.026 s
- 模板里面支持: salt执行模块 grinas 进行赋值
例:修改配置文件httpd.conf,将IP地址指向本机IP,通过grains['fqdn_ip4'][0]可以获取本机IP地址
salt 'linux-node2*' grains.item fqdn_ip4
- 模板里面支持:salt远程执行模块
例:修改配置文件httpd.conf,{{ salt['netwrok.hw_addr']('eth0') }}
salt 'linux-node2*' network.hw_addr eth0
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 11:51:57.213758
8 Duration: 664.953 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 11:51:57.880642
17 Duration: 82.912 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -39,7 +39,9 @@
24 # prevent Apache from glomming onto all bound IP addresses.
25 #
26 #Listen 12.34.56.78:80
27 -Listen 8080
28 +Listen 192.168.137.12:8080
29 +
30 +# MAC IS: 00:0c:29:fd:dd:02
31
32 #
33 # Dynamic Shared Object (DSO) Support
34 ----------
35 ID: php-config
36 Function: file.managed
37 Name: /etc/php.ini
38 Result: True
39 Comment: File /etc/php.ini is in the correct state
40 Started: 11:51:57.963715
41 Duration: 14.577 ms
42 Changes:
43 ----------
44 ID: mysql-config
45 Function: file.managed
46 Name: /etc/my.cnf
47 Result: True
48 Comment: File /etc/my.cnf is in the correct state
49 Started: 11:51:57.978393
50 Duration: 12.482 ms
51 Changes:
52 ----------
53 ID: apache-service
54 Function: service.running
55 Name: httpd
56 Result: True
57 Comment: Service reloaded
58 Started: 11:51:58.021471
59 Duration: 127.043 ms
60 Changes:
61 ----------
62 httpd:
63 True
64 ----------
65 ID: mysql-service
66 Function: service.running
67 Name: mariadb
68 Result: True
69 Comment: The service mariadb is already running
70 Started: 11:51:58.148913
71 Duration: 58.592 ms
72 Changes:
73
74 Summary for linux-node2.example.com
75 ------------
76 Succeeded: 6 (changed=2)
77 Failed: 0
78 ------------
79 Total states run: 6
80 Total run time: 960.559 ms
- 模板里面支持: salt执行模块 pillar进行赋值
例:修改配置文件httpd.conf,{{ pillar['apache'] }}
salt 'linux-node2*' pillar.item apache
执行命令:salt 'linux-node2*' state.sls lamp.init
执行结果:
1 linux-node2.example.com:
2 ----------
3 ID: lamp-pkg
4 Function: pkg.installed
5 Result: True
6 Comment: All specified packages are already installed
7 Started: 12:01:16.490143
8 Duration: 712.121 ms
9 Changes:
10 ----------
11 ID: apache-config
12 Function: file.managed
13 Name: /etc/httpd/conf/httpd.conf
14 Result: True
15 Comment: File /etc/httpd/conf/httpd.conf updated
16 Started: 12:01:17.204369
17 Duration: 93.136 ms
18 Changes:
19 ----------
20 diff:
21 ---
22 +++
23 @@ -42,6 +42,7 @@
24 Listen 192.168.137.12:8080
25
26 # MAC IS: 00:0c:29:fd:dd:02
27 +# pillar: httpd
28
29 #
30 # Dynamic Shared Object (DSO) Support
31 ----------
32 ID: php-config
33 Function: file.managed
34 Name: /etc/php.ini
35 Result: True
36 Comment: File /etc/php.ini is in the correct state
37 Started: 12:01:17.297764
38 Duration: 17.209 ms
39 Changes:
40 ----------
41 ID: mysql-config
42 Function: file.managed
43 Name: /etc/my.cnf
44 Result: True
45 Comment: File /etc/my.cnf is in the correct state
46 Started: 12:01:17.315170
47 Duration: 15.217 ms
48 Changes:
49 ----------
50 ID: apache-service
51 Function: service.running
52 Name: httpd
53 Result: True
54 Comment: Service httpd is already enabled, and is running
55 Started: 12:01:17.331369
56 Duration: 184.591 ms
57 Changes:
58 ----------
59 httpd:
60 True
61 ----------
62 ID: mysql-service
63 Function: service.running
64 Name: mariadb
65 Result: True
66 Comment: The service mariadb is already running
67 Started: 12:01:17.516431
68 Duration: 32.057 ms
69 Changes:
70
71 Summary for linux-node2.example.com
72 ------------
73 Succeeded: 6 (changed=2)
74 Failed: 0
75 ------------
76 Total states run: 6
77 Total run time: 1.054 s
###########################################################################
SaltStack项目实战
- 系统架构图
一、初始化
1、salt环境配置,定义基础环境、生产环境(base、prod)
|
1
2
3
4
5
6
7
8
9
10
|
vim /etc/salt/master修改file_rootsfile_roots: base: - /srv/salt/base prod: - /srv/salt/prod mkdir -p /srv/salt/basemkdir -p /srv/salt/prod |
pillar配置
|
1
2
3
4
5
6
7
8
9
10
|
vim /etc/salt/master修改pillar_rootspillar_roots: base: - /srv/pillar/base pord: - /srv/pillar/prod mkdir -p /srv/pillar/basemkdir -p /srv/pillar/prod |
服务重启 systemctl restart salt-master
2、salt base环境初始化:
|
1
2
|
mkdir -p /srv/salt/base/init # 环境初始化目录mkdir -p /srv/salt/base/init/files # 配置文件目录 |
1)dns配置
准备dns配置文件,放入/srv/salt/base/init/files目录下
cp /etc/resolv.conf /srv/salt/base/init/files/
|
1
2
3
4
5
6
7
|
