saltstack状态文件设定:
编辑/etc/salt/master,修改其中关于“设置文件的目录”的设置:
说明:注意语法格式,顶格/冒号/两个空格
state_top: top.sls # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. #state_top: top.sls [root@master ~]# mkdir -p /etc/salt/states [root@master ~]# vim /etc/salt/states/top.sls [root@master ~]# sed -i '329s/#//' /etc/salt/master state_top: top.sls 说明:将329行的注释取消
进入base环境下,并配置下top.sls
[root@master ~]# cd /etc/salt/states/ [root@master states]# mkdir -p init [root@master states]# mkdir -p prod [root@master states]# vim top.sls [root@master states]# cat top.sls base: 'node01.saltstack.com': -init.pkg
说明:base是指定一个名称,init为文件夹的名称,pkg为pkg.sls
[root@master states]# ll 总用量 12 drwxr-xr-x 2 root root 4096 2月 15 14:16 init drwxr-xr-x 2 root root 4096 2月 15 14:16 prod -rw-r--r-- 1 root root 46 2月 15 14:17 top.sls [root@master states]# cd init/ [root@master init]# vim pkg.sls [root@master init]# cat pkg.sls pkg.init: pkg.installed: - names: - lrzsz - mtr - nmap
案例1:使用salt初始化系统模块:
[root@master init]# salt '*' state.sls init.pkg node01.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 14:56:02.574416 Duration: 11389.014 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 14:56:13.963968 Duration: 3.619 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 14:56:13.967979 Duration: 1.042 ms Changes: Summary ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3
案例2:saltstack修改内核参数:
[root@master ~]# cd /etc/salt/states/init/ [root@master init]# tree . └── pkg.sls 0 directories, 1 file [root@master init]# mkdir -p files [root@master init]# cd files/ [root@master init]# vim limit.sls limit-conf-config: file.managed: - name: /etc/security/limits.conf - source: salt://init/files/limits.conf - user: root - group: root - mode: 644 [root@master files]# cd /etc/security/ [root@master security]# ls access.conf console.perms limits.d opasswd time.conf chroot.conf console.perms.d namespace.conf pam_env.conf console.apps group.conf namespace.d pam_winbind.conf console.handlers limits.conf namespace.init sepermit.conf [root@master security]# cp limits.conf /etc/salt/states/init/files/ [root@master files]# vim limits.conf * soft core 0 * hard rss 10000 [root@master states]# pwd /etc/salt/states 注意:要将新的模块添加到top.sls中,不然会有其它报错 [root@master states]# cat top.sls base: '*': - init.pkg - init.limit [root@master init]# salt '*' state.highstate node01.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 17:42:55.479576 Duration: 7120.831 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 17:43:02.601307 Duration: 2.278 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 17:43:02.603841 Duration: 0.952 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf updated Started: 17:43:02.612678 Duration: 19.256 ms Changes: ---------- diff: --- +++ @@ -39,8 +39,8 @@ #<domain> <type> <item> <value> # -#* soft core 0 -#* hard rss 10000 +* soft core 0 +* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 Summary ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 客户端测试: [root@node01 security]# egrep -v '#|^$' limits.conf * soft core 0 * hard rss 10000
案例3:同步某个计划任务
最近发现很多服务器上没有配置ntp服务器指向,简单写个计划任务,然后通过状态文件下发 思路: a)准备好需要下发的文件 b)编辑sls文件 c)修改top.sls,添加信息进去 [root@master ~]# cat /var/spool/cron/root */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1 [root@master ~]# cd /etc/salt/states/ [root@master states]# ls init prod top.sls [root@master states]# cd init/ [root@master init]# ls files limit.sls pkg.sls [root@master init]# cp limit.sls ntp-crontab.sls [root@master init]# ls files limit.sls ntp-crontab.sls pkg.sls [root@master init]# cd files/ [root@master files]# cp /var/spool/cron/root . [root@master files]# pwd /etc/salt/states/init/files [root@master files]# cat root */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1 [root@master files]# mv root ntp-crontab.conf [root@master files]# cat ntp-crontab.conf */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1 [root@master files]# cd .. [root@master init]# ls files limit.sls ntp-crontab.sls pkg.sls [root@master ~]# cat /etc/salt/states/init/ntp-crontab.sls ntp-crontab-config: file.managed: - name: /var/spool/cron/root - source: salt://init/files/ntp-crontab.conf - user: root - group: root - mode: 644 计划任务更新执行结果: [root@master init]# salt '*' state.highstate node01.