SaltStack介绍-SaltStack实战(六)

2020年7月27日13:16:14SaltStack介绍-SaltStack实战(六)已关闭评论 169 views

1.1 SaltStack安装tomcat

1.1.1 准备工作

1.1.1.1 上传tomcat文件

1
2
3
[root@linux-node01 ~]# ll -h /srv/salt/base/web/files/
total 9.3M
-rw-r--r-- 1 root root 9.3M Jul 15  2019 apache-tomcat-8.5.43.tar.gz

1.1.2 创建sls配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
[root@linux-node01 ~]# vim /srv/salt/base/web/jdk.sls
jdk-install:
  pkg.installed:
    - name: java-1.8.0-openjdk

[root@linux-node01 ~]# vim /srv/salt/base/web/tomcat.sls
include:
  - web.jdk

tomcat-group:
  group.present:
    - name: java
    - gid: 1002

tomcat-user:
  user.present:
    - name: java
    - home: /home/java
    - uid: 1002
    - gid: 1002
    - require:
      - group: tomcat-group
#  user.absent:
#    - name: java
#    - purge: True

tomcat-install:
  file.managed:
    - name: /server/tools/apache-tomcat-8.5.43.tar.gz
    - source: salt://web/files/apache-tomcat-8.5.43.tar.gz
    - user: root
    - group: root
    - mode: 755
    - require:
      - user: tomcat-user
  cmd.run:
    - name: cd /server/tools/ && tar xf apache-tomcat-8.5.43.tar.gz && mv apache-tomcat-8.5.43 /home/java/tomcat-8.5.43
    - unless: test -d /home/java/tomcat-8.5.43

tomcat-security:
  file.directory:
    - name: /home/java/tomcat-8.5.43
    - user: java
    - group: java
    - dir_mode: 755
    - file_mode: 644
    - recurse:
      - user
      - group
    - require:
      - cmd: tomcat-install

1.1.3 运行批量管理

1
2
3
4
5
6
7
8
9
[root@linux-node01 ~]# salt '*' state.sls web.tomcat
……
Summary for linux-node01
------------
Succeeded: 6 (changed=6)
Failed:    0
------------
Total states run:     6
Total run time:  61.689 s

1.2 SaltStack部署LAMP环境

1.2.1 准备工作

1.2.1.1 创建apache配置文件

1
2
3
4
5
6
7
8
9
10
11
[root@linux-node01 ~]# vim /srv/salt/base/web/files/httpd.conf
// 添加apache认证相关内容
<Directory "/var/www/html/admin">
    AllowOverride All
    Order allow,deny
    Allow from All
    AuthUserFile /etc/httpd/conf/htpasswd_file
    AuthName "admin"
    AuthType Basic
    Require user admin
</Directory>

1.2.1.2 创建Mysql初始化文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@linux-node01 ~]# vim /srv/salt/base/web/files/mysql_secure_installation
258 #       echo $echo_n "Enter current password for root (enter for none): $echo_c"
259 #       read password
260        password=""
280 #    read password1
281     password1="123456"
284 #    read password2
285     password2="123456"
406 touch /etc/mysql_secure_installation.lock
425 #    read reply
426     reply='Y'
455 #    read reply
456     reply='Y'
476 #    read reply
477     reply='Y'
499 #    read reply
500     reply='Y'
522 #    read reply
523     reply='Y'

1.2.1.3 创建php初始化文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@linux-node01 ~]# vim /srv/salt/base/web/files/php.ini
[PHP]
engine = On
short_open_tag = Off
asp_tags = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
……
[sysvshm]
[ldap]
ldap.max_links = -1
[mcrypt]
[dba]

[root@linux-node01 ~]# tree /srv/salt/base/web/files/
/srv/salt/base/web/files/
├── apache-conf.d
│   ├── autoindex.conf
│   ├── README
│   ├── userdir.conf
│   └── welcome.conf
├── httpd.conf
├── mysql_secure_installation
└── php.ini

1.2.2 创建sls配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
[root@linux-node01 ~]# vim /srv/salt/base/web/lamp.sls
lamp-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - php-pdo
      - php-mysql
      - mariadb-server

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://web/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: lamp-install

apache-auth:
  pkg.installed:
    - name: httpd-tools
    - require_in:
      - cmd: apache-auth
  cmd.run:
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
    - unless: test -f /etc/httpd/conf/htpasswd_file

apache-conf:
  file.recurse:
    - name: /etc/httpd/conf.d
    - source: salt://web/files/apache-conf.d
    - watch_in:
      - service: apache-service

