前言:
此方案並沒有採用各個功能單獨安裝的方式,而是以docker爲container,集成化一體的方式,全部安裝在docker中,最後製作一個image鏡像進行保存,便於移植與使用。
1、 部署服務器
開發與測試環境:
172.16.97.152
Docker內安裝的系統:
Centos7.5
2、安裝步驟
a) 環境介紹
[root@localhost ~]# rpm -qa | grep docker
docker-ce-cli-19.03.5-3.el7.x86_64
docker-ce-19.03.5-3.el7.x86_64
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
b) 安裝docker
略,請參考docker官方部署文檔:
[https://docs.docker.com/install/linux/docker-ce/centos/#os-requirements](https://docs.docker.com/install/linux/docker-ce/centos/#os-requirements)
c) 製作鏡像
i. 基礎鏡像
在這個鏡像中包含saltStack、httpd、vim等基礎軟件
創建一個base目錄,在目錄中創建一個Dockerfile文件,內容爲
FROM centos:7.5.1804
MAINTAINER sherwin <zhimin.li@sumscope.com>
RUN rpm --import https://repo.saltstack.com/yum/redhat/7.5/x86_64/archive/2018.3.2/SALTSTACK-GPG-KEY.pub
COPY saltstack.repo /etc/yum.repos.d/
RUN yum clean expire-cache && yum install -y salt-master && yum install -y salt-api
RUN yum install -y httpd
RUN yum install -y vim
RUN yum -y install systemd systemd-libs
RUN yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; \
do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
ii. 執行命令:
[root@localhost base]# docker build --rm -t centos7.5:systemd .
(別遺漏命令最後的 “.”)
iii. 通過命令docker images可以查看已經創建的鏡像centos7.5:system
[root@localhost base]# docker images
d) 製作運行鏡像
在這個鏡像中安裝foreman、puppet
i. 創建foreman目錄,在目錄中創建Dockerfile文件,內容請查看附件
FROM centos7.5:systemd
MAINTAINER sherwin <zhimin.li@sumscope.com>
RUN yum -y --nogpgcheck install epel-release
RUN yum -y --nogpgcheck install https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
RUN yum -y --nogpgcheck install https://yum.theforeman.org/releases/1.20/el7/x86_64/foreman-release.rpm
RUN yum -y --nogpgcheck install foreman-installer
RUN yum install -y expect
RUN yum -y install net-tools
COPY network /etc/sysconfig/
ENV HOSTNAME salt.devops.sumscope.com
ENV FACTER_fqdn salt.devops.sumscope.com
WORKDIR /mydir/
COPY modify_hosts.sh /mydir/
RUN bash modify_hosts.sh
RUN mkdir -p /var/lib/salt/runners
COPY passwd.exp /mydir/
COPY sudoers /etc/sudoers
COPY master /etc/salt/
COPY foreman.yaml /etc/salt/
COPY salt.yml /etc/foreman-proxy/settings.d/
COPY foreman-node /usr/share/gems/gems/smart_proxy_salt-2.1.9/bin/
COPY nsswitch.conf /mydir/
COPY script.tar.gz /mydir/
#COPY core.py /usr/lib/python2.6/site-packages/salt/grains/
COPY master.py /usr/lib/python2.7/site-packages/salt/
COPY *.sh /mydir/
RUN chmod +x /mydir/*.sh
#CMD /mydir/run.sh && tail -f /dev/null
ii. 執行命令:
[root@localhost foreman]# docker build --rm -t centos7.5:base .
