- 先使用saltstack實(shí)現(xiàn)一些功能
- 查詢(xún)資料去了解stackstack
- 相關(guān)拓展
使用saltstack實(shí)現(xiàn)簡(jiǎn)單部署nginx步脓,apache
環(huán)境:rhel6.5
server1:172.25.4.1 master 端
server2:172.25.4.2 minion端
server3:172.25.4.3 minion端
由于我們需要使用很多軟件包及其相關(guān)依賴(lài)軟件包,我們需要構(gòu)建一個(gè)yum源倉(cāng)庫(kù)顷窒,并且在每臺(tái)虛擬你的repo文件里添加常挚。
由于使用別人已經(jīng)生成好的yum倉(cāng)庫(kù)文件作谭,導(dǎo)致在虛擬機(jī)里yum repolist的時(shí)候或出現(xiàn)403錯(cuò)誤,我的解決方法是直接設(shè)置該目錄遞歸的777權(quán)限
了解yum的工作原理我們知道奄毡,使用createrepo -v 命令可以生成一個(gè)yum倉(cāng)庫(kù)折欠。
除此之外,我們還需要使主機(jī)和虛擬機(jī)的防火墻和selinux不得生效
最后將這個(gè)文件發(fā)送到server2和server3中使得server2和3都可以使用這個(gè)yum倉(cāng)庫(kù)。
在server1端安裝salt-master在server2和3端安裝salt-minion并且進(jìn)行簡(jiǎn)單的配置
server1
server2和server3都需要修改配置文件
server2
server3
當(dāng)配置完成后進(jìn)行幾個(gè)簡(jiǎn)單幾個(gè)小測(cè)試
在master端掃描查找minon端并相互接受公鑰
測(cè)試
[root@server1 ~]# yum install lsof -y
我們發(fā)現(xiàn)master4505端口和minion端是長(zhǎng)連接
簡(jiǎn)單的測(cè)試已經(jīng)完成
升級(jí)版本:使用saltstack進(jìn)行遠(yuǎn)程安裝軟件和啟動(dòng)軟件锐秦,配置軟件咪奖。
由于我們需要使用yaml標(biāo)記語(yǔ)言,這個(gè)語(yǔ)言依賴(lài)python所以在master端需要安裝python相關(guān)的包酱床。
server1上安裝
[root@server1 ~]# yum install python-setproctitle -y
修改master端的配置文件使得它支持這個(gè)功能羊赵,修改之后重新啟動(dòng)服務(wù)
在server2上遠(yuǎn)程安裝mysql
在server3上遠(yuǎn)程安裝mysql-server
第一次嘗試
修改install.sls文件后第二次嘗試
實(shí)驗(yàn)結(jié)果
mysql-server:
pkg.installed
mysql:
service.running:
- name: mysqld
- enable: True
我們觀察這個(gè)文件:
mysql-server是要安裝軟件的名稱(chēng),然后我們調(diào)用pkgs的installed方法
而第二個(gè)冒號(hào)mysql是我們隨意可以命名的扇谣,在這個(gè)下面我們調(diào)用了service的running方法昧捷,我們還需要設(shè)置要啟動(dòng)服務(wù)的名稱(chēng),設(shè)置開(kāi)機(jī)自啟動(dòng)
遠(yuǎn)程修改mysqld的配置文件
查看結(jié)果揍堕,需要重新啟動(dòng)服務(wù)
mysql-server:
pkg.installed
mysql:
service.running:
- name: mysqld
- enable: True
/etc/my.cnf:
file.managed:
- source: salt://mysql/files/my.cnf
- mode: 644
- user: root
- group: root
我們給這個(gè)文件用戶(hù)料身,用戶(hù)組并且設(shè)置權(quán)限
這個(gè)腳本有個(gè)問(wèn)題就是需要重新啟動(dòng)服務(wù)才能生效
mysql-install:
pkg.installed:
- pkgs:
- mysql-server
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
- mode: 644
- user: root
- group: root
service.running:
- name: mysqld
- enabed: True
- watch:
- file: mysql-install
這個(gè)腳本解決了那個(gè)問(wèn)題,監(jiān)控mysql-install里的文件衩茸,當(dāng)minion端mysqld服務(wù)運(yùn)行時(shí)芹血,minion端文件發(fā)生變化,這個(gè)服務(wù)就會(huì)重載楞慈,如果服務(wù)處于停止?fàn)顟B(tài)就會(huì)開(kāi)啟服務(wù)
可以查看運(yùn)行結(jié)果發(fā)現(xiàn)同樣的running方法執(zhí)行的效果是不一樣的
使用saltstack部署一個(gè)集群并且實(shí)現(xiàn)負(fù)載均衡
看這個(gè)結(jié)構(gòu)幔烛,當(dāng)這個(gè)架構(gòu)搭建起來(lái)后,我們僅僅需要推一個(gè)top.sls文件就可以實(shí)現(xiàn)部署一個(gè)負(fù)載均衡集群了囊蓝。我們逐個(gè)分析饿悬。
1、首先看top.sls文件聚霜。
[root@server1 salt]# cat top.sls
base:
"sever1":
- haproxy.service
"sever2":
- apache.service
"sever3":
- nginx.service
分別在server1上部署了haproxy狡恬,server2上部署了apache,server3上部署了nginx
2蝎宇、查看pkgs下的make.sls文件
[root@server1 pkgs]# cat make.sls
gcc-make:
pkg.installed:
- pkgs:
- gcc
- pcre-devel
- openssl-devel
我們可以發(fā)現(xiàn)這個(gè)文件實(shí)現(xiàn)了安裝之前的一些準(zhǔn)備
3弟劲、apache部分
[root@server1 apache]# cat install.sls
apache-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- mode: 644
- user: root
