一、簡介
saltstack 是一個新基礎設施管理工具,可以看做是強化的Func+弱化puppet的組合,間接的反映出了saltstack的兩大功能:遠程執行命令與配置管理,
saltstack是使用python開發的,非常簡單易用和輕量級的管理工具,由master和minion構成,通過ZeroMQ進行通信
二、安裝
安裝時需要epel源的支持,請自行安裝與當系統匹配的epel源 *:安裝依賴包
yum install python-jinja2 -y
1、安裝master端
yum -y install salt-master enablerepr=epel-testing
2、安裝minion端
yum -y install salt-minion enablerepr=epel-testing
三、配置環境
a、master 1、修改本地綁定地址
sed -ie 's/^#.*interface:.*/\ interface: 192.168.2.65/g' /etc/salt/master
注:或是此處寫上主機名,並綁定/etc/hosts文件 2、自動接收所有minion的請求
sed -ie 's@^#\(auto_accept: \)False@\ \1true@g' /etc/salt/master
b、minion
1、指向master
sed -ie 's@^#.*master:.*@\ master: salt@g' /etc/salt/minion
注:由於saltstack配置文件所限,當啟用每一個配置參數時對格式有嚴格要求,書寫時請注意
四、環境測試
1、分別在master/minion中啟動服務
#service salt-master start #service salt-minion start
說明:
saltstack的master監聽於4505,minion監聽於4506;
可以將master與minion部署同一台服務器上(沒有什麼意義[哈哈~])。 2、salt 測試
[root@openapi php-fpm]# salt "*" test.ping
192.168.2.36-CentOS.backup.test.backend:
True
192.168.2.30-centos.public.test:
True
說明:salt的其它命令可用salt --help很簡單,在此不多介紹
五、salt 常用的正則表達式(部分)
a、E:正則匹配
可以在每一個句後面加一個 -l debug來顯示命令具體執行過程
[root@openapi self_userd]# salt -E '(backend81)' test.ping
backend81:
True
[root@openapi self_userd]# salt -E '(backend81)' test.ping -l debug
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Guessing ID. The id can be explicitly in set /etc/salt/minion
[INFO ] Found minion id from generate_minion_id(): openapi.test.dns.com.cn
[DEBUG ] Missing configuration file: ~/.saltrc
[DEBUG ] Configuration file path: /etc/salt/master
[DEBUG ] Reading configuration from /etc/salt/master
[DEBUG ] Guessing ID. The id can be explicitly in set /etc/salt/minion
[INFO ] Found minion id from generate_minion_id(): openapi.test.dns.com.cn
[DEBUG ] Missing configuration file: ~/.saltrc
[DEBUG ] MasterEvent PUB socket URI: ipc:///var/run/salt/master/master_event_pub.ipc
[DEBUG ] MasterEvent PULL socket URI: ipc:///var/run/salt/master/master_event_pull.ipc
[DEBUG ] LazyLoaded local_cache.get_load
[DEBUG ] get_iter_returns for jid 20150727212822728009 sent to set(['backend81']) will timeout at 21:28:27.732956
[DEBUG ] jid 20150727212822728009 return from backend81
backend81:
True
[DEBUG ] jid 20150727212822728009 found all minions set(['backend81'])
b、-L :命令行裡面一般是以列表的形式來指定對象的。
c、-G:這個參數很強大,會根據默認的grain的結果來過濾。(grains也可以自己定義)
d、-N:這個參數是基於分組的,前提是你得先分好組。(分組可以定義於主匹配文件/etc/salt/master中,也可以定義於/etc/salt/master.d/*.conf)
然後可以這樣使用
e、-C :表示tagger可是一個復合語句
[root@openapi salt]# salt -C 'G@virtual:physical and E@backend81' test.ping
backend81:
True
f、-b :一次操作多少台,也可以使使用百分比來操作(--batch-size)
[root@openapi salt]# salt "*" -b 3 grains.item os
#salt "*" --batch-size 25% grains.item os
36 Detected for this batch run
backend81 Detected for this batch run
backend84 Detected for this batch run
zabbix.server.dns.com.cn Detected for this batch run
backend83 Detected for this batch run
webdata.backup Detected for this batch run
Executing run on ['zabbix.server.dns.com.cn', 'webdata.backup', 'backend84']
webdata.backup:
----------
os:
CentOS
backend84:
----------
os:
CentOS
zabbix.server.dns.com.cn:
----------
os:
CentOS
Executing run on ['backend83', 'backend81', '36']
backend81:
----------
os:
CentOS
backend83:
----------
os:
CentOS
36:
----------
os:
CentOS
注: 更多的模塊使用說明可以使用
salt \* sys.doc |grep <模塊名稱>
salt 的每一個子命令都可以用-d來查看具體的用法
六、自定義grains
1、grains的優先級
grains可以保持在minion端、通過master端下發等多個方式來分發。但不同的方法有不同的優先級的:
a. /etc/salt/grains
b. /etc/salt/minion
c./srv/salt/_grains/ master端_grains目錄下