vi /srv/salt/base/init/dns.sls/etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - gourp: root - mode: 644 |
2)histroy记录时间
|
1
2
3
4
5
|
vi /srv/salt/base/init/history.sls/etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami` " |
3)记录命令操作
|
1
2
3
4
5
|
vi /srv/salt/base/init/audit.sls/etc/bashrc: file.append: - text: - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }' |
4)内核参数优化
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
vi /srv/salt/base/init/sysctl.slsnet.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000fs.file-max: sysctl.present: - value: 2000000net.ipv4.ip_forward: sysctl.present: - value: 1vm.swappiness: sysctl.present: - value: 0 |
5)安装yum仓库
|
1
2
3
4
5
6
|
vi /srv/salt/base/init/epel.slsyum_repo_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa | grep epel-release-latest-7 |
6)安装zabbix-agent
准备zabbix-agent配置文件,放入/srv/salt/base/init/files目录下
cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/
修改 vi /etc/zabbix/zabbix_agentd.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
vi /srv/salt/base/init/zabbix_agent.slszabbix-agent: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - backup: minion - defaults: Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} Hostname: {{ grains['fqdn'] }} - require: - pkg: zabbix-agent service.running: - enable: True - watch: - pkg: zabbix-agent - file: zabbix-agentzabbix_agentd.d: file.directory: - name: /etc/zabbix/zabbix_agentd.d - watch_in: - service: zabbix-agent - require: - pkg: zabbix-agent - file: zabbix-agent |
备注:“- backup: minion”表示备份,如果文件改动,会将之前的文件备份到/var/cache/salt/file_backup目录下
7)编写init.sls总文件,引用其它文件
|
1
2
3
4
5
6
7
8
|
vi /srv/salt/base/init/init.slsinclude: - init.dns - init.history - init.audit - init.sysctl - init.epel - init.zabbix_agent |
执行命令: salt "*" state.sls init.init
执行结果
1 linux-node1.example.com:
2 ----------
3 ID: /etc/resolv.conf
4 Function: file.managed
5 Result: True
6 Comment: File /etc/resolv.conf is in the correct state
7 Started: 04:39:32.998314
8 Duration: 181.548 ms
9 Changes:
10 ----------
11 ID: /etc/profile
12 Function: file.append
13 Result: True
14 Comment: File /etc/profile is in correct state
15 Started: 04:39:33.180034
16 Duration: 6.118 ms
17 Changes:
18 ----------
19 ID: /etc/bashrc
20 Function: file.append
21 Result: True
22 Comment: Appended 1 lines
23 Started: 04:39:33.186266
24 Duration: 6.608 ms
25 Changes:
26 ----------
27 diff:
28 ---
29
30 +++
31
32 @@ -90,3 +90,4 @@
33
34 unset -f pathmunge
35 fi
36 # vim:ts=4:sw=4
37 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
38 ----------
39 ID: net.ipv4.ip_local_port_range
40 Function: sysctl.present
41 Result: True
42 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
43 Started: 04:39:33.261448
44 Duration: 212.528 ms
45 Changes:
46 ----------
47 net.ipv4.ip_local_port_range:
48 10000 65000
49 ----------
50 ID: fs.file-max
51 Function: sysctl.present
52 Result: True
53 Comment: Updated sysctl value fs.file-max = 2000000
54 Started: 04:39:33.474197
55 Duration: 122.497 ms
56 Changes:
57 ----------
58 fs.file-max:
59 2000000
60 ----------
61 ID: net.ipv4.ip_forward
62 Function: sysctl.present
63 Result: True
64 Comment: Updated sysctl value net.ipv4.ip_forward = 1
65 Started: 04:39:33.596905
66 Duration: 35.061 ms
67 Changes:
68 ----------
69 net.ipv4.ip_forward:
70 1
71 ----------
72 ID: vm.swappiness
73 Function: sysctl.present
74 Result: True
75 Comment: Updated sysctl value vm.swappiness = 0
76 Started: 04:39:33.632208
77 Duration: 36.226 ms
78 Changes:
79 ----------
80 vm.swappiness:
81 0
82 ----------
83 ID: yum_repo_release
84 Function: pkg.installed
85 Result: True
86 Comment: All specified packages are already installed
87 Started: 04:39:39.085699
88 Duration: 12627.626 ms
89 Changes:
90 ----------
91 ID: zabbix-agent
92 Function: pkg.installed
93 Result: True
94 Comment: Package zabbix-agent is already installed
95 Started: 04:39:51.713592
96 Duration: 6.677 ms
97 Changes:
98 ----------
99 ID: zabbix-agent
100 Function: file.managed
101 Name: /etc/zabbix/zabbix_agentd.conf
102 Result: True
103 Comment: File /etc/zabbix/zabbix_agentd.conf updated
104 Started: 04:39:51.720994
105 Duration: 152.077 ms
106 Changes:
107 ----------
108 diff:
109 ---
110 +++
111 @@ -90,7 +90,7 @@
112 #
113 # Mandatory: no
114 # Default:
115 -Server={{ Server }}
116 +Server=192.168.137.11
117
118 ### Option: ListenPort
119 # Agent will listen on this port for connections from the server.
