SaltStack项目实战（一）

系统架构图

一、初始化

1、salt环境配置，定义基础环境、生产环境（base、prod）

vim /etc/salt/master
修改file_roots
file_roots:
  base:
    - /srv/salt/base
  prod:
    - /srv/salt/prod
     
mkdir -p /srv/salt/base
mkdir -p /srv/salt/prod

pillar配置

vim /etc/salt/master
修改pillar_roots
pillar_roots:
  base:
    - /srv/pillar/base
  pord:
    - /srv/pillar/prod
     
mkdir -p /srv/pillar/base
mkdir -p /srv/pillar/prod

服务重启 systemctl restart salt-master

2、salt base环境初始化：

1 2	`mkdir` `-p` `/srv/salt/base/init` `# 环境初始化目录` `mkdir` `-p` `/srv/salt/base/init/files` `# 配置文件目录`

1）dns配置

准备dns配置文件，放入/srv/salt/base/init/files目录下

cp /etc/resolv.conf /srv/salt/base/init/files/

vi /srv/salt/base/init/dns.sls
/etc/resolv.conf:
  file.managed:
    - source: salt://init/files/resolv.conf
    - user: root
    - gourp: root
    - mode: 644

2）histroy记录时间

vi /srv/salt/base/init/history.sls
/etc/profile:
  file.append:
    - text:
      - export HISTTIMEFORMAT="%F %T `whoami` "

3）记录命令操作

vi /srv/salt/base/init/audit.sls
/etc/bashrc:
  file.append:
    - text:
      - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'

4）内核参数优化

vi /srv/salt/base/init/sysctl.sls
net.ipv4.ip_local_port_range:
  sysctl.present:
    - value: 10000 65000
fs.file-max:
  sysctl.present:
    - value: 2000000
net.ipv4.ip_forward:
  sysctl.present:
    - value: 1
vm.swappiness:
  sysctl.present:
    - value: 0

5）安装yum仓库

vi /srv/salt/base/init/epel.sls
yum_repo_release:
  pkg.installed:
    - sources:
      - epel-release: http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm
    - unless: rpm -qa | grep epel-release-latest-7

6）安装zabbix-agent

准备zabbix-agent配置文件，放入/srv/salt/base/init/files目录下

cp /etc/zabbix/zabbix_agentd.conf /srv/salt/base/init/files/

修改 vi /etc/zabbix/zabbix_agentd.conf

vi /srv/salt/base/init/zabbix_agent.sls
zabbix-agent:
  pkg.installed:
    - name: zabbix-agent
  file.managed:
    - name: /etc/zabbix/zabbix_agentd.conf
    - source: salt://init/files/zabbix_agentd.conf
    - template: jinja
    - backup: minion
    - defaults:
      Server: {{ pillar['zabbix-agent']['Zabbix_Server'] }}
      Hostname: {{ grains['fqdn'] }}
    - require:
      - pkg: zabbix-agent
  service.running:
    - enable: True
    - watch:
      - pkg: zabbix-agent
      - file: zabbix-agent
 
zabbix_agentd.d:
  file.directory:
    - name: /etc/zabbix/zabbix_agentd.d
    - watch_in:
      - service: zabbix-agent
    - require:
      - pkg: zabbix-agent
      - file: zabbix-agent

备注：“- backup: minion”表示备份，如果文件改动，会将之前的文件备份到/var/cache/salt/file_backup目录下

7）编写init.sls总文件，引用其它文件

vi /srv/salt/base/init/init.sls
include:
  - init.dns
  - init.history
  - init.audit
  - init.sysctl
  - init.epel
  - init.zabbix_agent

