YAML语言
YAML(/ˈjæməl/,尾音类似camel骆驼)是一个可读性高,用来表达数据序列化的格式。YAML参考了其他多种语言,包括:C语言、Python、Perl,并从XML、电子邮件的数据格式(RFC 2822)中获得灵感。Clark Evans在2001年首次发表了这种语言,另外Ingy döt Net与Oren Ben-Kiki也是这语言的共同设计者。当前已经有数种编程语言或脚本语言支持(或者说解析)这种语言。
YAML是一种直观的能够被电脑识别的数据序列化格式,是一个可读性高并且容易被人类阅读,容易和脚本语言交互,用来表达资料序列的编程语言。
它类似于标准通用标记语言的子集XML的数据描述语言,语法比XML简单很多。
YAML语言的格式如下:
house:
family:
name: Doe
parents:
- John
- Jane
children:
- Paul
- Mark
- Simone
address:
number: 34
street: Main Street
city: Nowheretown
zipcode: 12345
YAML的基本规则:
1. 使用缩进来表示层级关系,每层2个空格,禁止使用TAB键
2. 当冒号不是处于最后时,冒号后面必须有一个空格
3. 用 - 表示列表,- 的后面必须有一个空格
4. 用 # 表示注释
YAML配置文件要放到SaltStack让我们放的位置,可以在SaltStack的 Master 配置文件中查找file_roots即可看到。
编辑文件
[root@node01 ~]# vim /etc/salt/master
# prod:
# - /srv/salt/prod/services
# - /srv/salt/prod/states
#
file_roots: //#号取消
base: //#号取消
- /srv/salt/base //#号取消,修改位置
prod: //添加生产环境
- /srv/salt/prod //添加
test: //添加测试环境
- /srv/salt/test //添加
#
重启,但是重启前需要先把位置创建完
[root@node01 ~]# mkdir -p /srv/salt/base
[root@node01 ~]#mkdir -p /srv/salt/{test,prod}
[root@node01 base]# tree ../..
../..
└── salt
├── base
├── prod
└── test
[root@node01 ~]# systemctl restart salt-master
需要注意:
base是默认的位置,如果file_roots只有一个,则base是必备的且必须叫base,不能改名
用SaltStack配置一个nginx实例
创建目录
[root@node01 base]# mkdir -p web/nginx
[root@node01 base]# tree
.
└── web
└── nginx
2 directories, 0 files
创建文件
[root@node01 base]# cd web/nginx/
[root@node01 nginx]# vim nginx.sls
[root@node01 nginx]# cat nginx.sls
nginx-install:
pkg.installed:
- name: nginx
nginx-service:
service.running:
- name: nginx
- enable: True
[root@node01 web]# cd /srv/salt/base/
[root@node01 base]# tree
.
└── web
└── nginx
└── nginx.sls
2 directories, 1 file
让node02去执行安装nginx命令验证
[root@node01 base]# salt 'node02' state.sls web.nginx.nginx
此时会报错原因是因为没有可以用的包,这个时候去下载阿里云源
[root@node02 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 18693 0 --:--:-- --:--:-- --:--:-- 18828
[root@node02 ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@node02 ~]# vim /etc/yum.repos.d/CentOS-Base.repo
把$releasver改为7
安装epel源
[root@node02 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2020-08-15 16:54:20-- http://mirrors.aliyun.com/repo/epel-7.repo
正在解析主机 mirrors.aliyun.com (mirrors.aliyun.com)... 45.253.17.217, 45.253.17.213, 45.253.17.215, ...
