架构图
Saltstack配置管理大型web架构网站其实并不是很难,最主要是合理管理各功能模块之间依赖关系,尽量独立各功能模块,让每一个系统功能都可以被业务引用。
Saltstack环境目录
file_roots: base:
- /srv/salt/base
prod:
- /srv/salt/prod
pillar_roots:
base:
- /srv/pillar/base
prod:
- /srv/pillar/prod
Saltstack目录结构
[root@saltstack-node1 srv]# tree.├── pillar│ ├── base│ │ ├── top.sls│ │ └── zabbix│ │ └── agent.sls│ └── prod└── salt ├── base │ ├── _grains │ │ └── my_grain.py │ ├── init │ │ ├── audit.sls │ │ ├── dns.sls │ │ ├── epel.sls │ │ ├── files │ │ │ ├── resolv.conf │ │ │ └── zabbix_agentd.conf │ │ ├── history.sls │ │ ├── init.sls │ │ ├── sysctl.sls │ │ └── zabbix-agent.sls │ ├── _modules │ │ └── my_disk.py │ └── top.sls └── prod ├── bbs │ ├── files │ │ └── nginx-bbs.conf │ ├── memcached.sls │ └── web.sls ├── cluster │ ├── files │ │ ├── haproxy-outside.cfg │ │ └── haproxy-outside-keepalived.conf │ ├── haproxy-outside-keepalived.sls │ └── haproxy-outside.sls └── modules ├── haproxy │ ├── files │ │ ├── haproxy-1.6.3.tar.gz │ │ └── haproxy.init │ └── install.sls ├── keepalived │ ├── files │ │ ├── keepalived-1.2.17.tar.gz │ │ ├── keepalived.init │ │ └── keepalived.sysconfig │ └── install.sls ├── libevent │ ├── files │ │ └── libevent-2.0.22-stable.tar.gz │ └── install.sls ├── memcached │ ├── files │ │ └── memcached-1.4.24.tar.gz │ └── install.sls ├── nginx │ ├── files │ │ ├── nginx-1.9.1.tar.gz │ │ ├── nginx.conf │ │ └── nginx-init │ ├── install.sls │ └── service.sls ├── pcre │ ├── files │ │ └── pcre-8.37.tar.gz │ └── install.sls ├── php │ ├── files │ │ ├── init.d.php-fpm │ │ ├── memcache-2.2.7.tgz │ │ ├── php-5.6.9.tar.gz │ │ ├── php-fpm.conf │ │ ├── php.ini-production │ │ └── redis-2.2.7.tgz │ ├── install.sls │ ├── php-memcache.sls │ └── php-redis.sls ├── pkg │ └── make-pkg.sls ├── user │ └── www.sls └── web ├── bbs.sls └── files └── bbs.conf
环境初始化
1)历史命令优化添加用户、时间信息
[root@saltstack-node1 init]# vim history.sls/etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami` "
2)历史命令添加日志审计
[root@saltstack-node1 init]# vim audit.sls/etc/bashrc: file.append: - text: - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
3)统一DNS
[root@saltstack-node1 init]# vim dns.sls/etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - gourp: root - mode: 644
4)自定义epel源(这里可以换成自己的yum仓库地址)
[root@saltstack-node1 init]# vim epel.slsyum_repo_release: pkg.installed: - sources: - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm - unless: rpm -qa | grep epel-release-7
5)系统初始优化
[root@saltstack-node1 init]# vim sysctl.slsnet.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000fs.file-max: sysctl.present: - value: 2000000net.ipv4.ip_forward: sysctl.present: - value: 1vm.swappiness: sysctl.present: - value: 0
6)zabbix-agents配置
[root@saltstack-node1 init]# vim zabbix-agent.sls zabbix-agent: pkg.installed: - name: zabbix-agent file.managed: - name: /etc/zabbix/zabbix_agentd.conf - source: salt://init/files/zabbix_agentd.conf - template: jinja - backup: minion - defaults: Zabbix_Server: {{ pillar['Zabbix_Server'] }} Hostname: {{ grains['fqdn'] }} - require: - pkg: zabbix-agent service.running: - enable: True - watch: - pkg: zabbix-agent - file: zabbix-agentzabbix_agentd.conf.d: file.directory: - name: /etc/zabbix/zabbix_agentd.d - watch_in: - service: zabbix-agent - require: - pkg: zabbix-agent - file: zabbix-agent7)合计初始化功能[root@saltstack-node1 init]# vim init.slsinclude: - init.dns - init.history - init.audit - init.epel - init.sysctl - init.zabbix-agent
业务模块
业务模块目录
[root@saltstack-node1 ~]# cd /srv/salt/prod/[root@saltstack-node1 prod]# lltotal 0drwxr-xr-x 3 root root 52 Sep 28 17:28 bbsdrwxr-xr-x 3 root root 81 Sep 28 17:28 clusterdrwxr-xr-x 12 root root 132 Sep 28 17:28 modules
服务部署安装模块
[root@saltstack-node1 prod]# cd modules/[root@saltstack-node1 modules]# lltotal 0drwxr-xr-x 3 root root 36 Sep 28 17:28 haproxydrwxr-xr-x 3 root root 36 Sep 28 17:28 keepaliveddrwxr-xr-x 3 root root 36 Sep 28 17:28 libeventdrwxr-xr-x 3 root root 36 Sep 28 17:28 memcacheddrwxr-xr-x 3 root root 54 Sep 28 17:28 nginxdrwxr-xr-x 3 root root 36 Sep 28 17:28 pcredrwxr-xr-x 3 root root 79 Sep 28 17:28 phpdrwxr-xr-x 2 root root 25 Sep 28 17:28 pkgdrwxr-xr-x 2 root root 20 Sep 28 17:28 userdrwxr-xr-x 3 root root 32 Sep 28 17:28 web
1)安装系统必要组件包
[root@saltstack-node1 pkg]# vim make-pkg.slsmake-pkg: pkg.installed: - pkgs: - gcc - gcc-c++ - glibc - make - autoconf - openssl - openssl-devel - pcre - pcre-devel
2)安装Haproxy