执行命令： salt "*" state.sls init.init

执行结果

  1 linux-node1.example.com:
  2 ----------
  3           ID: /etc/resolv.conf
  4     Function: file.managed
  5       Result: True
  6      Comment: File /etc/resolv.conf is in the correct state
  7      Started: 04:39:32.998314
  8     Duration: 181.548 ms
  9      Changes:   
 10 ----------
 11           ID: /etc/profile
 12     Function: file.append
 13       Result: True
 14      Comment: File /etc/profile is in correct state
 15      Started: 04:39:33.180034
 16     Duration: 6.118 ms
 17      Changes:   
 18 ----------
 19           ID: /etc/bashrc
 20     Function: file.append
 21       Result: True
 22      Comment: Appended 1 lines
 23      Started: 04:39:33.186266
 24     Duration: 6.608 ms
 25      Changes:   
 26               ----------
 27               diff:
 28                   --- 
 29                   
 30                   +++ 
 31                   
 32                   @@ -90,3 +90,4 @@
 33                   
 34                        unset -f pathmunge
 35                    fi
 36                    # vim:ts=4:sw=4
 37                   +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
 38 ----------
 39           ID: net.ipv4.ip_local_port_range
 40     Function: sysctl.present
 41       Result: True
 42      Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
 43      Started: 04:39:33.261448
 44     Duration: 212.528 ms
 45      Changes:   
 46               ----------
 47               net.ipv4.ip_local_port_range:
 48                   10000 65000
 49 ----------
 50           ID: fs.file-max
 51     Function: sysctl.present
 52       Result: True
 53      Comment: Updated sysctl value fs.file-max = 2000000
 54      Started: 04:39:33.474197
 55     Duration: 122.497 ms
 56      Changes:   
 57               ----------
 58               fs.file-max:
 59                   2000000
 60 ----------
 61           ID: net.ipv4.ip_forward
 62     Function: sysctl.present
 63       Result: True
 64      Comment: Updated sysctl value net.ipv4.ip_forward = 1
 65      Started: 04:39:33.596905
 66     Duration: 35.061 ms
 67      Changes:   
 68               ----------
 69               net.ipv4.ip_forward:
 70                   1
 71 ----------
 72           ID: vm.swappiness
 73     Function: sysctl.present
 74       Result: True
 75      Comment: Updated sysctl value vm.swappiness = 0
 76      Started: 04:39:33.632208
 77     Duration: 36.226 ms
 78      Changes:   
 79               ----------
 80               vm.swappiness:
 81                   0
 82 ----------
 83           ID: yum_repo_release
 84     Function: pkg.installed
 85       Result: True
 86      Comment: All specified packages are already installed
 87      Started: 04:39:39.085699
 88     Duration: 12627.626 ms
 89      Changes:   
 90 ----------
 91           ID: zabbix-agent
 92     Function: pkg.installed
 93       Result: True
 94      Comment: Package zabbix-agent is already installed
 95      Started: 04:39:51.713592
 96     Duration: 6.677 ms
 97      Changes:   
 98 ----------
 99           ID: zabbix-agent
100     Function: file.managed
101         Name: /etc/zabbix/zabbix_agentd.conf
102       Result: True
103      Comment: File /etc/zabbix/zabbix_agentd.conf updated
104      Started: 04:39:51.720994
105     Duration: 152.077 ms
106      Changes:   
107               ----------
108               diff:
109                   --- 
110                   +++ 
111                   @@ -90,7 +90,7 @@
112                    #
113                    # Mandatory: no
114                    # Default:
115                   -Server={{ Server }}
116                   +Server=192.168.137.11
117                    
118                    ### Option: ListenPort
119                    #    Agent will listen on this port for connections from the server.
120 ----------
121           ID: zabbix_agentd.d
122     Function: file.directory
123         Name: /etc/zabbix/zabbix_agentd.d
124       Result: True
125      Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
126      Started: 04:39:51.875082
127     Duration: 0.908 ms
128      Changes:   
129 ----------
130           ID: zabbix-agent
131     Function: service.running
132       Result: True
133      Comment: Service restarted
134      Started: 04:39:51.932698
135     Duration: 205.223 ms
136      Changes:   
137               ----------
138               zabbix-agent:
139                   True
140 
141 Summary for linux-node1.example.com
142 -------------
143 Succeeded: 12 (changed=7)
144 Failed:     0
145 -------------
146 Total states run:     12
147 Total run time:   13.593 s
148 linux-node2.example.com:
149 ----------
150           ID: /etc/resolv.conf
151     Function: file.managed
152       Result: True
153      Comment: File /etc/resolv.conf is in the correct state
154      Started: 12:46:38.639870
155     Duration: 182.254 ms
156      Changes:   
157 ----------
158           ID: /etc/profile
159     Function: file.append
160       Result: True
161      Comment: Appended 1 lines
162      Started: 12:46:38.822236
163     Duration: 3.047 ms
164      Changes:   
165               ----------
166               diff:
167                   --- 
168                   
169                   +++ 
170                   
171                   @@ -74,3 +74,4 @@
172                   
173                    
174                    unset i
175                    unset -f pathmunge
176                   +export HISTTIMEFORMAT="%F %T `whoami` "
177 ----------
178           ID: /etc/bashrc
