SaltStack Master: 172.66.1.100
Create AMI by default VM:
[email protected]:~# cat /etc/rc.local /root/PkgInit.sh; /root/SaltMinionInit.sh; /root/SaltCall.sh; [email protected]:~# cat /root/PkgInit.sh add-apt-repository ppa:saltstack/salt -y; apt-get update; apt-get install salt-minion -y; apt-get install awscli -y; [email protected]:~# cat /root/SaltMinionInit.sh INSTANCE_ID=$(ec2metadata --instance-id); REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}'); TAG=$(aws ec2 describe-tags --filters "Name=resource-id,Values=$INSTANCE_ID" --region=$REGION --output=text --max-items=1 | cut -f5); /bin/echo -e "master: 172.66.1.100\ngrains:\n roles:\n - "$TAG > /etc/salt/minion; service salt-minion restart; [email protected]:~# cat /root/SaltCall.sh sleep 15s; salt-call state.highstate; |
Setup Saltstack Master:
root@ip-172-66-1-100:~# add-apt-repository ppa:saltstack/salt root@ip-172-66-1-100:~# apt-get update root@ip-172-66-1-100:~# apt-get install salt-master root@ip-172-66-1-100:~# cat /etc/salt/master | grep -v '^#' | grep -v '^$' file_roots: base: - /srv/salt pillar_roots: base: - /srv/pillar reactor: - 'salt/auth': - /srv/reactor/auth-pending.sls # Automating Key Acceptance # salt-run state.event pretty=True root@ip-172-66-1-100:~# cat /srv/reactor/auth-pending.sls {% if 'act' in data and data['act'] == 'pend' and data['id'].startswith('ip-172') %} minion_add: wheel.key.accept: - match: {{ data['id'] }} {% endif %} # Get grains item root@ip-172-66-1-100:~# salt '*' grains.item os ip-172-66-2-214: ---------- os: Ubuntu ip-172-66-4-93: ---------- os: Ubuntu root@ip-172-66-1-100:/srv/reactor# salt '*' grains.item roles ip-172-66-2-214: ---------- roles: - YeMaosheng_com ip-172-66-4-93: ---------- roles: - YeMaosheng_com root@ip-172-66-1-100:~# salt -G 'roles:YeMaosheng_com' state.highstate -t 60 test=True root@ip-172-66-1-100:~# salt -G 'roles:YeMaosheng_com' state.highstate root@ip-172-66-1-100:~# salt-run manage.down removekeys=True root@ip-172-66-1-100:~# salt-run state.event pretty=True |
网站所用EC2的安装及发布配置
├── pillar │ ├── yemaosheng_com │ │ ├── nginx.sls │ │ ├── php56.sls │ │ └── website.sls │ └── top.sls ├── reactor │ └── auth-pending.sls └── salt ├── crontab │ └── init.sls ├── mysql-client │ └── init.sls ├── nginx │ ├── configs │ │ └── yemaosheng_com │ │ ├── blockrules.conf │ │ ├── nginx.conf │ │ └── sites-enabled │ │ └── yemaosheng.com │ └── init.sls ├── php56 │ ├── configs │ │ └── yemaosheng_com │ │ └── php5-fpm │ │ └── www.conf │ └── init.sls ├── top.sls ├── website │ ├── configs │ │ └── yemaosheng_com │ │ ├── dhparam.pem │ │ └── sslkey │ └── init.sls └── websitefiles └── yemaosheng_com -> /var/www/yemaosheng_com cat /srv/salt/top.sls base: 'roles:yemaosheng_com': - match: grain - mysql-client - php56 - nginx - website - crontab cat /srv/pillar/top.sls base : 'roles:yemaosheng_com': - match: grain - yemaosheng_com.nginx - yemaosheng_com.php56 - yemaosheng_com.website cat /srv/pillar/yemaosheng_com/nginx.sls nginx_conf: nginx/configs/yemaosheng_com/nginx.conf nginx_site-enable: nginx/configs/yemaosheng_com/sites-enabled cat /srv/salt/nginx/init.sls {% set site_name = pillar['site_name'] %} nginx: pkg: - name: nginx - installed nginx_conf: service.running: - name: nginx - enable: True - reload: True - watch: - file: /etc/nginx/* file.managed: - name: /etc/nginx/nginx.conf - source: salt://{{ pillar['nginx_conf'] }} - user: root - group: root - mode: '0640' - require: - pkg: nginx {% if site_name == 'yemaosheng_com' %} upload_sslkey_to_nginx: file.recurse: - name: /srv/ssl - user: root - group: root - file_mode: '0644' - source: salt://website/configs/yemaosheng_com/sslkey - include_empty: True upload_dhparam_to_nginx: file.managed: - name: /etc/nginx/dhparam.pem - source: salt://website/configs/yemaosheng_com/dhparam.pem - user: root - group: root - mode: '0644' - require: - pkg: nginx {% endif %} /etc/nginx/sites-enabled: service.running: - name: nginx - enable: True - reload: True - watch: - file: /etc/nginx/sites-enabled file.recurse: - name: /etc/nginx/sites-enabled - user: root - group: root - dir_mode: 2775 - file_mode: '0644' - source: salt://{{ pillar['nginx_site-enable'] }} - include_empty: True - clean: True - require: - pkg: nginx |