本篇博客直接讲解saltstack工具包,实验配置参照之前三篇:
Grains工具:
Saltstack里的Grains功能,讲的是minion端的静态变量,在master端通过Grains可以获得minion对应的变量值。
在server2打开grains工具包:
[root@server2 html]# /etc/init.d/httpd stop
Stopping httpd: [ OK ]
[root@server2 html]# cd
[root@server2 ~]# ls
[root@server2 ~]# vim /etc/salt/minion 打开grsains工具包
[root@server2 ~]# /etc/init.d/salt-minion restart
Stopping salt-minion:root:server2 daemon: OK
Starting salt-minion:root:server2 daemon: OK
[root@server2 ~]# cd /var/cache/
[root@server2 cache]# ls
ldconfig mod_proxy salt yum
[root@server2 cache]# cd salt/
[root@server2 salt]# pwd
/var/cache/salt
[root@server2 salt]# ls
minion
在server1进行推送检测:
[root@server1 ~]# salt server2 grains.item 进行推送
server2:
----------[root@server1 salt]# ls
_grains haproxy httpd nginx pkgs top.sls users
[root@server1 salt]# cd httpd/
[root@server1 httpd]# ls
apache.sls files
[root@server1 httpd]# vim apache.sls
[root@server1 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.38.2
port: 8080
[root@server1 ~]# salt server2 grains.item ipv4 可以推送获取server2的IP
server2:
----------
ipv4:
- 127.0.0.1
- 172.25.38.2
[root@server1 ~]# salt server2 grains.item os 可以推送获取server2的操作系统名字
server2:
----------
os:
RedHat
[root@server1 ~]# salt '*' grains.ls 显示每个主机里面Grains工具的方法
server3:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- server_id
- shell
- uid
- username
- uuid
- virtual
- zmqversion
server2:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- server_id
- shell
- uid
- username
- uuid
- virtual
- zmqversion
server1:
- SSDs
- biosreleasedate
- biosversion
- cpu_flags
- cpu_model
- cpuarch
- disks
- dns
- domain
- fqdn
- fqdn_ip4
- fqdn_ip6
- gid
- gpus
- groupname
- host
- hwaddr_interfaces
- id
- init
- ip4_interfaces
- ip6_interfaces
- ip_interfaces
- ipv4
- ipv6
- kernel
- kernelrelease
- locale_info
- localhost
- manufacturer
- master
- mdadm
- mem_total
- nodename
- num_cpus
- num_gpus
- os
- os_family
- osarch
- oscodename
- osfinger
- osfullname
- osmajorrelease
- osrelease
- osrelease_info
- path
- pid
- productname
- ps
- pythonexecutable
- pythonpath
- pythonversion
- saltpath
- saltversion
- saltversioninfo
- selinux
- server_id
- shell
- uid
- username
- uuid
- virtual
- zmqversion
[root@server1 ~]# salt '*' grains.item roles 查看所有主机的item规则项无法查看到server3
server2:
----------
roles:
- apache
server3:
----------
roles:
server1:
----------
roles:
在server3进行配置:
[root@server3 ~]# vim /etc/salt/grains
[root@server3 ~]# cat /etc/salt/grains 创建访问规则
roles:
nginx
[root@server1 ~]# salt server3 saltutil.sync_grains 同步工具包
server3:
[root@server1 ~]# salt '*' grains.item roles 可以查看所有主机
server1:
----------
roles:
server2:
----------
roles:
- apache
server3:
----------
roles:
nginx
[root@server1 ~]# cd /srv/salt/
[root@server1 salt]# vim top.sls
[root@server1 salt]# cat top.sls 添加工具包
base:
'server1':
- haproxy.install
'roles:apache':
- match: grain
- httpd.apache
'roles:nginx':
- match: grain
- nginx.service
[root@server1 salt]# salt '*' state.highstate 进行推送
server3:
----------
ID: nginx-group
Function: group.present
Name: nginx
Result: True
Comment: Group nginx is present and up to date
Started: 16:22:33.431858
Duration: 2.199 ms
Changes:
----------
ID: nginx-user
Function: user.present
Name: nginx
Result: True
Comment: User nginx is present and up to date
Started: 16:22:33.440915
Duration: 45.463 ms
Changes:
----------
ID: make-gcc
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 16:22:34.129065
Duration: 795.251 ms
Changes:
----------
ID: nginx-install
Function: file.managed
Name: /mnt/nginx-1.14.0.tar.gz
Result: True
Comment: File /mnt/nginx-1.14.0.tar.gz is in the correct state
Started: 16:22:34.927214
Duration: 99.053 ms
Changes:
----------
ID: nginx-install
Function: cmd.run
