SaltStack 第2章
2-1 SaltStack-salt-ssh介绍
[root@linux-node1 ~]# yum install salt-ssh -y
#salt有一个花名册roster
[root@linux-node1 ~]# cd /etc/salt/
[root@linux-node1 salt]# vim roster
linux-node1:
host: 192.168.56.11
user: root
passwd: 123456
port: 22
linux-node2:
host: 192.168.56.12
user: root
passwd: 123456
port: 22
[root@linux-node1 ~]# salt-ssh '*' test.ping -i
[root@linux-node1 ~]# salt-ssh '*' -r 'uptime'
#配置下以后执行后不用回答yes或no
[root@linux-node1 ~]# vim .ssh/config
StrictHostKeychecking no
2-2 SaltStack-配置管理-LAMP状态设计
[root@linux-node1 ~]# salt '*' state.highstate
[root@linux-node1 web]# mv apache.sls apache2.sls
[root@linux-node1 web]# vim apache.sls
apache:
pkg.installed:
- name: httpd
service.running:
- name: htttpd
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
/etc/httpd/conf/php.conf:
file.managed:
- source: salt://apache/files/php.conf
- user: root
- group: root
- mode: 644
在写一个apache1.sls:
[root@linux-node1 web]# vim apache1.sls
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
使用salt部署LAMP的3大模块
三大模块:pkg、file、service
| 软件包 | 配置文件 | 服务 |
|---|---|---|
| pkg | file.managed | service.running |
| httpd | /etc/httpd/conf/httpd.conf | httpd |
| php | /etc/php.ini | |
| mysql | mysqld | |
| mysql-server | ||
| php-mysql | ||
| php-pdo | ||
| php-cli |
手动测试下查看下配置路径
[root@linux-node1 ~]# yum install httpd php mysql mysql-server php-mysql php-pdo php-cli -y
https://docs.saltstack.com/en/latest/ref/states/all/index.html#all-salt-states
查看file模块:
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
查看pkg模块
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html#module-salt.states.pkg
查看service模块
2-3 SaltStack-配置管理-LAMP状态实现
开始部署LAMP写配置
[root@linux-node1 ~]# cd /srv/salt/prod/
[root@linux-node1 prod]# mkdir -p {apache,php,mysql}
[root@linux-node1 prod]# tree
.
├── apache
├── mysql
└── php
1、先写一个安装、配置、启动部署apache配置文件
[root@linux-node1 prod]# cd apache/
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
[root@linux-node1 apache]# mkdir files
[root@linux-node1 apache]# cd files/
[root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf .
[root@linux-node1 apache]# tree
.
├── init.sls
└── files
└── httpd.conf
1 directory, 2 files
注意:报错了
[root@linux-node1 apache]# salt 'linux-node1' state.sls apache.init
linux-node1:
Data failed to compile:
----------
No matching sls found for 'apache.init' in env 'base'
ERROR: Minions returned with non-zero exit code
#说明默认找的是base目录,所以我们要指定prod目录,用saltenv指定
[root@linux-node1 apache]# salt 'linux-node1' state.sls apache.init saltenv=prod

2、接下来写一个安装、配置部署php配置文件
[root@linux-node1 prod]# cd php/
[root@linux-node1 php]# mkdir -p files
[root@linux-node1 php]# vim init.sls
php-install:
pkg.installed:
- pkgs:
- php
- php-pdo
- php-mysql
php-config:
file.managed:
- name: /etc/php.ini
- source: salt://php/files/php.ini
- user: root
- grouop: root
- mode: 644
[root@linux-node1 php]# cd files/
[root@linux-node1 files]# cp /etc/php.ini .
[root@linux-node1 prod]# tree
.
├── apache
│ ├── files
│ │ └── httpd.conf
│ └── init.sls
├── mysql
└── php
├── files
│ └── php.ini
└── init.sls
5 directories, 4 files
3、接下来写一个安装、配置部署mysql配置文件
[root@linux-node1 prod]# cd mysql/
[root@linux-node1 mysql]# vim init.sls
mysql-install:
pkg.installed:
- pkgs:
- mariadb
- mariadb-server
mysql-config:
file.managed:
- name: /etc/my.cnf
- source: salt://mysql/files/my.cnf
- user: root
- group: root
- mode: 644
mysql-service:
service.running:
- name: mariadb
- enable: True
[root@linux-node1 mysql]# mkdir -p files
[root@linux-node1 mysql]# cd files/
[root@linux-node1 files]# cp /etc/my.cnf .
