saltstack
1. pillar
1.1 pillar简介
- pillar和grains一样也是一个数据系统,但是应用场景不同。
pillar是将信息动态的存放在master端,主要存放私密、敏感信息(如用户名密码等),而且可以指定某一个minion才可以看到对应的信息。
pillar更加适合在配置管理中运用。
1.2 声明pillar
- 定义pillar基础目录:
# vim /etc/salt/master
pillar_roots:
base:
- /srv/pillar ##默认目录
# mkdir /srv/pillar
- 重启salt-master服务: 如果修改了默认目录需要重启服务
# /etc/init.d/salt-master restart
1.3 自定义pillar
- # vim /srv/pillar/top.sls
base:
'*':
- packages
# vim /srv/pillar/packages.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: mairadb
{% endif %}
- 刷新pillar数据:
# salt '*' saltutil.refresh_pillar
- 查询pillar数据:
# salt '*' pillar.items ##查询所有项不需要刷新
# salt '*' pillar.item roles ##查询单一项需要刷新一下
[root@server1 pillar]# mkdir /srv/pillar
[root@server1 pillar]# cd /srv/pillar/
[root@server1 pillar]# vim package.sls
[root@server1 pillar]# cat package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
package: mairadb
{% endif %}
[root@server1 pillar]# vim top.sls
[root@server1 pillar]# cat top.sls
base:
'*':
- package
[root@server1 pillar]# salt '*' pillar.items
[root@server1 pillar]# salt '*' saltutil.refresh_pillar
[root@server1 pillar]# salt '*' pillar.item package
全部匹配直接成功
单一匹配刷新之后匹配成功
1.4 pillar数据匹配
- 命令行中匹配:
# salt -I 'package:httpd' test.ping
- state系统中使用:(直接看下图例子)
1.4.1 命令行中匹配
[root@server1 pillar]# salt -I 'package:httpd' test.ping ##pillar是参数大写I
server3:
True
1.4.2 state系统中使用
[root@server1 pillar]# vim package.sls
[root@server1 pillar]# cat package.sls
{% if grains['fqdn'] == 'server3' %}
package: httpd
{% elif grains['fqdn'] == 'server2' %}
port: 80
bind: 172.25.13.2
{% endif %}
[root@server1 pillar]# cd ../salt/apache/
[root@server1 apache]# ls
files init.sls
[root@server1 apache]# vim init.sls
[root@server1 apache]# vim files/httpd.conf
[root@server1 apache]# salt server2 state.sls apache
此处的变量是使用pillar中的变量
此处的变量是使用apache.sls中的
1.5 Jinja模板使用方式
- import方式,可在state文件之间共享:
定义变量文件:
# vim lib.sls
{% set port = 80 %}
导入模板文件:
# vim httpd.conf
{% from 'lib.sls' import port %} ##导入模板内容
...
Listen {{ prot }}
[root@server1 srv]# cd salt/apache/
[root@server1 apache]# ls
files init.sls
[root@server1 apache]# pwd
/srv/salt/apache
[root@server1 apache]# vim lib.sls ##编写模板文件
[root@server1 apache]# cat lib.sls ##模板文件内容
{% set port = 8080 %}
[root@server1 apache]# ls
files init.sls lib.sls
[root@server1 apache]# cd files/
[root@server1 files]# ls
httpd.conf index.html
[root@server1 files]# vim httpd.conf ##导入模板文件内容,模板文件优先级更高
[root@server1 files]# cd ..
