目录
1 SaltStack简介
2 SaltStack安装
2.1 测试环境
| 主机名 |
操作系统 |
IP地址 |
备注 |
| master01.lavenliu.com |
CentOS 6.5 64位 |
192.168.20.134 |
Salt主控端 |
| minion01.lavenliu.com |
192.168.20.135 |
Salt被控端 |
|
| minion02.lavenliu.com |
192.168.20.136 |
Salt被控端 |
在3台机器上分别安装EPEL源,
rpm -ivh http://mirrors.ustc.edu.cn/fedora/epel//6/x86_64/epel-release-6-8.noarch.rpm
2.2 安装SaltStack
2.2.1 Salt之Master端安装
yum install -y salt-master
2.2.2 Salt之Minion端安装
yum install -y salt-minion
3 SaltStack配置
3.1 理解YAML
SLS文件的默认渲染器是YAML渲染器。书写SLS文件只有简单的三条规则。
3.2 常用YAML关键字说明
3.2.1 unless
3.2.2 include
3.2.3 require
我依赖哪个state
3.2.4 require_in
哪个state依赖我
3.2.5 watch
3.3 Salt之Master端配置
Salt主控端的配置如下:
[root@master01 ~]# egrep -v "^#|^$" /etc/salt/master
interface:192.168.20.134
file_roots:
base:
- /etc/salt/states
prod:
- /etc/salt/states/prod
Salt Master常用的配置说明:
+ interface: 指定bind的地址(默认为0.0.0.0)
+ publish_port: 指定发布端口(默认为4506)
+ ret_port: 指定结果返回端口,与minion配置文件中的master_port对应(默认为4506)
+ user: 指定master进程的运行用户,如果调整,则需要调整部分目录的权限(默认为root)
+ timeout: 指定超时时间,如果minion规模庞大或网络状况不稳定,建议增大该值(默认5s)
+ keep_jobs: 默认情况下,minion会将执行结果返回给master,master会缓存到本地的cachedir目录,该参数指定缓存多长时间,以供查看之前
的执行结果,会占用磁盘空间(默认为24h)
+ file_recv: 是否允许minion传送文件到master(默认False)
+ file_roots:
+ pillar_roots: 指定pillar目录,默认为:
+ log_level: 执行日志级别,支持的日志级别有"garbage", "trace", "debug", "info", "warning", "error", "critical" (默认warning)
接下来创建我们指定的目录,在主控端进行操作:
mkdir -p /etc/salt/states/{init,prod}
修改完毕,启动Salt Master并加入开机启动,操作如下:
/etc/init.d/salt-master start
chkconfig salt-master on
启动完毕,进行salt的进程的验证,是否启动成功,
[root@master01 ~]# ps -ef |grep salt |grep -v grep
root 2028 1 0 11:20 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2029 2028 0 11:20 ? 00:00:09 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2030 2028 0 11:20 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2033 2028 0 11:20 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2034 2028 0 11:20 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2037 2034 0 11:20 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2038 2034 0 11:20 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2039 2034 0 11:20 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2040 2034 0 11:20 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2041 2034 0 11:20 ? 00:00:01 /usr/bin/python2.6 /usr/bin/salt-master -d
root 2042 2034 0 11:20 ? 00:00:00 /usr/bin/python2.6 /usr/bin/salt-master -d
检查是否加入开机自启动,
[root@master01 ~]# chkconfig --list |grep salt
salt-master 0:off 1:off 2:on 3:on 4:on 5:on 6:off
3.4 Salt之Minion端配置
被控端的配置很简单,只需要修改一处配置就可以让主控端与被控端进行正常的通信。在minion01及minion02上做如下的配置,如下:
[root@minion01 ~]# egrep -v "^#|^$" /etc/salt/minion
master: master01.lavenliu.com
[root@minion02 ~]# egrep -v "^#|^$" /etc/salt/minion
master: master01.lavenliu.com
这里我们使用了Salt主控端的主机名而非主控端的IP地址,主要是我们这里已经配置了DNS解析,所以使用了主机名。如果我们没有配置DNS的域名解析服务,我们改写master: <salt_master_ip>的形式来使用。
Salt Minion常用的配置说明:
+ master:指定master主机(默认为salt)
+ master_port: 指定认证和执行结果发送到master的哪个端口,与master配置文件中的ret_port对应(默认为4506)
+ id: 指定本minion的标识,salt内部使用id作为标识(默认为主机名)
