±à¼ÍƼö: |
±¾ÎÄÊ×ÏȽéÉÜsaltstackµÄÏîÄ¿»·¾³×¼±¸£¬½øÐÐÈí¼þ°²×°ÓëÅäÖã¬Æä´Î¶ÔÏîÄ¿ÕûÌ岿Êð£¬Ï£Íû¶ÔÄúµÄѧϰÓÐËù°ïÖú¡£
±¾ÎÄÀ´×ÔÓÚ¸öÈ˲©¿Í£¬ÓÉ»ðÁú¹ûÈí¼þAlice±à¼¡¢ÍƼö¡£ |
|
ÏîÄ¿¼Ü¹¹¹æ»®
ºó¶Ëweb·þÎñÆ÷ʹÓÃNginx+Php×÷Ϊվµã£¬Í¨¹ýHAproxy×ö¸ºÔؾùºâ£¬Keepalived×ö¸ß¿ÉÓÃ


˵Ã÷£º ¹Ø±Õ·À»ðǽ¡¢selinux¡¢Ê±¼äͬ²½µÈ
host°ó¶¨
[root@salt-master
~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
192.168.1.30 salt-master
192.168.1.31 salt-minion01
192.168.1.32 salt-minion02
192.168.1.33 salt-minion03
192.168.1.34 salt-minion04
[root@salt-master ~]# for i in `seq 4`; do
scp /etc/hosts 192.168.1.3$i:/etc/hosts ; done |
Èí¼þ°²×°
²Î¿¼µØÖ·
1£©MasterÉÏÈí¼þ°²×°
[root@salt-master
~]# yum -y install https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
[root@salt-master ~]# sed -i "s/repo.saltstack.com/mirrors.aliyun.com\/saltstack/g"
/etc/yum.repos.d/salt-latest.repo
[root@salt-master ~]# yum -y install salt-master
[root@salt-master ~]# systemctl enable salt-master
[root@salt-master ~]# systemctl start salt-master |
2£©MinionÉÏÈí¼þ°²×°²¢ÅäÖÃ
# yum -y install
https://mirrors.aliyun.com/saltstack/yum/redhat/salt-repo-latest-2.el7.noarch.rpm
# yum -y install salt-minion
# cp /etc/salt/minion{,.back}
# sed -i '/#master: /c\master: salt-master' /etc/salt/minion
# systemctl enable salt-minion
# systemctl start salt-minion |
MasterÉÏÈÏÖ¤
[root@salt-master
~]# systemctl restart salt-master
[root@salt-master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Rejected Keys:
[root@salt-master ~]# salt-key -A -y
The following keys are going to be accepted:
Unaccepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Key for minion salt-minion01 accepted.
Key for minion salt-minion02 accepted.
Key for minion salt-minion03 accepted.
Key for minion salt-minion04 accepted.
[root@salt-master ~]# salt-key -L
Accepted Keys:
salt-minion01
salt-minion02
salt-minion03
salt-minion04
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@salt-master ~]# salt '*' test.ping
salt-minion01:
True
salt-minion02:
True
salt-minion03:
True
salt-minion04:
True |
MasterÉÏstate±àд
state»·¾³ÉèÖÃ
˵Ã÷£º¸Ã°¸ÀýÔÚprod»·¾³ÏÂÅäÖã¬ÔÚprodÏÂÃæ´´½¨ÁËÒ»¸ömodulesµÄĿ¼£¬ËùÓеݲװÅäÖö¼·ÅÔÚÕâ¸öĿ¼ÏÂÃæÁË£¬ÀïÃæ·Ö±ðÓÖ¶ÔÓ¦´´½¨Á˶ÔÓ¦µÄÈí¼þĿ¼£¬Ã¿¸öÈí¼þĿ¼ÏÂÃæµÄfilesĿ¼ÓÃÀ´´æ·ÅµÄÊÇÈí¼þ°ü»òÕßÅäÖÃÎļþÄ£°å
[root@salt-master
~]# vim /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
dev:
- /srv/salt/dev
[root@salt-master ~]# systemctl restart salt-master
[root@salt-master ~]# mkdir -p /srv/salt/{base, test,prod,dev}
[root@salt-master ~]# mkdir -p /srv/salt/prod/modules/{nginx,php,mysql,haproxy, keepalived,lnmp}/files
[root@salt-master ~]# mkdir /srv/salt/prod/modules/user
[root@salt-master ~]# tree /srv/salt/prod/modules/
/srv/salt/prod/modules/
©À©¤©¤ haproxy
©¦ ©¸©¤©¤ files
©À©¤©¤ keepalived
©¦ ©¸©¤©¤ files
©À©¤©¤ lnmp
©¦ ©¸©¤©¤ files
©À©¤©¤ mysql
©¦ ©¸©¤©¤ files
©À©¤©¤ nginx
©¦ ©¸©¤©¤ files
©À©¤©¤ php
©¦ ©¸©¤©¤ files
©¸©¤©¤ user
directories, 0 files |
slsÎļþ±àд
