一、state模塊與pillar描述
Salt使用State模塊文件進行配置管理,使用YAML編寫,以.sls結尾,如果進行配置管理首先需要再Master的配置文件中指定“file roots”的選項,Salt支持的環境的配置,比如開發環節、測試環境、生產環境,但是base環境時必須的,而且base環境必須包含入口文件top.sls
二、安裝nginx同步文件
第一步:設置file_roots
修改Master配置文件,指定Flie_roots [root@salt-server ~]# vim /etc/salt/master file_roots: base: - /srv/salt/ 創建相應的目錄 [root@salt-server ~]# mkdir /srv/salt/ -p 重啟Salt_Master [root@salt-server ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [確定] Starting salt-master daemon: [確定]
第二步:設置top.sls
在top.sls入口文件設置環境(如生產、開發、測試對應不同的minion和模塊) [root@salt-server ~]# cat /srv/salt/top.sls base: '*': - nginx 解釋:所有的Minion均執行base目錄下的init模塊下的pkg-int.sls,我們可以把很多的sls放在一個目錄中,方便管理,在top.sls只需要指定目錄結構即可。
第三步:編寫狀態文件
[root@salt-server salt]# cat /srv/salt/nginx/init.sls nginx: #定義top.sls定義的模塊 pkg: #使用pkg模塊 - installed #安裝nginx軟件 service: #服務控制模塊 - running #運行狀態 - enable: True #權限開啟 - reload: True #允許reload重啟 - watch: #控制文件 - pkg: nginx #控制的軟件 - file: /etc/nginx/nginx.conf #要控制文件的文件定義名稱 - file: /etc/nginx/conf.d/default.conf #要控制文件的文件定義名稱 /etc/nginx/nginx.conf: #定義控制文件的名稱 file.managed: #格式語句 - source: salt://etc/nginx/nginx.conf #具體的文件目錄 - user: root #執行的用戶 - group: root #執行的用戶組 - mode: 644 #文件權限 /etc/nginx/conf.d/default.conf: #定義控制文件的名稱 file.managed: #格式語句 - source: salt://etc/nginx/conf.d/default.conf #具體的文件目錄 - user: root #執行的用戶 - group: root #執行的用戶組 - mode: 644 #文件權限
第四步:在服務端執行狀態
[root@salt-server nginx]# salt 'salt-client' state.sls nginx salt-client: ---------- ID: nginx Function: pkg.installed Result: True Comment: Package nginx is already installed. Started: 00:56:25.529338 Duration: 671.85 ms Changes: ---------- ID: /etc/nginx/nginx.conf Function: file.managed Result: True Comment: File /etc/nginx/nginx.conf is in the correct state Started: 00:56:26.203403 Duration: 13.28 ms Changes: ---------- # ID: /etc/nginx/conf.d/default.conf Function: file.managed Result: True Comment: File /etc/nginx/conf.d/default.conf is in the correct state Started: 00:56:26.216797 Duration: 2.701 ms Changes: ---------- ID: nginx Function: service.running Result: True Comment: Service nginx has been enabled, and is running Started: 00:56:26.219708 Duration: 264.564 ms Changes: ---------- nginx: True Summary ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 根據上面的設置,執行完狀態后。Salt會檢查Minion上是否有上面編寫的三個軟件包。如果沒有就會自動使用Yum安裝上。
第五步:在客戶端執行狀態
root@salt-client salt]# salt-call state.sls nginx [INFO ] Loading fresh modules for state activity [INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://nginx/init.sls' [INFO ] Running state [nginx] at time 00:58:26.812398 [INFO ] Executing state pkg.installed for nginx [INFO ] Executing command ['rpm', '-qa', '--queryformat', '%{NAME}_|-%{EPOCH}_|-%{VERSION}_|-%{RELEASE}_|-%{ARCH}_|-(none)\n'] in directory '/root' [INFO ] Package nginx is already installed. [INFO ] Completed state [nginx] at time 00:58:27.524314 [INFO ] Running state [/etc/nginx/nginx.conf] at time 00:58:27.527537 [INFO ] Executing state file.managed for /etc/nginx/nginx.conf [INFO ] File /etc/nginx/nginx.conf is in the correct state [INFO ] Completed state [/etc/nginx/nginx.conf] at time 00:58:27.533598 [INFO ] Running state [/etc/nginx/conf.d/default.conf] at time 00:58:27.534046 [INFO ] Executing state file.managed for /etc/nginx/conf.d/default.conf [INFO ] Fetching file from saltenv 'base', ** done ** 'etc/nginx/conf.d/default.conf' [INFO ] File changed: --- +++ @@ -3,7 +3,7 @@ # server { - listen 80 default_server; + listen 8080 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; [INFO ] Completed state [/etc/nginx/conf.d/default.conf] at time 00:58:27.671234 [INFO ] Running state [nginx] at time 00:58:27.671870 [INFO ] Executing state