博客

SaltStack项目实战(一)

  • Post author:
  • Post category:其他



  • 系统架构图





一、初始化



1、salt环境配置,定义基础环境、生产环境(base、prod)


?
1
2
3
4
5
6
7
8
9
10

vim


/etc/salt/master

修改file_roots

file_roots:



base:



-


/srv/salt/base



prod:



-


/srv/salt/prod


mkdir


-p


/srv/salt/base

mkdir


-p


/srv/salt/prod


pillar配置


?
1
2
3
4
5
6
7
8
9
10

vim


/etc/salt/master

修改pillar_roots

pillar_roots:



base:



-


/srv/pillar/base



pord:



-


/srv/pillar/prod


mkdir


-p


/srv/pillar/base

mkdir


-p


/srv/pillar/prod


服务重启 systemctl restart salt-master


2、salt base环境初始化:


?
1
2

mkdir


-p


/srv/salt/base/init


# 环境初始化目录

mkdir


-p


/srv/salt/base/init/files


# 配置文件目录


1)dns配置


准备dns配置文件,放入/srv/salt/base/init/files目录下


cp /etc/resolv.conf /srv/salt/base/init/files/


?
1
2
3
4
5
6
7

vi


/srv/salt/base/init/dns


.sls

/etc/resolv


.conf:



file


.managed:



-


source


: salt:


//init/files/resolv


.conf



- user: root



- gourp: root



- mode: 644


2)histroy记录时间


?
1
2
3
4
5

vi


/srv/salt/base/init/history


.sls

/etc/profile


:



file


.append:



- text:



-


export


HISTTIMEFORMAT=


"%F %T `whoami` "


3)记录命令操作


?
1
2
3
4
5

vi


/srv/salt/base/init/audit


.sls

/etc/bashrc


:



file


.append:



- text:



-


export


PROMPT_COMMAND=


'{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'


4)内核参数优化


?
1
2
3
4
5
6
7
8
9
10
11
12
13

vi


/srv/salt/base/init/sysctl


.sls

net.ipv4.ip_local_port_range:



sysctl.present:



- value: 10000 65000

fs.


file


-max:



sysctl.present:



- value: 2000000

net.ipv4.ip_forward:



sysctl.present:



- value: 1

vm.swappiness:



sysctl.present:



- value: 0


5)安装yum仓库


?
1
2
3
4
5
6

vi


/srv/salt/base/init/epel


.sls

yum_repo_release:



pkg.installed:



- sources:



- epel-release: http:


//mirrors


.aliyun.com


/epel/epel-release-latest-7


.noarch.rpm



- unless: rpm -qa |


grep


epel-release-latest-7


6)安装zabbix-agent


准备zabbix-agent配置文件,放入/srv/salt/base/init/files目录下


cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/


修改 vi /etc/zabbix/zabbix_agentd.conf






?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

vi


/srv/salt/base/init/zabbix_agent


.sls

zabbix-agent:



pkg.installed:



- name: zabbix-agent



file


.managed:



- name:


/etc/zabbix/zabbix_agentd


.conf



-


source


: salt:


//init/files/zabbix_agentd


.conf



- template: jinja



- backup: minion



- defaults:



Server: {

{ pillar[


'zabbix-agent'


][


'Zabbix_Server'


] }}



Hostname: {

{ grains[


'fqdn'


] }}



- require:



- pkg: zabbix-agent



service.running:



-


enable


: True



-


watch


:



- pkg: zabbix-agent



-


file


: zabbix-agent

zabbix_agentd.d:



file


.directory:



- name:


/etc/zabbix/zabbix_agentd


.d



- watch_in:



- service: zabbix-agent



- require:



- pkg: zabbix-agent



-


file


: zabbix-agent



备注:“- backup: minion”表示备份,如果文件改动,会将之前的文件备份到/var/cache/salt/file_backup目录下






7)编写init.sls总文件,引用其它文件


?
1
2
3
4
5
6
7
8

vi


/srv/salt/base/init/init


.sls

include:



- init.dns



- init.