Name: cd /mnt && tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0 && sed -i.bak 's/#define NGINX_VER "nginx\/" NGINX_VERSION/#define NGINX_VER "nginx"/g' src/core/nginx.h && sed -i.bak 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module --with-threads --with-file-aio &> /dev/null && make &> /dev/null && make install &> /dev/null
Result: True
Comment: /usr/local/nginx exists
Started: 16:22:35.026984
Duration: 0.378 ms
Changes:
----------
ID: /usr/local/nginx/conf/nginx.conf
Function: file.managed
Result: True
Comment: File /usr/local/nginx/conf/nginx.conf is in the correct state
Started: 16:22:35.027458
Duration: 80.128 ms
Changes:
----------
ID: nginx-service
Function: file.managed
Name: /etc/init.d/nginx
Result: True
Comment: File /etc/init.d/nginx is in the correct state
Started: 16:22:35.107801
Duration: 69.911 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: The service nginx is already running
Started: 16:22:35.179416
Duration: 55.849 ms
Changes:
Summary for server3
------------
Succeeded: 8
Failed: 0
------------
Total states run: 8
Total run time: 1.148 s
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 16:22:33.913339
Duration: 590.008 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 16:22:34.503508
Duration: 0.515 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 16:22:34.506488
Duration: 101.941 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 16:22:34.608769
Duration: 173.299 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 4 (changed=1)
Failed: 0
------------
Total states run: 4
Total run time: 865.763 ms
server1:
----------
ID: haproxy-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 16:22:33.648824
Duration: 1182.036 ms
Changes:
----------
ID: haproxy-install
Function: file.managed
Name: /etc/haproxy/haproxy.cfg
Result: True
Comment: File /etc/haproxy/haproxy.cfg is in the correct state
Started: 16:22:34.845936
Duration: 52.316 ms
Changes:
----------
ID: haproxy-install
Function: service.running
Name: haproxy
Result: True
Comment: The service haproxy is already running
Started: 16:22:34.904702
Duration: 214.22 ms
Changes:
Summary for server1
------------
Succeeded: 3
Failed: 0
------------
Total states run: 3
Total run time: 1.449 s
[root@server1 salt]# ls
haproxy httpd nginx pkgs top.sls users
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
[root@server1 _grains]# cat my_grains.py 编写python脚本
#!/usr/bin/env python
def my_grains():
grains = {}
grains['hello'] = 'world'
grains['salt'] = 'stack'
return grains
[root@server1 _grains]# salt server2 saltutil.sync_grains 同步
server2:
- grains.my_grains
配置server2:
[root@server2 salt]# yum install tree -y 安装树形工具
[root@server2 salt]# tree minion/
minion/
├── accumulator
├── extmods
│ └── grains
│ ├── my_grains.py 可以查看grains信息
│ └── my_grains.pyc
├── files
│ └── base
│ ├── _grains
│ │ └── my_grains.py
│ ├── httpd
│ │ ├── apache.sls
│ │ └── files
│ │ └── httpd.conf
│ └── top.sls
├── highstate.cache.p
├── module_refresh
├── pkg_refresh
├── proc
└── sls.p
[root@server1 _grains]# salt '*' grains.item hello 可以对应的输出结果
server3:
----------
hello:
server2:
----------
hello:
world
server1:
----------
hello:
[root@server1 _grains]# salt '*' grains.item salt
server1:
----------
salt:
server3:
----------
salt:
server2:
----------
salt:
stack
Pillar工具:
相对于Grains的静态参数,Pillar可以配置更灵活的参数,熟练地运用Pillar可以十分强大的发挥Saltstack的威力。
Pillar的配置设定在/srv/pillar目录下,使用Pillar须有/srv/pillar/top.sls文件
pillar工具的配置:
[root@server1 ~]# ls
[root@server1 ~]# vim /etc/salt/master 打开pillar工具包
[root@server1 ~]# mkdir /srv/pillar
[root@server1 ~]# cd /srv/pillar/
[root@server1 pillar]# ls
[root@server1 pillar]# mkdir web
[root@server1 pillar]# cd web/
[root@server1 web]# ls
[root@server1 web]# pwd
/srv/pillar/web
[root@server1 web]# vim install.sls
[root@server1 web]# cat install.sls
{% if grains['fqdn'] == 'server2' %} 如果主机名字等于server2
webserver: httpd
{% elif grains['fqdn'] == 'server3' %} 再如果主机名字等于server3
webserver: nginx
{% endif %}
[root@server1 web]# cd ..