[root@saltstack-node1 haproxy]# vim install.slsinclude: - modules.pkg.make-pkghaproxy-install: file.managed: - name: /usr/local/src/haproxy-1.6.3.tar.gz - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar xf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy - require: - pkg: make-pkg - file: haproxy-install - unless: test -d /usr/local/haproxyhaproxy-init: file.managed: - name: /etc/init.d/haproxy - source: salt://modules/haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require_in: - file: haproxy-install cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list|grep haproxynet.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1/etc/haproxy: file.directory: - user: root - group: root - mode: 755
3)安装keepalived
[root@saltstack-node1 keepalived]# vim install.sls{% set keepalived_tar = 'keeplived-1.2.17.tar.gz' %}{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}keepalived-install: file.managed: - name: /usr/local/src/{{ keepalived_tar }} - source: {{ keepalived_source }} - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf keepalived-1.2.17.tar.gz && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install - unless: test -d /usr/local/keepalived - require: - file: keepalived-install/etc/sysconfig/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.sysconfig - mode: 644 - user: root - group: root/etc/init.d/keepalived: file.managed: - source: salt://modules/keepalived/files/keepalived.init - mode: 755 - user: root - group: rootkeepalived-init: cmd.run: - name: chkconfig --add keepalived - unless: chkconfig --list | grep keepalived - require: - file: /etc/init.d/keepalived/etc/keepalived: file.directory: - user: root - group: root
4)libevent安装
[root@saltstack-node1 libevent]# vim install.sls libevent-source-install: file.managed: - name: /usr/local/src/libevent-2.0.22-stable.tar.gz - source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable && ./configure --prefix=/usr/local/libevent && make && make install - unless: test -d /usr/local/libevent - require: - file: libevent-source-install
5)安装pcre
[root@saltstack-node1 pcre]# vim install.slspcre-source-install: file.managed: - name: /usr/local/src/pcre-8.37.tar.gz - source: salt://modules/pcre/files/pcre-8.37.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf pcre-8.37.tar.gz && cd pcre-8.37 && ./configure --prefix=/usr/local/pcre && make && make install - unless: test -d /usr/local/pcre - require: - file: pcre-source-install
6)Nginx安装
[root@saltstack-node1 nginx]# vim install.sls include: - modules.pcre.install - modules.user.wwwnginx-source-install: file.managed: - name: /usr/local/src/nginx-1.9.1.tar.gz - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz - user: root - group: root - mode: 755 cmd.run: - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module --with-pcre=/usr/local/src/pcre-8.37 && make && make install && chown -R www:www /usr/local/nginx - unless: test -d /usr/local/nginx - require: - user: www-user-group - file: nginx-source-install - pkg: make-pkg - cmd: pcre-source-install
Nginx服务配置
[root@saltstack-node1 nginx]# vim service.sls include: - modules.nginx.installnginx-init: file.managed: - name: /etc/init.d/nginx - source: salt://modules/nginx/files/nginx-init - mode: 755 - user: root - group: root cmd.run: - name: chkconfig --add nginx - unless: chkconfig --list | grep nginx - require: - file: nginx-init/usr/local/nginx/conf/nginx.conf: file.managed: - source: salt://modules/nginx/files/nginx.conf - user: www - group: www - mode: 644nginx-service: file.directory: - name: /usr/local/nginx/conf/vhost_online - require: - cmd: nginx-source-install service.running: - name: nginx - enable: True - reload: True - require: - cmd: nginx-init - watch: - file: /usr/local/nginx/conf/nginx.conf
7)统一用户
[root@saltstack-node1 user]# vim www.sls www-user-group: group.present: - name: www - gid: 1000 user.present: - name: www - fullname: www - shell: /sbin/nologin - uid: 1000 - gid: 1000
8)安装memcache
[root@saltstack-node1 memcached]# vim install.slsinclude: - modules.libevent.installmemcached-source-install: file.managed: - name: /usr/local/src/memcached-1.4.24.tar.gz - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz - user: root - group: root - mode: 644 cmd.run: - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install - unless: test -d /usr/local/memcached - require: - cmd: libevent-source-install - file: memcached-source-install
本文出自 “改变从每一天开始” 博客,请务必保留此出处http://lilongzi.blog.51cto.com/5519072/1859962