六:Saltstack之十四:saltstack系统初始化及minion文件备份

阅读(1,280)

一:环境设计:

软件:Linux、Haproxy、Nginx、Memcache、MySQL、Php

操作系统初始化:防火墙、selinux

服务环境:saltmaster:192.168.10.101,saltminion:192.168.10.102

程序目录:每个程序放在单独的目录,方便后期调用,功能模块要独立,比如安装nginx就只安装nginx,安装依赖包的只安装依赖包,这样方便以后其他模块进行调用

业务模块划分:根据业务划分,例如Web服务、BBS等

salt环境配置:

Base环境、开发环境、测试环境(功能测试环境、性能测试环境)、预生产环境、生成环境

1.1:salt-master配置:

state_top: top.sls
file_roots:
  base: #基础环境
    - /srv/salt/base
  prod: #开发环境
    - /srv/salt/prod
   
pillar_roots:
  base: #数据基础目录
    - /srv/pillar/base
  prod: #数据开发目录
    - /srv/pillar/prod
log_level: debug #为排错暂时开启debug
nodegroups: #分组
  web: "L@saltmaster.com.cn,saltminion.com.cn"

1.2:环境初始化,定义一个init目录专用于系统初始化:

# mkdir init  #base目录当中

# cd init/   #init目录用于环境初始化,包括DNS/history 记录时间/记录历史命令/内核参数优化/安装zabbix agent

1.2.1:DNS初始化:

[root@saltmaster init]# pwd
/srv/salt/base/init
[root@saltmaster init]# vim dns.sls

/etc/resolv.conf:  #声明ID,下面没有定义name,因此ID同时也是被管理的对象
  file.managed:
    - source: salt://init/files/resolv.conf #文件目录在base目录下的init/files
    - user: root
    - gourp: root
    - mode: 644

# mkdir  files

# cp /etc/resolv.conf   /srv/salt/base/init/files/  #将dns文件复制到文件目录

1.2.2:历史命令管理

# vim history.sls

/etc/profile:
  file.append: #在文件末尾追加,多次执行不会重复添加,会进行判断,只有没有追加内容的时候才会追加
    - text: #模块的选项
      - export HISTTIMEFORMAT="%F %T `whoami` "

1.2.3:记录命令操作

# vim audit.sls 

/etc/bashrc:
  file.append:
    - text:
      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'

1.2.4:内核参数优化

# vim sysctl.sls

net.ipv4.ip_local_port_range: #本地作为客户端打开的随机端口范围
  sysctl.present:   #sysctl的方法present设置内核参数的值
    - value: 10000 65000
fs.file-max: #文件打开最大数
  sysctl.present:
    - value: 2000000
net.ipv4.ip_forward: #开启转发
  sysctl.present:
    - value: 1
vm.swappiness: #交换分区使用权重
  sysctl.present:
    - value: 0

1.2.5:安装yum仓库:

#  rpm -qa | grep epel

yum_repo_release:
  pkg.installed:
    - sources: #为安装包指定安装源
      - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
    - unless: rpm -qa | grep epel-release-7-7.noarch #除非这一行执行失败 

1.2.6:zabbix-agent状态文件:

#安装zabbix-agent:

# rpm -ivh http://mirrors.aliyun.com/zabbix/zabbix/3.0/rhel/7/x86_64/zabbix-release-3.0-1.el7.noarch.rpm

# yum install zabbix-agent  #安装zabbix-agent客户端

# vim zabbix-agent.sls 

zabbix-agent:
  pkg.installed:
    - name: zabbix-agent
  file.managed:
    - name: /etc/zabbix/zabbix_agentd.conf
    - source: salt://init/files/zabbix_agentd.conf
    - template: jinja
    - defaults:
      Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }} #第一个Zabbix_Server对应pillar中agent.sls中的名称
      Hostname: {{ grains["fqdn"] }} #grains是minion端起的时候自己收集的,这个变量要设置在zabbix-agent.conf模板当中
    - require: #依赖于zabbix-agent安装包是否安装成功
      - pkg: zabbix-agent
  service.running:
    - enable: True #发生变化就重启
    - watch: #监控安装包的状态和配置文件是否发生变化
      - pkg: zabbix-agent
      - file: zabbix-agent

zabbix_agentd.conf.d:
  file.directory: #
    - name: /etc/zabbix/zabbix_agentd.d
    - watch_in: #被谁依赖,当目录中的文件发生变化,就重启服务,也可以在zabbix-agent使用watch监控此目录
      - service: zabbix-agent
    - require:  #依赖于的服务
      - pkg: zabbix-agent
      - file: zabbix-agent