/etc/php.ini:
  file.managed:
    - source: salt://web/files/php.ini
    - user: root
    - group: root
    - mode: 644
    - watch_in:
      - service: apache-service

mysql-config:
  file.managed:
    - name: /server/scripts/mysql_secure_installation
    - source: salt://web/files/mysql_secure_installation
  cmd.run:
    - name: sh /server/scripts/mysql_secure_installation
    - unless: test -f /etc/mysql_secure_installation.lock

apache-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config

mysql-service:
  service.running:
    - name: mariadb
    - enable: True
    - watch:
      - file: mysql-config

1.2.3 运行批量管理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@linux-node01 ~]# vim /srv/salt/base/top.sls
base:
  'linux-node01':
    - web.lamp
  'linux-node02':
    - web.lamp

[root@linux-node01 ~]# salt '*' state.highstate test=True
[root@linux-node01 ~]# salt '*' state.highstate
……
Summary for linux-node01
-------------
Succeeded: 10
Failed:     0
-------------
Total states run:     10
Total run time:    1.791 s
……
Summary for linux-node02
-------------
Succeeded: 10
Failed:     0
-------------
Total states run:     10
Total run time:    2.100 s

1.3 SaltStack部署zabbix-agent

1.3.1 准备工作

1.3.1.1 创建配置文件目录

1
[root@linux-node01 ~]# mkdir -p /srv/salt/base/{init,zabbix,logstash,web}/files

1.3.1.2 下载需要用到的文件

1
2
[root@linux-node01 ~]# cd /srv/salt/base/init/files/
[root@linux-node01 files]# wget http://mirrors.aliyun.com/repo/epel-7.repo

1.3.1.3 编辑相关模板配置文件

1
2
3
4
5
[root@linux-node01 ~]# vim /srv/salt/base/zabbix/files/zabbix_agentd.conf
96 Server={{ ZABBIX_SERVER }}
137 ServerActive={{ ZABBIX_SERVER }}
148 Hostname={{ AGENT_HOSTNAME }}
267 Include=/etc/zabbix_agentd.conf.d/

1.3.1.4 准备文件

1
2
3
4
5
6
7
8
9
10
11
[root@linux-node01 ~]# tree /srv/salt/base/
/srv/salt/base/
├── init
│   ├── files
│   │   └── epel-7.repo
│   └── yum-repo.sls
├── top.sls
└── zabbix
    ├── files
    │   └── zabbix_agentd.conf
    └── zabbix-agent.sls

1.3.2 创建sls配置文件

1.3.2.1 编辑repo的sls文件

1
2
3
4
5
6
7
8
[root@linux-node01 ~]# vim /srv/salt/base/init/yum-repo.sls
epel-repo:
  file.managed:
    - name: /etc/yum.repos.d/epel.repo
    - source: salt://init/files/epel-7.repo
    - user: root
    - group: root
    - mode: 644

1.3.2.2 编辑zabbix-agent的sls文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
[root@linux-node01 ~]# vim /srv/salt/base/zabbix/zabbix-agent.sls
include:
  - init.yum-repo

zabbix-agent:
  pkg.installed:
    - name: zabbix40-agent
    - require:
      - file: epel-repo
  file.managed:
    - name: /etc/zabbix_agentd.conf
    - source: salt://zabbix/files/zabbix_agentd.conf
    - user: root
    - group: root
    - mode: 644
    - template: jinja
    - defaults:
      ZABBIX_SERVER: 10.10.10.101
      AGENT_HOSTNAME: {{ grains['fqdn'] }}
    - require:
      - pkg: zabbix-agent
  service.running:
    - name: zabbix-agent
    - enable: True
    - watch:
      - file: zabbix-agent
      - pkg: zabbix-agent

/etc/zabbix_agentd.conf.d:
  file.directory:
    - watch_in:
      - service: zabbix-agent
    - require:
      - pkg: zabbix-agent
      - file: zabbix-agent

1.3.2.3 编辑top.sls文件

1
2
3
4
5
6
[root@linux-node01 ~]# vim /srv/salt/base/top.sls
base:
  'linux-node01':
    - zabbix.zabbix-agent
  'linux-node02':
    - zabbix.zabbix-agent

1.3.3 运行批量管理

1
2
[root@linux-node01 ~]# salt '*' state.highstate test=True
[root@linux-node01 ~]# salt '*' state.highstate
weinxin
我的微信
如果有技术上的问题可以扫一扫我的微信