• SaltStack部署服务及配置管理apache+php-第二篇


    实验目标

    1.使用SaltStack部署apache和php,

    2.使用salt管理httpd.conf配置文件配置访问info.php使用账户密码

    3.在salt里面增加对conf.d目录进行配置管理

    4.如何使用salt在追加文件内容

    5.学会如何使用 watch require unless

    实现步骤

    修改master的配置文件,指定base环境路径,base环境是必须指定的
    [root@linux-node1 base]# grep  -9  ^file_roots /etc/salt/master  |grep -v ^#
    file_roots:
      base:
        - /srv/salt/base
      dev:
        - /srv/salt/dev
      test:
        - /srv/salt/test
      prod:
        - /srv/salt/prod
    创建目录
    [root@linux-node1 base]# mkdir -p /srv/salt/{base,dev,test,prod}
    [root@linux-node1 base]# tree /srv/salt/
    /srv/salt/
    ├── base
    ├── dev
    ├── prod
    └── test
    重启master
    [root@linux-node1 base]# systemctl restart salt-master
    在base目录下面创建一个web目录用于存放web相关的sls文件
    [root@linux-node1 base]# mkdir -p web
    cd到bash/web目录里面创建apache.sls文件
    [root@linux-node1 base]# cd web/
    [root@linux-node1 web]# cat apache.sls 
    apache-install:   #id 名字自己取 需要形象一点, 一个id下面一个状态只能出现一次
      pkg.installed:  #pkg 是状态模块,installed 是模块里面的方法
        - name: httpd #方法里面的参数
    apache-service:
      service.running:
        - name: httpd
        - enable: True #设置开机自动启动
    #yaml里面格式有严格的要求,注释用#号,不能有table,- 两边需要空格,缩进用2个空格层级关系后面要加分号
     执行状态模块部署服务
    [root@linux-node1 base]# salt "linux-node2*" state.sls apache
    linux-node2.example.com:
    ----------
              ID: apache-install
        Function: pkg.installed
            Name: httpd
          Result: True
         Comment: Package httpd is already installed.
         Started: 14:58:09.228934
        Duration: 633.681 ms
         Changes:   
    ----------
              ID: apache-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is running
         Started: 14:58:09.863302
        Duration: 310.567 ms
         Changes:   
                  ----------
                  httpd:
                      True
    
    Summary
    ------------
    Succeeded: 2 (changed=1)
    Failed:    0
    ------------
    Total states run:     2
    #此时node2 上面已经部署好了apache
    高级状态的使用 需要在master配置文件里面打开 state_top: top.sls并重启master

    [root@linux-node1 web]# grep -n ^state_top /etc/salt/master
    329:state_top: top.sls
    [root@linux-node1 web]# systemctl restart salt-master

    在bese环境目录下面添加top.sls
    [root@linux-node1 base]# more top.sls 
    base:
      'linux-node2.example.com':
        - web.apache
      'linux-node1.example.com':
        - web.apache
    [root@linux-node1 base]# pwd
    /srv/salt/base
    执行高级模块方法,高级方法到 base下面找top.sls  文件编排告诉每个minion需要干什么,一般生产环境用高级状态多些
    [root@linux-node1 base]#   salt "*" state.highstate 
    linux-node1.example.com:
    ----------
              ID: apache-install
        Function: pkg.installed
            Name: httpd
          Result: True
         Comment: Package httpd is already installed.
         Started: 15:23:08.597951
        Duration: 709.521 ms
         Changes:   
    ----------
              ID: apache-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 15:23:09.308417
        Duration: 233.623 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 2
    Failed:    0
    ------------
    Total states run:     2
    linux-node2.example.com:
    ----------
              ID: apache-install
        Function: pkg.installed
            Name: httpd
          Result: True
         Comment: Package httpd is already installed.
         Started: 15:23:09.171596
        Duration: 721.901 ms
         Changes:   
    ----------
              ID: apache-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 15:23:09.894209
        Duration: 221.615 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 2
    Failed:    0
    ------------
    Total states run:     2
     上面我们使用了2个状态模块pkg和service,下面我们使用file文件配置模块 

