saltstack数据系统及其相关应用
2016-07-06 00:00
375 查看
grains
grains是静态的,只有minion启动才加载
[root@salt-master ~]# salt '*' grains.items
[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces
salt-minion:
----------
eth1:
00:0c:29:38:1e:f7
lo:
00:00:00:00:00:00
[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces:eth1
salt-minion:
00:0c:29:38:1e:f7
[root@salt-master ~]# salt '*' grains.get ip_interfaces
salt-minion:
----------
eth1:
- 192.168.1.201
- fe80::20c:29ff:fe38:1ef7
lo:
- 127.0.0.1
- ::1
[root@salt-master ~]# salt '*' grains.get ip_interfaces:eth1
salt-minion:
- 192.168.1.201
- fe80::20c:29ff:fe38:1ef7
pillar
存储在master端,存放需要提供给minion的信息
敏感信息
变量
其它任何数据
target和state使用
打开pillar
pillar_roots:
base:
- /srv/pillar
{% if grains['os'] == 'CentOS' %}
apache: httpd
yum: yum
yys: yys
{% elif grains['os'] == 'Debian' %}
apache: apache2
yum: apt-get
{% endif %}
[root@salt-master pillar]# salt '*' pillar.get apache
salt-minion:
httpd
[root@salt-master pillar]# salt '*' pillar.get yys
salt-minion:
yys
[root@salt-master pillar]# salt 'salt-minion' pillar.get yum
salt-minion:
yum
grains VS pillar
用途不通:grains用于存储客户端的minion的基本数据信息,pillar用于存储master分配给minion的数据信息
存储区域不同:grains存储在minion端,pillar存储在master端
更新方式不同:grains在minion启动时进行更新也可以通过saltutil.sync_grains进行刷新,pillar存储在master端,使用saltutil.refresh_pillar进行刷新效率更高也更为灵活
1.选择角色
这个是使用grains
[root@salt-master pillar]# salt -G 'os:CentOS' test.ping
salt-minion:
True
pillar应用
[root@salt-master pillar]# vim roles.sls
roles: web
[root@salt-master pillar]# vim top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
[root@salt-master pillar]# salt 'salt-minion' pillar.get roles
salt-minion:
web
[root@salt-master pillar]# salt -I 'roles:web' test.ping
salt-minion:
True
[root@salt-master pillar]# salt '*' -b 10 test.ping 每次执行10台
require:
require:本state执行需要先执行那些state
require_in:与require相反
watch:除了require外,也会检测state状态
watch_in:与watch相反
1.安装httpd
[root@salt-master salt]# vim sls_file/apache.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
service.running:
- enable: True
- name: httpd
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:12:47.966648
Duration: 18553.182 ms
Changes:
&nbs
7fe0
p; ----------
apr:
----------
new:
1.3.9-5.el6_2
old:
apr-util:
----------
new:
1.3.9-3.el6_0.1
old:
apr-util-ldap:
----------
new:
1.3.9-3.el6_0.1
old:
httpd:
----------
new:
2.2.15-53.el6.centos
old:
httpd-tools:
----------
new:
2.2.15-53.el6.centos
old:
mailcap:
----------
new:
2.1.31-2.el6
old:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:13:06.522558
Duration: 7.874 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: False
Comment: Service httpd has been enabled, and is dead
Started: 23:13:06.531651
Duration: 138.213 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 2 (changed=2)
Failed: 1
------------
Total states run: 3
[root@salt-master salt]# vim /etc/^C
[root@salt-master salt]# vim config_file/
httpd.conf nginx/ script/ vsftpd.conf
[root@salt-master salt]# vim config_file/httpd.conf
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:13:43.435408
Duration: 222.893 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:13:43.660646
Duration: 12.437 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 23:13:43.673420
Duration: 69.659 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
上面有一个报错因为我本身启动了nginx占用了80所以需要改一下httpd配置文件即可完成
调式:
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:16:26.512596
Duration: 217.712 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:16:26.732353
Duration: 2.549 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:16:26.735312
Duration: 26.744 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:16:54.945258
Duration: 224.859 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:16:55.172223
Duration: 2.861 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 23:16:55.175418
Duration: 18.232 ms
Changes:
Summary
------------
Succeeded: 3 (unchanged=1)
Failed: 0
------------
Total states run: 3
不会真实执行调式完毕之后再执行
2.增加requisites
[root@salt-master salt]# vim sls_file/apache.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: apache#就是我取的这个id配置文件管理之前保证软件安装
service.running:
- enable: True
- name: httpd
- watch:#检测状态改变执行重启
- pkg: apache#检测apache软件是否会有变化,有则执行重启
- file: apache#配置文件是否有变化,有则重启
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx#就是我取的这个id
service.running:
- enable: True
- name: httpd
- watch:#检测状态改变执行重启
- pkg: nginx#检测apache是否会有变化,有则执行重启
- file: nginx#配置文件是否有变化,有则重启
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:30:25.526678
Duration: 213.372 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:30:25.742436
Duration: 3.268 ms
Changes:
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:30:25.746117
Duration: 25.382 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
可以看到apache只是一个id或者理解为名称
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:26:30.382684
