Saltstack (grains、pillar、jinja模版、haproy+keeplived)
配置内容接上篇redhat6.5
server1 172.25.29.1 salt-master
server2 172.25.29.2 salt-minionhaproy+keeplived
server3 172.25.29.3 salt-minionnginx
server4 172.25.29.4 salt-minionnginx
server5 172.25.29.5 salt-minionhaproy+keeplived
做之前配置好本地解析
一.Grains
grains是minion第一次启动的时候采集的静态数据,可以用在salt的模块和其他组件中。其实grains在每次的minion启动(重启)的时候都会采集,即向master汇报一次的。
二.minion端配置grains
修改server3和server4的salt-minion,设定nginx角色
https://s4.51cto.com/wyfs02/M01/A7/85/wKioL1nn_1rDrL9OAABRjj5OhJg633.png
在server3和server4的/etc/salt下创建grains,内容如下
https://s2.51cto.com/wyfs02/M00/08/D6/wKiom1noAhCifBzBAAALzLkvZYo084.png
https://s2.51cto.com/wyfs02/M02/A7/85/wKioL1nn_1vxFUtvAABUNPZp9xE935.png
https://s2.51cto.com/wyfs02/M01/08/D6/wKiom1noAhGDwTwQAABdDQ2DYNo047.png
3.测试grains的数据
https://s2.51cto.com/wyfs02/M00/08/D6/wKiom1noAhDTuDRwAAAz_Y_M0Rg095.png
https://s2.51cto.com/wyfs02/M02/A7/85/wKioL1nn_1zy1gITAAAyNmtdVLQ100.png
4.修改top.sls文件并推送
https://s2.51cto.com/wyfs02/M01/08/D6/wKiom1noAhLgZByMAAAeSD8uhMw294.png
https://s2.51cto.com/wyfs02/M00/A7/85/wKioL1nn_1yRhzMIAAApu_PtUAQ337.png
推送成功
https://s2.51cto.com/wyfs02/M01/A7/85/wKioL1nn_13wFvh4AAA9ADblzG4383.png
三.mster端配置grains,不用重启服务
1.在master端创建_grains文件
https://s1.51cto.com/wyfs02/M02/A7/86/wKioL1noBNKzwE7uAABE8gXbiLI403.png
https://s2.51cto.com/wyfs02/M00/08/D6/wKiom1noAhPB3EQFAAAwOrVrNtc741.png
2.修改server3和server4的grains或者是删除grains文件,做到不影响下面master这边的grains
https://s2.51cto.com/wyfs02/M01/08/D6/wKiom1noBkujz0y7AAARVjMALDI233.png
https://s2.51cto.com/wyfs02/M02/A7/86/wKioL1noA5WQsBCOAAAwq_NddSA063.png
https://s2.51cto.com/wyfs02/M00/A7/86/wKioL1noA5aSxv00AABKIuRFC_o885.png
2.向server3和server4同步grains
https://s2.51cto.com/wyfs02/M01/08/D7/wKiom1noBkzCvPVgAABmhqBvLII814.png
查看server3和server4的salt缓存
https://s3.51cto.com/wyfs02/M00/A7/86/wKioL1noA62zP00bAABoENh_Bdg148.png
https://s5.51cto.com/wyfs02/M02/08/D7/wKiom1noBmOyfyH6AAA9kH8vQ1A933.png
3.修改top.sls推送文件
https://s5.51cto.com/wyfs02/M02/08/D7/wKiom1noBmOg5r4YAAArQYsa-BM614.png
推送成功
https://s5.51cto.com/wyfs02/M01/A7/86/wKioL1noA67jVrh5AAA9mrWblUo962.png
四.pillar用法
grain和pillar区别
(1)grains存储的是静态、不常变化的内容,pillar则相反
(2)grains是存储在minion本地,而pillar存储在master本地
(3)minion有权限操作自己的grains值,如增加、删除,但minion只能查看自己的pillar,无权修改
1.配置pillar
修改server1上的master配置文件,开通pillar base目录,可以与grains共存
https://s3.51cto.com/wyfs02/M00/08/D7/wKiom1noCpvz_do7AABOWPYybo0071.png
https://s4.51cto.com/wyfs02/M02/08/D7/wKiom1noCpyzDzpAAAAkiq7fkrw372.png
采集主机名
https://s4.51cto.com/wyfs02/M02/A7/86/wKioL1noB-bD9E1LAAApSZVN5Uk101.png
2.设置不同的主机名推送安装不同的服务
https://s3.51cto.com/oss/201710/19/83bdbca2fb202d162b2a8dbb00e258a5.png
https://s4.51cto.com/wyfs02/M01/08/D7/wKiom1noCpzBc8x4AAA9gfOVwxQ003.png