179     Function: file.append
180       Result: True
181      Comment: Appended 1 lines
182      Started: 12:46:38.825423
183     Duration: 3.666 ms
184      Changes:   
185               ----------
186               diff:
187                   --- 
188                   
189                   +++ 
190                   
191                   @@ -90,3 +90,4 @@
192                   
193                        unset -f pathmunge
194                    fi
195                    # vim:ts=4:sw=4
196                   +export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y; });logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg"; }'
197 ----------
198           ID: net.ipv4.ip_local_port_range
199     Function: sysctl.present
200       Result: True
201      Comment: Updated sysctl value net.ipv4.ip_local_port_range = 10000 65000
202      Started: 12:46:39.011409
203     Duration: 132.499 ms
204      Changes:   
205               ----------
206               net.ipv4.ip_local_port_range:
207                   10000 65000
208 ----------
209           ID: fs.file-max
210     Function: sysctl.present
211       Result: True
212      Comment: Updated sysctl value fs.file-max = 2000000
213      Started: 12:46:39.144117
214     Duration: 33.556 ms
215      Changes:   
216               ----------
217               fs.file-max:
218                   2000000
219 ----------
220           ID: net.ipv4.ip_forward
221     Function: sysctl.present
222       Result: True
223      Comment: Updated sysctl value net.ipv4.ip_forward = 1
224      Started: 12:46:39.177821
225     Duration: 43.489 ms
226      Changes:   
227               ----------
228               net.ipv4.ip_forward:
229                   1
230 ----------
231           ID: vm.swappiness
232     Function: sysctl.present
233       Result: True
234      Comment: Updated sysctl value vm.swappiness = 0
235      Started: 12:46:39.221788
236     Duration: 39.882 ms
237      Changes:   
238               ----------
239               vm.swappiness:
240                   0
241 ----------
242           ID: yum_repo_release
243     Function: pkg.installed
244       Result: True
245      Comment: All specified packages are already installed
246      Started: 12:46:47.608597
247     Duration: 13989.554 ms
248      Changes:   
249 ----------
250           ID: zabbix-agent
251     Function: pkg.installed
252       Result: True
253      Comment: Package zabbix-agent is already installed
254      Started: 12:47:01.598548
255     Duration: 1.265 ms
256      Changes:   
257 ----------
258           ID: zabbix-agent
259     Function: file.managed
260         Name: /etc/zabbix/zabbix_agentd.conf
261       Result: True
262      Comment: File /etc/zabbix/zabbix_agentd.conf updated
263      Started: 12:47:01.600712
264     Duration: 82.425 ms
265      Changes:   
266               ----------
267               diff:
268                   --- 
269                   +++ 
270                   @@ -90,8 +90,6 @@
271                    #
272                    # Mandatory: no
273                    # Default:
274                   -# Server=
275                   -
276                    Server=192.168.137.11
277                    
278                    ### Option: ListenPort
279                   @@ -117,7 +115,7 @@
280                    # Mandatory: no
281                    # Range: 0-100
282                    # Default:
283                   -StartAgents=3
284                   +# StartAgents=3
285                    
286                    ##### Active checks related
287                    
288                   @@ -133,7 +131,7 @@
289                    # Default:
290                    # ServerActive=
291                    
292                   -#ServerActive=192.168.137.11
293                   +ServerActive=192.168.137.11
294                    
295                    ### Option: Hostname
296                    #    Unique, case sensitive hostname.
297                   @@ -144,7 +142,7 @@
298                    # Default:
299                    # Hostname=
300                    
301                   -Hostname=linux-node2
302                   +Hostname=Zabbix server
303                    
304                    ### Option: HostnameItem
305                    #    Item used for generating Hostname if it is undefined. Ignored if Hostname is defined.
306                   @@ -174,7 +172,7 @@
307                    #
308                    # Mandatory: no
309                    # Default:
310                   -HostMetadataItem=system.uname
311                   +# HostMetadataItem=
312                    
313                    ### Option: RefreshActiveChecks
314                    #    How often list of active checks is refreshed, in seconds.
315 ----------
316           ID: zabbix_agentd.d
317     Function: file.directory
318         Name: /etc/zabbix/zabbix_agentd.d
319       Result: True
320      Comment: Directory /etc/zabbix/zabbix_agentd.d is in the correct state
321      Started: 12:47:01.684357
322     Duration: 0.93 ms
323      Changes:   
324 ----------
325           ID: zabbix-agent
326     Function: service.running
327       Result: True
328      Comment: Service restarted
329      Started: 12:47:01.751277
330     Duration: 275.781 ms
331      Changes:   
332               ----------
333               zabbix-agent:
334                   True
335 
336 Summary for linux-node2.example.com
337 -------------
338 Succeeded: 12 (changed=8)
339 Failed:     0
340 -------------
341 Total states run:     12
342 Total run time:   14.788 s