Duration: 216.614 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:26:30.601524
Duration: 2.687 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:26:30.604611
Duration: 26.028 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# vim config_file/httpd.conf
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:26:52.667503
Duration: 219.51 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:26:52.889209
Duration: 12.14 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9999
+Listen 9998
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:26:52.928307
Duration: 215.437 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
可以看到改变2个操作
重启和配置文件改变
3.变量使用
[root@salt-master salt]# vim sls_file/apache.sls
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:#defaults
port: 9997
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master salt]# vim config_file/httpd.conf
Listen {{ port }}
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:34:02.107754
Duration: 219.02 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:34:02.328933
Duration: 21.308 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9997
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:34:02.375926
Duration: 214.444 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9997 :::* LISTEN 4429/httpd
可以看到修改生效
4.每个主机端口不一样
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion'%}
port: 9997
{% elif grains['id'] == 'salt-minion02'%}
port: 9998
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:39:51.984573
Duration: 217.182 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:39:52.203991
Duration: 14.981 ms
Changes:
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:39:52.219407
Duration: 25.886 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9997 :::* LISTEN 4429/httpd
可以看到和原来一样
我们现在改一下端口
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion'%}
port: 9998
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
salt-minion为9998
salt-minion02为9997
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:41:45.652814
Duration: 218.351 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:41:45.873363
Duration: 17.753 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9997
+Listen 9998
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:41:45.917686
Duration: 209.181 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9998 :::* LISTEN 4853/http
可以看到端口变为9998生效
现在我们验证一下没有匹配到的情况
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion01'%}
port: 9998
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
现在主机包含在其它的情况中
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:43:14.444092
Duration: 215.958 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:43:14.662291
Duration: 17.061 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:43:14.706464
Duration: 203.308 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9999 :::* LISTEN 5017/httpd
现在变为9999也是生效的
这样就可以实现不通的minion id配置不同的端口
优化:
sls描述处理逻辑,业务数据不应该在sls上
用pillar来做
apache:
{% if grains['id'] == 'salt-minion'%}
port: 9999
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9998
{% endif %}
[root@salt-master apache]# salt '*' pillar.get apache
salt-minion:
----------
port:
9999
修改sls
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/con
3ff8
f/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
port: {{ salt['pillar.get']('apache:port',9995)}}#使用pillar获取的值,什么都没有的话会默认为9995
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9998 :::* LISTEN 5311/httpd
[root@salt-master apache]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:54:51.542798
Duration: 216.563 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:54:51.761655
Duration: 17.513 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:54:51.806378
Duration: 199.891 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9999 :::* LISTEN 5692/httpd
这里就有一个技巧:
把数据放到pillar中这样我就只需要修改pillar就完成配置数据的管理,而配置管理的逻辑或者功能则用sls来来具体执行
例如:
[root@salt-master ~]# vim /srv/pillar/top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
- apache
'*':
- system
对salt-minion进行nginx和apache的安装及配置管理
对所有主机进行系统设置
apache:
{% if grains['id'] == 'salt-minion'%}
port: 9999
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9998
{% endif %}
nofile: 102400
下面是sls文件
nofile_soft:
cmd.run:
- name: echo '* soft nofile {{ salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.conf
nofile_hard:
cmd.run:
- name: echo '* hard nofile {{ salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.conf
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
port: {{ salt['pillar.get']('apache:port',9995)}}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
这样功能就实现安装apache系统设置就完成nofile的修改
但是数据只改pillar就可以实现了,不用在sls中进行数据修改,只需在sls中进行逻辑功能编写即可
周期执行sls文件
pillar中top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
- apache
'*':
- system
[root@salt-master pillar]# vim nginx/nginx.sls
schedule:
nginx:
