SaltStack项目实战(二)
架构图:
配置思路
(1).系统初始化
Base环境下存放所有系统都要执行的状态,调整内核参数,dns,装zabbix-agent等
(2).功能模块(如:上面的haproxy)
如上面的haproxy nginx php memcached等服务,每一个服务都建一个目录,把每一个服务要执行的状态都放在这个目录下.
(3).业务模块
以业务为单位,一个业务里可能包含haproxy,nginx,php等,业务需要什么服务就把功能模块里对应的服务include
1.编辑配置文件修改file_roots,并且建立对应目录
- [root@node1 ~]# vim /etc/salt/master
- file_roots:
- base:
- - /srv/salt/base
- test:
- - /srv/salt/test
- prod:
- - /srv/salt/prod
- [root@node1 ~]# /etc/init.d/salt-master restart
- 注:top.sls必须放在base环境下
- [root@node1 ~]# mkdir /srv/salt/test 测试环境目录
- [root@node1 ~]# mkdir /srv/salt/base 基础环境目录
- [root@node1 ~]# mkdir /srv/salt/prod 生产环境目录
2.系统初始化模块
- [root@node1 ~]# mkdir /srv/salt/base/init/ #创建一个系统初始化的目录
- [root@node1 ~]# mkdir /srv/salt/base/init/files/ #创建一个文件目录,存放一些初始化需要的文件
- [root@node1 ~]# cd /srv/salt/base/
- [root@node1 base]# tree
- ├── init
- │ ├── files
- └── top.sls
- [root@node1 base]# cd init/
- (1).配置dns
- [root@node1 init]# cat dns.sls
- /etc/resolv.conf: #这里是指定name,这里没有指定ID
- file.managed: #文件管理方法
- - source: salt://init/files/resolv.conf #这个路径式相当与配置文件中/srv/salt/base/
- - user: root
- - group: root
- - mode : 644
- [root@node1 init]# cat files/resolv.conf
- nameserver 192.168.10.1
(2)历史命令显示时间
- [root@node1 init]# cat history.sls
- /etc/profile:
- file.append: #文件追加的方法
- - text:
- - export HISTTIMEFORMAT="%F %T `whoami`" #执行之后该语句会被追加到/etc/profile
(3).log日志记录谁在什么时间使用了什么命令
- [root@node1 init]# cat audit.sls
- /etc/bashrc:
- file.append:
- - text:
- - export PROMPT_COMMAND='{ msg=$(history 1|{ read x y;echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
(4)内核调优
- [root@node1 init]# cat sysctl.sls
- vm.swappiness:
- sysctl.present:
- - value: 0
- net.ipv4.ip_local_port_range:
- sysctl.present:
- - value: 10000 65000
- fs.file-max:
- sysctl.present:
- - value: 100000
- 注:上面的路径
- /proc/sys/net/ipv4/ip_local_port_range #监听端口
- /proc/sys/fs/file-max #打开最大文件数
- /proc/sys/vm/swappiness #交换分区
(5)将上面的状态include到 env_init.sls
- [root@node1 init]# cat env_init.sls
- include:
- - init.dns
- - init.history
- - init.audit
- - init.sysctl
(6).编写top.sls执行以上状态
- [root@node1 init]# vim /srv/salt/base/top.sls
- [root@node1 init]# cat /srv/salt/base/top.sls
- base:
- '*':
- - init.env_init #这里只需要执行init目录下的env_init.sls即可,
(7)注:以上环境中用到的一些命令
- export HISTTIMEFORMAT="%F %T `whoami`" #该命令是将%F %T `whoami`命令执行的结果赋给变量HISTTIMEFORMAT,用export将其变成环境变量
- export PROMPT_COMMAND='{ msg=$(history 1|{ read x y;echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
- 执行该命令之后会在log日志里记录用户使用命令的情况,如:
- [root@node1 base]# uptime
- 05:17:38 up 4:08, 4 users, load average: 0.00, 0.00, 0.00
- [root@node1 base]# tail -1 /var/log/messages
- Aug 11 05:17:38 node1 root: [euid=root]:root pts/3 2017-08-11 04:07 (192.168.10.1):[/srv/salt/base]uptime
- [root@node1 init]# salt "*" state.highstate test=True #这里可以测试一下前面所配置的是否成功