+ user: 指定运行minion的用户,用于安装包、启动服务等操作需要特权用户,推荐使用root(默认root)
+ cache_jobs: minion是否
启动Salt Minion并加入开机启动,在minion01及minion02上进行操作
/etc/init.d/salt-minion start
chkconfig salt-minion on
接下来验证Salt Minion是否启动成功,
ps -ef |grep salt |grep -v grep
root 1655 1 0 11:56 ? 00:00:03 /usr/bin/python2.6 /usr/bin/salt-minion -d
chkconfig --list |grep salt
salt-minion 0:off 1:off 2:on 3:on 4:on 5:on 6:off
3.5 签发证书
Salt的Master及Minion端第一次启动时都会生成证书,而Master端在生成证书之前,还会创建一个CA,并且自己将证书签发。而Minion端默认会向Master端发起一个证书请求让Master端签发,以建立信任关系。
在主控端使用salt-key来查看Minion端的证书申请请求,
[root@master01 states]# salt-key
Accepted Keys:
Denied Keys:
Unaccepted Keys:
minion01.lavenliu.com
minion02.lavenliu.com
Rejected Keys:
接受Minion端的申请,
salt-key -A
3.6 Master端与Minion端的通信测试
以上设置完毕,接下来验证Master与Minion端是否可以正常通信,使用test.ping进行验证,操作如下:
[root@master01 states]# salt '*' test.ping
minion01.lavenliu.com:
True
minion02.lavenliu.com:
True
返回两个True时,说明我们的Salt配置已成功。在此基础上,我们就可以做更多的配置管理了,在接下来的章节中进行说明。
4 SaltStack基本使用
我们日常简单的执行命令、查看安装包情况、查看服务运行状态情况等工作都是通过SaltStack的模块实现的。当我们安装完毕Master与Minion后,系统默认会安装很多模块,接下来具体看看怎么使用这些模块。
4.1 模块使用相关
4.1.1 查看Minion的所有模块
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.list_modules
minion01.lavenliu.com:
- acl
- aliases
- alternatives
- apache
- archive
- artifactory
- blockdev
- btrfs
- buildout
- cloud
- cmd
此处省略很多行
- timezone
- user
- vbox_guest
- virtualenv
- webutil
- xfs
4.1.2 查看Minion指定模块下的函数
接下来,我们查看cmd模块有哪些方法,
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.list_functions cmd
minion01.lavenliu.com:
- cmd.exec_code
- cmd.exec_code_all
- cmd.has_exec
- cmd.retcode
- cmd.run
- cmd.run_all
- cmd.run_chroot
- cmd.run_stderr
- cmd.run_stdout
- cmd.script
- cmd.script_retcode
- cmd.shell
- cmd.shells
- cmd.tty
- cmd.which
- cmd.which_bin
4.1.3 查看Minion模块的使用方法
查看cmd模块的使用方法,
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.doc cmd
'cmd.exec_code:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. The stdout will be returned.
CLI Example:
salt '*' cmd.exec_code ruby 'puts "cheese"'
'cmd.exec_code_all:'
Pass in two strings, the first naming the executable language, aka -
python2, python3, ruby, perl, lua, etc. the second string containing
the code you wish to execute. All cmd artifacts (stdout, stderr, retcode, pid)
will be returned.
CLI Example:
此处省略很多行
以上输出的信息很多,我们可以只查看某个模块下的某个函数的使用方法。比如我们这里要查看cmd模块下的run方法的使用,操作如下,
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.doc cmd.run
'cmd.run:'
Execute the passed command and return the output as a string
Note that ``env`` represents the environment variables for the command, and
should be formatted as a dict, or a YAML string which resolves to a dict.
Warning:
This function does not process commands through a shell
unless the python_shell flag is set to True. This means that any
shell-specific functionality such as 'echo' or the use of pipes,
redirection or &&, should either be migrated to cmd.shell or
have the python_shell=True flag set here.
The use of python_shell=True means that the shell will accept _any_ input
including potentially malicious commands such as 'good_command;rm -rf /'.