pkg»ù´¡°ü
°²×°Ô´Âë±àÒëËùÐèÒªÓõ½µÄ»ù´¡Èí¼þ°ü
[root@salt-master
~]# cat /srv/salt/prod/modules/pkg.sls
pkg-install:
pkg.installed:
- pkgs:
- gcc
- gcc-c++
- make
- autoconf
- glibc
- glibc-devel
- glib2
- glib2-devel
- pcre
- pcre-devel
- zlib
- zlib-devel
- openssl
- openssl-devel
- libpng
- libpng-devel
- freetype
- freetype-devel
- libxml2
- libxml2-devel
- bzip2
- bzip2-devel
- ncurses
- curl
- gdbm-devel
- libXpm-devel
- libX11-devel
- gd-devel
- gmp-devel
- readline-devel
- libxslt-devel
- expat-devel
- xmlrpc-c
- xmlrpc-c-devel |
useradd
´´½¨ÍøÕ¾ÔËÐÐÓû§
[root@salt-master
~]# cat /srv/salt/prod/modules/user/www.sls
www-user-group:
group.present:
- name: www
- gid: 2000
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 2000
- gid: 2000
- unless: id www |
nginx
1£©Èí¼þ°ü×¼±¸£¬¼°ÅäÖÃÎļþÄ£°å£¬Æô¶¯ÎļþÄ£°å
[root@salt-master
~]# cd /srv/salt/prod/modules/nginx/
[root@salt-master nginx]# tree
.
©À©¤©¤ files
©¦ ©À©¤©¤ nginx-1.12.2.tar.gz
©¦ ©À©¤©¤ nginx-1.16.0.tar.gz
©¦ ©À©¤©¤ nginx.conf.template
©¦ ©¸©¤©¤ nginx.service.template
©À©¤©¤ install.sls
©¸©¤©¤ service.sls
directory, 6 files |
2£©install.sls
[root@salt-master
nginx]# cat install.sls
{% set nginx_version = "1.16.0"%}
include:
- modules.pkg
- modules.user.www
nginx-install:
file.managed:
- name: /usr/local/src/nginx-{{ nginx_version
}}.tar.gz
- source: salt://modules/nginx/files/nginx-{{
nginx_version }}.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src/ && tar xf
nginx-{{ nginx_version }}.tar.gz &&
cd nginx-{{ nginx_version }} && ./configure
--prefix=/usr/local/nginx-{{ nginx_version }}
--user=root --group=root --with-http_ssl_module
--with-stream --with-http_stub_status_module
--with-file-aio --with-http_gzip_static_module
&& make && make install &&
ln -s /usr/local/nginx-{{ nginx_version }} /usr/local/nginx
- unless: test -d /usr/local/nginx-{{ nginx_version
}} && test -L /usr/local/nginx
- require:
- file: nginx-install
- pkg: pkg-install |
3£©service.sls
[root@salt-master
nginx]# cat service.sls
#ÒýÈënginx°²×°sls
include:
- modules.nginx.install
#Ìí¼Ósystemctl
nginx-init:
file.managed:
- name: /usr/lib/systemd/system/nginx.service
- source: salt://modules/nginx/files/nginx.service.template
- user: root
- group: root
- mode: 755
- unless: test -f /usr/lib/systemd/system/nginx.service
cmd.run:
- name: systemctl daemon-reload
- require:
- file: nginx-init
#ÅäÖÃÎļþ
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://modules/nginx/files/nginx.conf.template
- user: root
- group: root
- mode: 644
#Æô¶¯nginx
nginx-service:
file.directory:
- name: /usr/local/nginx/conf/conf.d
- user: root
- group: root
- mode: 755
- require:
- cmd: nginx-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-init
- watch:
- file: /usr/local/nginx/conf/nginx.conf
- file: nginx-service |
php
1£©Èí¼þ°ü×¼±¸£¬¼°ÅäÖÃÎļþÄ£°å£¬Æô¶¯ÎļþÄ£°å
[root@salt-master
~]# cd /srv/salt/prod/modules/php/
[root@salt-master php]# tree
.
