SaltStack(四) 配置管理
一、state模块与pillar描述
Salt使用State模块文件进行配置管理,使用YAML编写,以.sls结尾,如果进行配置管理首先需要再Master的配置文件中指定“file roots”的选项,Salt支持的环境的配置,比如开发环节、测试环境、生产环境,但是base环境时必须的,而且base环境必须包含入口文件top.sls
二、安装nginx同步文件
第一步:设置file_roots
修改Master配置文件,指定Flie_roots [root@salt-server ~]# vim /etc/salt/master file_roots: base: - /srv/salt/ 创建相应的目录 [root@salt-server ~]# mkdir /srv/salt/ -p 重启Salt_Master [root@salt-server ~]# /etc/init.d/salt-master restart Stopping salt-master daemon: [确定] Starting salt-master daemon: [确定]
第二步:设置top.sls
在top.sls入口文件设置环境(如生产、开发、测试对应不同的minion和模块) [root@salt-server ~]# cat /srv/salt/top.sls base: '*': - nginx 解释:所有的Minion均执行base目录下的init模块下的pkg-int.sls,我们可以把很多的sls放在一个目录中,方便管理,在top.sls只需要指定目录结构即可。
第三步:编写状态文件
[root@salt-server salt]# cat /srv/salt/nginx/init.sls nginx: #定义top.sls定义的模块 pkg: #使用pkg模块 - installed #安装nginx软件 service: #服务控制模块 - running #运行状态 - enable: True #权限开启 - reload: True #允许reload重启 - watch: #控制文件 - pkg: nginx #控制的软件 - file: /etc/nginx/nginx.conf #要控制文件的文件定义名称 - file: /etc/nginx/conf.d/default.conf #要控制文件的文件定义名称 /etc/nginx/nginx.conf: #定义控制文件的名称 file.managed: #格式语句 - source: salt://etc/nginx/nginx.conf #具体的文件目录 - user: root #执行的用户 - group: root #执行的用户组 - mode: 644 #文件权限 /etc/nginx/conf.d/default.conf: #定义控制文件的名称 file.managed: #格式语句 - source: salt://etc/nginx/conf.d/default.conf #具体的文件目录 - user: root #执行的用户 - group: root #执行的用户组 - mode: 644 #文件权限
第四步:在服务端执行状态
[root@salt-server nginx]# salt 'salt-client' state.sls nginx salt-client: ---------- ID: nginx Function: pkg.installed Result: True Comment: Package nginx is already installed. Started: 00:56:25.529338 Duration: 671.85 ms Changes: ---------- ID: /etc/nginx/nginx.conf Function: file.managed Result: True Comment: File /etc/nginx/nginx.conf is in the correct state Started: 00:56:26.203403 Duration: 13.28 ms Changes: ---------- # ID: /etc/nginx/conf.d/default.conf Function: file.managed Result: True Comment: File /etc/nginx/conf.d/default.conf is in the correct state Started: 00:56:26.216797 Duration: 2.701 ms Changes: ---------- ID: nginx Function: service.running Result: True Comment: Service nginx has been enabled, and is running Started: 00:56:26.219708 Duration: 264.564 ms Changes: ---------- nginx: True Summary ------------ Succeeded: 4 (changed=1) Failed: 0 ------------ Total states run: 4 根据上面的设置,执行完状态后。Salt会检查Minion上是否有上面编写的三个软件包。如果没有就会自动使用Yum安装上。
第五步:在客户端执行状态
root@salt-client salt]# salt-call state.sls nginx [INFO ] Loading fresh modules for state activity [INFO ] Fetching file from saltenv 'base', ** skipped ** latest already in cache 'salt://nginx/init.sls' [INFO ] Running state [nginx] at time 00:58:26.812398 [INFO ] Executing state pkg.installed for nginx [INFO ] Executing command ['rpm', '-qa', '--queryformat', '%{NAME}_|-%{EPOCH}_|-%{VERSION}_|-%{RELEASE}_|-%{ARCH}_|-(none)\n'] in directory '/root' [INFO ] Package nginx is already installed. [INFO ] Completed state [nginx] at time 00:58:27.524314 [INFO ] Running state [/etc/nginx/nginx.conf] at time 00:58:27.527537 [INFO ] Executing state file.managed for /etc/nginx/nginx.conf [INFO ] File /etc/nginx/nginx.conf is in the correct state [INFO ] Completed state [/etc/nginx/nginx.conf] at time 00:58:27.533598 [INFO ] Running state [/etc/nginx/conf.d/default.conf] at time 00:58:27.534046 [INFO ] Executing state file.managed for /etc/nginx/conf.d/default.conf [INFO ] Fetching file from saltenv 'base', ** done ** 'etc/nginx/conf.d/default.conf' [INFO ] File changed: --- +++ @@ -3,7 +3,7 @@ # server { - listen 80 default_server; + listen 8080 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; [INFO ] Completed state [/etc/nginx/conf.d/default.conf] at time 00:58:27.671234 [INFO ] Running state [nginx] at time 00:58:27.671870 [INFO ] Executing state service.running for nginx [INFO ] Executing command '/sbin/service nginx status' in directory '/root' [INFO ] Executing command '/sbin/chkconfig --list nginx' in directory '/root' [INFO ] Executing