優先級順序依次為存在在minion端/etc/salt/minion配置文件中的同名grains會覆蓋/etc/salt/grains文件中的值, 而通過master端_grains目錄下grains文件下發的值可以會覆蓋minion端的所有同名值。比較拗口,總之記得,通過master下發的 grains優先級是最高的可,/etc/salt/minion次之,/etc/salt/grains最低(core grains不大懂,就不討論了,這個比/etc/salt/grains還低)
2、自定義grains
注: a、首先要在master端的主匹配文件中開啟file_roots
file_roots:
base:
- /srv/salt
b、如果沒有以上目錄,創建即可(此處使用_grains目錄)
[root@openapi _grains]# pwd /srv/salt/_grains
c、自定義grains字典
[root@openapi _grains]# cat ports.py
#!/usr/bin/env python
#coding:utf8
def open_moutil_port ():
grains={}
grains['web_port']='80'
grains['mysql_path']='/data/mysql'
grains['mysqld_port']='3307'
grains['max_open_file']='65535'
return grains
d、同步grains並重新加載grains(grains是“靜態”的,是每一個minion接入到master自動提交的)
[root@openapi _grains]# salt "*" saltutil.sync_all
192.168.2.36-CentOS.backup.test.backend:
----------
beacons:
grains:
modules:
outputters:
renderers:
returners:
states:
utils:
192.168.2.30-centos.public.test:
----------
beacons:
grains:
modules:
outputters:
renderers:
returners:
states:
utils:
[root@openapi _grains]# salt '*' sys.reload_modules
192.168.2.36-CentOS.backup.test.backend:
True
192.168.2.30-centos.public.test:
True
e、查詢自定義的grains
[root@openapi _grains]# salt "*" grains.item web_port
192.168.2.36-CentOS.backup.test.backend:
----------
web_port:
80
192.168.2.30-centos.public.test:
----------
web_port:
80
七、LNMP環境
1、目錄結構如下:
[root@openapi salt]# tree . ├── _grains │ └── ports.py ├── lnmp.sls ├── mysql │ ├── installed.sls │ └── my.cnf ├── nginx │ ├── default.conf │ └── installed.sls ├── php-fpm │ ├── index.php │ └── installed.sls └── top.sls
a、top文件(此文件必須存在,它定義了各minion的執行規劃)
[root@openapi salt]# cat top.sls
base:
'192.168.2.30-centos.public.test': #此處可以寫組、正則、或minion;匹配目標
- nginx.installed #這表示到那一個目錄下的那一個文件 ,此部分表示在30安裝nginx,php-fpm
- php-fpm.installed
'192.168.2.36-CentOS.backup.test.backend':
- mysql.installed #在2.36上安裝mysql-server
b、nginx目錄下的文件
[root@openapi nginx]# ll
total 8
-rw-r--r-- 1 sysadmin sysadmin 1102 Jul 29 21:50 default.conf
#nginx 默認的配置文件,只改了root目錄為/var/www/html,其它地方與/etc/nginx/conf.d/default完全一樣
-rw-r--r-- 1 root root 360 Jul 29 23:23 installed.sls
#操作文件
[root@openapi nginx]# cat installed.sls
nginx: #id
pkg.installed: #使用pkg安裝包,installed表示要安裝完成,也可以指定版本來保證所有環境使用同一版本軟件包
- name: nginx #包名,如果沒有將繼承id名稱
service.running: #服務狀態
- enable: True #是否啟動
- reload: True #重新載入
- watch: #監控文件
- file: /etc/nginx/conf.d/default.conf #如果此文件發生變化將文件重新裝載到服務中
- require: #依賴
- pkg: nginx #包名
file.managed: #文件操作
- name: /etc/nginx/conf.d/default.conf #文件名
- source: salt://nginx/default.conf #base下那一個文件
- user: nginx #用戶
- group: root #組
- mode: 644 #權限
- backup: minion #將上一個版本的文件備份。(如果有的話)
- require: #依賴
- pkg: nginx
c、mysql目錄下的文件
[root@openapi mysql]# ll
total 8
-rw-r--r-- 1 root root 434 Jul 29 23:07 installed.sls #操作文件
-rw-r--r-- 1 sysadmin sysadmin 775 Jul 29 22:26 my.cnf #默認的匹配文件
[root@openapi mysql]# cat installed.sls
mysql-server:
pkg.installed:
- name: mysql-server
service.running:
- name: mysqld
- enable: True
- reload: True
- watch:
- file: /etc/my.cnf
- require:
- pkg: mysql-server
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/my.cnf
- user: mysql
- group: mysql
- mode: 644
- backup: minion
mysql:
pkg.installed:
- name: mysql
myslq-devel:
pkg.installed:
- name: mysql-devel
d、php-fpm目錄下的文件
[root@openapi php-fpm]# ll
total 8
-rw-r--r-- 1 root root 22 Jul 29 22:35 index.php
-rw-r--r-- 1 root root 351 Jul 29 23:34 installed.sls
[root@openapi php-fpm]# cat index.php #php測試頁面
<?php
phpinfo()
?>
[root@openapi php-fpm]# cat installed.sls