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 21:09:06.608808 Duration: 4265.514 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 21:09:10.874647 Duration: 0.685 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 21:09:10.875446 Duration: 0.583 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf is in the correct state Started: 21:09:10.879350 Duration: 4.1 ms Changes: ---------- ID: ntp-crontab-config Function: file.managed Name: /var/spool/cron/root Result: True Comment: File /var/spool/cron/root updated Started: 21:09:10.883639 Duration: 9.342 ms Changes: ---------- diff: New file mode: 0644 Summary ------------ Succeeded: 5 (changed=1) Failed: 0 ------------ Total states run: 5 node02.saltstack.com: ---------- ID: pkg.init Function: pkg.installed Name: mtr Result: True Comment: Package mtr is already installed. Started: 21:09:07.831431 Duration: 4292.2 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: nmap Result: True Comment: Package nmap is already installed. Started: 21:09:12.123977 Duration: 0.714 ms Changes: ---------- ID: pkg.init Function: pkg.installed Name: lrzsz Result: True Comment: Package lrzsz is already installed. Started: 21:09:12.124798 Duration: 0.426 ms Changes: ---------- ID: limit-conf-config Function: file.managed Name: /etc/security/limits.conf Result: True Comment: File /etc/security/limits.conf is in the correct state Started: 21:09:12.128235 Duration: 5.165 ms Changes: ---------- ID: ntp-crontab-config Function: file.managed Name: /var/spool/cron/root Result: True Comment: File /var/spool/cron/root updated Started: 21:09:12.133621 Duration: 8.761 ms Changes: ---------- diff: New file mode: 0644 Summary ------------ Succeeded: 5 (changed=1) Failed: 0 ------------ Total states run: 5 检查结果: [root@node01 spool]# cd /var/spool/cron/ [root@node01 cron]# ls root [root@node01 cron]# cat root */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1 [root@node02 ~]# cat /var/spool/cron/root */5 * * * * /usr/sbin/ntpdate -u 202.120.2.101>/dev/null 2>&1 通过对比会发现,与master的下发文件一致
案例4:同步内网的hosts文件(适用于内网没有建立独立DNS的情况)
[root@master ~]# cd /etc/salt/states/init/ [root@master init]# ll 总用量 16 drwxr-xr-x 2 root root 4096 2月 18 21:01 files -rw-r--r-- 1 root root 168 2月 18 17:42 limit.sls -rw-r--r-- 1 root root 169 2月 18 21:08 ntp-crontab.sls -rw-r--r-- 1 root root 79 2月 15 14:55 pkg.sls [root@master init]# cd files/ [root@master files]# vim hosts.conf 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com [root@master init]# cat hosts.sls hosts-config: file.managed: - name: /etc/hosts - source: salt://init/files/hosts.conf - user: root - group: root - mode: 644 说明:下发文件到/etc/hosts,源文件 [root@master states]# cat /etc/salt/states/top.sls base: '*': - init.pkg - init.limit - init.ntp-crontab - init.hosts [root@master states]# salt '*' state.highstate ----------前面的部分我直接省略了-------------- ---------- ID: hosts-config Function: file.managed Name: /etc/hosts Result: True Comment: File /etc/hosts updated Started: 21:31:43.644962 Duration: 13.119 ms Changes: ---------- diff: --- +++ @@ -3,3 +3,4 @@ 10.10.10.140 mastermaster.saltstack.com 10.10.10.141 node01node01.saltstack.com 10.10.10.142 node02node02.saltstack.com +10.10.10.143 node03node03.saltstack.com Summary ------------ Succeeded: 6 (changed=1) Failed: 0 ------------ Total states run: 6 客户端进行测试: [root@node01 cron]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com [root@node02 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com 如果此时我在master端修改hosts.conf文件 [root@master init]# pwd /etc/salt/states/init [root@master init]# cat files/hosts.conf 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com 10.10.10.144 openstack01 openstack01.saltstack.com 10.10.10.145 openstack02 openstack02.saltstack.com [root@master init]# salt '*' state.highstate ----------前面的部分我直接省略了-------------- ---------- ID: hosts-config Function: file.managed Name: /etc/hosts Result: True Comment: File /etc/hosts updated Started: 21:37:50.679328 Duration: 78.269 ms Changes: ---------- diff: --- +++ @@ -4,3 +4,5 @@ 10.10.10.141node01node01.saltstack.com 10.10.10.142node02node02.saltstack.com 10.10.10.143node03node03.saltstack.com +10.10.10.144openstack01openstack01.saltstack.com +10.10.10.145openstack02openstack02.saltstack.com Summary ------------ Succeeded: 6 (changed=1) Failed: 0 ------------ Total states run: 6 客户端进行测试: [root@node01 cron]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com 10.10.10.144 openstack01 openstack01.saltstack.com 10.10.10.145 openstack02 openstack02.saltstack.com [root@node02 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.10.140 master master.saltstack.com 10.10.10.141 node01 node01.saltstack.com 10.10.10.142 node02 node02.saltstack.com 10.10.10.143 node03 node03.saltstack.com
关于salt批量配置hosts文件:http://www.ttlsa.com/linux/salt-modules-hosts/
这里我只写一个添加hosts文件的例子,更多内容可以参考上面的链接(干货很多)
[root@master ~]# salt '*' hosts.set_host 10.10.10.145 openstack02.saltstack.com node02.saltstack.com: True node01.saltstack.com: True [root@master ~]# salt '*' hosts.set_host 10.10.10.143 openstack03.saltstack.com node02.saltstack.com: True node01.saltstack.com: True [root@master ~]# salt-ssh '*' cmd.run 'tail -2 /etc/hosts' node02: 10.10.10.144 openstack01 openstack01.saltstack.com 10.10.10.145 openstack02.saltstack.com node01: 10.10.10.144 openstack01 openstack01.saltstack.com 10.10.10.145 openstack02.saltstack.com
转载于:https://blog.51cto.com/molewan/1899125
442
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