120 ----------
121 ID: zabbix_agentd.d
122 Function: file.directory
123 Name: /etc/zabbix/zabbix_agentd.d
124 Result: True
125 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
126 Started: 04:39:51.875082
127 Duration: 0.908 ms
128 Changes:
129 ----------
130 ID: zabbix-agent
131 Function: service.running
132 Result: True
133 Comment: Service restarted
134 Started: 04:39:51.932698
135 Duration: 205.223 ms
136 Changes:
137 ----------
138 zabbix-agent:
139 True
140
141 Summary for linux-node1.example.com
142 -------------
143 Succeeded: 12 (changed=7)
144 Failed: 0
145 -------------
146 Total states run: 12
147 Total run time: 13.593 s
148 linux-node2.example.com:
149 ----------
150 ID: /etc/resolv.conf
151 Function: file.managed
152 Result: True
153 Comment: File /etc/resolv.conf is in the correct state
154 Started: 12:46:38.639870
155 Duration: 182.254 ms
156 Changes:
157 ----------
158 ID: /etc/profile
159 Function: file.append
160 Result: True
161 Comment: Appended 1 lines
162 Started: 12:46:38.822236
163 Duration: 3.047 ms
164 Changes:
165 ----------
166 diff:
167 ---
168
169 +++
170
171 @@ -74,3 +74,4 @@
172
173
174 unset i
175 unset -f pathmunge
176 +export HISTTIMEFORMAT="%F %T `whoami` "
177 ----------
178 ID: /etc/bashrc
179 Function: file.append
180 Result: True
181 Comment: Appended 1 lines
182 Started: 12:46:38.825423
183 Duration: 3.666 ms
184 Changes:
185 ----------
186 diff:
187 ---
188
189 +++
190
191 @@ -90,3 +90,4 @@
192
193 unset -f pathmunge
194 fi
195 # vim:ts=4:sw=4
196 +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
197 ----------
198 ID: net.ipv4.ip_local_port_range
199 Function: sysctl.present
200 Result: True
201 Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
202 Started: 12:46:39.011409
203 Duration: 132.499 ms
204 Changes:
205 ----------
206 net.ipv4.ip_local_port_range:
207 10000 65000
208 ----------
209 ID: fs.file-max
210 Function: sysctl.present
211 Result: True
212 Comment: Updated sysctl value fs.file-max = 2000000
213 Started: 12:46:39.144117
214 Duration: 33.556 ms
215 Changes:
216 ----------
217 fs.file-max:
218 2000000
219 ----------
220 ID: net.ipv4.ip_forward
221 Function: sysctl.present
222 Result: True
223 Comment: Updated sysctl value net.ipv4.ip_forward = 1
224 Started: 12:46:39.177821
225 Duration: 43.489 ms
226 Changes:
227 ----------
228 net.ipv4.ip_forward:
229 1
230 ----------
231 ID: vm.swappiness
232 Function: sysctl.present
233 Result: True
234 Comment: Updated sysctl value vm.swappiness = 0
235 Started: 12:46:39.221788
236 Duration: 39.882 ms
237 Changes:
238 ----------
239 vm.swappiness:
240 0
241 ----------
242 ID: yum_repo_release
243 Function: pkg.installed
244 Result: True
245 Comment: All specified packages are already installed
246 Started: 12:46:47.608597
247 Duration: 13989.554 ms
248 Changes:
249 ----------
250 ID: zabbix-agent
251 Function: pkg.installed
252 Result: True
253 Comment: Package zabbix-agent is already installed
254 Started: 12:47:01.598548
255 Duration: 1.265 ms
256 Changes:
257 ----------
258 ID: zabbix-agent
259 Function: file.managed
260 Name: /etc/zabbix/zabbix_agentd.conf
261 Result: True
262 Comment: File /etc/zabbix/zabbix_agentd.conf updated
263 Started: 12:47:01.600712
264 Duration: 82.425 ms
265 Changes:
266 ----------
267 diff:
268 ---
269 +++
270 @@ -90,8 +90,6 @@
271 #
272 # Mandatory: no
273 # Default:
274 -# Server=
275 -
276 Server=192.168.137.11
277
278 ### Option: ListenPort
279 @@ -117,7 +115,7 @@
280 # Mandatory: no
281 # Range: 0-100
282 # Default:
283 -StartAgents=3
284 +# StartAgents=3
285
286 ##### Active checks related
287
288 @@ -133,7 +131,7 @@
289 # Default:
290 # ServerActive=
291
292 -#ServerActive=192.168.137.11
293 +ServerActive=192.168.137.11
294
295 ### Option: Hostname
296 # Unique, case sensitive hostname.
297 @@ -144,7 +142,7 @@
298 # Default:
299 # Hostname=
300
301 -Hostname=linux-node2
302 +Hostname=Zabbix server
303
304 ### Option: HostnameItem
305 # Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
306 @@ -174,7 +172,7 @@
307 #
308 # Mandatory: no
309 # Default:
310 -HostMetadataItem=system.uname
311 +# HostMetadataItem=
312
313 ### Option: RefreshActiveChecks
314 # How often list of active checks is refreshed, in seconds.