iii. 可以通過命令查看centos7.5:base鏡像是否製作成功
3、 安裝foreman
a. 以上的步驟已經制作好了鏡像,啓動鏡像:
docker run --privileged=true -d -v /opt/sumscope/docker_data:/srv -h salt.devops.sumscope.com -p 4506:4506 -p 443:443 -p 4505:4505 --name foreman-base0 -it centos7.5:base
b. 進入鏡像中:
docker exec -it foreman-test bash
c. 進入到根目錄/mydir下,運行bash modify_hosts.sh 腳本
運行以下命令,檢查hostname與ENV是否已經更改:
[root@salt mydir]# hostname
salt.devops.sumscope.com
[root@salt mydir]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=salt.devops.sumscope.com
[root@salt mydir]# cat /etc/hosts
127.0.0.1 salt.devops.sumscope.com saltmaster localhost
172.17.0.3 salt.devops.sumscope.com saltmaster
d. 進入到根目錄/mydir下,運行bash foreman-install.sh 安裝foreman
e. 如果安裝foreman失敗,再多運行幾次 foreman-install.sh文件,重新安裝
f. 安裝完成後,登錄foreman看是否安裝正確:
https://172.16.97.152
用戶名與密碼在:foreman_log中
[root@salt mydir]# cat foreman_log
Success!
* Foreman is running at https://salt.devops.sumscope.com
Initial credentials are admin / 2RKzsrAzcSbTHLq3
* Foreman Proxy is running at https://salt.devops.sumscope.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman.log
g.
4、 檢查配置
a) 檢查在/etc/salt/目錄下是否有 autosign.conf 文件,如果沒有,操作如下:
touch /etc/salt/autosign.conf
chgrp foreman-proxy /etc/salt/autosign.conf
chmod g+w /etc/salt/autosign.conf
echo "*" > /etc/salt/autosign.conf
加入“*”表示對所有的agent自動授權
b) 創建runners
mkdir –p /var/lib/salt/runners
c) 修改/etc/salt/master 文件
i. 添加autosign_file:
autosign_file: /etc/salt/autosign.conf
ii. 指定external_auth:
external_auth:
pam:
saltuser:
- '@runner'
iii. 添加rest_cherrypy:
rest_cherrypy:
port: 9191
host: 0.0.0.0
ssl_key: /etc/puppetlabs/puppet/ssl/private_keys/salt.devops.sumscope.com.pem
ssl_crt: /etc/puppetlabs/puppet/ssl/certs/salt.devops.sumscope.com.pem
iv. 添加runner_dirs:
runner_dirs:
-/var/lib/salt/runners
v. 添加master_tops:
master_tops:
ext_nodes: /usr/bin/foreman-node
vi. 添加file_roots:根據實際情況修改:
file_roots:
qb:
- /srv/qb
vii. 添加ext_pillar:
ext_pillar:
- puppet: /usr/bin/foreman-node
viii.
d) 添加修改 /etc/sudoers:
Cmnd_Alias SALT = /usr/bin/salt, /usr/bin/salt-key
foreman-proxy ALL = NOPASSWD: SALT
Defaults:foreman-proxy !requiretty
e) 修改master.py文件
此處請檢查一下是否有如下目錄:
/usr/lib/python2.7/site-packages/salt
隨着版本的升級,有可能路徑發生變化,比如老版本是python2.6,現在是python2.7
vim /usr/lib/python2.7/site-packages/salt/master.py文件,在_pillar(self, load)函數中修改foreman返回的salt_parameters:
log.error('====data====')
log.error(data)
log.error('====end data====')
if data.has_key('foreman_interfaces'):
target = ''
items = data['foreman_interfaces']
for item in items:
if item['name'] != '':
target = item['name']
break
pkg_pillar = self.opts.get('pkg_pillar', [])
exec_pkg_pillar = '/srv/script/pkg_pillar ' + target + ' ' + str(pkg_pillar).replace(' ', '')
output = os.popen(exec_pkg_pillar).read()
output = str(output)
output = re.sub(r'{', "\'salt_parameters\': {", output)
