查看minion端的文件内容
[root@linux-node2 ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.2
[root@linux-node1 salt]# cd /srv/salt/base/
[root@linux-node1 base]# ll
总用量 8
-rw-r--r-- 1 root root 172 10月 31 15:40 apache.sls
-rw-r--r-- 1 root root 186 11月 7 10:24 top.sls
[root@linux-node1 base]# vim dns.sls
[root@linux-node1 base]# cat dns.sls
/etc/resolv.conf: #到minion端的路径
file.managed: #使用file模块下面的managed方法
- source: salt://files/resolv.conf #master端的路径,salt是相对于当前所在的环境,现在是base环境路径下面的files
- user: root
- group: root
- mode: 644
[root@linux-node1 base]# cp /etc/resolv.conf ./files/
[root@linux-node1 base]# vim files/resolv.conf
[root@linux-node1 base]# salt '*' state.sls dns #执行方式一:这是直接执行dns.sls文件
linux-node2.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:31:10.425201
Duration: 237.159 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,1 @@
-# Generated by NetworkManager
nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
linux-node1.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:31:10.554220
Duration: 208.259 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,1 @@
-# Generated by NetworkManager
nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@linux-node2 ~]# cat /etc/resolv.conf
nameserver 10.0.0.2
===========================================================
[root@linux-node1 base]# cat top.sls #编辑top.sls文件
base:
'*':
- dns
[root@linux-node1 base]# cat /srv/salt/base/files/resolv.conf
#HAHFHDA
nameserver 10.0.0.2
[root@linux-node1 base]# salt '*' state.highstate #第二种执行方式:高级状态执行
linux-node2.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:33:58.727056
Duration: 47.411 ms
Changes:
----------
diff:
---
+++
@@ -1,1 +1,2 @@
+#HAHFHDA
nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
linux-node1.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:33:58.721217
Duration: 51.418 ms
Changes:
----------
diff:
---
+++
@@ -1,1 +1,2 @@
+#HAHFHDA
nameserver 10.0.0.2
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
==========================================================
salt语法:YAML
规则一:缩进
两个空格组成
不要使用tab键
规则二:冒号
他的结果是以字典的方式
以冒号结尾和路径不需要加冒号
以冒号结尾
规则三:短横线线
表示是一种列表关系(字典中的列表)
短横线后加空格
[root@linux-node1 salt]# cd /srv/salt/base/
[root@linux-node1 base]# ls
apache.sls dns.sls files top.sls
[root@linux-node1 base]# vim dns.sls
[root@linux-node1 base]# cat dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://files/resolv.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
DNS_SERVER: 10.0.0.2
[root@linux-node1 base]# cat /srv/salt/base/files/resolv.conf
#HAHFHDA
nameserver {{DNS_SERVER}} #这里的变量名就是上面定义的变量名
[root@linux-node1 base]# salt '*' state.highstate
linux-node2.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 11:22:05.528398
Duration: 66.329 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,2 @@
#HAHFHDA
-nameserver 10.0.0.2
+nameserver 10.0.0.3
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
linux-node1.example.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 11:22:05.594718
Duration: 85.029 ms
Changes:
----------
diff:
---
+++
@@ -1,2 +1,2 @@
#HAHFHDA
-nameserver 10.0.0.2
+nameserver 10.0.0.3
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
[root@linux-node1 files]# cat /srv/salt/base/files/resolv.conf
#HAHFHDA
#{{ grains['fqdn_ip4'] }}
nameserver 10.0.0.2
[root@linux-node1 files]# salt '*' grains.item fqdn_ip4
linux-node2.example.com:
----------
fqdn_ip4:
- 10.0.0.8
linux-node1.example.com:
----------
fqdn_ip4:
- 10.0.0.7
==========================================================
执行模块 Pillar
=======================================================
第一部分:系统的初始化模块
[root@linux-node1 base]# vim /etc/salt/master
file_roots:
base:
- /srv/salt/base
test:
- /srv/salt/test
prod:
- /srv/salt/prod
1、dns解析
[root@linux-node1 base]# mv * /tmp
[root@linux-node1 base]# mkdir init
[root@linux-node1 base]# cp /tmp/dns.sls init/
[root@linux-node1 base]# cat init/dns.sls
/etc/resolv.conf:
file.managed:
- source: salt://init/files/resolv.conf
- user: root
- group: root
- mode: 644
[root@linux-node1 base]# mkdir init/files
[root@linux-node1 base]# cp /etc/resolv.conf init/files/
2、让history记住时间
使用file模块的append追加方式
[root@linux-node1 init]# vim history.sls
[root@linux-node1 init]# cat history.sls
/etc/profile:
file.append:
- text:
- export HISTTIMEFORMAT="%F %T `whoami` "
