利用之前做好的环境,在此基础上在开一个虚拟机server4
vi /etc/yum.repos.d/rhel-source.repo
[saltstack]
name=saltstack
baseurl=http://172.25.17.250/saltstackrhel6
gpgcheck=0
enabled=1
388 yum clean all
389 yum repolist
390 yum install salt-minion -y
391 cd /etc/salt/
392 ls
393 vi minion
master: 172.25.17.1
394 /etc/init.d/salt-minion start
###在server1上
salt-key -L
salt-key -a server4
salt-key -L ###显示有没有加进去
cd /srv/salt
mkdir keepalived
cd keepalived
mkdir files
cd files####此时是有keepalived的源码包keepalived-2.0.6.tar.gz
cd ..
vim install.sls
include:
- pkgs.make
kp-install:
file.managed:
- name: /mnt/keepalived-2.0.6.tar.gz
- source: salt://keepalived/files/keepalived-2.0.6.tar.gz
cmd.run:
- name: cd /mnt && tar zxf keepalived-2.0.6.tar.gz && cd keepalived-2.0.6 && ./configure --prefix=/usr/local/keepalived --with-init=SYSV &> /dev/null && make &> /dev/null && make install &> /dev/null
- creates: /usr/local/keepalived
/etc/keepalived:
file.directory:
- mode: 755
/etc/sysconfig/keepalived:
file.symlink:
- target: /usr/local/keepalived/etc/sysconfig/keepalived
/sbin/keepalived:
file.symlink:
- target: /usr/local/keepalived/sbin/keepalived
salt server4 state.sls keepalived.install###可能会报错,数据库可能起不来,rm -fr /var/lib/mysql/mysql.sock /etc/init.d/mysqld start
###在server4里面做
cd /usr/local/keepalived/etc/rc.d/init.d
ls ## 有keepalived这个文件
file keepalived ####者应该是个脚本文件
scp keepalived server1:/srv/salt/keepalived/files
cd ..
cd ..
ls ##有keepalived这个目录
cd keepalived
ls ##有keepalived.conf 这个配置文件
scp keepalived.conf server1:/srv/salt/keepalived/files
cd ..
cd sysconfig/ ##此时路径在/usr/local/keepalived/etc/sysconfig
ll /usr/local/keepalived/etc/sysconfig/keepalived
###在server1里面做
cd /srv/salt/keepalived
vim service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
kp-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
cd files ##有keepalived keepalived-2.0.6.tar.gz keepalived.conf ##有这三个文件
file keepalived ##这是一个脚本
file keepalived.conf ##这是一个普通文件
vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.0.100
}
}
salt server4 state.sls keepalived.service
cd /srv/salt
vim top.sls
base:
"server1":
- haproxy.service
"server4":
- haproxy.service ##如果haproxy报错,查看是不是原来就有haproxy这个rpm包,删除这个包就可以了rpm -q haproxy
- keepalived.service ##查看有没有这个包,/etc/init.d/haproxy stop ##停掉服务,rpm -e haproxy ##删除包
"roles:apache":
- match: grain
- apache.service
"roles:nginx":
- match: grain
- nginx.service
salt '*' state.highstate
####进入浏览器,就可以看见轮询了
http://172.25.17.100
###在server1里面做
cd /srv/salt/keepalived
vim service.sls
include:
- keepalived.install
/etc/keepalived/keepalived.conf:
file.managed:
- source: salt://keepalived/files/keepalived.conf
- template: jinja
{% if grains['fqdn'] == 'server4' %}
- STATE: MASTER
- VRID: 17
- PRIORITY: 100
{% elif grains['fqdn'] == 'server1' %}
- STATE: BACKUP
- VRID: 17
- PRIORITY: 50
{% endif %}
kp-service:
file.managed:
- name: /etc/init.d/keepalived
- source: salt://keepalived/files/keepalived
- mode: 755
service.running:
- name: keepalived
- reload: True
- watch:
