|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
|
http:
//docs
.saltstack.com
/en/latest/
SaltStack
Salt, a new approach to infrastructure management, is easy enough to get running
in
minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with those servers
in
seconds.
Salt delivers a dynamic communication bus
for
infrastructures that can be used
for
orchestration, remote execution, configuration management and much
more
.
Getting Started
通过实例来迅速了解salt:
Official Salt Walkthrough http:
//docs
.saltstack.com
/en/latest/topics/tutorials/walkthrough
.html
1. minion的
id
minion启动时,能自动生成一个
id
,也可以在配置文件中手动指定
2. 接受minion的key之前,安全起见,可以打印minion's public key的指纹
salt-key -f minion-
id
On the master:
# salt-key -f foo.domain.com
Unaccepted Keys:
foo.domain.com: 39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9
On the minion:
# salt-call key.finger --local
local
:
39:f9:e4:8a:aa:74:8d:52:1a:ec:92:03:82:09:c8:f9
If they match, approve the key with salt-key -a foo.domain.com
3. 第一个命令
salt
'*'
test
.
ping
The * is the target,
which
specifies all minions.
test
.
ping
tells the minion to run the
test
.
ping
function
.
In the
case
of
test
.
ping
,
test
refers to a execution module.
ping
refers to the
ping
function
contained
in
the aforementioned
test
module.
test
是一个module,
ping
是这个module中的一个
function
类似的,还有一堆的module
Module documentation is also available on the web.
Full list of
builtin
execution modules http:
//docs
.saltstack.com
/en/latest/ref/modules/all/index
.html
4. Helpful Functions to Know
salt
'*'
cmd.run
'ls -l /usr'
test230:
total 212
dr-xr-xr-x. 2 root root 69632 Feb 11 04:49 bin
drwxr-xr-x. 2 root root 4096 Nov 1 2011 etc
drwxr-xr-x. 2 root root 4096 Nov 1 2011 games
drwxr-xr-x. 66 root root 12288 Feb 11 14:34 include
dr-xr-xr-x. 30 root root 4096 Oct 14 14:32 lib
dr-xr-xr-x. 107 root root 77824 Feb 11 13:35 lib64
drwxr-xr-x. 23 root root 12288 Dec 27 03:12 libexec
drwxr-xr-x. 26 root root 4096 Feb 11 11:31
local
dr-xr-xr-x. 2 root root 12288 Dec 27 03:12 sbin
drwxr-xr-x. 213 root root 4096 Dec 26 14:28 share
drwxr-xr-x. 4 root root 4096 Jul 30 2014 src
lrwxrwxrwx. 1 root root 10 Mar 6 2014 tmp -> ..
/var/tmp
salt
'*'
pkg.
install
ruby
test230:
----------
compat-readline5:
----------
new:
5.2-17.1.el6
old:
ruby:
----------
new:
1.8.7.374-3.el6_6
old:
ruby-libs:
----------
new:
1.8.7.374-3.el6_6
old:
[root@svr200-21 ~]
# salt '*' cmd.run 'tail /var/log/messages -n 3'
test230:
Feb 11 15:10:50 test230 yum[11828]: Installed: compat-readline5-5.2-17.1.el6.x86_64
Feb 11 15:10:51 test230 yum[11828]: Installed: ruby-libs-1.8.7.374-3.el6_6.x86_64
Feb 11 15:10:52 test230 yum[11828]: Installed: ruby-1.8.7.374-3.el6_6.x86_64
[root@svr200-21 ~]
# salt '*' network.interfaces
test230:
----------
eth0:
----------
hwaddr:
d4:3d:7e:32:17:d1
inet:
|_
----------
address:
192.168.1.230
broadcast:
192.168.1.255
label:
eth0
netmask:
255.255.255.0
inet6:
|_
----------
address:
fe80::d63d:7eff:fe32:17d1
prefixlen:
64
secondary:
|_
----------
address:
192.168.1.249
broadcast:
None
label:
eth0
netmask:
255.255.255.0
type
:
inet
up:
True
lo:
----------
hwaddr:
00:00:00:00:00:00
inet:
|_
----------
address:
127.0.0.1
broadcast:
None
label:
lo
netmask:
255.0.0.0
|_
----------
address:
192.168.1.130
broadcast:
192.168.1.130
label:
lo:0
netmask:
255.255.255.255
inet6:
|_
----------
address:
::1
prefixlen:
128
up:
True
5. Grains
Salt uses a system called Grains to build up static data about minions. This data includes information about the operating system that is running, CPU architecture and much
more
. The grains system is used throughout Salt to deliver platform data to many components and to
users
.