command '/sbin/runlevel' in directory '/root' [INFO ] Service nginx is already enabled, and is in the desired state [INFO ] Completed state [nginx] at time 00:58:27.752846 [INFO ] Running state [nginx] at time 00:58:27.754657 [INFO ] Executing state service.mod_watch for nginx [INFO ] Executing command '/sbin/service nginx status' in directory '/root' [INFO ] Executing command '/sbin/service nginx reload' in directory '/root' [INFO ] {'nginx': True} [INFO ] Completed state [nginx] at time 00:58:27.844721 local: ---------- ID: nginx Function: pkg.installed Result: True Comment: Package nginx is already installed. Started: 00:58:26.812398 Duration: 711.916 ms Changes: ---------- ID: /etc/nginx/nginx.conf Function: file.managed Result: True Comment: File /etc/nginx/nginx.conf is in the correct state Started: 00:58:27.527537 Duration: 6.061 ms Changes: ---------- ID: /etc/nginx/conf.d/default.conf Function: file.managed Result: True Comment: File /etc/nginx/conf.d/default.conf updated Started: 00:58:27.534046 Duration: 137.188 ms Changes: ---------- diff: --- +++ @@ -3,7 +3,7 @@ # server { - listen 80 default_server; + listen 8080 default_server; listen [::]:80 default_server; server_name _; root /usr/share/nginx/html; ---------- ID: nginx Function: service.running Result: True Comment: Service reloaded Started: 00:58:27.754657 Duration: 90.064 ms Changes: ---------- nginx: True Summary ------------ Succeeded: 4 (changed=2) Failed: 0 ------------ Total states run: 4
三、订制时间自动同步
1、可将salt-call state.sls nginx命令在客户端添加到crontab中即可 2、使用SaltStack原生的pillar模块来实现。 pillar是salt非诚重要的一个组件,它用于给特定的minion定义任何你需要的数据,这些数据可以被salt的其他组件使用。 salt在0.9.8版本中引入了pillar。 pillar在解析完成后,是一个嵌套的dict结构,最上层的key是minion ID,其value是该minion所拥有的pillar数据,每个value也都是key/value。这里可以看出pillar的一个特点,pillar数据是与特定minion关联的,也就是说每个minion都是只能看到自己的数据,所以pillar可以用来传递敏感数据(在salt的设计中,pillar使用独立的加密session,也是为了保证敏感数据的安全性)。pillar可以用在那些地方呢? 1、敏感数据 例如ssh key,加密证书等,由于pillar使用独立的加密session,可以确保这些敏感数据不被其他minion看到。 2、变量 可以在pillar中处理平台差异性,比如针对不同的操作系统设置软件包的名字,然后在state中引用。 3、其他任何数据 可以在pillar中添加任何需要用到的数据,比如定义用户和UID的对应关系,minion的角色等。 4、用在targetting中 pillar可以用来选择minion,使用-l选项 默认情况下,master配置文件中的所有数据都添加到pillar中,且对所有minion可用,如果要禁用这一默认值,可以在master配置文件中添加如下数据,重启服务后生效。 pillar示例 http://docs.saltstack.cn/topics/jobs/schedule.html pillar定义定时任务 首先修改/etc/salt/master中pillar模块的配置 每分钟同步一下nginx配置文件 [root@salt-server pillar]# cat top.sls base: '*': - nginx [root@salt-server pillar]# cat nginx.sls schedule: nginx: function:state.sls minutes: 1 #每分钟 #seconds: 30 #秒级 args: - 'nginx' salt '*' saltutil.refresh_pillar #刷新所有机器上的pillar salt '*' pillar.data #查看所有机器上的pillar
四:操作练习
下面是我生产安装Haproxy的案例,使用的源码,敬请参考下。
haproxy-install: file.managed: - name: /usr/local/src/haproxy-1.5.3.tar.gz - source: salt://haproxy/files/haproxy-1.5.3.tar.gz - mode: 755 - user: root - group: root cmd.run: - name: cd /usr/local/src && tar zxf haproxy-1.5.3.tar.gz && cd haproxy-1.5.3 && make TARGET=linux26 PREFIX=/usr/local/haproxy && make install PREFIX=/usr/local/haproxy - unless: test -d /usr/local/haproxy - require: - file: haproxy-install /etc/init.d/haproxy: file.managed: - source: salt://haproxy/files/haproxy.init - mode: 755 - user: root - group: root - require: - cmd: haproxy-install net.ipv4.ip_nonlocal_bind: sysctl.present: - value: 1 haproxy-config-dir: file.directory: - name: /etc/haproxy - mode: 755 - user: root - group: root haproxy-init: cmd.run: - name: chkconfig --add haproxy - unless: chkconfig --list | grep haproxy - require: - file: /etc/init.d/haproxy 下面是我生产同步nginx配置文件的案例,使用的源码。 nginx: pkg: - installed service: - running - enable: True - reload: True -watch: - pkg: nginx - file: /etc/nginx/nginx.conf - file: /etc/nginx/conf.d/default.conf /etc/nginx/nginx.conf: file.managed: - source: salt://etc/nginx.nginx.conf - user:root - group: root - mode: 644 /etc/nginx/conf.d/default.conf file.managed: - source:salt://etc/nginx/conf.d/default.conf - user: root - group: root - mode: 644