[root@server1 pillar]# ls
web
[root@server1 pillar]# vim top.sls pallar工具包必须保证top.sls文件的存在
[root@server1 pillar]# cat top.sls
base:
'*': 所有主机
- web.install
[root@server1 pillar]# /etc/init.d/salt-master restart 重载服务
Stopping salt-master daemon: [ OK ]
Starting salt-master daemon: [ OK ]
[root@server1 pillar]# salt '*' saltutil.refresh_pillar 刷新
server3:
True
server2:
True
server1:
True
[root@server1 pillar]# salt '*' pillar.items 查看Pillar中的item状态
server1:
----------
server2:
----------
webserver:
httpd
server3:
----------
webserver:
nginx
[root@server1 pillar]# salt -G 'roles:apache' test.ping
server2:
True
[root@server1 pillar]# salt -G 'roles:nginx' test.ping
server3:
True
[root@server1 pillar]# salt -I 'webserver:httpd' test.ping
server2:
True
[root@server1 pillar]# salt -I 'webserver:nginx' test.ping
server3:
True
[root@server1 salt]# ls
_grains haproxy httpd nginx pkgs top.sls users
[root@server1 salt]# cd httpd/
[root@server1 httpd]# ls
apache.sls files
[root@server1 httpd]# vim apache.sls
[root@server1 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.38.2
port: 8080 写入8080端口
[root@server1 httpd]# cd files/
[root@server1 files]# vim httpd.conf
[root@server1 files]# salt server2 state.sls httpd.apache 推送安装阿帕其
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 17:31:08.172823
Duration: 388.755 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 17:31:08.561774
Duration: 0.591 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:31:08.565533
Duration: 82.235 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 80
+Listen 8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:31:08.679350
Duration: 78.411 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
Total run time: 549.992 ms
[root@server1 files]# vim httpd.conf
[root@server1 files]# salt server2 state.sls httpd.apache
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 17:34:38.907469
Duration: 366.805 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 17:34:39.274457
Duration: 0.56 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:34:39.277908
Duration: 82.69 ms
Changes:
----------
diff:
---
+++
@@ -133,7 +133,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 172.25.38.28080
+Listen 172.25.38.2:8080
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:34:39.389853
Duration: 73.836 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
Total run time: 523.891 ms
在server2查看主配置文件已经被推送成功:
[root@server2 salt]# vim /etc/httpd/conf/httpd.conf
[root@server1 files]# cd ..
[root@server1 httpd]# ls
apache.sls files
[root@server1 httpd]# vim lib.sls
[root@server1 httpd]# cat lib.sls
{% set port = 80 %}
[root@server1 httpd]# ls
apache.sls files lib.sls
[root@server1 httpd]# cd files/
[root@server1 files]# ls
httpd.conf
[root@server1 files]# vim httpd.conf
[root@server1 files]# cat httpd.conf | head -n 1
{% from 'httpd/lib.sls' import port with context %}
[root@server1 files]# salt server2 state.sls httpd.apache 再次推送
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 17:45:34.059447
Duration: 369.071 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 17:45:34.428716
Duration: 0.629 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:45:34.432469
Duration: 132.433 ms
Changes:
----------
diff:
---
+++
@@ -1,3 +1,4 @@
+
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
@@ -133,7 +134,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen 172.25.38.2:8080
+Listen 172.25.38.2:80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service httpd is already enabled, and is running
Started: 17:45:34.565107
Duration: 126.89 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
Total run time: 629.023 ms
[root@server1 files]# cd ..
