saltstack自动化运维系列⑤之saltstack的配置管理详解
配置管理初始化:
a.服务端配置
vim /etc/salt/master
file_roots: base: - /srv/salt/base test: - /srv/salt/test prod: - /srv/salt/prod
mkdir -p /srv/salt/base
mkdir /srv/salt/test
mkdir /srv/salt/prod
1.统一管理dns配置文件resolv.conf
创建模板文件
mkdir /srv/salt/base/files
vim /srv/salt/base/files/resolv.conf
nameserver 192.168.1.13
nameserver 8.8.8.8
执行上面的状态文件,salt:命令 *:代表所有minion,state模块 sls方法 dns:要执行的state文件,可以看到minion客户端的resolv.conf已经改成了我们需要的文件
# salt '*' state.sls dns
mini1:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:07:44.479560
Duration: 16.366 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,3 @@
nameserver 192.168.1.13
-nameserver 192.168.1.14
+nameserver 8.8.8.8
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
node2.chinasoft.com:
----------
ID: /etc/resolv.conf
Function: file.managed
Result: True
Comment: File /etc/resolv.conf updated
Started: 10:08:03.539547
Duration: 19.836 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,3 @@
nameserver 192.168.1.13
-nameserver 192.168.1.14
+nameserver 8.8.8.8
Summary
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
2.通过执行高级状态进行配置管理
编写top file,执行高级状态
top.sls是默认的入口文件,名称也是top.sls,必须放在base环境下
# cat top.sls
base: #base环境
'*': #指定base环境下的minion主机
- dns #高级状态需要执行服务
执行高级状态,意思是从top.sls开始读入,进行匹配执行状态文件
# salt '*' state.highstate
关于配置文件的语法说明:
a.缩进:YAML使用一个固定的缩进风哥表示数据层结构关系,salt需要每个缩进级别由两个空格组成,不要使用tabs键
b.短横线:想要表示列表项,使用一个短横线加一个空格,多个项使用同样的缩进级别作为同一列表的一部分
3.使用jinja模板进行配置管理:
jinja语法说明:
a.-File状态使用template参数-template:jinja
b.-模板文件里面变量使用{{名称}}
{{PORT}}
c.变量列表
- defualts:
PORT: 80
①.编辑配置文件
# cat dns.sls
/etc/resolv.conf: file.managed: - source: salt://files/resolv.conf - user: root - group: root - mode: 644 - template: jinja - defaults: DNS_SERVER: 202.96.134.133
②.编辑模板文件
# vim /srv/salt/base/files/resolv.conf
#jinja template
nameserver {{DNS_SERVER}}
②.执行配置状态
# salt '*' state.sls dns
jinja结合grains
# cat files/resolv.conf
#jinja template
# {{ grains['fqdn_ip4']}}
nameserver {{DNS_SERVER}}
④执行配置:
# salt '*' state.sls dns
可以看到客户端已经添加了客户端IP地址
# cat /etc/resolv.conf
#jinja template
# ['192.168.3.12']
nameserver 202.96.134.133
4.综合示例使用salt初始化系统::
a. dns配置
b. 历史命令记录时间用户
c. 增加命令审计记录
①.建立初始化目录和配置文件目录
# mkdir /srv/salt/base/init
# mkdir /srv/salt/base/init/files
# pwd
/srv/salt/base
[root@mini1 base]# tree
.
├── init
└── top.sls
1 directory, 1 file
②.编写初始化配置文件
a.编写初始化dns配置
vim /srv/salt/base/init/dns.sls
/etc/resolv.conf: file.managed: - source: salt://init/files/resolv.conf - user: root - group: root - mode: 644
# cp /etc/resolv.conf /srv/salt/base/init/files/
b.初始化history命令,在历史命令中显示执行命令时间和用户
# cat /srv/salt/base/init/history.sls
/etc/profile: file.append: - text: - export HISTTIMEFORMAT="%F %T `whoami`"
c.添加命令审计功能,即在/var/log/message中显示命令的详细信息
export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;});logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
命令效果如下:
# tail -f /var/log/messages
Apr 10 20:18:07 localhost root: [euid=root]:root pts/0 2017-04-10 20:11 (192.168.3.84):[/root]w
Apr 10 20:18:22 localhost root: [euid=root]:root pts/0 2017-04-10 20:11 (192.168.3.84):[/root]ps -ef|grep nginx
Apr 10 20:18:27 localhost root: [euid=root]:root pts/0 2017-04-10 20:11 (192.168.3.84):[/root]ps -ef|grep zabbix
③编写配置文件
# cat /srv/salt/base/init/audit.sls
/etc/bashrc: file.append: - text: - export PROMPT_COMMAND='{ msg=$(history 1 | { read x y; echo $y;});logger "[euid=$(whoami)]":$(who am i):[`pwd`]"$msg";}'
④内核参数调优
参考:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.sysctl.html#module-salt.states.sysctl
# cat /srv/salt/base/init/sysctl.sls
vm.swappiness: sysctl.present: - value: 0 net.ipv4.ip_local_port_range: sysctl.present: - value: 10000 65000 fs.file-max: sysctl.present: - value: 100000
⑤编写总的包含文件,即执行该状态会寻找dns/history/audit/sysctl等参数配置
# cat /srv/salt/base/init/env_init.sls
include: - init.dns - init.history - init.audit - init.sysctl
⑥编写入口文件top.sls
# cat /srv/salt/base/top.sls
base: '*': - init.env_init
进行配置测试,发现报错:
# salt '*' state.highstate test=True
mini1:
Data failed to compile:
----------
Detected conflicting IDs, SLS IDs need to be globally unique.
The conflicting ID is '/etc/profile' and is found in SLS 'base:init.history' and SLS 'base:init.audit'
node2.chinasoft.com:
Data failed to compile:
----------
Detected conflicting IDs, SLS IDs need to be globally unique.
The conflicting ID is '/etc/profile' and is found in SLS 'base:init.history' and SLS 'base:init.audit'
原因:/etc/profile这个ID重复
将 audit.sls 这个/etc/profile改为/etc/bashrc即可
再次执行配置变更即可:
# salt '*' state.highstate