正在连接 mirrors.aliyun.com (mirrors.aliyun.com)|45.253.17.217|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:664 [application/octet-stream]
正在保存至: “/etc/yum.repos.d/epel.repo”
100%[============================================>] 664 --.-K/s 用时 0s
2020-08-15 16:54:25 (271 MB/s) - 已保存 “/etc/yum.repos.d/epel.repo” [664/664])
重新执行
[root@node01 nginx]# salt 'node02' state.sls web.nginx.nginx
node02:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: The following packages were installed/updated: nginx
Started: 16:54:55.809962
Duration: 12142.104 ms
Changes:
----------
centos-indexhtml:
----------
new:
7-9.el7.centos
old:
gperftools-libs:
----------
new:
2.6.1-1.el7
old:
libxslt:
----------
new:
1.1.28-5.el7
old:
nginx:
----------
new:
1:1.16.1-1.el7
old:
nginx-all-modules:
----------
new:
1:1.16.1-1.el7
old:
nginx-filesystem:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-image-filter:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-perl:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-xslt-filter:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-mail:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-stream:
----------
new:
1:1.16.1-1.el7
old:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: Service nginx has been enabled, and is running
Started: 16:55:07.973576
Duration: 267.998 ms
Changes:
----------
nginx:
True
Summary for node02
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 12.410 s
// YAML 配置文件中顶格写的被称作ID,必须全局唯一,不能重复
// SaltStack 读 YAML 配置文件时是从上往下读,所以要把先执行的写在前面
node02验证
[root@node02 ~]# yum list all|grep nginx
nginx.x86_64 1:1.16.1-1.el7 @epel
nginx-all-modules.noarch 1:1.16.1-1.el7 @epel
nginx-filesystem.noarch 1:1.16.1-1.el7 @epel
nginx-mod-http-image-filter.x86_64 1:1.16.1-1.el7 @epel
nginx-mod-http-perl.x86_64 1:1.16.1-1.el7 @epel
nginx-mod-http-xslt-filter.x86_64 1:1.16.1-1.el7 @epel
nginx-mod-mail.x86_64 1:1.16.1-1.el7 @epel
nginx-mod-stream.x86_64 1:1.16.1-1.el7 @epel
collectd-nginx.x86_64 5.8.1-1.el7 epel
munin-nginx.noarch 2.0.63-1.el7 epel
nextcloud-nginx.noarch 10.0.4-2.el7 epel
owncloud-nginx.noarch 9.1.5-1.el7 epel
pagure-web-nginx.noarch 5.11.3-1.el7 epel
pcp-pmda-nginx.x86_64 4.3.2-7.el7_8 updates
python2-certbot-nginx.noarch 1.6.0-1.el7 epel
sympa-nginx.x86_64 6.2.56-1.el7 epel
[root@node02 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 六 2020-08-15 16:55:08 CST; 2min 28s ago
Main PID: 52682 (nginx)
CGroup: /system.slice/nginx.service
├─52682 nginx: master process /usr/sbin/nginx
├─52683 nginx: worker process
├─52684 nginx: worker process
├─52685 nginx: worker process
└─52686 nginx: worker process
8月 15 16:55:08 node02 systemd[1]: Starting The nginx HTTP and reverse proxy ser.....
8月 15 16:55:08 node02 nginx[52677]: nginx: the configuration file /etc/nginx/ng...ok
8月 15 16:55:08 node02 nginx[52677]: nginx: configuration file /etc/nginx/nginx....ul
8月 15 16:55:08 node02 systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
以上自动化安装nginx成功
[root@node01 ~]# cd /srv/salt/prod/
[root@node01 prod]# mkdir -p web/nginx
[root@node01 nginx]# pwd
/srv/salt/prod/web/nginx
[root@node01 nginx]# vim uninstall.sls 卸载的文件
[root@node01 nginx]# cat uninstall.sls
nginx-uninstall:
pkg.removed:
- name: nginx
[root@node01 nginx]# cd
[root@node01 ~]# tree /srv/salt/prod/
/srv/salt/prod/
└── web
└── nginx
└── uninstall.sls
2 directories, 1 file
[root@node01 ~]# salt 'node02' state.sls web.nginx.uninstall saltenv=prod //卸载完成,默认执行位置是base,如果不是base后面要接saltenv=。。。
node02:
----------
ID: nginx-uninstall
Function: pkg.removed
Name: nginx
Result: True
Comment: All targeted packages were removed.
Started: 20:17:13.466878
Duration: 3470.542 ms
Changes:
----------
nginx:
----------
new:
old:
1:1.16.1-1.el7
nginx-all-modules:
----------
new:
old:
1:1.16.1-1.el7
nginx-mod-http-image-filter:
----------
new:
old:
1:1.16.1-1.el7
nginx-mod-http-perl:
----------
new:
old:
1:1.16.1-1.el7
nginx-mod-http-xslt-filter:
----------
new:
old:
1:1.16.1-1.el7
nginx-mod-mail:
----------
new:
old:
1:1.16.1-1.el7
nginx-mod-stream:
----------
new:
old:
1:1.16.1-1.el7
Summary for node02
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 3.471 s
node02验证
[root@node02 ~]# rpm -qa|grep nginx //只有nginx的依赖包
nginx-filesystem-1.16.1-1.el7.noarch
top file介绍
直接通过命令执行sls文件时够自动化吗?答案是否定的,因为我们还要告诉某台主机要执行某个任务,自动化应该是我们让它干活时,它自己就知道哪台主机要干什么活,但是直接通过命令执行sls文件并不能达到这个目的,为了解决这个问题,top file 应运而生。
top file就是一个入口,top file的文件名可通过在 Master的配置文件中搜索top.sls找出,且此文件必须在 base 环境中,默认情况下此文件必须叫top.sls。
top file的作用就是告诉对应的主机要干什么活,比如让web服务器启动web服务,让数据库服务器安装mysql等等。
