集中化管理平臺saltstack——自動化實現apache的安裝與配置

what-saltstack

1>是一個服務器基礎架構集中化管理平臺,具有配置管理,遠程執行,監控等功能。

2>使用Python開發,部署簡單,主從集中化管理,支持API和自定義模塊.

3>由Master和Minion構成(基於證書驗證)，經過輕量級消息隊列ZeroMQ進行通訊。

how-saltstack

    Saltstack的master端監聽4505與4506端口，4505爲salt的消息發佈系統，4506爲salt客戶端與服務端通訊的端口；

  salt客戶端程序不監聽端口，客戶端啓動後，會主動鏈接master端註冊，而後一直保持該TCP鏈接，master經過這條TCP鏈接對客戶端控制，若是鏈接斷開，master對客戶端就無能爲力了。固然，客戶端若檢查到斷開後會按期的一直鏈接master端的。

安裝saltstack

saltstack源能夠經過epel如今,本機是本身作的yum源

在真機添加一個yum源

[root@foundation88 rhel6]# pwd
/var/www/html/saltstack/rhel6
[root@foundation88 rhel6]# createrepo .   #建立第三方yum源
Spawning worker 0 with 7 pkgs
Spawning worker 1 with 7 pkgs
Spawning worker 2 with 7 pkgs
Spawning worker 3 with 7 pkgs
Workers Finished
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete

server3,server4:

yum 源配置： 

vim /etc/yum.repos.d/rhel-source.repo

[salt]
name=saltstack
baseurl=http://172.25.88.250/saltstack/rhel6
gpgcheck=0

server3

yum install salt-master -y

[root@server3 ~]# ss -ntla
State      Recv-Q Send-Q        Local Address:Port          Peer Address:Port 
LISTEN     0      128                       *:4505   (發送)                  *:*     
LISTEN     0      128                       *:4506   （訂閱）                  *:*

server4

yum install salt-minion -y

[root@server3 ~]#vim /etc/salt/minion master: server3.lalala.com

還須要認證

[root@server3 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server4.lalala.com
Proceed? [n/Y] Y
Key for minion server4.lalala.com accepted..
[root@server3 ~]# salt-key -L
Accepted Keys:
server4.lalala.com
Denied Keys:
Unaccepted Keys:
Rejected Keys:

檢驗

[root@server3 yum.repos.d]# salt server4.lalala.com test.ping
server4.lalala.com:
    True
[root@server3 yum.repos.d]# salt '*' test.ping  #能夠正則匹配
server4.lalala.com:
    True
[root@server3 yum.repos.d]# salt -S 172.25.4.4 test.ping
server4.lalala.com:
    True

能夠指定其餘主機的任何操做。。

[root@server3 ~]# salt server4.lalala.com cmd.run 'df -h'
server4.lalala.com:
    Filesystem                    Size  Used Avail Use% Mounted on
    /dev/mapper/VolGroup-lv_root   19G  1.3G   17G   8% /
    tmpfs                         499M   16K  499M   1% /dev/shm
    /dev/vda1                     485M   33M  427M   8% /boot

[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'cp /etc/passwd /mnt'
[root@server3 yum.repos.d]# salt -S 172.25.88.4 cmd.run 'ls -l /mnt'
server4.lalala.com:
    total 4
    -rw-r--r-- 1 root root 1066 Apr 15 10:15 passwd

關於key

當初始化安裝 minion 啓動服務啓動後

minion端生成一個祕鑰對，併產生一個ID值，minion服務會安裝ID值命名的公鑰發送給 master ,直到接受爲止; 

master認證完畢後，會將minion 端發送來的，以ID值命名的公鑰存放在 /etc/salt/pki/master/minions 目錄中(無擴展名); master認證完畢後，會將自身的公鑰發送給 minion，並存儲爲 /etc/salt/pki/minion/minion_master.pub.

用tree,查看master的目錄樹

[root@server3 salt]# pwd
/etc/salt
[root@server3 salt]# tree
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
|-- pki            #與密碼相關
|   |-- master
|   |   |-- master.pem
|   |   |-- master.pub
|   |   |-- minions
|   |   |   `-- server4.lalala.com    #已添加進來的主機.
|   |   |-- minions_autosign
|   |   |-- minions_denied
|   |   |-- minions_pre
|   |   `-- minions_rejected
|   `-- minion
|-- proxy
|-- proxy.d
`-- roster

被同步主機的目錄

[root@server4 salt]# tree .
.
|-- cloud
|-- cloud.conf.d
|-- cloud.deploy.d
|-- cloud.maps.d
|-- cloud.profiles.d
|-- cloud.providers.d
|-- master
|-- master.d
|-- minion
|-- minion.d
|   `-- _schedule.conf
|-- minion_id
|-- pki
|   |-- master
|   `-- minion
|       |-- minion_master.pub

安裝apache狀態模塊

vim /etc/salt/master

534 file_roots: 
535 base:
536 - /srv/salt

vim /srv/salt/httpd/apache.sls

apache-install: 
  pkg.installed: 
   - name: httpd

檢測與執行

[root@server3 httpd]# salt '' state.sls httpd.apache test=True 

[root@server3 httpd]# salt '' state.sls httpd.apache

server4.lalala.com:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: Package httpd is already installed
     Started: 14:13:13.995696
    Duration: 832.407 ms
     Changes:   

Summary for server4.lalala.com
------------
Succeeded: 1
Failed:    0
------------
Total states run:     1
Total run time: 832.407 ms

推送配置信息,在minion中緩存的位置

[root@server4 httpd]# pwd
/var/cache/salt/minion/files/base/httpd
[root@server4 httpd]# cat apache.sls 
apache-install:
  pkg.installed:
    - name: httpd

配置與應用

實現:

1.服務啓動服務器更改apache文件

2.實現服務器更改配置文件,客戶端觸發更改,而且reload生效

mkdir  /srv/salt/httpd/files

vim apache.sls
apache-install:
  pkg.installed:
    - pkgs:
      - httpd
      - httpd-tools

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://httpd/files/httpd.conf
    - mode: 644
    - user: root
    - group: root
    - require:
      - pkg: apache-install
      - 
apache-service:
  service.running:
   - name: httpd
   - enable: True
   - reload: True
     - watch:   #監控apache配置文件,一修改就reload
     - file: apache-config

配置文件的端口進行更改，同步到client

vim /srv/salt/httpd/files/httpd.conf    改變默認端口
Listen 8080

[root@server3 httpd]# salt '*' state.sls httpd.apache
server4.lalala.com:
----------
          ID: apache-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed
     Started: 11:42:54.769981
    Duration: 445.517 ms
     Changes:   
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf updated
     Started: 11:42:55.217486
    Duration: 45.472 ms
     Changes:   
              ----------
              diff:
                  ---  
                  +++  
                  @@ -133,7 +133,7 @@
                   # prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
                   #
                   #Listen 12.34.56.78:80
                  -Listen 80
                  +Listen 8080

                   #
                   # Dynamic Shared Object (DSO) Support
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service reloaded
     Started: 11:42:55.395103
    Duration: 75.042 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for server4.lalala.com
------------
Succeeded: 3 (changed=2)
Failed:    0
------------
Total states run:     3
Total run time: 566.031 ms

查看文件兩個配置文件的hash,相同

[root@server4 files]# md5sum httpd.conf b7ca7a0e786418ba7b5ad84efac70265  httpd.conf[root@server3 files]# md5sum httpd.conf  b7ca7a0e786418ba7b5ad84efac70265  httpd.conf