SaltStack自動化運維——saltstack的安裝和http、nginx服務的部署

一、環境配置

配置yum源
1. 將saltstack包放在真機的默認發佈目錄下
/var/www/html/saltstack/rhel7/2018
2.虛擬機上編寫yum源

[root@server1 ~]# vim /etc/yum.repos.d/salt.repo
[salt]
name=salt
baseurl=http://172.25.36.250/saltstack/rhel7/2018/
gpgcheck=0
[root@server1 ~]# scp /etc/yum.repos.d/salt.repo [email protected]:/etc/yum.repos.d/salt.repo
[root@server1 ~]# scp /etc/yum.repos.d/salt.repo [email protected]:/etc/yum.repos.d/salt.repo

2.安裝salt

[root@server1 ~]# yum install -y salt-master.noarch salt-minion.noarch

[root@server2 ~]# yum install -y salt-minion.noarch
[root@server2 ~]# vim /etc/salt/minion
16  master: 172.25.36.1

server3配置與server2配置相同

3.salt祕鑰認證設置

[root@server1 ~]# salt-key -L
[root@server1 ~]# salt-key -A
Proceed? [n/Y] Y
[root@server1 ~]# salt-key -L

如果想刪除某個節點：salt-key -d server1

[root@server1 ~]# netstat -atnlp

4505：發佈訂閱
4506：接受信息

4.測試：

[root@server1 ~]# salt '*' test.ping  #'*':調用所有主機
server3:
    True
server2:
    True

• 調用模塊：cmd.run 'df -h'
• 所有文件定位 都必須方在/srv/salt

httpd:  #既是聲明，又是軟件包的名在，在同一文件中時唯一的
  模塊.方法

apache.install（base=/srv/salt,調用install文件）

[root@server1 ~]# yum install -y lsof.x86_64
[root@server1 ~]# lsof -i :4505

[root@server1 ~]# yum install -y python-setproctitle.x86_64
[root@server1 ~]# systemctl restart salt-master.service

測試:

[root@server1 ~]# salt '*' cmd.run 'df -h'
[root@server1 ~]# salt '*' cmd.run 'hostname'

二、自動化部署httpd服務

1.更改配置文件

[root@server1 ~]# cd /etc/salt/
[root@server1 salt]# vim minion
568 file_roots:
569   base:
570     - /srv/salt
[root@server1 salt]# systemctl restart salt-master.service

2.建立base目錄，編輯安裝文件

[root@server1 ~]# mkdir /srv/salt
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# mkdir apache
[root@server1 salt]# cd apache/
[root@server1 apache]# vim install.sls
httpd:
  pkg.installed

3.安裝

[root@server1 apache]# salt server2 state.sls apache.install  #state.sls--狀態.調用

多個安裝:

[root@server1 apache]# vim install.sls

httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - httpd-tools
[root@server1 apache]# salt server2 state.sls apache.install

 

4.添加重啓服務

[root@server1 apache]# vim install.sls
httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - httpd-tools
  service.running:
    - name: httpd
    - enable: true
    - reload: True
[root@server1 apache]# salt server2 state.sls apache.install

5.添加監控文件

[root@server1 apache]# vim install.sls
httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - httpd-tools

  service.running:
    - name: httpd
    - enable: true
    - reload: True
    - watch:
      - file: /etc/httpd/conf/httpd.conf

/etc/httpd/conf/httpd.conf:
  file.managed:
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

 

pkg.installed:  #安裝服務

service.running:  #啓動模塊
  - name: httpd  #服務名
  - enable: True  #開機自起
  - reload: True  #如果不加這個參數默認會restart，加了這個參數，watch 監控一個文件，文件發生改變，就會重載服務
  - watch:
    - file /etc/httpd/conf/http.conf

將httpd的主配置文件放在files目錄下：

[root@server1 apache]# mkdir files
[root@server1 apache]# cd files/
[root@server1 files]# scp server2:/etc/httpd/conf/httpd.conf .

