1.Saltstack之Salt SSH
官方文档链接:https://docs.saltstack.com/en/latest/topics/ssh/index.html
1.1安装Salt SSH
#安装Salt SSH [root@linux-node1 ~]# yum install -y salt-ssh #salt记录目标地址的配置文件 [root@linux-node1 ~]# cd /etc/salt/ [root@linux-node1 salt]# ll total 72 -rw-r----- 1 root root 344 Feb 5 2016 roster #编辑配置文件 [root@linux-node1 salt]# vim roster linux-node1: host: 118.190.201.11 user: root passwd: 123456 prot: 22 linux-node2: host: 118.190.201.12 user: root passwd: 123456 prot: 22
1.2验证Salt SSH命令
[root@linux-node1 ~]# salt-ssh '*' test.ping -i #参数-i不用输入yes linux-node1: True linux-node2: True [root@linux-node1 ~]# salt-ssh '*' -r 'uptime' #参数-r后接命令 linux-node1: ---------- retcode: 0 stderr: stdout: root@118.190.201.11's password: 06:35:38 up 1 day, 1:39, 2 users, load average: 0.17, 0.09, 0.06 linux-node2: ---------- retcode: 0 stderr: stdout: root@118.190.201.12's password: 06:31:31 up 1 day, 1:35, 1 user, load average: 0.00, 0.01, 0.05
1.3在使用Salt SSH命令后不进行交互
#配置如下
[root@linux-node1 ~]# vim /root/.ssh/config
StrictHostKeyChecking no
2.Saltstack配置管理
#执行Salt状态 [root@linux-node1 ~]# cd /srv/salt/base/web/ [root@linux-node1 web]# ll total 4 -rw-r--r-- 1 root root 158 Oct 17 10:34 apache.sls [root@linux-node1 ~]# salt '*' state.highstate #状态文件 [root@linux-node1 base]# cat /srv/pillar/base/apache.sls {% if grains['os'] == 'CentOS' %} apache: httpd {% elif grains['os'] == 'Debian' %} apache: httpd {% endif %} [root@linux-node1 base]# cat /srv/salt/base/web/apache.sls apache-install: pkg.installed: - name: {{ pillar['apache'] }} apache-service: service.running: - name: {{ pillar['apache'] }} - enable: True
2.1编写状态文件
[root@linux-node1 base]# cd /srv/salt/base/web/ [root@linux-node1 web]# mv apache.sls apache2.sls [root@linux-node1 web]# vim apache.sls apache: #ID申明,全局唯一,在所有环境唯一,总的一个ID,每个模块只能用一次 pkg.installed: #pkg状态模块,然后.一个引用关系,installed是指这个模块里面有一个方法 - name: httpd #回车代表一个层级结构,name可以理解为installed的一个参数 service.running: #service状态模块,running方法 - name: httpd file.managed: #状态模块 - name: /etc/httpd/conf/httpd.conf #name文件模块代表文件的路径 - source: salt://apache/files/httpd.conf #source这个文件从哪来的,冒号后面必须有空格除了表示路径 - user: root #文件用户 - group: root #组 - mode: 644 #权限 #第二种配置文件方式 [root@linux-node1 ~]# vim /srv/salt/base/web/apache1.sls apache-install: pkg.installed: - name: httpd apache-service: service.runing: -name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 #单独管理每一个文件 [root@linux-node1 ~]# vim /srv/salt/base/web/apache.sls apache: pkg.installed: - name: httpd service.runing: - name: httpd /etc/httpd/conf/httpd.conf: file.managed: - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 /etc/httpd/conf/php.conf: #这个写法没有name,没写name的时候id就是name file.managed: - source: salt://apache/files/php.conf - user: root - group: root - mode: 644
2.2Salt自动化部署LAMP架构
1.需要提前准备工作:1.软件包 2.配置文件 3.服务 (pkg.installed/file.managd/service.runing)
(1).需要安装包:(httpd/php/mysql/MySQL-server/php-mysql/php-pdo/php-cli)(手动跑一遍)
(2).需要管理的配置文件:/etc/httpd/conf/httpd.conf,/etc/php.ini
(3).需要管理服务:httpd,MySQL
#首先,手动测试一遍 [root@linux-node1 ~]# yum install -y httpd php mysql mysql-server php-mysql php-pdo php-cli #需要管理的配置文件 /etc/httpd/conf/httpd.conf,/etc/php.ini
配置管理文件模块的官网链接:https://docs.saltstack.com/en/latest/ref/states/all/salt.states.file.html#module-salt.states.file
2.2.1组织LAMP的目录结构
[root@linux-node1 ~]# cd /srv/salt/prod/ [root@linux-node1 prod]# tree . 0 directories, 0 files [root@linux-node1 prod]# mkdir apache php mysql [root@linux-node1 prod]# tree . ├── apache ├── mysql └── php 3 directories, 0 files #进入到apache目录,编写状态模块 [root@linux-node1 prod]# cd apache/ [root@linux-node1 apache]# vim apache.