- group: root
[root@server1 apache]# cat service.sls
include:
- apache.install
apache-service:
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-install
[root@server1 apache]# cd files/
[root@server1 files]# ls
httpd.conf
和之前我們?cè)谝慌_(tái)主機(jī)上安裝mysql一樣,apache部分完成了httpd的安裝姥芥,以及服務(wù)的運(yùn)行兔乞,以及當(dāng)配置文件修改時(shí),服務(wù)的重載凉唐。
4庸追、nginx部分
[root@server1 nginx]# cat install.sls
include:
- pkgs.make
nginx-install:
file.managed:
- name: /mnt/nginx-1.14.0.tar.gz
- source: salt://nginx/files/nginx-1.14.0.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
- creates: /usr/local/nginx
install.sls文件實(shí)現(xiàn)了遠(yuǎn)程發(fā)送源碼包,并且控制編譯台囱,安裝.
[root@server1 nginx]# cat service.sls
include:
- nginx.install
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
/etc/init.d/nginx:
file.managed:
- source: salt://nginx/files/nginx
- mode: 755
nginx:
service.running:
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
service.sls文件實(shí)現(xiàn)了服務(wù)的運(yùn)行淡溯,運(yùn)行腳本的設(shè)置,配置文件的推送以及監(jiān)控
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx nginx-1.14.0.tar.gz nginx.conf
[root@server1 files]#
推送三個(gè)文件簿训,源碼安裝包血筑,配置文件绘沉,以及運(yùn)行腳本
5煎楣、haproxy部分
[root@server1 haproxy]# cat install.sls
include:
- pkgs.make
haproxy-install:
file.managed:
- name: /mnt/haproxy-1.6.11.tar.gz
- source: salt://haproxy/files/haproxy-1.6.11.tar.gz
cmd.run:
- name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd .. && rm -fr haproxy-1.6.11
- creates: /usr/local/haproxy
/etc/haproxy:
file.directory:
- mode: 755
/usr/sbin/haproxy:
file.symlink:
- target: /usr/local/haproxy/sbin/haproxy
haproxy的安裝
[root@server1 haproxy]# cat service.sls
include:
- haproxy.install
- users.haproxy
/etc/haproxy/haproxy.cfg:
file.managed:
- source: salt://haproxy/files/haproxy.cfg
haproxy-service:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- mode: 755
service.running:
- name: haproxy
- reload: True
- watch:
- file: /etc/haproxy/haproxy.cfg
haproxy的安裝豺总,用戶(hù)的創(chuàng)建,配置文件的推送择懂,監(jiān)控喻喳,服務(wù)的運(yùn)行,腳本的推送困曙,服務(wù)的運(yùn)行
[root@server1 haproxy]# cd files/
[root@server1 files]# ls
haproxy-1.6.11.tar.gz haproxy.cfg haproxy.init
要推送的文件
[root@server1 users]# ls
haproxy.sls
[root@server1 users]# cat haproxy.sls
haproxy-group:
group.present:
- name: haproxy
- gid: 200
haproxy-user:
user.present:
- name: haproxy
- uid: 200
- gid: 200
- shell: /sbin/nologin
- home: /usr/local/haproxy
- createhome: False
組的創(chuàng)建表伦,用戶(hù)的創(chuàng)建
我們需要在server1上也安裝salt-minion并且1與server1上的salt-master相互認(rèn)證
[root@server1 files]# salt '*' state.highstate
server1:
----------
ID: gcc-make
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:05.704218
Duration: 467.83 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /mnt/haproxy-1.6.11.tar.gz
Result: True
Comment: File /mnt/haproxy-1.6.11.tar.gz is in the correct state
Started: 17:10:06.174853
Duration: 88.401 ms
Changes:
----------
ID: haproxy-install
Function: cmd.run