315 ----------
316 ID: zabbix_agentd.d
317 Function: file.directory
318 Name: /etc/zabbix/zabbix_agentd.d
319 Result: True
320 Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
321 Started: 12:47:01.684357
322 Duration: 0.93 ms
323 Changes:
324 ----------
325 ID: zabbix-agent
326 Function: service.running
327 Result: True
328 Comment: Service restarted
329 Started: 12:47:01.751277
330 Duration: 275.781 ms
331 Changes:
332 ----------
333 zabbix-agent:
334 True
335
336 Summary for linux-node2.example.com
337 -------------
338 Succeeded: 12 (changed=8)
339 Failed: 0
340 -------------
341 Total states run: 12
342 Total run time: 14.788 s
8)创建top文件
|
1
2
3
4
|
vi /srv/salt/base/top.slsbase: '*': - init.init |
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
3、pillar base初始化
1)zabbix agent配置,指定zabbix server地址,用于sls文件引用
|
1
2
3
4
|
mkdir -p /srv/pillar/base/zabbixvi /srv/pillar/base/zabbix/agent.slszabbix-agent: Zabbix_Server: 192.168.137.11 |
编写top,引用/srv/pillar/base/zabbix/agent文件
|
1
2
3
4
|
vi /srv/pillar/base/top.slsbase: '*': - zabbix.agent |
测试 salt '*' pillar.items
二、haproxy
|
1
2
3
4
5
6
7
8
9
|
mkdir -p /srv/salt/prod/modules/haproxymkdir -p /srv/salt/prod/modules/keepalivedmkdir -p /srv/salt/prod/modules/memcachedmkdir -p /srv/salt/prod/modules/nginxmkdir -p /srv/salt/prod/modules/phpmkdir -p /srv/salt/prod/modules/pkgmkdir -p /srv/salt/prod/clustermkdir -p /srv/salt/prod/modules/haproxy/files/mkdir -p /srv/salt/prod/cluster/files |
1)系统gcc编译包等
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
vi /srv/salt/prod/pkg/make.slsmake-pkg: pkg.installed: - names: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel - pcre - pcre-devel |
2) 自安装
|
1
2
3
4
5
6
|
cd /usr/local/src tar xvf haproxy-1.6.3.tar.gzcd haproxy-1.6.3/make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.3make install PREFIX=/usr/local/haproxy-1.6.3ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy |
修改启动脚本,放入salt下
|
1
2
3
|
vi /usr/local/src/haproxy-1.6.3/examples/haproxy.initBIN=/usr/local/haproxy/sbin/$BASENAMEcp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /srv/salt/prod/modules/haproxy/files/ |
haproxy-1.6.3.tar.gz安装包放入/srv/salt/prod/modules/haproxy/files/目录下
3)创建install.sls文件,用于安装haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
vi /srv/salt/prod/modules/haproxy/install.slsinclude: - modules.pkg.make haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.6.3.tar.gz - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy - unless: test -L /usr/local/haproxy - require: - pkg: make-pkg - file: haproxy-installhaproxy-init: file.managed: - name: /etc/init.d/haproxy - source: salt://modules/haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require_in: - file: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list| grep haproxy net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root |
备注: “- unless” 如果unless后面的命令返回为True,那么就不执行当前状态命令
4)创建haproxy配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
vi /srv/salt/prod/cluster/files/haproxy-outside.cfgglobalmaxconn 100000chroot /usr/local/haproxyuid 99gid 99daemonnbproc 1pidfile /usr/local/haproxy/logs/haproxy.pidlog 127.0.0.1 local3 infodefaultsoption http-keep-alivemaxconn 100000mode httptimeout connect 5000mstimeout client 50000mstimeout server 50000mslisten statsmode httpbind 0.0.0.0:8888stats enablestats uri /haproxy-statusstats auth haproxy:saltstackfrontend frontend_www_example_combind 192.168.137.21:80mode httpoption httploglog globaldefault_backend backend_www_example_combackend backend_www_example_comoption forwardfor header X-REAL-IPoption httpchk HEAD / HTTP/1.0balance sourceserver web-node1 192.168.137.11:8080 check inter 2000 rise 30 fall 15server web-node2 192.168.137.12:8080 check inter 2000 rise 30 fall 15 |
创建haproxy-outside.sls文件,用于配置haproxy
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
vi /srv/salt/prod/cluster/haproxy-outside.slsinclude: - modules.haproxy.installhaproxy-service: file.managed: - name: /etc/haproxy/haproxy.cfg - source: salt://cluster/files/haproxy-outside.cfg - user: root - group: root - mode: 644 service.running: - name: haproxy - enable: True - reload: True - require: - cmd: haproxy-install - watch: - file: haproxy-service |
5)配置top file
|
1
2
3
4
5
6
7
|
vi /srv/pillar/base/top.slsbase: '*': - zabbix.agentprod: 'linux-node*': - cluster.haproxy-outside |
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
结果:
三、keepalived
1)创建files目录,将keepalived-1.2.17.tar.gz安装包、keepalived.sysconfig、keepalived.init放入
|
1
|
mkdir -p /srv/salt/prod/modules/keepalived/files |
2)创建install.sls文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
vi /srv/salt/prod/modules/keepalived/install.sls{% set keepalived_tar = 'keepalived-1.2.17.tar.gz' %}{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}keepalived-install: file.managed: - name: /usr/local/src/{{ keepalived_tar }} - source: {{ keepalived_source }} - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf {{ keepalived_tar }} && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install/etc/sysconfig/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root/etc/init.d/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.init - mode: 755 - user: root - group: rootkeepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived/etc/keepalived: file.directory: - user: root - group: root |
执行命令:salt '*' state.sls modules.keepalived.install saltenv=prod
3)创建keepalived配置文件haproxy-outside-keepalived.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