Grains can also be statically
set
, this makes it easy to assign values to minions
for
grouping and managing.
A common practice is to assign grains to minions to specify what the role or roles a minion might be. These static grains can be
set
in
the minion configuration
file
or via the grains.setval
function
.
6. Targeting
Salt allows
for
minions to be targeted based on a wide range of criteria. The default targeting system uses globular expressions to match minions, hence
if
there are minions named larry1, larry2, curly1, and curly2, a glob of larry* will match larry1 and larry2, and a glob of *1 will match larry1 and curly1.
Many other targeting systems can be used other than globs, these systems include:
Regular Expressions
Target using PCRE-compliant regular expressions
Grains
Target based on grains data: Targeting with Grains
Pillar
Target based on pillar data: Targeting with Pillar
IP
Target based on IP address
/subnet/range
Compound
Create logic to target based on multiple targets: Targeting with Compound
Nodegroup
Target with nodegroups: Targeting with Nodegroup
7. SALT STATES
Salt States, or the State System is the component of Salt made
for
configuration management.
The state system is built on SLS formulas. These formulas are built out
in
files on Salt's
file
server. To
make
a very basic SLS formula
open
up a
file
under
/srv/salt
named vim.sls. The following state ensures that vim is installed on a system to
which
that state has been applied.
创建一个文件:
/srv/salt/vim
.sls:
内容是:
[root@svr200-21 salt]
# cat vim.sls
vim-enhanced:
pkg.installed
Now
install
vim on the minions by calling the SLS directly:
安装vim:
[root@svr200-21 salt]
# salt '*' state.sls vim
test230:
----------
ID: vim-enhanced
Function: pkg.installed
Result: True
Comment: Package vim-enhanced is already installed.
Started: 10:05:53.851780
Duration: 1044.131 ms
Changes:
Summary
------------
Succeeded: 1
Failed: 0
------------
Total states run: 1
This
command
will invoke the state system and run the vim SLS.
这个命令会调入state system并执行对应的vim这个sls文件
Now, to beef up the vim SLS formula, a vimrc can be added:
增强一下,增加一个自定义的配置文件
[root@svr200-21 salt]
# cat /srv/salt/vim.sls:
vim-enhanced:
pkg.installed: []
/root/
.vimrc:
file
.managed:
-
source
: salt:
//files/vim/vimrc
- mode: 644
- uesr: root
- group: root
执行:
[root@svr200-21 salt]
# salt '*' state.sls vim
test230:
----------
ID: vim-enhanced
Function: pkg.installed
Result: True
Comment: Package vim-enhanced is already installed.
Started: 10:08:52.457087
Duration: 1041.624 ms
Changes:
----------
ID:
/root/
.vimrc
Function:
file
.managed
Result: True
Comment: File
/root/
.vimrc updated
Started: 10:08:53.498852
Duration: 165.523 ms
Changes:
----------
diff
:
New
file
mode:
0644
Summary
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
8. Adding Some Depth
显然在
file
server的根目录(
/srv/salt/
)下维护所有的sls文件扩展性不好,让我们增加一点目录层级的深度。
Obviously maintaining SLS formulas right
in
a single directory at the root of the
file
server will not scale out to reasonably sized deployments. This is why
more
depth is required.