3.功能模块-------基础包模块
- [root@node1 ~]# mkdir /srv/salt/prod/pkg #基础包目录
- [root@node1 ~]# cd /srv/salt/prod/pkg/
- [root@node1 pkg]# vim pkg-init.sls #安装一些基础的包
- [root@node1 pkg]# cat pkg-init.sls
- pkg-init: #这里就是ID号,唯一性
- pkg.installed: #安装包的模块.方法
- - names: #安装包的名字
- - gcc
- - gcc-c++
- - glibc
- - make
- - autoconf
- - openssl
- - openssl-devel
4.功能模块--------haproxy模块
- #安装haproxy说明:该模块采用编译安装,用模块安装之前先用一台主机测试一下
- #cd /usr/local/src/
- #tar xf haproxy-1.6.2.tar.gz
- #cd haproxy-1.6.2
- #make TARGET=linux26 PREFIX=/usr/local/haproxy &&make install PREFIX=/usr/local/haproxy
- #vim haproxy.init 启动脚步路径修改
- #BIN=/usr/local/haproxy/sbin/$BASENAME
- #修改之后
- #cp haproxy.init /srv/salt/prod/haproxy/files/
- [root@node1 ~]# mkdir /srv/salt/prod/haproxy #haprox模块目录
- [root@node1 ~]# mkdir /srv/salt/prod/haproxy/files #存放haprox的一些文件
- [root@node1 ~]# ll /srv/salt/prod/haproxy/files/
- -rw-r--r--. 1 root root 1538976 Aug 11 2017 haproxy-1.6.2.tar.gzhaproxy #源码包
- -rw-r--r--. 1 root root 2395 Aug 11 08:31 haproxy.inithaproxy #启动脚本
- [root@node1 ~]# cd /srv/salt/prod/haproxy/
- [root@node1 haproxy]# vim install.sls
- include:
- - pkg.pkg-init #这是个相对目录,意思是调用/srv/salt/prod/目录下的pkg目录下的pkg-init.sls
- haproxy-install: #ID
- file.managed:
- - name: /usr/local/src/haproxy-1.6.2.tar.gz #name 声明,没有ID可以把name声明放在ID位置
- - source: salt://haproxy/files/haproxy-1.6.2.tar.gz #这里也是相对路径/srv/salt/prod/,源码包所在
- - user: root
- - group: root
- - mode: 755
- cmd.run: #将要执行的命令放在这个模块下
- - name: cd /usr/local/src/ && tar xf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy &&make install PREFIX=/usr/local/haproxy
- - unless: test -d /usr/local/haproxy #/usr/local/haproxy 目录不存在才执行cmd命令
- - require: #指定依赖
- - pkg: pkg-init #依赖pkg-init这个ID的pkg模块,这个模块必须执行成功才执行本模块cmd.run
- - file: haproxy-install #依赖haproxy-install这个ID的file模块
- haproxy-init:
- file.managed:
- - name: /etc/init.d/haproxy
- - source: salt://haproxy/files/haproxy.init
- - user: root
- - group: root
- - mode: 755
- - require:
- - cmd: haproxy-install
- cmd.run:
- - name: chkconfig --add haproxy
- - unless: chkconfig --list|grep haproxy
- - require:
- - file: haproxy-init
- net.ipv4.ip_nonlocal_bind: #/proc/sys/net/ipv4/ip_nonlocal_bind,这里只需要写相对路径
- sysctl.present:#sysctl #模块,管理内核模块
- - value: 1 #默认不让监听非本地ip,改为1后可以监听
- haproxy-config-dir: #ID
- file.directory:
- - name: /etc/haproxy #创建配置文件目录
- - user: root
- - group: root
- - mode: 755
- [root@node1 haproxy]# salt 'node1' state.sls haproxy.install env=prod #手动测试一下
5.业务模块-------haproxy模块
- [root@node1 ~]# mkdir /srv/salt/prod/cluster
- [root@node1 ~]# mkdir /srv/salt/prod/cluster/files
- [root@node1 ~]# cd /srv/salt/prod/cluster/files
- [root@node1 files]# vim haproxy-outside.cfg #负载均衡文件
- global
- maxconn 100000
- chroot /usr/local/haproxy
- uid 99
- gid 99
- daemon
- nbproc 1