[root@linux-node1 prod]# tree
.
├── apache
│ ├── files
│ │ └── httpd.conf
│ └── init.sls
├── mysql
│ ├── files
│ │ └── my.cnf
│ └── init.sls
└── php
├── files
│ └── php.ini
└── init.sls
6 directories, 6 files
[root@linux-node1 ~]# salt -S '192.168.56.11' state.sls php.init saltenv=prod
[root@linux-node1 ~]# salt -S '192.168.56.11' state.sls mysql.init saltenv=prod
[root@linux-node1 salt]# zip -r prod.zip prod/
接下来写一个topfile,topfile在base环境上,我们去增加下prod环境:
[root@linux-node1 ~]# cd /srv/salt/base/
[root@linux-node1 base]# vim top.sls
base:
'os:CentOS':
- match: grain
- web.apache
prod:
'linux-node1':
- apache.init
- php.init
- mysql.init
#直接执行高级状态
[root@linux-node1 ~]# salt 'linux-node1' state.highstate
#完成
补充解决bash环境下的web目录模块问题
[root@linux-node1 ~]# cd /srv/salt/base/web/
[root@linux-node1 web]# mkdir -p files
[root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf .
[root@linux-node1 files]# cp /etc/php.ini .
#修改web下的apache.sls
[root@linux-node1 web]# vim apache.sls
apache:
pkg.installed:
- name: httpd
service.running:
- name: httpd
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://web/files/httpd.conf
- user: root
- group: root
- mode: 644
/etc/httpd/conf/php.ini:
file.managed:
- source: salt://web/files/php.ini
- user: root
- group: root
- mode: 644
[root@linux-node1 base]# salt 'linux-node1' state.highstate
linux-node1:
----------
ID: apache
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed
Started: 00:25:43.875176
Duration: 501.838 ms
Changes:
----------
ID: apache
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 00:25:44.377588
Duration: 23.282 ms
Changes:
----------
ID: /etc/httpd/conf/httpd.conf
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 00:25:44.402659
Duration: 10.103 ms
Changes:
----------
ID: /etc/httpd/conf/php.ini
Function: file.managed
Result: True
Comment: File /etc/httpd/conf/php.ini is in the correct state
Started: 00:25:44.412869
Duration: 6.226 ms
Changes:
----------
ID: apache-install
Function: pkg.installed
Name: httpd
Result: True
Comment: Package httpd is already installed
Started: 00:25:44.419204
Duration: 0.374 ms
Changes:
----------
ID: apache-config
Function: file.managed
Name: /etc/httpd/conf/httpd.conf
Result: True
Comment: File /etc/httpd/conf/httpd.conf is in the correct state
Started: 00:25:44.419652
Duration: 5.484 ms
Changes:
----------
ID: apache-service
Function: service.running
Name: httpd
Result: True
Comment: The service httpd is already running
Started: 00:25:44.425242
Duration: 12.189 ms
Changes:
----------
ID: php-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 00:25:44.437586
Duration: 0.493 ms
Changes:
----------
ID: php-config
Function: file.managed
Name: /etc/php.ini
Result: True
Comment: File /etc/php.ini is in the correct state
Started: 00:25:44.438156
Duration: 7.027 ms
Changes:
----------
ID: mysql-install
Function: pkg.installed
Result: True
Comment: All specified packages are already installed
Started: 00:25:44.445290
Duration: 0.368 ms
Changes:
----------
ID: mysql-config
Function: file.managed
Name: /etc/my.cnf
Result: True
Comment: File /etc/my.cnf is in the correct state
Started: 00:25:44.445732
Duration: 4.981 ms
Changes:
----------
ID: mysql-service
Function: service.running
Name: mariadb
Result: True
Comment: The service mariadb is already running
Started: 00:25:44.450815
Duration: 18.901 ms
Changes:
Summary for linux-node1
-------------
Succeeded: 12
Failed: 0
-------------
Total states run: 12
Total run time: 591.266 ms
2-4 SaltStack-配置管理-状态间关系1
https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html
包含include
[root@linux-node1 ~]# cd /srv/salt/prod
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
#这样我在topfile,只需要写上lamp就可以了
[root@linux-node1 prod]# vim ../base/top.sls
base:
'os:CentOS':
- match: grain
- web.apache
prod:
'linux-node1':
- lamp
