salt 配置管理
索引
saltstack入门
salt state sls 描述文件
saltstack配置管理高级功能
saltstack入门
192.168.86.3 salt
修改
[root@Zabbix-sever salt]# salt-key -L
Accepted Keys:
Denied Keys:
Unaccepted Keys:
members.sunpie.com
node2.com
Zabbix-sever
minion名称
/bin/rm /etc/salt/minion_id
systemctl restart salt-minion.service
sudo yum install https://repo.saltstack.com/yum/redhat/salt-repo-latest-1.el7.noarch
/etc/salt/master State file location
file_roots:
base:
- /srv/salt
zeromq
4505 send message
4506 receive message
yum install -y python-setproctitle #显示进程名
root 44524 1 27 08:27 ? 00:00:00 /usr/bin/python /usr/bin/salt-master ProcessManager
root 44536 44524 0 08:27 ? 00:00:00 /usr/bin/python /usr/bin/salt-master MultiprocessingLoggingQueue
让grains生效两种方法
systemctl restart salt-minion
salt '*' saltutil.sync_grains
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \w]\\$ "
[ "$PS1" = "\\s-\\v\\\$ " ] && PS1="[\u@\h \W]\\$ "
wW相对路径,绝对路径
[root@Zabbix-server /srv/salt/_grains]# cat my_grains.py
#!/usr/bin/env python
#-*- coding:utf-8 -*-
def my_grains():
#初始化字典
grains={}
grains['iaas']='openstack'
grains['edu']='oldboy'
return grains
分发py文件
[root@Zabbix-server ~]# salt '*' saltutil.sync_grains
Zabbix-sever:
- grains.my_grains
node2.com:
- grains.my_grains
[root@Zabbix-server /var/cache/salt]# salt '*' grains.item iaas
node2.com:
----------
iaas:
openstack
Zabbix-sever:
----------
iaas:
openstack
[root@Zabbix-server /var/cache/salt]#
Grians优先级:
1.系统自带,
2.grains文件写的
3.minion配置文件写的
4.自己写的。
salt '*' state.apply这样就会执行top。sls中定义的行为
top.sls
##### State System settings #####
##########################################
# The state system uses a "top" file to tell the minions what environment to
# use and what modules to use. The state_top file is defined relative to the
# root of the base environment as defined in "File Server settings" below.
#state_top: top.sls
# The master_tops option replaces the external_nodes option by creating
# a plugable system for the generation of external top data. The external_nodes
# option is deprecated by the master_tops option.
#
# To gain the capabilities of the classic external_nodes system, use the
# following configuration:
# master_tops:
# ext_nodes: <Shell command which returns yaml>
#
#master_tops: {}
[root@Zabbix-server /srv/pillar/web]# salt '*' pillar.items apache
Zabbix-sever:
----------
apache:
node2.com:
----------
apache:
httpd
[root@Zabbix-server /srv/pillar/web]# salt '*' saltutil.refresh_pillar
node2.com:
True
Zabbix-sever:
True
[root@Zabbix-server /srv/pillar/web]# salt '*' pillar.items apache
Zabbix-sever:
----------
apache:
node2.com:
----------
apache:
httpd
[root@Zabbix-server /srv]# tree .
.
├── pillar
│ ├── top.sls
│ └── web
│ └── apache.sls
└── salt
├── _grains
│ └── my_grains.py
├── top.sls
└── web
└── apache.sls
[root@Zabbix-server /srv/pillar/web]# salt -I 'apache:httpd' cmd.run 'w'
node2.com:
23:45:26 up 2:05, 2 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.86.1 21:40 1:44m 0.15s 0.15s -bash
[root@Zabbix-server /srv/pillar/web]#
1.目标选择
Grains VS Pillar
类型 数据采集方式 应用场景 定义位置
Grains 静态 minion启动时收集 数据查询 目标选择 配置管理 minion
Pillar 动态 master自定义 目标选择 配置管理 敏感数据 master
目标选择
1,通配符,正则表达式
salt -E '(node1|node2)' test.ping
2,
[root@node1 ~]# salt -S 192.168.86.0/24 test.ping
node2.com:
https://www.unixhot.com/docs/saltstack/topics/targeting/index.html
##### Node Groups #####
##########################################
# Node groups allow for logical groupings of minion nodes. A group consists of a group
# name and a compound target.
#nodegroups:
# group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com'
# group2: 'G@os:Debian and foo.domain.com'
nodegroups:
web: 'L@node2.com,node1.com'
group1: 'L@node1.com,node2.com'
group2: 'L@node2.com and node2.com'
[root@node1 /etc/salt]# systemctl restart master
[root@node1 /etc/salt]# salt -N web cmd.run "w"
https://www.unixhot.com/docs/saltstack/topics/execution/index.html
远程执行
salt的模块都在
/usr/lib/python2.7/site-packages/salt/modules
service
network
salt '*' network.active_tcp
salt '*' service.available sshd
salt '*' service.restart sshd
salt '*' state.single pkg.installed name=lsof
自定义模块
1,建目录
2,写py文件
3,刷新
[root@node1 /srv/salt/_modules]# pwd
/srv/salt/_modules
[root@node1 /srv/salt/_modules]# ll
total 4
-rw-r--r-- 1 root root 58 Jan 1 05:33 my_disk.py
[root@node1 /srv/salt/_modules]# cat my_disk.py
def list():
cmd='df -h'
return __salt__['cmd.run'](cmd)
[root@node1 /srv/salt/_modules]#
salt '*' saltutil.sync_modules
salt '*' my_disk.list
[root@node2 salt]# tree /var/cache/salt/
/var/cache/salt/
└── minion
├── accumulator
├── extmods
│ ├── grains
│ │ ├── my_grains.py
│ │ └── my_grains.pyc
│ └── modules
│ └── my_disk.py
├── files
│ └── base
│ ├── _grains
│ │ └── my_grains.py
│ ├── _modules
│ │ └── my_disk.py
│ ├── top.sls
│ └── web
│ └── apache.sls
├── highstate.cache.p
├── module_refresh
├── pkg_refresh
├── proc
└── sls.p
[root@node1 ~]# salt '*' saltutil.refresh_modules
node2.com:
True
node1.com:
True
salt state sls 描述文件
名称ID声明, 默认是name声明
[root@node1 /srv/salt/web]# cat apache.sls
apache-install: # id声明
pkg.installed:
- names:
- httpd
- httpd-devel
apache-service: #id声明 高级状态,id必须唯一(可以不唯一但是容易出问题)
service.running: #State声明 状态声明
- name: httpd #选项声明
- enable: True
lamp安装
pkg常用模块,
pkg.installed
pkg.group-installed
pkg.lated ensure the latest version
pkg.purge uninstall
1,安装软件 pkg
2,配置文件 file
3,启动 service
一个状态模块不能重复使用
file_roots:
base:
- /srv/salt
这时下面的文件就是在/srv/salt/lamp/files/my.cnf
- source: salt://lamp/files/my.cnf
salt 'node2.com' state.sls lamp.lamp
[root@node1 /srv/salt/lamp]# cat lamp.sls
lamp-pkg:
pkg.installed:
- pkgs:
- mariadb
- mariadb-server
- php
- httpd
- php-mysql
- php-cli
- php-mbstring
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://lamp/files/httpd.conf
- user: root
- group: root
- mode: 644
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://lamp/files/php.ini
- user: root
- group: root
- mode: 644
mysql-config:
file.managed:
- name: /etc/my.cnf
- source: salt://lamp/files/my.cnf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
mysql-service:
service.running:
- name: mariadb
- enable: True
- reload: True
也可以这么写
apache-server:
pkg.installed:
- pkgs:
- httpd
- php
file.managed:
- name: /etc/php.ini
- source: salt://lamp/files/php.ini
- user: root
- group: root
- mode: 644
service.running:
- name: httpd
- enable: True
- reload: True
1。我依赖谁: require