- pidfile /usr/local/haproxy/logs/haproxy.pid
- log 127.0.0.1 local3 info
- defaults
- option http-keep-alive
- maxconn 100000
- mode http
- timeout connect 5000ms
- timeout client 5000ms
- timeout server 5000ms
- listen stats
- mode http
- bind 0.0.0.0:8888
- stats enable
- stats uri /haproxy-status
- stats auth haproxy:saltstack
- frontend frontend_www_example_com
- bind 192.168.10.150:80
- mode http
- option httplog
- log global
- default_backend backend_www_example_com
- backend backend_www_example_com
- option forwardfor header X-REAL-IP
- option httpchk HEAD / HTTP/1.0
- balance roundrobin
- server web-node1 192.168.10.129:8080 check inter 2000 rise 30 fall 15
- server web-node2 192.168.10.128:8080 check inter 2000 rise 30 fall 15
- [root@node1 cluster]# cd /srv/salt/prod/cluster/
- [root@node1 cluster]# cat haproxy-outside.sls
- include:
- - haproxy.install #执行haproxy目录下的install.sls
- haproxy-service:#ID
- file.managed:
- - name: /etc/haproxy/haproxy.cfg #安装之后配置文件的名字
- - source: salt://cluster/files/haproxy-outside.cfg #源配置文件,前面已经写好
- - user: root
- - group: root
- - mode: 644
- service.running: #service模块下的running方法,作用:启动服务
- - name: haproxy #服务名字
- - enable: True #是否开机启动
- - reload: True #是否reload,如果不加,配置文件变了会restart
- - require:
- - cmd: haproxy-init #依赖haproxy-init下的cmd,意思是启动脚本那步必须执行成功
- - watch: #关注某个文件状态
- - file: haproxy-service #关注haproxy-service ID下的file模块里的文件,文件改变会reload
6.编辑top.sls
- [root@node1 base]# cd /srv/salt/base/
- [root@node1 base]# vim top.sls
- base:
- '*':
- - init.env_init #所有主机都执行init目录下的env_init.sls
- prod:
- 'node1':
- - cluster.haproxy-outside #node1执行cluster目录下的haproxy-outside.sls
- 'node2':
- - cluster.haproxy-outside
- [root@node1 base]# salt '*' state.highstate test=True #测试执行一下
- [root@node1 prod]# salt '*' state.highstate
使用httpd测试一下
- [root@node1 prod]# vim /etc/httpd/conf/httpd.conf
- Listen 8080
- [root@node1 prod]# cat /var/www/html/index.html
- node1
- [root@node1 prod]# /etc/init.d/httpd restart
- [root@node2 ~]# vim /etc/httpd/conf/httpd.conf
- [root@node2 prod]# cat /var/www/html/index.html
- Node2
- Listen 8080
- [root@node2 ~]# /etc/init.d/httpd restart
- 在网页输入下面的地址登录:
- 192.168.10.129:8888/haproxy-status
- 192.168.10.128:8888/haproxy-status
- 用户haproxy密码saltstack
功能模块-----keepalived模块
写之前先找一台主机源码安装测试
- http://www.keepalived.org/software/keepalived-1.2.19.tar.gz
- [root@node1 tools]# tar xf keepalived-1.2.19.tar.gz
- [root@node1 tools]# cd keepalived-1.2.19
- [root@node1 keepalived-1.2.19]# ./configure --prefix=/usr/local/keepalived --disable-fwmark
- [root@node1 keepalived-1.2.19]# make && make install
- keepalived-1.2.19/keepalived/etc/init.d/keepalived.init #启动脚本
- keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf #配置文件
配置keepalived模块路径及相关文件
- [root@node1 ~]# mkdir /srv/salt/prod/keepalived
- [root@node1 ~]# mkdir /srv/salt/prod/keepalived/files
