Salt基礎安裝配置
阿新 • • 發佈:2018-11-20
一、Salt介紹
1、簡介
一個配置管理系統,能夠維護預定義狀態的遠端節點(比如,確保指定的報被安裝,指定的服務在執行)
一個分散式遠端執行系統,用來在遠端節點(可以是單個節點,也可以是任意規則挑選出來的節點)上執行命令和查詢資料
我們可以通過官網檢視它的具體資訊
2、並行執行
使命令傳送到遠端系統是並行的而不是序列的
使用安全加密的協議
使用最小最快的網路載荷
提供簡單的程式設計介面
二、實驗環境
1、安裝說明
下載地址:https://repo.saltstack.com/yum/redhat/6.5/x86_64/2016.11/
百度網盤連結: https://pan.baidu.com/s/1G_BUi4bJQ6TbhV0MYGm1GA 密碼: 8vrx
| 主機名 | IP | 作業系統 | 安裝軟體 |
|---|---|---|---|
| server1(Master) | 10.10.10.1 | rhel6.5 | salt-master |
| server2(minion) | 10.10.10.2 | rhel6.5 | salt-minion |
| server3(minion) | 10.10.10.3 | rhel6.5 | salt-minion |
2、Host解析(3臺)
[[email protected] ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.10.1 server1
10.10.10.2 server2
10.10.10.3 server3 三、yum源搭建
SaltStack本地安裝需要配置yum源!!!
1、依賴安裝
[root@server1 ~]# yum install -y httpd createrepo
[root@server1 ~]# ls ###從網盤中把目錄下載下來
salt
[root@server1 ~]# mv salt/ /var/www/html/
[root@server1 ~]# createrepo /var/www/html/salt/
[root@server1 ~]# /etc/init.d/httpd restart
[root@server1 ~]# chkconfig httpd on2、配置salt.repo
[root@server1 ~]# vim /etc/yum.repos.d/salt.repo
[salt]
name=salt
baseurl=http://10.10.10.1/salt
gpgcheck=0
[root@server1 ~]# yum clean all
[root@server1 ~]# yum repolist
3、傳送到server2和server3
[root@server1 ~]# scp /etc/yum.repos.d/salt.repo [email protected]:/etc/yum.repos.d/
[root@server1 ~]# scp /etc/yum.repos.d/salt.repo [email protected]:/etc/yum.repos.d/四、安裝Salt
1、安裝salt-master
[root@server1 ~]# yum install -y salt-master
root@server1 ~]# /etc/init.d/salt-master restart2、安裝salt-salt-minion(server2、3)
[root@server2 ~]# yum install -y salt-minion
[root@server2 ~]# /etc/init.d/salt-minion restart3、配置minion(server2、server3)
[root@server2 ~]# vim /etc/salt/minion
4、註冊節點
(1)未配置minion
[root@server1 ~]# salt-key --list-all
[root@server1 ~]# salt-key -L
(2)配置minion後
[root@server1 salt]# salt-key -L
[root@server1 salt]# salt-key -A ###允許所有節點註冊
[root@server1 salt]# salt '*' test.ping
server2:
True
server3:
True
5、檢視Master生成公鑰
(1)檢視Master公鑰
[root@server1 ~]# cd /etc/salt/pki/master
[root@server1 master]# md5sum master.pub
6f2a1f578ca3b25abf45c9febe670371 master.pub(2)檢視Master傳送到minion的公鑰
[root@server2 ~]# cd /etc/salt/pki/minion
[root@server2 minion]# md5sum minion_master.pub
6f2a1f578ca3b25abf45c9febe670371 minion_master.pub6、檢視minion生成公鑰
(1)檢視minion傳送給Master的公鑰
[root@server1 ~]# cd /etc/salt/pki/master/minions
[root@server1 minions]# md5sum server2
d4c1714d304a8a44e9a362effa239106 server2
[root@server1 minions]# md5sum server3
3a682c835a9b87a12b572a4d732b645e server3(2)檢視minion公鑰
[root@server2 ~]# cd /etc/salt/pki/minion
[root@server2 minion]# md5sum minion.pub
d4c1714d304a8a44e9a362effa239106 minion.pub
[root@server3 ~]# cd /etc/salt/pki/minion
[root@server3 minion]# md5sum minion.pub
3a682c835a9b87a12b572a4d732b645e minion.pub從中我們看出,驗證是雙向驗證!!!
