SaltStack 服务部署及配置管理(apache+php)[二]

2017年10月29日14:57:52 发表评论 7,943 views
摘要

第二篇 SaltStack 主要介绍 部署服务及配置管理 拿apache+php 举例说明

广告也精彩

SaltStack 对于部署服务及配置管理都做得十分优秀,下面就通过下面几个目标来实践

1.使用SaltStack部署apache和php

2.使用salt管理httpd.conf配置文件配置访问info.php使用账户密码

3.在salt里面增加对conf.d目录进行配置管理

4.如何使用salt在追加文件内容

5.学会如何使用 watch require unless

一、环境配置

1,修改master的配置文件,指定base环境路径,base环境是必须指定的

[root@linux-node1 base]# grep  -9  ^file_roots /etc/salt/master  |grep -v ^#
file_roots:
  base:
    - /srv/salt/base
  dev:
    - /srv/salt/dev
  test:
    - /srv/salt/test
  prod:
    - /srv/salt/prod

2,创建目录

[root@linux-node1 base]# mkdir -p /srv/salt/{base,dev,test,prod}
[root@linux-node1 base]# tree /srv/salt/
/srv/salt/
├── base
├── dev
├── prod
└── test

3,重启master

[root@linux-node1 base]# systemctl restart salt-master

4,在base目录下面创建一个web目录用于存放web相关的sls文件

[root@linux-node1 base]# mkdir -p web

5,cd到bash/web目录里面创建apache.sls文件

[root@linux-node1 base]# cd web/
[root@linux-node1 web]# cat apache.sls 
apache-install:   #id 名字自己取 需要形象一点, 一个id下面一个状态只能出现一次
  pkg.installed:  #pkg 是状态模块,installed 是模块里面的方法
    - name: httpd #方法里面的参数
apache-service:
  service.running:
    - name: httpd
    - enable: True #设置开机自动启动
#yaml里面格式有严格的要求,注释用#号,不能有table,- 两边需要空格,缩进用2个空格层级关系后面要加分号

二、 Salt执行状态模块部署服务

1,salt部署apache

[root@node01 base]# salt "node02*" state.sls web.apache
node02:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: The following packages were installed/updated: httpd
     Started: 14:50:42.488117
    Duration: 7556.188 ms
     Changes:   
              ----------
              httpd:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              httpd-tools:
                  ----------
                  new:
                      2.4.6-80.el7.centos.1
                  old:
              mailcap:
                  ----------
                  new:
                      2.1.41-2.el7
                  old:
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd has been enabled, and is running
     Started: 14:50:50.816336
    Duration: 421.497 ms
     Changes:   
              ----------
              httpd:
                  True

Summary for node02
------------
Succeeded: 2 (changed=2)
Failed:    0
------------
Total states run:     2
Total run time:   7.978 s
#此时node2 上面已经部署好了apache

2、salt模块高级状态的使用

需要在master配置文件里面打开 state_top: top.sls并重启master

[root@node01 base]# grep -nr "state_top:" /etc/salt/master
560:#state_top: top.sls
[root@node01 base]# systemctl restart salt-master

在base环境目录下面添加top.sls

[root@linux-node1 base]# more top.sls 
[root@node01 base]# cat top.sls 
base:
  'node01':
    - web.apache
  'node02':
    - web.apache
[root@node01 base]# pwd
/srv/salt/base

执行高级模块方法,高级方法到 base下面找top.sls 文件编排告诉每个minion需要干什么,一般生产环境用高级状态多些

[root@linux-node1 base]#   salt "*" state.highstate 
linux-node1.example.com:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: Package httpd is already installed.
     Started: 15:23:08.597951
    Duration: 709.521 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: 15:23:09.308417
    Duration: 233.623 ms
     Changes:   

Summary
------------
Succeeded: 2
Failed:    0
------------
Total states run:     2
linux-node2.example.com:
----------
          ID: apache-install
    Function: pkg.installed
        Name: httpd
      Result: True
     Comment: Package httpd is already installed.
     Started: 15:23:09.171596
    Duration: 721.901 ms
     Changes:   
----------
          ID: apache-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: 15:23:09.894209
    Duration: 221.615 ms
     Changes:   

Summary
------------
Succeeded: 2
Failed:    0
------------
Total states run:     2

上面我们使用了2个状态模块pkgservice,下面我们使用file文件配置模块

3、file文件配置模块

模块使用参考文档
Salt官网 常规文件,特殊文件,目录和符号链接的操作

在base/web目录下面添加一个lamp.sls,一般在添加里面的内容之前需要在外面找一台服务器进行测试拿到准确的包信息后再进行配置

[root@linux-node1 web]# cat lamp.sls 
lamp-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - php-pdo
      - php-mysql
apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf #服务实际使用的文件路径
    - source: salt://web/files/httpd.conf #salt的源文件用于分发到minion上面 路径是base目录下面的web 这里也支持http和ftp方式
    - user: root
    - group: root
    - mode: 644
php-config:
  file.managed:
    - name: /etc/php.ini
    - source: salt://web/files/php.ini
    - user: root
    - group: root
    - mode: 644
lamp-service:
  service.running:
    - name: httpd
    - enable: True

