目錄
1.3、ntp時間同步#先使用pkg模塊安裝ntp服務,再使用cron模塊加入計劃任務
2.3、主庫配置mariadb-server.cnf,並更改server_id,以及創建主從用戶
2.4、從庫配置文件的server_id和開啓主上的log-bin功能
# shell腳本獲取主庫獲取bin-log值和pos值並授權從庫同步
一、系統初始化
# 當我們的服務器上架並安裝好操作系統後,都會有一些基礎的操作,所以生產環境中使用SaltStack,建議將所有服務器都會涉及的基礎配置或者軟件部署歸類放在base環境下。此處,在base環境下創建一個init目錄,將系統初始化配置的sls均放置到init目錄下,稱爲“初始化模塊”。
# 以下操作僅爲部分示例,具體情況需要提前確認測試
1.1、開啓pillar
[root@linux-node1 srv]# mkdir -p /srv/pillar/{base,prod}
[root@linux-node1 salt]# vi /etc/salt/master
pillar_opts: True
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
test:
- /srv/salt/test
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
1.2、系統初始化配置腳本實例
1.1、selinux初始化
# 使用了file模塊的managed方法,配置文件disable
[root@linux-node1 init]# cat selinux-init.sls
selinux-config:
file.managed:
- name: /etc/selinux/config
- source: salt://init/files/selinux-config
- user: root
- group: root
- mode: 644
[root@linux-node1 init]# cp /etc/selinux/config files/selinux-config
1.2、firewalld初始化
#使用service模塊的dead方法,直接關閉firewalld,並禁止開機啓動
[root@linux-node1 init]# cat firewalld-init.sls
firewall-stop:
service.dead:
- name: firewalld.service
- enable: False
1.3、ntp時間同步#先使用pkg模塊安裝ntp服務,再使用cron模塊加入計劃任務
[root@linux-node1 init]# cat ntp-init.sls
ntp-install:
pkg.installed:
- name: ntpdate
cron-ntpdate:
cron.present:
- name: ntpdate time1.aliyun.com
- user: root
- minute: 5
1.4、內核優化
#使用sysctl模塊的present方法,此處演示一部分,這裏沒有使用name參數,所以id就相當於是name
[root@linux-node1 init]# cat sysctl-init.sls
net.ipv4.tcp_fin_timeout:
sysctl.present:
- value: 2
net.ipv4.tcp_tw_reuse:
sysctl.present:
- value: 1
net.ipv4.tcp_tw_recycle:
sysctl.present:
- value: 1
net.ipv4.tcp_syncookies:
sysctl.present:
- value: 1
net.ipv4.tcp_keepalive_time:
sysctl.present:
- value: 600
1.5、DNS解析
[root@linux-node1 init]# vim dns-init.sls
dns-config:
file.managed:
- name: /etc/resolv.conf
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@linux-node1 init]# cp /etc/resolv.conf files/
1.6、歷史記錄優化history
#使用file.append擴展修改HISTTIMEFORMAT的值
[root@linux-node1 init]# vim history-init.sls
history-config:
file.append:
- name: /etc/profile
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
- export HISTSIZE=5
- export HISTFILESIZE=5
1.7、配置yum源
[root@linux-node1 files]# wget http://mirrors.aliyun.com/repo/epel-7.repo
[root@linux-node1 init]# cat yum-repo.sls
/etc/yum.repos.d/epel-7.repo:
file.managed:
- source: salt://init/files/epel-7.repo
- user: root
- group: root
- mode: 644
1.8、基礎用戶
#增加基礎管理用戶www,使用user.present和group.present
[root@linux-node1 init]# vim user-www.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/bash
- uid: 1000
- gid: 1000
1.9、常用基礎命令
#這裏因爲各軟件包會依賴源,所以使用include講yum源包含進來,並在pkg.installed最後增加require依賴
[root@linux-node1 init]# vim pkg-base.sls
include:
- init.yum-repo
base-install:
pkg.installed:
- pkgs:
- screen
- lrzsz
- tree
- openssl
- telnet
- iotop
- wget
- lsof
- net-tools
- unzip
- vim
- bind-utils
- require:
- file: /etc/yum.repos.d/epel-7.repo
1.10、編寫一個總的狀態,並寫入top file中
[root@linux-node1 init]# cat init-all.sls
include:
- init.yum-repo
- init.firewalld-init
- init.history-init
- init.ntp-init
- init.selinux-init
- init.sysctl-init
- init.user-www
[root@linux-node1 base]# cat top.sls
base:
'linux-node(1|2).example.com':
- match: pcre
- init.init-all
[root@linux-node1 ~]# salt '*' state.highstate test=True
