saltstack项目实战

项目架构规划

后端web服务器使用Nginx+Php作为站点,通过HAproxy做负载均衡,Keepalived做高可用

项目环境准备

说明: 关闭防火墙、selinux、时间同步等

host绑定

[root@salt-master ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.1.30    salt-master

192.168.1.31    salt-minion01

192.168.1.32    salt-minion02

192.168.1.33    salt-minion03

192.168.1.34    salt-minion04

[root@salt-master ~]# for i in `seq `; do scp /etc/hosts 192.168.1.3$i:/etc/hosts ; done

软件安装

参考地址

1)Master上软件安装

[root@salt-master ~]# yum -y install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

[root@salt-master ~]# sed -i "s/repo.saltstack.com/mirrors.aliyun.com\/saltstack/g" /etc/yum.repos.d/salt-latest.repo

[root@salt-master ~]# yum -y install salt-master

[root@salt-master ~]# systemctl enable salt-master

[root@salt-master ~]# systemctl start salt-master

2)Minion上软件安装并配置

# yum -y install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm

# yum -y install salt-minion

# cp /etc/salt/minion{,.back}

# sed -i '/#master: /c\master: salt-master' /etc/salt/minion

# systemctl enable salt-minion

# systemctl start salt-minion

Master上认证

[root@salt-master ~]# systemctl restart salt-master

[root@salt-master ~]# salt-key -L

Accepted Keys:

Denied Keys:

Unaccepted Keys:

salt-minion01

salt-minion02

salt-minion03

salt-minion04

Rejected Keys:

[root@salt-master ~]# salt-key -A -y

The following keys are going to be accepted:

Unaccepted Keys:

salt-minion01

salt-minion02

salt-minion03

salt-minion04

Key for minion salt-minion01 accepted.

Key for minion salt-minion02 accepted.

Key for minion salt-minion03 accepted.

Key for minion salt-minion04 accepted.

[root@salt-master ~]# salt-key -L

Accepted Keys:

salt-minion01

salt-minion02

salt-minion03

salt-minion04

Denied Keys:

Unaccepted Keys:

Rejected Keys:

[root@salt-master ~]# salt '*' test.ping

salt-minion01:

    True

salt-minion02:

    True

salt-minion03:

    True

salt-minion04:

    True

Master上state编写

state环境设置

说明:该案例在prod环境下配置,在prod下面创建了一个modules的目录,所有的安装配置都放在这个目录下面了,里面分别又对应创建了对应的软件目录,每个软件目录下面的files目录用来存放的是软件包或者配置文件模板

[root@salt-master ~]# vim /etc/salt/master

file_roots:

  base:

    - /srv/salt/base

  test:

    - /srv/salt/test

  prod:

    - /srv/salt/prod

  dev:

    - /srv/salt/dev

[root@salt-master ~]# systemctl restart salt-master

[root@salt-master ~]# mkdir -p /srv/salt/{base,test,prod,dev}

[root@salt-master ~]# mkdir -p /srv/salt/prod/modules/{nginx,php,mysql,haproxy,keepalived,lnmp}/files

[root@salt-master ~]# mkdir /srv/salt/prod/modules/user

[root@salt-master ~]# tree /srv/salt/prod/modules/

/srv/salt/prod/modules/

├── haproxy

│   └── files

├── keepalived

│   └── files

├── lnmp

│   └── files

├── mysql

│   └── files

├── nginx

│   └── files

├── php

│   └── files

└── user

 directories,  files

sls文件编写

pkg基础包

安装源码编译所需要用到的基础软件包

[root@salt-master ~]# cat /srv/salt/prod/modules/pkg.sls

pkg-install:

  pkg.installed:

    - pkgs:

      - gcc

      - gcc-c++

      - make

      - autoconf

      - glibc

      - glibc-devel

      - glib2

      - glib2-devel

      - pcre

      - pcre-devel

      - zlib

      - zlib-devel

      - openssl

      - openssl-devel

      - libpng

      - libpng-devel

      - freetype

      - freetype-devel

      - libxml2

      - libxml2-devel

      - bzip2

      - bzip2-devel

      - ncurses

      - curl

      - gdbm-devel

      - libXpm-devel

      - libX11-devel

      - gd-devel

      - gmp-devel

      - readline-devel

      - libxslt-devel

      - expat-devel

      - xmlrpc-c

      - xmlrpc-c-devel

useradd

创建网站运行用户

[root@salt-master ~]# cat /srv/salt/prod/modules/user/www.sls

www-user-group:

  group.present:

    - name: www

    - gid: 

  user.present:

    - name: www

    - fullname: www

    - shell: /sbin/nologin

    - uid:

    - gid:

    - unless: id www

nginx

1)软件包准备,及配置文件模板,启动文件模板

[root@salt-master ~]# cd /srv/salt/prod/modules/nginx/

[root@salt-master nginx]# tree

.