©À©¤©¤ files
©¦ ©À©¤©¤ php-5.6.40.tar.gz
©¦ ©À©¤©¤ php-fpm.conf.template
©¦ ©À©¤©¤ php-fpm.service.template
©¦ ©À©¤©¤ php-fpm.template
©¦ ©¸©¤©¤ php.ini.template
©À©¤©¤ install.sls
©¸©¤©¤ service.sls
directory, 7 files |
2£©install.sls
[root@salt-master
php]# cat install.sls
{% set php_version = "5.6.40" %}
include:
- modules.pkg
php-install:
file.managed:
- name: /usr/local/src/php-{{ php_version }}.tar.gz
- source: salt://modules/php/files/php-{{ php_version
}}.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src/ && tar xf
php-{{ php_version }}.tar.gz && cd php-{{
php_version }} && ./configure --prefix=/usr/local/php-{{
php_version }} --with-curl --with-freetype-dir
--with-gd --with-gettext --with-iconv-dir --with-jpeg-dir
--with-kerberos --with-libdir=lib64 --with-libxml-dir
--with-mysql --with-mysqli --with-openssl --with-pcre-regex
--with-pdo-mysql --with-dpo-sqlite --with-pear
--with-png-dir --with-openssl --with-xmlrpc
--with-xsl --with-zlib --enable-fpm --enable-bcmath
--enable-libxml --enable-inline-optimization
--enable-gd-native-ttf --enable-mbregex --enable-mbstring
--enable-opcache --enable-pcntl --enable-shmop
--enable-soap --enable-sockets --enable-sysvsem
--enable-xml --enable-zip && make &&
make install && ln -s /usr/local/php-{{
php_version }} /usr/local/php
- unless: test -d /usr/local/php-{{ php_version
}} && test -L /usr/local/php
- require:
- file: php-install
- pkg: pkg-install |
3£©service.sls
[root@salt-master
php]# cat service.sls
#ÒýÈëphp°²×°µÄsls
include:
- modules.php.install
#php-iniÅäÖÃÎļþÅäÖÃ
php-ini:
file.managed:
- name: /usr/local/php/etc/php.ini
- source: salt://modules/php/files/php.ini.template
- user: root
- group: root
- mode: 644
- require:
- cmd: php-install
cmd.run:
- name: ln -s /usr/local/php/etc/php.ini /etc/php.ini
- unless: test -L /etc/php.ini
- require:
- file: php-ini
#php-fpmÅäÖÃÎļþÅäÖÃ
php-fpm:
file.managed:
- name: /usr/local/php/etc/php-fpm.conf
- source: salt://modules/php/files/php-fpm.conf.template
- user: root
- group: root
- mode: 644
- require:
- cmd: php-install
cmd.run:
- name: ln -s /usr/local/php/etc/php-fpm.conf
/etc/php-fpm.conf
- unless: test -L /etc/php-fpm.conf
- require:
- file: php-fpm
#¼ÓÈësystemÆô¶¯
php-systemd:
file.managed:
- name: /usr/lib/systemd/system/php-fpm.service
- source: salt://modules/php/files/php-fpm.service.template
- user: root
- group: root
- mode: 644
- require:
- cmd: php-install
#¼ÓÈë/etc/init.d/Æô¶¯
php-init:
file.managed:
- name: /etc/init.d/php-fpm
- source: salt://modules/php/files/php-fpm.template
- user: root
- group: root
- mode: 755
- require:
- cmd: php-install
#Æô¶¯php-fpm
php-service:
service.running:
- name: php-fpm
- enable: True
- require:
- file: php-systemd
- watch:
- file: php-fpm
- file: php-ini |
mysql
1£©ÅäÖÃÎļþÄ£°å×¼±¸
[root@salt-master
~]# cd /srv/salt/prod/modules/mysql/
[root@salt-master mysql]# tree
.
©À©¤©¤ files
©¦ ©¸©¤©¤ my.cnf
©À©¤©¤ install.sls
©¸©¤©¤ service.sls
directory, 3 files |
2£©install.sls
[root@salt-master
mysql]# cat install.sls
mariadb-install:
pkg.installed:
- pkgs:
- mariadb-server
- mariadb |
3£©service.sls
[root@salt-master
mysql]# cat service.sls
#ÒýÈëmysql°²×°µÄsls
include:
- modules.mysql.install
#my.cnfÅäÖÃÎļþ
mariadb-config:
file.managed:
- name: /etc/my.cnf
- source: salt://modules/mysql/files/my.cnf
- user: root
- group: root
- mode: 644
- require:
- pkg: mariadb-install
#Æô¶¯mariadb
mariadb-service:
service.running:
- name: mariadb
- enable: True
- watch:
- file: mariadb-config
- require:
- pkg: mariadb-install
- file: mariadb-config |
lnmp
1£©×¼±¸²âÊÔÎļþphp info ºÍnginxÐéÄâÖ÷»úÅäÖÃÎļþ
[root@salt-master
~]# cd /srv/salt/prod/modules/lnmp/
[root@salt-master lnmp]# tree
.
