第 6 章集中化运维工具—— Ansible 与 SaltStack

原创已于 2024-11-09 12:44:00 修改 · 817 阅读

4 ·

CC 4.0 BY-SA版权

文章标签：

#运维 #ansible #linux

于 2024-11-06 00:29:53 首次发布

初学者专栏收录该内容

13 篇文章

订阅专栏

1.1 Ansible 的安装

1.2 配置 ssh 无密码登录

1.2.1 生成一对密钥

1.2.2 将公钥下发到远程主机

1.2.3 保管私钥

配置其他主机

1.3 主机目录

1.4 Ansible 的常用模块

1.4.1 setup 模块

1.4.2 copy 模块

1.4.3 file 模块

1.4.4 command 模块与 shell 模块

1.4.5 script 模块

1.4.6 ping 模块

1.4.7 group 模块

1.4.8 user 模块

1.4.9 get_url 模块

get_url示例cli

# 1、下载文件到指定目录：
ansible all -m get_url -a "url=http://www.guojinbao.com dest=/tmp/guojinbao mode=0440 force=yes"
需要添加登录名密码的网站，使用url_password、url_username参数来定义

# 2、解压ansible管理机上的压缩文件到远程主机：
ansible all -m unarchive -a "src=/tmp/install/zabbix-3.0.4.tar.gz dest=/tmp/ mode=0755 copy=yes"

# 3、解压远程主机上的文件到目录：
ansible all -m unarchive -a "src=/tmp/install/zabbix-3.0.4.tar.gz dest=/tmp/ mode=0755 copy=no"

1.4.10 yum 模块

1.4.11 service 模块

1.5 playbook 实现 apache 的安装与启动

1.6 role

注意：敲写代码一定要仔细认真、注意格式（经过改错，终于成功）

2.1 saltstack

2.1.1 master有两个端口：4505和4506

2.1.2 minion与master通信端口是4505（发），4506（收）

2.2 master与minion认证管理

2.2.1 常用的key管理参数

　1、列出当前所有key：salt-key -L
　　

　　2、接受指定id的key：salt-key -a salt-minion-01
　　3、接受所有的key：salt-key -A
　　4、删除指定id的key：salt-key -d salt-minion
　　5、删除所有的key：salt-key -D

2.2.2master与minion认证：salt-key认证minion（支持通配）
　　

加密方式使用的是AES（高级加密标准）

#salt-key -a ops-k8s-master*
The following keys are going to be accepted:
Unaccepted Keys:
ops-k8s-master01.local.com
ops-k8s-master02.local.com
ops-k8s-master03.local.com
Proceed? [n/Y] y
Key for minion ops-k8s-master01.local.com accepted.
Key for minion ops-k8s-master02.local.com accepted.
Key for minion ops-k8s-master03.local.com accepted.

认证完master变化：没认证前在minions_pre目录下的minion的公钥，到了minions目录下了

认证完minion的变化：minion目录下多了master节点的公钥

2.3 master操作minion

2.3.1 验证互通性：test.ping

下面三种方式均可，‘’、“”、\三种服务都是为了转义

        salt '*' test.ping
        salt "*" test.ping
        salt \* test.ping

2.3.2 执行命令模块：cmd.run

2.4 saltstack的配置管理

2.4.1 file_roots设置
　

分环境管理：base是必须有的

创建相应的管理目录，重启master

mkdir -p /src/salt/{base,dev,test,pre,prod}
systemctl restart salt-master

安装Apache

[root@ops-k8s-master01 ~]# cd /srv/salt/base/
[root@ops-k8s-master01 base]# mkdir -p web

