saltstack的基本语法
一、saltstack基本语法
1.1、目录配置
1.2、apache.sls常用写法
#这种写法,一个配置文件中,只能有一个配置文件
apache:
pkg.installed:
- name: httpd
service.running:
- name: httpd
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
1.3、短id的写法
apache-install:
pkg.installed:
- name: httpd
apache-service:
service.running:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
/etc/httpd/conf/php.conf:
file.managed:
- source: salt://apache/files/php.conf
- user: root
- group: root
- mode: 644
1.4、长id的写法
apache:
pkg.installed:
- name: httpd
service.running:
- name: httpd
/etc/httpd/conf/httpd.conf:
file.managed:
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
/etc/httpd/conf/php.conf:
file.managed:
- source: salt://apache/files/php.conf
- user: root
- group: root
- mode: 644
1.5、saltstack模块讲解
配置管理:
地址:https://docs.saltstack.com/en/latest/topics/states/index.html
状态列表
https://docs.saltstack.com/en/latest/ref/states/all/index.html#all-salt-states
搜索:file
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
/etc/http/conf/http.conf:
file.managed:
- source: salt://apache/http.conf
- user: root
- group: root
- mode: 644
- attrs: ai
- template: jinja
- defaults:
custom_var: "default value"
other_var: 123
{% if grains['os'] == 'Ubuntu' %}
- context:
custom_var: "override"
{% endif %}
1.6、lamp规划
软件包:pkg 配置文件:file 服务:service
httpd
php
mariadb
mariadb-server
#创建文件夹
[root@salt salt]# tree
.
└── prod
├── apache
│ ├── apache_init.sls
│ └── files
│ └── httpd.conf
├── mysql
│ ├── files
│ │ └── my.cnf
│ └── mysql_init.sls
├── php
│ ├── files
│ │ └── php.ini
│ └── php_init.sls
└── Readme.txt
1.7、常用语法
两种不同的用法:
require: 我依赖谁
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- require:
- pkg: apache-install
- file: apache-config
require_in 我被谁依赖
apache-install:
pkg.installed:
- name: httpd
- require_in:
- service: apache-service
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- require_in:
- service: apache-service
apache-service:
service.running:
- name: httpd
- enable: True
watch : watch有require的功能,如果apache-config文件有变化,就重启apache服务
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- watch:
- file: apache-config
#当apache-config文件存在,就会重启apache服务。如果不想让他重启服务,需再加一个参数 reload:True
#如果有reload: True ,他就会reload,不会重启。
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
- watch:
- file: apache-config
cmd模块用法:
参考地址:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html#module-salt.states.cmd
cmd.run:
- name: echo hello
二、14-SaltStack-配置管理-状态间关系1
2.1、项目需求:给apache增加认证模块
如果文件存在,就不执行,如果文件不存在,就执行
判断文件是否存在 test -f /path/xxx
如果条件为假,就执行unless
2.2、apache.sls文件编 写
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
#如果这个文件存在,就不执行,如果不存在,就执行
#unless: 如果条件为假,就执行 test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
2.3、配置apache
在配置文件/etc/httpd/conf/httpd.conf 中,加入这段代码
#添加网站admin认证页面
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "admin"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
#配置网站目录
[root@salt-minion ~]# mkdir -p /var/www/html/admin [root@salt-minion ~]# cd /var/www/html/admin [root@salt-minion admin]# ll total 4 -rw-r--r-- 1 root root 15 Jun 24 16:11 index.html [root@salt-minion admin]# cat index.html welcome nulige
#执行安装脚本:
[root@salt admin]# salt -S '192.168.56.42' state.highstate
2.4、访问网站
http://192.168.56.42/admin/
返回结果:
输入用户名:admin 密码:admin
welcome nulige
三、jinja2模板
3.1、jinja2模板的用法
参考:http://docs.jinkan.org/docs/jinja2/
参考官网:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
写在配置文件中:
vi /etc/httpd/conf/httpd.conf
Listen {{ IPADDR }}:{{ PORT }}
示例:
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja #声明这个是模板
- defaults: #定义默认的参数和值
PORT: 80
IPADDR: 0.0.0.0
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
#如果这个文件存在,就不执行,如果不存在,就执行
#unless: 如果条件为假,就执行 test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
3.2、获取ip地址
[root@salt apache]# salt '*' grains.item fqdn_ip4
salt-minion:
----------
fqdn_ip4:
- 192.168.56.42
#用法示例:
IPADDR: {{ grains['fqdn_ip4'][0] }}
#返回的值是一个列表
Listen 192.168.56.42:80
#完整示例:第一种用法
apache_init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja #jinja模板
- defaults: #模板的默认参数
PORT: 80 #指定端口号
IPADDR: {{ grains['fqdn_ip4'][0] }} #获取ip地址
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
#如果这个文件存在,就不执行,如果不存在,就执行
#unless: 如果条件为假,就执行 test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
#完整示例:第二种用法
1、配置文件中先配置
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }} #直接写在配置文件中
2、在apache_init.sls ,只传端口。
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
PORT: 80
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file
#如果这个文件存在,就不执行,如果不存在,就执行
#unless: 如果条件为假,就执行 test -f /etc/httpd/conf/htpasswd_file
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
3.3、查看进程
ps aux |grep yum
