1. master端打印所有minion的认证信息
#Print the master key fingerprint
[root@rhel65-lockey1 salt]# salt-key -F mater
2. pkg 函数
pkg 函数会自动将本地系统包管理器映射到相同的salt函数。这意味着 pkg.install 在基于Red Hat系统上将使用 yum 而在Debian系统上则使用 apt 来安装包,等等。
eg: salt '*' pkg.install lftp
模块函数network.interfaces <salt.modules.network.interfaces>
将会列出minion上的所有接口,以及它们的IP地址,子网掩码,MAC地址等
salt '*' network.interfaces
单独安装某个模块
[root@rhel65-lockey1 pillar]# salt rhel65-lockey3 state.single pkg.installed httpd/lftp
获取某种操作系统的主机
[root@rhel65-lockey1 salt]# salt -G "os:RedHat" cmd.run "hostname"
3. 添加grains的三种方法
1. [root@rhel65-lockey2 salt]# vim minion
grains:
roles:
- nginx
2. [root@rhel65-lockey2 salt]# vim grains
roles: apache
halo: lockey
[root@rhel65-lockey1 salt]# salt rhel65-lockey2 grains.item roles
rhel65-lockey2:
----------
roles:
apache
[root@rhel65-lockey1 salt]# salt rhel65-lockey2 grains.item halo
rhel65-lockey2:
----------
halo:
lockey
3. python扩展模块
[root@rhel65-lockey1 salt]# mkdir _grains
[root@rhel65-lockey1 salt]# cd _grains
[root@rhel65-lockey1 _grains]# cat my_grains.py
#!/usr/bin/env python
def my_grains():
grains = {}
grains['roles'] = 'nginx'
grains['name'] = 'lockey'
return grains
[root@rhel65-lockey1 salt]# salt rhel65-lockey[2,4] saltutil.sync_grains
rhel65-lockey4:
- grains.my_grains
rhel65-lockey2:
- grains.my_grains
在minion端查看同步
[root@rhel65-lockey2 minion]# pwd
/var/cache/salt/minion
[root@rhel65-lockey2 minion]# tree
.
├── accumulator
├── extmods
│ └── grains#####
│ ├── my_grains.py#####
│ └── my_grains.pyc#####
├── files
│ └── base
│ ├── _grains
│ │ └── my_grains.py
│ ├── httpd
│ │ ├── files
│ │ │ └── httpd.conf
│ │ └── web.sls
│ ├── nginx
在master端进行验证
[root@rhel65-lockey1 salt]# salt rhel65-lockey[2,4] grains.item roles
rhel65-lockey2:
----------
roles:
nginx
rhel65-lockey4:
----------
roles:
nginx
通过标签判定来整体推送一个haproxy组合
[root@rhel65-lockey1 salt]# cat top.sls
base:
'rhel65-lockey5':#172.25.5.95
- haproxy.service
'roles:nginx':
- match: grain
- nginx.service
[root@rhel65-lockey1 salt]# salt ‘*’ state.highstate# test=true
[root@rhel65-lockey1 files]# for i in {1..10};do curl 172.25.5.95;done
<h1>Welcome to nginx! -lockey4</h1>
<h1>Welcome to nginx! server-lockey2</h1>
<h1>Welcome to nginx! -lockey4</h1>
<h1>Welcome to nginx! server-lockey2</h1>
<h1>Welcome to nginx! -lockey4</h1>
<h1>Welcome to nginx! server-lockey2</h1>
<h1>Welcome to nginx! -lockey4</h1>
<h1>Welcome to nginx! server-lockey2</h1>
<h1>Welcome to nginx! -lockey4</h1>
<h1>Welcome to nginx! server-lockey2</h1>
4. pillar
[root@rhel65-lockey1 salt]# vim master
pillar_roots:
base:
- /srv/pillar
[root@rhel65-lockey1 pillar]# cat top.sls
base:
'rhel65-lockey2':
- webservice.web
'rhel65-lockey4':
- webservice.web