history



- init.audit



- init.sysctl



- init.epel



- init.zabbix_agent


执行命令: salt “*” state.sls init.init


执行结果
 


  1 linux-node1.example.com:
  2 ----------
  3           ID: /etc/resolv.conf
  4     Function: file.managed
  5       Result: True
  6      Comment: File /etc/resolv.conf is in the correct state
  7      Started: 04:39:32.998314
  8     Duration: 181.548 ms
  9      Changes:   
 10 ----------
 11           ID: /etc/profile
 12     Function: file.append
 13       Result: True
 14      Comment: File /etc/profile is in correct state
 15      Started: 04:39:33.180034
 16     Duration: 6.118 ms
 17      Changes:   
 18 ----------
 19           ID: /etc/bashrc
 20     Function: file.append
 21       Result: True
 22      Comment: Appended 1 lines
 23      Started: 04:39:33.186266
 24     Duration: 6.608 ms
 25      Changes:   
 26               ----------
 27               diff:
 28                   --- 
 29                   
 30                   +++ 
 31                   
 32                   @@ -90,3 +90,4 @@
 33                   
 34                        unset -f pathmunge
 35                    fi
 36                    # vim:ts=4:sw=4
 37                   +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
 38 ----------
 39           ID: net.ipv4.ip_local_port_range
 40     Function: sysctl.present
 41       Result: True
 42      Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
 43      Started: 04:39:33.261448
 44     Duration: 212.528 ms
 45      Changes:   
 46               ----------
 47               net.ipv4.ip_local_port_range:
 48                   10000 65000
 49 ----------
 50           ID: fs.file-max
 51     Function: sysctl.present
 52       Result: True
 53      Comment: Updated sysctl value fs.file-max = 2000000
 54      Started: 04:39:33.474197
 55     Duration: 122.497 ms
 56      Changes:   
 57               ----------
 58               fs.file-max:
 59                   2000000
 60 ----------
 61           ID: net.ipv4.ip_forward
 62     Function: sysctl.present
 63       Result: True
 64      Comment: Updated sysctl value net.ipv4.ip_forward = 1
 65      Started: 04:39:33.596905
 66     Duration: 35.061 ms
 67      Changes:   
 68               ----------
 69               net.ipv4.ip_forward:
 70                   1
 71 ----------
 72           ID: vm.swappiness
 73     Function: sysctl.present
 74       Result: True
 75      Comment: Updated sysctl value vm.swappiness = 0
 76      Started: 04:39:33.632208
 77     Duration: 36.226 ms
 78      Changes:   
 79               ----------
 80               vm.swappiness:
 81                   0
 82 ----------
 83           ID: yum_repo_release
 84     Function: pkg.installed
 85       Result: True
 86      Comment: All specified packages are already installed
 87      Started: 04:39:39.085699
 88     Duration: 12627.626 ms
 89      Changes:   
 90 ----------
 91           ID: zabbix-agent
 92     Function: pkg.installed
 93       Result: True
 94      Comment: Package zabbix-agent is already installed
 95      Started: 04:39:51.713592
 96     Duration: 6.677 ms
 97      Changes:   
 98 ----------
 99           ID: zabbix-agent
100     Function: file.managed
101         Name: /etc/zabbix/zabbix_agentd.conf
102       Result: True
103      Comment: File /etc/zabbix/zabbix_agentd.conf updated
104      Started: 04:39:51.720994
105     Duration: 152.077 ms
106      Changes:   
107               ----------
108               diff:
109                   --- 
110                   +++ 
111                   @@ -90,7 +90,7 @@
112                    #
113                    # Mandatory: no
114                    # Default:
115                   -Server={{ Server }}
116                   +Server=192.168.137.11
117                    
118                    ### Option: ListenPort
119                    #    Agent will listen on this port for connections from the server.
120 ----------
121           ID: zabbix_agentd.d
122     Function: file.directory
123         Name: /etc/zabbix/zabbix_agentd.d
124       Result: True
125      Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
126      Started: 04:39:51.875082
127     Duration: 0.908 ms
128      Changes:   
129 ----------
130           ID: zabbix-agent
131     Function: service.running
132       Result: True
133      Comment: Service restarted
134      Started: 04:39:51.932698
135     Duration: 205.223 ms
136      Changes:   
137               ----------
138               zabbix-agent:
139                   True
140 
141 Summary for linux-node1.example.com
142 -------------
143 Succeeded: 12 (changed=7)
144 Failed:     0
145 -------------
146 Total states run:     12
147 Total run time:   13.593 s
148 linux-node2.example.com:
149 ----------
150           ID: /etc/resolv.conf
151     Function: file.managed
152       Result: True
153      Comment: File /etc/resolv.conf is in the correct state
154      Started: 12:46:38.639870
155     Duration: 182.254 ms
156      Changes:   
157 ----------
158           ID: /etc/profile
159     Function: file.append
160       Result: True
161      Comment: Appended 1 lines
162      Started: 12:46:38.822236
163     Duration: 3.047 ms
164      Changes:   
165               ----------
166               diff:
167                   --- 
168                   
169                   +++ 
170                   
171                   @@ -74,3 +74,4 @@
172                   
173                    
174                    unset i
175                    unset -f pathmunge
