自动化运维Saltstack系列(六)之配置管理系统模块

时间:2022-04-15 21:55:04

架构图

Saltstack配置管理大型web架构网站其实并不是很难,最主要是合理管理各功能模块之间依赖关系,尽量独立各功能模块,让每一个系统功能都可以被业务引用。

自动化运维Saltstack系列(六)之配置管理系统模块

   

Saltstack环境目录

file_roots:  base:
    - /srv/salt/base
  prod:
    - /srv/salt/prod
pillar_roots:
  base:
    - /srv/pillar/base
  prod:
    - /srv/pillar/prod

 

Saltstack目录结构

[root@saltstack-node1 srv]# tree.├── pillar│   ├── base│   │   ├── top.sls│   │   └── zabbix│   │       └── agent.sls│   └── prod└── salt    ├── base    │   ├── _grains    │   │   └── my_grain.py    │   ├── init    │   │   ├── audit.sls    │   │   ├── dns.sls    │   │   ├── epel.sls    │   │   ├── files    │   │   │   ├── resolv.conf    │   │   │   └── zabbix_agentd.conf    │   │   ├── history.sls    │   │   ├── init.sls    │   │   ├── sysctl.sls    │   │   └── zabbix-agent.sls    │   ├── _modules    │   │   └── my_disk.py    │   └── top.sls    └── prod        ├── bbs        │   ├── files        │   │   └── nginx-bbs.conf        │   ├── memcached.sls        │   └── web.sls        ├── cluster        │   ├── files        │   │   ├── haproxy-outside.cfg        │   │   └── haproxy-outside-keepalived.conf        │   ├── haproxy-outside-keepalived.sls        │   └── haproxy-outside.sls        └── modules            ├── haproxy            │   ├── files            │   │   ├── haproxy-1.6.3.tar.gz            │   │   └── haproxy.init            │   └── install.sls            ├── keepalived            │   ├── files            │   │   ├── keepalived-1.2.17.tar.gz            │   │   ├── keepalived.init            │   │   └── keepalived.sysconfig            │   └── install.sls            ├── libevent            │   ├── files            │   │   └── libevent-2.0.22-stable.tar.gz            │   └── install.sls            ├── memcached            │   ├── files            │   │   └── memcached-1.4.24.tar.gz            │   └── install.sls            ├── nginx            │   ├── files            │   │   ├── nginx-1.9.1.tar.gz            │   │   ├── nginx.conf            │   │   └── nginx-init            │   ├── install.sls            │   └── service.sls            ├── pcre            │   ├── files            │   │   └── pcre-8.37.tar.gz            │   └── install.sls            ├── php            │   ├── files            │   │   ├── init.d.php-fpm            │   │   ├── memcache-2.2.7.tgz            │   │   ├── php-5.6.9.tar.gz            │   │   ├── php-fpm.conf            │   │   ├── php.ini-production            │   │   └── redis-2.2.7.tgz            │   ├── install.sls            │   ├── php-memcache.sls            │   └── php-redis.sls            ├── pkg            │   └── make-pkg.sls            ├── user            │   └── www.sls            └── web                ├── bbs.sls                └── files                    └── bbs.conf

   

环境初始化

1)历史命令优化添加用户、时间信息

[root@saltstack-node1 init]# vim history.sls/etc/profile:  file.append:    - text:      - export HISTTIMEFORMAT="%F %T `whoami` "

 

2)历史命令添加日志审计

[root@saltstack-node1 init]# vim audit.sls/etc/bashrc:  file.append:    - text:      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'

   

3)统一DNS

[root@saltstack-node1 init]# vim dns.sls/etc/resolv.conf:  file.managed:    - source: salt://init/files/resolv.conf    - user: root    - gourp: root    - mode: 644

   

4)自定义epel源(这里可以换成自己的yum仓库地址)

[root@saltstack-node1 init]# vim epel.slsyum_repo_release:  pkg.installed:    - sources:      - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm    - unless: rpm -qa | grep epel-release-7