- [root@node1 keepalived]# cp ~/tools/keepalived-1.2.19.tar.gz /srv/salt/prod/keepalived/
- files/
- [root@node1 tools]#cp keepalived-1.2.19/keepalived/etc/init.d/keepalived.init /srv/salt/prod/keepalived/files/ #复制启动脚本
- [root@node1 tools]#cp keepalived-1.2.19/keepalived/etc/keepalived/keepalived.conf /srv/salt/prod/keepalived/files/ #复制配置文件
- [root@node1 tools]# cp keepalived-1.2.19/keepalived/etc/init.d/keepalived.sysconfig /srv/salt/prod/keepalived/files/
- [root@node1 tools]# cd /srv/salt/prod/keepalived/files/
- [root@node1 files]# vim keepalived.init #修改启动脚本路径
- daemon /usr/local/keepalived/sbin/keepalived ${KEEPALIVED_OPTIONS}
1.keepalived功能模块
- [root@node1 keepalived]# cd /srv/salt/prod/keepalived/
- [root@node1 keepalived]# cat install.sls
- include:
- - pkg.pkg-init
- keepalived-install:
- file.managed:
- - name: /usr/local/src/keepalived-1.2.19.tar.gz
- - source: salt://keepalived/files/keepalived-1.2.19.tar.gz
- - user: root
- - group: root
- - mode: 755
- cmd.run:
- - name: cd /usr/local/src/ && tar xf keepalived-1.2.19.tar.gz && cd keepalived-1.2.19 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make &&make install
- - unless: test -d /usr/local/keepalived
- - require:
- - pkg: pkg-init
- - file: keepalived-install
- keepalived-init:
- file.managed:
- - name: /etc/init.d/keepalived
- - source: salt://keepalived/files/keepalived.init
- - user: root
- - group: root
- - mode: 755
- cmd.run:
- - name: chkconfig --add keepalived
- - unless: chkconfig --list |grep keepalived
- - require:
- - file: keepalived-init
- /etc/sysconfig/keepalived:
- file.managed:
- - source: salt://keepalived/files/keepalived.sysconfig
- - user: root
- - group: root
- - mode: 644
- /etc/keepalived:
- file.directory:
- - user: root
- - group: root
- - mode: 755
- [root@node1 files]# salt '*' state.sls keepalived.install env=prod #手动测试一下
2.keepalived业务模块
- [root@node1 ~]# cd /srv/salt/prod/cluster/files/
- [root@node1 files]# cat haproxy-outside-keepalived.cfg #keepalived配置文件,里面用到了jinja变量
- #configutation file for keepalive
- globlal_defs {
- notification_email {
- saltstack@example.com
- }
- notification_email_from keepalived@example.com
- smtp_server 127.0.0.1
- smtp_connect_timeout 30
- router_id `ROUTEID`
- }
- vrrp_instance haproxy_ha {
- state `STATEID`
- interface eth2
- virtual_router_id 36
- priority `PRIORITYID`
- advert_int 1
- authentication {
- auth_type PASS
- auth_pass 1111
- }
- virtual_ipaddress {
- 192.168.10.130
- }
- }
- [root@node1 ~]# cd /srv/salt/prod/cluster/
- [root@node1 cluster]# cat haproxy-outside-keepalived.sls
- include:
- - keepalived.install
- keepalived-service:
- file.managed:
- - name: /etc/keepalived/keepalived.conf
- - source: salt://cluster/files/haproxy-outside-keepalived.cfg
- - user: root
- - group: root
- - mode: 644
