SaltStack介绍-SaltStack实战(六)

2020年7月27日13:16:14SaltStack介绍-SaltStack实战(六)已关闭评论 736 views

1.1 SaltStack安装tomcat

1.1.1 准备工作

1.1.1.1 上传tomcat文件

1
2
3
[root@linux-node01 ~]# ll -h /srv/salt/base/web/files/
total 9.3M
-rw-r--r-- 1 root root 9.3M Jul 15 2019 apache-tomcat-8.5.43.tar.gz

1.1.2 创建sls配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
[root@linux-node01 ~]# vim /srv/salt/base/web/jdk.sls
jdk-install:
pkg.installed:
- name: java-1.8.0-openjdk

[root@linux-node01 ~]# vim /srv/salt/base/web/tomcat.sls
include:
- web.jdk

tomcat-group:
group.present:
- name: java
- gid: 1002

tomcat-user:
user.present:
- name: java
- home: /home/java
- uid: 1002
- gid: 1002
- require:
- group: tomcat-group
# user.absent:
# - name: java
# - purge: True

tomcat-install:
file.managed:
- name: /server/tools/apache-tomcat-8.5.43.tar.gz
- source: salt://web/files/apache-tomcat-8.5.43.tar.gz
- user: root
- group: root
- mode: 755
- require:
- user: tomcat-user
cmd.run:
- name: cd /server/tools/ && tar xf apache-tomcat-8.5.43.tar.gz && mv apache-tomcat-8.5.43 /home/java/tomcat-8.5.43
- unless: test -d /home/java/tomcat-8.5.43

tomcat-security:
file.directory:
- name: /home/java/tomcat-8.5.43
- user: java
- group: java
- dir_mode: 755
- file_mode: 644
- recurse:
- user
- group
- require:
- cmd: tomcat-install

1.1.3 运行批量管理

1
2
3
4
5
6
7
8
9
[root@linux-node01 ~]# salt '*' state.sls web.tomcat
……
Summary for linux-node01
------------
Succeeded: 6 (changed=6)
Failed: 0
------------
Total states run: 6
Total run time: 61.689 s

1.2 SaltStack部署LAMP环境

1.2.1 准备工作

1.2.1.1 创建apache配置文件

1
2
3
4
5
6
7
8
9
10
11
[root@linux-node01 ~]# vim /srv/salt/base/web/files/httpd.conf
// 添加apache认证相关内容
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from All
AuthUserFile /etc/httpd/conf/htpasswd_file
AuthName "admin"
AuthType Basic
Require user admin
</Directory>

1.2.1.2 创建Mysql初始化文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@linux-node01 ~]# vim /srv/salt/base/web/files/mysql_secure_installation
258 # echo $echo_n "Enter current password for root (enter for none): $echo_c"
259 # read password
260 password=""
280 # read password1
281 password1="123456"
284 # read password2
285 password2="123456"
406 touch /etc/mysql_secure_installation.lock
425 # read reply
426 reply='Y'
455 # read reply
456 reply='Y'
476 # read reply
477 reply='Y'
499 # read reply
500 reply='Y'
522 # read reply
523 reply='Y'

1.2.1.3 创建php初始化文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@linux-node01 ~]# vim /srv/salt/base/web/files/php.ini
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
……
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]

[root@linux-node01 ~]# tree /srv/salt/base/web/files/
/srv/salt/base/web/files/
├── apache-conf.d
│ ├── autoindex.conf
│ ├── README
│ ├── userdir.conf
│ └── welcome.conf
├── httpd.conf
├── mysql_secure_installation
└── php.ini

1.2.2 创建sls配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
[root@linux-node01 ~]# vim /srv/salt/base/web/lamp.sls
lamp-install:
pkg.installed:
- pkgs:
- httpd
- php
- php-pdo
- php-mysql
- mariadb-server

apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
- require:
- pkg: lamp-install

apache-auth:
pkg.installed:
- name: httpd-tools
- require_in:
- cmd: apache-auth
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file

apache-conf:
file.recurse:
- name: /etc/httpd/conf.d
- source: salt://web/files/apache-conf.d
- watch_in:
- service: apache-service