    模块使用参考文档

    https://www.unixhot.com/docs/saltstack/ref/states/all/salt.states.file.html#module-salt.states.file 
    在base/web目录下面添加一个lamp.sls,一般在添加里面的内容之前需要在外面找一台服务器进行测试拿到准确的包信息后再进行配置

    [root@linux-node1 web]# cat lamp.sls
    lamp-install:
    pkg.installed:
    - pkgs:
    - httpd
    - php
    - php-pdo
    - php-mysql

    apache-config:
    file.managed:
    - name: /etc/httpd/conf/httpd.conf #服务实际使用的文件路径
    - source: salt://web/files/httpd.conf #salt的源文件用于分发到minion上面 路径是base目录下面的web 这里也支持http和ftp方式
    - user: root
    - group: root
    - mode: 644

    php-config:
    file.managed:
    - name: /etc/php.ini
    - source: salt://web/files/php.ini
    - user: root
    - group: root
    - mode: 644

    lamp-service:
    service.running:
    - name: httpd
    - enable: True

    拷贝源文件到base/web目录下,这个根据自己的实际情况找源文件拷贝过来

    [root@linux-node1 web]# cp /etc/httpd/conf/httpd.conf /srv/salt/base/web/files/
    [root@linux-node1 web]# cp /etc/php.ini /srv/salt/base/web/files/

    执行状态模块部署服务
    [root@linux-node1 web]# salt "*" state.sls web.lamp
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 15:43:56.883540
        Duration: 633.814 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 15:43:57.520199
        Duration: 4.242 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 15:43:57.524589
        Duration: 4.149 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 15:43:57.529404
        Duration: 258.952 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 4
    Failed:    0
    ------------
    Total states run:     4
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 15:43:58.566172
        Duration: 611.409 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 15:43:59.180091
        Duration: 4.063 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 15:43:59.184248
        Duration: 3.803 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 15:43:59.188496
        Duration: 208.1 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 4
    Failed:    0
    ------------
    Total states run:     4
     使用file模块下面的recurse方法进行apache的conf.d目录管理配置如下
    apache-conf:
      file.recurse:
        - name: /etc/httpd/conf.d
        - source: salt://web/files/apache-conf.d
    创建salt源目录,并拷贝数据导源文件目录,数据文件来源根据自己业务的实际情况
    [root@linux-node1 ~]# mkdir /srv/salt/base/web/files/apache-conf.d
    [root@linux-node1 ~]# cd /srv/salt/base/web/files/apache-conf.d/
    [root@linux-node1 apache-conf.d]# cp -a /etc/httpd/conf.d/* .
    [root@linux-node1 apache-conf.d]# ls
    autoindex.conf php.conf README userdir.conf welcome.conf
    [root@linux-node1 apache-conf.d]#

    测试在files/apache-conf.d/welcome.conf 添加一行#xiewenming test

    [root@linux-node1 files]# echo "#xieweming test" >> apache-conf.d/welcome.conf 
    验证目录管理是否生效

    可以先使用test=True 只做测试,不会在minion节点上面真正执行,确认无问题后再让minion去执行

    [root@linux-node1 files]# salt "linux-node2*" state.highstate test=True
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 16:12:56.440265
        Duration: 666.288 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: The file /etc/httpd/conf/httpd.conf is in the correct state
         Started: 16:12:57.108448
        Duration: 3.959 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: The file /etc/php.ini is in the correct state
         Started: 16:12:57.112503
        Duration: 3.61 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 16:12:57.116505
        Duration: 244.585 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: None
         Comment: #### /etc/httpd/conf.d/welcome.conf ####
                  The file /etc/httpd/conf.d/welcome.conf is set to be changed
         Started: 16:12:57.361390
        Duration: 1096.52 ms
         Changes:   
                  ----------
                  /etc/httpd/conf.d/welcome.conf:
                      ----------
                      diff:
                          --- 
                          +++ 
                          @@ -20,3 +20,4 @@
                           Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
                           Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
                           Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
                          +#xieweming test
    
