程序博客网 > java jar 设置jdk

CentOS 7 部署saltstack服务

来源:互联网 发布:java jar 设置jdk 编辑:程序博客网 时间:2024/06/06 05:27

SaltStack 简介

  • Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
  • SaltStack 官网:https://saltstack.com/
  • SaltStack 官方文档:https://docs.saltstack.com/en/latest/
  • SaltStack github地址:

SaltStack 安装

  • 安装salt-master on Salt Master Host. 
# install from EPEL[root@linuxprobe~]# yum --enablerepo=epel -y install salt-master[root@linuxprobe~]# systemctl start salt-master[root@linuxprobe~]# systemctl enable salt-masterCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
  • On Salt Master Server, If Firewalld is running, allow related ports. 
[root@linuxprobe~]# firewall-cmd --add-port={4505/tcp,4506/tcp} --permanentsuccess[root@linuxprobe~]# firewall-cmd --reloadsuccess
  • 安装 salt-minion on Salt Minion Host.
# install from EPEL[root@vdevops~]# yum --enablerepo=epel -y install salt-minion[root@vdevops~]# sed -i 's/\#master: salt/master: linuxprobe.org/' /etc/salt/minion[root@vdevops~]# systemctl start salt-minion[root@vdevops~]# systemctl enable salt-minion Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.

Salt Clinet客户端启动之后会发送public-key 到Salt Master获取认证. Salt Master 可以接收client发过来的认证请求。

# show the list of keys[root@linuxprobe master]# salt-key -LAccepted Keys:Denied Keys:Unaccepted Keys:vdevops.orgRejected Keys:# permit all keys with "A" option[root@linuxprobe master]# salt-key -AThe following keys are going to be accepted:Unaccepted Keys:vdevops.orgProceed? [n/Y] y  #确认Key for minion vdevops.org accepted.[root@linuxprobe master]# salt-key -LAccepted Keys:vdevops.orgDenied Keys:Unaccepted Keys:Rejected Keys:# 测试连接[root@linuxprobe ~]# salt '*' test.pingvdevops.org:    True

saltstack基础使用

Saltstack的基础用法就是从master执行命令同步到客户端
salt [option] [target] [function] [arguments]
参考文档:https://docs.saltstack.com/en/latest/ref/modules/all/index.html

  • 查看函数用法
[root@linuxprobe ~]# salt '*' sys.doc | less'acl.delfacl:'    Remove specific FACL from the specified file(s)    CLI Examples:        salt '*' acl.delfacl user myuser /tmp/house/kitchen        salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen        salt '*' acl.delfacl d:u myuser /tmp/house/kitchen        salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom        salt '*' acl.delfacl user myuser /tmp/house/kitchen recursive=True'acl.getfacl:'    Return (extremely verbose) map of FACLs on specified file(s)    CLI Examples:        salt '*' acl.getfacl /tmp/house/kitchen        salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom        salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom recursive=True        ...
  • It’s possible to specify targets with various way
# specify all Minions# test.ping means that make sure Minions are acitive[root@linuxprobe ~]# salt '*' test.pingvdevops.org:    Truelinuxprobe.org:    True# specify a Minion "vdevops.org"# disk.usage means that make sure current disk usag [root@linuxprobe ~]# salt 'vdevops.org' disk.usagevdevops.org:    ----------    /:        ----------        1K-blocks:            18307072        available:            16866300        capacity:            8%        filesystem:            /dev/mapper/centos-root        used:            1440772   # specify some Minions with List(comma separated)# status.loadavg means that make sure load averages [root@linuxprobe ~]# salt -L 'vdevops.org,linuxprobe.org' status.loadavg vdevops.org:    ----------    1-min:        0.0    15-min:        0.05    5-min:        0.01linuxprobe.org:    ----------    1-min:        0.02    15-min:        0.06    5-min:        0.08# specify Minions with expression (example means "node00-99.srv.world")# selinux.getenforce means that make sure SELinux operating mode[root@dlp ~]# salt -E 'node[0-9][0-9].srv.world' selinux.getenforcenode02.srv.world:    Enforcingnode01.srv.world:    Enforcing   # specify Minions which OS is CentOS with Grains Data# grains.item kernelrelease means that make sure Kernel version from grains.item data# Grains is the word used in Salt and which keeps Minions' OS data and others [root@linuxprobe ~]# salt -G 'os:CentOS' grains.item kernelreleasevdevops.org:    ----------    kernelrelease:        3.10.0-327.36.2.el7.x86_64linuxprobe.org:    ----------    kernelrelease:        3.10.0-327.el7.x86_64
  • 自定义目标组
[root@linuxprobe ~]# vi /etc/salt/master# line 12: uncommentdefault_include: master.d/*.conf[root@linuxprobe ~]# mkdir /etc/salt/master.d[root@linuxprobe ~]# vi /etc/salt/master.d/nodegroups.conf # create new# group_org : # group_os : specify OS is CentOSnodegroups:  group_org: 'L@linuxprobe.org,vdevops.org'  group_os: 'G@os:CentOS'[root@linuxprobe ~]# systemctl restart salt-master# run to a target group_os[root@linuxprobe master.d]# salt -N 'group_os' cmd.run 'hostname'vdevops.org:    vdevops.orglinuxprobe.org:    linuxprobe.org

Salt State文件使用

学习如何配置Salt State文件对于学习saltstack和使用salt很重要,state文件采用yaml格式编写

  • 首先,定义文件根目录放状态,默认/srv/salt
 [root@linuxprobe ~]# vi /etc/salt/master# line 417: uncomment and define root directoryfile_roots:  base:    - /srv/salt[root@linuxprobe ~]# mkdir /srv/salt

要将状态文件放在根目录下,可以使用salt命令将配置应用到Minions,下面的示例,将wget包安装到Minions

 # (any file name).sls[root@linuxprobe ~]# vi /srv/salt/default.sls# create newinstall_wget:  pkg.installed:    - name: wget[root@linuxprobe ~]# salt "vdevops.org" state.sls defaultvdevops.org:----------          ID: install_wget    Function: pkg.installed        Name: wget      Result: True     Comment: The following packages were installed/updated: wget     Started: 18:54:59.514712    Duration: 14193.327 ms     Changes:                 ----------              wget:                  ----------                  new:                      1.14-10.el7_0.1                  old:Summary------------Succeeded: 1 (changed=1)Failed:    0------------Total states run:     1# 确认[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'rpm -q wget'vdevops.org:    wget-1.14-10.el7_0.1.x86_64

配置状态树的示例

  • 将top.sls称为“顶部文件”在您定义的根目录下
root@linuxprobe ~]# vi /srv/salt/top.slsbase:  # define target Minions  '*':    # define the name of State file    - default# create State file defined in Top File[root@linuxprobe ~]# vi /srv/salt/default.sls# for example, Install and start httpd and MariaDB and also install PHPwebserver:  pkg.installed:    - pkgs:      - httpd      - php      - php-mbstring      - php-pear      - mariadb-server/var/www/html/index.php:  file:    - managed    - source: salt://httpd/index.php    - require:      - pkg: webserver# initial setup script/tmp/setup.sql:  file:    - managed    - source: salt://httpd/setup.sqlenable_httpd:  service.running:    - name: httpd    - enable: True    - require:      - pkg: webserverenable_mariadb:  service.running:    - name: mariadb    - enable: True    - require:      - pkg: webserversetup_mariadb:  cmd.run:    - name: '/bin/mysql -u root < /tmp/setup.sql'    - require:      - service: enable_mariadb# if Firewalld is running, configure services{% set fw_status = salt['service.status']('firewalld') %}{% if fw_status %}setup_fw:  cmd.run:    - names:      - '/bin/firewall-cmd --add-service={http,https,mysql}'      - '/bin/firewall-cmd --add-service={http,https,mysql} --permanent'{% endif %} # create index.php template[root@linuxprobe ~]# mkdir /srv/salt/httpd[root@linuxprobe ~]# vi /srv/salt/httpd/index.php<?php   print "Salt State Test Page\n";?># create MariaDB initial setup script[root@linuxprobe ~]# vi /srv/salt/httpd/setup.sqlset password for root@localhost=password('password');set password for root@'127.0.0.1'=password('password'); delete from mysql.user where user='';delete from mysql.user where password='';drop database test;
  • 测试,配置文件是否正确
[root@linuxprobe ~]# salt "*" state.apply test=Truevdevops.org:    ----------    cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql} --permanent_|-run:        ----------        __run_num__:            7        changes:            ----------        comment:            Command "/bin/firewall-cmd --add-service={http,https,mysql} --permanent" would have been executed        duration:            0.198        name:            /bin/firewall-cmd --add-service={http,https,mysql} --permanent        result:            None        start_time:            19:09:39.481991    cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}_|-run:        ----------        __run_num__:            6        changes:            ----------        comment:            Command "/bin/firewall-cmd --add-service={http,https,mysql}" would have been executed        duration:            0.328        name:            /bin/firewall-cmd --add-service={http,https,mysql}        result:            None        start_time:            19:09:39.481608    cmd_|-setup_mariadb_|-/bin/mysql -u root < /tmp/setup.sql_|-run:...# 不报错执行[root@linuxprobe ~]# salt "*" state.apply
  • 确认安装的服务是否正常
[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status httpd'vdevops.org:    * httpd.service - The Apache HTTP Server       Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)       Active: active (running) since Tue 2016-11-15 19:11:41 CST; 20min ago         Docs: man:httpd(8)               man:apachectl(8)     Main PID: 3261 (httpd)       Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"       CGroup: /system.slice/httpd.service               |-3261 /usr/sbin/httpd -DFOREGROUND               |-3262 /usr/sbin/httpd -DFOREGROUND               |-3263 /usr/sbin/httpd -DFOREGROUND               |-3264 /usr/sbin/httpd -DFOREGROUND               |-3265 /usr/sbin/httpd -DFOREGROUND               `-3266 /usr/sbin/httpd -DFOREGROUND    Nov 15 19:11:41 vdevops.org systemd[1]: Starting The Apache HTTP Server...    Nov 15 19:11:41 vdevops.org httpd[3261]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vdevops.org. Set the 'ServerName' directive globally to suppress this message    Nov 15 19:11:41 vdevops.org systemd[1]: Started The Apache HTTP Server.[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status mariadb'vdevops.org:    * mariadb.service - MariaDB database server       Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)       Active: active (running) since Tue 2016-11-15 19:11:45 CST; 21min ago     Main PID: 3397 (mysqld_safe)       CGroup: /system.slice/mariadb.service               |-3397 /bin/sh /usr/bin/mysqld_safe --basedir=/usr               `-3554 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: The latest information about MariaDB is available at http://mariadb.org/.    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: You can find additional information about the MySQL part at:    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://dev.mysql.com    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Support MariaDB development by buying support/new features from MariaDB    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Corporation Ab. You can contact us about this at sales@mariadb.com.    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Alternatively consider joining our community based development effort:    Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/    Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.    Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql    Nov 15 19:11:45 vdevops.org systemd[1]: Started MariaDB database server.# 测试php页面[root@linuxprobe ~]# curl http://vdevops.org/index.phpSalt State Test Page

Salt : 使用 Salt-cp

[root@linuxprobe ~]#  salt-cp '*' anaconda-ks.cfg /tmp/{'vdevops.org': {'/tmp/anaconda-ks.cfg': True}}
0 0
java jar 设置jdk java jar 设置jdk
原创粉丝点击
热门IT博客
淘宝卖家借贷在哪里淘宝卖家借贷在哪里
linux运维发展方向linux运维发展方向
sql后缀文件如何打开
北方广电网络缴费
周杰伦唱功 知乎
数据挖掘工程师面试题
上海市大数据创新基地
百度seo排名优化
wlan 数据分流技术
python飞机大战源码
南风成女脸型数据
狼蛛绝地求生数据
linux oracle创建监听
淘宝店铺花呗分期
c语言中for什么意思
淘宝邮箱在哪里
unity3d 人物骨骼绑定
下载枪林弹雨刷枪软件
cf手游外卦软件
java商城项目经验
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 微客营销 微聊客下载 微客平台 什么是微客 微客是什么 微客联盟 微录客vlook 微客录 微客来公众平台 微客来代理商 微录客app 微客设计 微莱客 微录客下载 小姐微客 微圈客 微客app 微切客 微录客广场 微客汽车 解放微客 开瑞微客 江淮微客 微客信息 金杯微客 微录客 福利 vlook微录客 微客披萨 微客来产品 微客手机 云微客网站 微客咖啡休闲餐厅 意微客 柳微车 众泰微车 微密圈是什么软件 微密科技 吕丘露微 微小反义词 微小近义词 睾丸微小

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里