! Configuration File for keepalivedglobal_defs { notification_email { saltstack@example.com } notification_email_from keepalived@example.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id {{ROUTEID}}}vrrp_instance haproxy_ha {state {{STATEID}}interface eth0 virtual_router_id 36priority {{PRIORITYID}} advert_int 1authentication {auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.137.21 }} |
创建haproxy-outside-keepalived.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
vi /srv/salt/prod/cluster/haproxy-outside-keepalived.slsinclude: - modules.keepalived.installkeepalived-server: file.managed: - name: /etc/keepalived/keepalived.conf - source: salt://cluster/files/haproxy-outside-keepalived.conf - mode: 644 - user: root - group: root - template: jinja {% if grains['fqdn'] == 'linux-node1.example.com' %} - ROUTEID: haproxy_ha - STATEID: MASTER - PRIORITYID: 150 {% elif grains['fqdn'] == 'linux-node2.example.com' %} - ROUTEID: haproxy_ha - STATEID: BACKUP - PRIORITYID: 100 {% endif %} service.running: - name: keepalived - enable: True - watch: - file: keepalived-server |
4)将keepalived加入top FILE
|
1
2
3
4
5
6
7
8
|
vi /srv/salt/base/top.slsbase: '*': - init.initprod: 'linux-node*': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived |
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
##########################################################################
四、memcached
1)创建www用户
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
mkdir -p /srv/salt/prod/modules/uservi /srv/salt/prod/modules/user/www.slswww-user-group: group.present: - name: www - gid: 1000 user.present: - name: www - fullname: www - shell: /sbin/nologin - uid: 1000 - gid: 1000 |
2)libevent,将安装包放入/srv/salt/prod/modules/libevent/files
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
mkdir -p /srv/salt/prod/modules/libevent/filesvi /srv/salt/prod/modules/libevent/install.slslibevent-source-install: file.managed: - name: /usr/local/src/libevent-2.0.22-stable.tar.gz - source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install - unless: test -d /usr/local/libevent - require: - file: libevent-source-install |
3)创建files目录,将memcached-1.4.24.tar.gz安装包放入
|
1
|
mkdir -p /srv/salt/prod/modules/memcached/files |
4)创建install.sls文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
vi /srv/salt/prod/modules/memcached/install.slsinclude: - modules.libevent.installmemcached-source-install: file.managed: - name: /usr/local/src/memcached-1.4.24.tar.gz - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install - unless: test -d /usr/local/memcached - require: - cmd: libevent-source-install - file: memcached-source-install |
5)负责业务部分的放入一个目录,如bbs
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
mkdir -p /srv/salt/prod/bbsvi /srv/salt/prod/bbs/memcached.slsinclude: - modules.memcached.install - modules.user.wwwmemcached-service: cmd.run: - name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www - unless: netstat -ntlp | grep 11211 - require: - cmd: memcached-source-install - user: www-user-group |
6)将memcached加入top FILE
|
1
2
3
4
5
6
7
8
9
10
11
|
vi /srv/salt/base/top.slsbase: '*': - init.initprod: 'linux-node*': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived 'linux-node2*': - bbs.memcached |
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
五、php
1)php安装包和相关文件放入/srv/salt/prod/modules/php/files
|
1
|
mkdir -p /srv/salt/prod/modules/php/files |
2)创建install.sls
vi /srv/salt/prod/modules/php/install.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
include: - modules.pkg.make - modules.user.wwwpkg-php: pkg.installed: - names: - swig - libjpeg-turbo - libjpeg-turbo-devel - libpng - libpng-devel - freetype - freetype-devel - libxml2 - libxml2-devel - zlib - zlib-devel - libcurl - libcurl-develphp-source-install: file.managed: - name: /usr/local/src/php-5.6.9.tar.gz - source: salt://modules/php/files/php-5.6.9.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&& ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install - require: - file: php-source-install - user: www-user-group - unless: test -d /usr/local/php-fastcgipdo-plugin: cmd.run: - name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so - require: - cmd: php-source-installphp-fpm: file.managed: - name: /usr/local/php-fastcgi/etc/php-fpm.conf - source: salt://modules/php/files/php-fpm.conf.default - user: root - group: root - mode: 644php-fastcgi-service: file.managed: - name: /etc/init.d/php-fpm - source: salt://modules/php/files/init.d.php-fpm - user: root - group: root - mode: 755 cmd.run: - name: chkconfig --add php-fpm - unless: chkconfig --list | grep php-fpm - require: - file: php-fastcgi-service |
创建php-memcache.sls
vi /srv/salt/prod/modules/php/php-memcache.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
memcache-plugin: file.managed: - name: /usr/local/src/memcache-2.2.7.tgz - source: salt://modules/php/files/memcache-2.2.7.tgz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so require: - file: memcache-plugin - cmd: php-install |
创建php-redis.sls
vi /srv/salt/prod/modules/php/php-redis.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
redis-plugin: file.managed: - name: /usr/local/src/redis-2.2.7.tgz - source: salt://modules/php/files/redis-2.2.7.tgz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config && make&& make install - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so require: - file: redis-plugin - cmd: php-install |
执行命令:salt '*' state.sls modules.php.install saltenv=prod
六、nginx
1)nginx安装包和相关文件放入/srv/salt/prod/modules/nginx/files
|
1
|
mkdir -p /srv/salt/prod/modules/nginx/files |
2)创建install.sls
vi /srv/salt/prod/modules/nginx/install.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
