CentOS 7 部署saltstack服务
来源:互联网 发布:java jar 设置jdk 编辑:程序博客网 时间:2024/06/06 05:27
SaltStack 简介
- Salt,,一种全新的基础设施管理方式,部署轻松,在几分钟内可运行起来,扩展性好,很容易管理上万台服务器,速度够快,服务器之间秒级通讯。salt底层采用动态的连接总线, 使其可以用于编配, 远程执行, 配置管理等等.
- SaltStack 官网:https://saltstack.com/
- SaltStack 官方文档:https://docs.saltstack.com/en/latest/
- SaltStack github地址:
SaltStack 安装
- 安装salt-master on Salt Master Host.
# install from EPEL[root@linuxprobe~]# yum --enablerepo=epel -y install salt-master[root@linuxprobe~]# systemctl start salt-master[root@linuxprobe~]# systemctl enable salt-masterCreated symlink from /etc/systemd/system/multi-user.target.wants/salt-master.service to /usr/lib/systemd/system/salt-master.service.
- On Salt Master Server, If Firewalld is running, allow related ports.
[root@linuxprobe~]# firewall-cmd --add-port={4505/tcp,4506/tcp} --permanentsuccess[root@linuxprobe~]# firewall-cmd --reloadsuccess
- 安装 salt-minion on Salt Minion Host.
# install from EPEL[root@vdevops~]# yum --enablerepo=epel -y install salt-minion[root@vdevops~]# sed -i 's/\#master: salt/master: linuxprobe.org/' /etc/salt/minion[root@vdevops~]# systemctl start salt-minion[root@vdevops~]# systemctl enable salt-minion Created symlink from /etc/systemd/system/multi-user.target.wants/salt-minion.service to /usr/lib/systemd/system/salt-minion.service.
Salt Clinet客户端启动之后会发送public-key 到Salt Master获取认证. Salt Master 可以接收client发过来的认证请求。
# show the list of keys[root@linuxprobe master]# salt-key -LAccepted Keys:Denied Keys:Unaccepted Keys:vdevops.orgRejected Keys:# permit all keys with "A" option[root@linuxprobe master]# salt-key -AThe following keys are going to be accepted:Unaccepted Keys:vdevops.orgProceed? [n/Y] y #确认Key for minion vdevops.org accepted.[root@linuxprobe master]# salt-key -LAccepted Keys:vdevops.orgDenied Keys:Unaccepted Keys:Rejected Keys:# 测试连接[root@linuxprobe ~]# salt '*' test.pingvdevops.org: True
saltstack基础使用
Saltstack的基础用法就是从master执行命令同步到客户端
salt [option] [target] [function] [arguments]
参考文档:https://docs.saltstack.com/en/latest/ref/modules/all/index.html
- 查看函数用法
[root@linuxprobe ~]# salt '*' sys.doc | less'acl.delfacl:' Remove specific FACL from the specified file(s) CLI Examples: salt '*' acl.delfacl user myuser /tmp/house/kitchen salt '*' acl.delfacl default:group mygroup /tmp/house/kitchen salt '*' acl.delfacl d:u myuser /tmp/house/kitchen salt '*' acl.delfacl g myuser /tmp/house/kitchen /tmp/house/livingroom salt '*' acl.delfacl user myuser /tmp/house/kitchen recursive=True'acl.getfacl:' Return (extremely verbose) map of FACLs on specified file(s) CLI Examples: salt '*' acl.getfacl /tmp/house/kitchen salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom salt '*' acl.getfacl /tmp/house/kitchen /tmp/house/livingroom recursive=True ...