©À©¤©¤ files
©¦ ©À©¤©¤ index.php
©¦ ©¸©¤©¤ www.conf
©¸©¤©¤ www.sls
directory, 3 files |
2£©www.sls
[root@salt-master
lnmp]# cat www.sls
#ÒýÈënginx¡¢php¡¢mysqlµÄ°²×°
include:
- modules.nginx.service
- modules.php.service
- modules.mysql.service
#ÐéÄâÖ÷»úwebÕ¾µãĿ¼´´½¨
web-www:
file.directory:
- name: /opt/www
- user: www
- group: www
- mode: 755
#ÐéÄâÖ÷»úÅäÖÃÎļþÅäÖÃ
web-www-conf:
file.managed:
- name: /usr/local/nginx/conf/conf.d/www.conf
- source: salt://modules/lnmp/files/www.conf
- user: root
- group: root
- mode: 644
- require:
- file: web-www
- watch_in:
- service: nginx-service
- template: jinja
- defaults:
PORT: 80
IPADDR: {{ grains['fqdn_ip4'][0] }}
#phpinfo²âÊÔÎļþ×¼±¸
web-index:
file.managed:
- name: /opt/www/index.php
- source: salt://modules/lnmp/files/index.php
- user: www
- group: www
- mode: 644 |
²âÊÔlnmpÊÇ·ñOK
1£©Top file±àд
[root@salt-master
~]# cat /srv/salt/base/top.sls
prod: "salt-minion0[3-4]":
- modules.lnmp.www |
2£©Ö´Ðи߼¶×´Ì¬
[root@salt-master
~]# salt '*' state.highstate |
3£©·ÃÎʲâÊÔ


haproxy
1£©ÅäÖÃÎļþ×¼±¸
[root@salt-master
~]# cd /srv/salt/prod/modules/haproxy/
[root@salt-master haproxy]# tree
.
©À©¤©¤ files
©¦ ©¸©¤©¤ haproxy.cfg
©À©¤©¤ install.sls
©¸©¤©¤ service.sls
directory, 3 files |
2£©install.sls
[root@salt-master
haproxy]# cat install.sls
haproxy-install:
pkg.installed:
- name: haproxy |
3£©service.sls
[root@salt-master
haproxy]# cat service.sls
#ÒýÈëhaproxy°²×°µÄsls
include:
- modules.haproxy.install
#ÅäÖÃÎļþ
haproxy-config:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://modules/haproxy/files/haproxy.cfg
- user: root
- group: root
- mode: 644
- require:
- pkg: haproxy-install
#Æô¶¯haproxy
haproxy-service:
service.running:
- name: haproxy
- enable: True
- require:
- pkg: haproxy-install
- file: haproxy-config
- watch:
- file: haproxy-config |
keepalived
1£©ÅäÖÃÎļþ×¼±¸
[root@salt-master
~]# cd /srv/salt/prod/modules/keepalived/
[root@salt-master keepalived]# tree
.
