• SaltStack(四) 配置管理


    一、state模块与pillar描述

        Salt使用State模块文件进行配置管理,使用YAML编写,以.sls结尾,如果进行配置管理首先需要再Master的配置文件中指定“file roots”的选项,Salt支持的环境的配置,比如开发环节、测试环境、生产环境,但是base环境时必须的,而且base环境必须包含入口文件top.sls

    二、安装nginx同步文件

      第一步:设置file_roots 

          修改Master配置文件,指定Flie_roots
            [root@salt-server ~]# vim /etc/salt/master
            file_roots:
               base:
                 - /srv/salt/
            创建相应的目录
                [root@salt-server ~]# mkdir /srv/salt/ -p
            重启Salt_Master
                [root@salt-server ~]# /etc/init.d/salt-master restart
                Stopping salt-master daemon:                               [确定]
                Starting salt-master daemon:                               [确定]

      第二步:设置top.sls

            在top.sls入口文件设置环境(如生产、开发、测试对应不同的minion和模块)
                [root@salt-server ~]# cat /srv/salt/top.sls
                base:
                  '*':
                    - nginx
            解释:所有的Minion均执行base目录下的init模块下的pkg-int.sls,我们可以把很多的sls放在一个目录中,方便管理,在top.sls只需要指定目录结构即可。

      第三步:编写状态文件

           

    [root@salt-server salt]# cat /srv/salt/nginx/init.sls
            nginx:                      #定义top.sls定义的模块
              pkg:                      #使用pkg模块
                - installed             #安装nginx软件
              service:                  #服务控制模块
                - running               #运行状态
                - enable: True          #权限开启
                - reload: True          #允许reload重启
                - watch:                #控制文件
                  - pkg: nginx          #控制的软件
                  - file: /etc/nginx/nginx.conf     #要控制文件的文件定义名称
                  - file: /etc/nginx/conf.d/default.conf    #要控制文件的文件定义名称
            /etc/nginx/nginx.conf:  #定义控制文件的名称
              file.managed:         #格式语句
                - source: salt://etc/nginx/nginx.conf   #具体的文件目录
                - user: root                            #执行的用户
                - group: root                           #执行的用户组
                - mode: 644                             #文件权限
            /etc/nginx/conf.d/default.conf: #定义控制文件的名称
              file.managed:                 #格式语句
                - source: salt://etc/nginx/conf.d/default.conf #具体的文件目录
                - user: root    #执行的用户
                - group: root   #执行的用户组
                - mode: 644     #文件权限

    第四步:在服务端执行状态

               [root@salt-server nginx]# salt 'salt-client' state.sls nginx
                salt-client:
                ----------
                          ID: nginx
                    Function: pkg.installed
                      Result: True
                     Comment: Package nginx is already installed.
                     Started: 00:56:25.529338
                    Duration: 671.85 ms
                     Changes:
                ----------
                          ID: /etc/nginx/nginx.conf
                    Function: file.managed
                      Result: True
                     Comment: File /etc/nginx/nginx.conf is in the correct state
                     Started: 00:56:26.203403
                    Duration: 13.28 ms
                     Changes:
                
                
                ----------
                
                
                #
                          ID: /etc/nginx/conf.d/default.conf
                    Function: file.managed
                      Result: True
                     Comment: File /etc/nginx/conf.d/default.conf is in the correct state
                     Started: 00:56:26.216797
                    Duration: 2.701 ms
                     Changes:
                ----------
                          ID: nginx
                    Function: service.running
                      Result: True
                     Comment: Service nginx has been enabled, and is running
                     Started: 00:56:26.219708
                    Duration: 264.564 ms
                     Changes:
                              ----------
                              nginx:
                                  True
                
                Summary
                ------------
                Succeeded: 4 (changed=1)
                Failed:    0
                ------------
                Total states run:     4
            根据上面的设置,执行完状态后。Salt会检查Minion上是否有上面编写的三个软件包。如果没有就会自动使用Yum安装上。