- It’s possible to specify targets with various way
# specify all Minions# test.ping means that make sure Minions are acitive[root@linuxprobe ~]# salt '*' test.pingvdevops.org: Truelinuxprobe.org: True# specify a Minion "vdevops.org"# disk.usage means that make sure current disk usag [root@linuxprobe ~]# salt 'vdevops.org' disk.usagevdevops.org: ---------- /: ---------- 1K-blocks: 18307072 available: 16866300 capacity: 8% filesystem: /dev/mapper/centos-root used: 1440772 # specify some Minions with List(comma separated)# status.loadavg means that make sure load averages [root@linuxprobe ~]# salt -L 'vdevops.org,linuxprobe.org' status.loadavg vdevops.org: ---------- 1-min: 0.0 15-min: 0.05 5-min: 0.01linuxprobe.org: ---------- 1-min: 0.02 15-min: 0.06 5-min: 0.08# specify Minions with expression (example means "node00-99.srv.world")# selinux.getenforce means that make sure SELinux operating mode[root@dlp ~]# salt -E 'node[0-9][0-9].srv.world' selinux.getenforcenode02.srv.world: Enforcingnode01.srv.world: Enforcing # specify Minions which OS is CentOS with Grains Data# grains.item kernelrelease means that make sure Kernel version from grains.item data# Grains is the word used in Salt and which keeps Minions' OS data and others [root@linuxprobe ~]# salt -G 'os:CentOS' grains.item kernelreleasevdevops.org: ---------- kernelrelease: 3.10.0-327.36.2.el7.x86_64linuxprobe.org: ---------- kernelrelease: 3.10.0-327.el7.x86_64
- 自定义目标组
[root@linuxprobe ~]# vi /etc/salt/master# line 12: uncommentdefault_include: master.d/*.conf[root@linuxprobe ~]# mkdir /etc/salt/master.d[root@linuxprobe ~]# vi /etc/salt/master.d/nodegroups.conf # create new# group_org : # group_os : specify OS is CentOSnodegroups: group_org: 'L@linuxprobe.org,vdevops.org' group_os: 'G@os:CentOS'[root@linuxprobe ~]# systemctl restart salt-master# run to a target group_os[root@linuxprobe master.d]# salt -N 'group_os' cmd.run 'hostname'vdevops.org: vdevops.orglinuxprobe.org: linuxprobe.org
Salt State文件使用
学习如何配置Salt State文件对于学习saltstack和使用salt很重要,state文件采用yaml格式编写
- 首先,定义文件根目录放状态,默认/srv/salt
[root@linuxprobe ~]# vi /etc/salt/master# line 417: uncomment and define root directoryfile_roots: base: - /srv/salt[root@linuxprobe ~]# mkdir /srv/salt
要将状态文件放在根目录下,可以使用salt命令将配置应用到Minions,下面的示例,将wget包安装到Minions
# (any file name).sls[root@linuxprobe ~]# vi /srv/salt/default.sls# create newinstall_wget: pkg.installed: - name: wget[root@linuxprobe ~]# salt "vdevops.org" state.sls defaultvdevops.org:---------- ID: install_wget Function: pkg.installed Name: wget Result: True Comment: The following packages were installed/updated: wget Started: 18:54:59.514712 Duration: 14193.327 ms Changes: ---------- wget: ---------- new: 1.14-10.el7_0.1 old:Summary------------Succeeded: 1 (changed=1)Failed: 0------------Total states run: 1# 确认[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'rpm -q wget'vdevops.org: wget-1.14-10.el7_0.1.x86_64
配置状态树的示例
- 将top.sls称为“顶部文件”在您定义的根目录下
root@linuxprobe ~]# vi /srv/salt/top.slsbase: # define target Minions '*': # define the name of State file - default# create State file defined in Top File[root@linuxprobe ~]# vi /srv/salt/default.sls# for example, Install and start httpd and MariaDB and also install PHPwebserver: pkg.installed: - pkgs: - httpd - php - php-mbstring - php-pear - mariadb-server/var/www/html/index.php: file: - managed - source: salt://httpd/index.php - require: - pkg: webserver# initial setup script/tmp/setup.sql: file: - managed - source: salt://httpd/setup.sqlenable_httpd: service.running: - name: httpd - enable: True - require: - pkg: webserverenable_mariadb: service.running: - name: mariadb - enable: True - require: - pkg: webserversetup_mariadb: cmd.run: - name: '/bin/mysql -u root < /tmp/setup.sql' - require: - service: enable_mariadb# if Firewalld is running, configure services{% set fw_status = salt['service.status']('firewalld') %}{% if fw_status %}setup_fw: cmd.run: - names: - '/bin/firewall-cmd --add-service={http,https,mysql}' - '/bin/firewall-cmd --add-service={http,https,mysql} --permanent'{% endif %} # create index.php template[root@linuxprobe ~]# mkdir /srv/salt/httpd[root@linuxprobe ~]# vi /srv/salt/httpd/index.php<?php print "Salt State Test Page\n";?># create MariaDB initial setup script[root@linuxprobe ~]# vi /srv/salt/httpd/setup.sqlset password for root@localhost=password('password');set password for root@'127.0.0.1'=password('password'); delete from mysql.user where user='';delete from mysql.user where password='';drop database test;