[root@linux-node1 ~]# salt -S '192.168.56.11' state.highstate
扩展:extend
在这台机器安装php-mbstring:
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
extend:
php-install:
pkg.installed:
- name: php-mbstring
[root@linux-node1 prod]# salt -S '192.168.56.11' state.highstate
如果安装不成功配置不成功就不运行:
require(我依赖谁)
[root@linux-node1 prod]# vim apache/init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- require:
- pkg: apache-install
- file: apache-config #依赖文件状态模块
#require表示上面的apache-config要是报错了,那么就不要启动apache
require_in(我被谁依赖):
[root@linux-node1 apache]# cp init.sls init_$(date +%F).sls
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
- require_in:
- service: apache-service
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
- require_in:
- service: apache-service
apache-service:
service.running:
- name: httpd
- enable: True
[root@linux-node1 apache]# salt -S '192.168.56.11' state.highstate
[root@linux-node1 apache]# mv init_2017-09-28.sls init_require.sls
[root@linux-node1 apache]# cp init.sls init_require_in.sls
service的watch
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
#watch表示如果这个文件变动,我就重启
#模拟修改文件:
[root@linux-node1 apache]# cd files/
[root@linux-node1 files]# vim httpd.conf
#papa
在执行
[root@linux-node1 files]# salt -S '192.168.56.11' state.highstate
#会对比后,然后重载
[root@linux-node1 apache]# cp init.sls init_watch.sls
watch_in
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
- watch_in:
- service: apache-service
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@linux-node1 apache]# salt -S '192.168.56.11' state.highstate
[root@linux-node1 apache]# cp init.sls init_watch_in.sls
2-5 SaltStack-配置管理-状态间关系2
给apache的admin用户加一个验证功能:
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
[root@linux-node1 ~]# cd /var/www/html/
[root@linux-node1 html]# mkdir admin
[root@linux-node1 html]# cd admin/
[root@linux-node1 admin]# vim index.html
wo ai papa
[root@linux-node1 ~]# cd /srv/salt/prod/apache
#在apache配置文件上增加配置:
[root@linux-node1 ~]# cd /srv/salt/prod/apache/files
[root@linux-node1 files]# vim httpd.conf
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "papa"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
[root@linux-node1 files]# cd ..
[root@linux-node1 apache]# vim init.sls #增加
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file#unless 如果条件为假,就执行
[root@linux-node1 ~]# salt -S '192.168.56.11' state.highstate

2-6 SaltStack-配置管理-jinja模板
jinja配置管理模板2个步骤:
- 修改模板配置文件
- 修改sls增加
- template: jinja #声明这个是模块
- defaults: #定义默认的参数和值
PORT: 80
IPADDR: {{ grains['fqdn_ip4'][0] }}
需求apache的配置文件监听所有minion本地的ip地址:
http://docs.jinkan.org/docs/jinja2/
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
- template: jinja
- defaults:
PORT: 80
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@linux-node1 apache]# vim files/httpd.conf
Listen {{ PORT }}
[root@linux-node1 apache]# salt -S '192.168.56.11' state.highstate
#什么都不会变,因为都是80端口。
修改模块文件:
[root@linux-node1 ~]# salt '*' grains.item fqdn_ip4
linux-node2:
----------
fqdn_ip4:
- 42.123.125.237
linux-node1:
----------
fqdn_ip4:
- 42.123.125.237
[root@linux-node1 apache]# vim files/httpd.conf
Listen {{ IPADDR }}:{{ PORT }}
[root@linux-node1 apache]# vim init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- grouop: root
- mode: 644
- template: jinja
- defaults:
PORT: 80
IPADDR: {{ grains['fqdn_ip4'][0] }}
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@linux-node1 ~]# salt 'linux-node1' state.highstate
#注意确保主机名能解析
[root@linux-node1 ~]# tail -2 /etc/hosts
192.168.56.11 linux-node1
192.168.56.12 linux-node2
[root@linux-node1 ~]# grep Listen /etc/httpd/conf/httpd.conf
Listen 192.168.56.11:80
#你看可以了
让node2也执行下:
[root@linux-node1 ~]# salt 'linux-node*' state.highstate
linux-node2:
----------
ID: states
Function: no.None
Result: False
Comment: No Top file or master_tops data matches found.