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf #salt://指的环境的根路径 /srv/salt/prod/ - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True #创建source相对目录 [root@linux-node1 apache]# mkdir files [root@linux-node1 apache]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── apache.sls │ │ └── top.sls │ └── prod └── salt ├── base │ ├── top.sls │ └── web │ ├── apache1.sls │ ├── apache2.sls │ └── apache.sls ├── dev ├── prod │ ├── apache │ │ ├── apache.sls │ │ └── files │ ├── mysql │ └── php └── test 13 directories, 7 files #拷贝配置文件到files目录 [root@linux-node1 files]# cd files/ [root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf . [root@linux-node1 files]# ll total 12 -rw-r--r-- 1 root root 11753 Oct 18 14:32 httpd.conf #测试状态 [root@linux-node1 apache]# salt 'linux-node1*' state.sls apache.apache linux-node1.example.com: Data failed to compile: ---------- No matching sls found for 'apache.apache' in env 'base' ERROR: Minions returned with non-zero exit code #报错:在环境base目录下没有找到apache目录下的apache.sls文件,因为不加saltenv参数默认在base下寻找 [root@linux-node1 apache]# salt 'linux-node1*' state.sls apache.apache saltenv=prod ........省略部分....... Summary ------------ Succeeded: 3 Failed: 0 ------------ Total states run: 3 #编写PHP配置文件 [root@linux-node1 ~]# cd /srv/salt/prod/apache/ [root@linux-node1 apache]# mv apache.sls init.sls [root@linux-node1 apache]# cd .. [root@linux-node1 prod]# cd php/ [root@linux-node1 php]# mkdir files #创建存放文件目录 [root@linux-node1 php]# vim init.sls php-install: pkg.installed: - pkgs: - php - php-pdo - php-mysql php-config: file.managed: - name: /etc/php.ini - source: salt://php/files/php.ini - user: root - group: root - mode: 644 #拷贝文件到files目录下 [root@linux-node1 php]# cd files/ [root@linux-node1 files]# cp /etc/php.ini . [root@linux-node1 files]# cd .. [root@linux-node1 php]# cd .. [root@linux-node1 prod]# tree . ├── apache │ ├── files │ │ └── httpd.conf │ └── init.sls ├── mysql └── php ├── files │ └── php.ini └── init.sls 5 directories, 4 files #编写MySQL状态文件 [root@linux-node1 mysql]# vim init.sls mysql-install: pkg.installed: - pkgs: - mariadb - mariadb-server mysql-config: file.managed: - name: /etc/my.conf - source: salt://mysql/files/my.cnf - user: root - group: root - mode: 644 mysql-service: service.running: - name: mariadb - enable: True #拷贝配置文件到files目录下 [root@linux-node1 mysql]# mkdir files [root@linux-node1 mysql]# cd files/ [root@linux-node1 files]# cp /etc/my.cnf . [root@linux-node1 files]# cd .. [root@linux-node1 mysql]# cd .. [root@linux-node1 prod]# tree . ├── apache │ ├── files │ │ └── httpd.conf │ └── init.sls ├── mysql │ ├── files │ │ └── my.cnf │ └── init.sls └── php ├── files │ └── php.ini └── init.sls 6 directories, 6 files #运行测试 [root@linux-node1 ~]# salt -S '118.190.201.11' state.sls php.init saltenv=prod ##参数-S指定IP地址 ....省略部分..... Summary ------------ Succeeded: 2 Failed: 0 ------------ Total states run: 2 [root@linux-node1 ~]# salt -S '118.190.201.11' state.sls mysql.init saltenv=prod ......省略部分....... Summary ------------ Succeeded: 3 (changed=2) Failed: 0 ------------ Total states run: 3 #目录结构 [root@linux-node1 ~]# tree /srv/salt/prod /srv/salt/prod ├── apache │ ├── files │ │ └── httpd.conf │ └── init.sls ├── mysql │ ├── files │ │ └── my.cnf │ └── init.sls └── php ├── files │ └── php.ini └── init.sls 6 directories, 6 files
2.2.2配置在某台PC上安装LAMP环境
#利用top_file文件进行匹配 [root@linux-node1 ~]# cd /srv/salt/base/ [root@linux-node1 base]# vim top.sls base: ##base目录 'os:CentOS': - match: grain - web.apache prod: ##prod目录 'linux-node1.example.com': - apache.init - php.init - mysql.init [root@linux-node1 ~]# salt 'linux-node1*' state.highstate #执行出错,解决如下 [root@linux-node1 ~]# cd /srv/salt/base/web [root@linux-node1 web]# mkdir files [root@linux-node1 web]# vim apache.sls apache: pkg.installed: - name: httpd service.running: - name: httpd /etc/httpd/conf/httpd.conf: file.managed: - source: salt://web/files/httpd.conf - user: root - group: root - mode: 644 /etc/php.ini: file.managed: - source: salt://web/files/php.ini - user: root - group: root - mode: 644 [root@linux-node1 web]# cd files/ [root@linux-node1 files]# cp /etc/httpd/conf/httpd.conf . [root@linux-node1 files]# cp /etc/php.ini . [root@linux-node1 ~]# salt 'linux-node1*' state.highstate ......省略部分...... Summary ------------- Succeeded: 12 Failed: 0 ------------- Total states run: 12
2.3状态之间的关系
2.3.1如何进行引用
