• salt 配置管理


    索引

    saltstack入门
    salt state sls 描述文件
    saltstack配置管理高级功能

    saltstack入门

    192.168.86.3 salt
    修改
    [root@Zabbix-sever salt]# salt-key -L
    Accepted Keys:
    Denied Keys:
    Unaccepted Keys:
    members.sunpie.com
    node2.com
    Zabbix-sever
    minion名称
    /bin/rm /etc/salt/minion_id
    systemctl restart salt-minion.service 
    
    
    sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch
    
    /etc/salt/master State file location
    file_roots:
      base:
        - /srv/salt
    
    zeromq
    4505 send message
    4506 receive message
    
     yum install -y python-setproctitle #显示进程名
    root     44524     1 27 08:27 ?        00:00:00 /usr/bin/python /usr/bin/salt-master ProcessManager
    root     44536 44524  0 08:27 ?        00:00:00 /usr/bin/python /usr/bin/salt-master MultiprocessingLoggingQueue
    
    让grains生效两种方法
    systemctl restart salt-minion
    salt '*' saltutil.sync_grains
    
      [ "$PS1" = "\s-\v\$ " ] && PS1="[u@h w]\$ "
      [ "$PS1" = "\s-\v\$ " ] && PS1="[u@h W]\$ "
    wW相对路径,绝对路径
    
    [root@Zabbix-server /srv/salt/_grains]# cat my_grains.py 
    #!/usr/bin/env python
    #-*- coding:utf-8 -*-
    def my_grains():
            #初始化字典
            grains={}
            grains['iaas']='openstack'
            grains['edu']='oldboy'
            return grains
    分发py文件
    [root@Zabbix-server ~]# salt '*' saltutil.sync_grains 
    Zabbix-sever:
        - grains.my_grains
    node2.com:
        - grains.my_grains
    
    [root@Zabbix-server /var/cache/salt]# salt '*' grains.item iaas 
    node2.com:
        ----------
        iaas:
            openstack
    Zabbix-sever:
        ----------
        iaas:
            openstack
    [root@Zabbix-server /var/cache/salt]# 
    
    
    Grians优先级:
         1.系统自带,
         2.grains文件写的
         3.minion配置文件写的
         4.自己写的。
    
    salt '*' state.apply这样就会执行top。sls中定义的行为
    top.sls
    #####      State System settings     #####
    ##########################################
    # The state system uses a "top" file to tell the minions what environment to
    # use and what modules to use. The state_top file is defined relative to the
    # root of the base environment as defined in "File Server settings" below.
    #state_top: top.sls
    
    # The master_tops option replaces the external_nodes option by creating
    # a plugable system for the generation of external top data. The external_nodes
    # option is deprecated by the master_tops option.
    #
    # To gain the capabilities of the classic external_nodes system, use the
    # following configuration:
    # master_tops:
    #   ext_nodes: <Shell command which returns yaml>
    #
    #master_tops: {}
    
    
    [root@Zabbix-server /srv/pillar/web]# salt '*' pillar.items apache
    Zabbix-sever:
        ----------
        apache:
    node2.com:
        ----------
        apache:
            httpd
    [root@Zabbix-server /srv/pillar/web]# salt '*' saltutil.refresh_pillar
    node2.com:
        True
    Zabbix-sever:
        True
    [root@Zabbix-server /srv/pillar/web]# salt '*' pillar.items apache    
    Zabbix-sever:
        ----------
        apache:
    node2.com:
        ----------
        apache:
            httpd
    
    [root@Zabbix-server /srv]# tree .
    .
    ├── pillar
    │   ├── top.sls
    │   └── web
    │       └── apache.sls
    └── salt
        ├── _grains
        │   └── my_grains.py
        ├── top.sls
        └── web
            └── apache.sls
    