二、SaltStack部署數據庫主從
2.1、準備工作
# 需求分析:
配置MySQL主從的有以下步驟:
(1)MySQL安裝初始化---->mysql-install.sls
(2)MySQL的主配置文件my.cnf配置不同的server_id-->mariadb-server-master.cnf、mariadb-server-slave.cnf
(3)創建主從同步用戶-->master.sls
(4)master獲取bin-log和post值-->通過腳本實現
(5)slave上,change master && start slave-->slave.sls
# 在prod環境下載創建modules和mysql目錄
[root@linux-node1 ~]# mkdir -p /srv/salt/prod/modules/mysql/files
# 因爲我之前有測試過,爲了保證環境原始性,卸載mysql所有數據,各位根據自己情況判斷
徹底卸載mysql方法:https://blog.csdn.net/zhwyj1019/article/details/80274269
# 這是部署過程出現的部分問題記錄
ERROR
1198 (HY000) at line 1: This operation cannot be performed as you have a running slave ''; run STOP SLAVE '' first
MariaDB [(none)]> slave stop;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'slave stop' at line 1
MariaDB [(none)]> stop slave;
Query OK, 0 rows affected (0.00 sec)
ERROR
you need (at least one of) the SUPER, REPLICATION CLIENT privilege(s) for this operation
mysql -u root -p123456 -e "grant replication client on *.* to mqslave@'192.168.56.0/255.255.255.0' identified by 'mqslave';flush privileges;"
2.2、配置安裝和配置狀態文件install.sls
# yum源配置
[root@linux-node1 mysql]# cat repo.sls
repo:
file.managed:
- name: /etc/yum.repos.d/MariaDB.repo
- source: salt://modules/mysql/files/MariaDB.repo
- user: root
- group: root
- mode: 0644
# 安裝mariadb、拷貝配置文件、監測服務狀態
[root@linux-node1 mysql]# cat install.sls
include:
- modules.mysql.repo
mysql-install:
pkg.installed:
- pkgs:
- MariaDB-client
- MariaDB-server
mysql-config:
file.managed:
- name: /etc/my.cnf
# 新版mariadb安裝默認無此文件
- source: salt://modules/mysql/files/my.cnf
- user: root
- gourp: root
- mode: 644
mysql-service:
service.running:
- name: mariadb
- enable: True
# files目錄存放的源文件和通用默認配置文件
[root@linux-node1 mysql]# cat files/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = https://mirrors.ustc.edu.cn/mariadb/yum/10.2/centos7-amd64
gpgkey=https://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
[root@linux-node1 mysql]# cat files/my.cnf
#
# This group is read both both by the client and the server
# use it for options that affect everything
#所有配置寫入此文件易混亂,include利用目錄管理配置
[client-server]
!includedir /etc/my.cnf.d
# 安裝mariadb數據庫,執行sls腳本
[root@linux-node1 mysql]# salt '*' state.sls modules.mysql.install saltenv=prod test=True
2.3、主庫配置mariadb-server.cnf,並更改server_id,以及創建主從用戶
# 配置主庫信息、創建複製用戶並授權
[root@linux-node1 mysql]# cat master.sls
include:
- modules.mysql.install
master-config:
file.managed:
- name: /etc/my.cnf.d/mariadb-server.cnf
#主從主要區別在於id與log-bin功能
- source: salt://modules/mysql/files/mariadb-server-master.cnf
- user: root
- group: root
- mode: 0644
master-grant:
cmd.run:
#slave和client權限都需要,slave用來配置主從同步認證、地址爲從節點、若無該用戶則創建
- name: mysqladmin -u root password '123456';mysql -u root -p123456 -e "grant replication slave,replication client on *.* to slave@'192.168.56.0/255.255.255.0' identified by 'slave';flush privileges;"
# files目錄存放的主庫配置文件
[root@linux-node1 mysql]# cat files/mariadb-server-master.cnf
[mysqld]
server_id=11
log-bin=mysql-bin
# 配置主庫信息,執行sls腳本
[root@linux-node1 mysql]# salt 'linux-node1*' state.sls modules.mysql.master saltenv=prod test=True
2.4、從庫配置文件的server_id和開啓主上的log-bin功能
# 從庫配置、認證信息獲取
[root@linux-node1 mysql]# cat slave.sls
include:
- modules.mysql.install
slave-config:
file.managed:
- name: /etc/my.cnf.d/mariadb-server.cnf