View Code

8）创建top文件

vi /srv/salt/base/top.sls
base:
  '*':
    - init.init

测试 salt "*" state.highstate test=True

执行 salt "*" state.highstate

3、pillar base初始化

1）zabbix agent配置，指定zabbix server地址，用于sls文件引用

mkdir -p /srv/pillar/base/zabbix
vi /srv/pillar/base/zabbix/agent.sls
zabbix-agent:
  Zabbix_Server: 192.168.137.11

编写top，引用/srv/pillar/base/zabbix/agent文件

vi /srv/pillar/base/top.sls
base:
  '*':
    - zabbix.agent

测试 salt '*' pillar.items

二、haproxy

官网 http://www.haproxy.com/

mkdir -p /srv/salt/prod/modules/haproxy
mkdir -p /srv/salt/prod/modules/keepalived
mkdir -p /srv/salt/prod/modules/memcached
mkdir -p /srv/salt/prod/modules/nginx
mkdir -p /srv/salt/prod/modules/php
mkdir -p /srv/salt/prod/modules/pkg
mkdir -p /srv/salt/prod/cluster
mkdir -p /srv/salt/prod/modules/haproxy/files/
mkdir -p /srv/salt/prod/cluster/files

1）系统gcc编译包等

vi /srv/salt/prod/pkg/make.sls
make-pkg:
  pkg.installed:
    - names:
      - gcc
      - gcc-c++
      - glibc
      - make
      - autoconf
      - openssl
      - openssl-devel
      - pcre
      - pcre-devel

2）自安装

cd /usr/local/src    
tar xvf haproxy-1.6.3.tar.gz
cd haproxy-1.6.3/
make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.3
make install PREFIX=/usr/local/haproxy-1.6.3
ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy

修改启动脚本，放入salt下

vi /usr/local/src/haproxy-1.6.3/examples/haproxy.init
BIN=/usr/local/haproxy/sbin/$BASENAME
cp /usr/local/src/haproxy-1.6.3/examples/haproxy.init /srv/salt/prod/modules/haproxy/files/

haproxy-1.6.3.tar.gz安装包放入/srv/salt/prod/modules/haproxy/files/目录下

3）创建install.sls文件，用于安装haproxy

vi /srv/salt/prod/modules/haproxy/install.sls
include:
  - modules.pkg.make
   
haproxy-install:
  file.managed:
    - name: /usr/local/src/haproxy-1.6.3.tar.gz
    - source: salt://modules/haproxy/files/haproxy-1.6.3.tar.gz
    - mode: 755
    - user: root
    - group: root
  cmd.run:
    - name: cd /usr/local/src && tar zxf haproxy-1.6.3.tar.gz && cd haproxy-1.6.3 && make TARGET=linux2628 PREFIX=/usr/local/haproxy-1.6.3 && make install PREFIX=/usr/local/haproxy-1.6.3 && ln -s /usr/local/haproxy-1.6.3 /usr/local/haproxy
    - unless: test -L /usr/local/haproxy
    - require:
      - pkg: make-pkg
      - file: haproxy-install
 
haproxy-init:
  file.managed:
    - name: /etc/init.d/haproxy
    - source: salt://modules/haproxy/files/haproxy.init
    - mode: 755
    - user: root
    - group: root
    - require_in:
      - file: haproxy-install
  cmd.run:
    - name: chkconfig --add haproxy
    - unless: chkconfig --list| grep haproxy
  
net.ipv4.ip_nonlocal_bind:
  sysctl.present:
    - value: 1
 
haproxy-config-dir:
  file.directory:
    - name: /etc/haproxy
    - mode: 755
    - user: root
    - group: root

备注： “- unless” 如果unless后面的命令返回为True，那么就不执行当前状态命令

4）创建haproxy配置文件

vi /srv/salt/prod/cluster/files/haproxy-outside.cfg
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.137.21:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
 
server web-node1 192.168.137.11:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.137.12:8080 check inter 2000 rise 30 fall 15

创建haproxy-outside.sls文件，用于配置haproxy

vi /srv/salt/prod/cluster/haproxy-outside.sls
include:
  - modules.haproxy.install
 
haproxy-service:
  file.managed:
    - name: /etc/haproxy/haproxy.cfg
    - source: salt://cluster/files/haproxy-outside.cfg
    - user: root
    - group: root
    - mode: 644
  service.running:
    - name: haproxy
    - enable: True
    - reload: True
    - require:
      - cmd: haproxy-install
    - watch:
      - file: haproxy-service

5）配置top file

vi /srv/pillar/base/top.sls
base:
  '*':
    - zabbix.agent
prod:
  'linux-node*':
    - cluster.haproxy-outside

测试 salt "*" state.highstate test=True

执行 salt "*" state.highstate

结果：

三、keepalived

1）创建files目录，将keepalived-1.2.17.tar.gz安装包、keepalived.sysconfig、keepalived.init放入

1	`mkdir` `-p` `/srv/salt/prod/modules/keepalived/files`

2）创建install.sls文件

vi /srv/salt/prod/modules/keepalived/install.sls
{% set keepalived_tar = 'keepalived-1.2.17.tar.gz' %}
{% set keepalived_source = 'salt://modules/keepalived/files/keepalived-1.2.17.tar.gz' %}
 
keepalived-install:
  file.managed:
    - name: /usr/local/src/{{ keepalived_tar }}
    - source: {{ keepalived_source }}
    - mode: 755
    - user: root
    - group: root
  cmd.run:
    - name: cd /usr/local/src && tar zxf {{ keepalived_tar }} && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
    - unless: test -d /usr/local/keepalived
    - require:
      - file: keepalived-install
 
/etc/sysconfig/keepalived:
  file.managed:
    - source: salt://modules/keepalived/files/keepalived.sysconfig
    - mode: 644
    - user: root
    - group: root
 
/etc/init.d/keepalived:
  file.managed:
    - source: salt://modules/keepalived/files/keepalived.init
    - mode: 755
    - user: root
    - group: root
 
keepalived-init:
  cmd.run:
    - name: chkconfig --add keepalived
    - unless: chkconfig --list | grep keepalived
    - require:
      - file: /etc/init.d/keepalived
 