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- require:
- pkg: lamp-pkg
2。我被谁依赖: require-in
3。我监控谁:watch,watch本身包含require
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- require:
- pkg: lamp-pkg
- watch:
- file: apache-config
1,如果apache-config这个id状态发生变化就reload
2,如果不加reload=Ture,那么就restart
4。我被谁监控:watch-in
5。我引用谁
新建lamp.pkg,然后再apache.sls中加入下面的行,
[root@node1 /srv/salt/lamp]# cat init.sls
include:
- lamp.pkg
- lamp.config
- lamp.service
安装,配置,启动,这样分,也可以单独写,可以让别的模块include,-lamp.apache,- lamp.mysql
6。我扩展谁
如何编写sls技巧:
1,按照状态分类 如果单独使用,很清晰
2,按照服务分类 可以被其他的SLS include。如LNMP include mysql
yaml-jinja2
两种分隔符:{% %}表达式, {{ }}变量
1,要使用template
- template: jinja
2,列出参数列表
- defaults:
PORT: 88
3,在模板引用
Listen {{ PORT }}
实例如下:
[root@node1 /srv/salt/lamp]# cat config.sls
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://lamp/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
PORT: 88
jinjia模板3个地方可以使用,pillar,grains,salt
1,写在模板
[root@node1 /srv/salt/lamp]# vim files/httpd.conf
Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }}
[root@node1 /srv/salt/lamp]# salt '*' network.hw_addr eno16777736
node2.com:
00:0c:29:48:1b:64
node1.com:
00:0c:29:77:60:c0
Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }}
# hardware address {{ salt['network.hw_addr']('eno16777736') }}
# pillar {{ pillar['apache'] }}
2,在sls里面写,比较清晰,能看到所有的变量
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://lamp/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
ADDR: {{ grains['fqdn_ip4'][0] }}
PORT: 88
salt 'node2.com' state.sls lamp.init
https://github.com/saltstack-formulas
Compound matchers allow very granular minion targeting using any of Salt's matchers.
[root@node1 ~]# salt -C '* not G@fqdn_ip4:192.168.86.4' test.ping
node1.com:
True
[root@node1 ~]# salt -C '* not G@fqdn_ip4:192.168.86.4' test.ping
node1.com:
True
[root@node1 ~]# salt -C '* not I@apache:httpd' test.ping
node1.com:
True
[root@node1 ~]# salt -C '* not I@apache:httpd' test.ping^C
[root@node1 ~]#
生产环境要先执行test等于True
root salt '*' state.highstate
root salt '*' state.highstate test=true
建议所有file模块都加上backup
file.managed:
- name: /etc/zabbix/zabbix_agentd.conf
- source: salt://init/files/zabbix_agentd.conf
- backup: minion
haproxy下载
https://github.com/haproxy/haproxy/archive/master.zip
切换base环境
salt '*' state.sls haproxy.install saltenv=prod
继续学习状态间关系
条件判断:
unless: 条件为真就
onlyif
haproxy 配置
global
maxconn 100000
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 1
pidfile /usr/local/haproxy/logs/haproxy.pid
log 127.0.0.1 local3 info
defaults
option http-keep-alive
maxconn 100000
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.3.21:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.3.21:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.3.22:8080 check inter 2000 rise 30 fall 15
saltstack配置管理高级功能
git clone https://github.com/unixhot/saltbook-code
修改install。sls中目录添加modules
salt '*' state.sls modules.keepalived.install saltenv=prod
可以这样设置参数
[root@node1 /srv/salt/prod/modules/keepalived]# cat install.sls
{% set keepalived_tar = 'keepalived-1.2.17.tar.gz' %}
keepalived-install:
file.managed:
- name: /usr/local/src/{{ keepalived_tar }}