- file: /etc/keepalived/keepalived.conf
cd files
vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRIORITY }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.17.100
}
}
cd /srv/salt/
vim top.sls
base:
"server1":
- haproxy.service
- keepalived.service
"server4":
- haproxy.service ##如果haproxy报错,查看是不是原来就有haproxy这个rpm 包,删除这个包就可以了rpm -q haproxy
- keepalived.service ##查看有没有这个包,/etc/init.d/haproxy stop ##停掉服务,rpm -e haproxy ##删除包
"roles:apache":
- match: grain
- apache.service
"roles:nginx":
- match: grain
- nginx.service
salt '*' state.highstate
###然后去server4里面看ip addr ##看虚拟ip有没有在他上面
####在server1里面看 cat /var/log/messages ##他应该显示为backup
#####为了适应各种版本可以进vim install.sls里面改
##在最上面加
{% set kp_version = '2.0.6' %}
然后将版本都改为例如: - name: /mnt/keepalived-{{kp_version}}.tar.gz
- source: salt://keepalived/files/keepalived-{{kp_version}}.tar.gz##该改的版本号都要改
salt '*' state.highstate
###增减一个模块
mkdir /srv/salt/_modules
cd /srv/salt/_modules
vim my_disk.py
#!/usr/bin/env python
def df():
cmd = 'df -h'
return __salt__['cmd.run'](cmd)
salt '*' saltutil.sync_modules ##必须刷下,模块才能被调用,如果重新改文件,也必须刷下,否则报错
###在server2里面做
cd /var/cache/salt
ls ##有minion这个目录
tree . #可以看见有my_disk.py 这个模块
##在server1里面做
salt server2 my_disk.df
salt server? my_disk.df
整体思路是topmaster--> master+syndic--> minion
###将server4变成topmaster,所以必须从server1的节点脱离
##在server1上做
salt-key -L
salt-key -d server4
salt-key -L
cd /srv/salt
vim top.sls
####将关于server4的全部删除
base:
"server1":
- haproxy.service
- keepalived.service
"roles:apache":
- match: grain
- apache.service
"roles:nginx":
- match: grain
- nginx.service
yum install -y salt-syndic
/etc/init.d/salt-syndic start ##虽然他没有配置文件,但是他有服务
cd /etc/salt
vim master
##注释数据库的内容
###取消注释 syndic_master: 172.25.17.4
/etc/init.d/salt-master restart###如果报错,则reboot,之后在执行/etc/init.d/salt-master start /etc/init.d/salt-syndic start #在这一步之前,一定要把server4的topmaster配置好,否则会报错
##在server4上做
/etc/init.d/salt-minion stop
chkconfig salt-minion off
yum install -y salt-master
cd /etc/salt
vim master
###将order_masters: True
/etc/init.d/salt-master start
salt-key -L ##将server1加进去
salt-key -a server1
salt-key -L
salt '*' test.ping ##如果ping出现错误。则在server1上做同杨的操作,毕竟server1才是直接和minion相连的,server4只知道server1,
##在server1上做
salt '*' test.ping ##如果还出现错,则重新打开minion端,/etc/init.d/salt-minion start
salt '*' test.ping ##在ping一次
##在server4里面做
salt '*' my_disk.df
#####另外一种方法,不用开minion端
在server1里面做
yum install -y salt-ssh
###将minion端都停掉在server2 server3里面做
/etc/init.d/salt-minion stop
在server1里面做
vim /etc/salt/roster
server2:
host: 172.25.17.2
user: root
passwd: westos
server3:
host: 172.25.17.3
user: root
passwd: westos
salt-ssh '*' test.ping -i
salt-ssh '*' my_disk.df
cd /root/.ssh
ls ##有known_hosts ##这个文件
##在server2里面坐
cd /root/.ssh
ls 有known_hosts ##这个文件 则正确
api方式
##使minion端都开启服务server2 server3都做下面操作
/etc/init.d/salt-minion start
##在server1里面坐
yum install -y salt-api
useradd -M -s /sbin/nologin saltapi
passwd saltapi
cd /etc/pki/tls/private
openssl genrsa 1024 > localhost.key
cat localhost.key
cd ..