#将zabbix-agentd.conf文件复制到saltmaster端base目录下的文件目录:

# cp /etc/zabbix/zabbix_agentd.conf  /srv/salt/base/init/files/ 

# vim /srv/salt/base/init/files/zabbix_agentd.conf 

PidFile=/var/run/zabbix/zabbix_agentd.pid
LogFile=/var/log/zabbix/zabbix_agentd.log
LogFileSize=0
Server={{ Zabbix_Server }}  #对应在salt的base目录中的zabbix-agent.sls的配置名称
ServerActive=127.0.0.1
Hostname= {{ Hostname }}  #引用salt中init下zabbi-agent.sls中定义的Hostname
Include=/etc/zabbix/zabbix_agentd.d/

1.2.7:定义pillar:

# cd /srv/pillar/base/

#mkdir zabbix

#cd zabbix

# vim agent.sls

zabbix-agent: #对应在saltmaster的base目录中的zabbix-agent.sls的Zabbix Server段
  Zabbix_Server: 192.168.10.101 

# cd .. #返回到pillar的base目录,为主机指定pillar

# vim top.sls 

[root@saltmaster base]# cat top.sls  #通过top.sls为单独的主机指定pillar,pillar是由服务端指定给minion的

base:
  "*":
    - zabbix.agent

1.2.8:执行测试: #minion需要有zabbix的yum源,否则报无法安装zabbix-agent,出现错误要根据提示进行排错

# salt “saltminion*” state.sls  init.zabbix-agent  

#执行结果

二:高级状态:

2.1:# vim init.sls   #导入之前的数据文件,在执行高级状态的时候可以执行全部执行

include: #声明导入木块
  - init.dns  #导入方式:目录.sls状态文件名称
  - init.history
  - init.audit
  - init.sysctl
  - init.epel
  - init.zabbix-agent

2.2:执行状态文件:

# salt “saltminion*” state.sls  init.init

saltminion.com.cn:
----------
          ID: /etc/resolv.conf #DNS初始化
    Function: file.managed
      Result: True
     Comment: File /etc/resolv.conf updated
     Started: 11:45:51.032398
    Duration: 109.08 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1,10 +1 @@
                  -# Generated by NetworkManager
                  -search saltminion.com.cn
                  -nameserver 202.106.0.20
                  -
                  -# No nameservers found; try putting DNS servers into your
                  -# ifcfg files in /etc/sysconfig/network-scripts like so:
                  -#
                  -# DNS1=xxx.xxx.xxx.xxx
                  -# DNS2=xxx.xxx.xxx.xxx
                  -# DOMAIN=lab.foo.com bar.foo.com
                  +nameserver 114.114.114.114
----------
          ID: /etc/profile #记录命令执行
    Function: file.append
      Result: True
     Comment: Appended 1 lines
     Started: 11:45:51.141704
    Duration: 3.611 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -74,3 +74,4 @@
                   