[root@ops-k8s-master01 base]# tree web/
web/
└── apache.sls

0 directories, 1 file
apache.sls

apache-install:
pkg.installed:
- name: httpd

apache-service:
service.running:
- name: httpd
- enable: True
　　执行状态管理（语法：salt '主机信息' state.sls 操作状态文件）

salt 'ops-k8s-master02.local.com' state.sls web.apache

返回结果

ops-k8s-master02.local.com:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 11:12:32.713164
Duration: 8831.459 ms
Changes:
----------
httpd:
----------
new:
2.4.6-80.el7.centos.1
old:
httpd-tools:
----------
new:
2.4.6-80.el7.centos.1
old:
mailcap:
----------
new:
2.1.41-2.el7
old:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: Service httpd has been enabled, and is running
Started: 11:12:43.386547
Duration: 400.463 ms
Changes:
----------
httpd:
True

Summary for ops-k8s-master02.local.com
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 9.232 s

salt 'ops-k8s-master02' state.sls web.apache saltenv=prod

2.4.2 打开state_top: top.sls

总调度

salt '*' state.sls web.apache

高级状态：执行top file中定义的任务(test=True只检测返回响应的状态，不执行)
salt '*' state.highstate test=True

2.5 grains
　　

存储minion静态的信息：grain收集minion重启后的系统信息

2.5.1 grain的应用场景
　　　　

2.5.1.1 信息收集

salt 'ops-k8s-master01*' grains.items

执行结果

ops-k8s-master01.local.com:
----------
SSDs:
biosreleasedate:
07/02/2015
biosversion:
6.00
cpu_flags:
- fpu
- vme
- de
- pse
- tsc
- msr
- pae
- mce
- cx8
- apic
- sep
- mtrr
- pge
- mca
- cmov
- pat
- pse36
- clflush
- dts
- mmx
- fxsr
- sse
- sse2
- ss
- syscall
- nx
- pdpe1gb
- rdtscp
- lm
- constant_tsc
- arch_perfmon
- pebs
- bts
- nopl
- xtopology
- tsc_reliable
- nonstop_tsc
- aperfmperf
- eagerfpu
- pni
- pclmulqdq
- ssse3
- fma
- cx16
- pcid
- sse4_1
- sse4_2
- x2apic
- movbe
- popcnt
- tsc_deadline_timer
- aes
- xsave
- avx
- f16c
- rdrand
- hypervisor
- lahf_lm
- abm
- ida
- arat
- epb
- pln
- pts
- dtherm
- fsgsbase
- tsc_adjust
- bmi1
- avx2
- smep
- bmi2
- invpcid
- xsaveopt
cpu_model:
Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
cpuarch:
x86_64
disks:
- sda
- sr0
- dm-0
- dm-1
- loop0
- loop1
dns:
----------
domain:
ip4_nameservers:
- 10.0.0.2
- 223.5.5.5
ip6_nameservers:
nameservers:
- 10.0.0.2
- 223.5.5.5
options:
search:
sortlist:
domain:
local.com
fqdn:
ops-k8s-master01.local.com
fqdn_ip4:
- 10.0.0.10
fqdn_ip6:
gid:
0
gpus:
|_
----------
model:
SVGA II Adapter
vendor:
unknown
groupname:
root
host:
ops-k8s-master01
hwaddr_interfaces:
----------
docker0:
02:42:d2:48:40:6f
eth0:
00:0c:29:0c:9c:bf
lo:
00:00:00:00:00:00
vethfae5b25:
12:d5:10:06:88:55
id:
ops-k8s-master01.local.com
init:
systemd
ip4_gw:
10.0.0.2
ip4_interfaces:
----------
docker0:
- 172.17.0.1
eth0:
- 10.0.0.10
lo:
- 127.0.0.1
vethfae5b25:
ip6_gw:
False
ip6_interfaces:
----------
docker0:
- fe80::42:d2ff:fe48:406f
eth0:
- fe80::20c:29ff:fe0c:9cbf
lo:
- ::1
vethfae5b25:
- fe80::10d5:10ff:fe06:8855
ip_gw:
True
ip_interfaces:
----------
docker0:
- 172.17.0.1
- fe80::42:d2ff:fe48:406f
eth0:
- 10.0.0.10
- fe80::20c:29ff:fe0c:9cbf
lo:
- 127.0.0.1
- ::1
vethfae5b25:
- fe80::10d5:10ff:fe06:8855
ipv4:
- 10.0.0.10
- 127.0.0.1
- 172.17.0.1
ipv6:
- ::1
- fe80::42:d2ff:fe48:406f
- fe80::20c:29ff:fe0c:9cbf
- fe80::10d5:10ff:fe06:8855
kernel:
Linux
kernelrelease:
3.10.0-514.6.1.el7.x86_64
kernelversion:
#1 SMP Wed Jan 18 13:06:36 UTC 2017
locale_info:
----------
defaultencoding:
UTF-8
defaultlanguage:
en_US
detectedencoding:
UTF-8
localhost:
ops-k8s-master01
lsb_distrib_codename:
CentOS Linux 7 (Core)
lsb_distrib_id:
CentOS Linux
machine_id:
380f2bb956cd4b8a82cf92c7774f0d02
manufacturer:
VMware, Inc.
master:
ops-k8s-master01
mdadm:
mem_total:
976
nodename:
ops-k8s-master01
num_cpus:
1
num_gpus:
1
os:
CentOS
os_family:
RedHat
osarch:
x86_64
oscodename:
CentOS Linux 7 (Core)
osfinger:
CentOS Linux-7
osfullname:
CentOS Linux
osmajorrelease:
7
osrelease:
7.3.1611
osrelease_info:
- 7
- 3
- 1611
path:
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
pid:
10114
productname:
VMware Virtual Platform
ps:
ps -efHww
pythonexecutable:
/usr/bin/python
pythonpath:
- /usr/bin
- /usr/lib64/python27.zip
- /usr/lib64/python2.7
- /usr/lib64/python2.7/plat-linux2
- /usr/lib64/python2.7/lib-tk
- /usr/lib64/python2.7/lib-old
- /usr/lib64/python2.7/lib-dynload
- /usr/lib64/python2.7/site-packages
- /usr/lib64/python2.7/site-packages/gtk-2.0
- /usr/lib/python2.7/site-packages
- /usr/lib/python2.7/site-packages/setuptools-33.1.1-py2.7.egg
- /usr/lib/python2.7/site-packages/pip-18.0-py2.7.egg
pythonversion:
- 2
- 7
- 5
- final
- 0
saltpath:
/usr/lib/python2.7/site-packages/salt
saltversion:
2018.3.3
saltversioninfo:
- 2018
- 3
- 3
- 0
selinux:
----------
enabled:
False
enforced:
Disabled
serialnumber:
VMware-56 4d f0 20 76 49 bc 97-4a a0 40 72 83 0c 9c bf
server_id:
1227626103
shell:
/bin/sh
swap_total:
0
systemd:
----------
features:
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN
version:
219
uid:
0
username:
root
uuid:
20f04d56-4976-97bc-4aa0-4072830c9cbf
virtual:
VMware
zfs_feature_flags:
False
zfs_support:
False
zmqversion:
4.1.4
　　

若只想获取采取信息的key

salt 'ops-k8s-master01*' grains.ls
　　

kernelrelease 获取内核版本，osmajorrelease系统版本号，osfullname系统名称，osrelease版本号

获取IP地址，这样获取的是唯一的

# salt 'ops-k8s-master01*' grains.get fqdn_ip4
ops-k8s-master01.local.com:
- 10.0.0.10
　　

获取主机序列号

# salt 'ops-k8s-master01*' grains.get serialnumber
ops-k8s-master01.local.com:
VMware-56 4d f0 20 76 49 bc 97-4a a0 40 72 83 0c 9c bf
　　

获取saltstack的版本信息

# salt 'ops-k8s-master01*' grains.get saltversion
ops-k8s-master01.local.com:
2018.3.3
　　　　

2.5.1.2 远程匹配执行目标salt -G
　　

在指定的系统上执行指定的任务：在CentOS（可小写）系统上执行date

# salt -G 'os:centos' cmd.run 'date'
ops-k8s-master02.local.com:
Thu Nov 22 16:02:58 CST 2018
ops-k8s-master03.local.com:
Thu Nov 22 16:02:58 CST 2018
ops-k8s-master01.local.com:
Thu Nov 22 16:02:58 CST 2018
　　

在CentOS7上执行操作

# salt -G 'init:systemd' cmd.run 'date'
ops-k8s-master02.local.com:
Thu Nov 22 16:03:47 CST 2018
ops-k8s-master03.local.com:
Thu Nov 22 16:03:47 CST 2018
ops-k8s-master01.local.com:
Thu Nov 22 16:03:47 CST 2018
　　　　

2.5.1.3 在top file做匹配
　　

vim /srv/salt/base/top.sls

base:
'os:CentOS':
- match: grain
- web.apache
　　执行

salt '*' state.highstate
　　　　

2.5.1.4 在jinja使用（详情见官网文档）
　　

Understanding Jinja

{% if grains['os'] != 'FreeBSD' %}
tcsh:
pkg:
- installed
{% endif %}

motd:
file.managed:
{% if grains['os'] == 'FreeBSD' %}
- name: /etc/motd
{% elif grains['os'] == 'Debian' %}
- name: /etc/motd.tail
{% endif %}
- source: salt://motd

2.5.1.5 自定义grains（在minion上配置）

不建议直接更改minion配置文件，可以单独创建一个grains文件

vim /etc/salt/grains，重启minion，再次收集

test-grains: ops-k8s-master02.local.com

[root@ops-k8s-master01 salt]# systemctl restart salt-minion
[root@ops-k8s-master01 salt]# salt '*' grains.get test-grains
ops-k8s-master03.local.com:
ops-k8s-master02.local.com:
ops-k8s-master01.local.com:
ops-k8s-master02.local.com
　　

不重启，使用saltutil.sync_grains，同步grains

# cat grains
test-grains: ops-k8s-master02.local.com

node1: test_saltutil_sync_grains

[root@ops-k8s-master01 salt]# salt '*' saltutil.sync_grains
ops-k8s-master02.local.com:
ops-k8s-master01.local.com:
ops-k8s-master03.local.com:

[root@ops-k8s-master01 salt]# salt '*' grains.get node1
ops-k8s-master02.local.com:
ops-k8s-master03.local.com:
ops-k8s-master01.local.com:
test_saltutil_sync_grains

3 salt state环境

针对不用环境，应用不同的state的file，salt支持多环境，比如开发，测试，生产等环境，我们通过

修改Master配置文件对不同的环境应用不同的目录！

file_roots:
base:
- /srv/salt/prod ##生产环境
qa:
- /srv/salt/qa ##测试环境，如果没发现去prod里面找
- /srv/salt/prod
dev:
- /srv/salt/dev ##开发环境，如果找不到，先去qa里找，如果找不到再去prod里面找
- /srv/salt/qa
- /srv/salt/prod
/srv/salt/prod/top.sls文件内容
base:
'web*prod*':
- webserver.foobarcom
qa:
'web*qa*':
- webserver.foobarcom
dev:
'web*dev':
- webserver.foobarcom
-

pillar的目录与file_roots无关，所以Pillar的目录默认还是/srv/salt，pillar只是Minion的一些信息，不

会对系统有什么改变，所以不需要区分环境，通常base即可。

/srv/pillar/top.sls文件内容

base:
'web*prod*':
- webserver.prod
'web*qa*':
- webserver.qa
'web*dev*':
- webserver.dev

/srv/pillar/webserver/prod.sls文件内容

webserver_role: prod

/srv/pillar/webserver/qa.sls文件内容

webserver_role: qa

/srv/pillar/webserver/dev文件内容

webserver_root: dev

最后sls文件/srv/salt/prod/webserver/foobarcom.sls(该文件会被所有环境访问到)的内容：

{% if pillar.get('webserver_role', '') %}
/var/www/foobarcom:
file.recurse:
- source: salt://webserver/src/foobarcom
- env: {{ pillar['webserver_role'] }}
- user: www
- group: www
- dir_mode: 755
- file_mode: 644
{% endif %}

开发完成后，应用sls文件

1.现在开发环境

salt -I ‘webserver_role:dev’ state.sls webserver.foobarcom

4 部署 LAMP 环境

Apache

[root@master prod]# pwd
/srv/salt/prod
[root@master prod]# tree
.
├── modules
│ ├── application
│ │ └── php
│ │ ├── files
│ │ │ ├── httpd.conf
│ │ │ ├── index.php
│ │ │ ├── init.d.php-fpm
│ │ │ ├── install.sh
│ │ │ ├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
│ │ │ ├── php-7.4.25.tar.gz
│ │ │ ├── php-8.0.12.tar.gz
│ │ │ ├── php-fpm.conf.default
│ │ │ ├── php-fpm.service
│ │ │ ├── php.ini-production
│ │ │ └── www.conf.default
│ │ └── install.sls
│ ├── database
│ │ └── mysql
│ │ ├── files
│ │ │ ├── my.conf
│ │ │ ├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
│ │ │ ├── mysqld.service
│ │ │ ├── mysqld.sh
│ │ │ └── mysql.server
│ │ └── install.sls
│ └── web
│ └── apache
│ ├── file
│ │ ├── apr-1.7.0.tar.gz
│ │ ├── apr-util-1.6.1.tar.gz
│ │ ├── httpd-2.4.48.tar.gz
│ │ ├── httpd.conf
│ │ ├── httpd.service
│ │ └── install.sh
│ └── install.sls
└── zabbix
├── apache.sls
├── file
│ ├── index.php
│ ├── my.conf
│ ├── mysql.conf
│ └── vhosts.conf
├── main.sls
└── mysql.sls

12 directories, 32 files

//Apache安装和配置
[root@master apache]# cat install.sls
"Development Tools":
pkg.group_installed

httpd-install:
pkg.installed:
- name: httpd

httpd-dep-package:
pkg.installed:
- pkgs:
- openssl-devel
- pcre-devel
- expat-devel
- libtool
- gcc
- gcc-c++
- make

create-apache-user:
user.present:
- name: apache
- createhome: false
- system: true
- shell: /sbin/nologin

download-apache:
file.managed:
- names:
- /usr/src/apr-1.7.0.tar.gz:
- source: salt://modules/web/apache/file/apr-1.7.0.tar.gz
- /usr/src/apr-util-1.6.1.tar.gz:
- source: salt://modules/web/apache/file/apr-util-1.6.1.tar.gz
- /usr/src/httpd-2.4.48.tar.gz:
- source: salt://modules/web/apache/file/httpd-2.4.48.tar.gz

salt://modules/web/apache/file/install.sh:
cmd.script

/usr/local/httpd/conf/httpd.conf:
file.managed:
- source: salt://modules/web/apache/file/httpd.conf
- user: root
- group: root
- mode: '0644'

/usr/lib/systemd/system/httpd.service:
file.managed:
- source: salt://modules/web/apache/file/httpd.service

[root@master apache]# tree file/
file/
├── apr-1.7.0.tar.gz
├── apr-util-1.6.1.tar.gz
├── httpd-2.4.48.tar.gz
├── httpd.conf
├── httpd.service
└── install.sh

[root@master apache]# cat file/install.sh
#!/bin/bash

cd /usr/src
# 这里要删除解压的目录，因为如果已经编译过一次，此时目录里面不仅有源目录的文件还会出现编译时新生成的文件。这个时候再解压的话，他只会覆盖刚解压的目录文件，并不会覆盖编译时新生成的新文，这样的话新的解压目录和旧的编译文件就会冲突，所有要删除解压包从头来，确保环境的干净。
rm -rf apr-1.7.0 apr-util-1.6 httpd-2.4.48
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
tar xf httpd-2.4.48.tar.gz

cd apr-1.7.0/
sed -i 's/$RM "$cfgfile"/ # $RM "$cfgfile"/g' configure
./configure --prefix=/usr/local/apr && make && make install

cd ../apr-util-1.6.1
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make && make install

cd ../httpd-2.4.48
./configure --prefix=/usr/local/httpd \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-apr=/usr/local/apr \
--with-apr-util=/usr/local/apr-util \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork && \
make && make install

//Apache配置
[root@master zabbix]# pwd
/srv/salt/prod/zabbix
[root@master zabbix]# ll
总用量 12
-rw-r--r-- 1 root root 611 11月 11 10:22 apache.sls
drwxr-xr-x 2 root root 75 11月 10 22:53 file
-rw-r--r-- 1 root root 80 11月 10 21:32 main.sls
-rw-r--r-- 1 root root 718 11月 11 09:51 mysql.sls

[root@master zabbix]# cat apache.sls
include:
- modules.web.apache.install

/usr/include/httpd:
file.symlink:
- target: /usr/local/httpd/include

/usr/local/httpd/htdocs/zabbix:
file.directory:
- user: root
- group: root
- mode: '0775'
- makedirs: true

/usr/local/httpd/conf/extra/vhosts.conf:
file.managed:
- source: salt://zabbix/file/vhosts.conf
- user: root
- group: root
- mode: '0644'

/usr/local/httpd/htdocs/zabbix/index.php:
file.managed:
- source: salt://zabbix/file/index.php
- user: root
- group: root
- mode: '0644'

httpd.service:
service.running:
- enable: true
[root@master zabbix]# tree file/
file/
├── index.php
├── my.conf
├── mysql.conf
└── vhosts.conf

[root@master zabbix]# cat file/index.php
<?php
phpinfo();
?>
[root@master zabbix]# cat file/vhosts.conf
<VirtualHost *:80>
DocumentRoot "/usr/local/apache/htdocs/zabbix"
ServerName zabbix.example.com
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/usr/local/httpd/htdocs/zabbix/$1
<Directory "/usr/local/httpd/htdocs/zabbix">
Options none
AllowOverride none
Require all granted
</Directory>
</VirtualHost>

MySQL

//数据库的安装
[root@master mysql]# pwd
/srv/salt/prod/modules/database/mysql
[root@master mysql]# cat install.sls
ncurses-compat-libs:
pkg.installed

mysql:
user.present:
- system: true
- createhome: false
- shell: /sbin/nologin

/usr/local:
archive.extracted:
- source: salt://modules/database/mysql/files/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
file.symlink:
- name: /usr/local/mysql
- target: /usr/local/mysql-5.7.34-linux-glibc2.12-x86_64

/usr/local/mysql:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- recurse:
- user
- group

/opt/data:
file.directory:
- user: mysql
- group: mysql
- mode: '0755'
- makedirs: true
- recurse:
- user
- group

/etc/profile.d/mysqld.sh:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.sh
- user: root
- group: root
- mode: '0644'

/usr/local/mysql/support-files/mysql.server:
file.managed:
- source: salt://modules/database/mysql/files/mysql.server
- user: mysql
- group: mysql
- mode: '0755'

/usr/lib/systemd/system/mysqld.service:
file.managed:
- source: salt://modules/database/mysql/files/mysqld.service
- user: root
- group: root
- mode: '0644'

mysql-initialize:
cmd.run:
- name: '/usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data/'

[root@master mysql]# tree files/
files/
├── my.conf
├── mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz
├── mysqld.service
├── mysqld.sh
└── mysql.server

0 directories, 5 files
[root@master mysql]# cat files/mysqld.sh
export PATH=/usr/local/mysql/bin:$PATH