3、历史记录
[root@linux-node1 init]# cat audit.sls
/etc/bashrc:
file.append:
- text:
- export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
4、内核参数调优
使用sysctl.present:模块修改
[root@linux-node1 init]# cat sysctl.sls
vm.swappiness:
sysctl.present:
- value: 0
net.ipv4.ip_local_port_range:
sysctl.present:
- value: 10000 65000
fs.file-max:
sysctl.present:
- value: 100000
--------------------------------
此模块找/proc/sys下找东西,点分隔
/proc/sys/net/ipv4/ip_local_port_range
5、把上面四个包括进来
[root@linux-node1 init]# cat env_init.sls
include:
- init.dns
- init.history
- init.audit
- init.sysctl
[root@linux-node1 base]# cat /srv/salt/base/top.sls
base:
'*':
- init.env_init
测试一下
[root@linux-node1 init]# salt '*' state.highstate test=TRUE
2:功能模块
[root@linux-node1 ~]# mkdir /srv/salt/prod/pkg -p
[root@linux-node1 ~]# mkdir /srv/salt/prod/haproxy/files -p
[root@linux-node1 ~]# cd /srv/salt/prod/pkg/
[root@linux-node1 pkg]# vim pkg-init.sls
pkg-init:
pkg.installed:
- names:
- gcc
- gcc-c++
- glibc
- make
- autoconf
- openssl
- openssl-devel
[root@linux-node1 files]# cd /srv/salt/prod/haproxy/files
[root@linux-node1 init]# cd /srv/salt/prod/haproxy/files/
[root@linux-node1 files]# ll
总用量 22580
drwxrwxr-x 9 root root 4096 11月 7 14:42 haproxy-1.6.2
-rw-r--r-- 1 root root 1538976 11月 7 09:04 haproxy-1.6.2.tar.gz
-rw-r--r-- 1 root root 2395 11月 7 14:44 haproxy.init
-rw-r--r-- 1 root root 330164 7月 7 22:18 keepalived-1.2.19.tar.gz
-rw-r--r-- 1 root root 884733 10月 27 22:04 nginx-1.9.6.tar.gz
-rw-r--r-- 1 root root 2041593 11月 5 17:48 pcre-8.37.tar.gz
-rw-r--r-- 1 root root 18312905 11月 5 17:51 php-5.6.15.tar.gz
[root@linux-node1 files]# tar xf haproxy-1.6.2.tar.gz
[root@linux-node1 files]# cd haproxy-1.6.2
[root@linux-node1 haproxy-1.6.2]# make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
[root@linux-node1 haproxy-1.6.2]# cd examples/
[root@linux-node1 examples]# vim haproxy.init(修改启动脚本为)
BIN=/usr/local/haproxy/sbin/$BASENAME
[root@linux-node1 examples]# cp haproxy.init /srv/salt/prod/haproxy/files/
[root@linux-node1 examples]# cd /srv/salt/prod/haproxy/
[root@linux-node1 haproxy]# vim install.sls
include:
- pkg.pkg-init
haproxy-install:
file.managed:
- name: /usr/local/src/haproxy-1.6.2.tar.gz
- source: salt://haproxy/files/haproxy-1.6.2.tar.gz
- user: root
- group: root
- mode: 755
cmd.run:
- name: cd /usr/local/src && tar zxf haproxy-1.6.2.tar.gz && cd haproxy-1.6.2 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
- unless: test -d /usr/local/haproxy
- require:
- pkg: pkg-init
- file: haproxy-install
haproxy-init:
file.managed:
- name: /etc/init.d/haproxy
- source: salt://haproxy/files/haproxy.init
- user: root
- group: root
- mode: 755
- require:
- cmd: haproxy-install
cmd.run:
- name: chkconfig --add haproxy
- unless: chkconfig --list | grep haproxy
- require:
- file: haproxy-init
net.ipv4.ip_nonlocal_bind:
sysctl.present:
- value: 1
haproxy-config-dir:
file.directory:
- name: /etc/haproxy
- user: root
- group: root
- mode: 755
3:业务模块
[root@linux-node1 files]#mkdir /srv/salt/prod/cluster/files -p
[root@linux-node1 files]#cd /srv/salt/prod/cluster/files
[root@linux-node1 files]# vim haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
#默认参数设置
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
#开启Haproxy Status状态监控,增加验证
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
#前端设置
frontend frontend_www_example_com
bind 192.168.56.20:80
mode http
option httplog
log global
default_backend backend_www_example_com
#后端设置
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 10.0.0.7:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.8:8080 check inter 2000 rise 30 fall 15
##############################################
#将web---httpd的配置文件中的端口改成8080
#将haproxy的端口改成8888
##############################################
[root@linux-node1 cluster]# cat /srv/salt/prod/cluster/haproxy-outside.sls
include:
- haproxy.install
haproxy-service:
file.managed:
- name: /etc/haproxy/haproxy.cfg
- source: salt://cluster/files/haproxy-outside.cfg
- user: root
- group: root
- mode: 644
service.running:
- name: haproxy
- enable: True
- reload: True
- require:
- cmd: haproxy-init
- watch:
- file: haproxy-service
[root@linux-node1 prod]# tree cluster/
cluster/
├── files
│ └── haproxy-outside.cfg
└── haproxy-outside.sls