    [root@Zabbix-server /srv/pillar/web]# salt -I 'apache:httpd' cmd.run 'w'      
    node2.com:
         23:45:26 up  2:05,  2 users,  load average: 0.00, 0.01, 0.05
        USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
        root     pts/0    192.168.86.1     21:40    1:44m  0.15s  0.15s -bash
    [root@Zabbix-server /srv/pillar/web]# 
    
    1.目标选择
    
    Grains VS Pillar
    
             类型     数据采集方式      应用场景                      定义位置
    
    Grains   静态    minion启动时收集  数据查询  目标选择  配置管理   minion
    Pillar   动态     master自定义     目标选择  配置管理  敏感数据   master
    
    目标选择
    1,通配符,正则表达式
    salt -E '(node1|node2)' test.ping
    2,
    
    [root@node1 ~]# salt -S 192.168.86.0/24 test.ping
    node2.com:
    
    https://www.unixhot.com/docs/saltstack/topics/targeting/index.html
    
    
    #####         Node Groups           #####
    ##########################################
    # Node groups allow for logical groupings of minion nodes. A group consists of a group
    # name and a compound target.
    #nodegroups:
    #  group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
    #  group2: 'G@os:Debian and foo.domain.com'
    nodegroups:
      web: 'L@node2.com,node1.com'
      group1: 'L@node1.com,node2.com'
      group2: 'L@node2.com and node2.com'
    [root@node1 /etc/salt]# systemctl restart master
    [root@node1 /etc/salt]# salt -N web cmd.run "w"
    
    
    
    https://www.unixhot.com/docs/saltstack/topics/execution/index.html
    远程执行
    salt的模块都在
    /usr/lib/python2.7/site-packages/salt/modules
    
    service
    network
    salt '*' network.active_tcp
    salt '*' service.available sshd
    salt '*' service.restart sshd
    salt '*' state.single pkg.installed name=lsof
    
    
    自定义模块
    1,建目录
    2,写py文件
    3,刷新
    [root@node1 /srv/salt/_modules]# pwd
    /srv/salt/_modules
    [root@node1 /srv/salt/_modules]# ll
    total 4
    -rw-r--r-- 1 root root 58 Jan  1 05:33 my_disk.py
    [root@node1 /srv/salt/_modules]# cat my_disk.py 
    def list():
            cmd='df -h'
            return __salt__['cmd.run'](cmd)
    [root@node1 /srv/salt/_modules]# 
    salt '*' saltutil.sync_modules 
    salt '*' my_disk.list
    
    [root@node2 salt]# tree /var/cache/salt/
    /var/cache/salt/
    └── minion
        ├── accumulator
        ├── extmods
        │   ├── grains
        │   │   ├── my_grains.py
        │   │   └── my_grains.pyc
        │   └── modules
        │       └── my_disk.py
        ├── files
        │   └── base
        │       ├── _grains
        │       │   └── my_grains.py
        │       ├── _modules
        │       │   └── my_disk.py
        │       ├── top.sls
        │       └── web
        │           └── apache.sls
        ├── highstate.cache.p
        ├── module_refresh
        ├── pkg_refresh
        ├── proc
        └── sls.p
    
    
    [root@node1 ~]# salt '*' saltutil.refresh_modules
    node2.com:
        True
    node1.com:
        True
    

    salt state sls 描述文件

    名称ID声明, 默认是name声明
    [root@node1 /srv/salt/web]# cat apache.sls 
    apache-install: #	id声明
      pkg.installed:
        - names:
          - httpd
          - httpd-devel
    
    apache-service:   #id声明 高级状态,id必须唯一(可以不唯一但是容易出问题)
      service.running:  #State声明 状态声明
        - name: httpd  #选项声明
        - enable: True
    
    lamp安装
    pkg常用模块,
    pkg.installed
    pkg.group-installed
    pkg.lated  ensure the latest version
    pkg.purge uninstall
    
