SaltStack一键部署lnmp中小企业架构(一)—系统初始化
系统架构图
1.项目准备
1.1 系统信息
[root@linux-node1 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@linux-node1 ~]# uname -r
3.10.0-327.18.2.el7.x86_64
[root@linux-node1 ~]# ifconfig eth0|awk -F "[ :]+" 'NR==2{print $3}'
192.168.56.11
[root@linux-node1 ~]# hostname
linux-node1.example.com
#node2主机名为linux-node2.example.com,IP为192.168.56.12,其余配置相同1.2 功能模块管理
设置单独的目录:haproxy 、nginx 、php 、mysql 、memcached (尽可能的全面、独立)
1.3 业务模块分类
根据业务类型划分:如Web服务 、论坛BBS(使用include)
1.4 Salt环境配置
开发 ==> 测试(功能测试环境、性能测试环境、自动化测试环境) ==> 预生产 ==> 生产
1.base 基础环境
[root@linux-node1 ~]# vi /etc/salt/master #修改file_roots,创建base和prod目录,保存重启master
448 # The file server works on environments passed to the master, each environment
449 # can have multiple root directories, the subdirectories in the multiple file
450 # roots cannot match, otherwise the downloaded files will not be able to be
451 # reliably ensured. A base environment is required to house the top file.
452 # Example:
453 # file_roots:
454 # base:
455 # - /srv/salt/
456 # dev:
457 # - /srv/salt/dev/services
458 # - /srv/salt/dev/states
459 # prod:
460 # - /srv/salt/prod/services
461 # - /srv/salt/prod/states
462 #
463 file_roots:
464 base:
465 - /srv/salt/base #base基础环境目录
466 prod:
467 - /srv/salt/prod #prod生产环境目录
619 ##########################################
620 # Salt Pillars allow for the building of global data that can be made selectively
621 # available to different minions based on minion grain filtering. The Salt
622 # Pillar is laid out in the same fashion as the file server, with environments,
623 # a top file and sls files. However, pillar data does not need to be in the
624 # highstate format, and is generally just key/value pairs.
625 pillar_roots:
626 base:
627 - /srv/pillar/base #pillar目录设置
628 prod:
629 - /srv/pillar/prod
==============================================
[root@linux-node1 /]# mkdir -p /srv/salt/{base,prod} /srv/pillar/{base,prod}
[root@linux-node1 /]# tree srv
srv
├── pillar
│ ├── base
│ └── prod
└── salt
├── base
└── prod
[root@linux-node1 /]# cd /srv/salt/base
[root@linux-node1 /srv/salt/base]# mkdir init
[root@linux-node1 /srv/salt/base]# ll
drwxr-xr-x 2 root root 6 Jul 27 21:32 initinit目录--环境初始化
1.dns配置
[root@linux-node1 /srv/salt/base/init]# cat dns.sls /etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf #salt://根据配置相当于/srv/salt/base目录 - user: root - group: root - mode: 644 [root@linux-node1 /srv/salt/base/init]# mkdir files [root@linux-node1 /srv/salt/base/init]# cd files [root@linux-node1 /srv/salt/base/init/files]# cat resolv.conf #把系统dns配置文件拷贝到files目录下 # Generated by NetworkManager nameserver 192.168.56.2 # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com
2.histroy记录时间
[root@linux-node1 /srv/salt/base/init]# cat history.sls /etc/profile: file.append: #文件追加,在/etc/porfile文件末尾追加一行 - text: - export HISTTIMEFORMAT="%F %T `whoami` " #追加内容
