架构图
Saltstack配置管理大型web架构网站其实并不是很难,最主要是合理管理各功能模块之间依赖关系,尽量独立各功能模块,让每一个系统功能都可以被业务引用。
Saltstack环境目录
1
2
3
4
5
6
7
8
9
10
| file_roots:
base:
- /srv/salt/base
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
|
Saltstack目录结构 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
| [iyunv@saltstack-node1 srv]# tree
.
├── pillar
│ ├── base
│ │ ├── top.sls
│ │ └── zabbix
│ │ └── agent.sls
│ └── prod
└── salt
├── base
│ ├── _grains
│ │ └── my_grain.py
│ ├── init
│ │ ├── audit.sls
│ │ ├── dns.sls
│ │ ├── epel.sls
│ │ ├── files
│ │ │ ├── resolv.conf
│ │ │ └── zabbix_agentd.conf
│ │ ├── history.sls
│ │ ├── init.sls
│ │ ├── sysctl.sls
│ │ └── zabbix-agent.sls
│ ├── _modules
│ │ └── my_disk.py
│ └── top.sls
└── prod
├── bbs
│ ├── files
│ │ └── nginx-bbs.conf
│ ├── memcached.sls
│ └── web.sls
├── cluster
│ ├── files
│ │ ├── haproxy-outside.cfg
│ │ └── haproxy-outside-keepalived.conf
│ ├── haproxy-outside-keepalived.sls
│ └── haproxy-outside.sls
└── modules
├── haproxy
│ ├── files
│ │ ├── haproxy-1.6.3.tar.gz
│ │ └── haproxy.init
│ └── install.sls
├── keepalived
│ ├── files
│ │ ├── keepalived-1.2.17.tar.gz
│ │ ├── keepalived.init
│ │ └── keepalived.sysconfig
│ └── install.sls
├── libevent
│ ├── files
│ │ └── libevent-2.0.22-stable.tar.gz
│ └── install.sls
├── memcached
│ ├── files
│ │ └── memcached-1.4.24.tar.gz
│ └── install.sls
├── nginx
│ ├── files
│ │ ├── nginx-1.9.1.tar.gz
│ │ ├── nginx.conf
│ │ └── nginx-init
│ ├── install.sls
│ └── service.sls
├── pcre
│ ├── files
│ │ └── pcre-8.37.tar.gz
│ └── install.sls
├── php
│ ├── files
│ │ ├── init.d.php-fpm
│ │ ├── memcache-2.2.7.tgz
│ │ ├── php-5.6.9.tar.gz
│ │ ├── php-fpm.conf
│ │ ├── php.ini-production
│ │ └── redis-2.2.7.tgz
│ ├── install.sls
│ ├── php-memcache.sls
│ └── php-redis.sls
├── pkg
│ └── make-pkg.sls
├── user
│ └── www.sls
└── web
├── bbs.sls
└── files
└── bbs.conf
|
环境初始化 1)历史命令优化添加用户、时间信息 1
2
3
4
5
| [iyunv@saltstack-node1 init]# vim history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
|
2)历史命令添加日志审计 1
2
3
4
5
| [iyunv@saltstack-node1 init]# vim audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
|
3)统一DNS 1
2
3
4
5
6
7
| [iyunv@saltstack-node1 init]# vim dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- gourp: root
- mode: 644
|
4)自定义epel源(这里可以换成自己的yum仓库地址)
5)系统初始优化 1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@saltstack-node1 init]# vim sysctl.sls
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 2000000
net.ipv4.ip_forward:
sysctl.present:
- value: 1
vm.swappiness:
sysctl.present:
- value: 0
|
6)zabbix-agents配置 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| [iyunv@saltstack-node1 init]# vim zabbix-agent.sls
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- template: jinja
- backup: minion
- defaults:
Zabbix_Server: {{ pillar['Zabbix_Server'] }}
Hostname: {{ grains['fqdn'] }}
- require:
- pkg: zabbix-agent
service.running:
- enable: True
- watch:
- pkg: zabbix-agent
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix/zabbix_agentd.d
- watch_in:
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
7)合计初始化功能
[iyunv@saltstack-node1 init]# vim init.sls
include:
- init.dns
- init.history
- init.audit
- init.epel
- init.sysctl
- init.zabbix-agent
|
业务模块 业务模块目录 1
2
3
4
5
6
| [iyunv@saltstack-node1 ~]# cd /srv/salt/prod/
[iyunv@saltstack-node1 prod]# ll
total 0
drwxr-xr-x 3 root root 52 Sep 28 17:28 bbs
drwxr-xr-x 3 root root 81 Sep 28 17:28 cluster
drwxr-xr-x 12 root root 132 Sep 28 17:28 modules
|
服务部署安装模块 1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@saltstack-node1 prod]# cd modules/
[iyunv@saltstack-node1 modules]# ll
total 0
drwxr-xr-x 3 root root 36 Sep 28 17:28 haproxy
drwxr-xr-x 3 root root 36 Sep 28 17:28 keepalived
drwxr-xr-x 3 root root 36 Sep 28 17:28 libevent
drwxr-xr-x 3 root root 36 Sep 28 17:28 memcached
drwxr-xr-x 3 root root 54 Sep 28 17:28 nginx
drwxr-xr-x 3 root root 36 Sep 28 17:28 pcre
drwxr-xr-x 3 root root 79 Sep 28 17:28 php
drwxr-xr-x 2 root root 25 Sep 28 17:28 pkg
drwxr-xr-x 2 root root 20 Sep 28 17:28 user
drwxr-xr-x 3 root root 32 Sep 28 17:28 web
|
1)安装系统必要组件包 1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@saltstack-node1 pkg]# vim make-pkg.sls
make-pkg:
pkg.installed:
- pkgs:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
- pcre
- pcre-devel
|