├── files

│   ├── nginx-1.12..tar.gz

│   ├── nginx-1.16..tar.gz

│   ├── nginx.conf.template

│   └── nginx.service.template

├── install.sls

└── service.sls

 directory,  files

2)install.sls

[root@salt-master nginx]# cat install.sls

{% set nginx_version = "1.16.0"%}

include:

  - modules.pkg

  - modules.user.www

nginx-install:

  file.managed:

    - name: /usr/local/src/nginx-{{ nginx_version }}.tar.gz

    - source: salt://modules/nginx/files/nginx-{{ nginx_version }}.tar.gz

    - user: root

    - group: root

    - mode: 

  cmd.run:

    - name: cd /usr/local/src/ && tar xf nginx-{{ nginx_version }}.tar.gz && cd nginx-{{ nginx_version }} && ./configure --prefix=/usr/local/nginx-{{ nginx_version }} --user=root --group=root --with-http_ssl_module --with-stream --with-http_stub_status_module --with-file-aio --with-http_gzip_static_module && make && make install && ln -s /usr/local/nginx-{{ nginx_version }} /usr/local/nginx

    - unless: test -d /usr/local/nginx-{{ nginx_version }} && test -L /usr/local/nginx

    - require:

      - file: nginx-install

      - pkg: pkg-install

3)service.sls

[root@salt-master nginx]# cat service.sls

#引入nginx安装sls

include:

  - modules.nginx.install

#添加systemctl

nginx-init:

  file.managed:

    - name: /usr/lib/systemd/system/nginx.service

    - source: salt://modules/nginx/files/nginx.service.template

    - user: root

    - group: root

    - mode:

    - unless: test -f /usr/lib/systemd/system/nginx.service

  cmd.run:

    - name: systemctl daemon-reload

    - require:

      - file: nginx-init

#配置文件

/usr/local/nginx/conf/nginx.conf:

  file.managed:

    - source: salt://modules/nginx/files/nginx.conf.template

    - user: root

    - group: root

    - mode: 

#启动nginx

nginx-service:

  file.directory:

    - name: /usr/local/nginx/conf/conf.d

    - user: root

    - group: root

    - mode:

    - require:

      - cmd: nginx-install

  service.running:

    - name: nginx

    - enable: True

    - reload: True

    - require:

      - cmd: nginx-init

    - watch:

      - file: /usr/local/nginx/conf/nginx.conf

      - file: nginx-service

php

1)软件包准备,及配置文件模板,启动文件模板

[root@salt-master ~]# cd /srv/salt/prod/modules/php/

[root@salt-master php]# tree

.

├── files

│   ├── php-5.6..tar.gz

│   ├── php-fpm.conf.template

│   ├── php-fpm.service.template

│   ├── php-fpm.template

│   └── php.ini.template

├── install.sls

└── service.sls

 directory,  files

2)install.sls

[root@salt-master php]# cat install.sls

{% set php_version = "5.6.40" %}

include:

  - modules.pkg

php-install:

  file.managed:

    - name: /usr/local/src/php-{{ php_version }}.tar.gz

    - source: salt://modules/php/files/php-{{ php_version }}.tar.gz

    - user: root

    - group: root

    - mode: 

  cmd.run:

    - name: cd /usr/local/src/ && tar xf php-{{ php_version }}.tar.gz && cd php-{{ php_version }} && ./configure --prefix=/usr/local/php-{{ php_version }} --with-curl --with-freetype-dir --with-gd --with-gettext --with-iconv-dir --with-jpeg-dir --with-kerberos --with-libdir=lib64 --with-libxml-dir --with-mysql --with-mysqli --with-openssl --with-pcre-regex --with-pdo-mysql --with-dpo-sqlite --with-pear --with-png-dir --with-openssl --with-xmlrpc --with-xsl --with-zlib --enable-fpm --enable-bcmath --enable-libxml --enable-inline-optimization --enable-gd-native-ttf --enable-mbregex --enable-mbstring --enable-opcache --enable-pcntl --enable-shmop --enable-soap --enable-sockets --enable-sysvsem --enable-xml --enable-zip && make && make install && ln -s /usr/local/php-{{ php_version }} /usr/local/php

    - unless: test -d /usr/local/php-{{ php_version }} && test -L /usr/local/php

    - require:

      - file: php-install

      - pkg: pkg-install

3)service.sls

[root@salt-master php]# cat service.sls

#引入php安装的sls

include:

  - modules.php.install

#php-ini配置文件配置

php-ini:

  file.managed:

    - name: /usr/local/php/etc/php.ini

    - source: salt://modules/php/files/php.ini.template

    - user: root

    - group: root

    - mode:

    - require:

      - cmd: php-install

  cmd.run:

    - name: ln -s /usr/local/php/etc/php.ini /etc/php.ini

    - unless: test -L /etc/php.ini

    - require:

      - file: php-ini

#php-fpm配置文件配置

php-fpm:

  file.managed:

    - name: /usr/local/php/etc/php-fpm.conf

    - source: salt://modules/php/files/php-fpm.conf.template

    - user: root

    - group: root

    - mode:

    - require:

      - cmd: php-install

  cmd.run:

    - name: ln -s /usr/local/php/etc/php-fpm.conf /etc/php-fpm.conf

    - unless: test -L /etc/php-fpm.conf

    - require:

      - file: php-fpm

#加入system启动

php-systemd:

  file.managed:

    - name: /usr/lib/systemd/system/php-fpm.service

    - source: salt://modules/php/files/php-fpm.service.template

    - user: root

    - group: root

    - mode:

    - require:

      - cmd: php-install

#加入/etc/init.d/启动

php-init:

  file.managed:

    - name: /etc/init.d/php-fpm

    - source: salt://modules/php/files/php-fpm.template

    - user: root

    - group: root

    - mode:

    - require:

      - cmd: php-install

#启动php-fpm

php-service:

  service.running:

    - name: php-fpm

    - enable: True

    - require:

      - file: php-systemd

    - watch:

      - file: php-fpm

      - file: php-ini

mysql

1)配置文件模板准备

[root@salt-master ~]# cd /srv/salt/prod/modules/mysql/

[root@salt-master mysql]# tree

.

├── files

│   └── my.cnf

├── install.sls

└── service.sls

 directory,  files

2)install.sls

[root@salt-master mysql]# cat install.sls

mariadb-install:

  pkg.installed:

    - pkgs:

      - mariadb-server

      - mariadb

3)service.sls

[root@salt-master mysql]# cat service.sls

#引入mysql安装的sls

include:

  - modules.mysql.install

#my.cnf配置文件

mariadb-config:

  file.managed:

    - name: /etc/my.cnf

    - source: salt://modules/mysql/files/my.cnf

    - user: root

    - group: root

    - mode:

    - require:

      - pkg: mariadb-install

#启动mariadb

mariadb-service:

  service.running:

    - name: mariadb

    - enable: True

    - watch:

      - file: mariadb-config

    - require:

      - pkg: mariadb-install

      - file: mariadb-config

lnmp

1)准备测试文件php info 和nginx虚拟主机配置文件

[root@salt-master ~]# cd /srv/salt/prod/modules/lnmp/

[root@salt-master lnmp]# tree

.

├── files

│   ├── index.php

│   └── www.conf

└── www.sls

 directory,  files

2)www.sls

[root@salt-master lnmp]# cat www.sls

#引入nginx、php、mysql的安装

include:

  - modules.nginx.service

  - modules.php.service

  - modules.mysql.service

#虚拟主机web站点目录创建

web-www:

  file.directory:

    - name: /opt/www

    - user: www

    - group: www

    - mode: 

#虚拟主机配置文件配置

web-www-conf:

  file.managed:

    - name: /usr/local/nginx/conf/conf.d/www.conf

    - source: salt://modules/lnmp/files/www.conf

    - user: root

    - group: root

    - mode:

    - require:

      - file: web-www

    - watch_in:

      - service: nginx-service

    - template: jinja

    - defaults:

      PORT:

      IPADDR: {{ grains['fqdn_ip4'][] }}

#phpinfo测试文件准备

web-index:

  file.managed:

    - name: /opt/www/index.php

    - source: salt://modules/lnmp/files/index.php

    - user: www

    - group: www

    - mode:

测试lnmp是否OK

1)Top file编写

[root@salt-master ~]# cat /srv/salt/base/top.sls

prod:

  "salt-minion0[3-4]":

    - modules.lnmp.www

2)执行高级状态

[root@salt-master ~]# salt '*' state.highstate

3)访问测试

haproxy

1)配置文件准备

[root@salt-master ~]# cd /srv/salt/prod/modules/haproxy/

[root@salt-master haproxy]# tree

.

