条件判断!!!
[root@master base]# vim test.sls
[root@master base]# cat test.sls
test_nginx_install:
pkg.installed:
{% if grains['os'] == 'CentOS Stream' %}
- name: httpd
{% elif grains['os'] == 'Ubuntu' %}
- name: apache2
{% endif %}
[root@master base]# salt '*' state.sls test
laolin:
----------
ID: test_nginx_install
Function: pkg.installed
Name: httpd
Result: True
Comment: The following packages were installed/updated: httpd
Started: 23:20:09.232823
Duration: 13185.645 ms
Changes:
----------
......中间省略N行!!!
mod_http2:
----------
new:
1.15.7-3.module_el8.4.0+778+c970deab
old:
Summary for laolin
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 13.186 s
循环语句!!!!
[root@master base]# vim test3.sls
[root@master base]# cat test3.sls
{% for user in ['test1','test2','test3'] %}
{{ user }}:
user.present
{% endfor %}
[root@laolin ~]# id test1
id: “test1”:无此用
[root@master base]# salt '*' state.sls test3
laolin:
----------
ID: test1
Function: user.present
Result: True
Comment: New user test1 created
Started: 23:24:16.337459
Duration: 330.21 ms
Changes:
----------
fullname:
gid:
1000
groups:
- test1
home:
/home/test1
homephone:
name:
test1
other:
passwd:
x
roomnumber:
shell:
/bin/bash
uid:
1000
workphone:
----------
ID: test2
......中间省略N行!!!!
Summary for laolin
------------
Succeeded: 3 (changed=3)
Failed: 0
------------
Total states run: 3
Total run time: 1.015 s
[root@laolin ~]# id test1
uid=1000(test1) gid=1000(test1) 组=1000(test1)
[root@laolin ~]# id test2
uid=1001(test2) gid=1001(test2) 组=1001(test2)
masterless!!!!
master 与 minion 网络不通或通信有延迟,即网络不稳定
想在 minion 端直接执行状态
统的 SaltStack 是需要通过 master 来执行状态控制 minion
从而实现状态的管理,但是当网络不稳定的时候,当想在minion本地执行状态的时候,当在只有一台主机的时候,想执行状态该怎么办呢?这就需要用到
masterless 了。
有了masterless,即使你只有一台主机,也能玩saltstack,而不需要你有N台主机架构。
masterless配置!!!
- 注释master行
- 取消注释file_client并设其值为local
- 设置file_roots
- 设置pillar_roots
[root@laolin ~]# vim /etc/salt/minion
#master: 192.168.160.110
#file_client: remote
file_client: local
file_roots:
base:
- /srv/salt/
# dev:
pillar_roots:
base:
- /srv/pillar
关闭salt-minion服务
[root@laolin ~]# systemctl stop salt-minion
[root@laolin ~]# systemctl disable salt-minion
Removed /etc/systemd/system/multi-user.target.wants/salt-minion.service.
salt-call!
[root@laolin ~]# salt-call cmd.run 'date'
local:
Wed Jul 21 23:53:47 EDT 2021
[root@laolin ~]# salt-call --local cmd.run 'date'
local:
Wed Jul 21 23:52:45 EDT 2021
[root@laolin ~]# salt-call --local cmd.run 'uptime'
local:
23:54:56 up 2:10, 3 users, load average: 0.43, 0.21, 0.13
[root@laolin base]# vim test.sls
[root@laolin base]# cat test.sls
test:
pkg.installed:
- name: wget
[root@laolin base]# salt-call --local state.sls test
local:
----------
ID: test
Function: pkg.installed
Name: wget
Result: True
Comment: The following packages were installed/updated: wget
Started: 23:57:15.702367
Duration: 183490.549 ms
Changes:
----------
wget:
----------
new:
1.19.5-10.el8
old:
Summary for local
------------
Succeeded: 1 (changed=1)
Failed: 0
------------
Total states run: 1
Total run time: 183.491 s
[root@laolin base]# which wget
/usr/bin/wget
salt-master高可用
涉及到高可用时,数据的同步是个永恒的话题,我们必须保证高可用的2个master间使用的数据时一致的,包括:
/etc/salt/master配置文件
/etc/salt/pki目录下的所有key
/srv下的salt和pillar目录下的所有文件
保障这些数据同步的方案有:
nfs挂载
rsync同步
使用gitlab进行版本控制
为保证数据的同步与防止丢失,可将状态文件通过gitlab进行版本控制管理
| 主机 | IP |
|---|---|
| master | 192.168.160.111 |
| master2 | 192.168.160.132 |
| minion | 192.168.160.111 |
修改 minion端的minion配置文件!!!
[root@laolin ~]# vim /etc/salt/minion
master:
- 192.168.160.110
- 192.168.160.132
# NOTE: Deprecated in Salt 2019.2.0. Use 'random_master' instead.
master_shuffle: True
master_type: failover
master_alive_interval: 3
同步master端的配置和数据!!
[root@master ~]# scp /etc/salt/master 192.168.160.132:/etc/salt/master
The authenticity of host '192.168.160.132 (192.168.160.132)' can't be established.
ECDSA key fingerprint is SHA256:XAzeH5440YkQM5u/7ll7Mudg2q3V6nVeSiLbMGt8APQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.160.132' (ECDSA) to the list of known hosts.
root@192.168.160.132's password:
master 100% 50KB 3.6MB/s 00:00
[root@master ~]# scp -r /etc/salt/pki 192.168.160.132:/etc/salt/pki
root@192.168.160.132's password:
laolin 100% 451 307.2KB/s 00:00
master 100% 451 333.0KB/s 00:00
master 100% 451 283.1KB/s 00:00
master.pem 100% 1675 1.3MB/s 00:00
master.pub 100% 451 333.1KB/s 00:00
minion.pem 100% 1675 860.8KB/s 00:00
minion.pub 100% 451 362.6KB/s 00:00
[root@master ~]# scp -r /srv/salt 192.168.160.132:/srv/salt
root@192.168.160.132's password:
zabbix-5.4.2.tar.gz 100% 23MB 79.6MB/s 00:00
zabbix_agentd.service 100% 323 51.3KB/s 00:00
selinux_config 100% 547 137.3KB/s 00:00
salt_minion_config 100% 38KB 15.4MB/s 00:00
.....以下省略N行!!!
重启minion端
[root@laolin ~]# systemctl status salt-minion.service
● salt-minion.service - The Salt Minion
Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-07-22 00:48:10 EDT; 52s ago
Docs: man:salt-minion(1)
file:///usr/share/doc/salt/html/contents.html
https://docs.saltstack.com/en/latest/contents.html
Main PID: 215418 (salt-minion)
Tasks: 8 (limit: 23484)
在master上接收minion的秘钥!!
[root@master ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
laolin
Rejected Keys:
[root@master ~]# salt-key -Ay
The following keys are going to be accepted:
Unaccepted Keys:
laolin
Key for minion minion accepted.
[root@master1 ~]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
laolin
Rejected Keys:
[root@master2 ~]# salt-key -Ay
The following keys are going to be accepted:
Unaccepted Keys:
laolin
Key for minion minion accepted.
测试效果!!!
[root@master ~]# salt laolin test.ping
laolin:
True
//模拟master宕机
[root@master ~]# systemctl stop salt-master
[root@master ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@master1 ~]# salt laolin test.ping
laolin:
True
//模拟master2宕机
[root@master2 ~]# systemctl stop salt-master
[root@master2 ~]# ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:* [root@master ~]# salt minion test.ping
minion:
True
134
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