https://s5.51cto.com/wyfs02/M02/08/D7/wKiom1noCp2SBG4oAABDKAv_2_8063.png
3.在pillar下创建一个新的top.sls推送文件
https://s5.51cto.com/wyfs02/M01/A7/86/wKioL1noB-fAM5HGAAAktogPIzo402.png
刷新
https://s5.51cto.com/wyfs02/M01/A7/86/wKioL1noB-iToHWEAAAhX_GLDJo347.png
4.检测和查看的相关命令
查看采集的推送项目,按照不同的主机名通过pillar下的web.sls做不同的事情
https://s3.51cto.com/wyfs02/M00/08/D7/wKiom1noCp6RNPiqAAAoGQ_IHr8656.png
https://s5.51cto.com/wyfs02/M00/08/D7/wKiom1noCp6RFNNRAAAoY9kVPPc399.png
https://s3.51cto.com/wyfs02/M02/A7/86/wKioL1noB-igjYqFAAAYetvDo_0727.png
https://s3.51cto.com/wyfs02/M01/08/D7/wKiom1noCp-T1upYAAAndpLgkuw468.png
通过salt采集server3开启的服务
https://s1.51cto.com/oss/201710/19/27a6aa7c0cf5909452dc220ad563d5a1.png
远程重启server3的nginx服务
https://s1.51cto.com/oss/201710/19/f2787861f76b5f08943e8cf9db9957a9.png
将master server1上的文件群传给minion端
https://s5.51cto.com/oss/201710/19/dbeb81fa956690b2435014414d43be91.png
群查看minion的/tmp下的文件,已经传过来了
https://s1.51cto.com/oss/201710/19/78f84c9ccdf0c07d3d817655164895c0.png
远程查看passwd文件
https://s1.51cto.com/oss/201710/19/38175a0e4342a9fe2df201651a2c2e2b.png
远程给server4安装htppd文档
https://s1.51cto.com/oss/201710/19/3433fe48a398690640601139822159ee.png
远程给server4安装losf工具
https://s5.51cto.com/oss/201710/19/c525c7f9e2719ae58d4ed7d7fdf9cd6e.png
五.jinja模版的使用
Jinja是基于python的模板引擎,在saltstack中我们使用yaml_jinja渲染器来根据模板生产对应的配置文件,对于不同的操作系统或者不同的情况通过jinja可以让配置文件或者操作形成一种模板的编写方式。
模版文件里面变量使用{{名称}},例如`PORT`
变量使用Grains:{{ grains['fqdn_ip4'] }}
变量使用执行模块:{{ salt['network.hw_addr']('eth0') }}
变量使用Pillar:{{ pillar['apache']['PORT'] }}
1.jinja模版配置
以httpd下的web.sls为例,添加模版,端口,地址
https://s3.51cto.com/oss/201710/19/2c4b64885d7d1b207c688e22560bc255.png
https://s3.51cto.com/oss/201710/19/c59d2250ef5f486b273c9f6b05cb1d79.png
2.修改files下的httpd.conf配置文件为变量格式
https://s3.51cto.com/oss/201710/19/9b4d803d696b8f58b1255235d903cb09.png
https://s3.51cto.com/oss/201710/19/b39c2bd0df68d7dfacefc14d2bec67da.png
3.用jinja模版推送httpd服务
https://s2.51cto.com/oss/201710/19/3de900caf2da425501bb495ce9ceff8a.png
https://s5.51cto.com/oss/201710/19/5bcbf7296ca2275b9d5635b7d6f3e7e3.png
server3 httpd服务8080端口正常
https://s2.51cto.com/oss/201710/19/8bb60d24cc061af748c73a00ae39a404.png
六.jinja模版的另外三种实现方法
1.方法一
https://s3.51cto.com/oss/201710/19/97240df02f74c4ee98f0f0b753e9660e.png
在httpd.conf配置文件的最上面添加变量模块
https://s3.51cto.com/oss/201710/19/3a985f315faba9d62b3c268e3f6588d2.png
下面的监听端口上按python的方式取值
https://s5.51cto.com/oss/201710/19/f663127ab2e054ec64fbfa3ed3dbe53c.png
在files下面新建 vim lib.sls
https://s3.51cto.com/oss/201710/19/ac59b507754da94267dd33e5ca8ba746.png
将之前的web.sls里的template下面注释掉
https://s4.51cto.com/oss/201710/19/087be2e6cded173f147051dd74d569f6.png
用jinja模版给server3推送httpd服务
https://s3.51cto.com/oss/201710/19/950e82cdf60a7f1d41cdfad52fa38295.png