include: - modules.pkg.make - modules.user.wwwnginx-source-install: file.managed: - name: /usr/local/src/nginx-1.9.1.tar.gz - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module && make && make install && chown -R www:www /usr/local/nginx - unless: test -d /usr/local/nginx - require: - user: www-user-group - file: nginx-source-install - pkg: make-pkg |
创建service.sls
vi /srv/salt/prod/modules/nginx/service.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
include: - modules.nginx.installnginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://modules/nginx/files/nginx-init - mode: 755 - user: root - group: root cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list | grep nginx - require: - file: nginx-init/usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://modules/nginx/files/nginx.conf - user: www - group: www - mode: 644 nginx-service: service.running: - name: nginx - enable: True - reload: True - require: - cmd: nginx-init - watch: - file: /usr/local/nginx/conf/nginx.conf - file: nginx-onlinenginx-online: file.directory: - name: /usr/local/nginx/conf/vhost_onlinenginx-offline: file.directory: - name: /usr/local/nginx/conf/vhost_offline |
执行命令:salt '*' state.sls modules.nginx.install saltenv=prod
4)/srv/salt/prod/bbs/files/nginx-bbs.conf
|
1
2
3
4
5
6
7
8
9
10
11
|
server { listen 8080; root /usr/local/nginx/html; index index.htm index.html index.php; location ~ \.php$ { fastcgi_pass unix:/usr/local/php-fastcgi/php-fpm.sock; fastcgi_index index.php; include fastcgi.conf; } } |
5)/srv/salt/prod/bbs目录下创建web.sls
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
include: - modules.php.install - modules.php.php-memcache - modules.php.php-redis - modules.nginx.servicebbs-php: file.managed: - name: /usr/local/php-fastcgi/etc/php.ini - source: salt://bbs/files/php.ini-production - user: root - group: root - mode: 644 service.running: - name: php-fpm - enable: True - require: - cmd: php-fastcgi-service - watch: - file: bbs-phpweb-bbs: file.managed: - name: /usr/local/nginx/conf/vhost_online/bbs.conf - source: salt://bbs/files/nginx-bbs.conf - user: root - group: root - mode: 644 - require: - service: bbs-php - watch_in: - service: nginx-service |
执行命令:salt '*' state.sls bbs.web saltenv=prod
6)将php、nginx加入top FILE
vi /srv/salt/base/top.sls
|
1
2
3
4
5
6
7
8
9
10
11
|
base: '*': - init.initprod: 'linux-node*': - cluster.haproxy-outside - cluster.haproxy-outside-keepalived - bbs.web 'linux-node2*': - bbs.memcached |
测试 salt "*" state.highstate test=True
执行 salt "*" state.highstate
###########################################################################
SaltStack之Job管理和Runner
配置文件/etc/salt/master
|
1
2
|
cachedir: /var/cache/salt/master # cache路径keep_jobs: 24 # job保存时间 |
salt执行模块官方文档 https://docs.saltstack.com/en/latest/ref/modules/all/index.html
- 如何将master的返回加入mysql数据库?
1)数据库表结构创建可参考 http://www.cnblogs.com/shhnwangjian/p/5986964.html 的第三节“返回程序”
2)yum install -y MySQL-python 创建python的mysql模块
3)修改master配置文件
|
1
2
3
4
5
6
7
|
vi /etc/salt/mastermaster_job_cache: mysqlmysql.host: '192.168.137.11'mysql.user: 'salt'mysql.pass: 'salt@pw'mysql.db: 'salt'mysql.port: 3306 |
4)重启 systemctl restart salt-master.service
5)测试:
|
1
2
|
salt '*' test.ping数据中查询 select * from salt_returns; |
- 如何kill salt正在执行的任务?
salt '*' saltutil.running # 查看正在运行的任务,找到jid
salt '*' saltutil.kill_job jid # 根据jid杀掉任务
salt '*' saltutil.clear_cache # 清除minion缓存
备注:
1)正在执行的salt任务,job id会存在minion端的/var/cache/salt/minion/proc目录下
2)正在执行的salt任务,根据上面master cache的配置,Job的路径/var/cache/salt/master/jobs目录下
salt runners
官方文档 https://docs.saltstack.com/en/latest/ref/runners/index.html
命令:salt-run
举例:
|
1
2
|
salt-run jobs.list_jobs # 列出当前保存在job cache中的历史执行任务salt-run jobs.lookup_jid jid # 查看历史jid执行结果 |
备注: 我们通过salt命令开头执行时,所有的命令master端分发至minion端,由minion端自己执行,如果一个模块在master存在,在minion端不存在,就会出现执行失败的情况。为了解决这个问题,提供salt runners模块,它是将所有的命令在master端执行。
salt-run manage.status # 查看minion的状态
|
1
2
|
salt-run manage.downsalt-run manage.up |
salt-run manage.versions # 查看minion的版本
#######################################################################
SaltStack之无Master和多Master
- Masterless架构,无Master
实现方式:
1)关闭minion进程
2)修改配置文件
|
1
2
|
vi /etc/salt/minionfile_client: local |
备注:其它配置项如file_roots、pillar_roots跟master一样,区别在于上面的配置项,将从master获取cache数据,改成了从本地获取cache数据。
3)编写SLS文件
4)执行命令:salt-call --local state.highstate
- 多master架构
实现方式:
1)minion配置
|
1
2
3
4
|
vi /etc/salt/minionmaster: - 192.168.137.11 - 192.168.137.21 |
2)SLS使用git或者SVN管理
另一种方式: NFS共享keys 、file_roots、pillar_roots,但是不安全。
###################################################################
- Saltstack之Syndic
使用条件:
1、salt syndic必须运行在一台master上
2、salt syndic必须依赖更高级的master
安装
|
1
|
yum install -y salt-syndic |
配置
|
1
2
|
vi /etc/salt/mastersyndic_master: 192.168.137.12 |
备注:syndic和master共用一个配置文件
重启master: systemctl restart salt-master
启动sydic: systemctl start salt-syndic
更高级master修改配置(上图中第一排的master)
|
1
2
|
vi /etc/salt/masterorder_masters: True # 管理syndic |
启动高级master:systemctl start salt-master
使用
1)认证,master与syndic需要认证
|
1
|
salt-key -A |
2)master执行命令,通过syndic分发到个minion,然后返回结果
重点:syndic的file_roots和pillar_rotts必须与高级master一致。
缺点:高级master并不知道自己到底有多少minion。
#################################################################
- Saltstack之SSH
安装
|
1
|
yum install -y salt-ssh |
官方文档 https://docs.saltstack.com/en/latest/topics/ssh/index.html
配置
管理/etc/salt/roster文件,配置需要管理的所有主机
|
1
2
3
4
5
6
7
8
9
10
|
vi /etc/salt/rosterlinux-node1.example.com: host: 192.168.137.11 user: root port: 22 linux-node2.example.com: host: 192.168.137.12 user: root port: 22 |
如何通过证书认证?