7、檢視埠(Master)
4505埠功能:傳送資料到minion
4506埠功能:接受minion傳送的資料
[root@server1 ~]# netstat -lntup
五、部署httpd服務
注意:install.sls配置檔案中上下級,下級多敲2個空格,冒號後面也需要空格!!!
1、配置Master目錄
[root@server1 ~]# vim /etc/salt/master
[root@server1 ~]# /etc/init.d/salt-master restart
[root@server1 ~]# mkdir /srv/salt2、配置install.sls
[root@server1 ~]# mkdir /srv/salt/apache
[root@server1 ~]# cd /srv/salt/apache/
[root@server1 apache]# vim install.sls ###apache-install這個名字可以自定義
apache-install:
pkg.installed:
- pkgs:
- httpd3、檢視能否推送成功
apache代表/srv/salt下面的名字,install即為install.sls!!!
[root@server1 apache]# salt server2 state.sls apache.install test=true
4、推送
安裝到server2中!!!
[root@server1 apache]# salt server2 state.sls apache.install
5、檢視結果
[root@server2 ~]# rpm -qa httpd
httpd-2.2.15-29.el6_4.x86_646、配置自動執行
[[email protected] apache]# vim /srv/salt/apache/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: true7、推送
[root@server1 apache]# salt server2 state.sls apache.install
[root@server2 ~]# /etc/init.d/httpd status ###可以發現推送過去httpd就運行了
httpd (pid 2626) is running...8、推送httpd配置檔案
(1)拉取server2配置檔案
[root@server1 ~]# cd /srv/salt/apache
[root@server1 apache]# mkdir files
[root@server1 apache]# scp [email protected]:/etc/httpd/conf/httpd.conf /srv/salt/apache/files
[root@server1 apache]# sed -i 's#Listen 80#Listen 8080#g' /srv/salt/apache/files/httpd.conf(2)配置install.sls
name:推送到minion的目錄,source本地所在目錄!!!
第一種方法:
[[email protected] apache]# vim /srv/salt/apache/install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: apache-install
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644第二種方法:
[[email protected] apache]# vim /srv/salt/apache/install.sls
httpd:
pkg.installed
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
httpd-running:
service.running:
- name: httpd
- enable: true
- reload: true
- watch:
- file: /etc/httpd/conf/httpd.conf(3)推送檢視結果
[root@server1 apache]# salt server2 state.sls apache.install
[root@server2 ~]# netstat -lntup|grep httpd ###可以發現配置自動更新載入
tcp 0 0 :::8080 :::* LISTEN 1798/httpd
[root@server2 ~]# grep 8080 /etc/httpd/conf/httpd.conf
Listen 8080
六、原始碼編譯安裝Nginx
1、建立安裝檔案
[root@server1 ~]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[root@server1 ~]# mkdir -p /srv/salt/nginx/files
[root@server1 ~]# mv nginx-1.14.0.tar.gz /srv/salt/nginx/files2、配置檔案
unless:選項指向的命令返回false時才執行name指向的命
[[email protected] ~]# cd /srv/salt/nginx
[[email protected] nginx]# vim install.sls
include:
- nginx.make
nginx-install:
file.managed:
- name: /root/nginx-1.14.0.tar.gz
- unless: test -e /root/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- cwd: /root
- name: tar xf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i 's#"nginx/" NGINX_VERSION#"nginx"#g' src/core/nginx.h && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module &> /dev/null && make &>/dev/null && make install &>/dev/null && ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
- creates: /usr/local/nginx
[[email protected] nginx]# vim make.sls ###編譯安裝nginx的依賴包
nginx-make:
pkg.installed:
- pkgs:
- gcc
- openssl-devel
- pcre-devel3、推送檢視結果
[root@server1 nginx]# salt server3 state.sls nginx.install
[root@server3 ~]# ls
nginx-1.14.0 nginx-1.14.0.tar.gz
[root@server3 ~]# ls /usr/local/nginx/
conf html logs sbin4、優化部署
上面的部署只是實現了nginx的安裝,不夠方便,沒有實現服務的啟動和配置檔案的推送等功能,下面進行優化!!!