- source: salt://modules/mysql/files/mariadb-server-slave.cnf
- user: root
- group: root
- mode: 0644
start-slave:
file.managed:
- name: /tmp/start-slave.sh
- source: salt://modules/mysql/files/start-slave.sh
- user: root
- group: root
- mode: 755
cmd.run:
- name: /bin/bash /tmp/start-slave.sh
# files目錄存放的從庫配置文件
[root@linux-node1 mysql]# cat files/mariadb-server-slave.cnf
[mysqld]
server_id=22
# shell腳本獲取主庫獲取bin-log值和pos值並授權從庫同步
[root@linux-node1 mysql]# cat files/start-slave.sh
#!/bin/bash
#若新裝mysql密碼爲空,腳本不易識別,根據情況使用
#mysqladmin -h 192.168.56.12 -u root password '123456'
mysql -uroot -p123456 -e "stop slave;"
for i in `seq 1 10`
do
mysql -h 192.168.56.11 -uslave -pslave -e "exit"
if [ $? -eq 0 ];then
Bin_log=`mysql -h 192.168.56.11 -uslave -pslave -e "show master status;"|awk 'NR==2{print $1}'`
POS=`mysql -h 192.168.56.11 -uslave -pslave -e "show master status;"|awk 'NR==2{print $2}'`
#授權操作爲從庫root用戶纔有權限
mysql -uroot -p123456 -e "change master to master_host='192.168.56.11', master_user='slave',master_port=3306, master_password='slave', master_log_file='$Bin_log', master_log_pos=$POS;start slave;"
exit;
else
sleep 60;
fi
done
# 配置從庫信息,執行sls腳本
[root@linux-node1 mysql]# salt 'linux-node2*' state.sls modules.mysql.slave saltenv=prod test=True
2.5、驗證工作
權限分配:
master: root用戶登陸數據庫修改數據
salve: root用戶登陸確認是否同步修改
salve: slave用戶相當於主從配置的協助者,主要負責從庫獲取bin-log值和pos值
三、mysql主從修改端口後如何恢復同步狀態
3.1、修改默認端口爲13306,此時主從同步失敗
[root@linux-node1 mysql]# cat /etc/my.cnf.d/server.cnf | grep port
port=13306
[root@linux-node1 mysql]# systemctl restart mysql
3.2、主庫操作
[root@linux-node1 mysql]# mysql -uroot -p123456
# 如果此前該賬號已經授權,可從庫直接訪問主庫,直接使用
# 我之前懷疑需要新建用戶,最終確認爲訪問命令未加端口導致失敗報錯
# ERROR 2002 (HY000): Can't connect to MySQL server on '192.168.56.11' (115)
MariaDB [mysql]> grant replication client,replication slave on *.* to ssslave@'192.168.56.11:13306' identified by 'ssslave';
#鎖定數據庫,防止master狀態更改
MariaDB [(none)]> flush tables with read lock;
Query OK, 0 rows affected (0.00 sec)
#記錄二進制日誌信息
MariaDB [(none)]> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000006
Position: 528
Binlog_Do_DB:
Binlog_Ignore_DB:
1 row in set (0.00 sec)
!!!此時開始搞從庫端,配置完成後回來!!!
#解鎖
MariaDB [(none)]> unlock tables;
Query OK, 0 rows affected (0.00 sec)
#刷新權限
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
3.3、從庫操作
[root@linux-node2 ~]# mysql -uroot -p123456
#停止slave
MariaDB [(none)]> stop slave;
Query OK, 0 rows affected (0.01 sec)
#更新從庫權限,host爲主庫地址,log_file和log_pos參照上文,master_port參數默認3306可以不加,此時必須指定
MariaDB [(none)]> change master to master_host='192.168.56.11',master_port=13306,master_user='slave', master_password='slave',master_log_file='mysql-bin.000006',master_log_pos=528;
Query OK, 0 rows affected (0.00 sec)
#開啓slave
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
#顯示slave狀態
#注意Log_Pos與Log_Pos是否與主庫對應,Slave_IO_Running和Slave_SQL_Running爲Yes
MariaDB [(none)]> show slave status\G
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.56.11
Master_User: slave
Master_Port: 13306
Connect_Retry: 60
Master_Log_File: mysql-bin.000006
Read_Master_Log_Pos: 528
Relay_Log_File: linux-node2-relay-bin.000002
Relay_Log_Pos: 555
Relay_Master_Log_File: mysql-bin.000006
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
#此時回到主庫解鎖、刷新權限、重啓服務、測試結果即可