176                   +export HISTTIMEFORMAT="%F %T `whoami` "
177 ----------
178           ID: /etc/bashrc
179     Function: file.append
180       Result: True
181      Comment: Appended 1 lines
182      Started: 12:46:38.825423
183     Duration: 3.666 ms
184      Changes:   
185               ----------
186               diff:
187                   --- 
188                   
189                   +++ 
190                   
191                   @@ -90,3 +90,4 @@
192                   
193                        unset -f pathmunge
194                    fi
195                    # vim:ts=4:sw=4
196                   +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
197 ----------
198           ID: net.ipv4.ip_local_port_range
199     Function: sysctl.present
200       Result: True
201      Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
202      Started: 12:46:39.011409
203     Duration: 132.499 ms
204      Changes:   
205               ----------
206               net.ipv4.ip_local_port_range:
207                   10000 65000
208 ----------
209           ID: fs.file-max
210     Function: sysctl.present
211       Result: True
212      Comment: Updated sysctl value fs.file-max = 2000000
213      Started: 12:46:39.144117
214     Duration: 33.556 ms
215      Changes:   
216               ----------
217               fs.file-max:
218                   2000000
219 ----------
220           ID: net.ipv4.ip_forward
221     Function: sysctl.present
222       Result: True
223      Comment: Updated sysctl value net.ipv4.ip_forward = 1
224      Started: 12:46:39.177821
225     Duration: 43.489 ms
226      Changes:   
227               ----------
228               net.ipv4.ip_forward:
229                   1
230 ----------
231           ID: vm.swappiness
232     Function: sysctl.present
233       Result: True
234      Comment: Updated sysctl value vm.swappiness = 0
235      Started: 12:46:39.221788
236     Duration: 39.882 ms
237      Changes:   
238               ----------
239               vm.swappiness:
240                   0
241 ----------
242           ID: yum_repo_release
243     Function: pkg.installed
244       Result: True
245      Comment: All specified packages are already installed
246      Started: 12:46:47.608597
247     Duration: 13989.554 ms
248      Changes:   
249 ----------
250           ID: zabbix-agent
251     Function: pkg.installed
252       Result: True
253      Comment: Package zabbix-agent is already installed
254      Started: 12:47:01.598548
255     Duration: 1.265 ms
256      Changes:   
257 ----------
258           ID: zabbix-agent
259     Function: file.managed
260         Name: /etc/zabbix/zabbix_agentd.conf
261       Result: True
262      Comment: File /etc/zabbix/zabbix_agentd.conf updated
263      Started: 12:47:01.600712
264     Duration: 82.425 ms
265      Changes:   
266               ----------
267               diff:
268                   --- 
269                   +++ 
270                   @@ -90,8 +90,6 @@
271                    #
272                    # Mandatory: no
273                    # Default:
274                   -# Server=
275                   -
276                    Server=192.168.137.11
277                    
278                    ### Option: ListenPort
279                   @@ -117,7 +115,7 @@
280                    # Mandatory: no
281                    # Range: 0-100
282                    # Default:
283                   -StartAgents=3
284                   +# StartAgents=3
285                    
286                    ##### Active checks related
287                    
288                   @@ -133,7 +131,7 @@
289                    # Default:
290                    # ServerActive=
291                    
292                   -#ServerActive=192.168.137.11
293                   +ServerActive=192.168.137.11
294                    
295                    ### Option: Hostname
296                    #    Unique, case sensitive hostname.
297                   @@ -144,7 +142,7 @@
298                    # Default:
299                    # Hostname=
300                    
301                   -Hostname=linux-node2
302                   +Hostname=Zabbix server
303                    
304                    ### Option: HostnameItem
305                    #    Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
306                   @@ -174,7 +172,7 @@
307                    #
308                    # Mandatory: no
309                    # Default:
310                   -HostMetadataItem=system.uname
311                   +# HostMetadataItem=
312                    
313                    ### Option: RefreshActiveChecks
314                    #    How often list of active checks is refreshed, in seconds.
315 ----------
316           ID: zabbix_agentd.d
317     Function: file.directory
318         Name: /etc/zabbix/zabbix_agentd.d
319       Result: True
320      Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
321      Started: 12:47:01.684357
322     Duration: 0.93 ms
323      Changes:   
324 ----------
325           ID: zabbix-agent
326     Function: service.running
327       Result: True
328      Comment: Service restarted
329      Started: 12:47:01.751277
330     Duration: 275.781 ms
331      Changes:   
332               ----------
333               zabbix-agent:
334                   True
335 
336 Summary for linux-node2.example.com
337 -------------
338 Succeeded: 12 (changed=8)
339 Failed:     0
340 -------------
341 Total states run:     12
342 Total run time:   14.788 s