拷贝源文件到base/web目录下,这个根据自己的实际情况找源文件拷贝过来

[root@linux-node1 web]# cp /etc/httpd/conf/httpd.conf /srv/salt/base/web/files/
[root@linux-node1 web]# cp /etc/php.ini /srv/salt/base/web/files/

4、执行状态模块部署服务

[root@linux-node1 web]# salt "*" state.sls web.lamp
linux-node1.example.com:
----------
          ID: lamp-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed.
     Started: 15:43:56.883540
    Duration: 633.814 ms
     Changes:   
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: 15:43:57.520199
    Duration: 4.242 ms
     Changes:   
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: File /etc/php.ini is in the correct state
     Started: 15:43:57.524589
    Duration: 4.149 ms
     Changes:   
----------
          ID: lamp-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: 15:43:57.529404
    Duration: 258.952 ms
     Changes:   

Summary
------------
Succeeded: 4
Failed:    0
------------
Total states run:     4
linux-node2.example.com:
----------
          ID: lamp-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed.
     Started: 15:43:58.566172
    Duration: 611.409 ms
     Changes:   
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: 15:43:59.180091
    Duration: 4.063 ms
     Changes:   
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: File /etc/php.ini is in the correct state
     Started: 15:43:59.184248
    Duration: 3.803 ms
     Changes:   
----------
          ID: lamp-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: 15:43:59.188496
    Duration: 208.1 ms
     Changes:   

Summary
------------
Succeeded: 4
Failed:    0
------------
Total states run:     4

5,使用file模块下面的recurse方法进行apache的conf.d目录管理配置如下

apache-conf:
  file.recurse:
    - name: /etc/httpd/conf.d
    - source: salt://web/files/apache-conf.d

6,创建salt源目录,并拷贝数据导源文件目录,数据文件来源根据自己业务的实际情况

[root@linux-node1 ~]# mkdir /srv/salt/base/web/files/apache-conf.d
[root@linux-node1 ~]# cd /srv/salt/base/web/files/apache-conf.d/
[root@linux-node1 apache-conf.d]# cp -a /etc/httpd/conf.d/* .
[root@linux-node1 apache-conf.d]# ls
autoindex.conf php.conf README userdir.conf welcome.conf
[root@linux-node1 apache-conf.d]#

测试在files/apache-conf.d/welcome.conf 添加一行#qiuyuetao test

[root@linux-node1 files]# echo "#qiuyuetao test" >> apache-conf.d/welcome.conf 

验证目录管理是否生效
可以先使用test=True 只做测试,不会在minion节点上面真正执行,确认无问题后再让minion去执行

[root@linux-node1 files]# salt "linux-node2*" state.highstate test=True
linux-node2.example.com:
----------
          ID: lamp-install
    Function: pkg.installed
      Result: True
     Comment: All specified packages are already installed.
     Started: 16:12:56.440265
    Duration: 666.288 ms
     Changes:   
----------
          ID: apache-config
    Function: file.managed
        Name: /etc/httpd/conf/httpd.conf
      Result: True
     Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
     Started: 16:12:57.108448
    Duration: 3.959 ms
     Changes:   
----------
          ID: php-config
    Function: file.managed
        Name: /etc/php.ini
      Result: True
     Comment: The file /etc/php.ini is in the correct state
     Started: 16:12:57.112503
    Duration: 3.61 ms
     Changes:   
----------
          ID: lamp-service
    Function: service.running
        Name: httpd
      Result: True
     Comment: Service httpd is already enabled, and is in the desired state
     Started: 16:12:57.116505
    Duration: 244.585 ms
     Changes:   
----------
          ID: apache-conf
    Function: file.recurse
        Name: /etc/httpd/conf.d
      Result: None
     Comment: #### /etc/httpd/conf.d/welcome.conf ####
              The file /etc/httpd/conf.d/welcome.conf is set to be changed
     Started: 16:12:57.361390
    Duration: 1096.52 ms
     Changes:   
              ----------
              /etc/httpd/conf.d/welcome.conf:
                  ----------
                  diff:
                      --- 
                      +++ 
                      @@ -20,3 +20,4 @@
                       Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
                       Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
                       Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
                      +#xieweming test

Summary
------------
Succeeded: 5 (unchanged=1, changed=1)
Failed:    0
------------
Total states run:     5

验证没有问题在node01node02上面都执行
我们这里就2台所有可以直接用*

[root@linux-node1 files]# salt "*" state.highstate
linux-node1.example.com:
----------
.....此处省略1万字
Succeeded: 5 (changed=1)

使用watch在apache配置文件发送变化时,重新加载apache配置
增加下面的绿色字体部分

lamp-service:
  service.running:
    - name: httpd
    - enable: True
    "- reload: True  #如果不加reload 默认会重启服务"
    "- watch: #增加"
       "- file: apache-config #监控上面的apache-config ID 所以说 一个ID在一个状态只能出现一次"

另外一种watc_in写法,我们只需要掌握一种就可以

...
lamp-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
      - file: apache-config
apache-conf:
  file.recurse:
    - name: /etc/httpd/conf.d
    - source: salt://web/files/apache-conf.d
    - watch_in:
      - service: lamp-service
...