output = re.sub(r'}', ",", output)
output = re.sub(r'\n', "", output)
data2 = str(data)
data2 = re.sub(r'\'salt_parameters\':\s*{', output, data2)
data = ast.literal_eval(data2)
log.error('====data2====')
log.error(data)
log.error('====end data2====')
f) 修改foreman-node文件(影響的salt_parameters參數中的格式\r\n)
此文件比較坑,隨着puppet的升級,puppet的安裝目錄也發生了變化,最好使用命令確認一下puppet的目錄,比如:
[root@salt salt]# find / -name 'foreman-node'
/usr/bin/foreman-node
/usr/share/gems/gems/smart_proxy_salt-2.1.9/bin/foreman-node
確認了foreman_node所在目錄,修改如下:
enc(minion)函數後面替換的result添加
begin
result = ''
if SETTINGS[:upload_grains]
Timeout.timeout(SETTINGS[:timeout]) do
upload_grains(minion)
end
end
Timeout.timeout(SETTINGS[:timeout]) do
result = enc(minion)
end
a = ""
a = result.match(/salt_parameters:.*[^\\]\"\n/m)
a = a.to_a.join("").gsub(/\n/,"").gsub(/ /," ").gsub(/\\r\\n/,"\n").gsub(/ "/,"\n").gsub(/"$/,"\n").gsub(/\\"/, "\"").gsub(/\n/,"\n ").strip + "\n"
result = result.gsub(/salt_parameters:.*[^\\]\"\n/m,a)
puts result
rescue => e
puts "Couldn't retrieve ENC data: #{e}"
exit 1
end
g) 修改/etc/salt/foreman.yaml文件
---
:proto: https
:host: salt.devops.sumscope.com
:port: 443
:ssl_ca: "/etc/puppetlabs/puppet/ssl/certs/ca.pem"
:ssl_key: "/etc/puppetlabs/puppet/ssl/private_keys/salt.devops.sumscope.com.pem"
:ssl_cert: "/etc/puppetlabs/puppet/ssl/certs/salt.devops.sumscope.com.pem"
:timeout: 50
:salt: /usr/bin/salt
:upload_grains: true
文件中,請檢查*.pem是否存在,這是puppet生成的,在puppet的安裝目錄中,不同的puppet版本,安裝目錄不同。
h) 修改/etc/foreman-proxy/settings.d/salt.yaml文件
---
:enabled: https
:autosign_file: /etc/salt/autosign.conf
:salt_command_user: root
# Some features require using the Salt API - such as listing environments and retrieving state info
:use_api: true
:api_url: https://salt.devops.sumscope.com:9191
:api_auth: pam
:api_username: saltuser
:api_password: saltpassword
i)
5、 進入到/mydir目錄下,重新運行run.sh腳本,重啓其他服務。
6、 Foreman Web頁面,salt環境導入
配置->Salt->states
7、 把製作的docker保存爲鏡像img
a) 提交鏡像
docker commit -a "Sherwin" -m "image success" 8b6a0f3723ee centos7.5:centos7.5_salt_foreman_docker_img
b) 保存鏡像
docker save -o centos7.5_salt_foreman_docker_img.tar centos7.5:centos7.5_salt_foreman_docker_img
c) 壓縮打包
tar -zcvf centos7.5_salt_foreman_docker_img.tar.gz centos7.5_salt_foreman_docker_img.tar
8、 從鏡像中打開docker
Docker image
Dokcer 運行
進入docker
a) docker load --input centos7.5_test.tar
b) docker images
c) docker tag centos7.5:centos7.5_test centos7.5_salt_foreman_test
d) docker run --privileged=true -d -v /opt/sumscope/docker_data:/srv -h salt.devops.sumscope.com -p 4506:4506 -p 443:443 -p 4505:4505 --name foreman-docker -it centos7.5_salt_foreman_test
e) docker exec -it foreman-docker bash
f) 進入docker後,運行modify_host.sh腳本
g) 之後運行run.sh腳本
h) 訪問前端網頁
9、 有錯誤請查詢log
Log的目錄在/var/log/foreman-proxy 、 var/log/salt/ 下