function: state.sls
minutes: 1#seconds秒级
args:
- 'sls_file.nginx'
等价于:
salt 'salt-minion' state.sls sls_file.nginx
[root@salt-master pillar]# vim /srv/salt/sls_file/nginx.sls
nginx:
pkg:
- installed
service:
- running
- enable: True
- reload: True
- watch:
- pkg: nginx
- file: /etc/nginx/nginx.conf
- file: /etc/nginx/conf.d/default.conf
/etc/nginx/nginx.conf:
file.managed:
- source: salt://config_file/nginx/nginx.conf
- user: root
- group: root
- mode: 644
/etc/nginx/conf.d/default.conf:
file.managed:
- source: salt://config_file/nginx/conf.d/default.conf
- user: root
- group: root
- mode: 644
注意:不写name就默认把取名的id作为name
- name :/etc/nginx/conf.d/default.conf
以上相当于每分钟执行一次
salt 'salt-minion' state.sls sls_file.nginx
grains是静态的,只有minion启动才加载
[root@salt-master ~]# salt '*' grains.items
[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces
salt-minion:
----------
eth1:
00:0c:29:38:1e:f7
lo:
00:00:00:00:00:00
[root@salt-master ~]# salt '*' grains.get hwaddr_interfaces:eth1
salt-minion:
00:0c:29:38:1e:f7
[root@salt-master ~]# salt '*' grains.get ip_interfaces
salt-minion:
----------
eth1:
- 192.168.1.201
- fe80::20c:29ff:fe38:1ef7
lo:
- 127.0.0.1
- ::1
[root@salt-master ~]# salt '*' grains.get ip_interfaces:eth1
salt-minion:
- 192.168.1.201
- fe80::20c:29ff:fe38:1ef7
pillar
存储在master端,存放需要提供给minion的信息
敏感信息
变量
其它任何数据
target和state使用
打开pillar
pillar_roots:
base:
- /srv/pillar
{% if grains['os'] == 'CentOS' %}
apache: httpd
yum: yum
yys: yys
{% elif grains['os'] == 'Debian' %}
apache: apache2
yum: apt-get
{% endif %}
[root@salt-master pillar]# salt '*' pillar.get apache
salt-minion:
httpd
[root@salt-master pillar]# salt '*' pillar.get yys
salt-minion:
yys
[root@salt-master pillar]# salt 'salt-minion' pillar.get yum
salt-minion:
yum
grains VS pillar
用途不通:grains用于存储客户端的minion的基本数据信息,pillar用于存储master分配给minion的数据信息
存储区域不同:grains存储在minion端,pillar存储在master端
更新方式不同:grains在minion启动时进行更新也可以通过saltutil.sync_grains进行刷新,pillar存储在master端,使用saltutil.refresh_pillar进行刷新效率更高也更为灵活
1.选择角色
这个是使用grains
[root@salt-master pillar]# salt -G 'os:CentOS' test.ping
salt-minion:
True
pillar应用
[root@salt-master pillar]# vim roles.sls
roles: web
[root@salt-master pillar]# vim top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
[root@salt-master pillar]# salt '*' saltutil.refresh_pillar
[root@salt-master pillar]# salt 'salt-minion' pillar.get roles
salt-minion:
web
[root@salt-master pillar]# salt -I 'roles:web' test.ping
salt-minion:
True
[root@salt-master pillar]# salt '*' -b 10 test.ping 每次执行10台
require:
require:本state执行需要先执行那些state
require_in:与require相反
watch:除了require外,也会检测state状态
watch_in:与watch相反
1.安装httpd
[root@salt-master salt]# vim sls_file/apache.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
service.running:
- enable: True
- name: httpd
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:12:47.966648
Duration: 18553.182 ms
Changes:
&nbs
7fe0
p; ----------
apr:
----------
new:
1.3.9-5.el6_2
old:
apr-util:
----------
new:
1.3.9-3.el6_0.1
old:
apr-util-ldap:
----------
new:
1.3.9-3.el6_0.1
old:
httpd:
----------
new:
2.2.15-53.el6.centos
old:
httpd-tools:
----------
new:
2.2.15-53.el6.centos
old:
mailcap:
----------
new:
2.1.31-2.el6
old:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:13:06.522558
Duration: 7.874 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: False
Comment: Service httpd has been enabled, and is dead
Started: 23:13:06.531651
Duration: 138.213 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 2 (changed=2)
Failed: 1
------------
Total states run: 3
[root@salt-master salt]# vim /etc/^C
[root@salt-master salt]# vim config_file/
httpd.conf nginx/ script/ vsftpd.conf
[root@salt-master salt]# vim config_file/httpd.conf
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:13:43.435408
Duration: 222.893 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:13:43.660646
Duration: 12.437 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 23:13:43.673420
Duration: 69.659 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
上面有一个报错因为我本身启动了nginx占用了80所以需要改一下httpd配置文件即可完成
调式:
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:16:26.512596
Duration: 217.712 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:16:26.732353
Duration: 2.549 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:16:26.735312
Duration: 26.744 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache test=True
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:16:54.945258
Duration: 224.859 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:16:55.172223
Duration: 2.861 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: None
Comment: Service httpd is set to start
Started: 23:16:55.175418
Duration: 18.232 ms
Changes:
Summary
------------
Succeeded: 3 (unchanged=1)
Failed: 0
------------
Total states run: 3
不会真实执行调式完毕之后再执行
2.增加requisites
[root@salt-master salt]# vim sls_file/apache.sls