                   unset i
                   unset -f pathmunge
                  +export HISTTIMEFORMAT="%F %T `whoami` "
----------
          ID: /etc/bashrc #记录历史记录
    Function: file.append
      Result: True
     Comment: Appended 1 lines
     Started: 11:45:51.145534
    Duration: 12.057 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -90,3 +90,4 @@
                       unset -f pathmunge
                   fi
                   # vim:ts=4:sw=4
                  +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
----------
          ID: net.ipv4.ip_local_port_range #随机端口范围
    Function: sysctl.present
      Result: True
     Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
     Started: 11:45:51.187389
    Duration: 295.588 ms
     Changes:   
              ----------
              net.ipv4.ip_local_port_range:
                  10000 65000
----------
          ID: fs.file-max #最大文件数
    Function: sysctl.present
      Result: True
     Comment: Updated sysctl value fs.file-max = 2000000
     Started: 11:45:51.483271
    Duration: 586.898 ms
     Changes:   
              ----------
              fs.file-max:
                  2000000
----------
          ID: net.ipv4.ip_forward #开启地址转发,作为代理服务器的时候必须开启
    Function: sysctl.present
      Result: True
     Comment: Updated sysctl value net.ipv4.ip_forward = 1
     Started: 11:45:52.070469
    Duration: 40.188 ms
     Changes:   
              ----------
              net.ipv4.ip_forward:
                  1
----------
          ID: vm.swappiness #内存使用比重
    Function: sysctl.present
      Result: True
     Comment: Updated sysctl value vm.swappiness = 0
     Started: 11:45:52.111071
    Duration: 37.356 ms
     Changes:   
              ----------
              vm.swappiness:
                  0
----------
          ID: yum_repo_release #epel源
    Function: pkg.installed
      Result: True
     Comment: unless execution succeeded #之前已经安装过,所以不再安装
     Started: 11:45:52.767177
    Duration: 864.367 ms
     Changes:   
----------
          ID: zabbix-agent #安装zabbix-agent
    Function: pkg.installed
      Result: True
     Comment: Package zabbix-agent is already installed
     Started: 11:45:53.632073
    Duration: 601.422 ms
     Changes:   
----------
          ID: zabbix-agent  #zabbix-agent文件管理
    Function: file.managed
        Name: /etc/zabbix/zabbix_agentd.conf
      Result: True
     Comment: File /etc/zabbix/zabbix_agentd.conf is in the correct state
     Started: 11:45:54.234199
    Duration: 80.364 ms
     Changes:   
----------
          ID: zabbix_agentd.conf.d #zabbix-agent自定义文件管理
    Function: file.directory
        Name: /etc/zabbix/zabbix_agentd.d
      Result: True
     Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
     Started: 11:45:54.316027
    Duration: 1.672 ms
     Changes:   
----------
          ID: zabbix-agent
    Function: service.running
      Result: True
     Comment: The service zabbix-agent is already running
     Started: 11:45:54.318220
    Duration: 47.329 ms
     Changes:   

Summary for saltminion.com.cn
-------------
Succeeded: 12 (changed=7)
Failed:     0
-------------
Total states run:     12

2.3:高级状态:

#vim top.sls  #在salt的base目录下

base:
  "*":
    - init.init #为所有minion匹配init目录下的init状态文件

2.4:执行高级状态:

# salt “*” state.highstate  #执行结果同单独执行# salt “*” state.sls init.init 本次效果是一样的

三:自动备份配置文件,在生产环境下建议所有的文件管理都要加上备份的功能,是必须加上:

在执行文件操作的时候,可以让minion端对要操作的文件进行自动备份,这样可以方便回滚。

3.1:在要备份的状态文件中增加配置如下:

[root@saltmaster base]# vim  init/zabbix-agent.sls

zabbix-agent:
  pkg.installed:
    - name: zabbix-agent
  file.managed:
    - name: /etc/zabbix/zabbix_agentd.conf
    - source: salt://init/files/zabbix_agentd.conf
    - template: jinja
    - defaults:
      Zabbix_Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
      Hostname: {{ grains["fqdn"] }}
    - require: #依赖于zabbix-agent安装包是否安装成功
      - pkg: zabbix-agent
    - backup: minion  #声明先备份

  service.running:
    - enable: True #发生变化就重启
    - watch: #监控安装包的状态和配置文件是否发生变化
      - pkg: zabbix-agent
      - file: zabbix-agent

zabbix_agentd.conf.d:
  file.directory: #
    - name: /etc/zabbix/zabbix_agentd.d
    - watch_in: #被谁依赖,当目录中的文件发生变化,就重启服务,也可以在zabbix-agent使用watch监控此目录
      - service: zabbix-agent
    - require:  #依赖于的服务
      - pkg: zabbix-agent
      - file: zabbix-agent

3.2:执行高级状态测试是否会备份文件:
[root@saltmaster base]# salt  “*” state.highstate  

3.3:在minion端进行验证是否有备份文件:

[root@saltminion opt]# cd /var/cache/salt/minion/


Warning: count(): Parameter must be an array or an object that implements Countable in /home/nginx/wordpress/wp-includes/class-wp-comment-query.php on line 405

发表评论

邮箱地址不会被公开。 必填项已用*标注