#目录结构 [root@linux-node1 ~]# tree /srv/ /srv/ ├── pillar │ ├── base │ │ ├── apache.sls │ │ └── top.sls │ └── prod └── salt ├── base │ ├── top.sls │ └── web │ ├── apache1.sls │ ├── apache2.sls │ ├── apache.sls │ └── files │ ├── httpd.conf │ └── php.ini ├── dev ├── prod │ ├── apache │ │ ├── files │ │ │ └── httpd.conf │ │ └── init.sls │ ├── mysql │ │ ├── files │ │ │ └── my.cnf │ │ └── init.sls │ └── php │ ├── files │ │ └── php.ini │ └── init.sls ├── prod.zip └── test 16 directories, 15 files #top_file文件状态 [root@linux-node1 base]# cat top.sls base: 'os:CentOS': - match: grain - web.apache prod: 'linux-node1.example.com': - apache.init - php.init - mysql.init
2.3.2状态之间的引用include,官网链接:https://docs.saltstack.com/en/latest/topics/tutorials/states_pt3.html
[root@linux-node1 ~]# cd /srv/salt/prod/
[root@linux-node1 prod]# vim lamp.sls
include:
- apache.init
- php.init
- mysql.init
[root@linux-node1 prod]# vim ../base/top.sls
base:
'os:CentOS':
- match: grain
- web.apache
prod:
'linux-node1.example.com':
- lamp
[root@linux-node1 ~]# salt -S '118.190.201.11' state.highstate
.......省略.......
Summary
-------------
Succeeded: 12
Failed: 0
-------------
Total states run: 12
2.3.3扩展模块extend
#特殊需求node1需要安装php-mbstring的包,其它节点不需要 需要对lamp进行扩展 [root@linux-node1 ~]# cd /srv/salt/prod/ [root@linux-node1 prod]# vim lamp.sls include: - apache.init - php.init - mysql.init extend: php-install: pkg.installed: - name: php-mbstring
2.3.4依赖模块require
#需求上一件事情做完,再做下一件事情(配置成功才执行启动) [root@linux-node1 prod]# vim /srv/salt/prod/apache/init.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd1.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - require: #require与service.running方法是同级的 - pkg: apache-install - file: apache-config #需要依赖的模块是file,后面跟上名字 [root@linux-node1 ~]# salt -S '118.190.201.11' state.highstate .......省略部分........ Summary ------------ Succeeded: 9 Failed: 2 ------------ Total states run: 11
2.3.5被依赖模块require_in
#require_in我被谁依赖 [root@linux-node1 prod]# vim /srv/salt/prod/apache/init.sls apache-install: pkg.installed: - name: httpd - require_in: - service: apache-service apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - require_in: - service: apache-service apache-service: service.running: - name: httpd - enable: True
2.3.6服务模块引用watch参数
#继续调用init.sls [root@linux-node1 apache]# cd /srv/salt/prod/apache/ [root@linux-node1 apache]# mv init2.sls init_require.sls [root@linux-node1 apache]# cp init.sls init_require_in.sls #watch同时用于require的功能 [root@linux-node1 apache]# vim init.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 apache-service: service.running: - name: httpd - enable: True - reload: True #有reload参数就重载,没有就重启 - watch: #watch参数 - file: apache-config #如果这个配置文件发生变化就重启 #修改apache的配置文件进行测试 [root@linux-node1 files]# vim /srv/salt/prod/apache/files/httpd.conf ........随便添加一行........ #init.conf [root@linux-node1 ~]# salt -S '118.190.201.11' state.highstate ......省略部分....... Summary ------------- Succeeded: 11 (changed=2) Failed: 0 ------------- Total states run: 11 #同样拥有watch_in参数 apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - watch_in: - service: apache-service
2.4状态之间的条件判断
需求给node1:118.190.201.11/admin服务器加一个验证的功能
[root@linux-node1 ~]# cd /var/www/html/ [root@linux-node1 html]# mkdir admin [root@linux-node1 html]# cd admin/ [root@linux-node1 admin]# vim index.html confing_files:/etc/httpd.conf
[root@linux-node1 ~]# cd /srv/salt/prod/apache/files/
[root@linux-node1 files]# vim httpd.conf
<Directory "/var/www/html/admin">
AllowOverride All
Order allow,deny
Allow from all
AuthType Basic
AuthName "hehe"
AuthUserFile /etc/httpd/conf/htpasswd_file
Require user admin
</Directory>
#创建授权文件
[root@linux-node1 apache]# cat init.sls
apache-install:
pkg.installed:
- name: httpd
apache-config:
file.managed:
- name: /etc/httpd/conf/httpd.conf
- source: salt://apache/files/httpd.conf
- user: root
- group: root
- mode: 644
- watch_in:
- service: apache-service
apache-auth:
pkg.installed:
- name: httpd-tools
cmd.run:
- name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin
- unless: test -f /etc/httpd/conf/htpasswd_file #unless参数的作用是如果这个条件不成立就执行htpasswd
apache-service:
service.running:
- name: httpd
- enable: True
- reload: True
[root@linux-node1 ~]# salt -S '118.190.201.11' state.highstate
........省略部分........
