实验环境:
已经实现saltstack一键部署apache服务与nginx服务
1.grains模块
[root@server1 nginx]# cd ..
[root@server1 salt]# ls
httpd nginx top.sls users
[root@server1 salt]# vim top.sls
####################
base:
'server2':
- httpd.service
'server3':
- nginx.service
[root@server1 salt]# salt server2 grains.item fqdn
[root@server1 salt]# salt server3 grains.item fqd
[root@server2 ~]# vim /etc/salt/minion
[root@server2 ~]# systemctl restart salt-minion
[root@server3 ~]# vim /etc/salt/minion
[root@server3 ~]# systemctl restart salt-minion
[root@server1 salt]# salt server2 grains.item roles
[root@server1 salt]# salt server3 grains.item roles
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir _grains
[root@server1 salt]# cd _grains/
[root@server1 _grains]# vim my_grains.py
#######################
#!/usr/bin/env python
def my_grains():
grains = {}
grains['roles'] = 'nginx'
grains['hello'] = 'world'
return grains
[root@server1 _grains]# salt server3 grains.item roles
[root@server1 _grains]# salt server3 grains.item hello
[root@server1 _grains]# salt server3 saltutil.sync_grains
[root@server3 ~]# cd /etc/salt/
[root@server3 salt]# tree minion
-bash: tree: command not found
[root@server3 salt]# yum install -y tree
[root@server3 salt]# tree minion
[root@server1 _grains]# cd ..
[root@server1 salt]# ls
_grains httpd nginx top.sls users
[root@server1 salt]# vim top.sls
####################
base:
'roles:httpd':
- match: grain
- httpd.service
'roles:nginx':
- match: grain
- nginx.service
[root@server1 salt]# salt server[2,3] state.highstate
2.pillar模块
[root@server1 salt]# vim /etc/salt/master
[root@server1 salt]# systemctl restart salt-master
[root@server1 salt]# mkdir /srv/pillar
[root@server1 salt]# cd /srv/pillar/
[root@server1 pillar]# vim web.sls
######################
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
{% endif %}
[root@server1 pillar]# vim top.sls
######################
base:
'*':
- web
[root@server1 pillar]# salt '*' pillar.items
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
3.jinja模块
(1).更改监听端口和监听主机
[root@server2 ~]# netstat -antlp | grep httpd
tcp6 0 0 :::8080 :::* LISTEN 2356/httpd
[root@server1 pillar]# cd /srv/salt/httpd/
[root@server1 httpd]# ls
files install.sls service.sls
[root@server1 httpd]# vim service.sls
#####################
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- template: jinja
port: 80
host: 172.25.66.2
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# vim files/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
测试:
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.66.2:80 0.0.0.0:* LISTEN 2356/httpd
(2)获取动态ip
[root@server1 httpd]# salt server2 grains.item ipv4
[root@server1 httpd]# vim service.sls
#####################
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- template: jinja
port: 80
host: {{ grains['ipv4'][-1] }}
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
测试:
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.66.2:80 0.0.0.0:* LISTEN 2356/httpd
(3)结合grains与pillar模块
[root@server1 httpd]# cd /srv/pillar
[root@server1 pillar]# ls
top.sls web.sls
[root@server1 pillar]# vim web.sls
######################
{% if grains['fqdn'] == 'server2' %}
webserver: httpd
IP: 172.25.66.2
{% elif grains['fqdn'] == 'server3' %}
webserver: nginx
IP:172.25.66.3
{% endif %}
[root@server1 pillar]# cd ../salt/httpd/
[root@server1 httpd]# vim service.sls
#####################
include:
- httpd.install
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://httpd/files/httpd.conf
- template: jinja
port: 80
host: {{ pillar['IP'] }}
httpd-service:
service.running:
- name: httpd
- enable: False
- reload: True
watch:
- file: /etc/httpd/conf/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
测试:
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.66.2:80 0.0.0.0:* LISTEN 2356/httpd
(4)import模版
[root@server1 httpd]# ls
files install.sls service.sls
[root@server1 httpd]# vim lib.sls
[root@server1 httpd]# cat lib.sls
{% set host = '172.25.66.2' %}
方式1:
[root@server1 httpd]# vim files/httpd.conf
#####################
{% from 'httpd/lib.sls' import host %}
[root@server1 httpd]# vim service.sls
[root@server1 httpd]# salt server2 state.sls httpd.service
测试:
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.66.2:80 0.0.0.0:* LISTEN 2356/httpd
方式2:
[root@server1 httpd]# vim files/httpd.conf
[root@server1 httpd]# vim files/httpd.conf
[root@server1 httpd]# salt server2 state.sls httpd.service
测试:
[root@server2 ~]# netstat -antlp | grep httpd
tcp 0 0 172.25.66.2:80 0.0.0.0:* LISTEN 2356/httpd
设置变量:
[root@server3 ~]# cd /mnt
[root@server3 mnt]# ls
nginx-1.15.8.tar.gz
[root@server3 mnt]# rm -rf nginx-1.15.8.tar.gz
[root@server3 mnt]# ls
[root@server1 httpd]# cd ../nginx/
[root@server1 nginx]# ls
files install.sls service.sls
[root@server1 nginx]# vim install.sls
#####################
{% set nginx_ver = '1.15.8' %}
nginx-install:
pkg.installed:
- pkgs:
- pcre-devel
- zlib-devel
- gcc
- make
file.managed:
- name: /mnt/nginx-{{ nginx_ver }}.tar.gz
- source: salt://nginx/files/nginx-{{ nginx_ver }}.tar.gz
cmd.run:
- name: cd /mnt && tar zxf nginx-{{ nginx_ver }}.tar.gz && cd nginx-{{ nginx_ver }} && sed -i 's/CFLAGS="$CFLAGS -g"/#CFLAGS="$CFLAGS -g"/g' auto/cc/gcc && ./configure --prefix=/usr/local/nginx &> /dev/null && make &> /dev/null && make install &> /dev/null && cd .. && rm -fr nginx-{{ nginx_ver }}
- creates: /usr/local/nginx
[root@server1 nginx]# salt server3 state.sls nginx.service
测试:
[root@server3 mnt]# pwd
/mnt
[root@server3 mnt]# ls
nginx-1.15.8.tar.gz