- 测试,配置文件是否正确
[root@linuxprobe ~]# salt "*" state.apply test=Truevdevops.org: ---------- cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql} --permanent_|-run: ---------- __run_num__: 7 changes: ---------- comment: Command "/bin/firewall-cmd --add-service={http,https,mysql} --permanent" would have been executed duration: 0.198 name: /bin/firewall-cmd --add-service={http,https,mysql} --permanent result: None start_time: 19:09:39.481991 cmd_|-setup_fw_|-/bin/firewall-cmd --add-service={http,https,mysql}_|-run: ---------- __run_num__: 6 changes: ---------- comment: Command "/bin/firewall-cmd --add-service={http,https,mysql}" would have been executed duration: 0.328 name: /bin/firewall-cmd --add-service={http,https,mysql} result: None start_time: 19:09:39.481608 cmd_|-setup_mariadb_|-/bin/mysql -u root < /tmp/setup.sql_|-run:...# 不报错执行[root@linuxprobe ~]# salt "*" state.apply
- 确认安装的服务是否正常
[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status httpd'vdevops.org: * httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-11-15 19:11:41 CST; 20min ago Docs: man:httpd(8) man:apachectl(8) Main PID: 3261 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service |-3261 /usr/sbin/httpd -DFOREGROUND |-3262 /usr/sbin/httpd -DFOREGROUND |-3263 /usr/sbin/httpd -DFOREGROUND |-3264 /usr/sbin/httpd -DFOREGROUND |-3265 /usr/sbin/httpd -DFOREGROUND `-3266 /usr/sbin/httpd -DFOREGROUND Nov 15 19:11:41 vdevops.org systemd[1]: Starting The Apache HTTP Server... Nov 15 19:11:41 vdevops.org httpd[3261]: AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using vdevops.org. Set the 'ServerName' directive globally to suppress this message Nov 15 19:11:41 vdevops.org systemd[1]: Started The Apache HTTP Server.[root@linuxprobe ~]# salt "vdevops.org" cmd.run 'systemctl status mariadb'vdevops.org: * mariadb.service - MariaDB database server Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2016-11-15 19:11:45 CST; 21min ago Main PID: 3397 (mysqld_safe) CGroup: /system.slice/mariadb.service |-3397 /bin/sh /usr/bin/mysqld_safe --basedir=/usr `-3554 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: The latest information about MariaDB is available at http://mariadb.org/. Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: You can find additional information about the MySQL part at: Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://dev.mysql.com Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Support MariaDB development by buying support/new features from MariaDB Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Corporation Ab. You can contact us about this at sales@mariadb.com. Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: Alternatively consider joining our community based development effort: Nov 15 19:11:42 vdevops.org mariadb-prepare-db-dir[3318]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/ Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'. Nov 15 19:11:42 vdevops.org mysqld_safe[3397]: 161115 19:11:42 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql Nov 15 19:11:45 vdevops.org systemd[1]: Started MariaDB database server.# 测试php页面[root@linuxprobe ~]# curl http://vdevops.org/index.phpSalt State Test Page
Salt : 使用 Salt-cp
[root@linuxprobe ~]# salt-cp '*' anaconda-ks.cfg /tmp/{'vdevops.org': {'/tmp/anaconda-ks.cfg': True}}
0 0
- CentOS 7 部署saltstack服务
- Saltstack自动化部署apache服务
- CentOS 7 安装 saltstack
- centos下saltstack的安装与部署
- 服务自动化部署平台之Saltstack总结
- CentOS 7 部署RabbitMQ 服务
- CentOS 7 部署RabbitMQ 服务
- CentOS 7 部署RabbitMQ 服务
- CentOS 7 部署RabbitMQ 服务
- CentOS 7 部署RabbitMQ 服务
- SaltStack部署
- centos squid 代理服务部署
- CentOS 7.2 部署Redis服务
- CentOS 7.2 部署Rsync服务
- 使用saltstack部署openstack
- Saltstack:Crontab部署
- Saltstack 安装部署
- saltstack api部署,使用.
- BLE协议栈Central 工程中与广播连接建立的事件
- Java测试域名稳定性
- Spark 2.0技术预览:更容易、更快速、更智能
- Hibernate与MyBatis的不同
- c++中pow函数
- CentOS 7 部署saltstack服务
- Java 之父求职被嫌年纪大,硅谷公司现在喜欢“小鲜肉”,不爱“老古董” 作者:程序媛Adele
- 批处理常用特殊符号
- 编码,解码,乱码,问题详解
- 关于java开发的性能问题总结
- HSI、HSV、RGB、CMYK、HSL、HSB、Ycc、XYZ、Lab、YUV颜色模型的区别
- Android UI - 实现广告Banner轮播效果
- C语言base64编码与解码
- 指针易混肴的定义方式详解