php-xcache:
pkg.installed:
- name: php-xcache
php-fpm:
pkg.installed:
- name: php-fpm
service.running:
- enable: Ture
- require:
- pkg: php-fpm
file.managed:
- name: /var/www/html/index.php
- source: salt://php-fpm/index.php
- user: nginx
- group: root
- mode: 644
- require:
- pkg: php-fpm
注:在php-fpm中的installed.sls如果需要的模塊不是php-fpm依賴的必需定義到phf-fpm之前,如果先安裝完成php-fpm後安裝所需要的php模塊,還要重新reloadphp-fpm服務才能生效
e、定義順序文件 lnmp環境一般要先行安裝數據庫-->web服務-->php-fpm所以要定義一下兩台不同服務執行執行順序。
[root@openapi salt]# pwd
/srv/salt
[root@openapi salt]# cat lnmp.sls
db_setup: #id
salt.state: #狀態
- tgt: '192.168.2.36-CentOS.backup.test.backend' #目標與base定義的一樣
- highstate: True
web_setup:
salt.state:
- tgt: '192.168.2.30-centos.public.test'
- highstate: True
- require: #依賴
- salt: db_setup
2、執行操作
salt-run state.orchestrate lnmp
注: 也可以使用如下命令測試
salt-run state.orchestrate lnmp test=Ture
剩下說等待操作完成了 3、最絡執行結果
[root@openapi nginx]# salt-run state.orchestrate lnmp
openapi.test.dns.com.cn_master:
----------
ID: db_setup
Function: salt.state
Result: True
Comment: States ran successfully. No changes made to 192.168.2.36-CentOS.backup.test.backend.
Started: 23:27:11.401701
Duration: 3533.27 ms
Changes:
----------
ID: web_setup
Function: salt.state
Result: True
Comment: States ran successfully. Updating 192.168.2.30-centos.public.test.
Started: 23:27:14.936140
Duration: 46763.368 ms
Changes:
192.168.2.30-centos.public.test:
----------
ID: nginx
Function: pkg.installed
Result: True
Comment: Package nginx is already installed.
Started: 23:29:08.840872
Duration: 971.023 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/nginx/conf.d/default.conf
Result: True
Comment: File /etc/nginx/conf.d/default.conf is in the correct state
Started: 23:29:09.816842
Duration: 5.82 ms
Changes:
----------
ID: nginx
Function: service.running
Result: True
Comment: Service nginx is already enabled, and is in the desired state
Started: 23:29:09.822994
Duration: 273.52 ms
Changes:
----------
ID: php-fpm
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: php-fpm
Started: 23:29:10.097200
Duration: 26085.157 ms
Changes:
----------
php-fpm:
----------
new:
5.3.3-46.el6_6
old:
----------
ID: php-fpm
Function: service.running
Result: True
Comment: Started Service php-fpm
Started: 23:29:36.192137
Duration: 301.652 ms
Changes:
----------
php-fpm:
True
----------
ID: php-fpm
Function: file.managed
Name: /var/www/html/index.php
Result: True
Comment: File /var/www/html/index.php updated
Started: 23:29:36.499508
Duration: 23.542 ms
Changes:
----------
diff:
New file
mode:
0644
user:
nginx
----------
ID: php-xcache
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: php-xcache
Started: 23:29:36.527960
Duration: 16844.534 ms
Changes:
----------
php-xcache:
----------
new:
3.0.4-1.el6
old:
Summary
------------
Succeeded: 7 (changed=4)
Failed: 0
------------
Total states run: 7
Summary
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
溫馨提示:在卸載軟件包時,千萬不要用yum、yum、yum. a、查看服務狀態
[root@openapi salt]# salt "192.168.2.36-CentOS.backup.test.backend" service.status mysqld
192.168.2.36-CentOS.backup.test.backend:
Ture
[root@openapi salt]# salt "192.168.2.30-centos.public.test" service.status nginx
192.168.2.30-centos.public.test:
Ture
[root@openapi salt]# salt "192.168.2.30-centos.public.test" service.status php-fpm
192.168.2.30-centos.public.test:
Ture
b、測試php
#########################到此lnmp部署完成###############################
ps:
其它了服務也是同理,是重要的是注意操作文件的格式及服務執行的先後順序。
原文:http://essun.blog.51cto.com/721033/1679860
