概述
saltstack是一个服务器基础设施管理工具,它具有配置管理、远程执行、监控等功能。saltstack由python语言编写,是非常简单易用和轻量级的管理工具。
saltstack原理
saltstack由master和minion构成,Master是服务端,表示一台服务器;Minion是客户服务端,表示多台服务器。在Master上发送命令给符合条件的Minion,Minion就会执行相应的命令,Master和Minion之间通过ZeroMQ(消息队列)进行通信的。
SaltStack常用模块
- pkg模块:包管理,包括增删更新。
- file模块:管理文件操作,包括同步文件、设置文件权限和所属用户组、删除文件等操作。
- cmd模块:在Minion上执行命令或者脚本。
- user模块:管理系统账号操作。
- service模块:管理系统服务操作。
- cron模块:管理cron服务操作。
SaltStack批量部署并配置Apache
部署环境
三台服务器的部署参数如表所示:
操作步骤
1.SaltStack安装
1)设置三台服务器的名称和hosts文件,重启服务器便于系统识别。
master:
[root@master salt]# vim /etc/hostname
master.saltstack.com
[root@master salt]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com
minion1:
[root@web01 ~]# vim /etc/hostname
web01.saltstack.com
[root@web01 ~]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com
minion2:
[root@web01 ~]# vim /etc/hostname
web02.saltstack.com
[root@web01 ~]# vim /etc/hosts
192.168.126.138 master.saltstack.com
192.168.126.147 web01.saltstack.com
192.168.126.157 web02.saltstack.com
~
2)三台服务上都需要安装epel源
[root@master salt]# yum install epel-release -y
3)在主控端(master)上安装saltstack软件。
[root@master salt]# yum install salt-master -y
4)配置主控端文件/etc/salt/master。
[root@master salt]# vim /etc/salt/master
interface: 192.168.126.138 #15行 /监听地址本地地址
auto_accept: True #215行 /自动认证被控端的认证
file_roots: #416行 /saltstack文件根目录位置,注意这个目录默认是没有的,需要创建。
base:
- /srv/salt
pillar_roots: #529行 /修改pillar的主目录,需要创建。
base:
- /srv/pillar
pillar_opts: True #552行 /开启pillar功能
nodegroups: #710行 /组的分类
group1: 'web01.saltstack.com'
group2: 'web02.saltstack.com'
5)查看主控端修改的内容
[root@master ~]# cat /etc/salt/master | grep -v ^$ | grep -v ^#
interface: 192.168.126.138
auto_accept: True
file_roots:
base:
- /srv/salt
pillar_roots:
base:
- /srv/pillar
pillar_opts: True
nodegroups:
group1: 'web01.saltstack.com'
group2: 'web02.saltstack.com'
6)创建salt根目录及pillar目录
[root@master ~]# mkdir /srv/salt
[root@master ~]# mkdir /srv/pillar
7)开启salt-master服务并查看4505端口和4506端口是否开启
[root@master ~]#systemctl stop firewalld.service
[root@master ~]#setenforce 0
[root@master ~]#systemctl start salt-master.service
[root@master ~]# netstat -ntap | egrep '4505|4506'
tcp 0 0 192.168.126.138:4505 0.0.0.0:* LISTEN 5918/python
tcp 0 0 192.168.126.138:4506 0.0.0.0:* LISTEN 5936/python
8)在两台被控端(minion)上安装saltstack软件
[root@web01 ~]#yum install salt-minion -y
9)配置两台被控端配置文件/etc/salt/minion
[root@web01 ~]#vim /etc/salt/minion
master: 192.168.126.138 #16行 /指定主控端IP
id: web01.saltstack.com #78行 /指定被控主机名
10)分别启动两台被控端服务
[root@web01 ~]#systemctl stop firewalld.service
[root@web01 ~]#setenforce 0
[root@web01 ~]#systemctl start salt-minion.service
11)测试主控端与被控端的通信状态
[root@master ~]# salt '*' test.ping
web01.saltstack.com:
True
web02.saltstack.com:
True
2.saltstack批量部署Apache
1)修改配置文件/etc/salt/master
[root@master ~]# vim /etc/salt/master
file_roots:
base:
- /srv/salt/
注意:环境:base、dev(开发环境)、test(测试环境)、prod(生成环境)
2)创建top.sls文件并写入以下内容
[root@master ~]# vim /srv/salt/top.sls
base:
'*': #表示在所有的客户端执行apache模块
- apache
~
3)创建apache.sls文件并写入以下内容
[root@master ~]# vim /srv/salt/apache.sls
apache-service:
pkg.installed:
- names:
- httpd
- httpd-devel
service.running:
- name: httpd
- enable: True
4)重启salt-master服务
[root@master ~]#systemctl restart salt-master
5)刷新state配置命令,让两台被控端去执行安装apache并配置。
[root@master salt]# salt '*' state.highstate
web02.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 15:41:54.228461
Duration: 157517.576 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-80.el7.centos.1
old:
httpd-tools:
----------
new:
2.4.6-80.el7.centos.1
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 15:44:31.928768
Duration: 61210.573 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-80.el7.centos.1
old:
libdb:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-24.el7
old:
libdb-utils:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-15.el7_5
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-15.el7_5
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:45:33.717897
Duration: 4787.005 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
web01.saltstack.com:
----------
ID: apache-service
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 15:41:54.383424
Duration: 157125.605 ms
Changes:
----------
apr:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util:
----------
new:
1.5.2-6.el7
old:
httpd:
----------
new:
2.4.6-80.el7.centos.1
old:
httpd-tools:
----------
new:
2.4.6-80.el7.centos.1
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: pkg.installed
Name: httpd-devel
Result: True
Comment: The following packages were installed/updated: httpd-devel
Started: 15:44:31.684541
Duration: 63010.684 ms
Changes:
----------
apr-devel:
----------
new:
1.4.8-3.el7_4.1
old:
apr-util-devel:
----------
new:
1.5.2-6.el7
old:
cyrus-sasl:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-devel:
----------
new:
2.1.26-23.el7
old:
cyrus-sasl-gssapi:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-lib:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-md5:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-plain:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
cyrus-sasl-scram:
----------
new:
2.1.26-23.el7
old:
2.1.26-21.el7
expat-devel:
----------
new:
2.1.0-10.el7_3
old:
httpd-devel:
----------
new:
2.4.6-80.el7.centos.1
old:
libdb:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
libdb-devel:
----------
new:
5.3.21-24.el7
old:
libdb-utils:
----------
new:
5.3.21-24.el7
old:
5.3.21-20.el7
openldap:
----------
new:
2.4.44-15.el7_5
old:
2.4.44-5.el7
openldap-devel:
----------
new:
2.4.44-15.el7_5
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 15:45:35.659786
Duration: 4142.607 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
通过执行结果看到了三个ID,它们相当于三个任务,第一个安装,第二个配置,第三个启动。而且显示三个都成功了,失败为零。
6)查看被控端httpd是否安装80端口是否开启
[root@web02 ~]# rpm -q httpd
httpd-2.4.6-80.el7.centos.1.x86_64
[root@web02 ~]# netstat -ntap | grep 80
tcp6 0 0 :::80 :::* LISTEN 4550/httpd
[root@web01 ~]# rpm -q httpd
httpd-2.4.6-80.el7.centos.1.x86_64
[root@web01 ~]# netstat -ntap | grep 80
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1280/dnsmasq
tcp6 0 0 :::80 :::* LISTEN 4688/httpd
部署成功