SaltStack--项目实战
saltstack项目实战
项目架构规划
后端web服务器使用Nginx+Php作为站点,通过HAproxy做负载均衡,Keepalived做高可用
项目环境准备
说明: 关闭防火墙、selinux、时间同步等
host绑定
[root@salt-master ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
:: localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.30 salt-master
192.168.1.31 salt-minion01
192.168.1.32 salt-minion02
192.168.1.33 salt-minion03
192.168.1.34 salt-minion04 [root@salt-master ~]# for i in `seq `; do scp /etc/hosts 192.168.1.3$i:/etc/hosts ; done
软件安装
1)Master上软件安装
[root@salt-master ~]# yum -y install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@salt-master ~]# sed -i "s/repo.saltstack.com/mirrors.aliyun.com\/saltstack/g" /etc/yum.repos.d/salt-latest.repo
[root@salt-master ~]# yum -y install salt-master
[root@salt-master ~]# systemctl enable salt-master
[root@salt-master ~]# systemctl start salt-master
2)Minion上软件安装并配置
# yum -y install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
# yum -y install salt-minion
# cp /etc/salt/minion{,.back}
# sed -i '/#master: /c\master: salt-master' /etc/salt/minion
# systemctl enable salt-minion
# systemctl start salt-minion
Master上认证
[root@salt-master ~]# systemctl restart salt-master
[root@salt-master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Rejected Keys: [root@salt-master ~]# salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Key for minion salt-minion01 accepted.
Key for minion salt-minion02 accepted.
Key for minion salt-minion03 accepted.
Key for minion salt-minion04 accepted.
[root@salt-master ~]# salt-key -L
Accepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Denied Keys:
Unaccepted Keys:
Rejected Keys: [root@salt-master ~]# salt '*' test.ping
salt-minion01:
True
salt-minion02:
True
salt-minion03:
True
salt-minion04:
True
Master上state编写
state环境设置
说明:该案例在prod环境下配置,在prod下面创建了一个modules的目录,所有的安装配置都放在这个目录下面了,里面分别又对应创建了对应的软件目录,每个软件目录下面的files目录用来存放的是软件包或者配置文件模板
[root@salt-master ~]# vim /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
dev:
- /srv/salt/dev
[root@salt-master ~]# systemctl restart salt-master
[root@salt-master ~]# mkdir -p /srv/salt/{base,test,prod,dev} [root@salt-master ~]# mkdir -p /srv/salt/prod/modules/{nginx,php,mysql,haproxy,keepalived,lnmp}/files
[root@salt-master ~]# mkdir /srv/salt/prod/modules/user
[root@salt-master ~]# tree /srv/salt/prod/modules/
/srv/salt/prod/modules/
├── haproxy
│ └── files
├── keepalived
│ └── files
├── lnmp
│ └── files
├── mysql
│ └── files
├── nginx
│ └── files
├── php
│ └── files
└── user directories, files
sls文件编写
pkg基础包
安装源码编译所需要用到的基础软件包
[root@salt-master ~]# cat /srv/salt/prod/modules/pkg.sls
pkg-install:
pkg.installed:
- pkgs:
- gcc
- gcc-c++
- make
- autoconf
- glibc
- glibc-devel
- glib2
- glib2-devel
- pcre
- pcre-devel
- zlib
- zlib-devel
- openssl
- openssl-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- bzip2
- bzip2-devel
- ncurses
- curl
- gdbm-devel
- libXpm-devel
- libX11-devel
- gd-devel
- gmp-devel
- readline-devel
- libxslt-devel
- expat-devel
- xmlrpc-c
- xmlrpc-c-devel
useradd
创建网站运行用户
[root@salt-master ~]# cat /srv/salt/prod/modules/user/www.sls
www-user-group:
group.present:
- name: www
- gid: user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid:
- gid:
- unless: id www
nginx
1)软件包准备,及配置文件模板,启动文件模板
[root@salt-master ~]# cd /srv/salt/prod/modules/nginx/
[root@salt-master nginx]# tree
.