/etc/keepalived:
  file.directory:
    - user: root
    - group: root

执行命令：salt '*' state.sls modules.keepalived.install saltenv=prod

3）创建keepalived配置文件haproxy-outside-keepalived.conf

! Configuration File for keepalived
global_defs {
   notification_email {
     saltstack@example.com
   }
   notification_email_from keepalived@example.com
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id {{ROUTEID}}
}
 
vrrp_instance haproxy_ha {
state {{STATEID}}
interface eth0
    virtual_router_id 36
priority {{PRIORITYID}}
    advert_int 1
authentication {
auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
       192.168.137.21
    }
}

创建haproxy-outside-keepalived.sls

vi /srv/salt/prod/cluster/haproxy-outside-keepalived.sls
include:
  - modules.keepalived.install
 
keepalived-server:
  file.managed:
    - name: /etc/keepalived/keepalived.conf
    - source: salt://cluster/files/haproxy-outside-keepalived.conf
    - mode: 644
    - user: root
    - group: root
    - template: jinja
    {% if grains['fqdn'] == 'linux-node1.example.com' %}
    - ROUTEID: haproxy_ha
    - STATEID: MASTER
    - PRIORITYID: 150
    {% elif grains['fqdn'] == 'linux-node2.example.com' %}
    - ROUTEID: haproxy_ha
    - STATEID: BACKUP
    - PRIORITYID: 100
    {% endif %}
  service.running:
    - name: keepalived
    - enable: True
    - watch:
      - file: keepalived-server

4）将keepalived加入top FILE

vi /srv/salt/base/top.sls
base:
  '*':
    - init.init
prod:
  'linux-node*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived

测试 salt "*" state.highstate test=True

执行 salt "*" state.highstate

####################################################################################################

四、memcached

1）创建www用户

mkdir -p /srv/salt/prod/modules/user
vi /srv/salt/prod/modules/user/www.sls
www-user-group:
  group.present:
    - name: www
    - gid: 1000
 
  user.present:
    - name: www
    - fullname: www
    - shell: /sbin/nologin
    - uid: 1000
    - gid: 1000

2）libevent，将安装包放入/srv/salt/prod/modules/libevent/files

mkdir -p /srv/salt/prod/modules/libevent/files
vi /srv/salt/prod/modules/libevent/install.sls
libevent-source-install:
  file.managed:
    - name: /usr/local/src/libevent-2.0.22-stable.tar.gz
    - source: salt://modules/libevent/files/libevent-2.0.22-stable.tar.gz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /usr/local/src && tar zxf libevent-2.0.22-stable.tar.gz && cd libevent-2.0.22-stable &&  ./configure --prefix=/usr/local/libevent && make && make install
    - unless: test -d /usr/local/libevent
    - require:
      - file: libevent-source-install

3）创建files目录，将memcached-1.4.24.tar.gz安装包放入

1	`mkdir` `-p` `/srv/salt/prod/modules/memcached/files`

4）创建install.sls文件

vi /srv/salt/prod/modules/memcached/install.sls
include:
  - modules.libevent.install
 
memcached-source-install:
  file.managed:
    - name: /usr/local/src/memcached-1.4.24.tar.gz
    - source: salt://modules/memcached/files/memcached-1.4.24.tar.gz
    - user: root
    - group: root
    - mode: 644
  cmd.run:
    - name: cd /usr/local/src && tar zxf memcached-1.4.24.tar.gz && cd memcached-1.4.24&& ./configure --prefix=/usr/local/memcached --enable-64bit --with-libevent=/usr/local/libevent && make && make install
    - unless: test -d /usr/local/memcached
    - require:
      - cmd: libevent-source-install
      - file: memcached-source-install