2)安装Haproxy 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| [iyunv@saltstack-node1 haproxy]# vim install.sls
include:
- modules.pkg.make-pkg
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.3.tar.gz
- source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar xf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy
- require:
- pkg: make-pkg
- file: haproxy-install
- unless: test -d /usr/local/haproxy
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://modules/haproxy/files/haproxy.init
- mode: 755
- user: root
- group: root
- require_in:
- file: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list|grep haproxy
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
/etc/haproxy:
file.directory:
- user: root
- group: root
- mode: 755
|
3)安装keepalived
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| [iyunv@saltstack-node1 keepalived]# vim install.sls
{% set keepalived_tar = 'keeplived-1.2.17.tar.gz' %}
{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}
keepalived-install:
file.managed:
- name: /usr/local/src/{{ keepalived_tar }}
- source: {{ keepalived_source }}
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
/etc/sysconfig/keepalived:
file.managed:
- source: salt://modules/keepalived/files/keepalived.sysconfig
- mode: 644
- user: root
- group: root
/etc/init.d/keepalived:
file.managed:
- source: salt://modules/keepalived/files/keepalived.init
- mode: 755
- user: root
- group: root
keepalived-init:
cmd.run:
- name: chkconfig --add keepalived
- unless: chkconfig --list | grep keepalived
- require:
- file: /etc/init.d/keepalived
/etc/keepalived:
file.directory:
- user: root
- group: root
|
4)libevent安装 1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@saltstack-node1 libevent]# vim install.sls
libevent-source-install:
file.managed:
- name: /usr/local/src/libevent-2.0.22-stable.tar.gz
- source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install
- unless: test -d /usr/local/libevent
- require:
- file: libevent-source-install
|
5)安装pcre 1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@saltstack-node1 pcre]# vim install.sls
pcre-source-install:
file.managed:
- name: /usr/local/src/pcre-8.37.tar.gz
- source: salt://modules/pcre/files/pcre-8.37.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install
- unless: test -d /usr/local/pcre
- require:
- file: pcre-source-install
|
6)Nginx安装 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
| [iyunv@saltstack-node1 nginx]# vim install.sls
include:
- modules.pcre.install
- modules.user.www
nginx-source-install:
file.managed:
- name: /usr/local/src/nginx-1.9.1.tar.gz
- source: salt://modules/nginx/files/nginx-1.9.1.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx
- unless: test -d /usr/local/nginx
- require:
- user: www-user-group
- file: nginx-source-install
- pkg: make-pkg
- cmd: pcre-source-install
|
Nginx服务配置 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [iyunv@saltstack-node1 nginx]# vim service.sls
include:
- modules.nginx.install
nginx-init:
file.managed:
- name: /etc/init.d/nginx
- source: salt://modules/nginx/files/nginx-init
- mode: 755
- user: root
- group: root
cmd.run:
- name: chkconfig --add nginx
- unless: chkconfig --list | grep nginx
- require:
- file: nginx-init
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://modules/nginx/files/nginx.conf
- user: www
- group: www
- mode: 644
nginx-service:
file.directory:
- name: /usr/local/nginx/conf/vhost_online
- require:
- cmd: nginx-source-install
service.running:
- name: nginx
- enable: True
- reload: True
- require:
- cmd: nginx-init
- watch:
- file: /usr/local/nginx/conf/nginx.conf
|
7)统一用户 1
2
3
4
5
6
7
8
9
10
11
| [iyunv@saltstack-node1 user]# vim www.sls
www-user-group:
group.present:
- name: www
- gid: 1000
user.present:
- name: www
- fullname: www
- shell: /sbin/nologin
- uid: 1000
- gid: 1000
|
8)安装memcache 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@saltstack-node1 memcached]# vim install.sls
include:
- modules.libevent.install
memcached-source-install:
file.managed:
- name: /usr/local/src/memcached-1.4.24.tar.gz
- source: salt://modules/memcached/files/memcached-1.4.24.tar.gz
- user: root
- group: root
- mode: 644
cmd.run:
- name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
- unless: test -d /usr/local/memcached
- require:
- cmd: libevent-source-install
- file: memcached-source-install
|
|