├── files
│ ├── nginx-1.12..tar.gz
│ ├── nginx-1.16..tar.gz
│ ├── nginx.conf.template
│ └── nginx.service.template
├── install.sls
└── service.sls directory, files
2)install.sls
[root@salt-master nginx]# cat install.sls
{% set nginx_version = "1.16.0"%}
include:
- modules.pkg
- modules.user.www nginx-install:
file.managed:
- name: /usr/local/src/nginx-{{ nginx_version }}.tar.gz
- source: salt://modules/nginx/files/nginx-{{ nginx_version }}.tar.gz
- user: root
- group: root
- mode: cmd.run:
- name: cd /usr/local/src/ && tar xf nginx-{{ nginx_version }}.tar.gz && cd nginx-{{ nginx_version }} && ./configure --prefix=/usr/local/nginx-{{ nginx_version }} --user=root --group=root --with-http_ssl_module --with-stream --with-http_stub_status_module --with-file-aio --with-http_gzip_static_module && make && make install && ln -s /usr/local/nginx-{{ nginx_version }} /usr/local/nginx
- unless: test -d /usr/local/nginx-{{ nginx_version }} && test -L /usr/local/nginx
- require:
- file: nginx-install
- pkg: pkg-install
3)service.sls
[root@salt-master nginx]# cat service.sls
#引入nginx安装sls
include:
- modules.nginx.install #添加systemctl
nginx-init:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://modules/nginx/files/nginx.service.template
- user: root
- group: root
- mode:
- unless: test -f /usr/lib/systemd/system/nginx.service
cmd.run:
- name: systemctl daemon-reload
- require:
- file: nginx-init #配置文件
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://modules/nginx/files/nginx.conf.template
- user: root
- group: root
- mode: #启动nginx
nginx-service:
file.directory:
- name: /usr/local/nginx/conf/conf.d
- user: root
- group: root
- mode:
- require:
- cmd: nginx-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-init
- watch:
- file: /usr/local/nginx/conf/nginx.conf
- file: nginx-service
php
1)软件包准备,及配置文件模板,启动文件模板
[root@salt-master ~]# cd /srv/salt/prod/modules/php/
[root@salt-master php]# tree
.
├── files
│ ├── php-5.6..tar.gz
│ ├── php-fpm.conf.template
│ ├── php-fpm.service.template
│ ├── php-fpm.template
│ └── php.ini.template
├── install.sls
└── service.sls directory, files
2)install.sls
[root@salt-master php]# cat install.sls
{% set php_version = "5.6.40" %}
include:
- modules.pkg php-install:
file.managed:
- name: /usr/local/src/php-{{ php_version }}.tar.gz
- source: salt://modules/php/files/php-{{ php_version }}.tar.gz
- user: root
- group: root
- mode: cmd.run:
- name: cd /usr/local/src/ && tar xf php-{{ php_version }}.tar.gz && cd php-{{ php_version }} && ./configure --prefix=/usr/local/php-{{ php_version }} --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-jpeg-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir --with-mysql --with-mysqli --with-openssl --with-pcre-regex --with-pdo-mysql --with-dpo-sqlite --with-pear --with-png-dir --with-openssl --with-xmlrpc --with-xsl --with-zlib --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-gd-native-ttf --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip && make && make install && ln -s /usr/local/php-{{ php_version }} /usr/local/php
- unless: test -d /usr/local/php-{{ php_version }} && test -L /usr/local/php
- require:
- file: php-install
- pkg: pkg-install
3)service.sls
[root@salt-master php]# cat service.sls
#引入php安装的sls
include:
- modules.php.install #php-ini配置文件配置
php-ini:
file.managed:
- name: /usr/local/php/etc/php.ini
- source: salt://modules/php/files/php.ini.template
- user: root
- group: root
- mode:
- require:
- cmd: php-install
cmd.run:
- name: ln -s /usr/local/php/etc/php.ini /etc/php.ini
- unless: test -L /etc/php.ini
- require:
- file: php-ini #php-fpm配置文件配置
php-fpm:
file.managed:
- name: /usr/local/php/etc/php-fpm.conf
- source: salt://modules/php/files/php-fpm.conf.template
- user: root
- group: root
- mode:
- require:
- cmd: php-install
cmd.run:
- name: ln -s /usr/local/php/etc/php-fpm.conf /etc/php-fpm.conf
- unless: test -L /etc/php-fpm.conf
- require:
- file: php-fpm #加入system启动
php-systemd:
file.managed:
- name: /usr/lib/systemd/system/php-fpm.service
- source: salt://modules/php/files/php-fpm.service.template
- user: root
- group: root
- mode:
- require:
- cmd: php-install #加入/etc/init.d/启动
php-init:
file.managed:
- name: /etc/init.d/php-fpm
- source: salt://modules/php/files/php-fpm.template
- user: root
- group: root
- mode:
- require:
- cmd: php-install #启动php-fpm
php-service:
service.running:
- name: php-fpm
- enable: True
- require:
- file: php-systemd
- watch:
- file: php-fpm
- file: php-ini
mysql
1)配置文件模板准备
[root@salt-master ~]# cd /srv/salt/prod/modules/mysql/
[root@salt-master mysql]# tree
.
