自動化運維工具:saltstack
配置yum源:(解決依賴性)
兩臺虛擬機:
dd4:yum install salt-master
dd5:yum install salt-minion
dd5:vim /etc/salt/minion (指定master)
注意:master和minion之間通信是要有證書的所以兩臺虛擬機要時間同步,要有解析
/etc/init.d/salt-minion start
dd4:/etc/init.d/salt-master start
master 與minion之間交流要有key (爲了安全起見)
dd4:
salt-key -L (列出鑰匙)
Accepted Keys:
Denied Keys:
Unaccepted Keys:
dd5.example.com
salt-key -A (拿到鑰匙)
The following keys are going to be accepted:
Unaccepted Keys:
dd5.example.com
Proceed? [n/Y] y
Key for minion dd5.example.com accepted.
測試:(支持操作一個網段的主機)
cmd.run(遠程模塊 支持任何shell腳本)
模塊遠程安裝httpd:(base)
dd4:vim /etc/salt/master (注意格式 空格空格 !!!)
file_roots:
base:
-/srv/salt
/etc/init.d/salt-master restart
mkdir /srv/salt/httpd
mkdir file
vim apache.sls(必需要以.sls結尾) (pkgfile service都是所調用的模塊 下面是模塊調用的方法)
apache-install: (安裝軟件包)
pkg.installed:
- name:httpd
apache-config: (更改配置文件)
file.managed:
- name:/etc/httpd/conf/httpd.conf
- source:salt://httpd/file/httpd.conf
- mode:644
- user:root
- group:root
-require:
- pkg:apache-install (這個寫的是 id(名稱) 就是文件的第一行)
apache-service: (啓動服務)
service.running:
- name:httpd
- enable:Ture (開機自啓)
- reload:Ture (更改後重新加載 不用重新啓動)
- watch: (minion與master之間建立更改聯繫)
- file:apache-config
默認md5方式加密傳輸:
dd4:cd /srv/salt/httpd/file
md5sum httpd.conf
dd5:cd /var/cache/salt/minion/files/base/httpd/file
md5sum httpd.conf
測試:
不同服務對應不同虛擬機:(再開一臺虛擬機 dd3 本地要有解析)
cd /srv/salt
vim top.sls
base:
'dd5.example.com':
-httpd.apache
'dd3.example.com':
-httpd.apache
源碼安裝:
cd /srv/salt/nginx
vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- gcc
-pcre-devel
-openssl-devel
file.managed: (把服務器端的源碼推到客戶端的哪裏)
- name:/mnt/nginx-1.10.1.tar.gz (放到客戶端的哪裏)
- source:salt://nginx/file/nginx-1.10.1.tar.gz (來源:服務端的資源在哪裏 客戶端去哪裏找 )
cmd.run:
- name:cd /mnt;tar zxf nginx-1.10.1.tar.gz;cd nginx-1.10.1;./configure--prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module--with-file-aio --with-threads &> /dev/null && make &>/dev/null && make install &> /dev/null
-creates: /usr/local/nginx (如果存在就不執行)
- unless:test -d /usr/local/nginx (第二種方式除非這個目錄不存在時安裝)
測試: salt 'dd3.example.com' state.slsnginx.install
源碼安裝nginx升級版:
cd /srv/salt
mkdir pkg
vim install.sls
pkg-install:
pkg.installed:
- pkgs:
- gcc
-pcre-devel
-openssl-devel
mkdir user
vim nginx.sls
nginx-user:
group.present:
- name:nginx
- gid:1000
user.present:
- name:nginx
- uid:1000
- gid:1000
- shell:/sbin/nologin
cd /srv/salt/nginx
vim install.sls
include:
-pkg.install
-user.nginx
nginx-source:
file.managed:
- name:/mnt/nginx-1.10.1.tar.gz
- source:salt://nginx/file/nginx-1.10.1.tar.gz
nginx-install:
cmd.run:
- name:cd /mnt;tar zxf nginx-1.10.1.tar.gz;cd nginx-1.10.1;./configure--prefix=/usr/local/nginx --user=nginx --group=nginx --with-http_ssl_module--with-http_stub_status_module --with-file-aio --with-threads &>/dev/null && make &> /dev/null && make install &>/dev/null
-creates: /usr/local/nginx
-require:
- pkg: pkg-install
- file:nginx-source
- user: nginx-user
nginx服務的配置:
cd /srv/salt/nginx
vim service.sls
include:
-nginx.install
nginx-config:
file.managed:
- name:/usr/local/nginx/conf/nginx.conf
- source:salt://nginx/file/nginx.conf
nginx-init:
file.managed:
- name: /etc/init.d/nginx
- source:salt://nginx/file/nginx
- mode: 755
cmd.run:
- name:chkconfig --add nginx
- unless:chkconfig --list nginx
-require:
- file:nginx-init
service.running:
- name:nginx
- enable:True
- reload:True
- watch:
- file: nginx-config
nginx+haproxy (用haproxy做負載均衡)
dd1dd3 dd4 dd22(haproxy)
mkdir/srv/salt/haproxy/
vimhaproxy.sls
Vim /file/haproxy.cfg
cd /srv/salt
vim top.sls
base:
'dd3.example.com':
- nginx.nginx
'dd4.example.com':
-nginx.nginx
'dd22.example.com':
-haproxy.haproxy