    Summary
    ------------
    Succeeded: 5 (unchanged=1, changed=1)
    Failed:    0
    ------------
    Total states run:     5
    验证没有问题在node1和node2上面都执行

    我们这里就2台所有可以直接用*

    [root@linux-node1 files]# salt "*" state.highstate 
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 16:19:31.724191
        Duration: 782.903 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 16:19:32.509438
        Duration: 4.62 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 16:19:32.514200
        Duration: 4.418 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 16:19:32.519273
        Duration: 234.566 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: Recursively updated /etc/httpd/conf.d
         Started: 16:19:32.754002
        Duration: 1082.389 ms
         Changes:   
                  ----------
                  /etc/httpd/conf.d/welcome.conf:
                      ----------
                      diff:
                          --- 
                          +++ 
                          @@ -20,3 +20,4 @@
                           Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
                           Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
                           Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
                          +#xieweming test
    
    Summary
    ------------
    Succeeded: 5 (changed=1)
    Failed:    0
    ------------
    Total states run:     5
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 16:19:32.296865
        Duration: 789.23 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 16:19:33.089019
        Duration: 3.807 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 16:19:33.092933
        Duration: 3.459 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 16:19:33.096823
        Duration: 232.349 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: Recursively updated /etc/httpd/conf.d
         Started: 16:19:33.329410
        Duration: 1079.801 ms
         Changes:   
                  ----------
                  /etc/httpd/conf.d/welcome.conf:
                      ----------
                      diff:
                          --- 
                          +++ 
                          @@ -20,3 +20,4 @@
                           Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
                           Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
                           Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
                          +#xieweming test
    
    Summary
    ------------
    Succeeded: 5 (changed=1)
    Failed:    0
    ------------
    Total states run:     5
    salt "*" state.highstate
    使用watch在apache配置文件发送变化时,重新加载apache配置

    增加下面的红色字体部分

    [root@linux-node1 web]# more lamp.sls 
    lamp-install:
      pkg.installed:
        - pkgs:
          - httpd
          - php
          - php-pdo
          - php-mysql
    
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://web/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
    
    php-config:
      file.managed:
        - name: /etc/php.ini
        - source: salt://web/files/php.ini
        - user: root
        - group: root
        - mode: 644
    
    lamp-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True  #如果不加reload 默认会重启服务
        - watch: #增加
           - file: apache-config #监控上面的apache-config ID 所以说 一个ID在一个状态只能出现一次
    apache-conf:
      file.recurse:
        - name: /etc/httpd/conf.d
        - source: salt://web/files/apache-conf.d

     另外一种watc_in写法,我们只需要掌握一种就可以

    ...
    lamp-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True
        - watch:
          - file: apache-config
    apache-conf:
      file.recurse:
        - name: /etc/httpd/conf.d
        - source: salt://web/files/apache-conf.d
        - watch_in:
          - service: lamp-service
    ...
    View Code

    修改一下配置文件进行验证成功

    [root@linux-node1 files]# salt "*" state.highstate
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 16:39:08.336027
        Duration: 733.712 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf updated
         Started: 16:39:09.071795
        Duration: 13.576 ms
         Changes:   
                  ----------
                  diff:
                      --- 
                      +++ 
                      @@ -28,6 +28,7 @@
                       # same ServerRoot for multiple httpd daemons, you will need to change at
                       # least PidFile.
                       #
                      +
                       ServerRoot "/etc/httpd"
                       