├── files
│ └── my.cnf
├── install.sls
└── service.sls directory, files
2)install.sls
[root@salt-master mysql]# cat install.sls
mariadb-install:
pkg.installed:
- pkgs:
- mariadb-server
- mariadb
3)service.sls
[root@salt-master mysql]# cat service.sls
#引入mysql安装的sls
include:
- modules.mysql.install #my.cnf配置文件
mariadb-config:
file.managed:
- name: /etc/my.cnf
- source: salt://modules/mysql/files/my.cnf
- user: root
- group: root
- mode:
- require:
- pkg: mariadb-install #启动mariadb
mariadb-service:
service.running:
- name: mariadb
- enable: True
- watch:
- file: mariadb-config
- require:
- pkg: mariadb-install
- file: mariadb-config
lnmp
1)准备测试文件php info 和nginx虚拟主机配置文件
[root@salt-master ~]# cd /srv/salt/prod/modules/lnmp/
[root@salt-master lnmp]# tree
.
├── files
│ ├── index.php
│ └── www.conf
└── www.sls directory, files
2)www.sls
[root@salt-master lnmp]# cat www.sls
#引入nginx、php、mysql的安装
include:
- modules.nginx.service
- modules.php.service
- modules.mysql.service #虚拟主机web站点目录创建
web-www:
file.directory:
- name: /opt/www
- user: www
- group: www
- mode: #虚拟主机配置文件配置
web-www-conf:
file.managed:
- name: /usr/local/nginx/conf/conf.d/www.conf
- source: salt://modules/lnmp/files/www.conf
- user: root
- group: root
- mode:
- require:
- file: web-www
- watch_in:
- service: nginx-service
- template: jinja
- defaults:
PORT:
IPADDR: {{ grains['fqdn_ip4'][] }} #phpinfo测试文件准备
web-index:
file.managed:
- name: /opt/www/index.php
- source: salt://modules/lnmp/files/index.php
- user: www
- group: www
- mode:
测试lnmp是否OK
1)Top file编写
[root@salt-master ~]# cat /srv/salt/base/top.sls
prod:
"salt-minion0[3-4]":
- modules.lnmp.www
2)执行高级状态
[root@salt-master ~]# salt '*' state.highstate
3)访问测试
haproxy
1)配置文件准备
[root@salt-master ~]# cd /srv/salt/prod/modules/haproxy/
[root@salt-master haproxy]# tree
.
├── files
│ └── haproxy.cfg
├── install.sls
└── service.sls directory, files
2)install.sls
[root@salt-master haproxy]# cat install.sls
haproxy-install:
pkg.installed:
- name: haproxy
3)service.sls
[root@salt-master haproxy]# cat service.sls
#引入haproxy安装的sls
include:
- modules.haproxy.install #配置文件
haproxy-config:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://modules/haproxy/files/haproxy.cfg
- user: root
- group: root
- mode:
- require:
- pkg: haproxy-install #启动haproxy
haproxy-service:
service.running:
- name: haproxy
- enable: True
- require:
- pkg: haproxy-install
- file: haproxy-config
- watch:
- file: haproxy-config
keepalived
1)配置文件准备
[root@salt-master ~]# cd /srv/salt/prod/modules/keepalived/
[root@salt-master keepalived]# tree
.