service.running for nginx [INFO ] Executing command '/sbin/service nginx status' in directory '/root' [INFO ] Executing command '/sbin/chkconfig --list nginx' in directory '/root' [INFO ] Executing command '/sbin/runlevel' in directory '/root' [INFO ] Service nginx is already enabled, and is in the desired state [INFO ] Completed state [nginx] at time 00:58:27.752846 [INFO ] Running state [nginx] at time 00:58:27.754657 [INFO ] Executing state service.mod_watch for nginx [INFO ] Executing command '/sbin/service nginx status' in directory '/root' [INFO ] Executing command '/sbin/service nginx reload' in directory '/root' [INFO ] {'nginx': True} [INFO ] Completed state [nginx] at time 00:58:27.844721 local: ---------- ID: nginx Function: pkg.installed Result: True Comment: Package nginx is already installed. Started: 00:58:26.812398 Duration: 711.916 ms Changes: ---------- ID: /etc/nginx/nginx.conf Function: file.managed Result: True Comment: File /etc/nginx/nginx.conf is in the correct state Started: 00:58:27.527537 Duration: 6.061 ms Changes: ---------- ID: /etc/nginx/conf.d/default.conf Function: file.managed Result: True Comment: File /etc/nginx/conf.d/default.conf updated Started: 00:58:27.534046 Duration: 137.188 ms Changes: ---------- diff: --- +++ @@ -3,7 +3,7 @@ # server { - listen 80 default_server; + listen 8080 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; ---------- ID: nginx Function: service.running Result: True Comment: Service reloaded Started: 00:58:27.754657 Duration: 90.064 ms Changes: ---------- nginx: True Summary ------------ Succeeded: 4 (changed=2) Failed: 0 ------------ Total states run: 4
三、訂制時間自動同步
1、可將salt-call state.sls nginx命令在客戶端添加到crontab中即可 2、使用SaltStack原生的pillar模塊來實現。 pillar是salt非誠重要的一個組件,它用於給特定的minion定義任何你需要的數據,這些數據可以被salt的其他組件使用。 salt在0.9.8版本中引入了pillar。 pillar在解析完成后,是一個嵌套的dict結構,最上層的key是minion ID,其value是該minion所擁有的pillar數據,每個value也都是key/value。這里可以看出pillar的一個特點,pillar數據是與特定minion關聯的,也就是說每個minion都是只能看到自己的數據,所以pillar可以用來傳遞敏感數據(在salt的設計中,pillar使用獨立的加密session,也是為了保證敏感數據的安全性)。pillar可以用在那些地方呢? 1、敏感數據 例如ssh key,加密證書等,由於pillar使用獨立的加密session,可以確保這些敏感數據不被其他minion看到。 2、變量 可以在pillar中處理平台差異性,比如針對不同的操作系統設置軟件包的名字,然后在state中引用。 3、其他任何數據 可以在pillar中添加任何需要用到的數據,比如定義用戶和UID的對應關系,minion的角色等。 4、用在targetting中 pillar可以用來選擇minion,使用-l選項 默認情況下,master配置文件中的所有數據都添加到pillar中,且對所有minion可用,如果要禁用這一默認值,可以在master配置文件中添加如下數據,重啟服務后生效。 pillar示例 http://docs.saltstack.cn/topics/jobs/schedule.html pillar定義定時任務 首先修改/etc/salt/master中pillar模塊的配置 每分鍾同步一下nginx配置文件 [root@salt-server pillar]# cat top.sls base: '*': - nginx [root@salt-server pillar]# cat nginx.sls schedule: nginx: function:state.sls minutes: 1 #每分鍾 #seconds: 30 #秒級 args: - 'nginx' salt '*' saltutil.refresh_pillar #刷新所有機器上的pillar salt '*' pillar.data #查看所有機器上的pillar
四:操作練習
下面是我生產安裝Haproxy的案例,使用的源碼,敬請參考下。
haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.5.3.tar.gz - source: salt://haproxy/files/haproxy-1.5.3.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.3.tar.gz && cd haproxy-1.5.3 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - file: haproxy-install /etc/init.d/haproxy: file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list | grep haproxy - require: - file: /etc/init.d/haproxy 下面是我生產同步nginx配置文件的案例,使用的源碼。 nginx: pkg: - installed service: - running - enable: True - reload: True -watch: - pkg: nginx - file: /etc/nginx/nginx.conf - file: /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf: file.managed: - source: salt://etc/nginx.nginx.conf - user:root - group: root - mode: 644 /etc/nginx/conf.d/default.conf file.managed: - source:salt://etc/nginx/conf.d/default.conf - user: root - group: root - mode: 644