saltstack 安裝和基本配置使用

時間 2019-11-05

標籤 saltstack 安裝基本配置使用简体版

原文原文鏈接

環境： rhel6.5 server1master
server2 minion server3 minion
配置yum安裝包：rhel6
[root@server1 ~]# yum install salt-master
[root@server1 ~]# /etc/init.d/salt-master start
[root@server2 ~]# yum install salt-minion
[root@server2 ~]# vim /etc/salt/minion
master: 172.25.135.1
[root@server2 ~]# /etc/init.d/salt-minion start
[root@server1 ~]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
[root@server1 ~]# salt-key -L
Accepted Keys:
server2
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server1 ~]# salt server2 test.ping
server2:
True
[root@server1 ~]# salt server2 cmd.run hostname
server2:
server2
[root@server1 ~]# salt server2 cmd.run df
server2:
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vg_server0-lv_root 18102140 2078072 15104516 13% /
tmpfs 510200 16 510184 1% /dev/shm
/dev/vda1 495844 34532 435712 8% /boot
[root@server1 ~]# salt server2 cmd.run poweroff #測試關機
server2:
[root@server1 ~]# vim /etc/salt/master

[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# ls
[root@server1 salt]# mkdir apache
[root@server1 salt]# cd apache/
[root@server1 apache]# vim install.sls
httpd:
pkg.installed #寫個簡單的http安裝
[root@server1 apache]# salt server2 state.sls apache.install
[root@server1 apache]# mkdir files
[root@server2 ~]# scp /etc/httpd/conf/httpd.conf server1:/srv/salt/apache/files
[root@server1 apache]# cd files/
[root@server1 files]# ls
httpd.conf
[root@server1 files]# vim httpd.conf #簡單修改一下80端口爲8080
[root@server1 apache]# ls
files install.sls
[root@server1 apache]# vim install.sls
apache-install:
pkg.installed:php

pkgs:python
- httpd
- php
- php-mysql
file.managed:mysql
name: /etc/httpd/conf/httpd.conf
source: salt://apache/files/httpd.conf
mode: 644
user: root
group: rootlinux

service.running:nginx
name: httpd
enable: Ture
watch:
- file: apache-install
  [root@server1 apache]# salt server2 state.sls apache.install #server2上apache自動修改端口爲8080
  [root@server1 salt]# mkdir pkgs #自動推送源碼nginx
  [root@server1 salt]# cd pkgs
  [root@server1 pkgs]# vim make.sls
  gcc-make:
  pkg.installed:
pkgs:
- gcc
- pcre-devel
- openssl-devel

[root@server1 pkgs]# ls
make.sls
[root@server1 pkgs]# cd ..
[root@server1 salt]# ls
apache nginx pkgs
[root@server1 salt]# cd nginx/
[root@server1 nginx]# ls
files install.sls
[root@server1 nginx]# vim install.sls
include:web

pkgs.make

nginx-install:
file.managed:sql

name: /mnt/nginx-1.14.0.tar.gz
source: salt://nginx/files/nginx-1.14.0.tar.gzshell

cmd.run:apache
name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CCFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &>/dev/null && make &>/dev/null && make install &>/dev/null && cd .. && rm -fr nginx-1.14.0
creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.install
寫啓動腳本修改一些
[root@server1 nginx]# vim service.sls
include:
- nginx.install

/usr/local/nginx/conf/nginx.conf:
file.managed:vim

source: salt://nginx/files/nginx.conf

/etc/init.d/nginx:
file.managed:

source: salt://nginx/files/nginx
mode: 755

nginx:
service.running:

reload: True
watch:
- file: /usr/local/nginx/conf/nginx.conf
  [root@server1 files]# ls
  nginx nginx-1.14.0.tar.gz nginx.conf #將啓動腳步和配置文件放到nginx中的files文件夾內
  [root@server1 salt]# vim top.sls
  base:
  "server2":
  - apache.service
    "server3":
  - nginx.service
    [root@server1 salt]# salt '*' state.highstate
    負載均衡haproxy
    [root@server1 salt]# yum install salt-minion
    [root@server1 salt]# vim /etc/salt/minion #修改master端口
    [root@server1 salt]# /etc/init.d/salt-minion start
    [root@server1 salt]# salt-key -a server1
    [root@server1 salt]# mkdir haproxy
    [root@server1 salt]# cd haproxy/
    [root@server1 haproxy]# mkdir files
    [root@server1 haproxy]# cd files/
    [root@server1 files]# ls #包和配置文件拷貝過來
    haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
    [root@server1 haproxy]# vim install.sls
    include:
  - pkgs.make

haproxy-install:
file.managed:

name: /mnt/haproxy-1.6.11.tar.gz
source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install
creates: /usr/local/haproxy

/etc/haproxy:
file.directory:

mode: 755

/usr/sbin/haproxy:
file.symlink:

target: /usr/local/haproxy/sbin/haproxy
[root@server1 haproxy]# vim service.sls
include:
- haproxy.install
- users.haproxy

/etc/haproxy/haproxy.cfg:
file.managed:

source: salt://haproxy/files/haproxy.cfg

haproxy-service:
file.managed:

name: /etc/init.d/haproxy
source: salt://haproxy/files/haproxy.init
mode: 755
service.running:
name: haproxy
relpad: True
watch:
- file: /etc/haproxy/haproxy.cfg