Changes:
Summary for linux-node2
------------
Succeeded: 0
Failed: 1
[root@linux-node1 ~]# vim /srv/salt/base/top.sls
prod:
'linux-node?':
- lamp
[root@linux-node1 ~]# salt 'linux-node*' state.highstate
#在运行一次
[root@linux-node1 ~]# salt 'linux-node*' state.highstate
#去node2节日点上看:
[root@linux-node2 ~]# netstat -ltunp
tcp 0 0 192.168.56.12:80 0.0.0.0:* LISTEN 3273/httpd
2-7 Saltstack部署Redis主从实现
使用SaltStack完成Redis主从的配置管理
要求:
1、192.168.56.11是主 192.168.56.12是从
2、redis监听自己的IP地址,而不是0.0.0.0
linux-node1: redis: 安装 配置 启动
linux-node2: redis: 安装 配置 启动 设置主从
[root@linux-node1 ~]# cd /srv/salt/prod
#上传
[root@linux-node1 prod]# mkdir -p redis/files
[root@linux-node1 redis]# tree
.
├── files
│ └── redis.conf
└── init.sls
#查看下:
[root@linux-node1 redis]# cat init.sls
redis-install:
pkg.installed:
- name: redis
redis-config:
file.managed:
- name: /etc/redis.conf
- source: salt://redis/files/redis.conf
- user: root
- gourp: root
- mode: 644
- template: jinja
- defaults:
PORT: 6379
IPADDR: {{ grains['fqdn_ip4'][0] }}
redis-service:
service.running:
- name: redis
- enable: True
- reload: True
- watch:
- file: redis-config
[root@linux-node1 redis]# grep -E "^[a-z]" files/redis.conf
bind {{ IPADDR }}
protected-mode yes
port {{ PORT }}
#手动执行下:
[root@linux-node1 ~]# salt '*' state.sls redis.init saltenv=prod
#好了redis都安装好了
配置主从:
[root@linux-node1 ~]# cd /srv/salt/prod/redis/
[root@linux-node1 redis]# vim redis_master.sls
include:
- redis.init
[root@linux-node2 ~]# redis-cli -h 192.168.56.12 slaveof 192.168.56.11 6379
OK
[root@linux-node1 redis]# vim redis_slave.sls
include:
- redis.init
slave_config:
cmd.run:
- name: redis-cli -h 192.168.56.12 slaveof 192.168.56.11 6379
- unless: redis-cli -h 192.168.56.12 info|grep role:slave
- require:
- service: redis-service
[root@linux-node1 redis]# ll
total 12
drwxr-xr-x 2 root root 23 Oct 6 08:15 files
-rw-r--r-- 1 root root 432 Mar 20 2017 init.sls
-rw-r--r-- 1 root root 24 Oct 6 08:44 redis_master.sls
-rw-r--r-- 1 root root 162 Oct 6 08:51 redis_slave.sls
[root@linux-node1 redis]# mv redis_master.sls master.sls
[root@linux-node1 redis]# mv redis_slave.sls slave.sls
[root@linux-node1 ~]# vim /srv/salt/base/top.sls
prod:
'linux-node1':
- lamp
- redis.master
'linux-node2':
- lamp
- redis.slave
[root@linux-node1 ~]# salt '*' state.highstate
#去节点node2强行改成主:
[root@linux-node2 ~]# redis-cli -h 192.168.56.12
192.168.56.12:6379> slaveof no one
OK
192.168.56.12:6379> slaveof info
#这样就变成主了
192.168.56.12:6379> info
role:master
#在node1上执行看下
[root@linux-node1 redis]# salt '*' state.highstate
#在node2看下是不是重新变成slave
192.168.56.12:6379> info
role:slave
[root@linux-node1 prod]# tree redis/
redis/
├── files
│ └── redis.conf
├── init.sls
├── master.sls
└── slave.sls
2-8 SaltStack-Job管理
[root@linux-node1 ~]# cd /var/cache/salt/master/jobs/
#查看正在运行的
[root@linux-node1 ~]# salt '*' saltutil.running
#杀掉正在运行salt的服务jid
[root@linux-node1 ~]# salt '*' saltutil.kill_job jid