(1)環境準備
[root@server1 nginx]# pwd
/srv/salt/nginx
[root@server1 nginx]# mkdir conf
[root@server1 nginx]# scp [email protected]:/usr/local/nginx/conf/nginx.conf conf/
[root@server1 nginx]# vim user.sls ###建立使用者,nginx為建立的使用者名稱
nginx:
user.present:
- uid: 800
- shell: /sbin/nologin(2)修改Nginx配置檔案
[root@server1 nginx]# vim /srv/salt/nginx/conf/nginx.conf
(3)配置Nginx啟動檔案
[[email protected] nginx]# vim /srv/salt/nginx/files/nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# config: /usr/local/nginx/conf/nginx.conf
# pidfile: /usr/local/nginx/logs/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
lockfile="/var/lock/subsys/nginx"
pidfile="/usr/local/nginx/logs/${prog}.pid"
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $pidfile $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest_q || return 6
stop
start
}
reload() {
configtest_q || return 6
echo -n $"Reloading $prog: "
killproc -p $pidfile $prog -HUP
echo
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
configtest_q() {
$nginx -t -q -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
# Upgrade the binary with no downtime.
upgrade() {
local oldbin_pidfile="${pidfile}.oldbin"
configtest_q || return 6
echo -n $"Upgrading $prog: "
killproc -p $pidfile $prog -USR2
retval=$?
sleep 1
if [[ -f ${oldbin_pidfile} && -f ${pidfile} ]]; then
killproc -p $oldbin_pidfile $prog -QUIT
success $"$prog online upgrade"
echo
return 0
else
failure $"$prog online upgrade"
echo
return 1
fi
}
# Tell nginx to reopen logs
reopen_logs() {
configtest_q || return 6
echo -n $"Reopening $prog logs: "
killproc -p $pidfile $prog -USR1
retval=$?
echo
return $retval
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest|reopen_logs)
$1
;;
force-reload|upgrade)
rh_status_q || exit 7
upgrade
;;
reload)
rh_status_q || exit 7
$1
;;
status|status_q)
rh_$1
;;
condrestart|try-restart)
rh_status_q || exit 7
restart
;;
*)
echo $"Usage: $0 {start|stop|reload|configtest|status|force-reload|upgrade|restart|reopen_logs}"
exit 2
esac(4)配置service.sls
include:
- nginx.install
- nginx.user
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/init.d/nginx
- source: salt://nginx/files/nginx
- mode: 755
service.running:
- name: nginx
- enable: true
- reload: true
- watch:
- file: /usr/local/nginx/conf/nginx.conf
- require:
- user: nginx(5)推送檢視結果
[root@server1 nginx]# salt server3 state.sls nginx.service
[root@server3 ~]# /etc/init.d/nginx status
[root@server3 ~]# ps -ef|grep nginx
[root@server3 ~]# netstat -lntup|grep nginx
(6)檢視檔案結構
[[email protected] ~]# yum install -y tree
[[email protected] ~]# tree /srv/salt/nginx/
/srv/salt/nginx/
|-- conf
| `-- nginx.conf
|-- files
| |-- nginx
| `-- nginx-1.14.0.tar.gz
|-- install.sls
|-- make.sls
|-- service.sls
`-- user.sls5、同時部署Apache、Nginx
通過top.sls可以實現同時部署,並且分配給不同的機器!!!
參考官網連結:https://docs.saltstack.cn/topics/tutorials/states_pt1.html#preparing-the-top-file
[root@server1 ~]# vim /srv/salt/top.sls ###注意名字只能為top.sls
base:
'server2':
- apache.install
'server3':
- nginx.service
[root@server1 ~]# salt '*' state.highstate top.sls