3.记录命令操作
[root@linux-node1 /srv/salt/base/init]# cat audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'4.内核参数优化
[root@linux-node1 /srv/salt/base/init]# cat sysctl.sls net.ipv4.ip_local_port_range: #设置本地可用的端口范围,作为客户端发起连接时使用 sysctl.present: #使用了sysctl里的一个模块 - value: 10000 65000 #随机分配端口范围 fs.file-max: sysctl.present: - value: 2000000 #文件打开数限制,Linux中一切皆文件 net.ipv4.ip_forward: #打开IP转发 sysctl.present: - value: 1 vm.swappiness: #交换分区使用权重值,让系统尽量不使用 sysctl.present: - value: 0 [root@linux-node1 /srv/salt/base/init]# cat /proc/sys/fs/file-max 183487 [root@linux-node1 /srv/salt/base/init]# cat /proc/sys/vm/swappiness 30 #其余调优参数可以自行添加即可
5.安装yum仓库
[root@linux-node1 /srv/salt/base/init]# cat epel.sls yum_repo_release: pkg.installed: - sources: #指定一个地址,pkg安装模块会从配置的url安装服务 - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
6.安装zabbix-agent
[root@linux-node1 /srv/salt/base/init]# cat zabbix-agent.sls
zabbix-agent:
pkg.installed:
- name: zabbix-agent
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf #配置文件管理
- source: salt://init/files/zabbix_agentd.conf #zabbix-agent配置文件放置路径
- template: jinja #jinja模版
- backup: minion #配置文件发生变动master会本地保存一份(在/var/cache/salt/minion/file_backup/etc/zabbix目录下),便于回滚
- defaults:
Zabbix_Server: {{ pillar['Zabbix_Server'] }} #pillar配置Zabbix_Server的key值
Hostname: {{ grains['fqdn'] }} #主动模式配置
- require:
- pkg: zabbix-agent #依赖安装包
service.running:
- enable: True #开机自动运行
- watch:
- pkg: zabbix-agent #监控包和文件,发生改变则重启
- file: zabbix-agent
zabbix_agentd.conf.d:
file.directory:
- name: /etc/zabbix/zabbix_agentd.d
- watch_in: #被zabbix-agent依赖
- service: zabbix-agent
- require:
- pkg: zabbix-agent
- file: zabbix-agent
[root@linux-node1 /srv/salt/base/init/files]# cd files
[root@linux-node1 /srv/salt/base/init/files]# vi zabbix_agentd.conf
Server={{ Zabbix_Server }} #配置pillar的key值
[root@linux-node1 /srv/pillar/base]# cd /srv/pillar/base/ #创建pillar文件
[root@linux-node1 /srv/pillar/base]# mkdir zabbix && cd zabbix && vi agent.sls
[root@linux-node1 /srv/pillar/base/zabbix]# cat agent.sls
Zabbix_Server: 192.168.56.11 #要与zabbix-agent.sls中定义的值要一致
[root@linux-node1 /srv/pillar/base]# cat top.sls #pillar文件需定义top file指定执行
base:
'*':
zabbix.agent
[root@linux-node1 /srv/pillar/base]# salt '*' pillar.items #检测Pillar取值
linux-node1.example.com:
----------
Zabbix_Server:
192.168.56.11
linux-node2.example.com:
----------
Zabbix_Server:
192.168.56.11
[root@linux-node1 /srv/pillar/base]# salt '*' state.sls init.zabbix-agent #执行安装zabbix-agent
linux-node2.example.com:
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: Package zabbix-agent is already installed
Started: 22:57:37.600906
Duration: 612.173 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix/zabbix_agentd.conf updated
Started: 22:57:38.214747
Duration: 270.8 ms
Changes:
----------
diff:
---
+++
@@ -92,7 +92,7 @@
# Default:
# Server=
-Server=127.0.0.1
+Server=192.168.56.11
### Option: ListenPort
# Agent will listen on this port for connections from the server.
@@ -141,10 +141,10 @@
# Value is acquired from HostnameItem if undefined.
#
# Mandatory: no
-# Default:
+# Default: aksjdffjaksdjfkajsdkfjaksjdfkajsdkfjakdjsf
# Hostname=
-Hostname=Zabbix server
+
### Option: HostnameItem
# Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
@@ -262,7 +262,7 @@
# Default:
# Include=
-Include=/etc/zabbix/zabbix_agentd.d/
+Include=/etc/zabbix/zabbix_agentd.d/*.conf
# Include=/usr/local/etc/zabbix_agentd.userparams.conf
# Include=/usr/local/etc/zabbix_agentd.conf.d/
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix/zabbix_agentd.d
Result: True
Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
Started: 22:57:38.486361
Duration: 0.562 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: Service zabbix-agent has been enabled, and is running
Started: 22:57:38.487067
Duration: 164.502 ms
Changes:
----------
zabbix-agent:
True
Summary for linux-node2.example.com
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
linux-node1.example.com:
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: Package zabbix-agent is already installed
Started: 22:57:38.043836
Duration: 842.412 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix/zabbix_agentd.conf is in the correct state
Started: 22:57:38.887756
Duration: 198.125 ms
Changes:
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix/zabbix_agentd.d
Result: True
Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
Started: 22:57:39.086684
Duration: 0.523 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: The service zabbix-agent is already running
Started: 22:57:39.087356
Duration: 36.602 ms
Changes:
Summary for linux-node1.example.com
------------
Succeeded: 4
Failed: 0
------------
Total states run: 4◇ 集中管理
#创建一个init.sls文件include所有初始化文件,便于高级状态执行
[root@linux-node1 /srv/salt/base/init]# cat init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
- init.epel
- init.zabbix-agent
[root@linux-node1 /srv/salt/base/init]# salt '*' state.sls init.init #执行单个状态
linux-node2.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 23:08:41.788523
Duration: 153.037 ms
Changes:
----------
diff: #文件变动对比
---
+++
@@ -1,3 +1,9 @@
# Generated by NetworkManager
-search example.com
nameserver 192.168.56.2
+
+# No nameservers found; try putting DNS servers into your
+# ifcfg files in /etc/sysconfig/network-scripts like so:
+#
+# DNS1=xxx.xxx.xxx.xxx
+# DNS2=xxx.xxx.xxx.xxx
+# DOMAIN=lab.foo.com bar.foo.com
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 23:08:41.941678
Duration: 2.037 ms
Changes:
----------
diff:
---
+++
@@ -75,3 +75,4 @@
unset i
unset -f pathmunge
alias grep='grep --color'
+export HISTTIMEFORMAT="%F %T `whoami` " #追加
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 23:08:41.943854
Duration: 2.416 ms
Changes:
----------
diff:
---
+++
@@ -91,3 +91,4 @@
fi
# vim:ts=4:sw=4
alias vi='vim'
+export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 23:08:41.965020
Duration: 113.257 ms
Changes: #内核参数修改
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 23:08:42.078430
Duration: 26.091 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 23:08:42.104677
Duration: 22.862 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 0
Started: 23:08:42.127679
Duration: 21.958 ms
Changes:
----------
vm.swappiness:
0
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 23:08:42.518064
Duration: 2740.0 ms
Changes:
----------
epel-release: #epel源修改
----------
new:
7-7
old:
7-6
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: Package zabbix-agent is already installed
Started: 23:08:45.264093
Duration: 0.443 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix/zabbix_agentd.conf is in the correct state
Started: 23:08:45.265502
Duration: 188.186 ms