Be absolutely certain that you have sanitized your input prior to using
python_shell=True
CLI Example:
此处省略很多行
4.2 States使用相关
States是SaltStack中的配置管理语言。比如我们在日常配置管理时需要编写大量的States文件,具体要安装一个软件包,然后管理其服务配置文件,最后保证该服务正常运行。针对上述步骤我们要编写一些States SLS文件来描述和实现上述功能。
4.2.1 查看Minion的所有states列表
要查看Minion端所支持的states有哪些,操作如下:
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.list_state_modules
minion01.lavenliu.com:
- acl
- alias
- alternatives
- apache
- archive
- artifactory
- blockdev
- buildout
- cloud
- cmd
- composer
- cron
- disk
此处省略很多行
4.2.2 查看指定States模块下的函数
比如我们要查看与file states相关的函数,操作如下:
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.list_state_functions file
minion01.lavenliu.com:
- file.absent
- file.accumulated
- file.append
- file.blockreplace
- file.comment
- file.copy
- file.directory
- file.exists
- file.managed
- file.missing
- file.mknod
- file.mod_run_check_cmd
- file.patch
- file.prepend
- file.recurse
- file.rename
- file.replace
- file.serialize
- file.symlink
- file.touch
- file.uncomment
4.2.3 查看指定States模块的使用方法
在上一小节,我们列出了很多与States相关的模块,具体如何使用它们呢?我们可以在命令行查看其帮助信息。比如我们要查看file相关的使用帮助,可以操作如下,
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.state_doc file
此处省略无数行
由于上面输出的内容较多,故未列出。如何使用file的append函数呢?操作如下,
[root@master01 ~]# salt 'minion01.lavenliu.com' sys.state_doc file.append
此处省略N行
5 SaltStack常用模块使用
5.1 cmd模块
5.1.1 run函数
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
[root@master01
states]
# salt '*' cmd.run "hostname"
minion02.lavenliu.com:
minion02.lavenliu.com
minion01.lavenliu.com:
minion01.lavenliu.com
[root@master01
states]
# salt '*' cmd.run "hostname -I"
minion01.lavenliu.com:
192.168.20.135
192.168.19.132
minion02.lavenliu.com:
192.168.20.136
192.168.19.133
|
5.2 pkg模块
5.2.1 installed函数
salt '*' pkg.installed name=vim
5.3 service模块
5.4 file模块
5.4.1 managed函数
5.4.2 append函数
5.5 state模块
6 SaltStack配置管理实例
文件目录结构为:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@master01 states]
# tree
.
├── init
│ ├──files
│ │ └── vimrc
│ ├──pkg.sls
│ ├──
test
.sls
│ └──vim.sls
├── prod
│ ├──jdk
│ │ ├── files
│ │ │ └── jdk-8u65-linux-x64.
tar
.gz
│ │ └──
install
.sls
│ ├──keepalived
│ │ └── files
│ │ └── keepalived-1.2.16.
tar
.gz
│ ├──libevent
│ │ ├── files
│ │ │ └── libevent-2.0.22-stable.
tar
.gz
│ │ └──
install
.sls
│ ├──memcached
│ │ ├── files
│ │ │ └── memcached-1.4.25.
tar
.gz
│ │ ├──
install
.sls
│ │ └── service.sls
│ ├──nginx
│ │ └── files
│ └──tomcat
│ ├── files
│ │ └── apache-tomcat-8.0.28.
tar
.gz
│ └──
install
.sls
└──
top
.sls
15 directories,
15 files
|
6.1 安装基础软件包
6.2 安装JDK
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
[root@master01
states]
# cat prod/jdk/install.sls
jdk-
install
:
file
.managed:
- name:
/usr/local/src/jdk-8u65-linux-x64
.
tar
.gz
-
source
: salt:
//prod/jdk/files/jdk-8u65-linux-x64
.
tar
.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name:
cd
/usr/local/src
&&
tar
-xf jdk-8u65-linux-x64.
tar
.gz &&
mv
jdk1.8.0_65 jdk
&&
chown
-R root:root jdk
- unless:
test
-d
/usr/local/jdk
/etc/profile
:
file
.append:
- text:
-
export
JAVA_HOME=
/usr/local/jdk
-
export
JRE_HOME=${JAVA_HOME}
/jre
-
CLASS_PATH=${JAVA_HOME}
/lib
:${JRE_HOME}
/lib
-
PATH=$PATH:$JAVA_HOME
/bin
|
如何使用,
|
1
|
salt
'*'
state.sls prod.jdk.
install
|
6.3 安装Tomcat
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
[root@master01
states]
# cat prod/tomcat/install.sls
include:
- prod.jdk
tomcat-
install
:
file
.managed:
- name:
/usr/local/src/apache-tomcat-8
.0.28.
tar
.gz
-
source
: salt:
//prod/tomcat/files/apache-tomcat-8
.0.28.
tar
.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name:
cd
/usr/local/src
&&
tar
-xf apache-tomcat-8.0.28.
tar
.gz &&
ln
-s
apache-tomcat-8.0.28 tomcat &&
chown
-R root:root apache-tomcat-8.0.28
- unless:
test
-d
/usr/local/apache-tomcat-8
.0.28
|
如何使用,
salt '*' state.sls prod.tomcat.install
6.4 安装Nginx
6.5 安装MySQL
这里使用源码的方式进行编译安装。安装配置的大致流程是:
-
1. 首先安装MySQL的依赖包;
-
2. 创建MySQL用户并设置UID及GID为601;
-
3. 开始编译安装MySQL;
-
4. 创建MySQL的套接字存放的目录;
-
5. 设置MySQL环境变量,以便在命令行直接使用MySQL相关的命令行工具;
-
6. 初始化MySQL数据库;
-
7. 设置MySQL的启动脚本;
-
8. 将MySQL加入开机自启动;
-
9. 设置MySQL安装目录的权限为mysql用户及组。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
[root@master01
mysql]
# cat install.sls
dependency-
install
:
pkg.installed:
- names:
- ncurses-devel
- libaio-devel
- cmake
mysql:
user.present:
- fullname: MySQL Server
- shell:
/sbin/nologin
- createhome:
false
- uid: 601
- gid: 601
mysql-
install
:
file
.managed:
- name:
/usr/local/src/mysql-5
.5.32.