   

5)系统初始优化

[root@saltstack-node1 init]# vim sysctl.slsnet.ipv4.ip_local_port_range:  sysctl.present:    - value: 10000 65000fs.file-max:  sysctl.present:    - value: 2000000net.ipv4.ip_forward:  sysctl.present:    - value: 1vm.swappiness:  sysctl.present:    - value: 0

   

6)zabbix-agents配置

[root@saltstack-node1 init]# vim zabbix-agent.sls zabbix-agent:  pkg.installed:    - name: zabbix-agent  file.managed:    - name: /etc/zabbix/zabbix_agentd.conf    - source: salt://init/files/zabbix_agentd.conf    - template: jinja    - backup: minion    - defaults:      Zabbix_Server: {{ pillar['Zabbix_Server'] }}      Hostname: {{ grains['fqdn'] }}    - require:      - pkg: zabbix-agent  service.running:    - enable: True    - watch:      - pkg: zabbix-agent      - file: zabbix-agentzabbix_agentd.conf.d:  file.directory:    - name: /etc/zabbix/zabbix_agentd.d    - watch_in:      - service: zabbix-agent    - require:      - pkg: zabbix-agent      - file: zabbix-agent7)合计初始化功能[root@saltstack-node1 init]# vim init.slsinclude:  - init.dns  - init.history  - init.audit  - init.epel  - init.sysctl  - init.zabbix-agent

   

业务模块

业务模块目录

[root@saltstack-node1 ~]# cd /srv/salt/prod/[root@saltstack-node1 prod]# lltotal 0drwxr-xr-x  3 root root  52 Sep 28 17:28 bbsdrwxr-xr-x  3 root root  81 Sep 28 17:28 clusterdrwxr-xr-x 12 root root 132 Sep 28 17:28 modules

   

服务部署安装模块

[root@saltstack-node1 prod]# cd modules/[root@saltstack-node1 modules]# lltotal 0drwxr-xr-x 3 root root 36 Sep 28 17:28 haproxydrwxr-xr-x 3 root root 36 Sep 28 17:28 keepaliveddrwxr-xr-x 3 root root 36 Sep 28 17:28 libeventdrwxr-xr-x 3 root root 36 Sep 28 17:28 memcacheddrwxr-xr-x 3 root root 54 Sep 28 17:28 nginxdrwxr-xr-x 3 root root 36 Sep 28 17:28 pcredrwxr-xr-x 3 root root 79 Sep 28 17:28 phpdrwxr-xr-x 2 root root 25 Sep 28 17:28 pkgdrwxr-xr-x 2 root root 20 Sep 28 17:28 userdrwxr-xr-x 3 root root 32 Sep 28 17:28 web

   

1)安装系统必要组件包

[root@saltstack-node1 pkg]# vim make-pkg.slsmake-pkg:  pkg.installed:    - pkgs:      - gcc      - gcc-c++      - glibc      - make      - autoconf      - openssl      - openssl-devel      - pcre      - pcre-devel

   

2)安装Haproxy

[root@saltstack-node1 haproxy]# vim install.slsinclude:  - modules.pkg.make-pkghaproxy-install:  file.managed:    - name: /usr/local/src/haproxy-1.6.3.tar.gz    - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz    - mode: 755    - user: root    - group: root  cmd.run:    - name: cd /usr/local/src && tar xf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy    - require:      - pkg: make-pkg      - file: haproxy-install    - unless: test -d /usr/local/haproxyhaproxy-init:  file.managed:    - name: /etc/init.d/haproxy    - source: salt://modules/haproxy/files/haproxy.init    - mode: 755    - user: root    - group: root    - require_in:      - file: haproxy-install  cmd.run:    - name: chkconfig --add haproxy    - unless: chkconfig --list|grep haproxynet.ipv4.ip_nonlocal_bind:  sysctl.present:    - value: 1/etc/haproxy:  file.directory:    - user: root    - group: root    - mode: 755

    