1)执行 salt-ssh '*' test.ping -i,提示输入密码;
2)用户输入一次密码后salt-ssh会将公钥发送到对应主机,例如:/root/.ssh/authorized_keys;
3)/etc/salt/pki/master/ssh目录下存master公钥和私钥。
备注:取消证书提示
|
1
2
|
vi /root/.ssh/configStricHostKeyChecking no |
命令
|
1
|
salt-ssh '*' -r 'df -h' # -r参数直接执行Linux命令 |
使用场景
1、不使用minion,通过salt-ssh控制所有主机
2、minion升级、重启,通过salt-ssh可以实现
###########################################################################
Saltstack-API
官方文档 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html
使用条件:1)https调用,需要生成证书 2)配置文件 3)使用PAM验证 4)启动salt-api
安装
|
1
|
yum install -y salt-api |
实现方式
1)创建用户useradd -M -s /sbin/nologin saltapi
2)设置密码passwd saltapi
3)生成自签名证书
cd /etc/pki/tls/certs
mv localhost.crt /tmp
make testcert
cd /etc/pki/tls/private
如果上面生成证书时输入了密码,需要取消密码
openssl rsa -in localhost.key -out salt_nopass.key
4)安装Cherrypy模块,版本3.2.6
|
1
|
pip install Cherrypy==3.2.6 |
备注:centos6、7可以使用3.2.6版本,centos5安装时不要选版本号
5)修改master配置文件
|
1
2
|
vi /etc/salt/masterdefault_include: master.d/*.conf |
6)创建api配置文件
|
1
2
3
4
5
6
7
|
cd /etc/salt/master.d/vi api.confrest_cherrypy: host: 192.168.137.11 port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/private/salt_nopass.key |
备注:如果加disable_ssl: True,可以通过http请求。
性能优化:
|
1
2
|
thread_pool: 100socket_queue_size: 30 |
7)认证文件
|
1
2
3
4
5
6
7
|
vi eauth.confexternal_auth: pam: saltapi: - .* - '@wheel' - '@runner' |
备注: .* # 所有模块可执行, '@wheel' # salt key
centos5.9上yum安装的salt,eauth.conf配置需要注意,如下配置
|
1
2
3
4
5
6
7
8
9
10
|
external_auth: pam: saltapi: - .* - '@local' - '@local_async' - '@wheel' - '@wheel_async' - '@runner' - '@runner_async' |
8)重启master
|
1
|
systemctl restart salt-master.service |
9)启动api
|
1
|
systemctl restart salt-api |
10)需要修改master的配置对saltapi用户进行授权
|
1
2
3
4
5
6
7
8
9
|
[root@test1 ~]# vim /etc/salt/masterexternal_auth: pam: saltapi: - .* - '@wheel'[root@test1 ~]# /etc/init.d/salt-master restartStopping salt-master daemon: [ OK ]Starting salt-master daemon: [ OK ] |
使用介绍
1)登录测试,使用curl请求
|
1
2
3
4
5
|
curl -k https://192.168.137.11:8000/login \ -H 'Accept: application/x-yaml' \ -d username=saltapi \ -d password=saltapi \ -d eauth=pam |
登录成功后系统返回token,用于后续交互使用。
2)获取minion资产数据测试,节点为linux-node1.example.com主机
|
1
2
3
|
curl -k https://192.168.137.11:8000/minions/linux-node1.example.com \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: token内容' |
3)查看所有minion存活主机
|
1
2
3
4
5
|
curl -k https://192.168.137.11:8000/ \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: token内容' \ -d client='runner' \ -d fun='manage.status' |
备注:client='runner'指的是在master执行,client='local'指的是在minion执行
4)ping测试
|
1
2
3
4
5
6
|
curl -k https://192.168.137.11:8000/ \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: token内容' \ -d client='local' \ -d tgt='*' \ -d fun='test.ping' |
tgt表示目标,可以指定某一台minion
5)查看jobs
|
1
2
3
|
curl -k https://192.168.137.11:8000/jobs \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: token内容' |
6)查看具体一个jobs的执行结果
|
1
2
3
|
curl -k https://192.168.137.11:8000/jobs/jobid \ -H 'Accept: application/x-yaml' \ -H 'X-Auth-Token: token内容' |
#############################################################
Saltstack异步执行命令
salt执行命令有时候会有超时的问题,就是命令下发下去了,部分主机没有返回信息,这时候就很难判断命令或任务是否执行成功。因此,salt提供异步执行的功能,发出命令后立即返回一个jid。然后我们就可以根据这个jid来查询任务是否执行成功。
命令行实现异步
参数--async,返回job ID,根据job ID我们可以查询执行结果。
|
1
|
salt --async '*' test.ping |
|
1
|
salt-run jobs.lookup_jid 20161117163153353501 |
-v参数在返回结果的同时,一同返回本次任务的jid,如果超时还是会返回jid
|
1
|
salt -v '*' test.ping |
API实现异步
任务执行代码样例,通过async方法执行异步命令获取返回job id,通过job方法查看执行结果。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
import requestsimport jsondef async(fun, tgt): """ 异步任务,获取jid """ params = {'client': 'local_async', 'fun': fun, 'tgt': tgt} headers = {'X-Auth-Token': 登陆时获取的token} try: ret = requests.post(https://ip:port/, data=params, headers=headers, verify=False) ret = json.loads(ret.text) return ret['return'][0]['jid'] except Exception as err: print err def jobs_all(jid=None): """ job_id=None, 查看salt cache中所有的job任务的执行结果 job_id传值时,查看指定job id的执行结果 """ headers = {'X-Auth-Token': 登陆时获取的token} try: if jid is None: ret = requests.get(https://ip:port/jobs, headers=headers, verify=False) else: ret = requests.get('https://ip:port/jobs' + jid, headers=headers, verify=False) ret = json.loads(ret.text) return ret except Exception as err: logger.error(err) jid = async('test.ping', '*')jobs_all()jobs_all(jid=jid) |
查看官方文档获取详细帮助 https://docs.saltstack.com/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html#id1
#######################################################################
在windows下通过Salt-Minion-xxxx.xx.x-AMD64-Setup.exe安装salt-minion的时候,默认是安装并开机启动salt-minion服务。但是如果以服务的方式启动salt-minion的话,windows的可视化操作是不能被控制的。为了能够通过salt-minion来操控windows的可视化界面,需要禁用salt-minion服务,并且用进程的方式启动salt-minion。
解决方案
1. 开始>>运行>>services.msc 将salt-minion服务给停止并将启动类型设为手动
2.命令行方式运行C:\salt\salt-minion.exe
3.将C:\salt\salt-minion.exe加入启动,以后服务器重启可以实现salt自启动
学习saltstack (六)的更多相关文章
- 前端学习 第六弹: javascript中的函数与闭包
前端学习 第六弹: javascript中的函数与闭包 当function里嵌套function时,内部的function可以访问外部function里的变量 function foo(x) { ...