View Code


8)创建top文件


?
1
2
3
4

vi


/srv/salt/base/top


.sls

base:



'*'


:



- init.init


测试 salt “*” state.highstate test=True


执行 salt “*” state.highstate


3、pillar base初始化


1)zabbix agent配置,指定zabbix server地址,用于sls文件引用


?
1
2
3
4

mkdir


-p


/srv/pillar/base/zabbix

vi


/srv/pillar/base/zabbix/agent


.sls

zabbix-agent:



Zabbix_Server: 192.168.137.11


编写top,引用/srv/pillar/base/zabbix/agent文件


?
1
2
3
4

vi


/srv/pillar/base/top


.sls

base:



'*'


:



- zabbix.agent


测试 salt ‘*’ pillar.items




二、haproxy


官网

http://www.haproxy.com/


?
1
2
3
4
5
6
7
8
9

mkdir


-p


/srv/salt/prod/modules/haproxy

mkdir


-p


/srv/salt/prod/modules/keepalived

mkdir


-p


/srv/salt/prod/modules/memcached

mkdir


-p


/srv/salt/prod/modules/nginx

mkdir


-p


/srv/salt/prod/modules/php

mkdir


-p


/srv/salt/prod/modules/pkg

mkdir


-p


/srv/salt/prod/cluster

mkdir


-p


/srv/salt/prod/modules/haproxy/files/

mkdir


-p


/srv/salt/prod/cluster/files


1)系统gcc编译包等


?
1
2
3
4
5
6
7
8
9
10
11
12
13

vi


/srv/salt/prod/pkg/make


.sls

make


-pkg:



pkg.installed:



- names:



-


gcc



-


gcc


-c++



- glibc



-


make



- autoconf



- openssl



- openssl-devel



- pcre



- pcre-devel


2) 自安装


?
1
2
3
4
5
6

cd


/usr/local/src

tar


xvf haproxy-1.6.3.