├── files

│   └── haproxy.cfg

├── install.sls

└── service.sls

 directory,  files

2)install.sls

[root@salt-master haproxy]# cat install.sls

haproxy-install:

  pkg.installed:

    - name: haproxy

3)service.sls

[root@salt-master haproxy]# cat service.sls

#引入haproxy安装的sls

include:

  - modules.haproxy.install

#配置文件

haproxy-config:

  file.managed:

    - name: /etc/haproxy/haproxy.cfg

    - source: salt://modules/haproxy/files/haproxy.cfg

    - user: root

    - group: root

    - mode:

    - require:

      - pkg: haproxy-install

#启动haproxy

haproxy-service:

  service.running:

    - name: haproxy

    - enable: True

    - require:

      - pkg: haproxy-install

      - file: haproxy-config

    - watch:

      - file: haproxy-config

keepalived

1)配置文件准备

[root@salt-master ~]# cd /srv/salt/prod/modules/keepalived/

[root@salt-master keepalived]# tree

.

├── files

│   └── keepalived.conf

├── install.sls

└── service.sls

 directory,  files

2)install.sls

[root@salt-master keepalived]# cat install.sls

keepalived-install:

  pkg.installed:

    - name: keepalived

3)service.sls

[root@salt-master keepalived]# cat service.sls

#引入keepalived安装的sls

include:

  - modules.keepalived.install

#keepalived配置文件

keepalived-config:

  file.managed:

    - name: /etc/keepalived/keepalived.conf

    - source: salt://modules/keepalived/files/keepalived.conf

    - user: root

    - group: root

    - mode:

    - require:

      - pkg: keepalived-install

    - template: jinja

    - defaults:

{% if grains['fqdn'] == "salt-minion01" %}

      ROUTER_ID: saltstack01

      STATE: MASTER

      PRIORITY:

{% elif grains['fqdn'] == "salt-minion02" %}

      ROUTER_ID: saltstack02

      STATE: BACKUP

      PRIORITY:

{% endif %}

#启动keepalived

keepalived-service:

  service.running:

    - name: keepalived

    - enable: True

    - require:

      - pkg: keepalived-install

      - file: keepalived-config

    - watch:

      - file: keepalived-config

整体部署

1)top file 编写

[root@salt-master ~]# cat /srv/salt/base/top.sls

prod:

  "salt-minion0[3-4]":

    - modules.lnmp.www

  "salt-minion0[1-2]":

    - modules.haproxy.service

    - modules.keepalived.service

2)高级状态执行

[root@salt-master ~]# salt '*' state.highstate

3)测试

访问192.168.1.31192.168.1.32的状态页

访问VIP192.168.1.100

通过上面测试可看到可以成功访问lnmp站点,并且haproxyok。访问所有四台服务器都可以得到phpinfo页面,而在生产环境中,我们只是对外提供vip即可。

项目总结

1)整体环境查看

[root@salt-master ~]# tree /srv/salt/prod/modules/

/srv/salt/prod/modules/

├── haproxy

│   ├── files

│   │   └── haproxy.cfg

│   ├── install.sls

│   └── service.sls

├── keepalived

│   ├── files

│   │   └── keepalived.conf

│   ├── install.sls

│   └── service.sls

├── lnmp

│   ├── files

│   │   ├── index.php

│   │   └── www.conf

│   └── www.sls

├── mysql

│   ├── files

│   │   └── my.cnf

│   ├── install.sls

│   └── service.sls

├── nginx

│   ├── files

│   │   ├── nginx-1.12..tar.gz

│   │   ├── nginx-1.16..tar.gz

│   │   ├── nginx.conf.template

│   │   └── nginx.service.template

│   ├── install.sls

│   └── service.sls

├── php

│   ├── files

│   │   ├── php-5.6..tar.gz

│   │   ├── php-fpm.conf.template

│   │   ├── php-fpm.service.template

│   │   ├── php-fpm.template

│   │   └── php.ini.template

│   ├── install.sls

│   └── service.sls

├── pkg.sls

└── user

    └── www.sls

 directories,  files

2)如果需要在某台服务器上面单独部署某一部分,参考以下写法:

[root@salt-master ~]# cat /srv/salt/base/top.sls

#部署lnmp及haproxy+keepalived

prod:

  "salt-minion0[3-4]":

    - modules.lnmp.www

  "salt-minion0[1-2]":

    - modules.haproxy.service

    - modules.keepalived.service

#单实例操作说明:

prod:

  "salt-minion04":

    - modules.nginx.service    #单独安装nginx时

    - modules.mysql.service     #单独安装mysql时

    - modules.php.service       #单独安装php时

    - modules.keepalived.service  #单独安装keepalived时

    - modules.haproxy.service   #单独安装haproxy时

  "salt-minion03":

    - modules.lnmp.www     #单独部署lnmp环境时

如需配置文件模板及软件包联系我

SaltStack--项目实战的更多相关文章

  1. SaltStack项目实战(六)

    SaltStack项目实战 系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) vim /etc/salt/master 修改file_roots file_r ...

