saltstack实践 - 自动化平台部署
saltstack实践 - 自动化平台部署
saltstack 实践
部署
master 服务端
- 安装shell
yum install salt-master salt-minion salt-ssh \
salt-syndic salt-cloud salt-api -y
sed -i 's/#master: salt/master: 127.0.0.1/g' /etc/salt/minion
grep -r ^file_roots /etc/salt/master || cat > /etc/salt/master<< EOF
auto_accept: True
hash_type: sha256
#指定files和pillar环境的路径
file_roots:
base:
- /srv/salt/base
dev:
- /srv/salt/dev
prod:
- /srv/salt/prod
pillar_roots:
live:
- /srv/salt/pillar/live
game:
- /srv/salt/pillar/game
#主机分组
nodegroups:
node: 'E@node'
web: 'E@nginx'
zk: 'E@zookeeper*'
redis: 'E@redis*'
mongo: 'E@mongo*'
redis_and_mongo: 'E@mongodb* and E@redis*'
apps: '* and not N@web and not N@zk and not N@es and not N@mongodb and not N@redis'
#salt -N apps test.ping #检测应用虚拟机
EOF
systemctl enable salt-master ; chkconfig salt-master on
systemctl enable salt-minion ; chkconfig salt-minion on
systemctl restart salt-master ; service salt-master restart
systemctl restart salt-minion ; service salt-minion restartminion 客户端
- 初始化shell
#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
#centos7 python2
#yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el6.noarch.rpm
#centos6 python
#yum install https://repo.saltstack.com/py3/redhat/salt-py3-repo-latest-2.el7.noarch.rpm
#centos7 python3
yum remove salt-minion -y &&rm /etc/salt/pki/minion/ -rf # 清理key
yum install salt-minion -y
[ -f "/etc/salt/minion" ] && cat > /etc/salt/minion <<EOF
master: 192.168.0.11 #ip,dns
id: $HOSTNAME
tcp_keepalive: True
tcp_keepalive_idle: 300
tcp_keepalive_cnt: -1
tcp_keepalive_intvl: -1
EOF
chkconfig salt-minion on && service salt-minion restart
#systemctl enable salt-minion && systemctl restart salt-minion 架构
双master
同步配置
salt rsync -av /etc/salt/master ops-salt-2:/etc/salt/同步文件
salt rsync -av /srv ops-salt-2:/同步key
salt rsync -av /etc/salt/pki/master ops-salt-2:/etc/salt/pkiminion端
/etc/salt/minion
master:
- ops-salt-1
- ops-salt-2生产要确保配置统一,使用rsync触发同步
syndic 多级扩展
yum install salt-syndic/etc/salt/master (master)
order_masters: True
# master端允许开启多层master/etc/salt/master (syndic)
syndic_master: 10.4.xx.xx
# syndic端指定master ip无master - salt-ssh 管理客户端
- 私钥(salt-ssh.rsa)
- 公钥初始(salt-ssh.rsa.pub)
mkdir /etc/salt/pki/master/ssh #创建salt-ssh存放目录cat roster #推荐使用key方便密码管理
account-1-3:
host: 10.x.x.3
user: super
sudo: True客户端推送key #可以和jumpserver共用
adduser super
su - super -c 'mkdir -p /home/super/.ssh; \
echo >/home/super/.ssh/authorized_keys; \
echo "ssh-rsa AAAAB*******rsQ== super@jsm-xx">>/home/super/.ssh/authorized_keys; \
chmod 700 /home/super/.ssh; \
chmod 600 /home/super/.ssh/authorized_keys;'
(grep "super" -lr /etc/sudoers)||cat >> /etc/sudoers << EOF
super ALL=(ALL) NOPASSWD: ALL
Defaults:super !requiretty
EOF初始化客户端
salt-ssh -i '*' state.sls base.init.env_init
#初始化,并按照salt-minion
salt '*' state.sls base.init.zabbix.service pillarenv="live"
#直播环境装zabbix,渲染hostname;live-redis-1无master - salt-call
调用本地模块:
salt-call --local cmd.run "uptime"本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2019年3月21日,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
云直播
云直播(Cloud Streaming Services,CSS)为您提供极速、稳定、专业的云端直播处理服务,根据业务的不同直播场景需求,云直播提供了标准直播、快直播、云导播台三种服务,分别针对大规模实时观看、超低延时直播、便捷云端导播的场景,配合腾讯云视立方·直播 SDK,为您提供一站式的音视频直播解决方案。