如何使用Salt 的各种状态值

Salt的状态系统的核心就是SLS文件，即SaLt State file.                    

SLS文件呈现一个系统该有的状态，通常这被称为配置管理。

SLS文件会被python解读成一系列的列表，字典，字符串和数字

top.sls   

top文件用于映射哪些minion主机应该通过Salt的状态系统来加载哪些SLS模块

SLS文件通常是一个YAML格式的文件

top.sls是SaltStack的核心文件

测试：

创建/srv/salt/top.sls 文件

base:
  '*':
   - apache

这里表示所有的minion都调用apache这个SLS模块

创建/srv/salt/apache.sls  文件

httpd:
  pkg.installed: []
  service.running:
    - require:
      - pkg: httpd

这里第一行httpd 定义安装包的名称，不同的OS，包的名称不同，这里使用CentOS，apache名称为httpd

第二行和第三行使用state状态模块和函数，require一行表示apache安装成功后才能启动

然后就是在指定的minion上安装apache

也可以写成：

httpd:
  pkg:
   - installed
  service:
   - running
   - require:
     - pkg: httpd

$ sudo salt '*' state.highstate
jidong-fileserver:
----------
          ID: httpd
    Function: pkg.installed
      Result: True
     Comment: Package httpd is already installed
     Started: 
    Duration: 
     Changes:   
----------
          ID: httpd
    Function: service.running
      Result: True
     Comment: The service httpd is already running
     Started: 
    Duration: 
     Changes:   

Summary
------------
Succeeded: 2
Failed:    0
------------
Total states run:     2

进一步修改apache.sls文件添加一些其他状态模块。如添加各种账号并制定UID和GID以及用户登录shell等

httpd:
  pkg.installed: []
  service.running:
   - watch:
     - pkg: httpd
     - file: /etc/httpd/conf/httpd.conf
     - user: apache

  user.present:
     - name: apache
     - uid: 48
     - gid: 48
     - home: /var/www
     - shell: /sbin/nologin
     - require:
       - group: apache

  group.present:
     - name: apache
     - gid: 48
     - require:
       - pkg: httpd


/etc/httpd/conf/httpd.conf:
  file.managed:
     - source: salt://httpd.conf
     - user: root
     - group: root
     - mode: 644

httpd.conf文件放置到/srv/salt目录下，通过salt://httpd.conf访问

gintama-qa-server:
----------
          ID: httpd
    Function: pkg.installed
      Result: True
     Comment: Package httpd is already installed
     Started: 
    Duration: 
     Changes:   
----------
          ID: /etc/httpd/conf/httpd.conf
    Function: file.managed
      Result: True
     Comment: File /etc/httpd/conf/httpd.conf is in the correct state
     Started: 
    Duration: 
     Changes:   
----------
          ID: httpd
    Function: group.present
        Name: apache
      Result: True
     Comment: No change
     Started: 
    Duration: 
     Changes:   
----------
          ID: httpd
    Function: user.present
        Name: apache
      Result: True
     Comment: User apache is present and up to date
     Started: 
    Duration: 
     Changes:   
----------
          ID: httpd
    Function: service.running
      Result: False
     Comment: Service httpd failed to start
     Started: 
    Duration: 
     Changes:   

Summary
------------
Succeeded: 4
Failed:    1

如果有多个SLS文件需要管理，可以将多个SLS文件组成一个States Tree

将以上的内容改成

/srv/salt/apache/init.sls

/srv/salt/apache/httpd.conf

然后修改init.sls

 - source: salt://apache/httpd.conf

再添加一个ssh的例子

/srv/salt/ssh/

├── banner

├── init.sls

├── server.sls

├── ssh_config

└── sshd_config

init.sls

include:
  - ssh.server

openssh-clients:
   pkg.installed

/etc/ssh/ssh_config:
   file.managed:
     - user: root
     - group: root
     - mode: 644
     - source: salt://ssh/ssh_config

server.sls

openssh-server:
  pkg.installed

sshd:
  service.running:
  - require:
    - pkg: openssh-clients
    - pkg: openssh-server
    - file: /etc/ssh/banner
    - file: /etc/ssh/sshd_config


/etc/ssh/sshd_config:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://ssh/sshd_config
    - require:
      - pkg: openssh-server


/etc/ssh/banner:
  file.managed:
    - user: root
    - group: root
    - mode: 644
    - source: salt://ssh/banner
    - require:
      - pkg: openssh-server

经过测试，这里和文档上的有些出入，在server.sls中添加

include:

  - ssh

salt无法执行server.sls中指定的内容。所以将server.sls中的include去掉，改在init.sls中添加include语句

----------
          ID: openssh-server
    Function: pkg.installed
      Result: True
     Comment: Package openssh-server is already installed.
     Started: 14:20:26.385555
    Duration: 3.442 ms
     Changes:   
----------
          ID: openssh-clients
    Function: pkg.installed
      Result: True
     Comment: Package openssh-clients is already installed.
     Started: 14:20:26.394100
    Duration: 1.202 ms
     Changes:   
----------
          ID: /etc/ssh/banner
    Function: file.managed
      Result: True
     Comment: File /etc/ssh/banner is in the correct state
     Started: 14:20:26.395813
    Duration: 8.755 ms
     Changes:   
----------
          ID: /etc/ssh/sshd_config
    Function: file.managed
      Result: True
     Comment: File /etc/ssh/sshd_config is in the correct state
     Started: 14:20:26.405102
    Duration: 6.399 ms
     Changes:   
----------
          ID: sshd
    Function: service.running
      Result: True
     Comment: The service sshd is already running
     Started: 14:20:26.412620
    Duration: 141.419 ms
     Changes:   
----------
          ID: /etc/ssh/ssh_config
    Function: file.managed
      Result: True
     Comment: File /etc/ssh/ssh_config is in the correct state
     Started: 14:20:26.555069
    Duration: 9.425 ms
     Changes:   

Summary
-------------
Succeeded: 10

有些时候SLS数据需要扩展，

/srv/salt/ssh/custom-server.sls

include:
  - ssh.server

extend:
  /etc/ssh/banner:
    file:
      - source: salt://ssh/custom-banner

在/srv/salt/ssh/init.sls中添加一条include语句

include:

  - ssh.server

  - ssh.custom-server

----------
          ID: /etc/ssh/banner
    Function: file.managed
      Result: True
     Comment: File /etc/ssh/banner updated
     Started: 15:22:04.989477
    Duration: 10.723 ms
     Changes:   
              ----------
              diff:
                  ---  
                  +++  
                  @@ -1,1 +1,1 @@
                  -This is a test
                  +This is a custom banner
                  
----------

另外一个例子

$ cat /srv/salt/python/init.sls 
include:
 - python.mod_python

$  cat /srv/salt/python/mod_python.sls 
include:
  - apache

extend:
  httpd:
    service:
      - watch:
        - pkg: mod_python

mod_python:
  pkg.installed

----------
          ID: mod_python
    Function: pkg.installed
      Result: True
     Comment: The following packages were installed/updated: mod_python.
     Started: 15:37:24.935284
    Duration: 85741.449 ms
     Changes:   
              ----------
              mod_python:
                  ----------
                  new:
                      3.3.1-16.el6
                  old:

理解Render System

Salt默认使用YAML格式来编写SLS文件

默认的render是 yaml_jinja  ,使用jinja模板引擎。基于模板引擎的renders有三个重要的组件，salt,grains和pillar。

将/srv/salt/apache/init.sls 变更下

apache:
  pkg.installed:
  {% if grains['os'] == 'CentOS' %}
   - name: httpd
  {% endif %}
  service.running:
  {% if grains['os'] == 'CentOS' %}
   - name: httpd
  {% endif %}
   - watch:
     - pkg: apache
     - file: /etc/httpd/conf/httpd.conf
     - user: apache

  user.present:
     - name: apache
     - uid: 48
     - gid: 48
     - home: /var/www
     - shell: /sbin/nologin
     - require:
       - group: apache

  group.present:
     - name: apache
     - gid: 48
     - require:
       - pkg: apache


/etc/httpd/conf/httpd.conf:
  file.managed:
     - source: salt://apache/httpd.conf
     - user: root
     - group: root
     - mode: 644

如果系统OS是CentOS的话安装apache就使用httpd名称

有些时候，选择默认的render可能不满足需求。这时可以使用其他的render，例如python，pydsl和pyobject

python/django.sls:

#!py
def run():
    '''    
    Install the django package    
    '''
    return {'include': ['python'],
            'django': {'pkg': ['installed']}}

#!pydsl
include('python', delayed=True)
state('django').pkg.installed()

#!pyobjects
include('python')
Pkg.installed("django")

对应的YAML格式

include:
  - python
django:
  pkg.installed

salt '*' state.highstate

salt-call state.highstate -l debug

salt-minion -l debug

参考文章：

http://docs.saltstack.com/en/latest/topics/tutorials/starting_states.html

转载于:https://blog.51cto.com/john88wang/1650547