- source: salt://modules/keepalived/files/{{ keepalived_tar }}
- mode: 755
- user: root
- group: root
cmd.run:
- name: cd /usr/local/src && tar zxf {{ keepalived_tar }} && cd keepalived-1.2.17 && ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
- unless: test -d /usr/local/keepalived
- require:
- file: keepalived-install
under /root/saltbook-code/salt/prod/cluster
copy haproxy-outside-keepalived.sls
ll files/haproxy-outside-keepalived.conf
这两个文件到/srv/salt/prod/cluster 还有files对应的目录
然后修改这两个文件
listen stats
mode http
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth haproxy:saltstack
frontend frontend_www_example_com
bind 192.168.3.21:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance source
server web-node1 192.168.3.3:8080 check inter 2000 rise 30 fall 15
server web-node2 192.168.3.4:8080 check inter 2000 rise 30 fall 15
php session share
http://php.net/manual/en/memcached.sessions.php
CDN 一般都有302总调度器
job管理
saltutl
[root@node1 /usr/lib/systemd/system]# cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=dengshen
After=network.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
[Install]
WantedBy=multi-user.target
[root@node1 /usr/lib/systemd/system]#
安装完成的service文件
[root@node2 ~]# cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
配置文件放在业务层面,
return write in mysql
[root@node1 /var/cache/salt/master]# tail /etc/salt/master
##### Returner settings ######
############################################
# Which returner(s) will be used for minion's result:
#return: mysql
return: mysql
mysql.host: '192.168.3.3'
mysql.port: '3306'
mysql.user: 'salt'
mysql.pass: 'salt@pw'
mysql.db: 'salt'
[root@node1 /var/cache/salt/master]# salt '*' saltutil.running
node2.com:
node1.com:
salt-run jobs.list_jobs|head -50
salt-run jobs.lookup_jid 20170213020211363725
1102 2017-02-13 05:48:30 root salt-run jobs.list_jobs
1103 2017-02-13 05:48:58 root salt-run jobs.list_jobs|head
1104 2017-02-13 05:49:29 root salt-run jobs.list_jobs|head -50
1105 2017-02-13 05:50:08 root salt-run jobs.lookup_jid 20170213020211363725
1106 2017-02-13 05:57:32 root salt-run manage.statue
1107 2017-02-13 05:57:35 root salt-run manage.status
1108 2017-02-13 05:57:47 root salt-run manage.versions
1109 2017-02-13 05:57:56 root salt-run manage.up
master-less
salt-call
minion需要停止服务 salt-call --local highstate
multi master:
/etc/salt/pki/master/minions 公钥文件
file_root
pillar_root
minion配置
master:
- 192.168.3.4
- 192.168.3.3
==== sls使用git或者svn管理
salt syndic
1, 必须运行在一个master上
salt-master-> saltmaster+salt syndic -> salt minionsalt 配置管理的更多相关文章
- Salt Stack 官方文档翻译 - 一个想做dba的sa - 博客频道 - CSDN.NET
OSNIT_百度百科 Salt Stack 官方文档翻译 - 一个想做dba的sa - 博客频道 - CSDN.NET Salt Stack 官方文档翻译 分类: 自动运维 2013-04-02 11 ...
- 最全互联网Linux工作规划!
首先祝贺你选择学习Linux,你可能即将踏上Linux的工作之旅,出发之前,让我带你来看一看关于Linux和Linux运维的一切. Linux因其高效率.易于裁剪.应用广等优势,成为了当今中高端服务器 ...
- Stalstack 安装
Stalstack 介绍 saltsack与shell自动化的区别 shell 自动化脚本 --> 串行 saltstack --> 并行 saltsack 平台管理插件 saltstac ...
- 【SaltStack】SaltStack研究心得
基础篇 ------------------------------------------------------------------------------------------------ ...
- 运维是做什么的?史上最全互联网Linux工作规划!十分钟找到linux运维工程师职业方向!