├── files
│ └── keepalived.conf
├── install.sls
└── service.sls directory, files
2)install.sls
[root@salt-master keepalived]# cat install.sls
keepalived-install:
pkg.installed:
- name: keepalived
3)service.sls
[root@salt-master keepalived]# cat service.sls
#引入keepalived安装的sls
include:
- modules.keepalived.install #keepalived配置文件
keepalived-config:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://modules/keepalived/files/keepalived.conf
- user: root
- group: root
- mode:
- require:
- pkg: keepalived-install
- template: jinja
- defaults:
{% if grains['fqdn'] == "salt-minion01" %}
ROUTER_ID: saltstack01
STATE: MASTER
PRIORITY:
{% elif grains['fqdn'] == "salt-minion02" %}
ROUTER_ID: saltstack02
STATE: BACKUP
PRIORITY:
{% endif %} #启动keepalived
keepalived-service:
service.running:
- name: keepalived
- enable: True
- require:
- pkg: keepalived-install
- file: keepalived-config
- watch:
- file: keepalived-config
整体部署
1)top file 编写
[root@salt-master ~]# cat /srv/salt/base/top.sls
prod:
"salt-minion0[3-4]":
- modules.lnmp.www "salt-minion0[1-2]":
- modules.haproxy.service
- modules.keepalived.service
2)高级状态执行
[root@salt-master ~]# salt '*' state.highstate
3)测试
访问192.168.1.31和192.168.1.32的状态页
访问VIP192.168.1.100
通过上面测试可看到可以成功访问lnmp站点,并且haproxy也ok。访问所有四台服务器都可以得到phpinfo页面,而在生产环境中,我们只是对外提供vip即可。
项目总结
1)整体环境查看
[root@salt-master ~]# tree /srv/salt/prod/modules/
/srv/salt/prod/modules/
├── haproxy
│ ├── files
│ │ └── haproxy.cfg
│ ├── install.sls
│ └── service.sls
├── keepalived
│ ├── files
│ │ └── keepalived.conf
│ ├── install.sls
│ └── service.sls
├── lnmp
│ ├── files
│ │ ├── index.php
│ │ └── www.conf
│ └── www.sls
├── mysql
│ ├── files
│ │ └── my.cnf
│ ├── install.sls
│ └── service.sls
├── nginx
│ ├── files
│ │ ├── nginx-1.12..tar.gz
│ │ ├── nginx-1.16..tar.gz
│ │ ├── nginx.conf.template
│ │ └── nginx.service.template
│ ├── install.sls
│ └── service.sls
├── php
│ ├── files
│ │ ├── php-5.6..tar.gz
│ │ ├── php-fpm.conf.template
│ │ ├── php-fpm.service.template
│ │ ├── php-fpm.template
│ │ └── php.ini.template
│ ├── install.sls
│ └── service.sls
├── pkg.sls
└── user
└── www.sls directories, files
2)如果需要在某台服务器上面单独部署某一部分,参考以下写法:
[root@salt-master ~]# cat /srv/salt/base/top.sls
#部署lnmp及haproxy+keepalived
prod:
"salt-minion0[3-4]":
- modules.lnmp.www "salt-minion0[1-2]":
- modules.haproxy.service
- modules.keepalived.service #单实例操作说明:
prod:
"salt-minion04":
- modules.nginx.service #单独安装nginx时
- modules.mysql.service #单独安装mysql时
- modules.php.service #单独安装php时
- modules.keepalived.service #单独安装keepalived时
- modules.haproxy.service #单独安装haproxy时 "salt-minion03":
- modules.lnmp.www #单独部署lnmp环境时
如需配置文件模板及软件包联系我
SaltStack--项目实战的更多相关文章
- SaltStack项目实战(六)
SaltStack项目实战 系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) vim /etc/salt/master 修改file_roots file_r ...
- SaltStack项目实战(二)
架构图: 配置思路 (1).系统初始化 Base环境下存放所有系统都要执行的状态,调整内核参数,dns,装zabbix-agent等 (2).功能模块(如:上面的haproxy) 如上面的haprox ...
