Saltstack是一个具备puppet与func功能为一身的集中化管理平台,saltstack基于python实现,功能十分强大,各模块融合度及复用性极高,官方极力推荐作为云计算平台的基础架构。轻松维护成千上万台服务器不是问题,现分享作者基于saltstack实现一个集中化的配置管理平台,以Nginx配置例子展开,涉及salt的grains、grains_module、pillar、States、jinja(template)等,本文适合有salt基础的同学阅读。
一、设备环境说明
有两组web业务服务器,组名分别为web1group与web2group,设备硬件配置、web根目录存在异常,见下图:
二、master配置说明
1、关键配置定义:
nodegroups: web1group: 'L@SN2012-07-010,SN2012-07-011,SN2012-07-012' web2group: 'L@SN2013-08-021,SN2013-08-022' file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar |
2、定义的文件树结构(具体文件后续说明)
三、自定义grains_module
1)#vi /srv/salt/_grains/nginx_config.py
view plainprint? import os,sys,commands def NginxGrains(): ''' return Nginx config grains value ''' grains = {} max_open_file=65536 #Worker_info={'cpus2':'01 10','cpus4':'1000 0100 0010 0001', ,'cpus8':' 10000000 01000000 00100000 00010000 00001000 00000100 00000010 00000001'} try: getulimit=commands.getstatusoutput('source /etc/profile;ulimit -n') except Exception,e: pass if getulimit[0]==0: max_open_file=int(getulimit[1]) grains['max_open_file'] = max_open_file return grains |
2)同步grains模块
salt '*' saltutil.sync_all
3)刷新模块(让minion编译模块)
salt '*' sys.reload_modules
4)验证max_open_file key的value
[root@SN2013-08-020 _grains]# salt
'*' grains.item max_open_file
SN2013-08-022:
max_open_file: 1024
SN2013-08-021:
max_open_file: 1024
SN2012-07-011:
max_open_file: 1024
SN2012-07-012:
max_open_file: 1024
SN2012-07-010:
max_open_file: 1024
四、配置pillar
本例使用分组规则定义pillar,即不同分组引用各自的sls属性
1)定义入口top.sls
#vi /srv/pillar/top.sls
base: web1group: - match: nodegroup - web1server web2group: - match: nodegroup - web2server |
2)定义私有配置,本例只配置web_root的数据,当然可以根据不同需求进行定制,格式为python的字典形式,即"key:value"。
#vi /srv/pillar/web1server.sls
#vi /srv/pillar/web2server.sls
3)验证配置结果:
#salt 'SN2013-08-021' pillar.data nginx
SN2013-08-021:
----------
root:
/data
#salt 'SN2012-07-010' pillar.data nginx
SN2012-07-010:
----------
root:
/www
五、配置States
1)定义入口top.sls
#vi /srv/salt/top.sls
2)定义nginx配置及重启服务SLS,其中salt://nginx/nginx.conf为配置模板文件位置。
#vi /srv/salt/nginx.sls
view plainprint? nginx: pkg: - installed file.managed: - source: salt://nginx/nginx.conf - name: /etc/nginx/nginx.conf - user: root - group: root - mode: 644 - template: jinja service.running: - enable: True - reload: True - watch: - file: /etc/nginx/nginx.conf - pkg: nginx |
3)Nginx配置文件(引用jinja模板)
功能点:
1、worker_processes参数采用grains['num_cpus']
上报值(与设备CPU核数一致);
2、worker_cpu_affinity分配多核CPU根据当前设备核数进行匹配,分别为2\4\8\其它核;
3、worker_rlimit_nofile参数与grains['max_open_file']
获取的系统ulimit -n一致;
4、worker_connections 参数理论上为grains['max_open_file'];
5、 root参数为定制的pillar['nginx']['root']值。
#vi /srv/salt/nginx/nginx.conf
view plainprint? # For more information on configuration, see: user nginx; worker_processes {{ grains['num_cpus'] }}; {% if grains['num_cpus'] == 2 %} worker_cpu_affinity 01 10; {% elif grains['num_cpus'] == 4 %} worker_cpu_affinity 1000 0100 0010 0001; {% elif grains['num_cpus'] >= 8 %} worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000; {% else %} worker_cpu_affinity 1000 0100 0010 0001; {% endif %} worker_rlimit_nofile {{ grains['max_open_file'] }}; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { worker_connections {{ grains['max_open_file'] }}; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; # Load config files from the /etc/nginx/conf.d directory # The default server is in conf.d/default.conf #include /etc/nginx/conf.d/*.conf; server { listen 80 default_server; server_name _; #charset koi8-r; #access_log logs/host.access.log main; location / { root {{ pillar['nginx']['root'] }}; index index.html index.htm; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } } |
4)同步配置
#salt '*' state.highstate
(由于非第一次运行,看不到配置文件比对的信息)
5)验证结果:
1、登录root@SN2013-08-021
#vi /etc/nginx/nginx.conf
2、登录root@SN2012-07-010
#vi /etc/nginx/nginx.conf
|