[root@rhel65-lockey1 pillar]# cat webservice/web.sls
{% if grains['host'] == 'rhel65-lockey2' %}
web: nginx
{% elif grains['host'] == 'rhel65-lockey4' %}
web: httpd
{% endif %}
master端测试
[root@rhel65-lockey1 pillar]# salt ‘*’ saltutil.refresh_pillar
rhel65-lockey4:
True
rhel65-lockey3:
True
rhel65-lockey1:
True
rhel65-lockey5:
True
rhel65-lockey2:
True
[root@rhel65-lockey1 pillar]# salt ‘*’ pillar.items
rhel65-lockey5:
----------
rhel65-lockey1:
----------
rhel65-lockey4:
----------
web:
httpd##########
rhel65-lockey3:
----------
rhel65-lockey2:
----------
web:
nginx##########
[root@rhel65-lockey1 pillar]# salt -I ‘web:nginx’ test.ping
rhel65-lockey2:
True
[root@rhel65-lockey1 pillar]# salt -I ‘web:httpd’ test.ping
rhel65-lockey4:
True
[root@rhel65-lockey1 pillar]# salt -S 172.25.5.0/24 test.ping
5. jinja模板的简单使用(以配置apache绑定ip和监听ip为例)
1.引用模板,并将内容写到context选项中
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- group: root
- template: jinja###
- context:###
bind: 172.25.5.92###
port: 8080###
vim httpd.conf#在对应配置文件中引用格式如下
Listen {{ bind }}:{{ port }}
2.直接写一个文件
[root@server4 files]# cat lib.sls
{% set port = 8080 %}
{% set bind = '172.25.0.5' %}
[root@server4 files]# cat httpd.conf #在配置文件中导入写好的定义文件,并且引用变量
{% from 'httpd/files/lib.sls' import port with context %}
{% from 'httpd/files/lib.sls' import bind with context %}
Listen {{ bind }}:{{ port }}
#Listen {{ grains['ipv4'][1] }}:{{ port }}
#Listen {{ grains['fqdn_ip4'][0] }}:{{ port }}
[root@rhel65-lockey1 httpd]# salt rhel65-lockey3 grains.item ‘fqdn_ip4’
rhel65-lockey3:
----------
fqdn_ip4:
- 172.25.5.93
3.通过pillar为不同主机添加绑定ip和端口
[root@server4 nginx]# cat web.sls
{% if grains['host'] == 'server3' %}
bind: 172.25.0.3
{% elif grains['host'] == 'server5' %}
bind: 172.25.0.5
{% endif %}
[root@server4 nginx]# pwd
/srv/pillar/nginx
[root@server4 httpd]# cat /srv/salt/httpd/web.sls | grep bind
bind: {{ pillar['bind'] }}
salt ‘*’ saltutil.refresh_pillar
#刷新pillar设置
salt * pillar.items
#查看pillar设置
6. Master端白名单
# Allow Minions from these networks允许以下网络的minion
-I INPUT -s 10.1.2.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
-I INPUT -s 10.1.3.0/24 -p tcp -m multiport --dports 4505,4506 -j ACCEPT
# Allow Salt to communicate with Master on the loopback interface
-A INPUT -i lo -p tcp -m multiport --dports 4505,4506 -j ACCEPT
# Reject everything else拒绝其他所有
-A INPUT -p tcp -m multiport --dports 4505,4506 -j REJECT
7. 使用grains模板
很多时候一个state 在不同的系统上行为要不一样, Salt grains 在模板文本中将可以被应用,grains
可以被使用在模板内。
apache:
pkg.installed:
{% if grains['os'] == 'RedHat' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
salt-cp ‘*’ /etc/passwd /mnt/
#通过salt进行文件的拷贝
salt server3 service.getall/.reload nginx
#通过salt控制服务的状态