Summary
-------------
Succeeded: 13 (changed=4)
Failed: 0
-------------
Total states run: 13
#注释top.sls的base状态防止冲突
[root@linux-node1 base]# pwd
/srv/salt/base
[root@linux-node1 base]# cat top.sls
#base:
# 'os:CentOS':
# - match: grain
# - web.apache
prod:
'linux-node1.example.com':
- lamp
2.5配置管理jinja2模板
需求:需要apache配置文件里面监听的是每个minion本地的IP地址
实现思路:1.配置文件里监听的地址是每个minion的地址(配置文件不同)笨办法:写两状态-两台机器 2.编写模板,模板里有多个变量, 每个变量是可被替换的,salt的默认模板是jinja2 文档http://jinja.pocoo.org/docs/2.10/
默认的Jinja分隔符配置如下:
{% ... %}对于声明{{ ... }}对于表达式打印到模板输出{# ... #}for Comments不包含在模板输出中# ... ##对于行语句
#编写apache配置文件使用模板的形式 [root@linux-node1 apache]# cd files/ [root@linux-node1 files]# vim httpd.conf Listen {{ IPADDR }}:{{ PORT }} #两个大括号包起来中间是变量的名称,或者###Listen {{ grains['fqdn_ip4'][0] }}:{{ PORT }}删除init.sls里的IPADDR状态 #grains获取各个minion的IP地址 [root@linux-node1 ~]# salt '*' grains.item fqdn_ip4 linux-node1.example.com: ---------- fqdn_ip4: - 118.190.201.11 linux-node2.example.com: ---------- fqdn_ip4: - 118.190.201.12 #接着在apache/init.sls文件配置变量IPADDR IPADDR: {{ grains['fqdn_ip4'][0] }} #如何区分它是一个模板 [root@linux-node1 base]# cd /srv/salt/prod/apache/ [root@linux-node1 apache]# cat init.sls apache-install: pkg.installed: - name: httpd apache-config: file.managed: - name: /etc/httpd/conf/httpd.conf - source: salt://apache/files/httpd.conf - user: root - group: root - mode: 644 - template: jinja #告诉apache/files/httpd.conf这个文件是一个模板 - defaults: PORT: 80 #里面有两个变量分别是端口和地址 IPADDR: {{ grains['fqdn_ip4'][0] }} #返回的是一个列表取列表里的第一个值使用[0],同样也可以写在配置文件里面 - watch_in: - service: apache-service apache-auth: pkg.installed: - name: httpd-tools cmd.run: - name: htpasswd -bc /etc/httpd/conf/htpasswd_file admin admin - unless: test -f /etc/httpd/conf/htpasswd_file apache-service: service.running: - name: httpd - enable: True - reload: True #在node1节点执行 [root@linux-node1 ~]# salt 'linux-node1*' state.highstate ........省略部分........ Summary ------------- Succeeded: 10 (changed=2) Failed: 0 ------------- Total states run: 10 #在node2上也同时安装 [root@linux-node1 ~]# vim /srv/salt/base/top.sls #base: # 'os:CentOS': # - match: grain # - web.apache prod: 'linux-node*.example.com': - lamp [root@linux-node1 ~]# salt '*' state.highstate Summary ------------- Succeeded: 10 (changed=6) Failed: 0 ------------- Total states run: 10
如无特殊说明,文章均为本站原创,转载请注明出处
- 转载请注明来源:自动化运维之二Saltstack之配置管理
- 本文永久链接地址:https://www.xionghaier.cn/archives/872.html
该文章由 John 发布