https://s1.51cto.com/oss/201710/19/13695c0047eaa33cfd9b130df30e7675.png
2.方法二
将httpd.conf里刚才上面写的删除,因为会与下面的这个方法冲突
https://s3.51cto.com/oss/201710/19/699a115b43c730e0c0eb054f5a5a526a.png
监听端口修改为下图所示
https://s5.51cto.com/oss/201710/19/110d41e93c1c43036950bc4ff9d4e17c.png
将web.sls文件修改为以下设置
https://s5.51cto.com/oss/201710/19/668da8be45933277b434ee0962f48280.png
vim lib.sls
https://s1.51cto.com/oss/201710/19/7016ac7e61850ef614a2f57244539d42.png
https://s5.51cto.com/oss/201710/19/785afab0620824a1e289bd26ec9df75a.png
方法三:使用pillar
进入到pillar的base目录下
https://s5.51cto.com/oss/201710/19/e7e25687912cd21690709b01fc602cb7.png
(1)配置文件第一种写法
https://s1.51cto.com/oss/201710/19/073bb5260bbc9990bfb37b93802e6384.png
vim httpd.conf
https://s4.51cto.com/oss/201710/19/b86a1d9dd2ed72166d926d32cd96dfa9.png
(2)配置文件第二种写法
https://s2.51cto.com/oss/201710/19/60f1315740249680ca8a41f60346101f.png
vim httpd.conf
https://s4.51cto.com/oss/201710/19/66646871073e27a8e2b4df21e6e766f2.png
推送
https://s4.51cto.com/oss/201710/19/6414fe1cec7961fd7b1c436a003c7a98.png
salt server4 state.sls httpd.web
https://s2.51cto.com/oss/201710/19/898df26e606ee0da2a1b6efb33d760b3.png
七.salt自动化推送keepalived+nginx
1.配置keepalived salt文件
https://s2.51cto.com/oss/201710/19/9a0933d80879d2550f082cd9387b0f34.png
vim keepalived.conf,添加vip
https://s2.51cto.com/oss/201710/19/ca17b3ba285afd0718a176fdd9cdb0a8.png
vim install.sls
https://s5.51cto.com/oss/201710/19/51441b3ca3209741404922f33b4777a1.png
https://s1.51cto.com/oss/201710/19/3e5002b25b862824cb50ce0c3380d6e0.png
vim service.sls
https://s4.51cto.com/oss/201710/19/30f155c51760d374a357a11283515c62.png
单击keepalived推送成功
2.由于keepalived高可用,主备的配置文件不一样,需要添加jinja模版
https://s1.51cto.com/oss/201710/19/42d78346850ced2526ec4dfaa200ff19.png
在install.sls里添加jinja模版
https://s3.51cto.com/oss/201710/19/572a1f30279e804eb62c9a3d68dac510.png
keepalived.conf里的state和priority写成变量
https://s2.51cto.com/oss/201710/19/72bdd1f5fda0d83dcd0bded2031ed09a.png
3.新添加一台虚拟机server5做keepalived的高可用
https://s2.51cto.com/oss/201710/19/a55b3d79460e992a1b1281edefe108f2.png
将server5加入到salt-key
https://s2.51cto.com/oss/201710/19/67a32c44dc40778d21a0684ad1b6ae7d.png
https://s3.51cto.com/oss/201710/19/5feafc925c8e228524a8b6c98c43f81a.png
4.修改top.sls文件并推送
https://s3.51cto.com/oss/201710/19/2065f33495488a4a9028eb9a2b57cde8.png
https://s3.51cto.com/oss/201710/19/2263597e07ade0029da5b8b1a3b4017f.png
5.查看推送结果
haproy+keeplived正常启动,vip在主上
https://s1.51cto.com/oss/201710/19/11a06a454251dafe56e83b45cdd722f8.png
将主server2上的keepalived关闭,服务到备server5上
https://s1.51cto.com/oss/201710/19/ea4f5aefba049d4375a3133af1a89c01.png
负载均衡haproxy正常
https://s1.51cto.com/oss/201710/19/e629526d1d803c28031aba8575b2f850.png
https://s2.51cto.com/oss/201710/19/3f081a907012342b6b0c476e4b68f841.png
页:
[1]