saltstack(九):saltstack配置管理—jinja模板
saltstack配置管理—jinja模板
文档:http://docs.jinkan.org/docs/jinja2/
Jinja2的应用场景:针对不同的操作系统安装软件,针对不同的cpu数量、内存等动态生成软件的配置文件,都需要Jinja2以及Grains和pillar的辅助
Jinja2是一个强大的python模板引擎,他的设计思想来源于Django的模板引擎,并扩展了其语法和一系列强大的功能。其中最显著的一个是增加了沙箱执行功能和可选的自动转义功能,这对大多应用的安全性来说是非常重要的。
jinja模板包含 变量 或 表达式,两种分隔符: {% ... %} 和 {{ ... }} 。前者用于执行诸如 for 循环 或赋值的语句,后者把表达式的结果打印到模板上。
salt中如何使用jinja2:https://docs.saltstack.com/en/latest/topics/jinja/index.html
需求:批量把httpd 0.0.0.0:80 改成9090端口或者本机IP:PORT方式 每个主机IP都不一样的啊。
1.1 告诉File模块,你要使用jinja、指定参数
lamp-install: pkg.installed: - pkgs: - httpd - php - php-pdo - php-mysql apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://web/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja - defaults : PORT: 9090 - require: - pkg: lamp-install apache-auth: pkg.installed: - name: httpd-tools - require_in: - cmd: apache-auth cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin - unless: test -f /etc/httpd/conf/htpasswd_file apache-conf: file.recurse: - name: /etc/httpd/conf.d - source: salt://web/files/apache-conf.d - watch_in: - service: lamp-service /etc/php.ini: file.managed: - source: salt://web/files/php.ini - user: root - group: root - mode: 644 - watch_in: - service: lamp-service lamp-service: service.running: - name: httpd - enable: True - reload: True - watch: - file: apache-config
1.2 模板引用
files/httpd.conf配置文件引用如下
1.3 执行、测试
执行前
1.4 支持grains赋值
lamp-install: pkg.installed: - pkgs: - httpd - php - php-pdo - php-mysql apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://web/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja - defaults : PORT: 9090 IPADDR: {{ grains['fqdn_ip4'][0] }} - require: - pkg: lamp-install apache-auth: pkg.installed: - name: httpd-tools - require_in: - cmd: apache-auth cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin - unless: test -f /etc/httpd/conf/htpasswd_file apache-conf: file.recurse: - name: /etc/httpd/conf.d - source: salt://web/files/apache-conf.d - watch_in: - service: lamp-service /etc/php.ini: file.managed: - source: salt://web/files/php.ini - user: root - group: root - mode: 644 - watch_in: - service: lamp-service lamp-service: service.running: - name: httpd - enable: True - reload: True - watch: - file: apache-config
1.5 支持pillar变量
例如通过pillar批量分组修改http端口
设置好pillar分组
#install.sls {% if grains['fqdn'] == 'test-tms' %} webserver: httpd http_port: 8081 {% elif grains['fqdn'] == 'test-mall' %} webserver: nginx http_port: 8082 {% else %} webserver: NOT-httpd-nginx {% endif %}
#刷新 salt 'test*' saltutil.refresh_pillar
取得pillar-value分组进行更新
#lnmp.sls lamp-install: pkg.installed: - pkgs: - httpd - php - php-pdo - php-mysql apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://web/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja - defaults : PORT: {{ pillar['http_port'] }} IPADDR: {{ grains['fqdn_ip4'][0] }} - require: - pkg: lamp-install apache-auth: pkg.installed: - name: httpd-tools - require_in: - cmd: apache-auth cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin - unless: test -f /etc/httpd/conf/htpasswd_file apache-conf: file.recurse: - name: /etc/httpd/conf.d - source: salt://web/files/apache-conf.d - watch_in: - service: lamp-service /etc/php.ini: file.managed: - source: salt://web/files/php.ini - user: root - group: root - mode: 644 - watch_in: - service: lamp-service lamp-service: service.running: - name: httpd - enable: True - reload: True - watch: - file: apache-config
http.conf变量设置
测试
salt -E 'test-mall|test-tms' state.sls web.lnmp