[root@server1 salt]# mkdir users
[root@server1 users]# vim haproxy.sls
haproxy-group:
group.present:

name: haproxy
gid: 200

haproxy-user:
user.present:

name: haproxy
uid: 200
gid: 200
shell: /sbin/nologin
home: /usr/local/haproxy
createhome: False
[root@server1 salt]# vim top.sls
base:
"server1":
- haproxy.service
  "server2":
- apache.service
  "server3":
- nginx.service
  [root@server1 haproxy]# ls
  files install.sls service.sls
  [root@server1 haproxy]# cd files/
  [root@server1 files]# ls
  haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
  [root@server1 files]# vim haproxy.cfg #修改配置文件
  
  [root@server1 files]# salt '*' state.highstate #推送完畢，給server2
  和server3發佈目錄寫個測試頁面
  [root@server1 files]# for i in {1..6}; do curl 172.25.135.1; done #測試
  nginx
  apache
  nginx
  apache
  nginx
  apache
  批量主機定義：
  [root@server1 salt]# salt server3 grains.item os
  server3:
  
  os:
  RedHat
  [root@server1 salt]# salt server2 grains.item os
  server2:
  
  os:
  RedHat
  [root@server1 salt]# salt -G 'os:redhat' cmd.run hostname
  server2:
  server2
  server1:
  server1
  server3:
  server3
  [root@server2 ~]# vim /etc/salt/minion
  grains:
  roles:
apache

[root@server2 ~]# /etc/init.d/salt-minion restart
[root@server3 ~]# cd /etc/salt/
[root@server3 salt]# vim grains
roles: nginx
[root@server1 salt]# salt server2 grains.item roles
server2:

roles:
    - apache

[root@server1 salt]# salt server3 grains.item roles
server3:

roles:
    nginx

[root@server1 salt]# vim top.sls
base:
"server1":

haproxy.service
"roles:apache":
match: grain
apache.service
"roles:nginx":
match: grain
nginx.service
[root@server1 salt]# salt '*' state.highstate

[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
#! /usr/bin/env python
def my_grains():
grains = {};
grains['hello'] = 'world'
grains['salt'] = 'stack'
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains
[root@server1 _grains]# salt server2 grains.item hello
server2:

hello:
    world

[root@server1 salt]# cd /etc/salt
[root@server1 salt]# mkdir /srv/pillar/
[root@server1 pillar]# /etc/init.d/salt-master restart
[root@server1 pillar]# mkdir web
[root@server1 pillar]# cd web/
[root@server1 web]# ls
[root@server1 web]# vim install.sls
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3'%}
webserver: nginx
{% endif %}

[root@server1 web]# cd ..
[root@server1 pillar]# ls
web
[root@server1 pillar]# vim top.sls
base:
'*':

web.install
[root@server1 pillar]# salt '*' pillar.items
server2:

webserver:
httpd
server1:

server3:

webserver:
nginx
[root@server1 pillar]# salt '' saltutil.refresh_pillar
server2:
True
server3:
True
server1:
True
[root@server1 pillar]# salt '' pillar.items webserver
server3:

webserver:
nginx
server1:

webserver:
server2:

webserver:
httpd
[root@server1 pillar]# salt -I 'webserver:nginx' test.ping
server3:
True
[root@server1 pillar]# salt -S 172.25.135.0/24 test.ping
server3:
True
server2:
True
server1:
True
金佳模版：
[root@server1 salt]# cd apache/
[root@server1 apache]# vim install.sls
apache-install:
pkg.installed:
pkgs:
- httpd
- php
- php-mysql
file.managed:
name: /etc/httpd/conf/httpd.conf
source: salt://apache/files/httpd.conf
mode: 644
user: root
group: root
template: jinja
context:
port: 80
bind: {{ grains['ipv4'][1] }}
[root@server1 apache]# vim files/httpd.conf #修改監聽端口
Listen {{ bind }}:{{ port }}
[root@server1 apache]# salt server2 state.sls apache.install
拓展模塊：
[root@server1 salt]# mkdir _modules/
[root@server1 _modules]# vim my_disk.py
#! /usr/bin/env python

def df():
cmd = 'df -h'
return salt'cmd.run'

[root@server1 _modules]# salt '*' saltutil.sync_modules
server1:

modules.my_disk
server2:
modules.my_disk
server3:
modules.my_disk
server4:
modules.my_disk
[root@server1 _modules]# salt server2 my_disk.df
server2:
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_server0-lv_root 18G 2.1G 15G 13% /
tmpfs 499M 16K 499M 1% /dev/shm
/dev/vda1 485M 34M 426M 8% /boot
[root@server1 _modules]# vim /etc/salt/master
syndic_master: 172.25.135.4
[root@server1 _modules]# salt-key -d server4
[root@server4 ~]# /etc/init.d/salt-minion stop
[root@server4 ~]# chkconfig salt-minion off
[root@server4 ~]# yum install salt-master
[root@server4 ~]# vim /etc/salt/master
order_masters: True

[root@server4 ~]# /etc/init.d/salt-master start
[root@server4 ~]# salt-key -L
[root@server4 ~]# salt-key -A
[root@server1 _modules]# yum install salt-syndic
[root@server1 _modules]# /etc/init.d/salt-master restart
[root@server1 _modules]# salt-key -L
[root@server1 _modules]# /etc/init.d/salt-syndic start
[root@server4 ~]# salt '' my_disk.df
[root@server4 ~]# salt '' test.ping
salt-ssh 推送
[root@server1 _modules]# yum install salt-ssh
[root@server1 _modules]# vim /etc/salt/roster
server2:
host: 172.25.135.2
user: root
passwd: redhat
server3:
host: 172.25.135.3
user: root
passwd: redhat