tar
.gz
-
source
:
salt:
//prod/mysql/files/mysql-5
.5.32.
tar
.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name:
cd
/usr/local/src
&&
tar
-xf mysql-5.5.32.
tar
.gz &&
cd
mysql-5.5.32 &&
cmake . -DCMAKE_INSTALL_PREFIX=
/application/mysql-5
.5.32
-DMYSQL_DATADIR=
/application/mysql-5
.5.32
/data
-DMYSQL_UNIX_ADDR=
/application/mysql-5
.5.32
/sock/mysql
.sock
-DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci
-DEXTRA_CHARSETS=gbk,gb2312,utf8,ascii -DENABLED_LOCAL_INFILE=ON
-DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_FEDERATED_STORAGE_ENGINE=1
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DWITHOUT_EXAMPLE_STORAGE_ENGINE=1
-DWITHOUT_PARTITION_STORAGE_ENGINE=1 -DWITH_FAST_MUTEXES=1 -DWITH_ZLIB=bundled
-DENABLED_LOCAL_INFILE=1 -DWITH_READLINE=1 -DWITH_EMBEDDED_SERVER=1
-DWITH_DEBUG=0 &&
make
&&
make
install
&&
ln
-s
/application/mysql-5
.5.32
/application/mysql
- unless:
test
-d
/application/mysql-5
.5.32
- require:
- pkg:
dependency-
install
-
file
:
mysql-
install
/application/mysql-5
.5.32
/sock
:
file
.directory:
- user: mysql
- group: mysql
- dir_mode: 755
require:
- user: mysql
- cmd: mysql-
install
setup-mysql-
env
:
file
.append:
install
-mysql-db:
cmd.run:
- name: sh
/application/mysql-5
.5.32
/scripts/mysql_install_db
--basedir=
/application/mysql-5
.5.32 --datadir=
/application/mysql-5
.5.32
/data
- require:
- cmd:
mysql-
install
init-mysql:
file
.managed:
- name:
/etc/init
.d
/mysqld
-
source
:
/application/mysql-5
.5.32
/support-files/mysql
.server
- user: root
- group: root
- mode: 755
chkconfig-on-mysql:
cmd.run:
- name: chkconfig --add
mysqld
- unless: chkconfig --list |
grep
mysqld
- require:
-
file
:
/etc/init
.d
/mysqld
/application/mysql-5
.5.32:
file
.directory:
- user: mysql
- group: mysql
- dir_mode: 755
- recurse:
- user
- group
- mode
require:
- user: mysql
- cmd: mysql-
install
|
如何执行呢?
salt 'minion02.lavenliu.com' state.sls prod.mysql.install
6.6 安装PHP
6.7 安装Redis
这里使用YUM的方式进行安装Redis,SLS文件如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[root@master01
redis]
# pwd
/etc/salt/states/prod/redis
# 目录结构为
[root@master01
redis]
# tree
.
├── files
│ └──redis.conf
└── server.sls
1
directory, 2 files
|
server.sls文件的内容为:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
[root@master01
redis]
# cat server.sls
redis-server:
pkg.installed:
- name: redis
file
.managed:
- name:
/etc/redis
.conf
-
source
:
salt:
//prod/redis/files/redis
.conf
- user: root
- group: root
- mode: 644
service.running:
- name: redis
-
enable
: True
- reload: True
-
watch
:
-
file
:
redis-server
|
redis.conf的配置文件为:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
[root@master01
redis]
# egrep -v "(^#|^$)" files/redis.conf
daemonize
yes
pidfile
/var/run/redis/redis
.pid
port 6379
bind 0.0.0.0
timeout 0
loglevel
notice
logfile
/var/log/redis/redis
.log
databases
16
save 900
1
save 300
10
save 60
10000
rdbcompression
yes
dbfilename
dump.rdb
dir
/var/lib/redis/
slave-serve-stale-data
yes
appendonly
no
appendfsync
everysec
no-appendfsync-on-rewrite
no
auto-aof-rewrite-percentage
100
auto-aof-rewrite-min-size
64mb
slowlog-log-slower-than
10000
slowlog-max-len
1024
vm-enabled
no
vm-swap-
file
/tmp/redis
.swap
vm-max-memory
0
vm-page-size
32
vm-pages 134217728
vm-max-threads 4
hash
-max-zipmap-entries 512
hash
-max-zipmap-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set
-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing
yes
|
6.8 安装ELK Stack
6.9 安装OpenStack
后续会继续更新
附件:http://down.51cto.com/data/2367793