tar


.gz

cd


haproxy-1.6.3/

make


TARGET=linux2628 PREFIX=


/usr/local/haproxy-1


.6.3

make


install


PREFIX=


/usr/local/haproxy-1


.6.3

ln


-s


/usr/local/haproxy-1


.6.3


/usr/local/haproxy


修改启动脚本,放入salt下


?
1
2
3

vi


/usr/local/src/haproxy-1


.6.3


/examples/haproxy


.init

BIN=


/usr/local/haproxy/sbin/


$BASENAME

cp


/usr/local/src/haproxy-1


.6.3


/examples/haproxy


.init


/srv/salt/prod/modules/haproxy/files/


haproxy-1.6.3.tar.gz安装包放入/srv/salt/prod/modules/haproxy/files/目录下



3)创建install.sls文件,用于安装haproxy


?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

vi


/srv/salt/prod/modules/haproxy/install


.sls

include:



- modules.pkg.


make


haproxy-


install


:



file


.managed:



- name:


/usr/local/src/haproxy-1


.6.3.


tar


.gz



-


source


: salt:


//modules/haproxy/files/haproxy-1


.6.3.


tar


.gz



- mode: 755



- user: root



- group: root



cmd.run:



- name:


cd


/usr/local/src


&&


tar


zxf haproxy-1.6.3.


tar


.gz &&


cd


haproxy-1.6.3 &&


make


TARGET=linux2628 PREFIX=


/usr/local/haproxy-1


.6.3 &&


make


install


PREFIX=


/usr/local/haproxy-1


.6.3 &&


ln


-s


/usr/local/haproxy-1


.6.3


/usr/local/haproxy



- unless:


test


-L


/usr/local/haproxy



- require:



- pkg:


make


-pkg



-


file


: haproxy-


install

haproxy-init:



file


.managed:



- name:


/etc/init


.d


/haproxy



-


source


: salt:


//modules/haproxy/files/haproxy


.init



- mode: 755



- user: root



- group: root



- require_in:



-


file


: haproxy-


install



cmd.run:



- name: chkconfig --add haproxy



- unless: chkconfig --list|


grep


haproxy


net.ipv4.ip_nonlocal_bind:



sysctl.present:



- value: 1

haproxy-config-


dir


:



file


.directory:



- name:


/etc/haproxy



- mode: 755



- user: root



- group: root



备注: “- unless”  如果unless后面的命令返回为True,那么就不执行当前状态命令


4)创建haproxy配置文件


创建haproxy-outside.sls文件,用于配置haproxy


?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

vi


/srv/salt/prod/cluster/haproxy-outside


.sls

include:



- modules.haproxy.


install

haproxy-service:



file


.managed:



- name:


/etc/haproxy/haproxy


.cfg



-


source


: salt:


//cluster/files/haproxy-outside


.cfg



- user: root



- group: root



- mode: 644



service.running:



- name: haproxy



-


enable


: True



- reload: True



- require:



- cmd: haproxy-


install



-


watch


:



-


file


: haproxy-service


5)配置top file


?
1
2
3
4
5
6
7

vi


/srv/pillar/base/top


.sls

base:



'*'


:



- zabbix.agent

prod:



'linux-node*'


:



- cluster.haproxy-outside


测试 salt “*” state.highstate test=True


执行 salt “*” state.highstate



结果:



三、keepalived



1)创建files目录,将keepalived-1.2.17.tar.gz安装包、keepalived.sysconfig、keepalived.init放入


?
1

mkdir


-p


/srv/salt/prod/modules/keepalived/files


2)创建install.sls文件


执行命令:salt ‘*’ state.sls modules.keepalived.install saltenv=prod


3)创建keepalived配置文件haproxy-outside-keepalived.conf


创建haproxy-outside-keepalived.sls


4)将keepalived加入top FILE


?
1
2
3
4
5
6
7
8

vi


/srv/salt/base/top


.sls

base:



'*'


:



- init.init

prod:



'linux-node*'


:



- cluster.haproxy-outside



- cluster.haproxy-outside-keepalived


测试 salt “*” state.highstate test=True


执行 salt “*” state.highstate

转载于:https://www.cnblogs.com/wuhg/p/10442047.html