cd certs
make testcert
cd /etc/salt/master.d/
vim api.conf
rest_cherrypy:
port: 8000
ssl_crt: /etc/pki/tls/certs/localhost.crt
ssl_key: /etc/pki/tls/private/localhost.key
vim auth.conf
external_auth:
pam:
saltapi:
- '.*'
- '@wheel'
- '@runner'
- '@jobs'
/etc/init.d/salt-master restart
/etc/init.d/salt-api restart
netstat -antlupe | grep :8000 ##8000端口属于api端口
curl -sSk https://172.25.17.1:8000/login -H 'Accept: application/x-yaml' -d username=saltapi -d password=westos -d eauth=pam ##获得token
curl -sSk https://172.25.17.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 651d65e12ecb0b71d6e72562b8212bf8dc3bb226' -d client=local -d tgt='*' -d fun=test.ping
curl -sSk https://172.25.17.1:8000 -H 'Accept: application/x-yaml' -H 'X-Auth-Token: 651d65e12ecb0b71d6e72562b8212bf8dc3bb226' -d client=local -d tgt='*' -d fun=my_disk.df
cd
vim saltapi.py ##复制别人的python语言,
# -*- coding: utf-8 -*-
import urllib2,urllib
import time
try:
import json
except ImportError:
import simplejson as json
class SaltAPI(object):
__token_id = ''
def __init__(self,url,username,password):
self.__url = url.rstrip('/')
self.__user = username
self.__password = password
def token_id(self):
''' user login and get token id '''
params = {'eauth': 'pam', 'username': self.__user, 'password': self.__password}
encode = urllib.urlencode(params)
obj = urllib.unquote(encode)
content = self.postRequest(obj,prefix='/login')
try:
self.__token_id = content['return'][0]['token']
except KeyError:
raise KeyError
def postRequest(self,obj,prefix='/'):
url = self.__url + prefix
headers = {'X-Auth-Token' : self.__token_id}
req = urllib2.Request(url, obj, headers)
opener = urllib2.urlopen(req)
content = json.loads(opener.read())
return content
def list_all_key(self):
params = {'client': 'wheel', 'fun': 'key.list_all'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
minions = content['return'][0]['data']['return']['minions']
minions_pre = content['return'][0]['data']['return']['minions_pre']
return minions,minions_pre
def delete_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.delete', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def accept_key(self,node_name):
params = {'client': 'wheel', 'fun': 'key.accept', 'match': node_name}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0]['data']['success']
return ret
def remote_noarg_execution(self,tgt,fun):
''' Execute commands without parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def remote_execution(self,tgt,fun,arg):
''' Command execution with parameters '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
ret = content['return'][0][tgt]
return ret
def target_remote_execution(self,tgt,fun,arg):
''' Use targeting for remote execution '''
params = {'client': 'local', 'tgt': tgt, 'fun': fun, 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def deploy(self,tgt,arg):
''' Module deployment '''
params = {'client': 'local', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
return content
def async_deploy(self,tgt,arg):
''' Asynchronously send a command to connected minions '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def target_deploy(self,tgt,arg):
''' Based on the node group forms deployment '''
params = {'client': 'local_async', 'tgt': tgt, 'fun': 'state.sls', 'arg': arg, 'expr_form': 'nodegroup'}
obj = urllib.urlencode(params)
self.token_id()
content = self.postRequest(obj)
jid = content['return'][0]['jid']
return jid
def main():
sapi = SaltAPI(url="https://172.25.17.1:8000", username="saltapi", password="westos")
#sapi.token_id()
print sapi.list_all_key()
#sapi.delete_key('test-01')
#sapi.accept_key('test-01')
#sapi.deploy('server3','nginx.service')
#print sapi.remote_noarg_execution('test-01','grains.items')
if __name__ == '__main__':
main()
python saltapi.py ##
###或者注释print sapi.list_all_key() 打开 sapi.deploy('server3','nginx.service') ##在做这一步之前,先停掉server3的nginx服务/etc/init.d/nginx stop
python saltapi.py
##在server3里面看,/etc/init.d/nginx status ##此时他应该运行