企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

一.saltstack配置keepalived + apache

编写keepalived的saltstack配置,安装服务,修改配置文件,声明文件配置中调用pillar的值,启动keepalived服务

 cd /srv/salt/keepalived
vim init.sls
kp-install:
  pkg.installed:
    - name: keepalived

  file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://keepalived/keepalived.conf
    - template: jinja
    - context:
      STATE: {{ pillar['state'] }}
      VRID: {{ pillar['vrid'] }}
      PRI: {{pillar['pri'] }}

  service.running:
    - name: keepalived
    - reload: true
    - watch:
      - file: kp-install

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
修改keepalived配置文件,调用生命的变量

vim keepalived.conf

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
将keepalived加到top中,为了不同角色执行不同的自动化部署

cd /srv/salt
cat top.sls
base:
  'roles:apache':
    - match: grain	
    - apache
    - keepalived
  'roles:nginx':
    - match: grain
    - apache
    - keepalived

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
pillar配置

cd /srv/pillar
vim kp.sls
{% if grains['fqdn'] == 'server2' %}
state: MASTER
vrid: 5
pri: 100
{% elif grains['fqdn'] == 'server3' %}
state: BACKUP
vrid: 5
pri: 50 
{% endif %}

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
将pillar中新写的kp.sls 添加到top中

cat top.sls
base:
  '*':

    - pkgs
    - kp

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

salt '*' saltutil.sync_grains # 同步本机服务到minion服务端
salt '*' state.highstate # 执行highstate调用top.sls

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
查看到server2的虚拟ip已经部署成功
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
访问 172.25.5.100:80端口,访问成功,keepalived配置成功
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

二、job缓存salt操作到mysql

minion配置job缓存到mysql

server1:

安装mysql数据库server端

yum install -y mariadb-server

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
启动服务并进行安全初始化,设定数据库root用户密码

systemctl start mariadb
mysql_secure_installation

安全初始化后进入数据库

mysql -pwestos

vim test.sql

CREATE DATABASE  `salt`
  DEFAULT CHARACTER SET utf8
  DEFAULT COLLATE utf8_general_ci;

USE `salt`;

--
-- Table structure for table `jids`
--

DROP TABLE IF EXISTS `jids`;
CREATE TABLE `jids` (
  `jid` varchar(255) NOT NULL,
  `load` mediumtext NOT NULL,
  UNIQUE KEY `jid` (`jid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_returns`
--

DROP TABLE IF EXISTS `salt_returns`;
CREATE TABLE `salt_returns` (
  `fun` varchar(50) NOT NULL,
  `jid` varchar(255) NOT NULL,
  `return` mediumtext NOT NULL,
  `id` varchar(255) NOT NULL,
  `success` varchar(10) NOT NULL,
  `full_ret` mediumtext NOT NULL,
  `alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  KEY `id` (`id`),
  KEY `jid` (`jid`),
  KEY `fun` (`fun`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- Table structure for table `salt_events`
--

DROP TABLE IF EXISTS `salt_events`;
CREATE TABLE `salt_events` (
`id` BIGINT NOT NULL AUTO_INCREMENT,
`tag` varchar(255) NOT NULL,
`data` mediumtext NOT NULL,
`alter_time` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
`master_id` varchar(255) NOT NULL,
PRIMARY KEY (`id`),
KEY `tag` (`tag`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;





将测试文件导入mysql,进入salt库中查看

mysql -pwestos < test.sql
mysql -pwestos salt

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
授权salt用户远程操作salt.*表的所有操作。

 use salt;
grant all on salt.* to salt@localhost identified by 'salt';
 grant all on salt.* to salt@'%' identified by 'salt';

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
server2: minion端配置
vim /etc/salt/minion

return: mysql
mysql.host: '172.25.5.1'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306

重启服务,安装mysql-python模块

systemctl restart salt-minion.service

yum install -y MySQL-python.x86_64

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
server1
等待server2中配置成功后测试

salt server2 test.ping --return mysql

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
进入数据库查看
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

master端job配置

yum install -y MySQL-python.x86_

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

cd /etc/salt/
vim master
master_job_cache: mysql
mysql.host: 'localhost'
mysql.user: 'salt'
mysql.pass: 'salt'
mysql.db: 'salt'
mysql.port: 3306

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
测试:

salt '*' test.ping

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
进入数据库查看

mysql -p westos  salt
 select * from salt_returns\G;

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

三.salt-ssh

salt-ssh 特点:
salt-ssh可以独立运行的,不需要minion端。
salt-ssh 用的是sshpass进行密码交互的。
以串行模式工作,性能下降。

首先在server3上停掉salt-minion
server3

systemctl  stop  salt-mimiom

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
server1

yum install salt-ssh

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
编辑配置文件

cd /etc/salt/
vim roster
server3:
 host: 172.25.5.3
 user: root
 passwd: westos

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
测试:

salt-ssh '*' test.ping

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

四.salt-syndic

首先准备一个全新的虚拟机server4
server4

yum install salt-maste -y

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

cd /etc/salt/
vim master
order_masters: True

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
启动服务

systemctl start salt-master.service

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
server1

yum install -y salt-syndic

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
将master 指向top-master

cd /etc/salt
vim master
syndic_master: 172.25.5.4

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

systemctl restart salt-master.service

systemctl start salt-syndic.service

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
等待server1配置完成之后
server4:
查看清单

salt-key -L

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

添加server1

salt-key -A
salt-key -L

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
测试:在topmaster端执行master的salt

salt '*' state.sls keepalived

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

saly '*' test.ping

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

五.api

yum install -y salt-api

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
生成秘钥和证书

cd /etc/pki/tls/privat
openssl genrsa 1024 > localhost.key
cd /etc/pki/tls/certs/
make testcert

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

cd /etc/salt/master.d/
vim api.conf


rest_cherrypy:
  port: 8000
  ssl_crt: /etc/pki/tls/certs/localhost.crt
  ssl_key: /etc/pki/tls/private/localhost.key


企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

vim /etc/salt/master.d/auth.conf
external_auth:
  pam:
    saltapi:
      - .*
      - '@wheel'
      - '@runner'
      - '@jobs'


企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
添加saltapi用户

useradd saltapi
echo westos|passwd --stdin saltapi

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
启动服务,查看端口8000

systemctl restart salt-master.service
systemctl start salt-api
netstat -antlp|grep :8000

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
认证:

curl -sSk https://172.25.5.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d
password=westos -d eauth=pam

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api
测试:

curl -sSk https://172.25.5.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token:
2ef3fcf4a56a27c8c1eb8dc0c53077d0aabacaf6' -d username=saltapi -d password=westos -d
client=local -d tgt='*' -d fun=test.ping

企业入门实战--Saltstack之 saltstack配置keepalived、salt-job、salt-syndic、salt-api

上一篇:keeplived+mycat+mysql高可用读写分离水平分表(谁看谁都会)


下一篇:Mycat集群用 HAProxy + Keepalived