- - template: jinja
- {% if grains['fqdn'] == 'node1' %}
- - ROUTEID: haproxy_ha
- - STATEID: MASTER
- - PRIORITYID: 150
- {% elif grains['fqdn'] == 'node2' %}
- - ROUTEID: haproxy_ha
- - STATEID: BACKUP
- - PRIORITYID: 100
- {% endif %}
- service.running:
- - name: keepalived
- - enable: True
- - watch:
- - file: keepalived-service
- [root@node1 cluster]# salt '*' state.sls cluster.haproxy-outside-keepalived env=prod #测试一下
指定服务器执行keepalived模块
- [root@node1 salt]# cat /srv/salt/base/top.sls
- base:
- '*':
- - init.env_init
- prod:
- 'node1':
- - cluster.haproxy-outside
- - cluster.haproxy-outside-keepalived
- 'node2':
- - cluster.haproxy-outside
- - cluster.haproxy-outside-keepalived
- [root@node1 salt]# salt '*' state.highstate #到这步执行成功的话就实现了keepalived+haproxy
遇到问题:发现keepalived 虚拟vip写不上去
查看日志 cat /var/log/messages,发现下面一句
Aug 11 15:10:12 node1 Keepalived_vrrp[29442]: VRRP_Instance(haproxy_ha{) sending 0 priority
haproxy_ha后面打了个空格解决
vrrp_instance haproxy_ha {
系统初始化模块--------------zabbix-agent
在配置文件里设置pillar路径
- [root@node1 init]# vim /etc/salt/master
- pillar_roots:
- base:
- - /srv/pillar/base
- [root@node1 init]# /etc/init.d/salt-master restart
在pillar里建立top.sls和zabbix.sls
- [root@node1 init]# mkdir /srv/pillar/base
- [root@node1 pillar]# cd base/
- [root@node1 base]# cat top.sls
- base:
- '*':
- - zabbix
- [root@node1 base]# cat zabbix.sls
- zabbix-agent:
- Zabbix_Server: 192.168.10.129
- [root@node1 init]# cd /srv/salt/base/init/
- [root@node1 init]# cat zabbix_agent.sls
- zabbix-agent-install:
- pkg.installed:
- - name: zabbix-agent
- file.managed:
- - name: /etc/zabbix/zabbix_agentd.conf
- - source: salt://init/files/zabbix_agentd.conf
- - template: jinja
- - defaults:
- Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} #这里将pillar里ID为zabbix-agent,Zabbix_Server的值赋给变量Server
- - require:
- - pkg: zabbix-agent-install
- service.running:
- - name: zabbix-agent
- - enable: True
- - watch:
- - pkg: zabbix-agent-install
- - file: zabbix-agent-install
编写配置文件利用jinja将Server变量的值传给Server,也就是指定zabbix-Server地址
- cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/
- [root@node1 base]#vim /srv/salt/base/init/files/zabbix_agent.conf
- Server=`Server`
将zabbix_agent.sls include到env_init.sls
- [root@node1 init]# cat env_init.sls
- include:
- - init.dns
- - init.history
- - init.audit
- - init.sysctl
- - init.zabbix_agent
- [root@node1 init]# salt '*' state.highstate
SaltStack项目实战(二)的更多相关文章
- SaltStack项目实战(六)
SaltStack项目实战 系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) vim /etc/salt/master 修改file_roots file_r ...
- 【NFS项目实战二】NFS共享数据的时时同步推送备份
[NFS项目实战二]NFS共享数据的时时同步推送备份 标签(空格分隔): Linux服务搭建-陈思齐 ---本教学笔记是本人学习和工作生涯中的摘记整理而成,此为初稿(尚有诸多不完善之处),为原创作品, ...
- miniFTP项目实战二
项目简介: 在Linux环境下用C语言开发的Vsftpd的简化版本,拥有部分Vsftpd功能和相同的FTP协议,系统的主要架构采用多进程模型,每当有一个新的客户连接到达,主进程就会派生出一个ftp服务 ...