以安装nginx为例
Start by making an nginx formula a better way,
make
an nginx subdirectory and add an init.sls
file
:
/srv/salt/nginx/init
.sls:
[root@svr200-21 salt]
# cat nginx/init.sls
nginx:
pkg.installed: []
service.running:
- require:
- pkg: nginx
A few concepts are introduced
in
this SLS formula.
First is the service statement
which
ensures that the nginx service is running.
service这个语法,保障nginx服务是running状态的
Of course, the nginx service can't be started unless the package is installed -- hence the require statement
which
sets up a dependency between the two.
The require statement makes sure that the required component is executed before and that it results
in
success.
当然,只有安装了nginx服务的包,才能启动nginx服务呀,所以,require语法保障了这样一个依赖关系,确保required的组件在之前已经被执行成功,这样才能去start这个服务。
Note
The require option belongs to a family of options called requisites. Requisites are a powerful component of Salt States,
for
more
information on how requisites work and what is available see: Requisites
http:
//docs
.saltstack.com
/en/latest/ref/states/requisites
.html
Also evaluation ordering is available
in
Salt as well: Ordering States
http:
//docs
.saltstack.com
/en/latest/ref/states/ordering
.html
This new sls formula has a special name -- init.sls. When an SLS formula is named init.sls it inherits the name of the directory path that contains it. This formula can be referenced via the following
command
:
新的sls公司有一个特殊的名称“init.sls”,这样的一个sls会继承当前目录的名称,用这样的一个命令来关联起来,试一试:
salt
'*'
state.sls nginx
[root@svr200-21 salt]
# salt '*' state.sls nginx
test230:
----------
ID: nginx
Function: pkg.installed
Result: True
Comment: The following packages were installed
/updated
: nginx.
Started: 11:37:04.182413
Duration: 187110.65 ms
Changes:
----------
gd:
----------
new:
2.0.35-11.el6
old:
nginx:
----------
new:
1.0.15-11.el6
old:
nginx-filesystem:
----------
new:
1.0.15-11.el6
old:
----------
ID: nginx
Function: service.running
Result: True
Comment: The service nginx is already running
Started: 11:40:11.293241
Duration: 59.986 ms
Changes:
Summary
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Note
Reminder!
Just as one could call the
test
.
ping
or disk.usage execution modules, state.sls is simply another execution module. It simply takes the name of an SLS
file
as an argument.
就像可以调用
test
.
ping
or disk.usage这两个执行模块一样,state.sls也是另一个执行模块,,后边跟着的参数就是要执行的sls配置文件的名称(例如vim,nginx这些)。
现在,继续用子目录来管理,调整下vim的配置:
Now that subdirectories can be used, the vim.sls formula can be cleaned up. To
make
things
more
flexible, move the vim.sls and vimrc into a new subdirectory called edit and change the vim.sls
file
to reflect the change:
/srv/salt/edit/vim
.sls:
vim:
pkg.installed
/etc/vimrc
:
file
.managed:
-
source
: salt:
//edit/vimrc
- mode: 644
- user: root
- group: root
Only the
source
path to the vimrc
file
has changed. Now the formula is referenced as edit.vim because it resides
in
the edit subdirectory. Now the edit subdirectory can contain formulas
for
emacs, nano, joe or any other editor that may need to be deployed.
执行方式变成了salt
'*'
state.sls edit.vim
[root@svr200-21 salt]
# salt '*' state.sls edit.vim
test230:
----------
ID: vim-enhanced
Function: pkg.installed
Result: True
Comment: Package vim-enhanced is already installed.
Started: 11:53:52.288936
Duration: 1039.998 ms
Changes:
----------
ID:
/root/
.vimrc
Function:
file
.managed
Result: True
Comment: File
/root/
.vimrc is
in
the correct state
Started: 11:53:53.329085
Duration: 161.691 ms
Changes:
Summary
------------
Succeeded: 2
Failed: 0
------------
Total states run: 2
|
本文转自 pcnk 51CTO博客,原文链接:http://blog.51cto.com/nosmoking/1614552,如需转载请自行联系原作者
扫一扫
3092
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
