企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
一.saltstack配置keepalived + apache
编写keepalived的saltstack配置,安装服务,修改配置文件,声明文件配置中调用pillar的值,启动keepalived服务
cd /srv/salt/keepalived
vim init.sls
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRI: {{pillar['pri'] }}
service.running:
- name: keepalived
- reload: true
- watch:
- file: kp-install
修改keepalived配置文件,调用生命的变量
vim keepalived.conf
将keepalived加到top中,为了不同角色执行不同的自动化部署
cd /srv/salt
cat top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- apache
- keepalived
pillar配置
cd /srv/pillar
vim kp.sls
{% if grains['fqdn'] == 'server2' %}
state: MASTER
vrid: 5
pri: 100
{% elif grains['fqdn'] == 'server3' %}
state: BACKUP
vrid: 5
pri: 50
{% endif %}
将pillar中新写的kp.sls 添加到top中
cat top.sls
base:
'*':
- pkgs
- kp
salt '*' saltutil.sync_grains # 同步本机服务到minion服务端
salt '*' state.highstate # 执行highstate调用top.sls
查看到server2的虚拟ip已经部署成功
访问 172.25.5.100:80端口,访问成功,keepalived配置成功
二、job缓存salt操作到mysql
minion配置job缓存到mysql
server1:
安装mysql数据库server端
yum install -y mariadb-server
启动服务并进行安全初始化,设定数据库root用户密码
systemctl start mariadb
mysql_secure_installation
安全初始化后进入数据库
mysql -pwestos
vim test.sql
CREATE DATABASE `salt`
DEFAULT CHARACTER SET utf8
DEFAULT COLLATE utf8_general_ci;
USE `salt`;
--
-- Table structure for table `jids`
--
DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
`jid` varchar(255) NOT NULL,
`load` mediumtext NOT NULL,
UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_returns`
--
DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
`fun` varchar(50) NOT NULL,
`jid` varchar(255) NOT NULL,
`return` mediumtext NOT NULL,
`id` varchar(255) NOT NULL,
`success` varchar(10) NOT NULL,
`full_ret` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
KEY `id` (`id`),
KEY `jid` (`jid`),
KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
--
-- Table structure for table `salt_events`
--
DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
将测试文件导入mysql,进入salt库中查看
mysql -pwestos < test.sql
mysql -pwestos salt
授权salt用户远程操作salt.*表的所有操作。
use salt;
grant all on salt.* to salt@localhost identified by 'salt';
grant all on salt.* to salt@'%' identified by 'salt';
server2: minion端配置
vim /etc/salt/minion
return: mysql
mysql.host: '172.25.5.1'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
重启服务,安装mysql-python模块
systemctl restart salt-minion.service
yum install -y MySQL-python.x86_64
server1
等待server2中配置成功后测试
salt server2 test.ping --return mysql
进入数据库查看
master端job配置
yum install -y MySQL-python.x86_
cd /etc/salt/
vim master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306
测试:
salt '*' test.ping
进入数据库查看
mysql -p westos salt
select * from salt_returns\G;
三.salt-ssh
salt-ssh 特点:
salt-ssh可以独立运行的,不需要minion端。
salt-ssh 用的是sshpass进行密码交互的。
以串行模式工作,性能下降。
首先在server3上停掉salt-minion
server3
systemctl stop salt-mimiom
server1
yum install salt-ssh
编辑配置文件
cd /etc/salt/
vim roster
server3:
host: 172.25.5.3
user: root
passwd: westos
测试:
salt-ssh '*' test.ping
四.salt-syndic
首先准备一个全新的虚拟机server4
server4
yum install salt-maste -y
cd /etc/salt/
vim master
order_masters: True
启动服务
systemctl start salt-master.service
server1
yum install -y salt-syndic
将master 指向top-master
cd /etc/salt
vim master
syndic_master: 172.25.5.4
systemctl restart salt-master.service
systemctl start salt-syndic.service
等待server1配置完成之后
server4:
查看清单
salt-key -L
添加server1
salt-key -A
salt-key -L
测试:在topmaster端执行master的salt
salt '*' state.sls keepalived
saly '*' test.ping
五.api
yum install -y salt-api
生成秘钥和证书
cd /etc/pki/tls/privat
openssl genrsa 1024 > localhost.key
cd /etc/pki/tls/certs/
make testcert
cd /etc/salt/master.d/
vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
vim /etc/salt/master.d/auth.conf
external_auth:
pam:
saltapi:
- .*
- '@wheel'
- '@runner'
- '@jobs'
添加saltapi用户
useradd saltapi
echo westos|passwd --stdin saltapi
启动服务,查看端口8000
systemctl restart salt-master.service
systemctl start salt-api
netstat -antlp|grep :8000
认证:
curl -sSk https://172.25.5.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d
password=westos -d eauth=pam
测试:
curl -sSk https://172.25.5.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token:
2ef3fcf4a56a27c8c1eb8dc0c53077d0aabacaf6' -d username=saltapi -d password=westos -d
client=local -d tgt='*' -d fun=test.ping