    
    1,安装软件 pkg
    2,配置文件 file
    3,启动 service
    
    一个状态模块不能重复使用
    
    file_roots:
      base:
        - /srv/salt
    这时下面的文件就是在/srv/salt/lamp/files/my.cnf
        - source: salt://lamp/files/my.cnf
    
    salt 'node2.com' state.sls lamp.lamp
    
    [root@node1 /srv/salt/lamp]# cat lamp.sls 
    lamp-pkg:
      pkg.installed:
        - pkgs:
          - mariadb
          - mariadb-server
          - php
          - httpd
          - php-mysql
          - php-cli
          - php-mbstring
    
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://lamp/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
    
    php-config:
      file.managed:
        - name: /etc/php.ini
        - source: salt://lamp/files/php.ini
        - user: root
        - group: root
        - mode: 644
    
    mysql-config:
      file.managed:
        - name: /etc/my.cnf
        - source: salt://lamp/files/my.cnf
        - user: root
        - group: root
        - mode: 644
    
    apache-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True
    
    mysql-service:
      service.running:
        - name: mariadb
        - enable: True
        - reload: True
    
    也可以这么写
    apache-server:
      pkg.installed:
        - pkgs:
          - httpd
          - php
      file.managed: 
        - name: /etc/php.ini
        - source: salt://lamp/files/php.ini
        - user: root
        - group: root
        - mode: 644
      service.running:
        - name: httpd
        - enable: True
        - reload: True
    
    
    1。我依赖谁: require
    apache-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True
        - require: 
          - pkg: lamp-pkg
    2。我被谁依赖: require-in
    3。我监控谁:watch,watch本身包含require
    apache-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True
        - require: 
          - pkg: lamp-pkg
        - watch:
          - file: apache-config
    1,如果apache-config这个id状态发生变化就reload
    2,如果不加reload=Ture,那么就restart
    
    4。我被谁监控:watch-in
    5。我引用谁
    新建lamp.pkg,然后再apache.sls中加入下面的行,
    [root@node1 /srv/salt/lamp]# cat init.sls 
    include:
      - lamp.pkg
      - lamp.config
      - lamp.service
    安装,配置,启动,这样分,也可以单独写,可以让别的模块include,-lamp.apache,- lamp.mysql
    6。我扩展谁
    
    
    如何编写sls技巧:
    1,按照状态分类 如果单独使用,很清晰
    2,按照服务分类 可以被其他的SLS include。如LNMP include mysql
    
    
    
    yaml-jinja2
    两种分隔符:{%  %}表达式, {{    }}变量
    
    1,要使用template
        - template: jinja
    2,列出参数列表
        - defaults:
          PORT: 88
    3,在模板引用
    Listen {{ PORT }}
    实例如下:
    [root@node1 /srv/salt/lamp]# cat config.sls 
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://lamp/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
        - template: jinja
        - defaults:
          PORT: 88
    
    jinjia模板3个地方可以使用,pillar,grains,salt
    1,写在模板
    [root@node1 /srv/salt/lamp]# vim files/httpd.conf
    Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }}
    
    [root@node1 /srv/salt/lamp]# salt '*' network.hw_addr eno16777736
    node2.com:
        00:0c:29:48:1b:64
    node1.com:
        00:0c:29:77:60:c0
    
    Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }}
    # hardware address {{ salt['network.hw_addr']('eno16777736') }}
    
    
    # pillar {{ pillar['apache'] }}
    2,在sls里面写,比较清晰,能看到所有的变量
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://lamp/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
        - template: jinja
        - defaults:
          ADDR:  {{ grains['fqdn_ip4'][0] }}
          PORT: 88
    
    
    salt 'node2.com' state.sls lamp.init
    
    https://github.com/saltstack-formulas
    
    Compound matchers allow very granular minion targeting using any of Salt's matchers. 
    [root@node1 ~]# salt -C '* not G@fqdn_ip4:192.168.86.4' test.ping                  
    node1.com:
        True
    [root@node1 ~]# salt -C '* not G@fqdn_ip4:192.168.86.4' test.ping
    node1.com:
        True
    [root@node1 ~]# salt -C '* not I@apache:httpd' test.ping                          
    node1.com:
        True
    [root@node1 ~]# salt -C '* not I@apache:httpd' test.ping^C
    [root@node1 ~]# 
    