3)安装keepalived

[root@saltstack-node1 keepalived]# vim install.sls{% set keepalived_tar = 'keeplived-1.2.17.tar.gz' %}{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}keepalived-install:  file.managed:    - name: /usr/local/src/{{ keepalived_tar }}    - source: {{ keepalived_source }}    - mode: 755    - user: root    - group: root  cmd.run:    - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install    - unless: test -d /usr/local/keepalived    - require:      - file: keepalived-install/etc/sysconfig/keepalived:  file.managed:    - source: salt://modules/keepalived/files/keepalived.sysconfig    - mode: 644    - user: root    - group: root/etc/init.d/keepalived:  file.managed:    - source: salt://modules/keepalived/files/keepalived.init    - mode: 755    - user: root    - group: rootkeepalived-init:  cmd.run:    - name: chkconfig --add keepalived    - unless: chkconfig --list | grep keepalived    - require:      - file: /etc/init.d/keepalived/etc/keepalived:  file.directory:    - user: root    - group: root

    

4)libevent安装

[root@saltstack-node1 libevent]# vim install.sls libevent-source-install:  file.managed:    - name: /usr/local/src/libevent-2.0.22-stable.tar.gz    - source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz    - user: root    - group: root    - mode: 644  cmd.run:    - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable &&  ./configure --prefix=/usr/local/libevent && make && make install    - unless: test -d /usr/local/libevent    - require:      - file: libevent-source-install

   

5)安装pcre

[root@saltstack-node1 pcre]# vim install.slspcre-source-install:  file.managed:    - name: /usr/local/src/pcre-8.37.tar.gz    - source: salt://modules/pcre/files/pcre-8.37.tar.gz    - user: root    - group: root    - mode: 755  cmd.run:    - name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install    - unless: test -d /usr/local/pcre    - require:      - file: pcre-source-install

  

6)Nginx安装

[root@saltstack-node1 nginx]# vim install.sls include:  - modules.pcre.install  - modules.user.wwwnginx-source-install:  file.managed:    - name: /usr/local/src/nginx-1.9.1.tar.gz    - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz    - user: root    - group: root    - mode: 755  cmd.run:    - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx    - unless: test -d /usr/local/nginx    - require:      - user: www-user-group      - file: nginx-source-install      - pkg: make-pkg      - cmd: pcre-source-install

  

Nginx服务配置

[root@saltstack-node1 nginx]# vim service.sls include:  - modules.nginx.installnginx-init:  file.managed:    - name: /etc/init.d/nginx    - source: salt://modules/nginx/files/nginx-init    - mode: 755    - user: root    - group: root  cmd.run:    - name: chkconfig --add nginx    - unless: chkconfig --list | grep nginx    - require:      - file: nginx-init/usr/local/nginx/conf/nginx.conf:  file.managed:    - source: salt://modules/nginx/files/nginx.conf    - user: www    - group: www    - mode: 644nginx-service:  file.directory:    - name: /usr/local/nginx/conf/vhost_online    - require:      - cmd: nginx-source-install  service.running:    - name: nginx    - enable: True    - reload: True    - require:      - cmd: nginx-init    - watch:      - file: /usr/local/nginx/conf/nginx.conf

 

7)统一用户

[root@saltstack-node1 user]# vim www.sls www-user-group:  group.present:    - name: www    - gid: 1000  user.present:    - name: www    - fullname: www    - shell: /sbin/nologin    - uid: 1000    - gid: 1000

   

8)安装memcache

[root@saltstack-node1 memcached]# vim install.slsinclude:  - modules.libevent.installmemcached-source-install:  file.managed:    - name: /usr/local/src/memcached-1.4.24.tar.gz    - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz    - user: root    - group: root    - mode: 644  cmd.run:    - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install    - unless: test -d /usr/local/memcached    - require:      - cmd: libevent-source-install      - file: memcached-source-install

 


本文出自 “改变从每一天开始” 博客,请务必保留此出处http://lilongzi.blog.51cto.com/5519072/1859962