5）负责业务部分的放入一个目录，如bbs

mkdir -p /srv/salt/prod/bbs
vi /srv/salt/prod/bbs/memcached.sls
include:
  - modules.memcached.install
  - modules.user.www
 
memcached-service:
  cmd.run:
    - name: /usr/local/memcached/bin/memcached -d -m 128 -p 11211 -c 8096 -u www
    - unless: netstat -ntlp | grep 11211
    - require:
      - cmd: memcached-source-install
      - user: www-user-group

6）将memcached加入top FILE

vi /srv/salt/base/top.sls
base:
  '*':
    - init.init
prod:
  'linux-node*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
 
  'linux-node2*':
    - bbs.memcached

测试 salt "*" state.highstate test=True

执行 salt "*" state.highstate

五、php

1）php安装包和相关文件放入/srv/salt/prod/modules/php/files

1	`mkdir` `-p` `/srv/salt/prod/modules/php/files`

2）创建install.sls

vi /srv/salt/prod/modules/php/install.sls

include: 
  - modules.pkg.make
  - modules.user.www
 
pkg-php:
  pkg.installed:
    - names:
      - swig
      - libjpeg-turbo
      - libjpeg-turbo-devel
      - libpng
      - libpng-devel
      - freetype
      - freetype-devel
      - libxml2
      - libxml2-devel
      - zlib
      - zlib-devel
      - libcurl
      - libcurl-devel
 
php-source-install:
  file.managed:
    - name: /usr/local/src/php-5.6.9.tar.gz
    - source: salt://modules/php/files/php-5.6.9.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf php-5.6.9.tar.gz && cd php-5.6.9&&  ./configure --prefix=/usr/local/php-fastcgi --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd --with-jpeg-dir --with-png-dir --with-zlib --enable-xml  --with-libxml-dir --with-curl --enable-bcmath --enable-shmop --enable-sysvsem  --enable-inline-optimization --enable-mbregex --with-openssl --enable-mbstring --with-gd --enable-gd-native-ttf --with-freetype-dir=/usr/lib64 --with-gettext=/usr/lib64 --enable-sockets --with-xmlrpc --enable-zip --enable-soap --disable-debug --enable-opcache --enable-zip --with-config-file-path=/usr/local/php-fastcgi/etc --enable-fpm --with-fpm-user=www --with-fpm-group=www && make && make install
    - require:
      - file: php-source-install
      - user: www-user-group
    - unless: test -d /usr/local/php-fastcgi
 
pdo-plugin:
  cmd.run:
    - name: cd /usr/local/src/php-5.6.9/ext/pdo_mysql/ && /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/pdo_mysql.so
    - require:
      - cmd: php-source-install
 
php-fpm:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php-fpm.conf
    - source: salt://modules/php/files/php-fpm.conf.default
    - user: root
    - group: root
    - mode: 644
 
php-fastcgi-service:
  file.managed:
    - name: /etc/init.d/php-fpm
    - source: salt://modules/php/files/init.d.php-fpm
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: chkconfig --add php-fpm
    - unless: chkconfig --list | grep php-fpm
    - require:
      - file: php-fastcgi-service

创建php-memcache.sls

vi /srv/salt/prod/modules/php/php-memcache.sls

memcache-plugin:
  file.managed:
    - name: /usr/local/src/memcache-2.2.7.tgz
    - source: salt://modules/php/files/memcache-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755
 
  cmd.run:
    - name: cd /usr/local/src && tar zxf memcache-2.2.7.tgz && cd memcache-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --enable-memcache --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/memcache.so
  require:
    - file: memcache-plugin
    - cmd: php-install

创建php-redis.sls

vi /srv/salt/prod/modules/php/php-redis.sls

redis-plugin:
  file.managed:
    - name: /usr/local/src/redis-2.2.7.tgz
    - source: salt://modules/php/files/redis-2.2.7.tgz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf redis-2.2.7.tgz && cd redis-2.2.7&& /usr/local/php-fastcgi/bin/phpize && ./configure --with-php-config=/usr/local/php-fastcgi/bin/php-config &&  make&& make install
    - unless: test -f /usr/local/php-fastcgi/lib/php/extensions/*/redis.so
  require:
    - file: redis-plugin
    - cmd: php-install

