一、saltstack的状态管理
状态管理官网: https://www.unixhot.com/docs/saltstack/ref/states/all/index.html
1)状态分析
[root@k8s6 ~]# cat /srv/salt/web/apache.sls apache-install: pkg.installed: - names: - httpd - httpd-devel apache-service: # 名称ID声明 ID必须唯一 service.running: # state声明 状态声明 - name: httpd # 选项声明 - enable: True
2.1) 对于lamp 架构状态管理分析
LAMP架构 1)安装软件包 pkg 2)修改配置文件 file 3)启动服务 service pkg.installed # 安装 pkg.latest # 确保最新版本 pkg.remove # 卸载 pkg.purge # 卸载并删除配置文件
2.2)安装软件示例和配置文件定义示例
#示例:同时安装多个包 common_packages: pkg.installed: - pkgs: - unzip - dos2unix - salt-minion: 2015.8.5-1.el6 #示例:修改配置文件 apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://files/http.conf - user: root - group: root - mode: 644
2.3)对于配置文件定义的source源分析
- source: salt://files/http.conf 指的salt环境的下的目录 salt:// 表示 当前环境的跟目录 salt跟目录定义 [root@k8s6 lamp]# vim /etc/salt/master file_roots: base: - /srv/salt
比如 salt://lamp/files/http.conf 表示 /srv/salt/lamp/files/http.conf
3)定义lamp架构示例
[root@k8s6 salt]# cat lamp/lamp.sls lamp-pkg: pkg.installed: - pkgs: - httpd - php - mariadb - mariadb-server - php-mysql - php-cli - php-mbstring apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 php-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644 mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - reload: True mysql-service: service.running: - name: mariadb - enable: True - reload: True
配置文件路径
[root@k8s6 salt]# ls lamp/files/
httpd.conf my.cnf php.ini
单台机器启动测试
# 单台机器测试 lamp.lamp ==》目录/文件 [root@k8s6 lamp]# salt 'node01' state.sls lamp.lamp 执行的时候:需要监听客户端日志,排查错误 tail -f /var/log/salt/minion 服务端日志改为debug模式。排查错误 vim /etc/salt/master #log_level: warning log_level: debug
4)对于启动服务的另一种写法
[root@k8s6 salt]# cat lamp/apache.sls apache-server: pkg.installed: - pkgs: - httpd - php file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 service.running: - name: httpd - enable: True - reload: True
二、状态关系
1)依赖关系require。服务中,只写一个
服务服务的依赖关系 apache-server: # 启动服务需要有依赖关系 service.running: - name: httpd - enable: True - reload: True - require: # 依赖关系 - pkg: lamp-pkg # 需要先安装 - file: apache-config # 需要有配置文件 mysql-config: # 配置文件被启动服务所依赖 file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 - require_in: # 被依赖,被启动服务所依赖 - service: mysql-service
2)监听文件。watch
服务服务的依赖关系 apache-server: # 启动服务需要有依赖关系 service.running: - name: httpd - enable: True - reload: True - require: # 依赖关系 - pkg: lamp-pkg # 需要先安装 - watch - file: apache-config # 监听该文件
3.1)引入实例
提前安装的文件
[root@k8s6 lamp]# cat pkg.sls lamp-pkg: pkg.installed: - pkgs: - httpd - php - mariadb - mariadb-server - php-mysql - php-cli - php-mbstring
导入pkg
[root@k8s6 lamp]# cat lamp.sls include: - lamp.pkg apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 php-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644 mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - reload: True mysql-service: service.running: - name: mariadb - enable: True - reload: True
3.2)引入多个文件
安装模块
[root@k8s6 lamp]# cat pkg.sls lamp-pkg: pkg.installed: - pkgs: - httpd - php - mariadb - mariadb-server - php-mysql - php-cli - php-mbstring
配置文件模块
[root@k8s6 lamp]# cat config.sls apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 php-config: file.managed: - name: /etc/php.ini - source: salt://lamp/files/php.ini - user: root - group: root - mode: 644 mysql-config: file.managed: - name: /etc/my.cnf - source: salt://lamp/files/my.cnf - user: root - group: root - mode: 644
启动服务模块
[root@k8s6 lamp]# cat service.sls apache-service: service.running: - name: httpd - enable: True - reload: True mysql-service: service.running: - name: mariadb - enable: True - reload: Tru
导入模块
[root@k8s6 lamp]# cat init.sls include: - lamp.pkg - lamp.config - lamp.service
文件目录关系图
[root@k8s6 salt]# tree /srv/salt/lamp/
/srv/salt/lamp/
├── config.sls
├── files
│ ├── httpd.conf
│ ├── my.c
│ └── php.ini
├── init.sls
├── pkg.sls
└── service.sls
启动服务
salt 'node1' state.sls lamp.init
4、jinja模板的使用
4.1)先在sls文件中定于使用jinja模板。并定于变量
[root@k8s6 lamp]# cat config.sls apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja - defaults: PORT: 88 ...............................
4.2) 在引用的配置文件中写入jinja模板
[root@k8s6 lamp]# cat files/httpd.conf
......
Listen {{ PORT }}
.....
salt 'node1' state.sls lamp.init 测试
5)扩展
5.1)引用salt默认的模块。{{ grains['fgdn_ip4'][0] }} 引入salt默认执行的结果
[root@k8s6 lamp]# cat files/httpd.conf Listen {{ grains['fgdn_ip4'][0] }}:{{ PORT }}
5.2)grains 也可写在sls的配置文件中
[root@k8s6 lamp]# cat config.sls apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://lamp/files/httpd.conf .......... - template: jinja - defaults: IPADDR: {{ {{ grains['fgdn_ip4'][0] }} }} PORT: 88
httpd.conf文件引用
[root@k8s6 lamp]# cat files/httpd.conf
Listen {{ IPADDR }}:{{ PORT }
5.3)salt远程执行模块
{{ salt['network.hw_addr']('ens33') }} # 写入配置文件模板
[root@k8s6 lamp]# salt 'node01' network.hw_addr ens33
node01:
00:0c:29:f7:16:c5
5.4)pillar 值获取
[root@k8s6 web]# salt '*' pillar.items k8s6: ---------- apache: httpd node01: ---------- 可写jinja模板 {{ pillar['apache'] }}
三、企业用法
案例:https://github.com/unixhot/saltbook-code/ base 基础环境 [root@k8s6 lamp]# vim /etc/salt/master file_roots: base: - /srv/salt/base prod: - /srv/salt/prod pillar_roots: base: - /srv/pillar/base prod: - /srv/pillar/prod [root@k8s6 salt]# mkdir /srv/salt/base [root@k8s6 salt]# mkdir /srv/salt/prod [root@k8s6 salt]# mkdir /srv/pillar/base [root@k8s6 salt]# mkdir /srv/pillar/prod [root@k8s6 lamp]# systemctl restart salt-master 1)base基础环境 init目录,环境初始化: 1、dns配置 2、history记录时间 3、记录命令操作 4、内核参数优化 5、安装yum仓库 6、安装zabbix-agent