CentOS 7 部署saltstack服务
版权声明:本文为木偶人shaon原创文章,转载请注明原文地址,非常感谢。 https://cloud.tencent.com/developer/article/1434664
SaltStack 简介
- Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
- SaltStack 官网:https://saltstack.com/
- SaltStack 官方文档:https://docs.saltstack.com/en/latest/
- SaltStack github地址:
SaltStack 安装
- 安装salt-master on Salt Master Host.
# install from EPEL
[root@linuxprobe~]# yum --enablerepo=epel -y install salt-master
[root@linuxprobe~]# systemctl start salt-master
[root@linuxprobe~]# systemctl enable salt-master
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.- On Salt Master Server, If Firewalld is running, allow related ports.
[root@linuxprobe~]# firewall-cmd --add-port={4505/tcp,4506/tcp} --permanent
success
[root@linuxprobe~]# firewall-cmd --reload
success - 安装 salt-minion on Salt Minion Host.
# install from EPEL
[root@vdevops~]# yum --enablerepo=epel -y install salt-minion
[root@vdevops~]# sed -i 's/\#master: salt/master: linuxprobe.org/' /etc/salt/minion
[root@vdevops~]# systemctl start salt-minion
[root@vdevops~]# systemctl enable salt-minion
Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.Salt Clinet客户端启动之后会发送public-key 到Salt Master获取认证. Salt Master 可以接收client发过来的认证请求。
# show the list of keys
[root@linuxprobe master]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
vdevops.org
Rejected Keys:
# permit all keys with "A" option
[root@linuxprobe master]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
vdevops.org
Proceed? [n/Y] y #确认
Key for minion vdevops.org accepted.
[root@linuxprobe master]# salt-key -L
Accepted Keys:
vdevops.org
Denied Keys:
Unaccepted Keys:
Rejected Keys:
# 测试连接
[root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
Truesaltstack基础使用
Saltstack的基础用法就是从master执行命令同步到客户端 salt option functionundefined 参考文档:https://docs.saltstack.com/en/latest/ref/modules/all/index.html
- 查看函数用法
[root@linuxprobe ~]# salt '*' sys.doc | less
'acl.delfacl:'
Remove specific FACL from the specified file(s)
CLI Examples:
salt '*' acl.delfacl user myuser /tmp/house/kitchen
salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen
salt '*' acl.delfacl d:u myuser /tmp/house/kitchen
salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.delfacl user myuser /tmp/house/kitchen recursive=True
'acl.getfacl:'
Return (extremely verbose) map of FACLs on specified file(s)
CLI Examples:
salt '*' acl.getfacl /tmp/house/kitchen
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom
salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom recursive=True
...- It’s possible to specify targets with various way
# specify all Minions
# test.ping means that make sure Minions are acitive
[root@linuxprobe ~]# salt '*' test.ping
vdevops.org:
True
linuxprobe.org:
True
# specify a Minion "vdevops.org"
# disk.usage means that make sure current disk usag
[root@linuxprobe ~]# salt 'vdevops.org' disk.usage
vdevops.org:
----------
/:
----------
1K-blocks:
18307072
available:
16866300
capacity:
8%
filesystem:
/dev/mapper/centos-root
used:
1440772
# specify some Minions with List(comma separated)
# status.loadavg means that make sure load averages
[root@linuxprobe ~]# salt -L 'vdevops.org,linuxprobe.org' status.loadavg
vdevops.org:
----------
1-min:
0.0
15-min:
0.05
5-min:
0.01
linuxprobe.org:
----------
1-min:
0.02
15-min:
0.06
5-min:
0.08
# specify Minions with expression (example means "node00-99.srv.world")
# selinux.getenforce means that make sure SELinux operating mode
[root@dlp ~]# salt -E 'node[0-9][0-9].srv.world' selinux.getenforce
node02.srv.world:
Enforcing
node01.srv.world:
Enforcing
# specify Minions which OS is CentOS with Grains Data
# grains.item kernelrelease means that make sure Kernel version from grains.item data
# Grains is the word used in Salt and which keeps Minions' OS data and others
[root@linuxprobe ~]# salt -G 'os:CentOS' grains.item kernelrelease
vdevops.org:
----------
kernelrelease:
3.10.0-327.36.2.el7.x86_64
linuxprobe.org:
----------
kernelrelease:
3.10.0-327.el7.x86_64 - 自定义目标组
[root@linuxprobe ~]# vi /etc/salt/master
# line 12: uncomment
default_include: master.d/*.conf
[root@linuxprobe ~]# mkdir /etc/salt/master.d
[root@linuxprobe ~]# vi /etc/salt/master.d/nodegroups.conf
# create new
# group_org :
# group_os : specify OS is CentOS
nodegroups:
group_org: 'L@linuxprobe.org,vdevops.org'
group_os: 'G@os:CentOS'
[root@linuxprobe ~]# systemctl restart salt-master
# run to a target group_os
[root@linuxprobe master.d]# salt -N 'group_os' cmd.run 'hostname'
vdevops.org:
vdevops.org
linuxprobe.org:
linuxprobe.orgSalt State文件使用
学习如何配置Salt State文件对于学习saltstack和使用salt很重要,state文件采用yaml格式编写
- 首先,定义文件根目录放状态,默认/srv/salt
[root@linuxprobe ~]# vi /etc/salt/master
# line 417: uncomment and define root directory
file_roots:
base:
- /srv/salt
[root@linuxprobe ~]# mkdir /srv/salt 要将状态文件放在根目录下,可以使用salt命令将配置应用到Minions,下面的示例,将wget包安装到Minions
# (any file name).sls
[root@linuxprobe ~]# vi /srv/salt/default.sls
# create new
install_wget:
pkg.installed:
- name: wget
[root@linuxprobe ~]# salt "vdevops.org" state.sls default
vdevops.org:
----------
ID: install_wget
Function: pkg.installed
Name: wget
Result: True