                       #
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 16:39:09.085478
        Duration: 3.597 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service reloaded
         Started: 16:39:09.337223
        Duration: 253.101 ms
         Changes:   
                  ----------
                  httpd:
                      True
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 16:39:09.590622
        Duration: 25.654 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 5 (changed=2)
    Failed:    0
    ------------
    Total states run:     5
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 16:39:08.904921
        Duration: 735.305 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf updated
         Started: 16:39:09.643019
        Duration: 16.038 ms
         Changes:   
                  ----------
                  diff:
                      --- 
                      +++ 
                      @@ -28,6 +28,7 @@
                       # same ServerRoot for multiple httpd daemons, you will need to change at
                       # least PidFile.
                       #
                      +
                       ServerRoot "/etc/httpd"
                       
                       #
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 16:39:09.659260
        Duration: 3.724 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service reloaded
         Started: 16:39:09.900780
        Duration: 255.082 ms
         Changes:   
                  ----------
                  httpd:
                      True
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 16:39:10.156119
        Duration: 165.767 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 5 (changed=2)
    Failed:    0
    ------------
    Total states run:     5
    View Code
     使用require可以让各ID之间产生依赖关系,避免无效执行

    比如执行apache-config ID之前要确保  lamp-install ID已经成功的完成了  添加下面红色字体部分

    lamp-install:
      pkg.installed:
        - pkgs:
          - httpd
          - php
          - php-pdo
          - php-mysql
    
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://web/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
        - require:
          - pkg: lamp-install
    测试apache php环境工作是否正常,在2个节点上的apache工作目录下创建phpinfo文件
    [root@linux-node2 conf.d]# cd /var/www/html/
    [root@linux-node2 html]# mkdir admin
    [root@linux-node2 html]# cd admin/
    [root@linux-node2 admin]# vi info.php
    [root@linux-node2 admin]# cat info.php 
    <?php
    phpinfo()
    ?>

    可以正常打开

    现在使用salt添加访问phpinfo需要账号密码

    在salt的apache的配置管理文件里面添加验证 如下红色字体部分

    [root@linux-node1 files]# pwd
    /srv/salt/base/web/files
    [root@linux-node1 files]#
    [root@linux-node1 files]# tail -15 httpd.conf
    #EnableMMAP off
    EnableSendfile on
    <Directory "/var/www/html/admin">
    AllowOverride All
    Order allow,deny
    Allow from All
    AuthUserFile /etc/httpd/conf/htpasswd_file
    AuthName "hehe"
    AuthType Basic
    Require user admin
    </Directory>
    # Supplemental configuration
    #
    # Load config files in the "/etc/httpd/conf.d" directory, if any.
    IncludeOptional conf.d/*.conf

    在lamp.sls 里面添加一个名为apache-auth 状态ID并使用require指定依赖关系
    [root@linux-node1 web]# pwd
    /srv/salt/base/web
    [root@linux-node1 web]# ls
    apache.sls  files  lamp.sls
    [root@linux-node1 web]# tail -10 lamp.sls 
        - name: /etc/httpd/conf.d
        - source: salt://web/files/apache-conf.d
    
    apache-auth:
      pkg.installed:
        - name: httpd-tools
        - require_in:
          - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,指定依赖关系
      cmd.run:
        - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin #创建 账号为admin 密码为admin的密码文件

    执行状态模块,验证没有报错

    [root@linux-node1 web]# salt "*" state.highstate
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 17:26:36.171081
        Duration: 760.101 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 17:26:36.936510
        Duration: 12.034 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 17:26:36.948778
        Duration: 5.661 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 17:26:36.955341
        Duration: 335.213 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 17:26:37.290804
        Duration: 26.826 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 17:26:37.317767
        Duration: 0.518 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run
         Started: 17:26:37.319460
        Duration: 17.893 ms
         Changes:   
                  ----------
                  pid:
                      20315
                  retcode:
                      0
                  stderr:
                      Adding password for user admin
                  stdout:
    