[root@server1 apache]# salt server2 state.sls apache.install

#server2:

[root@server2 minion]# yum install tree -y
[root@server2 minion]# cd /var/cache/salt/minion/
[root@server2 minion]# ls
[root@server2 minion]# tree .
.
|-- accumulator
|-- extmods
|-- files
|   `-- base
|       `-- apache
|           |-- files
|           |   `-- httpd.conf
|           `-- install.sls
|-- highstate.cache.p
|-- pkg_refresh
|-- proc
`-- sls.p

7 directories, 5 files

三、安裝和服務的啓動分開部署：

1.編輯install.sls文件

[root@server1 apache]# vim install.sls
httpd-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - httpd-tools

  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://apache/files/httpd.conf
    - user: root
    - group: root
    - mode: 644

2.編輯service服務啓動文件：service.sls

[root@server1 apache]# vim service.sls
include:
  - apache.install

httpd-service:
  service.running:
    - name: httpd
    - enable: true
    - reload: True
    - watch:
      - file: httpd-install

#測試：
關閉server2上的httpd服務

[root@server2 minion]# systemctl stop httpd

執行開啓服務的文件:

[root@server1 apache]# salt server2 state.sls apache.service

查看server2上的httpd的狀態：

[root@server2 minion]# systemctl status httpd

四、Salt部署源碼nginx

（一）

1.建立nginx目錄

[root@server1 salt]# mkdir nginx
[root@server1 salt]# cd nginx/
[root@server1 nginx]# mkdir files
[root@server1 nginx]# cd files/
[root@server1 files]# ls
nginx-1.15.8.tar.gz

2.編輯安裝文件

[root@server1 nginx]# vim install.sls
nginx-install:
  pkg.installed:
    - pkgs:
      - gcc
      - make
      - pcre-devel
      - zlib-devel
  file.managed:
    - name: /mnt/nginx-1.15.8.tar.gz
    - source: salt://nginx/files/nginx-1.15.8.tar.gz

  cmd.run:
    - name: cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc &&./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null
    - creates: /usr/local/nginx

3.執行：server3上安裝nginx

[root@server1 nginx]# salt server3 state.sls nginx.install

4.查看

[root@server3 ~]# cd /mnt/nginx-1.15.8/
[root@server3 nginx-1.15.8]# du -sh /usr/local/nginx/
872K    /usr/local/nginx/  #說明註釋了debug

（二）啓動腳本設置
1.將啓動腳本放在master的/srv/salt/nginx/files目錄下

[root@foundation36 Desktop]# scp nginx.service [email protected]:/srv/salt/nginx/files

[root@server1 nginx]# cat files/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

2.編輯nginx的服務service.sls文件

[root@server1 nginx]# vim service.sls
include:
  - nginx.install

/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://nginx/files/nginx.conf

nginx-service:
  file.managed:
    - name: /etc/systemd/system/nginx.service
    - source: salt://nginx/files/nginx.service

  service.running:
    - name: nginx
    - enable: true
    - reload: true
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf

3.執行nginx服務腳本

[root@server1 nginx]# salt server3 state.sls nginx.service

4.server3上查看nginx的狀態

[root@server3 nginx-1.15.8]# systemctl status nginx
[root@server3 ~]# curl localhost

5更改worker進程數

[root@server3 nginx-1.15.8]# scp /usr/local/nginx/conf/nginx.conf server1:/srv/salt/nginx/files
[root@server1 nginx]# cd files/
[root@server1 files]# vim nginx.conf
  3 worker_processes  2;

 

 

[root@server3 ~]# ps ax
14980 ?        S      0:00 nginx: worker process
14981 ?        S      0:00 nginx: worker process

不同的主機執行不同腳本文件

[root@server1 nginx]# cd
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# ls
apache  nginx
[root@server1 salt]# vim top.sls
base:
  'server2':
    - apache.service
  'server3':
    - nginx.service

[root@server1 salt]# salt '*' state.highstate