  2. SaltStack项目实战(二)

    架构图: 配置思路 (1).系统初始化 Base环境下存放所有系统都要执行的状态,调整内核参数,dns,装zabbix-agent等 (2).功能模块(如:上面的haproxy) 如上面的haprox ...

  3. SaltStack项目实战(一)

      系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) ? 1 2 3 4 5 6 7 8 9 10 vim /etc/salt/master 修改file_r ...

  4. SaltStack项目实战(七)

    上文 http://www.cnblogs.com/shhnwangjian/p/6027992.html 四.memcached 1)创建www用户 mkdir -p /srv/salt/prod/ ...

  5. Asp.Net Core 项目实战之权限管理系统(4) 依赖注入、仓储、服务的多项目分层实现

    0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...

  6. 给缺少Python项目实战经验的人

    我们在学习过程中最容易犯的一个错误就是:看的多动手的少,特别是对于一些项目的开发学习就更少了! 没有一个完整的项目开发过程,是不会对整个开发流程以及理论知识有牢固的认知的,对于怎样将所学的理论知识应用 ...

  7. 【腾讯Bugly干货分享】React Native项目实战总结

    本文来自于腾讯bugly开发者社区,非经作者同意,请勿转载,原文地址:http://dev.qq.com/topic/577e16a7640ad7b4682c64a7 “8小时内拼工作,8小时外拼成长 ...

  8. Asp.Net Core 项目实战之权限管理系统(0) 无中生有

    0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...

  9. Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端

    0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...

  10. Asp.Net Core 项目实战之权限管理系统(2) 功能及实体设计

    0 Asp.Net Core 项目实战之权限管理系统(0) 无中生有 1 Asp.Net Core 项目实战之权限管理系统(1) 使用AdminLTE搭建前端 2 Asp.Net Core 项目实战之 ...

随机推荐

  1. 编码格式检测chardet模块

    chardet模块: -->检测编码格式 未知编码的bytes,要把它转换成str,就需要知道该bytes的编码方式 #1.直接检测bytes >>> chardet.dete ...

  2. sql语句之union与join的区别

    union查询: 使用 union 可以将多个select语句的查询结果组合起来. 语法: select 字段1,字段2 from table1 union select 字段1,字段2 from t ...

  3. Cookie、token、session的区别是什么?

    背景: 最近在总结一些容易理解混淆的概念,之前面试的时候提到过,我觉得也说不清楚,这两天项目做接口测试发现用的cookie而不是之前的token,于是总结一下,便于以后用到的时候再阅读以及分享给需要的 ...

  4. HttpClient爬取网站及图片

    1.什么是HttpClient? HttpClient 是 Apache Jakarta Common 下的子项目,用来提供高效的.最新的.功能丰富的支持 HTTP 协议的客户端编程工具包,并且它支持 ...

  5. Leetcode 1254. 统计封闭岛屿的数目

    题目: 有一个二维矩阵 grid ,每个位置要么是陆地(记号为 0 )要么是水域(记号为 1 ). 我们从一块陆地出发,每次可以往上下左右 4 个方向相邻区域走,能走到的所有陆地区域,我们将其称为一座 ...

  6. 【Activiti学习之七】BPMN子流程、顺序流、流程关口

    环境 JDK 1.8 MySQL 5.6 Tomcat 7 Eclipse-Luna activiti 6.0 一.子流程 1.嵌入子流程2.调用子流程3.事件子流程4.事务子流程 二.顺序流1.条件 ...

  7. JavaScript 一些实用技巧

    快速创建从0到n的数字 let arr1 = [...(new Array(n)).keys()]; let arr2 = Array.from({length:n},(v, k) => k); ...

  8. ArcSOC进程数不断增长导致oracle processes溢出原因分析

    现场出现了一个问题,oracle运行一段时间之后,process个数会溢出,然后新的连接会失败.通过分析,发现Arcgis Server 的ArcSOC进程在不段增长.ArcSOC是arcgis se ...

  9. wraps补充

    ''' wraps: (了解) 是一个修复工具,修复的是被装饰对象的空间. from functools import wraps ''' from functools import wraps de ...

  10. AtCoder-arc059 (题解)

    A - いっしょ / Be Together (结论/暴力) 题目链接 题目大意: 有 \(n\) 个数字,要将它们变成相等,对每一个数字最多操作一次,如将 \(a \to b\) 的代价为 \((a ...