执行命令：salt '*' state.sls modules.php.install saltenv=prod

六、nginx

1）nginx安装包和相关文件放入/srv/salt/prod/modules/nginx/files

1	`mkdir` `-p` `/srv/salt/prod/modules/nginx/files`

2）创建install.sls

vi /srv/salt/prod/modules/nginx/install.sls

include:
  - modules.pkg.make
  - modules.user.www
 
nginx-source-install:
  file.managed:
    - name: /usr/local/src/nginx-1.9.1.tar.gz
    - source: salt://modules/nginx/files/nginx-1.9.1.tar.gz
    - user: root
    - group: root
    - mode: 755
  cmd.run:
    - name: cd /usr/local/src && tar zxf nginx-1.9.1.tar.gz && cd nginx-1.9.1&& ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-file-aio --with-http_dav_module && make && make install && chown -R www:www /usr/local/nginx
    - unless: test -d /usr/local/nginx
    - require:
      - user: www-user-group
      - file: nginx-source-install
      - pkg: make-pkg

创建service.sls

vi /srv/salt/prod/modules/nginx/service.sls

include:
  - modules.nginx.install
 
nginx-init:
  file.managed:
    - name: /etc/init.d/nginx
    - source: salt://modules/nginx/files/nginx-init
    - mode: 755
    - user: root
    - group: root
  cmd.run:
    - name: chkconfig --add nginx
    - unless: chkconfig --list | grep nginx
    - require:
      - file: nginx-init
 
/usr/local/nginx/conf/nginx.conf:
  file.managed:
    - source: salt://modules/nginx/files/nginx.conf
    - user: www
    - group: www
    - mode: 644 
 
nginx-service:
  service.running:
    - name: nginx
    - enable: True
    - reload: True
    - require:
      - cmd: nginx-init
    - watch:
      - file: /usr/local/nginx/conf/nginx.conf
      - file: nginx-online
 
nginx-online:
  file.directory:
    - name: /usr/local/nginx/conf/vhost_online
 
nginx-offline:
  file.directory:
    - name: /usr/local/nginx/conf/vhost_offline

执行命令：salt '*' state.sls modules.nginx.install saltenv=prod

4）/srv/salt/prod/bbs/files/nginx-bbs.conf

server {
        listen         8080;
        root /usr/local/nginx/html;
        index index.htm index.html index.php;
        location ~ .php$
            {
              fastcgi_pass unix:/usr/local/php-fastcgi/php-fpm.sock;
              fastcgi_index index.php;
              include fastcgi.conf;
        } 
}

5）/srv/salt/prod/bbs目录下创建web.sls

include:
  - modules.php.install
  - modules.php.php-memcache
  - modules.php.php-redis
  - modules.nginx.service
 
bbs-php:
  file.managed:
    - name: /usr/local/php-fastcgi/etc/php.ini
    - source: salt://bbs/files/php.ini-production
    - user: root
    - group: root
    - mode: 644
  service.running:
    - name: php-fpm
    - enable: True
    - require:
      - cmd: php-fastcgi-service
    - watch:
      - file: bbs-php
 
web-bbs:
  file.managed:
    - name: /usr/local/nginx/conf/vhost_online/bbs.conf
    - source: salt://bbs/files/nginx-bbs.conf
    - user: root
    - group: root
    - mode: 644
    - require:
      - service: bbs-php
    - watch_in:
      - service: nginx-service

执行命令：salt '*' state.sls bbs.web saltenv=prod

6）将php、nginx加入top FILE

vi /srv/salt/base/top.sls

base:
  '*':
    - init.init
prod:
  'linux-node*':
    - cluster.haproxy-outside
    - cluster.haproxy-outside-keepalived
    - bbs.web
 
  'linux-node2*':
    - bbs.memcached

测试 salt "*" state.highstate test=True

执行 salt "*" state.highstate