©À©¤©¤ files
©¦ ©¸©¤©¤ keepalived.conf
©À©¤©¤ install.sls
©¸©¤©¤ service.sls
directory, 3 files |
2£©install.sls
[root@salt-master
keepalived]# cat install.sls
keepalived-install:
pkg.installed:
- name: keepalived |
3£©service.sls
[root@salt-master
keepalived]# cat service.sls
#ÒýÈëkeepalived°²×°µÄsls
include:
- modules.keepalived.install
#keepalivedÅäÖÃÎļþ
keepalived-config:
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://modules/keepalived/files/keepalived.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: keepalived-install
- template: jinja
- defaults:
{% if grains['fqdn'] == "salt-minion01"
%}
ROUTER_ID: saltstack01
STATE: MASTER
PRIORITY: 150
{% elif grains['fqdn'] == "salt-minion02"
%}
ROUTER_ID: saltstack02
STATE: BACKUP
PRIORITY: 100
{% endif %}
#Æô¶¯keepalived
keepalived-service:
service.running:
- name: keepalived
- enable: True
- require:
- pkg: keepalived-install
- file: keepalived-config
- watch:
- file: keepalived-config |
ÕûÌ岿Êð
1£©top file ±àд
[root@salt-master
~]# cat /srv/salt/base/top.sls
prod: "salt-minion0[3-4]":
- modules.lnmp.www
"salt-minion0[1-2]":
- modules.haproxy.service
- modules.keepalived.service |
2£©¸ß¼¶×´Ì¬Ö´ÐÐ
[root@salt-master
~]# salt '*' state.highstate |
3£©²âÊÔ
·ÃÎÊ192.168.1.31ºÍ192.168.1.32µÄ״̬ҳ


·ÃÎÊVIP192.168.1.100

ͨ¹ýÉÏÃæ²âÊÔ¿É¿´µ½¿ÉÒԳɹ¦·ÃÎÊlnmpÕ¾µã£¬²¢ÇÒhaproxyÒ²ok¡£·ÃÎÊËùÓÐËĄ̈·þÎñÆ÷¶¼¿ÉÒԵõ½phpinfoÒ³Ãæ£¬¶øÔÚÉú²ú»·¾³ÖУ¬ÎÒÃÇÖ»ÊǶÔÍâÌṩvip¼´¿É¡£
ÏîÄ¿×ܽá
1£©ÕûÌå»·¾³²é¿´
[root@salt-master
~]# tree /srv/salt/prod/modules/
/srv/salt/prod/modules/
©À©¤©¤ haproxy
©¦ ©À©¤©¤ files
©¦ ©¦ ©¸©¤©¤ haproxy.cfg
©¦ ©À©¤©¤ install.sls
©¦ ©¸©¤©¤ service.sls
©À©¤©¤ keepalived
©¦ ©À©¤©¤ files
©¦ ©¦ ©¸©¤©¤ keepalived.conf
©¦ ©À©¤©¤ install.sls
©¦ ©¸©¤©¤ service.sls
©À©¤©¤ lnmp
©¦ ©À©¤©¤ files
©¦ ©¦ ©À©¤©¤ index.php
©¦ ©¦ ©¸©¤©¤ www.conf
©¦ ©¸©¤©¤ www.sls
©À©¤©¤ mysql
©¦ ©À©¤©¤ files
©¦ ©¦ ©¸©¤©¤ my.cnf
©¦ ©À©¤©¤ install.sls
©¦ ©¸©¤©¤ service.sls
©À©¤©¤ nginx
©¦ ©À©¤©¤ files
©¦ ©¦ ©À©¤©¤ nginx-1.12.2.tar.gz
©¦ ©¦ ©À©¤©¤ nginx-1.16.0.tar.gz
©¦ ©¦ ©À©¤©¤ nginx.conf.template
©¦ ©¦ ©¸©¤©¤ nginx.service.template
©¦ ©À©¤©¤ install.sls
©¦ ©¸©¤©¤ service.sls
©À©¤©¤ php
©¦ ©À©¤©¤ files
©¦ ©¦ ©À©¤©¤ php-5.6.40.tar.gz
©¦ ©¦ ©À©¤©¤ php-fpm.conf.template
©¦ ©¦ ©À©¤©¤ php-fpm.service.template
©¦ ©¦ ©À©¤©¤ php-fpm.template
©¦ ©¦ ©¸©¤©¤ php.ini.template
©¦ ©À©¤©¤ install.sls
©¦ ©¸©¤©¤ service.sls
©À©¤©¤ pkg.sls
©¸©¤©¤ user
©¸©¤©¤ www.sls
directories, 27 files |
2£©Èç¹ûÐèÒªÔÚij̨·þÎñÆ÷ÉÏÃæµ¥¶À²¿Êðijһ²¿·Ö£¬²Î¿¼ÒÔÏÂд·¨£º
[root@salt-master
~]# cat /srv/salt/base/top.sls
#²¿Êðlnmp¼°haproxy+keepalived
prod: "salt-minion0[3-4]":
- modules.lnmp.www
"salt-minion0[1-2]":
- modules.haproxy.service
- modules.keepalived.service
#µ¥ÊµÀý²Ù×÷˵Ã÷£º
prod:
"salt-minion04":
- modules.nginx.service #µ¥¶À°²×°nginxʱ
- modules.mysql.service #µ¥¶À°²×°mysqlʱ
- modules.php.service #µ¥¶À°²×°phpʱ
- modules.keepalived.service #µ¥¶À°²×°keepalivedʱ
- modules.haproxy.service #µ¥¶À°²×°haproxyʱ
"salt-minion03":
- modules.lnmp.www #µ¥¶À²¿Êðlnmp»·¾³Ê± |
|
|