    生产环境要先执行test等于True
    root salt '*' state.highstate
    root salt '*' state.highstate test=true
    
    
    建议所有file模块都加上backup
      file.managed:
        - name: /etc/zabbix/zabbix_agentd.conf
        - source: salt://init/files/zabbix_agentd.conf
        - backup: minion
    
    
    haproxy下载
    https://github.com/haproxy/haproxy/archive/master.zip
    
    切换base环境
    
    salt '*' state.sls haproxy.install saltenv=prod
    继续学习状态间关系
    
    条件判断:
    unless: 条件为真就
    onlyif
    
    
    haproxy 配置
    global
    maxconn 100000
    chroot /usr/local/haproxy
    uid 99  
    gid 99 
    daemon
    nbproc 1 
    pidfile /usr/local/haproxy/logs/haproxy.pid 
    log 127.0.0.1 local3 info
    
    defaults
    option http-keep-alive
    maxconn 100000
    mode http
    timeout connect 5000ms
    timeout client  50000ms
    timeout server 50000ms
    
    listen stats
    mode http
    bind 0.0.0.0:8888
    stats enable
    stats uri     /haproxy-status 
    stats auth    haproxy:saltstack
    
    frontend frontend_www_example_com
    bind 192.168.3.21:80
    mode http
    option httplog
    log global
        default_backend backend_www_example_com
    
    backend backend_www_example_com
    option forwardfor header X-REAL-IP
    option httpchk HEAD / HTTP/1.0
    balance source
    server web-node1  192.168.3.21:8080 check inter 2000 rise 30 fall 15
    server web-node2  192.168.3.22:8080 check inter 2000 rise 30 fall 15
    

    saltstack配置管理高级功能

    git clone https://github.com/unixhot/saltbook-code
    
    修改install。sls中目录添加modules
    salt '*' state.sls modules.keepalived.install saltenv=prod
    
    可以这样设置参数
    [root@node1 /srv/salt/prod/modules/keepalived]# cat install.sls
    {% set keepalived_tar =  'keepalived-1.2.17.tar.gz'  %}
    keepalived-install:
      file.managed:
        - name: /usr/local/src/{{ keepalived_tar }}
        - source: salt://modules/keepalived/files/{{ keepalived_tar }}
        - mode: 755
        - user: root
        - group: root
      cmd.run:
        - name: cd /usr/local/src && tar zxf {{ keepalived_tar }} && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
        - unless: test -d /usr/local/keepalived
        - require:
          - file: keepalived-install
    
    
    under /root/saltbook-code/salt/prod/cluster
    copy haproxy-outside-keepalived.sls
    
    ll files/haproxy-outside-keepalived.conf
    
    这两个文件到/srv/salt/prod/cluster 还有files对应的目录
    然后修改这两个文件
    
    
    
    listen stats
    mode http
    bind 0.0.0.0:8888
    stats enable
    stats uri     /haproxy-status
    stats auth    haproxy:saltstack
    
    frontend frontend_www_example_com
    bind 192.168.3.21:80
    mode http
    option httplog
    log global
        default_backend backend_www_example_com
    
    backend backend_www_example_com
    option forwardfor header X-REAL-IP
    option httpchk HEAD / HTTP/1.0
    balance source
    server web-node1  192.168.3.3:8080 check inter 2000 rise 30 fall 15
    server web-node2  192.168.3.4:8080 check inter 2000 rise 30 fall 15
    
    
    php session share
    http://php.net/manual/en/memcached.sessions.php
    
    
    CDN  一般都有302总调度器
    
    
    job管理
    
    saltutl
    
    
    