Comment: The following packages were installed/updated: wget
Started: 18:54:59.514712
Duration: 14193.327 ms
Changes:
----------
wget:
----------
new:
1.14-10.el7_0.1
old:
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
# 确认
[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'rpm -q wget'
vdevops.org:
wget-1.14-10.el7_0.1.x86_64配置状态树的示例
- 将top.sls称为“顶部文件”在您定义的根目录下
root@linuxprobe ~]# vi /srv/salt/top.sls
base:
# define target Minions
'*':
# define the name of State file
- default
# create State file defined in Top File
[root@linuxprobe ~]# vi /srv/salt/default.sls
# for example, Install and start httpd and MariaDB and also install PHP
webserver:
pkg.installed:
- pkgs:
- httpd
- php
- php-mbstring
- php-pear
- mariadb-server
/var/www/html/index.php:
file:
- managed
- source: salt://httpd/index.php
- require:
- pkg: webserver
# initial setup script
/tmp/setup.sql:
file:
- managed
- source: salt://httpd/setup.sql
enable_httpd:
service.running:
- name: httpd
- enable: True
- require:
- pkg: webserver
enable_mariadb:
service.running:
- name: mariadb
- enable: True
- require:
- pkg: webserver
setup_mariadb:
cmd.run:
- name: '/bin/mysql -u root < /tmp/setup.sql'
- require:
- service: enable_mariadb
# if Firewalld is running, configure services
{% set fw_status = salt['service.status']('firewalld') %}
{% if fw_status %}
setup_fw:
cmd.run:
- names:
- '/bin/firewall-cmd --add-service={http,https,mysql}'
- '/bin/firewall-cmd --add-service={http,https,mysql} --permanent'
{% endif %}
# create index.php template
[root@linuxprobe ~]# mkdir /srv/salt/httpd
[root@linuxprobe ~]# vi /srv/salt/httpd/index.php
<?php
print "Salt State Test Page\n";
?>
# create MariaDB initial setup script
[root@linuxprobe ~]# vi /srv/salt/httpd/setup.sql
set password for root@localhost=password('password');
set password for root@'127.0.0.1'=password('password');
delete from mysql.user where user='';
delete from mysql.user where password='';
drop database test;- 测试,配置文件是否正确
[root@linuxprobe ~]# salt "*" state.apply test=True
vdevops.org:
----------
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql} --permanent_|-run:
----------
__run_num__:
7
changes:
----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql} --permanent" would have been executed
duration:
0.198
name:
/bin/firewall-cmd --add-service={http,https,mysql} --permanent
result:
None
start_time:
19:09:39.481991
cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}_|-run:
----------
__run_num__:
6
changes:
----------
comment:
Command "/bin/firewall-cmd --add-service={http,https,mysql}" would have been executed
duration:
0.328
name:
/bin/firewall-cmd --add-service={http,https,mysql}
result:
None
start_time:
19:09:39.481608
cmd_|-setup_mariadb_|-/bin/mysql -u root < /tmp/setup.sql_|-run:
...
# 不报错执行
[root@linuxprobe ~]# salt "*" state.apply- 确认安装的服务是否正常
[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status httpd'
vdevops.org:
* httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2016-11-15 19:11:41 CST; 20min ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 3261 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
|-3261 /usr/sbin/httpd -DFOREGROUND
|-3262 /usr/sbin/httpd -DFOREGROUND
|-3263 /usr/sbin/httpd -DFOREGROUND
|-3264 /usr/sbin/httpd -DFOREGROUND
|-3265 /usr/sbin/httpd -DFOREGROUND
`-3266 /usr/sbin/httpd -DFOREGROUND
Nov 15 19:11:41 vdevops.org systemd[1]: Starting The Apache HTTP Server...
Nov 15 19:11:41 vdevops.org httpd[3261]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vdevops.org. Set the 'ServerName' directive globally to suppress this message
Nov 15 19:11:41 vdevops.org systemd[1]: Started The Apache HTTP Server.
[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status mariadb'
vdevops.org:
* mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2016-11-15 19:11:45 CST; 21min ago
Main PID: 3397 (mysqld_safe)
CGroup: /system.slice/mariadb.service
|-3397 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
`-3554 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: The latest information about MariaDB is available at http://mariadb.org/.
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: You can find additional information about the MySQL part at:
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://dev.mysql.com
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Support MariaDB development by buying support/new features from MariaDB
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Corporation Ab. You can contact us about this at sales@mariadb.com.
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Alternatively consider joining our community based development effort:
Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/
Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Nov 15 19:11:45 vdevops.org systemd[1]: Started MariaDB database server.
# 测试php页面
[root@linuxprobe ~]# curl http://vdevops.org/index.php
Salt State Test PageSalt : 使用 Salt-cp
[root@linuxprobe ~]# salt-cp '*' anaconda-ks.cfg /tmp/
{'vdevops.org': {'/tmp/anaconda-ks.cfg': True}}本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2016年11月15日,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