[root@server1 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: 172.25.38.2
port: 8080
[root@server1 httpd]# ls
apache.sls files lib.sls
[root@server1 httpd]# cat lib.sls
{% set port = 80 %}
[root@server1 httpd]# ls
apache.sls files lib.sls
[root@server1 httpd]# salt server2 grains.item ip
server2:
----------
ip:
[root@server1 httpd]# salt server2 grains.item ipv4 可以获取IP
server2:
----------
ipv4:
- 127.0.0.1
- 172.25.38.2
[root@server1 httpd]# vim apache.sls 加入grains工具包
[root@server1 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ grains['ipv4'][-1] }}
port: 8080
[root@server1 httpd]# vim files/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.apache 再次推送
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 17:59:20.434451
Duration: 367.599 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 17:59:20.802246
Duration: 0.57 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf updated
Started: 17:59:20.805672
Duration: 112.072 ms
Changes:
----------
diff:
---
+++
@@ -134,7 +134,7 @@
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
-Listen ['127.0.0.1', '172.25.38.2']:80
+Listen 172.25.38.2:80
#
# Dynamic Shared Object (DSO) Support
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: Service reloaded
Started: 17:59:20.947350
Duration: 75.424 ms
Changes:
----------
httpd:
True
Summary for server2
------------
Succeeded: 4 (changed=2)
Failed: 0
------------
Total states run: 4
Total run time: 555.665 ms
[root@server1 httpd]# vim files/httpd.conf
[root@server1 httpd]# vim apache.sls
[root@server1 httpd]# cat apache.sls
httpd:
pkg.installed
php:
pkg.installed
apache:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: /etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- mode: 644
- user: root
- template: jinja
- context:
bind: {{ pillar['bind'] }}
port: {{ pillar['port'] }}
在server1进行推送:
[root@server1 httpd]# salt server2 state.sls httpd.apache
server2:
----------
ID: httpd
Function: pkg.installed
Result: True
Comment: Package httpd is already installed
Started: 18:11:48.792929
Duration: 378.969 ms
Changes:
----------
ID: php
Function: pkg.installed
Result: True
Comment: Package php is already installed
Started: 18:11:49.172097
Duration: 0.55 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 18:11:49.175497
Duration: 110.132 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 18:11:49.285842
Duration: 28.727 ms
Changes:
Summary for server2
------------
Succeeded: 4
Failed: 0
------------
Total states run: 4
Total run time: 518.378 ms
[root@server1 httpd]# netstat -antlp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 20742/haproxy
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 907/sshd
tcp 0 0 0.0.0.0:4505 0.0.0.0:* LISTEN 26199/python2.6
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 983/master
tcp 0 0 0.0.0.0:4506 0.0.0.0:* LISTEN 26205/python2.6
tcp 0 0 172.25.38.1:4505 172.25.38.1:40244 ESTABLISHED 26199/python2.6
tcp 0 0 172.25.38.1:4505 172.25.38.2:60851 ESTABLISHED 26199/python2.6
tcp 0 0 172.25.38.1:4505 172.25.38.3:50634 ESTABLISHED 26199/python2.6
tcp 0 0 127.0.0.1:42535 127.0.0.1:4506 TIME_WAIT -
tcp 0 0 172.25.38.1:40244 172.25.38.1:4505 ESTABLISHED 18233/python2.6
tcp 0 0 172.25.38.1:22 172.25.38.250:51278 ESTABLISHED 23060/sshd
tcp 0 0 :::22 :::* LISTEN 907/sshd
tcp 0 0 ::1:25 :::* LISTEN 983/master