    [root@node1 /usr/lib/systemd/system]# cat /usr/lib/systemd/system/nginx.service
    [Unit]
    Description=dengshen
    After=network.target
    
    [Service]
    Type=forking
    PIDFile=/usr/local/nginx/logs/nginx.pid
    ExecStart=/usr/local/nginx/sbin/nginx
    ExecReload=/usr/local/nginx/sbin/nginx -s reload
    ExecStop=/usr/local/nginx/sbin/nginx -s stop
    
    
    [Install]
    WantedBy=multi-user.target
    [root@node1 /usr/lib/systemd/system]#
    
    安装完成的service文件
    [root@node2 ~]# cat /usr/lib/systemd/system/nginx.service
    [Unit]
    Description=The nginx HTTP and reverse proxy server
    After=network.target remote-fs.target nss-lookup.target
    
    [Service]
    Type=forking
    PIDFile=/run/nginx.pid
    # Nginx will fail to start if /run/nginx.pid already exists but has the wrong
    # SELinux context. This might happen when running `nginx -t` from the cmdline.
    # https://bugzilla.redhat.com/show_bug.cgi?id=1268621
    ExecStartPre=/usr/bin/rm -f /run/nginx.pid
    ExecStartPre=/usr/sbin/nginx -t
    ExecStart=/usr/sbin/nginx
    ExecReload=/bin/kill -s HUP $MAINPID
    KillSignal=SIGQUIT
    TimeoutStopSec=5
    KillMode=process
    PrivateTmp=true
    
    [Install]
    WantedBy=multi-user.target
    
    
    配置文件放在业务层面,
    
    
    
    return write in mysql
    [root@node1 /var/cache/salt/master]# tail /etc/salt/master
    #####      Returner settings          ######
    ############################################
    # Which returner(s) will be used for minion's result:
    #return: mysql
    return: mysql
    mysql.host: '192.168.3.3'
    mysql.port: '3306'
    mysql.user: 'salt'
    mysql.pass: 'salt@pw'
    mysql.db: 'salt'
    
    
    [root@node1 /var/cache/salt/master]# salt '*' saltutil.running
    node2.com:
    node1.com:
    
    
    
     salt-run jobs.list_jobs|head -50
     salt-run jobs.lookup_jid 20170213020211363725
    
     1102  2017-02-13 05:48:30 root salt-run jobs.list_jobs
     1103  2017-02-13 05:48:58 root salt-run jobs.list_jobs|head
     1104  2017-02-13 05:49:29 root salt-run jobs.list_jobs|head -50
     1105  2017-02-13 05:50:08 root salt-run jobs.lookup_jid 20170213020211363725
     1106  2017-02-13 05:57:32 root salt-run manage.statue
     1107  2017-02-13 05:57:35 root salt-run manage.status
     1108  2017-02-13 05:57:47 root salt-run manage.versions
     1109  2017-02-13 05:57:56 root salt-run manage.up
    
    
    master-less
    salt-call
    minion需要停止服务 salt-call --local highstate
    
    
    multi master:
    /etc/salt/pki/master/minions   公钥文件
    file_root 
    pillar_root
    
    
    minion配置
    master:
      - 192.168.3.4
      - 192.168.3.3
    
    ==== sls使用git或者svn管理
    
    salt syndic
     1, 必须运行在一个master上
     salt-master->  saltmaster+salt syndic -> salt minion
  • 相关阅读:
    改进的延时函数Delay(使用MsgWaitForMultipleObjects等待消息或超时的到来)
    罗斯福新政
    保存网页为图片——滚动截取IE(WebBrowse)
    Linux LVM硬盘管理及LVM分区扩容
    visual leak dector内存泄漏检测方法
    小智慧30
    函数调用的原理
    HTTP协议漫谈
    Boost源码剖析之:泛型指针类any
    扩展C++ string类
  • 原文地址:https://www.cnblogs.com/WisWang/p/6537304.html
Copyright © 2020-2023  润新知