Changes:
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix/zabbix_agentd.d
Result: True
Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
Started: 23:08:45.574132
Duration: 0.64 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: The service zabbix-agent is already running
Started: 23:08:45.575028
Duration: 25.187 ms
Changes:
Summary for linux-node2.example.com
-------------
Succeeded: 12 (changed=8)
Failed: 0
-------------
Total states run: 12
linux-node1.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 23:08:42.209383
Duration: 153.387 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,9 @@
# Generated by NetworkManager
-search example.com
nameserver 192.168.56.2
+
+# No nameservers found; try putting DNS servers into your
+# ifcfg files in /etc/sysconfig/network-scripts like so:
+#
+# DNS1=xxx.xxx.xxx.xxx
+# DNS2=xxx.xxx.xxx.xxx
+# DOMAIN=lab.foo.com bar.foo.com
----------
ID: /etc/profile
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 23:08:42.362882
Duration: 2.037 ms
Changes:
----------
diff:
---
+++
@@ -75,3 +75,4 @@
unset i
unset -f pathmunge
alias vi='vim'
+export HISTTIMEFORMAT="%F %T `whoami` "
----------
ID: /etc/bashrc
Function: file.append
Result: True
Comment: Appended 1 lines
Started: 23:08:42.365024
Duration: 2.462 ms
Changes:
----------
diff:
---
+++
@@ -91,3 +91,4 @@
fi
# vim:ts=4:sw=4
alias vi='vim'
+export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
----------
ID: net.ipv4.ip_local_port_range
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
Started: 23:08:42.452382
Duration: 150.928 ms
Changes:
----------
net.ipv4.ip_local_port_range:
10000 65000
----------
ID: fs.file-max
Function: sysctl.present
Result: True
Comment: Updated sysctl value fs.file-max = 2000000
Started: 23:08:42.603470
Duration: 26.452 ms
Changes:
----------
fs.file-max:
2000000
----------
ID: net.ipv4.ip_forward
Function: sysctl.present
Result: True
Comment: Updated sysctl value net.ipv4.ip_forward = 1
Started: 23:08:42.630065
Duration: 24.617 ms
Changes:
----------
net.ipv4.ip_forward:
1
----------
ID: vm.swappiness
Function: sysctl.present
Result: True
Comment: Updated sysctl value vm.swappiness = 0
Started: 23:08:42.654823
Duration: 22.987 ms
Changes:
----------
vm.swappiness:
0
----------
ID: yum_repo_release
Function: pkg.installed
Result: True
Comment: The following packages were installed/updated: epel-release
Started: 23:08:43.077997
Duration: 6365.646 ms
Changes:
----------
epel-release:
----------
new:
7-7
old:
7-6
----------
ID: zabbix-agent
Function: pkg.installed
Result: True
Comment: Package zabbix-agent is already installed
Started: 23:08:49.450456
Duration: 0.483 ms
Changes:
----------
ID: zabbix-agent
Function: file.managed
Name: /etc/zabbix/zabbix_agentd.conf
Result: True
Comment: File /etc/zabbix/zabbix_agentd.conf is in the correct state
Started: 23:08:49.451920
Duration: 345.85 ms
Changes:
----------
ID: zabbix_agentd.conf.d
Function: file.directory
Name: /etc/zabbix/zabbix_agentd.d
Result: True
Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
Started: 23:08:50.306027
Duration: 0.931 ms
Changes:
----------
ID: zabbix-agent
Function: service.running
Result: True
Comment: The service zabbix-agent is already running
Started: 23:08:50.307251
Duration: 25.234 ms
Changes:
Summary for linux-node1.example.com
-------------
Succeeded: 12 (changed=8)
Failed: 0
-------------
Total states run: 12◇ 高级状态执行
#执行高级状态,从top file文件开始读,给Minion指定的状态全部执行 [root@linux-node1 /srv/salt/base/init]# cat top.sls base: '*': - init.init [root@linux-node1 /srv/salt/base]# tree #目录结构 . ├── init │ ├── audit.sls │ ├── dns.sls │ ├── epel.sls │ ├── files │ │ ├── resolv.conf │ │ └── zabbix_agentd.conf │ ├── history.sls │ ├── init.sls │ ├── sysctl.sls │ └── zabbix-agent.sls └── top.sls [root@linux-node1 /srv/salt/base]# salt '*' state.highstate test=True #高级状态执行检测,从top file中读执行文件模块
2.prod 生产环境
