[root@server2 saltstack]# ls
libsodium-1.0.16-1.el7.x86_64.rpm PyYAML-3.11-1.el7.x86_64.rpm
openpgm-5.2.122-2.el7.x86_64.rpm repodata
python2-libcloud-2.0.0-2.el7.noarch.rpm salt-2018.3.3-1.el7.noarch.rpm
python-cherrypy-5.6.0-2.el7.noarch.rpm salt-api-2018.3.3-1.el7.noarch.rpm
python-crypto-2.6.1-2.el7.x86_64.rpm salt-cloud-2018.3.3-1.el7.noarch.rpm
python-futures-3.0.3-1.el7.noarch.rpm salt-master-2018.3.3-1.el7.noarch.rpm
python-msgpack-0.4.6-1.el7.x86_64.rpm salt-minion-2018.3.3-1.el7.noarch.rpm
python-psutil-2.2.1-1.el7.x86_64.rpm salt-ssh-2018.3.3-1.el7.noarch.rpm
python-tornado-4.2.1-1.el7.x86_64.rpm salt-syndic-2018.3.3-1.el7.noarch.rpm
python-zmq-15.3.0-3.el7.x86_64.rpm zeromq-4.1.4-7.el7.x86_64.rpm
server3 master
yum install -y salt-master.noarch *
yum install -y salt-minion.noarch
server2 minion
yum install -y salt-minion.noarch
server3
systemctl start salt-master
vim /etc/salt/minion
#16
master: 172.25.11.1
systemctl start salt-minion
salt-key -L
salt-key -A
server2 vim /etc/salt/minion
master: 172.25.11.1
systemctl start salt-minion
server3
salt-key -A
[root@server3 saltstack]# salt-key -A
The following keys are going to be accepted:
Unaccepted Keys:
server2
Proceed? [n/Y] y
Key for minion server2 accepted.
tcp 0 0 172.25.11.3:4506 172.25.11.2:45828 ESTABLISHED 1270/python
tcp 0 0 172.25.11.3:4505 172.25.11.3:60900 ESTABLISHED 1264/python
[root@server3 saltstack]# salt-key -L
Accepted Keys:
server2
server3
Denied Keys:
Unaccepted Keys:
Rejected Keys:
[root@server3 saltstack]# salt '*' test.ping
server2:
True
server3:
True
[root@server3 saltstack]# salt '*' cmd.run hostname
server3:
server3
server2:
server2
[root@server3 salt]# cd pki/master/minions
[root@server3 minions]# ls
server2 server3
[root@server3 minions]# pwd
/etc/salt/pki/master/minions
安装服务
server3
mkdir -p /srv/salt/httpd
cd
mkdir files
cp httpd.conf
vim apache.sls
install-httpd:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
service.running:
- name: httpd
- enable: True
salt server2 state.sls httpd.apache
再修改
install-httpd:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
service.running:
- name: httpd
- enable: True
- reload: True
watch:
- file: install-httpd
salt server2 state.sls httpd.apache
也可以
install-httpd:
pkg.installed:
- pkgs:
- httpd
- php
- php-mysql
service.running:
- name: httpd
- enable: True
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
可以
httpd:
pkg.installed
httpd-service:
service.running:
- name: httpd
- enable: True
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
下面部署两个结点
server1 master server2 3 minion
server2 apache server3 nginx
[root@server1 salt]# vim top.sls
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir nginx
[root@server1 salt]# ls
httpd nginx top.sls
top.sls
base:
'server2':
- httpd.service
'server3':
- nginx.service
表示 server2启用httpd server3搭建nginx
cd nginx
[root@server1 nginx]# mkdir files
[root@server1 nginx]# touch install.sls service.sls
vim install.sls
nginx-install:
pkg.installed:
- pkgs:
- pcre-devel
- zlib-devel
- gcc
- make
file.managed:
- name: /mnt/nginx-1.15.8.tar.gz
- source: salt://nginx/files/nginx-1.15.8.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-1.15.8.tar.gz && cd nginx-1.15.8 && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc &&./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-1.15.8
- creates: /usr/local/nginx
vim files/nginx.service
[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
vim salt/nginx/files/nginx.conf
user nginx;
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
vim salt/users/nginx.sls
nginx:
user.present:
- uid: 1000
- shell: /sbin/nologin
vim service.sls
include:
- nginx.install
- users.nginx
nginx:
user.present:
- uid: 1000
- shell: /sbin/nologin
/usr/local/nginx/conf/nginx.conf:
file.managed:
- source: salt://nginx/files/nginx.conf
nginx-service:
file.managed:
- name: /etc/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
service.running:
- name: nginx
- reload: True
- watch:
- file: /usr/local/nginx/conf/nginx.conf
###############下面是不写配置文件的
include:
- nginx.install
nginx-service:
file.managed:
- name: /etc/systemd/system/nginx.service
- source: salt://nginx/files/nginx.service
service.running:
- name: nginx
- reload: True
- watch:
- file: nginx-service
'#################################
server2写入nginx启动脚本 上面写过了 此步骤可忽略
nginx systemd 启动脚本
vim /etc/systemd/system/nginx.service
##################################
vim httpd/files/httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
vim httpd/service.sls
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
vim httpd/apache.sls
httpd:
pkg.installed
httpd-service:
service.running:
- name: httpd
- enable: True
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
salt server2 state.sls httpd.service 调用命令
server1 master
在 salt主目录中使用
salt '*' state.highstate