    Summary
    ------------
    Succeeded: 7 (changed=1)
    Failed:    0
    ------------
    Total states run:     7
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 17:26:36.819001
        Duration: 801.418 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 17:26:37.625380
        Duration: 5.27 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 17:26:37.630775
        Duration: 5.974 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 17:26:37.637798
        Duration: 276.924 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 17:26:37.914890
        Duration: 114.468 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 17:26:38.029465
        Duration: 0.858 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: Command "htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin" run
         Started: 17:26:38.031904
        Duration: 24.688 ms
         Changes:   
                  ----------
                  pid:
                      8667
                  retcode:
                      0
                  stderr:
                      Adding password for user admin
                  stdout:
    
    Summary
    ------------
    Succeeded: 7 (changed=1)
    Failed:    0
    ------------
    Total states run:     7
    View Code

    再次访问phpinfo就有验证了 

     但是上面有些小问题

    当多次执行apache-auth状态模块的时候,密码文件会被重新创建并覆盖

    解决办法:我们可以使用unless进行判断,unless 如果条件为真就执行,为假就不执行

    修改apache-auth状态模块如下

    [root@linux-node1 web]# tail -8 lamp.sls 
    apache-auth:
      pkg.installed:
        - name: httpd-tools
        - require_in:
          - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,解决依赖关系
      cmd.run:
        - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
        - unless: test -f /etc/httpd/conf/htpasswd_file #unless 不只限于用test 支持脚本等任何命令 只要判断 期返回结果0 或者1 0为真 1为假 就可以
    再次执行lamp.sls状态模块,就解决了上面的问题
    [root@linux-node1 web]# salt "*" state.highstate
    linux-node2.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 17:41:08.415429
        Duration: 739.009 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 17:41:09.158151
        Duration: 4.038 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 17:41:09.162303
        Duration: 4.511 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 17:41:09.167489
        Duration: 260.979 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 17:41:09.428715
        Duration: 27.714 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 17:41:09.456576
        Duration: 0.529 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: unless execution succeeded
         Started: 17:41:09.458220
        Duration: 7.17 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 7
    Failed:    0
    ------------
    Total states run:     7
    linux-node1.example.com:
    ----------
              ID: lamp-install
        Function: pkg.installed
          Result: True
         Comment: All specified packages are already installed.
         Started: 17:41:08.069936
        Duration: 769.874 ms
         Changes:   
    ----------
              ID: apache-config
        Function: file.managed
            Name: /etc/httpd/conf/httpd.conf
          Result: True
         Comment: File /etc/httpd/conf/httpd.conf is in the correct state
         Started: 17:41:08.842186
        Duration: 4.2 ms
         Changes:   
    ----------
              ID: php-config
        Function: file.managed
            Name: /etc/php.ini
          Result: True
         Comment: File /etc/php.ini is in the correct state
         Started: 17:41:08.846533
        Duration: 4.393 ms
         Changes:   
    ----------
              ID: lamp-service
        Function: service.running
            Name: httpd
          Result: True
         Comment: Service httpd is already enabled, and is in the desired state
         Started: 17:41:08.851964
        Duration: 244.197 ms
         Changes:   
    ----------
              ID: apache-conf
        Function: file.recurse
            Name: /etc/httpd/conf.d
          Result: True
         Comment: The directory /etc/httpd/conf.d is in the correct state
         Started: 17:41:09.096343
        Duration: 20.85 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: pkg.installed
            Name: httpd-tools
          Result: True
         Comment: Package httpd-tools is already installed.
         Started: 17:41:09.117331
        Duration: 0.53 ms
         Changes:   
    ----------
              ID: apache-auth
        Function: cmd.run
            Name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
          Result: True
         Comment: unless execution succeeded
         Started: 17:41:09.119400
        Duration: 6.484 ms
         Changes:   
    
    Summary
    ------------
    Succeeded: 7
    Failed:    0
    ------------
    Total states run:     7
    View Code
    base的目录结构如下
    [root@linux-node1 salt]# tree  base
    base
    ├── fileappend.sls
    ├── top.sls
    └── web
        ├── apache.sls
        ├── files
        │   ├── apache-conf.d
        │   │   ├── autoindex.conf
        │   │   ├── php.conf
        │   │   ├── README
        │   │   ├── userdir.conf
        │   │   └── welcome.conf
        │   ├── httpd.conf
        │   └── php.ini
        └── lamp.sls
    
