自动化运维Saltstack系列之配置管理系统模块
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了自动化运维Saltstack系列之配置管理系统模块相关的知识,希望对你有一定的参考价值。
架构图
Saltstack配置管理大型web架构网站其实并不是很难,最主要是合理管理各功能模块之间依赖关系,尽量独立各功能模块,让每一个系统功能都可以被业务引用。
Saltstack环境目录
file_roots: base: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod
Saltstack目录结构
[[email protected] srv]# tree . ├── pillar │ ├── base │ │ ├── top.sls │ │ └── zabbix │ │ └── agent.sls │ └── prod └── salt ├── base │ ├── _grains │ │ └── my_grain.py │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── epel.sls │ │ ├── files │ │ │ ├── resolv.conf │ │ │ └── zabbix_agentd.conf │ │ ├── history.sls │ │ ├── init.sls │ │ ├── sysctl.sls │ │ └── zabbix-agent.sls │ ├── _modules │ │ └── my_disk.py │ └── top.sls └── prod ├── bbs │ ├── files │ │ └── nginx-bbs.conf │ ├── memcached.sls │ └── web.sls ├── cluster │ ├── files │ │ ├── haproxy-outside.cfg │ │ └── haproxy-outside-keepalived.conf │ ├── haproxy-outside-keepalived.sls │ └── haproxy-outside.sls └── modules ├── haproxy │ ├── files │ │ ├── haproxy-1.6.3.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ ├── files │ │ ├── keepalived-1.2.17.tar.gz │ │ ├── keepalived.init │ │ └── keepalived.sysconfig │ └── install.sls ├── libevent │ ├── files │ │ └── libevent-2.0.22-stable.tar.gz │ └── install.sls ├── memcached │ ├── files │ │ └── memcached-1.4.24.tar.gz │ └── install.sls ├── nginx │ ├── files │ │ ├── nginx-1.9.1.tar.gz │ │ ├── nginx.conf │ │ └── nginx-init │ ├── install.sls │ └── service.sls ├── pcre │ ├── files │ │ └── pcre-8.37.tar.gz │ └── install.sls ├── php │ ├── files │ │ ├── init.d.php-fpm │ │ ├── memcache-2.2.7.tgz │ │ ├── php-5.6.9.tar.gz │ │ ├── php-fpm.conf │ │ ├── php.ini-production │ │ └── redis-2.2.7.tgz │ ├── install.sls │ ├── php-memcache.sls │ └── php-redis.sls ├── pkg │ └── make-pkg.sls ├── user │ └── www.sls └── web ├── bbs.sls └── files └── bbs.conf
环境初始化
1)历史命令优化添加用户、时间信息
[[email protected] init]# vim history.sls /etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami` "
2)历史命令添加日志审计
[[email protected] init]# vim audit.sls /etc/bashrc: file.append: - text: - export PROMPT_COMMAND=‘{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }‘
3)统一DNS
[[email protected] init]# vim dns.sls /etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - gourp: root - mode: 644
4)自定义epel源(这里可以换成自己的yum仓库地址)
[[email protected] init]# vim epel.sls yum_repo_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa | grep epel-release-7
5)系统初始优化
[[email protected] init]# vim sysctl.sls net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 2000000 net.ipv4.ip_forward: sysctl.present: - value: 1 vm.swappiness: sysctl.present: - value: 0
6)zabbix-agents配置
[[email protected] init]# vim zabbix-agent.sls zabbix-agent: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - backup: minion - defaults: Zabbix_Server: {{ pillar[‘Zabbix_Server‘] }} Hostname: {{ grains[‘fqdn‘] }} - require: - pkg: zabbix-agent service.running: - enable: True - watch: - pkg: zabbix-agent - file: zabbix-agent zabbix_agentd.conf.d: file.directory: - name: /etc/zabbix/zabbix_agentd.d - watch_in: - service: zabbix-agent - require: - pkg: zabbix-agent - file: zabbix-agent 7)合计初始化功能 [[email protected] init]# vim init.sls include: - init.dns - init.history - init.audit - init.epel - init.sysctl - init.zabbix-agent
业务模块
业务模块目录
[[email protected] ~]# cd /srv/salt/prod/ [[email protected] prod]# ll total 0 drwxr-xr-x 3 root root 52 Sep 28 17:28 bbs drwxr-xr-x 3 root root 81 Sep 28 17:28 cluster drwxr-xr-x 12 root root 132 Sep 28 17:28 modules
服务部署安装模块
[[email protected] prod]# cd modules/ [[email protected] modules]# ll total 0 drwxr-xr-x 3 root root 36 Sep 28 17:28 haproxy drwxr-xr-x 3 root root 36 Sep 28 17:28 keepalived drwxr-xr-x 3 root root 36 Sep 28 17:28 libevent drwxr-xr-x 3 root root 36 Sep 28 17:28 memcached drwxr-xr-x 3 root root 54 Sep 28 17:28 nginx drwxr-xr-x 3 root root 36 Sep 28 17:28 pcre drwxr-xr-x 3 root root 79 Sep 28 17:28 php drwxr-xr-x 2 root root 25 Sep 28 17:28 pkg drwxr-xr-x 2 root root 20 Sep 28 17:28 user drwxr-xr-x 3 root root 32 Sep 28 17:28 web