- Android Animation学习(六) View Animation介绍
Android Animation学习(六) View Animation介绍 View Animation View animation系统可以用来执行View上的Tween animation和F ...
- java之jvm学习笔记六-十二(实践写自己的安全管理器)(jar包的代码认证和签名) (实践对jar包的代码签名) (策略文件)(策略和保护域) (访问控制器) (访问控制器的栈校验机制) (jvm基本结构)
java之jvm学习笔记六(实践写自己的安全管理器) 安全管理器SecurityManager里设计的内容实在是非常的庞大,它的核心方法就是checkPerssiom这个方法里又调用 AccessCo ...
- Bootstrap3.0学习第六轮(表单)
Bootstrap3.0学习第六轮(表单) 前言 阅读之前您也可以到Bootstrap3.0入门学习系列导航中进行查看http://www.cnblogs.com/aehyok/p/3404867.h ...
- Learning ROS for Robotics Programming Second Edition学习笔记(六) indigo xtion pro live
中文译著已经出版,详情请参考:http://blog.csdn.net/ZhangRelay/article/category/6506865 Learning ROS for Robotics Pr ...
- Maven学习(六)-- Maven与Eclipse整合
由于我使用的是IDEA所以就不摘录了,感兴趣的移步 Maven学习总结(六)--Maven与Eclipse整合 Maven学习总结(七)--eclipse中使用Maven创建Web项目
- python学习第六讲,python中的数据类型,列表,元祖,字典,之列表使用与介绍
目录 python学习第六讲,python中的数据类型,列表,元祖,字典,之列表使用与介绍. 二丶列表,其它语言称为数组 1.列表的定义,以及语法 2.列表的使用,以及常用方法. 3.列表的常用操作 ...
- Python学习第六课
Python学习第六课 课前回顾 列表 创建 通过 [] :写在[]里,元素之间用逗号隔开 对应操作: 查 增 append insert 改(重新赋值) 删除(remove del pop(删除后会 ...
- Typescript 学习笔记六:接口
中文网:https://www.tslang.cn/ 官网:http://www.typescriptlang.org/ 目录: Typescript 学习笔记一:介绍.安装.编译 Typescrip ...
- 【转载】 强化学习(六)时序差分在线控制算法SARSA
原文地址: https://www.cnblogs.com/pinard/p/9614290.html ------------------------------------------------ ...
随机推荐
- Hive数子IP与字符串IP之间的转换
字符串IP:247.164.62.58 对应的 数字IP:4154736186 数子IP=>字符串IP select concat_ws('.',conv(substr(hex(41547 ...
- linux批量修改root密码脚本
转至:https://blog.csdn.net/onionm/article/details/100514892?utm_medium=distribute.pc_relevant_download ...
- 解决oracle用户过期问题
转至:https://blog.51cto.com/718693/1566905 2014-10-22 21:31:01 最近测试部工作人员发现一个问题,说oracle用户密码提示要过期了,问我怎 ...
- video视频控件
<!-- 视频播放内容 --> <!-- autoplay准备就绪会自动播放 --> <!-- controls,要自定义得去掉这个 --> <video ...
- PCL库在Linux环境下的编译安装
PCL库在Linux环境下的编译安装 PCL库的源码库:https://github.com/PointCloudLibrary/pcl 下载完了之后解压下来 编译库的几个步骤 mkdir build ...
- 【一】TSP、VRP、VRP模型介绍
一. TSP问题数学模型 编辑 TSP,即Traveling Salesman Problem,也就是旅行商问题,又译为旅行推销员问题.货郎担问题,简称为TSP问题,是最基本的路线问题,该问题是在寻求 ...
- tp5 ajax单文件上传
HTML代码: <!DOCTYPE html> <html lang="en"> <head> <meta charset="U ...
- git常用命令及问题
Git基本操作 git init 创建新的git仓库 git clone [url] 使用 git clone 拷贝一个 Git 仓库到本地 git status 查看工作区 git stash li ...
- 使用Vscode和Cmake打造跨平台的C++ IDE
准备工作 Viusal Studio Code 64位 :Download Visual Studio Code - Mac, Linux, Windows Cmake 3.4 :Download | ...
- ASP.NET Core框架探索之Authentication
今天我们来探索一下ASP.NET Core中关于权限认证,所谓权限认证,就是通过某些方式获取到用户的信息. 需要开启权限认证,我们首先需要在容器中注入认证服务,使用services.AddAuthen ...