/etc/php.ini:
file.managed:
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
- watch_in:
- service: apache-service

mysql-config:
file.managed:
- name: /server/scripts/mysql_secure_installation
- source: salt://web/files/mysql_secure_installation
cmd.run:
- name: sh /server/scripts/mysql_secure_installation
- unless: test -f /etc/mysql_secure_installation.lock

apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config

mysql-service:
service.running:
- name: mariadb
- enable: True
- watch:
- file: mysql-config

1.2.3 运行批量管理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@linux-node01 ~]# vim /srv/salt/base/top.sls
base:
'linux-node01':
- web.lamp
'linux-node02':
- web.lamp

[root@linux-node01 ~]# salt '*' state.highstate test=True
[root@linux-node01 ~]# salt '*' state.highstate
……
Summary for linux-node01
-------------
Succeeded: 10
Failed: 0
-------------
Total states run: 10
Total run time: 1.791 s
……
Summary for linux-node02
-------------
Succeeded: 10
Failed: 0
-------------
Total states run: 10
Total run time: 2.100 s

1.3 SaltStack部署zabbix-agent

1.3.1 准备工作

1.3.1.1 创建配置文件目录

1
[root@linux-node01 ~]# mkdir -p /srv/salt/base/{init,zabbix,logstash,web}/files

1.3.1.2 下载需要用到的文件

1
2
[root@linux-node01 ~]# cd /srv/salt/base/init/files/
[root@linux-node01 files]# wget http://mirrors.aliyun.com/repo/epel-7.repo

1.3.1.3 编辑相关模板配置文件

1
2
3
4
5
[root@linux-node01 ~]# vim /srv/salt/base/zabbix/files/zabbix_agentd.conf
96 Server={{ ZABBIX_SERVER }}
137 ServerActive={{ ZABBIX_SERVER }}
148 Hostname={{ AGENT_HOSTNAME }}
267 Include=/etc/zabbix_agentd.conf.d/

1.3.1.4 准备文件

1
2
3
4
5
6
7
8
9
10
11
[root@linux-node01 ~]# tree /srv/salt/base/
/srv/salt/base/
├── init
│ ├── files
│ │ └── epel-7.repo
│ └── yum-repo.sls
├── top.sls
└── zabbix
├── files
│ └── zabbix_agentd.conf
└── zabbix-agent.sls

1.3.2 创建sls配置文件

1.3.2.1 编辑repo的sls文件

1
2
3
4
5
6
7
8
[root@linux-node01 ~]# vim /srv/salt/base/init/yum-repo.sls
epel-repo:
file.managed:
- name: /etc/yum.repos.d/epel.repo
- source: salt://init/files/epel-7.repo
- user: root
- group: root
- mode: 644

1.3.2.2 编辑zabbix-agent的sls文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@linux-node01 ~]# vim /srv/salt/base/zabbix/zabbix-agent.sls
include:
- init.yum-repo

zabbix-agent:
pkg.installed:
- name: zabbix40-agent
- require:
- file: epel-repo
file.managed:
- name: /etc/zabbix_agentd.conf
- source: salt://zabbix/files/zabbix_agentd.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
ZABBIX_SERVER: 10.10.10.101
AGENT_HOSTNAME: {{ grains['fqdn'] }}
- require:
- pkg: zabbix-agent
service.running:
- name: zabbix-agent
- enable: True
- watch:
- file: zabbix-agent
- pkg: zabbix-agent

/etc/zabbix_agentd.conf.d:
file.directory:
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent

1.3.2.3 编辑top.sls文件

1
2
3
4
5
6
[root@linux-node01 ~]# vim /srv/salt/base/top.sls
base:
'linux-node01':
- zabbix.zabbix-agent
'linux-node02':
- zabbix.zabbix-agent

1.3.3 运行批量管理

1
2
[root@linux-node01 ~]# salt '*' state.highstate test=True
[root@linux-node01 ~]# salt '*' state.highstate
weinxin
我的微信
如果有技术上的问题可以扫一扫我的微信