1)安装系统必要组件包
[[email protected] pkg]# vim make-pkg.sls make-pkg: pkg.installed: - pkgs: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel - pcre - pcre-devel
2)安装Haproxy
[[email protected] haproxy]# vim install.sls include: - modules.pkg.make-pkg haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.6.3.tar.gz - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar xf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy - require: - pkg: make-pkg - file: haproxy-install - unless: test -d /usr/local/haproxy haproxy-init: file.managed: - name: /etc/init.d/haproxy - source: salt://modules/haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require_in: - file: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxy net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 /etc/haproxy: file.directory: - user: root - group: root - mode: 755
3)安装keepalived
[[email protected] keepalived]# vim install.sls {% set keepalived_tar = ‘keeplived-1.2.17.tar.gz‘ %} {% set keepalived_source = ‘salt://modules/keepalived/files/keepalived-1.2.17.tar.gz‘ %} keepalived-install: file.managed: - name: /usr/local/src/{{ keepalived_tar }} - source: {{ keepalived_source }} - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install /etc/sysconfig/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root /etc/init.d/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.init - mode: 755 - user: root - group: root keepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived /etc/keepalived: file.directory: - user: root - group: root
4)libevent安装
[[email protected] libevent]# vim install.sls libevent-source-install: file.managed: - name: /usr/local/src/libevent-2.0.22-stable.tar.gz - source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install - unless: test -d /usr/local/libevent - require: - file: libevent-source-install
5)安装pcre
[[email protected] pcre]# vim install.sls pcre-source-install: file.managed: - name: /usr/local/src/pcre-8.37.tar.gz - source: salt://modules/pcre/files/pcre-8.37.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install - unless: test -d /usr/local/pcre - require: - file: pcre-source-install
6)Nginx安装
[[email protected] nginx]# vim install.sls include: - modules.pcre.install - modules.user.www nginx-source-install: file.managed: - name: /usr/local/src/nginx-1.9.1.tar.gz - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx - unless: test -d /usr/local/nginx - require: - user: www-user-group - file: nginx-source-install - pkg: make-pkg - cmd: pcre-source-install
Nginx服务配置
[[email protected] nginx]# vim service.sls include: - modules.nginx.install nginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://modules/nginx/files/nginx-init - mode: 755 - user: root - group: root cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list | grep nginx - require: - file: nginx-init /usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://modules/nginx/files/nginx.conf - user: www - group: www - mode: 644 nginx-service: file.directory: - name: /usr/local/nginx/conf/vhost_online - require: - cmd: nginx-source-install service.running: - name: nginx - enable: True - reload: True - require: - cmd: nginx-init - watch: - file: /usr/local/nginx/conf/nginx.conf
7)统一用户
[[email protected] user]# vim www.sls www-user-group: group.present: - name: www - gid: 1000 user.present: - name: www - fullname: www - shell: /sbin/nologin - uid: 1000 - gid: 1000
8)安装memcache
[[email protected] memcached]# vim install.sls include: - modules.libevent.install memcached-source-install: file.managed: - name: /usr/local/src/memcached-1.4.24.tar.gz - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install - unless: test -d /usr/local/memcached - require: - cmd: libevent-source-install - file: memcached-source-install
本文出自 “改变从每一天开始” 博客,请务必保留此出处http://lilongzi.blog.51cto.com/5519072/1859962
以上是关于自动化运维Saltstack系列之配置管理系统模块的主要内容,如果未能解决你的问题,请参考以下文章
自动化运维Saltstack系列之States配置管理和jinja模板的使用
自动化运维Saltstack系列之YAML和自定义GrainsPillar