//数据库的配置
[root@master zabbix]# pwd
/srv/salt/prod/zabbix
[root@master zabbix]# ll
总用量 12
-rw-r--r-- 1 root root 611 11月 11 10:22 apache.sls
drwxr-xr-x 2 root root 75 11月 10 22:53 file
-rw-r--r-- 1 root root 80 11月 10 21:32 main.sls
-rw-r--r-- 1 root root 718 11月 11 09:51 mysql.sls

[root@master zabbix]# cat mysql.sls
include:
- modules.database.mysql.install

lamp-dep-package:
pkg.installed:
- pkgs:
- ncurses-devel
- openssl-devel
- openssl
- cmake
- mariadb-devel

/usr/local/include/mysql:
file.symlink:
- target: /usr/local/mysql/include

/etc/ld.so.conf.d/mysql.conf:
file.managed:
- source: salt://zabbix/file/mysql.conf
- user: root
- group: root
- mode: '0644'

/etc/my.conf:
file.managed:
- source: salt://zabbix/file/my.conf
- user: root
- group: root
- mode: '0644'

mysqld.service:
service.running:
- enable: true

set-password-mysql:
cmd.run:
- name: /usr/local/mysql/bin/mysql -e "set password = password('wjm123');"

[root@master zabbix]# tree file/
file/
├── index.php
├── my.conf
├── mysql.conf
└── vhosts.conf

PHP

[root@master php]# pwd
/srv/salt/prod/modules/application/php
[root@master php]# cat install.sls
/tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm:
file.managed:
- source: salt://modules/application/php/files/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
- user: root
- group: root
- move: '0644'
cmd.run:
- name: yum -y install /tmp/oniguruma-devel-6.8.2-2.el8.x86_64.rpm

php-dep-package:
pkg.installed:
- pkgs:
- sqlite-devel
- libzip-devel
- libsqlite3x-devel
- libxml2
- libxml2-devel
- openssl
- openssl-devel
- bzip2
- bzip2-devel
- libcurl
- libcurl-devel
- libicu-devel
- libjpeg-turbo
- libjpeg-turbo-devel
- libpng
- libpng-devel
- openldap-devel
- pcre-devel
- freetype
- freetype-devel
- gmp
- gmp-devel
- readline
- readline-devel
- libxslt
- libxslt-devel
- make
/usr/src/:
archive.extracted:
- source: salt://modules/application/php/files/php-7.4.25.tar.gz

salt://modules/application/php/files/install.sh:
cmd.script

copy-file-php7:
file.managed:
- names:
- /usr/local/php7/etc/php-fpm.conf:
- source: salt://modules/application/php/files/php-fpm.conf.default
- /usr/local/php7/etc/php-fpm.d/www.conf:
- source: salt://modules/application/php/files/www.conf.default
- /etc/php.ini:
- source: salt://modules/application/php/files/php.ini-production
- /etc/init.d/php-fpm:
- source: salt://modules/application/php/files/init.d.php-fpm
- user: root
- group: root
- mode: '0755'
- /usr/lib/systemd/system/php-fpm.service:
- source: salt://modules/application/php/files/php-fpm.service

php-fpm.service:
service.running:
- enable: true

[root@master php]# tree files/
files/
├── httpd.conf
├── index.php
├── init.d.php-fpm
├── install.sh
├── oniguruma-devel-6.8.2-2.el8.x86_64.rpm
├── php-7.4.25.tar.gz
├── php-8.0.12.tar.gz
├── php-fpm.conf.default
├── php-fpm.service
├── php.ini-production
└── www.conf.default

开始部署lamp架构

[root@master zabbix]# ls
apache.sls file main.sls mysql.sls
[root@master zabbix]# cat main.sls
include:
- zabbix.apache
- zabbix.mysql
- modules.application.php.install

[root@master zabbix]# salt '*' state.sls zabbix.main saltenv=prod
# 等待安装完成即可