- SaltStack项目实战(一)
系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) ? 1 2 3 4 5 6 7 8 9 10 vim /etc/salt/master 修改file_r ...
- SaltStack项目实战(七)
上文 http://www.cnblogs.com/shhnwangjian/p/6027992.html 四.memcached 1)创建www用户 mkdir -p /srv/salt/prod/ ...
- Asp.Net Core 项目实战之权限管理系统(4) 依赖注入、仓储、服务的多项目分层实现
0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...
- 给缺少Python项目实战经验的人
我们在学习过程中最容易犯的一个错误就是:看的多动手的少,特别是对于一些项目的开发学习就更少了! 没有一个完整的项目开发过程,是不会对整个开发流程以及理论知识有牢固的认知的,对于怎样将所学的理论知识应用 ...
- 【腾讯Bugly干货分享】React Native项目实战总结
本文来自于腾讯bugly开发者社区,非经作者同意,请勿转载,原文地址:http://dev.qq.com/topic/577e16a7640ad7b4682c64a7 “8小时内拼工作,8小时外拼成长 ...
- Asp.Net Core 项目实战之权限管理系统(0) 无中生有
0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...
- Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端
0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...
- Asp.Net Core 项目实战之权限管理系统(2) 功能及实体设计
0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...
随机推荐
- Java并发之多线程下竞态条件概念的理解
一.简述 竞态条件(Race Condition):计算的正确性取决于多个线程的交替执行时序时,就会发生竞态条件. 二.常见竞态条件分析 最常见的竞态条件为 1.先检测后执行 执行依赖于检测的结果,而 ...
- GCN(Graph Convolutional Network)的简单公式推导
第一步:从前一个隐藏层到后一个隐藏层,对结点进行特征变换 第二步:对第一步进行具体实现 第三步:对邻接矩阵进行归一化(行之和为1) 邻接矩阵A的归一化,可以通过度矩阵D来实现(即通过D^-1*A来实现 ...
- cad.net 复制图元的时候按下多次esc导致复制中断的bug,令REGEN,REGENALL更新图元无效.
浩辰没有这个bug !!!!!!! 如上述动图所示,cad在复制一个多图元的操作时候,多次按下esc键中断复制操作, **注意例子要有足够多的图元(大概一万个图元),才能很好展示这个bug,而且这个b ...
- 深入理解JVM-对象已死吗
在堆中存放着Java世界中几乎所有的对象的实例,垃圾收集器在对堆进行垃圾回收前,第一件事情就是要确定这些对象中还有那些是"存活"着,那些已经死去(即不能再被任何途径使用的对象). ...
- 一文让你彻底理解准确率,精准率,召回率,真正率,假正率,ROC/AUC
参考资料:https://zhuanlan.zhihu.com/p/46714763 ROC/AUC作为机器学习的评估指标非常重要,也是面试中经常出现的问题(80%都会问到).其实,理解它并不是非常难 ...
- sqlException 使用relace 替换单引号
我们从前端输入数据的时候,可能会输入一些 单引号 ,的字符 导致直接进行执行sql 语句保存的时候出现错误 如: 输入的有 单引号 保存按钮小代码 <asp:Button ID="bt ...
- 创建新react项目 运行npm start 报错踩过的坑
1.看react官网创建新的react项目 :npx create-react-app my-app cd到my-app npm start 遇见如下报错 这是因为电脑本地git的原因 ,不是 ...
- 【洛谷】P1022 计算器的改良-全AC题解
#include <iostream> #include <cstring> #include <iomanip> using namespace std; int ...
- C++之救济金发放问题
n(n<20)个人站成一圈,逆时针编号为1~n.有两个官员,A从1开始逆时针数,B从n开始顺时针数.在每一轮中,官员A数k个就停下来,官员B数m个就停下来(注意有可能两个官员停在同一个人上).接 ...
- SQL Server 中获取一个表的字段信息
直接贴代码了: SELECT sysobjects.name AS TableName, syscolumns.Id AS TableId, syscolumns.name AS DbColumnNa ...