Name: cd /mnt && tar zxf haproxy-1.6.11.tar.gz && cd haproxy-1.6.11 && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy &> /dev/null && make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 PREFIX=/usr/local/haproxy install && cd .. && rm -fr haproxy-1.6.11
Result: True
Comment: /usr/local/haproxy exists
Started: 17:10:06.264156
Duration: 0.465 ms
Changes:
----------
ID: /etc/haproxy
Function: file.directory
Result: True
Comment: Directory /etc/haproxy is in the correct state
Started: 17:10:06.264730
Duration: 0.569 ms
Changes:
----------
ID: /usr/sbin/haproxy
Function: file.symlink
Result: True
Comment: Symlink /usr/sbin/haproxy is present and owned by root:root
Started: 17:10:06.265401
Duration: 1.69 ms
Changes:
----------
ID: haproxy-group
Function: group.present
Name: haproxy
Result: True
Comment: Group haproxy is present and up to date
Started: 17:10:06.267571
Duration: 0.452 ms
Changes:
----------
ID: haproxy-user
Function: user.present
Name: haproxy
Result: True
Comment: User haproxy is present and up to date
Started: 17:10:06.268769
Duration: 1.034 ms
Changes:
----------
ID: /etc/haproxy/haproxy.cfg
Function: file.managed
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 17:10:06.269919
Duration: 41.829 ms
Changes:
----------
ID: haproxy-service
Function: file.managed
Name: /etc/init.d/haproxy
Result: True
Comment: File /etc/init.d/haproxy is in the correct state
Started: 17:10:06.311892
Duration: 40.758 ms
Changes:
----------
ID: haproxy-service
Function: service.running
Name: haproxy
Result: True
Comment: The service haproxy is already running
Started: 17:10:06.353689
Duration: 40.86 ms
Changes:
Summary for server1
-------------
Succeeded: 10
Failed: 0
-------------
Total states run: 10
Total run time: 683.888 ms
server3:
----------
ID: gcc-make
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:06.144686
Duration: 772.717 ms
Changes:
----------
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.14.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.14.0.tar.gz is in the correct state
Started: 17:10:06.921598
Duration: 121.84 ms
Changes:
----------
ID: nginx-install
Function: cmd.run
Name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-threads --with-file-aio --with-http_stub_status_module &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.14.0
Result: True
Comment: /usr/local/nginx exists
Started: 17:10:07.045073
Duration: 0.929 ms
Changes:
----------
ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
Result: True
Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
Started: 17:10:07.046247
Duration: 48.099 ms
Changes:
----------
ID: /etc/init.d/nginx
Function: file.managed
Result: True
Comment: File /etc/init.d/nginx is in the correct state
Started: 17:10:07.094576
Duration: 33.84 ms
Changes:
----------
ID: nginx
Function: service.running
Result: True
Comment: The service nginx is already running
Started: 17:10:07.129652
Duration: 44.447 ms
Changes:
Summary for server3
------------
Succeeded: 6
Failed: 0
------------
Total states run: 6
Total run time: 1.022 s
server2:
----------
ID: apache-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 17:10:05.941277
Duration: 693.077 ms
Changes:
----------
ID: apache-install
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:10:06.637655
Duration: 68.213 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 8080
+Listen 80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 17:10:06.742833
Duration: 207.852 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
Total run time: 969.142 ms
我們?cè)趕erver2上的httpd發(fā)布頁(yè)面,和server3上的nginx的發(fā)布頁(yè)面設(shè)置發(fā)布頁(yè)
真機(jī)上測(cè)試:
我們完成了一個(gè)負(fù)載均衡集群的部署
關(guān)于grains
[root@server1 salt]# salt server2 grains.items
server2:
----------
SSDs:
biosreleasedate:
01/01/2011
biosversion:
Bochs
cpu_flags:
- fpu
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pse36
- clflush
- mmx
- fxsr
- sse
- sse2
- syscall
- nx
- lm
- up
- rep_good
- unfair_spinlock
- pni
- cx16
- hypervisor
- lahf_lm
- abm
cpu_model:
QEMU Virtual CPU version 1.5.3
cpuarch:
x86_64
disks:
- ram0
- ram1
- ram2
- ram3
- ram4
- ram5
- ram6
- ram7
- ram8
- ram9
- ram10
- ram11
- ram12
- ram13
- ram14
- ram15
- loop0
- loop1
- loop2
- loop3
- loop4
- loop5
- loop6
- loop7
- vda
- dm-0
- dm-1
dns:
----------
domain:
ip4_nameservers:
ip6_nameservers:
nameservers:
options:
search:
- server1
sortlist:
domain:
fqdn:
server2
fqdn_ip4:
- 172.25.4.2
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
Device 0100
vendor:
unknown
groupname:
root
host:
server2
hwaddr_interfaces:
----------
eth0:
52:54:00:87:64:90
lo:
00:00:00:00:00:00
id:
server2
init:
upstart
ip4_interfaces:
----------
eth0:
- 172.25.4.2
lo:
- 127.0.0.1
ip6_interfaces:
----------
eth0:
- fe80::5054:ff:fe87:6490
lo:
- ::1
ip_interfaces:
----------
eth0:
- 172.25.4.2
- fe80::5054:ff:fe87:6490
lo:
- 127.0.0.1
- ::1
ipv4:
- 127.0.0.1
- 172.25.4.2
ipv6:
- ::1
- fe80::5054:ff:fe87:6490
kernel:
Linux
kernelrelease:
2.6.32-431.el6.x86_64
locale_info:
----------
defaultencoding:
UTF8
defaultlanguage:
en_US
detectedencoding:
UTF8
localhost:
server2
manufacturer:
Red Hat
master:
172.25.4.1
mdadm:
mem_total:
996
nodename:
server2
num_cpus:
1
num_gpus:
1
os:
RedHat
os_family:
RedHat
osarch:
x86_64
oscodename:
Santiago
osfinger:
Red Hat Enterprise Linux Server-6
osfullname:
Red Hat Enterprise Linux Server
osmajorrelease:
6
osrelease:
6.5
osrelease_info:
- 6
- 5
path:
/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
pid:
1332
productname:
KVM
ps:
ps -efH
pythonexecutable:
/usr/bin/python2.6
pythonpath:
- /usr/bin
- /usr/lib64/python26.zip
- /usr/lib64/python2.6
- /usr/lib64/python2.6/plat-linux2
- /usr/lib64/python2.6/lib-tk
- /usr/lib64/python2.6/lib-old
- /usr/lib64/python2.6/lib-dynload
- /usr/lib64/python2.6/site-packages
- /usr/lib64/python2.6/site-packages/gtk-2.0
- /usr/lib/python2.6/site-packages
pythonversion:
- 2
- 6
- 6
- final
- 0
saltpath:
/usr/lib/python2.6/site-packages/salt
saltversion:
2016.11.3
saltversioninfo:
- 2016
- 11
- 3
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
server_id:
1398511438
shell:
/bin/sh
uid:
0
username:
root
uuid:
8b617290-6a33-4364-90b5-3a64aff9fc96
virtual:
kvm
zmqversion:
4.0.5
使用grains可以查看minion端的主機(jī)的信息
使用匹配去查詢(xún)主機(jī)
pass