    3 directories, 11 files
    cat lamp.sls
    [root@linux-node1 base]# cat web/lamp.sls 
    lamp-install:
      pkg.installed:
        - pkgs:
          - httpd
          - php
          - php-pdo
          - php-mysql
    
    apache-config:
      file.managed:
        - name: /etc/httpd/conf/httpd.conf
        - source: salt://web/files/httpd.conf
        - user: root
        - group: root
        - mode: 644
        - require:
          - pkg: lamp-install
    
    php-config:
      file.managed:
        - name: /etc/php.ini
        - source: salt://web/files/php.ini
        - user: root
        - group: root
        - mode: 644
    
    lamp-service:
      service.running:
        - name: httpd
        - enable: True
        - reload: True
        - watch:
           - file: apache-config
    
    apache-conf:
      file.recurse:
        - name: /etc/httpd/conf.d
        - source: salt://web/files/apache-conf.d
    
    apache-auth:
      pkg.installed:
        - name: httpd-tools
        - require_in:
          - cmd: apache-auth   #如果没有这个rpm包下面的cmd.run就不运行,解决依赖关系
      cmd.run:
        - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
        - unless: test -f /etc/httpd/conf/htpasswd_file
    View Code
    至此apache和php测试已完成
    这里补充一个file模块的append方法

    [root@linux-node1 base]# pwd
    /srv/salt/base
    [root@linux-node1 base]# cat fileappend.sls
    /etc/profile:  #这里是ID的另一种用法,可以直接用文件的路径
    file.append:
    - text:
    - "#xiewneming test" #注意如果添加的内容里面有特殊符合,需要加上引号

    执行状态模块,添加成功
    [root@linux-node1 base]# salt "linux-node1*" state.sls fileappend
    linux-node1.example.com:
    ----------
              ID: /etc/profile
        Function: file.append
          Result: True
         Comment: Appended 1 lines
         Started: 17:53:02.877027
        Duration: 7.669 ms
         Changes:   
                  ----------
                  diff:
                      --- 
                      +++ 
                      @@ -75,3 +75,4 @@
                       unset i
                       unset -f pathmunge
                       None
                      +#xiewneming test
    
    Summary
    ------------
    Succeeded: 1 (changed=1)
    Failed:    0
    ------------
    Total states run:     1

    总结

    1.添加状态模块的时候,应该自己得先在别的机器上面跑一遍流程在添加
    2.状态模块中- source: salt://web/files/apache-conf.d #支持ftp或者http上面 base环境的路径
    3.使用的时候要先测试 test=True
    4.ID 有不同表示方式
    5.状态模块需要执行模块执行才能生效
    6.相同的业务用目录进行分类管理
    7.sls文件是从上往下按照顺序执行
    8.一个ID下面一个状态只能出现一次
    9.pkg是虚拟的包管理,在不同系统下面包的安装命令不同 比如 CentOS 和Ubuntu
    10.watch 和watch_in require和require_in 在状态模块中可以统一用其中的一种
    11.salt默认是有缓存的,可以无关紧要的配置重启进程刷新缓存
          salt任务执行过程中不删除缓存目录里面的文件 缓存目录默认为/var/cache/salt


    附 赵班长的 GitHub saltbook-code网址

    https://github.com/unixhot/saltbook-code/tree/master

  • 相关阅读:
    空格转换
    vuex学习
    css移动端适配方法
    数组以及数组常用方法
    21-canvas事件监听
    20-canvas之形变
    [转]session 跨域共享方案
    [转载] 从mysql,代码,服务器三个方面看mysql性能优化
    [计算机]Alan Perlis人物简介
    Python环境搭建及pip的使用
  • 原文地址:https://www.cnblogs.com/xiewenming/p/7674806.html
Copyright © 2020-2023  润新知