首先祝贺你选择学习Linux,你可能即将踏上Linux的工作之旅,出发之前,让我带你来看一看关于Linux和Linux运维的一切. Linux因其高效率.易于裁剪.应用广等优势,成为了当今中高端服务器 ...
- saltstack手册(含官方pdf)
官方手册 https://docs.saltstack.com/en/pdf/Salt-2019.2.1.pdf 快速入门 SALTSTACK是什么? Salt是一种和以往不同的基础设施管理方法,它是 ...
- SaltStack配置管理之状态模块和jinja2(五)
官方文档 https://docs.saltstack.com/en/latest/topics/states/index.html 配置管理之SLS Salt State SLS描述文件(YAM ...
- salt stack 工具之一——远程命令
salt stack 远程命令 salt stack是一种自动化的运维工具,可以同时对N台服务器进行配置管理.远程命令执行等操作. salt stack分为两个部分: salt-master,部署在控 ...
- saltstack/salt的state.sls的使用
SLS(代表SaLt State文件)是Salt State系统的核心.SLS描述了系统的目标状态,由格式简单的数据构成.这经常被称作配置管理 首先,在master上面定义salt的主目录,默认是在/ ...
随机推荐
- Spring整体了解
1.spring原理 内部最核心的就是IOC了,动态注入,让一个对象的创建不用new了,可以自动的生产,这其实就是利用java里的反射,反射其实就是在运行时动态的去创建.调用对象,Spring就是 ...
- Bash常用快捷键及其作用
在 Bash 中有非常多的快捷键,如果可以熟练地使用这些快捷键,可有效地提高我们的工作效率.只是快捷键相对较多,不太好记忆,这就要多加练习和使用.这些快捷键如表 1 所示. 表 1 Bash 常用快捷 ...
- 0429---每日习题 菲薄纳西数列 正则ip匹配
#8.打印斐波拉契数列前n项 def fib(n): if n==1 or n==2: return 1 return fib(n-1)+fib(n-2) for i in range(1,9): p ...
- 深度学习原理与框架-Tensorboard可视化展示(代码) 1.tf.reuse_default_graph(进行结构图的重置) 2.tf.summary.FileWriter(writer实例化) 3. write.add_graph(graph的写入) 4. tf.summary.merge_all(将summary进行合并) 5.write.add_summary(将所有summary)
1. tf.reuse_default_graph() # 对graph结构图进行清除和重置操作 2.tf.summary.FileWriter(path)构造writer实例化,以便进行后续的gra ...
- JEECG 上传插件升级-Online
前言: 现有的uploadify上传是基于swf的,随着H5的普及,flash即将退出历史舞台,JEECG本着与时俱进的原则,将全面升级JEECG系统中的上传功能,采用新式上传插件plupload,此 ...
- python中os模块
os 模块 操作系统模块,该模块主要处理与操作系统相关的操作 最常用是文件操作:打开.读取 import os os.getcwd() #获取当前执行文件夹路径 os.chdir('dirnam ...
- MySql:SELECT 语句(二)排序 ORDER BY 的使用
1.按单列排序 语句: SELECT col FROM tablename ORDER BY col; ( 一般情况下, ORDER BY 子句中使用的列为选择的列,但也可以使用其他列) 2.按 ...
- SqlServer中的UNION操作符在合并数据时去重的原理以及UNION运算符查询结果默认排序的问题
本文出处:http://www.cnblogs.com/wy123/p/7884986.html 周围又有人在讨论UNION和UNION ALL,对于UNION和UNION ALL,网上说的最多的就是 ...
- 使用Global.asax的Application_BeginRequest事件过滤客户端XSS恶意脚本提交
XSS攻击全称跨站脚本攻击(Cross Site Scripting),是一种在web应用中的计算机安全漏洞,它允许恶意web用户将代码(如HTML代码和客户端脚本)植入到提供给其它用户使用的页面中. ...
- python 安装包制作
1. __init__.py 2.模块1 模块2 3.setup.py from distutils.core import setup setup(name='modules_name',versi ...