apache:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: apache#就是我取的这个id配置文件管理之前保证软件安装
service.running:
- enable: True
- name: httpd
- watch:#检测状态改变执行重启
- pkg: apache#检测apache软件是否会有变化,有则执行重启
- file: apache#配置文件是否有变化,有则重启
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx#就是我取的这个id
service.running:
- enable: True
- name: httpd
- watch:#检测状态改变执行重启
- pkg: nginx#检测apache是否会有变化,有则执行重启
- file: nginx#配置文件是否有变化,有则重启
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:30:25.526678
Duration: 213.372 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:30:25.742436
Duration: 3.268 ms
Changes:
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:30:25.746117
Duration: 25.382 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
可以看到apache只是一个id或者理解为名称
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:26:30.382684
Duration: 216.614 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:26:30.601524
Duration: 2.687 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:26:30.604611
Duration: 26.028 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# vim config_file/httpd.conf
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:26:52.667503
Duration: 219.51 ms
Changes:
----------
ID: apache
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:26:52.889209
Duration: 12.14 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9999
+Listen 9998
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:26:52.928307
Duration: 215.437 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
可以看到改变2个操作
重启和配置文件改变
3.变量使用
[root@salt-master salt]# vim sls_file/apache.sls
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:#defaults
port: 9997
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master salt]# vim config_file/httpd.conf
Listen {{ port }}
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:34:02.107754
Duration: 219.02 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:34:02.328933
Duration: 21.308 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9997
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:34:02.375926
Duration: 214.444 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9997 :::* LISTEN 4429/httpd
可以看到修改生效
4.每个主机端口不一样
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion'%}
port: 9997
{% elif grains['id'] == 'salt-minion02'%}
port: 9998
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:39:51.984573
Duration: 217.182 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 23:39:52.203991
Duration: 14.981 ms
Changes:
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is in the desired state
Started: 23:39:52.219407
Duration: 25.886 ms
Changes:
Summary
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9997 :::* LISTEN 4429/httpd
可以看到和原来一样
我们现在改一下端口
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion'%}
port: 9998
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
salt-minion为9998
salt-minion02为9997
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:41:45.652814
Duration: 218.351 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:41:45.873363
Duration: 17.753 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9997
+Listen 9998
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:41:45.917686
Duration: 209.181 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9998 :::* LISTEN 4853/http
可以看到端口变为9998生效
现在我们验证一下没有匹配到的情况
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
{% if grains['id'] == 'salt-minion01'%}
port: 9998
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9999
{% endif %}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
现在主机包含在其它的情况中
[root@salt-master salt]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:43:14.444092
Duration: 215.958 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:43:14.662291
Duration: 17.061 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:43:14.706464
Duration: 203.308 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master salt]# salt 'salt-minion' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9999 :::* LISTEN 5017/httpd
现在变为9999也是生效的
这样就可以实现不通的minion id配置不同的端口
优化:
sls描述处理逻辑,业务数据不应该在sls上
用pillar来做
apache:
{% if grains['id'] == 'salt-minion'%}
port: 9999
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9998
{% endif %}
[root@salt-master apache]# salt '*' pillar.get apache
salt-minion:
----------
port:
9999
修改sls
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/con
3ff8
f/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
port: {{ salt['pillar.get']('apache:port',9995)}}#使用pillar获取的值,什么都没有的话会默认为9995
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
[root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9998 :::* LISTEN 5311/httpd
[root@salt-master apache]# salt 'salt-minion' state.sls sls_file.apache
salt-minion:
----------
ID: nginx
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed.
