一.include的引用
需求场景:用于含有多个SLS的状态,使用include可以进行多个状态的组合,将安装apache,php,mysql集合在一个sls中
[root@7mini-node1 prod]# pwd
/srv/salt/prod
[root@7mini-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
[root@7mini-node1 prod]# vim ../base/top.sls
prod:
'7mini-node1':
- lamp
[root@7mini-node1 prod]# salt "7mini-node1" state.highstate #执行无报错为正确
二.extend的使用
需求场景:软件包安装的时候,需求假设:只在node1上按装php-mbstring包,其他的机器不安装。单独在组合的sls中添加,不需要可以删掉
[root@7mini-node1 prod]# pwd
/srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
extend:
php-install:
pkg.installed:
- name: php-mbstring
[root@linux-node1 prod]# salt "7mini-node1" state.highstate
三、require和require_in的使用
require:我依赖谁
require_in:我被谁依赖
需求场景:如果安装不成功或者配置httpd不成功,不启动httpd
(1)require使用
[root@7mini-node1 apache]# pwd
/srv/salt/prod/apache
[root@7mini-node1 apache]# systemctl stop httpd
[root@7mini-node1 apache]# vim init_require.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd1.conf----->将此处的文件改错,模拟配置错误
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- require:---------------------------->使用require,表示依赖
- pkg: apache-install--------------->依赖的状态模块为pkg模块,id为apache-install
- file: apache-config--------------->依赖的状态模块为file模块,id为apache-config
[root@7mini-node1 apache]# salt "7nini-noed1" state.highstate #执行模块提示会有报错,此时httpd不会正常启动
(2)require_in使用 #与require是相同的只是表达方式的不同
[root@7mini-node1 apache]# vim init_require_in.sls
apache-install:
pkg.installed:
- name: httpd
- require_in:------------------>被依赖
- service: apache-service---->被依赖的模块是service,id为apache-service
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- require_in:
- service: apache-service
apache-service:
service.running:
- name: httpd
- enable: True
解释说明:require和require_in都能实现依赖的功能,主动和被动的关系不同
四、watch和watch_in的使用
需求场景:监控配置文件变动,重启服务或重载服务
设置重启
[root@7mini-node1 apache]# pwd
/srv/salt/prod/apache
[root@7mini-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- watch:---------------------->使用watch
- file: apache-config------->监控的模块为file,id为apache-config
[root@7mini-node1 apache]# vim files/httpd.conf #随意修改配置文件
[root@7mini-node1 apache]# salt "7mini-node1" state.highstate
设置重载
[root@7mini-node1 apache]# vim init_watch.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True----------------------------------->增加参数重载
- watch:
- file: apache-config
[root@7mini-node1 apache]# salt -S "192.168.56.11" state.highstate
五、unless:状态间的条件判断
需求场景:给apache的admin目录进行加密登陆查看 #如果某文件存在将不执行
(1)修改配置文件,添加认证功能
[root@7mini-node1 apache]# vim files/httpd.conf
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "haha"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
(2)修改状态文件init.sls
[root@7mini-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:------>使用cmd模块的run方法
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin---->生成密码文件
- unless: test -f /etc/httpd/conf/htpasswd_file---->unless判断条件,test -f判断为假则执行。即htpasswd文件如果不存在就执行生成密码
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
[root@7mini-node1 apache]# salt "7mini-node1" state.highstate
浏览器访问10.0.0.11/admin/index.html会出现密码验证