[root@server1 apache]# vim init.sls ##设置pillar的端口变量,为了比较哪个优先级高
[root@server1 apache]# salt server2 state.sls apache ##同步
此处init.sls中的变量port是下面文件中的port值
执行同步查看结果
2. keepalived
2.1 将端口转换成80,方便实验
2.2 配置keepalived+pillar
[root@server1 salt]# cat top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
'roles:nginx':
- match: grain
- nginx
- keepalived
[root@server1 salt]# ls
apache _grains keepalived _modules nginx test.sls top.sls
[root@server1 salt]# cd keepalived/ ##keepalived是建立的一个模块
[root@server1 keepalived]# cat
files/ init.sls
[root@server1 keepalived]# cat init.sls ##初始化文件内容
kp-install:
pkg.installed:
- name: keepalived
file.managed:
- name: /etc/keepalived/keepalived.conf
- source: salt://keepalived/files/keepalived.conf
- template: jinja
- context:
STATE: {{ pillar['state'] }}
VRID: {{ pillar['vrid'] }}
PRI: {{ pillar['pri'] }}
service.running:
- name: keepalived
- enable: true
- reload: true
- watch:
- file: kp-install
[root@server1 keepalived]# cd files/
[root@server1 files]# ls
keepalived.conf
[root@server1 files]# cat keepalived.conf ##模板文件内容
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state {{ STATE }}
interface eth0
virtual_router_id {{ VRID }}
priority {{ PRI }}
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.25.13.100
}
}
[root@server1 files]# salt '*' state.highstate ##高级推
测试
测试master和backup
3. zabbix+pillar
3.2 配置zabbix服务端
3.2.1 配置仓库文件(主要是zabbix的各种依赖)
[root@server1 zabbix-server]# pwd
/srv/salt/zabbix-server
[root@server1 salt]# mkdir zabbix-server
[root@server1 salt]# cd zabbix-server/
[root@server1 zabbix-server]# mkdir files
[root@server1 zabbix-server]# cd files/
[root@server1 zabbix-server]# vim init.sls
下图中是配置server2这个服务端的yum源
可以将所需要的依赖的rpm包都放到一个文件夹中,我是放到了主机250的4.0下
3.2.2 整体配置
[root@server1 zabbix-server]# ls
files init.sls
[root@server1 zabbix-server]# cd files/
[root@server1 files]# ls
zabbix.conf zabbix.conf.php zabbix_server.conf
[root@server1 zabbix-server]# cat init.sls
zabbix-server:
pkgrepo.managed:
- name: zabbix
- humanname: zabbix 4.0
- baseurl: http://172.25.13.250/zabbix/4.0
- gpgcheck: 0
pkg.installed:
- pkgs:
- zabbix-server-mysql
- zabbix-agent
- zabbix-web-mysql
file.managed:
- name: /etc/zabbix/zabbix_server.conf
- source: salt://zabbix-server/files/zabbix_server.conf
service.running:
- name: zabbix-server
- enable: true
- watch:
- file: zabbix-server
zabbix-agent:
service.running
zabbix-web:
file.managed:
- name: /etc/httpd/conf.d/zabbix.conf
- source: salt://zabbix-server/files/zabbix.conf
service.running:
- name: httpd
- enable: true
- watch:
- file: zabbix-web
/etc/zabbix/web/zabbix.conf.php:
file.managed:
- source: salt://zabbix-server/files/zabbix.conf.php
配置所有的模板文件,都可以通过init.sls文件一步一步执行,然后去受控主机获取配置文件。
设置登陆web界面的初始文件
模板文件修改完成后,现在开始执行init.sls文件
测试效果
3.1 独立配置数据库(模拟生产环境)
[root@server1 salt]# pwd
/srv/salt
[root@server1 salt]# mkdir mysql
[root@server1 salt]# cd mysql
[root@server1 mysql]# ls
files init.sls
[root@server1 mysql]# cd files/
[root@server1 files]# ls
create.sql my.cnf ##所需要的模板文件,可以一步一步运行init.sls,然后通过scp获取,create.sql通过server2获取,my.cnf通过server3获取。
[root@server1 files]#
[root@server1 mysql]# vim init.sls
[root@server1 mysql]# cat init.sls
mysql-install:
pkg.installed:
- pkgs:
- mariadb-server
- MySQL-python
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
service.running:
- name: mariadb
- enable: true
- watch:
- file: mysql-install
mysql-config:
mysql_database.present:
- name: zabbix
mysql_user.present:
- name: zabbix
- host: '%'
- password: "westos"
mysql_grants.present:
- grant: all privileges
- database: zabbix.*
- user: zabbix
- host: '%'
file.managed:
- name: /mnt/create.sql
- source: salt://mysql/files/create.sql
cmd.run:
- name: mysql zabbix < /mnt/create.sql && touch /mnt/zabbix.lock
- creates: /mnt/zabbix.lock
从server2上面拷贝一份数据库初始文件
将server3配置成数据库
真机测试数据库
3.3 通过top文件执行
[root@server1 salt]# vim top.sls
[root@server1 salt]# cat top.sls
base:
'roles:apache':
- match: grain
- apache
- keepalived
- zabbix-server
'roles:nginx':
- match: grain
- nginx
- keepalived
- mysql
[root@server1 salt]# salt '*' state.highstate