Started: 23:54:51.542798
Duration: 216.563 ms
Changes:
----------
ID: nginx
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 23:54:51.761655
Duration: 17.513 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 9998
+Listen 9999
#
# Dynamic Shared Object (DSO) Support
----------
ID: nginx
Function: service.running
Name: httpd
Result: True
Comment: Service restarted
Started: 23:54:51.806378
Duration: 199.891 ms
Changes:
----------
httpd:
True
Summary
------------
Succeeded: 3 (changed=2)
Failed: 0
------------
Total states run: 3
[root@salt-master apache]# salt '*' cmd.run 'netstat -anutlp|grep httpd'
salt-minion:
tcp 0 0 :::9999 :::* LISTEN 5692/httpd
这里就有一个技巧:
把数据放到pillar中这样我就只需要修改pillar就完成配置数据的管理,而配置管理的逻辑或者功能则用sls来来具体执行
例如:
[root@salt-master ~]# vim /srv/pillar/top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
- apache
'*':
- system
对salt-minion进行nginx和apache的安装及配置管理
对所有主机进行系统设置
apache:
{% if grains['id'] == 'salt-minion'%}
port: 9999
{% elif grains['id'] == 'salt-minion02'%}
port: 9997
{% else %}
port: 9998
{% endif %}
nofile: 102400
下面是sls文件
nofile_soft:
cmd.run:
- name: echo '* soft nofile {{ salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.conf
nofile_hard:
cmd.run:
- name: echo '* hard nofile {{ salt['pillar.get']('nofile',10240) }}' >> /etc/security/limits.conf
nginx:
pkg.installed:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://config_file/httpd.conf
- require:
- pkg: nginx
- template: jinja
- context:
port: {{ salt['pillar.get']('apache:port',9995)}}
service.running:
- enable: True
- name: httpd
- watch:
- pkg: nginx
- file: nginx
这样功能就实现安装apache系统设置就完成nofile的修改
但是数据只改pillar就可以实现了,不用在sls中进行数据修改,只需在sls中进行逻辑功能编写即可
周期执行sls文件
pillar中top.sls
base:
'salt-minion':
- nginx.nginx
- packages
- roles
- apache
'*':
- system
[root@salt-master pillar]# vim nginx/nginx.sls
schedule:
nginx:
function: state.sls
minutes: 1#seconds秒级
args:
- 'sls_file.nginx'
等价于:
salt 'salt-minion' state.sls sls_file.nginx
[root@salt-master pillar]# vim /srv/salt/sls_file/nginx.sls
nginx:
pkg:
- installed
service:
- running
- enable: True
- reload: True
- watch:
- pkg: nginx
- file: /etc/nginx/nginx.conf
- file: /etc/nginx/conf.d/default.conf
/etc/nginx/nginx.conf:
file.managed:
- source: salt://config_file/nginx/nginx.conf
- user: root
- group: root
- mode: 644
/etc/nginx/conf.d/default.conf:
file.managed:
- source: salt://config_file/nginx/conf.d/default.conf
- user: root
- group: root
- mode: 644
注意:不写name就默认把取名的id作为name
- name :/etc/nginx/conf.d/default.conf
以上相当于每分钟执行一次
salt 'salt-minion' state.sls sls_file.nginx
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 浅谈line-height
- Ubuntu 16.04 LTS上搭建LAMP环境
- HashMap/HashTable/String/StringBuffer/StringBuilde
- ConcurrentSkipListMap/ConcurrentSkipListSet
- C++对象模型学习——Data语意学
- centos6.5 关闭防火墙
- MAC 安装mycat 入门
- 判断二叉树是不是平衡的
- 求子数组的最大和
- swiper的基础使用(十五)
- 逗牙http://www.idouya.xin//html/32-14/14903.htm
- 搭建MariaDB Galera Cluster(Debian 8)
- 搭建keepalived+haproxy+mariadb高可用负载均衡数据库集群
- 搭建Gluster集群(Debian 8)
- python使用logging进行日志配置
- 解决android studio图片资源问题
- Highcharts基础教程(一):Highcharts 的主要组成
- 系统字段
- 【JavaScript高级程序设计】--第1章 JavaScript简介
- hibernate配置文件数值,注入到 java类