top file实例
[root@node01 ~]# cd /srv/salt/base/
[root@node01 base]# ls
web
[root@node01 base]# vim top.sls
[root@node01 base]# cat top.sls
base:
'node02':
- web.nginx.nginx
[root@node01 base]# pwd
/srv/salt/base
[root@node01 base]# ls
top.sls web
[root@node01 base]# salt 'node02' state.highstate //自动安装成功
node02:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: The following packages were installed/updated: nginx
Started: 20:22:51.838140
Duration: 71201.706 ms
Changes:
----------
nginx:
----------
new:
1:1.16.1-1.el7
old:
nginx-all-modules:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-image-filter:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-perl:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-http-xslt-filter:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-mail:
----------
new:
1:1.16.1-1.el7
old:
nginx-mod-stream:
----------
new:
1:1.16.1-1.el7
old:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: Service nginx has been enabled, and is running
Started: 20:24:03.050855
Duration: 260.159 ms
Changes:
----------
nginx:
True
Summary for node02
------------
Succeeded: 2 (changed=2)
Failed: 0
------------
Total states run: 2
Total run time: 71.462 s
进入base修改配置内容
[root@node01 ~]# cd /srv/salt/base
[root@node01 base]# cd web/nginx/
[root@node01 nginx]# ls
1 nginx.sls
[root@node01 nginx]# mv nginx.sls install.sls
[root@node01 nginx]# vim install.sls
[root@node01 nginx]# cat install.sls
nginx-install:
pkg.installed:
- name: nginx
进入prod修改内容
[root@node01 base]# cd /srv/salt/prod/
[root@node01 prod]# ls
web
[root@node01 prod]# cd web/nginx/
[root@node01 nginx]# ls
uninstall.sls
[root@node01 nginx]# mv uninstall.sls service.sls
[root@node01 nginx]# vim service.sls
[root@node01 nginx]# cat service.sls
nginx-service:
service.running:
- name: nginx
- enable: False
[root@node01 ~]# tree /srv/salt
/srv/salt
├── base
│ ├── top.sls
│ └── web
│ └── nginx
│ ├── 1
│ └── install.sls
├── prod
│ └── web
│ └── nginx
│ └── service.sls
└── test
编辑top文件
[root@node01 ~]# vim /srv/salt/base/top.sls
[root@node01 ~]# cat /srv/salt/base/top.sls
base:
'node02':
- web.nginx.install
prod:
'node02':
- web.nginx.service
node02查看nginx状态,此时是开机并且是开机自启
[root@node02 ~]# systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 一 2020-08-17 20:24:03 CST; 9min ago
Main PID: 76115 (nginx)
CGroup: /system.slice/nginx.service
├─76115 nginx: master process /usr/sbin/nginx
├─76116 nginx: worker process
├─76117 nginx: worker process
├─76118 nginx: worker process
└─76119 nginx: worker process
8月 17 20:24:03 node02 systemd[1]: Starting The nginx HTTP and reverse proxy ser.....
8月 17 20:24:03 node02 nginx[76110]: nginx: the configuration file /etc/nginx/ng...ok
8月 17 20:24:03 node02 nginx[76110]: nginx: configuration file /etc/nginx/nginx....ul
8月 17 20:24:03 node02 systemd[1]: Started The nginx HTTP and reverse proxy server.
Hint: Some lines were ellipsized, use -l to show in full.
node01执行命令
[root@node01 nginx]# salt 'node02' state.highstate
node02:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: True
Comment: All specified packages are already installed
Started: 20:41:37.744055
Duration: 1745.244 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: True
Comment: Service nginx has been disabled, and is in the desired state
Started: 20:41:39.492117
Duration: 257.41 ms
Changes:
----------
nginx:
True
Summary for node02
------------
Succeeded: 2 (changed=1)
Failed: 0
------------
Total states run: 2
Total run time: 2.003 s
若top file里面的目标是用 * 表示的,要注意的是,top file里面的 * 表示的是所有要执行状态的目标,而 salt '*' state.highstate 里面的 * 表示通知所有机器干活,而是否要干活则是由top file来指定的
高级状态highstate的使用
[root@node01 nginx]# salt 'node02' state.highstate
若在执行高级状态时加上参数test=True,则它会告诉我们它将会做什么,但是它不会真的去执行这个操作。
node02停掉服务并卸载
[root@node02 ~]# systemctl stop nginx
[root@node02 ~]# yum -y remove nginx
[root@node02 ~]# rpm -qa|grep nginx
nginx-filesystem-1.16.1-1.el7.noarch
node01
[root@node01 ~]# salt 'node02' state.highstate test=True //只会检查是否能够成功,并不会真正的执行
node02:
----------
ID: nginx-install
Function: pkg.installed
Name: nginx
Result: None
Comment: The following packages would be installed/updated: nginx
Started: 20:48:19.208925
Duration: 1479.447 ms
Changes:
----------
ID: nginx-service
Function: service.running
Name: nginx
Result: None
Comment: Service nginx not present; if created in this state run, it would have been started
Started: 20:48:20.691679
Duration: 50.656 ms
Changes:
Summary for node02
------------
Succeeded: 2 (unchanged=2)
Failed: 0
------------
Total states run: 2
Total run time: 1.530 s