修改一下配置文件进行验证成功

[root@linux-node1 files]# salt "*" state.highstate
#Succeeded: 5 (changed=2)
#Failed:    0
一般没有报错,就代表成功

使用require可以让各ID之间产生依赖关系,避免无效执行
比如执行apache-config ID之前要确保 lamp-install ID已经成功的完成了 添加下面绿色字体部分

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://web/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    "- require:"
      "- pkg: lamp-install"

测试apache php环境工作是否正常,在2个节点上的apache工作目录下创建phpinfo文件

[root@linux-node2 conf.d]# cd /var/www/html/
[root@linux-node2 html]# mkdir admin
[root@linux-node2 html]# cd admin/
[root@linux-node2 admin]# vi info.php
[root@linux-node2 admin]# cat info.php 
<?php
phpinfo()
?>

可以正常打开
SaltStack  服务部署及配置管理(apache+php)[二]

三、salt为phpinfo添加验证功能

现在使用salt添加访问phpinfo需要账号密码

1,在salt的apache的配置管理文件里面添加验证 如下绿色字体部分

[root@linux-node1 files]# pwd
/srv/salt/base/web/files
[root@linux-node1 files]# 
[root@linux-node1 files]# tail -15 httpd.conf 
#EnableMMAP off
EnableSendfile on
"<Directory "/var/www/html/admin">
    AllowOverride All
    Order allow,deny
    Allow from All  
    AuthUserFile  /etc/httpd/conf/htpasswd_file
    AuthName "hehe"                                
    AuthType Basic
    Require user admin
</Directory>"
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf

2,在lamp.sls 里面添加一个名为apache-auth 状态ID并使用require指定依赖关系

[root@linux-node1 web]# pwd
/srv/salt/base/web
[root@linux-node1 web]# ls
apache.sls  files  lamp.sls
[root@linux-node1 web]# tail -10 lamp.sls 
    - name: /etc/httpd/conf.d
    - source: salt://web/files/apache-conf.d

apache-auth:
  pkg.installed:
    - name: httpd-tools
    - require_in:
      - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,指定依赖关系
  cmd.run:
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin #创建 账号为admin 密码为admin的密码文件

3,执行状态模块,验证没有报错

SaltStack  服务部署及配置管理(apache+php)[二]
但是上面有些小问题
当多次执行apache-auth状态模块的时候,密码文件会被重新创建并覆盖

解决办法:我们可以使用unless进行判断,unless 如果条件为真就执行,为假就不执行

修改apache-auth状态模块如下

[root@linux-node1 web]# tail -8 lamp.sls 
apache-auth:
  pkg.installed:
    - name: httpd-tools
    - require_in:
      - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,解决依赖关系
  cmd.run:
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
    - unless: test -f /etc/httpd/conf/htpasswd_file #unless 不只限于用test 支持脚本等任何命令 只要判断 期返回结果0 或者1 0为真 1为假 就可以

4,再次执行lamp.sls状态模块,就解决了上面的问题

具体查看状态
base的目录结构如下

[root@linux-node1 salt]# tree  base
base
├── fileappend.sls
├── top.sls
└── web
    ├── apache.sls
    ├── files
    │   ├── apache-conf.d
    │   │   ├── autoindex.conf
    │   │   ├── php.conf
    │   │   ├── README
    │   │   ├── userdir.conf
    │   │   └── welcome.conf
    │   ├── httpd.conf
    │   └── php.ini
    └── lamp.sls
directories, 11 files

5, cat lamp.sls 查看配置

[root@linux-node1 base]# cat web/lamp.sls 
lamp-install:
  pkg.installed:
    - pkgs:
      - httpd
      - php
      - php-pdo
      - php-mysql

apache-config:
  file.managed:
    - name: /etc/httpd/conf/httpd.conf
    - source: salt://web/files/httpd.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - pkg: lamp-install

php-config:
  file.managed:
    - name: /etc/php.ini
    - source: salt://web/files/php.ini
    - user: root
    - group: root
    - mode: 644

lamp-service:
  service.running:
    - name: httpd
    - enable: True
    - reload: True
    - watch:
       - file: apache-config

apache-conf:
  file.recurse:
    - name: /etc/httpd/conf.d
    - source: salt://web/files/apache-conf.d

apache-auth:
  pkg.installed:
    - name: httpd-tools
    - require_in:
      - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,解决依赖关系
  cmd.run:
    - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
    - unless: test -f /etc/httpd/conf/htpasswd_file

至此apache和php测试已完成;
更多文章:Saltstack相关文章

  • QQ精品交流群
  • weinxin
  • 微信公众号
  • weinxin
广告也精彩
admin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: