SaltStack实践

本文涉及的产品
日志服务 SLS,月写入数据量 50GB 1个月
简介: SaltStack实践

实验环境:

角色
主机名
IP 地址master
master.saltstack.com192.168.9.233
minion01.saltstack.com192.168.9.234
minion02.saltstack.com192.168.9.235

实验步骤:

全部主机:
hostnamectl set-hostname master.saltstack.com

hostnamectl set-hostname minion01.saltstack.com

hostnamectl set-hostname minion02.saltstack.com

cat << EOF >> /etc/hosts
192.168.10.101 master.saltstack.com
192.168.10.102 minion01.saltstack.com
192.168.10.105 minion02.saltstack.com
EOF

master:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
[root@master ~]# vim /etc/salt/master
修改以下内容:
interface: 192.168.1.10
auto_accept: True

minion01:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
vim /etc/salt/minion
修改以下内容:
master: 192.168.1.10
id: minion01.saltstack.com

minion02:
rpm -ivh https://repo.saltstack.com/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
yum clean all
yum install -y epel-release salt-master
vim /etc/salt/minion
修改以下内容:
master: 192.168.1.10
id: minion02.saltstack.com

配置主控端
vim /etc/salt/master
file_roots:
base:

systemctl start salt-master
systemctl enable salt-master

配置被控端
vim /etc/salt/minion
master: master.saltstack.com //指定主控端 IP 地址
systemctl start salt-minion
systemctl enable salt-minion
配置通信认证

执行 salt-key -L 命令显示所有的 Minion 的认证信息

salt-key -L

执行 salt-key -A 命令可以接受所有 Unaccepted Keys 状态的 Minion 的认证信息
salt-key -A

测试通信状态

salt '*' test.ping

SaltStack 部署 Keepalived

mkdir /srv/salt
mkdir /srv/salt/pkg

vim /srv/salt/pkg/make.sls
make-pkg:
pkg.installed:

- pkgs:
  - make
  - gcc 
  - gcc-c++ 
  - autoconf 
  - openssl 
  - openssl-devel 
  - pcre 
  - pcre-devel 
  - zlib 

mkdir /srv/salt/keepalived
mkdir /srv/salt/keepalived/files

wget 192.168.10.103/package/keepalived-1.2.13.tar.gz
tar zxvf keepalived-1.2.13.tar.gz
cp keepalived-1.2.13.tar.gz /srv/salt/keepalived/files
cp keepalived-1.2.13/keepalived/etc/init.d/keepalived.init /srv/salt/keepalived/files/keepalived
cp keepalived-1.2.13/keepalived/etc/keepalived/keepalived.conf /srv/salt/keepalived/files

ls /srv/salt/keepalived/files/
keepalived keepalived-1.2.13.tar.gz keepalived.conf keepalived.sys

vim /srv/salt/keepalived/files/keepalived.conf
! Configuration File for keepalived

global_defs {
router_id HAPROXY-HA
}
vrrp_instance VI_1 {
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
state MASTER
priority 100
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
state BACKUP
priority 99
{% endif %}
interface eth0
virtual_router_id 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.9.228
}

vim /srv/salt/keepalived/install.sls
include:

  • pkg.make

keepalived-install:
file.managed:

- name: /usr/local/src/keepalived-1.2.13.tar.gz
- source: salt://keepalived/files/keepalived-1.2.13.tar.gz

cmd.run:

- name: cd /usr/local/src && tar zxf keepalived-1.2.13.tar.gz && cd keepalived-1.2.13 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV && make && make install
- unless: test -d /usr/local/keepalived
- require:
  - file: keepalived-install

/usr/sbin/keepalived:
file.symlink:

- target: /usr/local/keepalived/sbin/keepalived

/etc/keepalived:
file.directory:

- mode: 755

/etc/sysconfig/keepalived:
file.managed:

- source: salt://keepalived/files/keepalived.sys
- mode: 644 
- user: root

/etc/init.d/keepalived:
file.managed:

- source: salt://keepalived/files/keepalived 
- mode: 755 
- user: root

cmd.run:

- name: chkconfig --add keepalived 
- unless: chkconfig --list |grep keepalived

/etc/keepalived/keepalived.conf:
file.managed:

  • source: salt://keepalived/files/keepalived.conf
  • mode: 644

vim /srv/salt/keepalived/service.sls
include:

  • keepalived.install
    keepalived-service:
    service.running:
    • name: keepalived
    • enable: True
    • reload: True
    • watch:

vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':

salt '*' state.highstate

SaltStack 部署 Haproxy
mkdir /srv/salt/haproxy
mkdir /srv/salt/haproxy/files
wget 192.168.10.103/package/haproxy-1.5.19.tar.gz
tar zxvf haproxy-1.5.19.tar.gz

cp /root/haproxy-1.5.19.tar.gz /srv/salt/haproxy/files/
cp /root/haproxy-1.5.19/examples/haproxy.cfg /srv/salt/haproxy/files
cp /root/haproxy-1.5.19/examples/haproxy.init /srv/salt/haproxy/files/haproxy

ls /srv/salt/haproxy/files
haproxy haproxy-1.5.19.tar.gz haproxy.cfg

vim /srv/salt/haproxy/files/haproxy.cfg
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 10000
user haproxy
gid haproxy
daemon

defaults
log global
mode http
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout check 10s
maxconn 5000
listen stats *:10000
mode http
stats enable
stats uri /
stats refresh 5s
stats show-node
stats show-legends
stats hide-version
listen test 0.0.0.0:80
mode tcp
option tcplog
timeout client 10800s
timeout server 10800s
balance leastconn
option tcp-check
default-server port 8888 inter 2s downinter 5s rise 3 fall 2 slowstart 60s maxconn 5000 maxqueue 250 weight 100
server test-node1 minion01.saltstack.com:8888 check

mkdir /srv/salt/user
vim /srv/salt/user/haproxy.sls
haproxy:
group.present:

- gid: 300

user.present:

- uid: 300
- gid: 300
- shell: /sbin/nologin

vim /srv/salt/haproxy/install.sls
include:

  • user.haproxy
    haproxy-install:
    file.managed:
    • name: /usr/local/src/haproxy-1.5.19.tar.gz
    • source: salt://haproxy/files/haproxy-1.5.19.tar.gz
      cmd.run:
    • name: cd /usr/local/src && tar zxf haproxy-1.5.19.tar.gz && cd haproxy-1.5.19 && make TARGET=linux2628 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
    • unless: test -d /usr/local/haproxy
    • require:
      • file: haproxy-install
        /usr/sbin/haproxy:
        file.symlink:
    • target: /usr/local/haproxy/sbin/haproxy
      /etc/haproxy:
      file.directory:
    • mode: 755
      /etc/haproxy/haproxy.cfg:
      file.managed:
    • source: salt://haproxy/files/haproxy.cfg
    • mode: 644
      /etc/init.d/haproxy:
      file.managed:
    • source: salt://haproxy/files/haproxy
    • mode: 755
    • user: root
      cmd.run:
    • name: chkconfig --add haproxy

vim /srv/salt/haproxy/service.sls
include:

  • haproxy.install
    haproxy-service:
    service.running:
    • name: haproxy
    • enable: True
    • reload: True
    • watch:

vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':

- keepalived.service 

salt '*' state.highstate

SaltStack 部署 Nginx
mkdir /srv/salt/nginx
mkdir /srv/salt/nginx/files

vim /srv/salt/user/nginx.sls
nginx:
group.present:

- gid: 400

user.present:

- uid: 400
- gid: 400
- shell: /sbin/nologin

wget 192.168.10.103/package/nginx-1.12.0.tar.gz
tar zxvf nginx-1.12.0.tar.gz

cp nginx-1.12.0.tar.gz /srv/salt/nginx/files
cp nginx-1.12.0/conf/nginx.conf /srv/salt/nginx/files

vim /srv/salt/nginx/files/nginx.service
[Unit]
Description=nginx service
After=network.target
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]

vim /srv/salt/nginx/files/index.html
{% if grains['fqdn'] == 'minion01.saltstack.com' %}
This is 192.168.9.234 node!
{% elif grains['fqdn'] == 'minion02.saltstack.com' %}
This is 192.168.9.235 node!
{% endif %}

ls /srv/salt/nginx/files/
index.html nginx-1.12.0.tar.gz nginx.conf nginx.service

vim /srv/salt/nginx/install.sls
include:

  • user.nginx
    nginx-install:
    file.managed:
    • name: /usr/local/src/nginx-1.12.0.tar.gz
    • source: salt://nginx/files/nginx-1.12.0.tar.gz
      cmd.run:
    • name: cd /usr/local/src && tar zxf nginx-1.12.0.tar.gz && cd nginx-1.12.0 && ./configure --prefix=/usr/local/nginx && make && make install
    • unless: test -d /usr/local/nginx
    • require:
      • file: nginx-install
        /usr/local/nginx/conf/nginx.conf:
        file.managed:
    • source: salt://nginx/files/nginx.conf
    • mode: 644
      cmd.run:
    • name: sed -i 's/#user nobody/user nginx/g' /usr/local/nginx/conf/nginx.conf && sed -i '0,/80/s/80/8888/' /usr/local/nginx/conf/nginx.conf
      /usr/local/nginx/html/index.html:
      file.managed:
    • source: salt://nginx/files/index.html
    • mode: 644
    • template: jinja
      nginx-init:
      file.managed:
    • name: /usr/lib/systemd/system/nginx.service
    • source: salt://nginx/files/nginx.service
    • mode: 644
    • user: root
      cmd.run:
    • name: systemctl enable nginx

vim /srv/salt/nginx/service.sls
include:

  • nginx.install
    nginx-service:
    service.running:
    • name: nginx
    • enable: True
    • reload: True
    • watch:

vim /srv/salt/top.sls
base:
'minion0[1-2].saltstack.com':

- keepalived.service 
- haproxy.service 

salt '*' state.highstate

tree /srv/salt/
/srv/salt/
├── haproxy
│ ├── files
│ │ ├── haproxy
│ │ ├── haproxy-1.5.19.tar.gz
│ │ └── haproxy.cfg
│ ├── install.sls
│ └── service.sls
├── keepalived
│ ├── files
│ │ ├── keepalived
│ │ ├── keepalived-1.2.13.tar.gz
│ │ ├── keepalived.conf
│ │ └── keepalived.sys
│ ├── install.sls
│ └── service.sls
├── nginx
│ ├── files
│ │ ├── index.html
│ │ ├── nginx-1.12.0.tar.gz
│ │ ├── nginx.conf
│ │ └── nginx.service
│ ├── install.sls
│ └── service.sls
├── pkg
│ └── make.sls
├── top.sls
└── user
├── haproxy.sls
└── nginx.sls

验证部署结果
登录两台 Minion 节点
查看 Keepalived 状态
ps -ef | grep keepalived

查看 VIP 状态如下
ip a | grep 192.168.9.228

查看 Haproxy 的状态
ps -ef | grep haproxy

查看 Nginx 的状态
ps -ef | grep nginx

通过 VIP 地址,查看 Haproxy 的状态
192.168.9.228:10000

在 Master 控制主机上,访问 VIP 地址

curl http://192.168.9.228
curl http://192.168.9.228
做一个破坏性测试,关闭 minion01.saltstack.com 主机ip a | grep 192.168.9.228
ip a | grep 192.168.9.228

查看 Haproxy 的状态,显示 minion01.saltstack.com 主机已宕机

在控制主机上再次访问 VIP 地址,后端一个 Nginx 节点正常提供服务
curl http://192.168.9.228
curl http://192.168.9.228

相关实践学习
日志服务之使用Nginx模式采集日志
本文介绍如何通过日志服务控制台创建Nginx模式的Logtail配置快速采集Nginx日志并进行多维度分析。
相关文章
|
Java 关系型数据库 MySQL
|
消息中间件 监控 网络协议
SaltStack安装Apache/Mysql/PHP部署Wordpress
SaltStack是一个服务器基础架构集中化管理平台,具备配置管理、远程执行、监控等功能,基于Python语言实现,结合轻量级消息队列(ZeroMQ)与Python第三方模块(Pyzmq、PyCrypto、Pyjinjia2、python-msgpack和PyYAML等)构建。 SaltStack 采用 C/S模式,server端就是salt的master,client端就是minion,minion与master之间通过ZeroMQ消息队列通信。 master监听4505和4506端口,4505对应的是ZMQ的PUB system,用来发送消息,4506对应的是REP system是来接受
183 0
|
关系型数据库 应用服务中间件 测试技术
|
Python 消息中间件 运维