- SaltStack项目实战(一)
系统架构图 一.初始化 1.salt环境配置,定义基础环境.生产环境(base.prod) ? 1 2 3 4 5 6 7 8 9 10 vim /etc/salt/master 修改file_r ...
- PHP之MVC项目实战(二)
本文主要包括以下内容 GD库图片操作 利用GD库实现验证码 文件上传 缩略图 水印 GD库图片操作 <?php $img = imagecreatetruecolor(500, 300); // ...
- SaltStack项目实战(七)
上文 http://www.cnblogs.com/shhnwangjian/p/6027992.html 四.memcached 1)创建www用户 mkdir -p /srv/salt/prod/ ...
- React-Native 之 项目实战(二)
前言 本文有配套视频,可以酌情观看. 文中内容因各人理解不同,可能会有所偏差,欢迎朋友们联系我. 文中所有内容仅供学习交流之用,不可用于商业用途,如因此引起的相关法律法规责任,与我无关. 如文中内容对 ...
- appium+python自动化项目实战(二):项目工程结构
废话不多说,直接上图: nose.cfg配置文件里,可以指定执行的测试用例.生成测试报告等.以后将详细介绍.
- 【SSH项目实战三】脚本密钥的批量分发与执行
[SSH项目实战]脚本密钥的批量分发与执行 标签(空格分隔): Linux服务搭建-陈思齐 ---本教学笔记是本人学习和工作生涯中的摘记整理而成,此为初稿(尚有诸多不完善之处),为原创作品,允许转载, ...
随机推荐
- 每日一算之变位词(C#)
今天看编程珠玑里面,看到一个关于查找变位词的题目,大概意思如下:post,stop,tops这几个是变位词,找出类似的这些词语来. 解题思路一:既然是变位词,1.他们的长度一定是一致的:2.还有就是他 ...
- csv 转换为DBF文件的方法
转至:https://www.cnblogs.com/hssbsw/archive/2012/12/01/2797140.html csv 转换为DBF文件的方法 最近从SQL导出了许多CSV文件发到 ...
- Qt:输出为CSV文件时汉字乱码
参考 (18条消息) QT5写csv文件,文件打开后中文显示乱码的问题解决_yanzi150207348的博客-CSDN博客 解决方法 1.在文件开头写一段: #if _MSC_VER >= 1 ...
- QT ——TCP接收到的数据出现乱码情况
这个项目是写一个利用TCP来传输.bin的并文件,接收端是将接收到的.bin并文件直接在串口助手中进行读取. 但是从读取的结果来看发现传输过来得数据是错误的,与原数据不相符,由于服务端是直接对并文件在 ...
- tensorflow_keras_预训练模型_Applications接口的使用
在很多复杂的计算机视觉问题上,我们需要使用层次相对较深的卷积神经网络才能得到好结果,但是自己从头去构建卷积神经网络是一个耗时耗力的事情,而且还不一定能训练好.大家通常用到最多的技巧是,使用" ...
- SpringBoot连接Redis (Sentinel模式&Cluster模式)
一.引入pom <dependency> <groupId>org.springframework.boot</groupId> <artifactId> ...
- egg微信小程序支付(服务商)插件封装
下单 通过下单获取prepay_id,然后返回给小程序发起支付 若是服务商,mch_id:传入服务的商户号:sub_mch_id:传入子商户的商户号,算法签名的秘钥是服务商的秘钥. 'use stri ...
- RabbitMQ入门-5.6-课堂笔记-01
- GE PACSystems RX3i 输入验证漏洞
受影响系统:General Electric CPE100 < R9.85General Electric CPE115 < R9.85General Electric CPE302 &l ...
- 深入了解ReentrantLock中的公平锁和非公平锁的加锁机制
ReentrantLock和synchronized一样都是实现线程同步,但是像比synchronized它更加灵活.强大.增加了轮询.超时.中断等高级功能,可以更加精细化的控制线程同步,它是基于AQ ...