    第五步:在客户端执行状态

            root@salt-client salt]# salt-call state.sls nginx
            [INFO    ] Loading fresh modules for state activity
            [INFO    ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://nginx/init.sls'
            [INFO    ] Running state [nginx] at time 00:58:26.812398
            [INFO    ] Executing state pkg.installed for nginx
            [INFO    ] Executing command ['rpm', '-qa', '--queryformat', '%{NAME}_|-%{EPOCH}_|-%{VERSION}_|-%{RELEASE}_|-%{ARCH}_|-(none)
    '] in directory '/root'
            [INFO    ] Package nginx is already installed.
            [INFO    ] Completed state [nginx] at time 00:58:27.524314
            [INFO    ] Running state [/etc/nginx/nginx.conf] at time 00:58:27.527537
            [INFO    ] Executing state file.managed for /etc/nginx/nginx.conf
            [INFO    ] File /etc/nginx/nginx.conf is in the correct state
            [INFO    ] Completed state [/etc/nginx/nginx.conf] at time 00:58:27.533598
            [INFO    ] Running state [/etc/nginx/conf.d/default.conf] at time 00:58:27.534046
            [INFO    ] Executing state file.managed for /etc/nginx/conf.d/default.conf
            [INFO    ] Fetching file from saltenv 'base', ** done ** 'etc/nginx/conf.d/default.conf'
            [INFO    ] File changed:
            ---
            +++
            @@ -3,7 +3,7 @@
             #
            
             server {
            -    listen       80 default_server;
            +    listen       8080 default_server;
                 listen       [::]:80 default_server;
                 server_name  _;
                 root         /usr/share/nginx/html;
            
            [INFO    ] Completed state [/etc/nginx/conf.d/default.conf] at time 00:58:27.671234
            [INFO    ] Running state [nginx] at time 00:58:27.671870
            [INFO    ] Executing state service.running for nginx
            [INFO    ] Executing command '/sbin/service nginx status' in directory '/root'
            [INFO    ] Executing command '/sbin/chkconfig --list nginx' in directory '/root'
            [INFO    ] Executing command '/sbin/runlevel' in directory '/root'
            [INFO    ] Service nginx is already enabled, and is in the desired state
            [INFO    ] Completed state [nginx] at time 00:58:27.752846
            [INFO    ] Running state [nginx] at time 00:58:27.754657
            [INFO    ] Executing state service.mod_watch for nginx
            [INFO    ] Executing command '/sbin/service nginx status' in directory '/root'
            [INFO    ] Executing command '/sbin/service nginx reload' in directory '/root'
            [INFO    ] {'nginx': True}
            [INFO    ] Completed state [nginx] at time 00:58:27.844721
            local:
            ----------
                      ID: nginx
                Function: pkg.installed
                  Result: True
                 Comment: Package nginx is already installed.
                 Started: 00:58:26.812398
                Duration: 711.916 ms
                 Changes:
            ----------
                      ID: /etc/nginx/nginx.conf
                Function: file.managed
                  Result: True
                 Comment: File /etc/nginx/nginx.conf is in the correct state
                 Started: 00:58:27.527537
                Duration: 6.061 ms
                 Changes:
            ----------
                      ID: /etc/nginx/conf.d/default.conf
                Function: file.managed
                  Result: True
                 Comment: File /etc/nginx/conf.d/default.conf updated
                 Started: 00:58:27.534046
                Duration: 137.188 ms
                 Changes:
                          ----------
                          diff:
                              ---
                              +++
                              @@ -3,7 +3,7 @@
                               #
            
                               server {
                              -    listen       80 default_server;
                              +    listen       8080 default_server;
                                   listen       [::]:80 default_server;
                                   server_name  _;
                                   root         /usr/share/nginx/html;
            ----------
                      ID: nginx
                Function: service.running
                  Result: True
                 Comment: Service reloaded
                 Started: 00:58:27.754657
                Duration: 90.064 ms
                 Changes:
                          ----------
                          nginx:
                              True
            
            Summary
            ------------
            Succeeded: 4 (changed=2)
            Failed:    0
            ------------
            Total states run:     4

    三、订制时间自动同步

    1、可将salt-call state.sls nginx命令在客户端添加到crontab中即可
        2、使用SaltStack原生的pillar模块来实现。
            pillar是salt非诚重要的一个组件,它用于给特定的minion定义任何你需要的数据,这些数据可以被salt的其他组件使用。
            salt在0.9.8版本中引入了pillar。
            pillar在解析完成后,是一个嵌套的dict结构,最上层的key是minion ID,其value是该minion所拥有的pillar数据,每个value也都是key/value。这里可以看出pillar的一个特点,pillar数据是与特定minion关联的,也就是说每个minion都是只能看到自己的数据,所以pillar可以用来传递敏感数据(在salt的设计中,pillar使用独立的加密session,也是为了保证敏感数据的安全性)。pillar可以用在那些地方呢?
            
                1、敏感数据
                    例如ssh key,加密证书等,由于pillar使用独立的加密session,可以确保这些敏感数据不被其他minion看到。
                2、变量
                    可以在pillar中处理平台差异性,比如针对不同的操作系统设置软件包的名字,然后在state中引用。
                3、其他任何数据
                    可以在pillar中添加任何需要用到的数据,比如定义用户和UID的对应关系,minion的角色等。
                4、用在targetting中
                    pillar可以用来选择minion,使用-l选项
                    默认情况下,master配置文件中的所有数据都添加到pillar中,且对所有minion可用,如果要禁用这一默认值,可以在master配置文件中添加如下数据,重启服务后生效。
            pillar示例
                http://docs.saltstack.cn/topics/jobs/schedule.html
                
                
            pillar定义定时任务
                首先修改/etc/salt/master中pillar模块的配置
                
                每分钟同步一下nginx配置文件
                [root@salt-server pillar]# cat top.sls
                base:
                  '*':
                    - nginx
                [root@salt-server pillar]# cat nginx.sls
                schedule:
                  nginx:
                    function:state.sls
                    minutes: 1   #每分钟
                    #seconds: 30 #秒级
                    args:
                      - 'nginx'
                salt '*' saltutil.refresh_pillar  #刷新所有机器上的pillar
                salt '*' pillar.data #查看所有机器上的pillar

    四:操作练习   

            下面是我生产安装Haproxy的案例,使用的源码,敬请参考下。      
          

     haproxy-install:
            file.managed:
            - name: /usr/local/src/haproxy-1.5.3.tar.gz
            - source: salt://haproxy/files/haproxy-1.5.3.tar.gz
            - mode: 755
            - user: root
            - group: root
            cmd.run:
            - name: cd /usr/local/src && tar zxf haproxy-1.5.3.tar.gz && cd haproxy-1.5.3 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy
            - unless: test -d /usr/local/haproxy
            - require:
            - file: haproxy-install
            
            /etc/init.d/haproxy:
            file.managed:
            - source: salt://haproxy/files/haproxy.init
            - mode: 755
            - user: root
            - group: root
            - require:
            - cmd: haproxy-install
            
            net.ipv4.ip_nonlocal_bind:
            sysctl.present:
            - value: 1
            
            haproxy-config-dir:
            file.directory:
            - name: /etc/haproxy
            - mode: 755
            - user: root
            - group: root
            
            haproxy-init:
            cmd.run:
            - name: chkconfig --add haproxy
            - unless: chkconfig --list | grep haproxy
                    - require:
                    - file: /etc/init.d/haproxy
            下面是我生产同步nginx配置文件的案例,使用的源码。
            nginx:
              pkg:
                - installed
              service:
                - running
                - enable: True
                - reload: True
                -watch:
                  - pkg: nginx
                  - file: /etc/nginx/nginx.conf
                  - file: /etc/nginx/conf.d/default.conf
            /etc/nginx/nginx.conf:
              file.managed:
                - source: salt://etc/nginx.nginx.conf
                - user:root
                - group: root
                - mode: 644
            /etc/nginx/conf.d/default.conf
              file.managed:
                - source:salt://etc/nginx/conf.d/default.conf
                - user: root
                - group: root
                - mode: 644
                
  • 相关阅读:
    解决前端从url路径上拿到的中文乱码
    仪表盘双层结构图
    element ui 按钮显示
    vue在手机上运行,打包之后显示
    echarts使用遇到的一些问题总结,比如颜色改变,文字位置调整
    微信小程序地图移动到指定的位置
    微信小程序多边形地图显示
    button取消边框
    代码审计小记 (一)
    [root-me](web-client)write up 一个大坑怎么填啊
  • 原文地址:https://www.cnblogs.com/cxcx/p/6212293.html
Copyright © 2020-2023  润新知